kubernetes-平台日志收集(ELK)

使用ELK Stack收集Kubernetes平台中日志与可视化

  • K8S系统的组件日志
  • K8S Cluster里面部署的应用程序日志

日志系统:

ELK安装
安装jdk
[[email protected] ~]# yum install java-1.8.0-openjdk
[[email protected] ~]# java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)

安装elk组件
[[email protected] ~]# yum install elasticsearch logstash kibana
启动es
[[email protected] ~]# systemctl start elasticsearch

启动kibana
[[email protected] ~]# vim /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
[[email protected] ~]# systemctl start kibana

启动logstash
[[email protected] ~]# cat /etc/logstash/conf.d/logstash-to-es.conf
input {  beats {    port => 5044  }}

filter {}

output {    if [app] == "www" {    if [type] == "nginx-access" {         elasticsearch {        hosts => ["http://127.0.0.1:9200"]        index => "nginx-access-%{+YYYY.MM.dd}"             }    }    else if [type] == "nginx-error" {        elasticsearch {                hosts => ["http://127.0.0.1:9200"]                index => "nginx-error-%{+YYYY.MM.dd}"             }    }        else if [type] == "tomcat-catalina" {            elasticsearch {                hosts => ["http://127.0.0.1:9200"]                index => "tomcat-catalina-%{+YYYY.MM.dd}"             }        }    }        else if [app] == "k8s" {        if [type] == "module" {        elasticsearch {            hosts => ["http://127.0.0.1:9200"]            index => "k8s-log-%{+YYYY.MM.dd}"        }        }        }    stdout { codec => rubydebug }}
[[email protected] ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-to-es.conf

启动收集日志的容器(filebeat)

[[email protected] elk]# cat k8s-logs.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: k8s-logs-filebeat-config
  namespace: kube-system 

data:
  filebeat.yml: |-
    filebeat.prospectors:
      - type: log
        paths:
          - /messages
        fields:
          app: k8s
          type: module
        fields_under_root: true

    output.logstash:
      hosts: [‘192.168.0.225:5044‘]

---

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: k8s-logs
  namespace: kube-system
spec:
  selector:
    matchLabels:
      project: k8s
      app: filebeat
  template:
    metadata:
      labels:
        project: k8s
        app: filebeat
    spec:
      containers:
      - name: filebeat
        image: docker.elastic.co/beats/filebeat:6.4.2
        args: [
          "-c", "/etc/filebeat.yml",
          "-e",
        ]
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 500m
            memory: 500Mi
        securityContext:
          runAsUser: 0
        volumeMounts:
        - name: filebeat-config
          mountPath: /etc/filebeat.yml
          subPath: filebeat.yml
        - name: k8s-logs
          mountPath: /messages
      volumes:
      - name: k8s-logs
        hostPath:
          path: /var/log/messages
          type: File
      - name: filebeat-config
        configMap:
          name: k8s-logs-filebeat-config

[[email protected] elk]# kubectl apply -f k8s-logs.yaml
configmap/k8s-logs-filebeat-config created
[[email protected] elk]# kubectl get pod -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
alertmanager-6b5bbd5bd4-lgjn8           2/2     Running   0          7d4h
coredns-5b8c57999b-z9jh8                1/1     Running   1          28d
grafana-0                               1/1     Running   3          10d
k8s-logs-b6f4v                          1/1     Running   0          6m30s
k8s-logs-lz5pn                          1/1     Running   0          6m30s
k8s-logs-pj8kj                          1/1     Running   0          6m30s
kube-state-metrics-f86fd9f4f-j4rdc      2/2     Running   0          7d7h
kubernetes-dashboard-644c96f9c6-bvw8w   1/1     Running   1          28d
prometheus-0                            2/2     Running   0          7d3h

访问kibana,添加index

容器中的日志怎么收集


方式
优点
缺点

方案一:Node上部署一个日志收集程序
每个Node仅需部署一个日志收集程序,资源消耗少,对应用无侵入
应用程序日志需要写到标准输出和标准错误输出,不支持多行日志

方案二:Pod中附加专用日志收集的容器
低耦合
每个Pod启动一个日志收集代理,增加资源消耗,并增加运维维护成本

方案三:应用程序直接推送日志
无需额外收集工具
浸入应用,增加应用复杂度
方案二示例:Pod中附加专用日志收集的容器

nginx日志收集

[[email protected] elk]# cat filebeat-nginx-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-nginx-config
  namespace: test

data:
  filebeat.yml: |-
    filebeat.prospectors:
      - type: log
        paths:
          - /usr/local/nginx/logs/access.log
        # tags: ["access"]
        fields:
          app: www
          type: nginx-access
        fields_under_root: true

