k8s日志收集方案
k8s日志收集方案
三种收集方案的优缺点:
下面我们就实践第二种日志收集方案:
一、安装ELK
下面直接采用yum的方式安装ELK(源码包安装参考:https://www.cnblogs.com/Dev0ps/p/9309103.html)
1.安装jdk
1 | yum install -y java |
2.添加ELK源
1 2 3 4 5 6 7 8 9 10 | cat << EOF >>/etc/yum.repos.d/logstash.repo[logstash-7.x]name=Elastic repository for 7.x packagesbaseurl=https://artifacts.elastic.co/packages/7.x/yumgpgcheck=1gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearchenabled=1autorefresh=1type=rpm-mdEOF |
3.安装ELK组件
1 | yum install elasticsearch logstash kibana -y |
4.修改kibana的配置文件
1 2 3 4 | [root@master ~]# grep -Ev '^$|^#' /etc/kibana/kibana.ymlserver.port: 5601server.host: "0.0.0.0"elasticsearch.hosts: ["http://localhost:9200"] |
5.启动服务
1 2 | systemctl start elasticsearchsystemctl start kibana |
二、收集k8s的日志
1.添加logstash配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | input { beats { port => 5044 }}filter {}output { if [app] == "k8s" { if [type] == "module" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "k8s-log-%{+YYYY.MM.dd}" } } }} |
2.启动logstash
1 | /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-to-es.conf & |
3.创建filebeat的yaml文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | [root@master logs]# cat k8s-logs.yamlapiVersion: v1kind: ConfigMapmetadata: name: k8s-logs-filebeat-config namespace: kube-system data: filebeat.yml: |- filebeat.prospectors: - type: log paths: - /messages fields: app: k8s type: module fields_under_root: true output.logstash: hosts: ['172.31.182.140:5044']---apiVersion: apps/v1kind: DaemonSetmetadata: name: k8s-logs namespace: kube-systemspec: selector: matchLabels: project: k8s app: filebeat template: metadata: labels: project: k8s app: filebeat spec: containers: - name: filebeat image: docker.elastic.co/beats/filebeat:6.4.2 args: [ "-c", "/etc/filebeat.yml", "-e", ] resources: requests: cpu: 100m memory: 100Mi limits: cpu: 500m memory: 500Mi securityContext: runAsUser: 0 volumeMounts: - name: filebeat-config mountPath: /etc/filebeat.yml subPath: filebeat.yml - name: k8s-logs mountPath: /messages volumes: - name: k8s-logs hostPath: path: /var/log/messages type: File - name: filebeat-config configMap: name: k8s-logs-filebeat-config |
4.创建pod
1 | kubectl apply -f k8s-logs.yaml |
5.kibana添加索引
三、收集nginx日志
1.创建nginx-deployment
默认的日志路径为:/var/log/nginx/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | [root@master logs]# cat nginx-deployment.yamlapiVersion: apps/v1beta1kind: Deploymentmetadata: name: nginx-demo# namespace: testspec: replicas: 3 selector: matchLabels: project: www app: www template: metadata: labels: project: www app: www spec: imagePullSecrets: - name: registry-pull-secret containers: - name: nginx image: nginx:latest imagePullPolicy: Always ports: - containerPort: 80 name: web protocol: TCP resources: requests: cpu: 0.5 memory: 256Mi limits: cpu: 1 memory: 1Gi resources: requests: cpu: 0.5 memory: 256Mi limits: cpu: 1 memory: 1Gi livenessProbe: httpGet: path: /index.html port: 80 initialDelaySeconds: 6 timeoutSeconds: 20 volumeMounts: - name: nginx-logs mountPath: /var/log/nginx/ - name: filebeat image: docker.elastic.co/beats/filebeat:6.4.2 args: [ "-c", "/etc/filebeat.yml", "-e", ] resources: limits: memory: 500Mi requests: cpu: 100m memory: 100Mi securityContext: runAsUser: 0 volumeMounts: - name: filebeat-config mountPath: /etc/filebeat.yml subPath: filebeat.yml - name: nginx-logs mountPath: /var/log/nginx/ volumes: - name: nginx-logs emptyDir: {} - name: filebeat-config configMap: name: filebeat-nginx-config |
2.创建filebest收集日志
