Shulou(Shulou.com)06/02 Report--

1. K8s overall log collection scheme

The overall log collection scheme, as shown in the following figure:

Filebeat is a log data collector for local files, which monitors log directories or specific log files (tail file) and forwards them to Elasticsearch or Logstatsh for indexing, kafka, and so on. With internal modules (auditd,Apache,Nginx,System and MySQL), you can simplify the collection, parsing and visualization of the common log format with a specified command. ELK is short for Elasticsearch, Logstash, and Kibana, which are the core suites, but not all of them. Elasticsearch is a real-time full-text search and analysis engine, which provides three major functions of collecting, analyzing and storing data; it is a set of open REST and JAVA API structures that provide efficient search functions and scalable distributed systems. It is built on top of the Apache Lucene search engine library. Logstash is a tool for collecting, analyzing, and filtering logs. It supports almost any type of log, including Syslog, error log, and custom application log. It can receive logs from many sources, including syslog, messaging (such as RabbitMQ), and JMX, which can output data in a variety of ways, including e-mail, websockets, and Elasticsearch.

Kibana is a Web-based graphical interface for searching, analyzing, and visualizing log data stored in Elasticsearch metrics. It uses Elasticsearch's REST interface to retrieve data, not only allowing users to create custom dashboard views of their own data, but also allowing them to query and filter data in a special way.

Second, log collection for different components

Deploy a log collector on Node: deploy the log collector in DaemonSet mode. Collect the logs under the / var/log and / var/lib/docker/containers/ directories of this node.

Additional dedicated log collection container in Pod: a log collection container is added to the Pod of each running application, which is read by the log collector using the emtyDir shared log directory.

The application pushes the log directly: it does not fall within the scope of Kubernetes.

Third, install ELK install JDK: here we use jdk-8u181-linux-x64.tar.gz (the installation process is omitted, very simple) install Elasticsearch: directly decompress start, you can, execute the following statement to test ES.

Install Kibana: core configuration file config/kibana.ymlserver.port: 5601server.host: "192.168.79.110" elasticsearch.hosts: ["http://localhost:9200"] startup: bin/kibana" Visit the Web Console: http://192.168.79.110:5601 installation logstash: core configuration file config/logstash.confinput {beats {port = > 5044}} output {elasticsearch {hosts = > ["http://localhost:9200"] index = >" k8sMurray% {+ YYYY-MM-dd} "} start: bin/logstash-f config/logstash.conf IV, collect k8s component logs

Filebeat's configuration file, filebeat.yml, is managed by ConfigMap, and the k8s component log is recorded in the node node native / var/log/messages directory, so mount the node node / var/log/messages directory into pod. Create and collect k8s component log / var/log/messages resources. Create the yaml file as follows: k8s-logs.yaml, and execute kubectl create-f k8s-logs.yaml

ApiVersion: v1kind: ConfigMapmetadata: name: k8s-logs-filebeat-config namespace: kube-systemdata: filebeat.yml: |-filebeat.prospectors:-type: log paths:-/ messages fields: app: K8s type: module fields_under_root: true output.logstash: hosts: ['192.168.79.110virtual 5044']-- apiVersion: apps/v1kind: DaemonSetmetadata : name: k8s-logs namespace: kube-systemspec: selector: matchLabels: project: K8s app: filebeat template: metadata: labels: project: K8s app: filebeat spec: containers:-name: filebeat image: collenzhao/filebeat:6.5.4 args: ["- c" "/ etc/filebeat.yml", "- e" ] resources: requests: cpu: 100m memory: 100Mi limits: cpu: 500m memory: 500Mi securityContext: runAsUser: 0 volumeMounts:-name: filebeat-config mountPath: / etc/filebeat.yml subPath: filebeat.yml-name: k8s-logs MountPath: / messages volumes:-name: k8s-logs hostPath: path: / var/log/messages type: File-name: filebeat-config configMap: name: k8s-logs-filebeat-config

The following figure shows the information generated by Kibana.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.