      - type: log
        paths:
          - /usr/local/nginx/logs/error.log
        # tags: ["error"]
        fields:
          app: www
          type: nginx-error
        fields_under_root: true

    output.logstash:
      hosts: [‘192.168.0.225:5044‘]
[[email protected] elk]# kubectl apply -f filebeat-nginx-configmap.yaml
configmap/filebeat-nginx-config unchanged

[[email protected] elk]# cat nginx-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: php-demo
  namespace: test
spec:
  replicas: 3
  selector:
    matchLabels:
      project: www
      app: php-demo
  template:
    metadata:
      labels:
        project: www
        app: php-demo
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: nginx
        image: 192.168.0.223/project/nginx:v1
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: web
          protocol: TCP
        resources:
          requests:
            cpu: 0.5
            memory: 256Mi
          limits:
            cpu: 1
            memory: 1Gi
        resources:
          requests:
            cpu: 0.5
            memory: 256Mi
          limits:
            cpu: 1
            memory: 1Gi
        livenessProbe:
          httpGet:
            path: /status.php
            port: 80
          initialDelaySeconds: 6
          timeoutSeconds: 20
        volumeMounts:
        - name: nginx-logs
          mountPath: /usr/local/nginx/logs

      - name: filebeat
        image: docker.elastic.co/beats/filebeat:6.4.2
        args: [
          "-c", "/etc/filebeat.yml",
          "-e",
        ]
        resources:
          limits:
            memory: 500Mi
          requests:
            cpu: 100m
            memory: 100Mi
        securityContext:
          runAsUser: 0
        volumeMounts:
        - name: filebeat-config
          mountPath: /etc/filebeat.yml
          subPath: filebeat.yml
        - name: nginx-logs
          mountPath: /usr/local/nginx/logs

      volumes:
      - name: nginx-logs
        emptyDir: {}
      - name: filebeat-config
        configMap:
          name: filebeat-nginx-config
[[email protected] elk]# kubectl apply -f nginx-deployment.yaml
deployment.apps/php-demo configured

tomcat日志收集

[[email protected] elk]# cat filebeat-tomcat-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
  namespace: test

data:
  filebeat.yml: |-
    filebeat.prospectors:
    - type: log
      paths:
        - /usr/local/tomcat/logs/catalina.*
      # tags: ["tomcat"]
      fields:
        app: www
        type: tomcat-catalina
      fields_under_root: true
      multiline:
        pattern: ‘^\[‘
        negate: true
        match: after
    output.logstash:
      hosts: [‘192.168.0.225:5044‘]
[[email protected] elk]# kubectl apply -f filebeat-tomcat-configmap.yaml
configmap/filebeat-config created

[[email protected] elk]# cat tomcat-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: tomcat-java-demo
  namespace: test
spec:
  replicas: 3
  selector:
    matchLabels:
      project: www
      app: java-demo
  template:
    metadata:
      labels:
        project: www
        app: java-demo
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: tomcat
        image: 192.168.0.223/project/tomcat-java-demo:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
          name: web
          protocol: TCP
        resources:
          requests:
            cpu: 0.5
            memory: 1Gi
          limits:
            cpu: 1
            memory: 2Gi
        livenessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 20
        readinessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 60
          timeoutSeconds: 20
        volumeMounts:
        - name: tomcat-logs
          mountPath: /usr/local/tomcat/logs

      - name: filebeat
        image: docker.elastic.co/beats/filebeat:6.4.2
        args: [
          "-c", "/etc/filebeat.yml",
          "-e",
        ]
        resources:
          limits:
            memory: 500Mi
          requests:
            cpu: 100m
            memory: 100Mi
        securityContext:
          runAsUser: 0
        volumeMounts:
        - name: filebeat-config
          mountPath: /etc/filebeat.yml
          subPath: filebeat.yml
        - name: tomcat-logs
          mountPath: /usr/local/tomcat/logs
      volumes:
      - name: tomcat-logs
        emptyDir: {}
      - name: filebeat-config
        configMap:
          name: filebeat-config
[[email protected] elk]# kubectl apply -f tomcat-deployment.yaml
deployment.apps/tomcat-java-demo created

原文地址:https://www.cnblogs.com/yuezhimi/p/11081093.html

时间: 2024-11-10 05:29:53

kubernetes-平台日志收集(ELK)的相关文章

Spring Boot 两步集成 日志收集ELK与分布式系统监控CAT

日志收集ELK与分布式系统监控CAT Spring Boot项目集成方法 一. pom.xml引入starter依赖 <dependency> <groupId>com.louis</groupId> <artifactId>ylog-spring-boot-starter</artifactId> <version>0.0.1-SNAPSHOT</version> </dependency> 二. boots

k8s集群之日志收集EFK架构

参考文档 http://tonybai.com/2017/03/03/implement-kubernetes-cluster-level-logging-with-fluentd-and-elasticsearch-stack/ https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch https://t.goodrain.com/t/k8s/242 http://logz

