收集Kubernetes中应用的日志信息并输出到Elasticsearch中
    新增 vi filebeat-kubernetes-7.3.yaml 文件
    部署类型为DaemonSet确保在Kubernetes中每个节点都有一份部署。

    1. ---
    2. apiVersion: v1
    3. kind: ConfigMap
    4. metadata:
    5. name: filebeat-config
    6. namespace: kube-system
    7. labels:
    8. k8s-app: filebeat
    9. data:
    10. filebeat.yml: |-
    11. filebeat.inputs:
    12. - type: container
    13. paths:
    14. - /var/log/containers/ruoyi-admin-*.log
    15. processors:
    16. - add_kubernetes_metadata:
    17. in_cluster: true
    18. host: ${NODE_NAME}
    19. matchers:
    20. - logs_path:
    21. logs_path: "/var/log/containers/"
    22. # To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
    23. #filebeat.autodiscover:
    24. # providers:
    25. # - type: kubernetes
    26. # host: ${NODE_NAME}
    27. # hints.enabled: true
    28. # hints.default_config:
    29. # type: container
    30. # paths:
    31. # - /var/log/containers/*${data.kubernetes.container.id}.log
    32. # https://www.elastic.co/guide/en/beats/filebeat/7.3/filtering-and-enhancing-data.html
    33. processors:
    34. - decode_json_fields:
    35. fields: ["message","logger_name","thread_name","level","level_value"]
    36. process_array: false
    37. max_depth: 1
    38. target: ""
    39. overwrite_keys: false
    40. - drop_fields:
    41. fields: ["@version"]
    42. # - add_cloud_metadata:
    43. # - add_host_metadata:
    44. #cloud.id: ${ELASTIC_CLOUD_ID}
    45. #cloud.auth: ${ELASTIC_CLOUD_AUTH}
    46. # https://www.elastic.co/guide/en/beats/filebeat/7.3/elasticsearch-output.html
    47. output.elasticsearch:
    48. hosts: ['http://10.144.104.148:9200','http://10.144.66.152:9200']
    49. #username: ${ELASTICSEARCH_USERNAME}
    50. #password: ${ELASTICSEARCH_PASSWORD}
    51. indices:
    52. - index: "ruoyi-admin-%{+yyyy.MM.dd}"
    53. # - index: "ruoyi-admin-info-%{+yyyy.MM.dd}"
    54. # when.contains:
    55. # message: "info"
    56. # - index: "ruoyi-admin-warn-%{+yyyy.MM.dd}"
    57. # when.contains:
    58. # message: "warn"
    59. # - index: "ruoyi-admin-error-%{+yyyy.MM.dd}"
    60. # when.contains:
    61. # message: "error"
    62. ---
    63. apiVersion: apps/v1
    64. kind: DaemonSet
    65. metadata:
    66. name: filebeat
    67. namespace: kube-system
    68. labels:
    69. k8s-app: filebeat
    70. spec:
    71. selector:
    72. matchLabels:
    73. k8s-app: filebeat
    74. template:
    75. metadata:
    76. labels:
    77. k8s-app: filebeat
    78. spec:
    79. serviceAccountName: filebeat
    80. terminationGracePeriodSeconds: 30
    81. hostNetwork: true
    82. dnsPolicy: ClusterFirstWithHostNet
    83. containers:
    84. - name: filebeat
    85. image: 192.168.28.150:8001/elastic/docker.elastic.co/beats/filebeat:7.3.2
    86. args: [
    87. "-c", "/etc/filebeat.yml",
    88. "-e",
    89. ]
    90. env:
    91. - name: ELASTICSEARCH_HOST
    92. value: elasticsearch
    93. - name: ELASTICSEARCH_PORT
    94. value: "9200"
    95. - name: ELASTICSEARCH_USERNAME
    96. value: elastic
    97. - name: ELASTICSEARCH_PASSWORD
    98. value: changeme
    99. - name: ELASTIC_CLOUD_ID
    100. value:
    101. - name: ELASTIC_CLOUD_AUTH
    102. value:
    103. - name: NODE_NAME
    104. valueFrom:
    105. fieldRef:
    106. fieldPath: spec.nodeName
    107. securityContext:
    108. runAsUser: 0
    109. # If using Red Hat OpenShift uncomment this:
    110. #privileged: true
    111. resources:
    112. limits:
    113. memory: 200Mi
    114. requests:
    115. cpu: 100m
    116. memory: 100Mi
    117. volumeMounts:
    118. - name: config
    119. mountPath: /etc/filebeat.yml
    120. readOnly: true
    121. subPath: filebeat.yml
    122. - name: data
    123. mountPath: /usr/share/filebeat/data
    124. - name: varlibdockercontainers
    125. mountPath: /var/lib/docker/containers
    126. readOnly: true
    127. - name: varlog
    128. mountPath: /var/log
    129. readOnly: true
    130. volumes:
    131. - name: config
    132. configMap:
    133. defaultMode: 0600
    134. name: filebeat-config
    135. - name: varlibdockercontainers
    136. hostPath:
    137. path: /var/lib/docker/containers
    138. - name: varlog
    139. hostPath:
    140. path: /var/log
    141. # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
    142. - name: data
    143. hostPath:
    144. path: /var/lib/filebeat-data
    145. type: DirectoryOrCreate
    146. ---
    147. apiVersion: rbac.authorization.k8s.io/v1
    148. kind: ClusterRoleBinding
    149. metadata:
    150. name: filebeat
    151. subjects:
    152. - kind: ServiceAccount
    153. name: filebeat
    154. namespace: kube-system
    155. roleRef:
    156. kind: ClusterRole
    157. name: filebeat
    158. apiGroup: rbac.authorization.k8s.io
    159. ---
    160. apiVersion: rbac.authorization.k8s.io/v1
    161. kind: ClusterRole
    162. metadata:
    163. name: filebeat
    164. labels:
    165. k8s-app: filebeat
    166. rules:
    167. - apiGroups: [""] # "" indicates the core API group
    168. resources:
    169. - namespaces
    170. - pods
    171. verbs:
    172. - get
    173. - watch
    174. - list
    175. ---
    176. apiVersion: v1
    177. kind: ServiceAccount
    178. metadata:
    179. name: filebeat
    180. namespace: kube-system
    181. labels:
    182. k8s-app: filebeat
    183. ---

    应用部署文件

    kubectl apply -f filebeat-kubernetes-7.3.yaml