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | [root@master logs]# cat filebeat-nginx-configmap.yamlapiVersion: v1kind: ConfigMapmetadata: name: filebeat-nginx-config# namespace: test data: filebeat.yml: |- filebeat.prospectors: - type: log paths: - /var/log/nginx/access.log # tags: ["access"] fields: app: www type: nginx-access fields_under_root: true - type: log paths: - /var/log/nginx/error.log # tags: ["error"] fields: app: www type: nginx-error fields_under_root: true output.logstash: hosts: ['172.31.182.140:5044'] |
3.添加logstas配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | [root@master logs]# cat /etc/logstash/conf.d/logstash-to-es.confinput { beats { port => 5044 }}filter {}output { if [app] == "www" { if [type] == "nginx-access" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "nginx-access-%{+YYYY.MM.dd}" } } else if [type] == "nginx-error" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "nginx-error-%{+YYYY.MM.dd}" } } } else if [app] == "k8s" { if [type] == "module" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "k8s-log-%{+YYYY.MM.dd}" } } }# stdout { codec=> rubydebug }} |
4.kibana添加索引
四、收集tomcat日志
1.1.创建tomcat-deployment
默认的日志路径为:/usr/local/tomcat/logs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | [root@master logs]# cat tomcat-deployment.yamlapiVersion: apps/v1beta1kind: Deploymentmetadata: name: tomcat-java-demo# namespace: testspec: replicas: 3 selector: matchLabels: project: www app: www template: metadata: labels: project: www app: www spec: imagePullSecrets: - name: registry-pull-secret containers: - name: tomcat image: tomcat:latest imagePullPolicy: Always ports: - containerPort: 8080 name: web protocol: TCP resources: requests: cpu: 0.5 memory: 1Gi limits: cpu: 1 memory: 2Gi livenessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 60 timeoutSeconds: 20 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 60 timeoutSeconds: 20 volumeMounts: - name: tomcat-logs mountPath: /usr/local/tomcat/logs - name: filebeat image: docker.elastic.co/beats/filebeat:6.4.2 args: [ "-c", "/etc/filebeat.yml", "-e", ] resources: limits: memory: 500Mi requests: cpu: 100m memory: 100Mi securityContext: runAsUser: 0 volumeMounts: - name: filebeat-config mountPath: /etc/filebeat.yml subPath: filebeat.yml - name: tomcat-logs mountPath: /usr/local/tomcat/logs volumes: - name: tomcat-logs emptyDir: {} - name: filebeat-config configMap: name: filebeat-config |
2.创建filebest收集tomcat日志
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@master logs]# cat filebeat-tomcat-configmap.yamlapiVersion: v1kind: ConfigMapmetadata: name: filebeat-config# namespace: test data: filebeat.yml: |- filebeat.prospectors: - type: log paths: - /usr/local/tomcat/logs/catalina.* # tags: ["tomcat"] fields: app: www type: tomcat-catalina fields_under_root: true multiline: pattern: '^\[' negate: true match: after output.logstash: hosts: ['172.31.182.140:5044'] |
3.添加logstas配置后重启
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | [root@master logs]# cat /etc/logstash/conf.d/logstash-to-es.confinput { beats { port => 5044 }}filter {}output { if [app] == "www" { if [type] == "nginx-access" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "nginx-access-%{+YYYY.MM.dd}" } } else if [type] == "nginx-error" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "nginx-error-%{+YYYY.MM.dd}" } } else if [type] == "tomcat-catalina" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "tomcat-catalina-%{+YYYY.MM.dd}" } } } else if [app] == "k8s" { if [type] == "module" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "k8s-log-%{+YYYY.MM.dd}" } } }# stdout { codec=> rubydebug }} |
4.kibana添加索引
如对您有帮助,支持下呗!
微信
支付宝
分类:
Kubernetes
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
2018-04-27 rsync排除多个文件实现同步