Kubernetes运维之使用ELK Stack收集K8S平台日志

kubernetes运维之使用elk Stack收集k8s平台日志目录: 收集哪些日志 elk Stack日志方案 容器中的日志怎么收集 k8S平台中应用日志收集 一.收集哪些日志 ? k8s系统的组件日志 比如kubectl get cs下面的组件 master节点上的controller-manager,scheduler,apiservernode节点上的kubelet,kube-proxy? k8s Cluster里面部署的应用程序日志 标准输出 日志文件elk Stack日志方案,改怎

Kubernetes实战之部署ELK Stack收集平台日志

主要内容 1 ELK概念 2 K8S需要收集哪些日志 3 ELK Stack日志方案 4 容器中的日志怎么收集 5 K8S平台中应用日志收集 准备环境 一套正常运行的k8s集群,kubeadm安装部署或者二进制部署即可 ip地址 角色 备注 192.168.73.136 nfs 192.168.73.138 k8s-master 192.168.73.139 k8s-node01 192.168.73.140 k8s-node02 1 ELK 概念 ELK是Elasticsearch.Logst

ELK+Kafka 企业日志收集平台(一)

背景: 最近线上上了ELK,但是只用了一台Redis在中间作为消息队列,以减轻前端es集群的压力,Redis的集群解决方案暂时没有接触过,并且Redis作为消息队列并不是它的强项:所以最近将Redis换成了专业的消息信息发布订阅系统Kafka, Kafka的更多介绍大家可以看这里:传送门  ,关于ELK的知识网上有很多的哦, 此篇博客主要是总结一下目前线上这个平台的实施步骤,ELK是怎么跟Kafka结合起来的.好吧,动手! ELK架构拓扑: 然而我这里的整个日志收集平台就是这样的拓扑: 1,使用

结合Docker快速搭建ELK日志收集分析平台

结合Docker快速搭建ELK日志收集分析平台 2017-03-27 09:39 阅读 172 评论 0 作者:马哥Linux运维-Eason ELK Stack ELK (Elasticsearch + Logstash + Kibana),是一个开源的日志收集平台,用于收集各种客户端日志文件在同一个平台上面做数据分析. Introduction Elasticsearch, 基于json分析搜索引擎Logstash, 动态数据收集管道Kibana, 可视化视图将elasticsearh所收集

ELK:日志收集分析平台

目录 简介 环境说明 Filebeat 部署 web上采集配置文件 app上采集配置文件 Redis 部署 配置文件 Logstash 部署 Elasticsearch 集群部署 配置文件 Kibana 部署 参考文档 简介 ELK是一个日志收集分析的平台,它能收集海量的日志,并将其根据字段切割.一来方便供开发查看日志,定位问题:二来可以根据日志进行统计分析,通过其强大的呈现能力,挖掘数据的潜在价值,分析重要指标的趋势和分布等,能够规避灾难和指导决策等.ELK是Elasticsearch公司出品

ELK Stack 企业级日志收集平台

一.ELK Stack介绍 大型项目,多产品线的日志收集 ,分析平台 为什么用ELK? 1.开发人员排查问题,服务器上查看权限 2.项目多,服务器多,日志类型多 数据源--->logstash--->elasticsearch--->kibana elasticsearch:分布式数据库 logstash:服务器端数据处理管道,可以同时接受多个来源采集数据.转换数据,将数据储存到数据库中 kibana:数据可视化 beats:轻量级采集器,从边缘采集数据到elasticsearch和lo

FILEBEAT+ELK日志收集平台搭建流程

filebeat+elk日志收集平台搭建流程 1.         整体简介: 模式:单机 平台:Linux - centos - 7 ELK:elasticsearch.logstash.kibana三款开源软件的集合. FILEBEAT:代替logstash的采集功能,轻量.耗用小. 目前收集的有nginx日志.java日志[单行|多行]. 都是通过在客户端的生成日志配置文件中定义好初步json格式,然后利用filebeat采集到logstash,存储到elasticsearch,最后通过k

ELK日志收集平台部署

需求背景 一位朋友的公司研发最近有一些苦恼.由于他们公司的后台服务有三台,每当后台服务运行异常,需要看日志排查错误的时候,都必须开启3个ssh端口进行查看,研发们觉得很不方便,于是便有了统一日志收集与查看的需求. 这里,我用ELK集群,通过收集三台后台服务的日志,再统一进行日志展示,实现了这一需求. 当然,当前只是进行了简单的日志采集,如果后期相对某些日志字段进行分析,则可以通过logstash以及Kibana来实现. 部署环境 系统:CentOS 7 软件: elasticsearch-6.1