一、使用Filebeat收集容器内的日志¶
有些程序在设计时,并没有符合云原生设计,也就是把程序的日志直接输出到了本地文件,此时如果也需要收集日志,可以在程序的 Pod 内,启动一个 Filebeat 的容器,用于收集日志。
1、创建存放目录
[root@k8s-master01 ~]# cd /root/eck/
[root@k8s-master01 eck]# mkdir sidecar
2、创建相关文件
创建app.yaml文件
[root@k8s-master01 ~]# cd /root/eck/sidecar/
[root@k8s-master01 sidecar]# vim app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
labels:
app: app
env: release
spec:
selector:
matchLabels:
app: app
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
# minReadySeconds: 30
template:
metadata:
labels:
app: app
spec:
containers:
- name: app
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/alpine:3.6
imagePullPolicy: IfNotPresent
volumeMounts:
- name: logpath
mountPath: /opt/
env:
- name: TZ
value: "Asia/Shanghai"
- name: LANG
value: C.UTF-8
- name: LC_ALL
value: C.UTF-8
command:
- sh
- -c
- while true; do date >> /opt/date.log; sleep 2; done
volumes:
- name: logpath
emptyDir: {}
# 应用
[root@k8s-master01 sidecar]# kaf app.yaml
# 查看pod
[root@k8s-master01 sidecar]# kgp | grep app
app-7cb6869459-tzcxs 1/1 Running 0 2m8s
# 该pod无法通过logs -f查看日志文件
[root@k8s-master01 sidecar]# k logs -f app-7cb6869459-tzcxs
# 该pod只能通过进入容器后查看日志文件
[root@k8s-master01 sidecar]# k exec -it app-7cb6869459-tzcxs -- sh
/ # tail -f /opt/date.log
Thu Apr 24 02:00:43 UTC 2025
Thu Apr 24 02:00:45 UTC 2025
Thu Apr 24 02:00:47 UTC 2025
Thu Apr 24 02:00:49 UTC 2025
Thu Apr 24 02:00:51 UTC 2025
Thu Apr 24 02:00:53 UTC 2025
Thu Apr 24 02:00:55 UTC 2025
Thu Apr 24 02:00:57 UTC 2025
Thu Apr 24 02:00:59 UTC 2025
Thu Apr 24 02:01:01 UTC 2025
Thu Apr 24 02:01:03 UTC 2025
创建filebeat-cm.yaml文件
[root@k8s-master01 ~]# cd /root/eck/sidecar/
[root@k8s-master01 sidecar]# vim filebeat-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeatconf
data:
filebeat.yml: |-
filebeat.inputs:
- input_type: log
paths:
- /data/log/*/*.log
tail_files: true
fields:
pod_name: '${podName}'
pod_ip: '${podIp}'
pod_deploy_name: '${podDeployName}'
pod_namespace: '${podNamespace}'
fields_under_root: true
output.kafka:
hosts: ["kafka.logging:9092"]
topic: "k8spodlogs"
codec.json:
pretty: false
keep_alive: 30s
# 应用
[root@k8s-master01 sidecar]# kaf filebeat-cm.yaml
创建app-filebeat.yaml文件
[root@k8s-master01 ~]# cd /root/eck/sidecar/
[root@k8s-master01 sidecar]# vim app-filebeat.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
labels:
app: app
env: release
spec:
selector:
matchLabels:
app: app
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
# minReadySeconds: 30
template:
metadata:
labels:
app: app
spec:
containers:
- name: filebeat
image: registry.cn-hangzhou.aliyuncs.com/github_images1024/filebeat:8.17.0
args:
- -e
- -c
- /mnt/filebeat.yml
resources:
requests:
memory: "100Mi"
cpu: "10m"
limits:
cpu: "200m"
memory: "300Mi"
imagePullPolicy: IfNotPresent
env:
- name: podIp
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: podName
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: podNamespace
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: podDeployName
value: app
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: TZ
value: "Asia/Shanghai"
securityContext:
runAsUser: 0
volumeMounts:
- name: logpath
mountPath: /data/log/app/
- name: filebeatconf
mountPath: /mnt/
- name: app
image: registry.cn-hangzhou.aliyuncs.com/abroad_images/alpine:3.6
imagePullPolicy: IfNotPresent
volumeMounts:
- name: logpath
mountPath: /opt/
env:
- name: TZ
value: "Asia/Shanghai"
- name: LANG
value: C.UTF-8
- name: LC_ALL
value: C.UTF-8
command:
- sh
- -c
- while true; do date >> /opt/date.log; sleep 2; done
volumes:
- name: logpath
emptyDir: {}
- name: filebeatconf
configMap:
name: filebeatconf
items:
- key: filebeat.yml
path: filebeat.yml
# 应用
[root@k8s-master01 sidecar]# k replace -f app-filebeat.yaml
# 查看pod
[root@k8s-master01 sidecar]# kgp
NAME READY STATUS RESTARTS AGE
app-5ffb6486f6-jwwts 2/2 Running 0 9m15s
3、在搜索框中搜索message,选择message后,点击后面的【+】
4、观察到message信息输出日志信息
3.7 环境清理¶
1、卸载 sidecar
[root@k8s-master01 ~]# cd /root/eck/sidecar/
[root@k8s-master01 sidecar]# kubectl delete -f app-filebeat.yaml -f app.yaml -f filebeat-cm.yaml
2、卸载 ECK
[root@k8s-master01 ~]# cd /root/eck/
[root@k8s-master01 eck]# kubectl delete -f filebeat.yaml -f filebeat-rbac.yaml -f logstash.yaml -f kibana.yaml -f es-cluster.yaml -n logging
3、卸载 CRD
[root@k8s-master01 eck]# kubectl delete -f crds.yaml -f operator.yaml
4、卸载kafka和zk
[root@k8s-master01 eck]# helm delete kafka zookeeper -n logging
[root@k8s-master01 eck]# k delete po kafka-client -n logging