Shulou(Shulou.com)06/02 Report--

Kubernetes operation and maintenance staff use elk Stack to collect K8s platform logs

Table of contents:

What logs are collected? how to collect logs in the container of elk Stack log scheme? application log collection in K8S platform (templates can be used for logs of spring cloud and Dubbo micro services) change according to your project requirements

First, which logs are collected

The component log of K8s system, such as the components under kubectl get cs

Controller-manager,scheduler,apiserver on the master node

Kubelet,kube-proxy on the node node

Application logs deployed in K8s Cluster

Standard output log file

Elk Stack log scheme, how to collect these logs?

Elasticsearch is a distributed search and analysis engine based on JSON, which can retrieve quickly.

Kibban is mainly used to display ES data.

Beats is a platform for lightweight collectors, that is, there are many components in it, which can be collected in different application scenarios.

Logstach is a pipeline for dynamic data collection, which mainly filters and analyzes the data and formats it into ES.

Here, a data stream is formed. The first choice is Beats, followed by Logstach, followed by ES, followed by kibana, so this technology stack is very perfect. The beats series also has many components, such as the collection of network data, log files, windos events, and running time, while the elk stack can collect not only data logs, but also indicators of performance resources, such as CPU, memory, and networks. here, uh, Filebeat is mainly used to collect log files. Find a professional to do the monitoring, such as prometheus.

Then again, how do you collect the container logs?

Scenario 1: deploy a log collector on Node

Deploy log collector in DaemonSet mode

For this node / var/log and / var/lib/docker/containers/

Collect logs under two directories

The container log directory in Pod is mounted to the host unified directory

That is, my-pod is the container, and then the standard input and output is sent to the console. In time, it is taken over by docker and landed in a specific file. Docker will take over the standard output and standard error output, and then write it to a log. Here, a log collection agent will be set up to collect the log, and this picture probably means to deploy a log collector on each of your node. Then collect pod logs, and the directory of standard input and output is under / var/lib/docker/containers/ by default. This is the read and write layer of the current container, which contains a log, which is generally mounted to distributed storage. If it is mounted to the directory of the host, it is not very convenient, but also to distinguish all containers. If you use distributed storage, such as a pod, directly let the storage specifically store the log volume.

Mount it to the startup container in the container, hang the volume each one, and eventually fall on it, which is better.

Scenario 2: attach a container for dedicated log collection in Pod

Add a log to the Pod of each running application

Collect the container and use the emtyDir shared log directory to let

The log collector reads.

The second is a sidecar mode, that is, to add a container to your sidecar mode that specifically deals with what you want, which is called a bypass, that is, next to your business, a container is added to deal with the logs of your business, that is, container An is used to write a log directory and share it to this directory, that is, the shared directory, that is, in the host directory. Then Container B reads and mounts this data volume, and it can also naturally read the contents of the current data volume, so in this case, uh, you can attach a Pod to get the log.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.