收集Kubernetes中应用的日志信息并输出到Elasticsearch中
新增 vi filebeat-kubernetes-7.3.yaml 文件
部署类型为DaemonSet确保在Kubernetes中每个节点都有一份部署。
---apiVersion: v1kind: ConfigMapmetadata:name: filebeat-confignamespace: kube-systemlabels:k8s-app: filebeatdata:filebeat.yml: |-filebeat.inputs:- type: containerpaths:- /var/log/containers/ruoyi-admin-*.logprocessors:- add_kubernetes_metadata:in_cluster: truehost: ${NODE_NAME}matchers:- logs_path:logs_path: "/var/log/containers/"# To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:#filebeat.autodiscover:# providers:# - type: kubernetes# host: ${NODE_NAME}# hints.enabled: true# hints.default_config:# type: container# paths:# - /var/log/containers/*${data.kubernetes.container.id}.log# https://www.elastic.co/guide/en/beats/filebeat/7.3/filtering-and-enhancing-data.htmlprocessors:- decode_json_fields:fields: ["message","logger_name","thread_name","level","level_value"]process_array: falsemax_depth: 1target: ""overwrite_keys: false- drop_fields:fields: ["@version"]# - add_cloud_metadata:# - add_host_metadata:#cloud.id: ${ELASTIC_CLOUD_ID}#cloud.auth: ${ELASTIC_CLOUD_AUTH}# https://www.elastic.co/guide/en/beats/filebeat/7.3/elasticsearch-output.htmloutput.elasticsearch:hosts: ['http://10.144.104.148:9200','http://10.144.66.152:9200']#username: ${ELASTICSEARCH_USERNAME}#password: ${ELASTICSEARCH_PASSWORD}indices:- index: "ruoyi-admin-%{+yyyy.MM.dd}"# - index: "ruoyi-admin-info-%{+yyyy.MM.dd}"# when.contains:# message: "info"# - index: "ruoyi-admin-warn-%{+yyyy.MM.dd}"# when.contains:# message: "warn"# - index: "ruoyi-admin-error-%{+yyyy.MM.dd}"# when.contains:# message: "error"---apiVersion: apps/v1kind: DaemonSetmetadata:name: filebeatnamespace: kube-systemlabels:k8s-app: filebeatspec:selector:matchLabels:k8s-app: filebeattemplate:metadata:labels:k8s-app: filebeatspec:serviceAccountName: filebeatterminationGracePeriodSeconds: 30hostNetwork: truednsPolicy: ClusterFirstWithHostNetcontainers:- name: filebeatimage: 192.168.28.150:8001/elastic/docker.elastic.co/beats/filebeat:7.3.2args: ["-c", "/etc/filebeat.yml","-e",]env:- name: ELASTICSEARCH_HOSTvalue: elasticsearch- name: ELASTICSEARCH_PORTvalue: "9200"- name: ELASTICSEARCH_USERNAMEvalue: elastic- name: ELASTICSEARCH_PASSWORDvalue: changeme- name: ELASTIC_CLOUD_IDvalue:- name: ELASTIC_CLOUD_AUTHvalue:- name: NODE_NAMEvalueFrom:fieldRef:fieldPath: spec.nodeNamesecurityContext:runAsUser: 0# If using Red Hat OpenShift uncomment this:#privileged: trueresources:limits:memory: 200Mirequests:cpu: 100mmemory: 100MivolumeMounts:- name: configmountPath: /etc/filebeat.ymlreadOnly: truesubPath: filebeat.yml- name: datamountPath: /usr/share/filebeat/data- name: varlibdockercontainersmountPath: /var/lib/docker/containersreadOnly: true- name: varlogmountPath: /var/logreadOnly: truevolumes:- name: configconfigMap:defaultMode: 0600name: filebeat-config- name: varlibdockercontainershostPath:path: /var/lib/docker/containers- name: varloghostPath:path: /var/log# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart- name: datahostPath:path: /var/lib/filebeat-datatype: DirectoryOrCreate---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:name: filebeatsubjects:- kind: ServiceAccountname: filebeatnamespace: kube-systemroleRef:kind: ClusterRolename: filebeatapiGroup: rbac.authorization.k8s.io---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: filebeatlabels:k8s-app: filebeatrules:- apiGroups: [""] # "" indicates the core API groupresources:- namespaces- podsverbs:- get- watch- list---apiVersion: v1kind: ServiceAccountmetadata:name: filebeatnamespace: kube-systemlabels:k8s-app: filebeat---
应用部署文件
kubectl apply -f filebeat-kubernetes-7.3.yaml
若有收获,就点个赞吧
0 人点赞
