gpt4 book ai didi

logging - 使用 Sidecar 模式进行 Kubernetes 日志收集

转载 作者:行者123 更新时间:2023-12-02 12:12:53 27 4
gpt4 key购买 nike

我已将我的应用程序连同从示例应用程序收集日志的流利位边车容器一起部署到 Kubernetes pod 中。

apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-flb-sidecar
namespace: default
labels:
app.kubernetes.io/name: default
helm.sh/chart: default-0.1.0
app.kubernetes.io/instance: flb-sidecar
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: default
app.kubernetes.io/instance: flb-sidecar
template:
metadata:
labels:
app.kubernetes.io/name: default
app.kubernetes.io/instance: flb-sidecar
spec:
containers:
- name: default
image: "nginx:stable"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
volumeMounts:
- name: log-volume
mountPath: var/log/nginx
- name: default-fluentbit
image: "fluent/fluent-bit:1.3-debug"
imagePullPolicy: IfNotPresent
ports:
- name: metrics
containerPort: 2020
protocol: TCP
volumeMounts:
- name: config-volume
mountPath: /fluent-bit/etc/
- name: log-volume
mountPath: var/log/nginx
volumes:
- name: log-volume
emptyDir: {}
- name: config-volume
configMap:
name: nginx-flb-sidecar

我的 fluent-bit 配置为跟踪来自 /var/log/ngnix/access.log

的日志
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-flb-sidecar
namespace: default
labels:
app.kubernetes.io/name: default
helm.sh/chart: default-0.1.0
app.kubernetes.io/instance: flb-sidecar
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
data:
# Configuration files: server, input, filters and output
# ======================================================
fluent-bit.conf: |
[SERVICE]
Flush 5
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020

[INPUT]
Name tail
Tag nginx.access
Parser nginx
Path /var/log/nginx/access.log

[INPUT]
Name tail
Tag nginx.error
Parser nginx
Path /var/log/nginx/error.log

[OUTPUT]
Name stdout
Match *

[OUTPUT]
Name forward
Match *
Host test-l-LoadB-2zC78B5KYFQJC-13137e1aac9bf29c.elb.us-east-2.amazonaws.com
Port 24224

parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$

[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*))" "(?<agent>[^\"]*)"(?: "(?<target>[^\"]*))"$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On

[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S

如果我没有安装卷,我的应用程序的日志将被路由到 stdout/stderr。

我需要启用 fluent-bit 以从 stdout/stderr 读取。我怎样才能做到这一点?

谢谢

最佳答案

需要明确的是,在 kubernetes 中运行的 fluentbit 中无法直接访问 stdout/stderr。您需要将日志写入某处的磁盘。事实上,尽管看起来有点浪费,但我发现同时写入 stdout 和磁盘上的某个位置实际上更好,因为您可以更严格地控​​制日志格式,而不必在 fluentbit 中跳过那么多的环节将日志行修改为适合您的内容(这对于使用 log4net 或 Serilog 等日志提供程序的应用程序日志非常有用)。

无论如何,我想我会把这个简介留在这里,因为如果您可以将日志发送到标准输出并在磁盘上找到一个位置,这似乎是一个可行的解决方案。

在撰写本文时,Fargate 上的 AWS EKS 有点“前沿”,因此我们决定采用 sidecar 方法,因为它的功能更丰富一些。具体来说,不支持多行日志消息(这在记录异常时很常见),也不支持通过 Kubernetes 过滤器添加 K8s 信息,如 pod 名称等。

无论如何,这是我的 deployment.yml 的简化示例(用您的东西替换尖括号包围的任何内容。

apiVersion: apps/v1
kind: Deployment
metadata:
name: <appName>
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: <appName>
spec:
containers:
- image: <imageName>
imagePullPolicy: IfNotPresent
name: <appName>
volumeMounts:
- name: logs
mountPath: /logs
- image: public.ecr.aws/aws-observability/aws-for-fluent-bit:2.12.0
name: fluentbit
imagePullPolicy: IfNotPresent
env:
- name: APP_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['app']
volumeMounts:
- name: fluent-bit-config
mountPath: /fluent-bit/etc/
- name: logs
mountPath: /logs
volumes:
- name: fluent-bit-config
configMap:
name: fluent-bit-config
- name: logs
emptyDir: {}

还有我的 configmap.yml 的简化版本(如果你使用 `kubectl create 创建 fluent-bit.confparsers.conf 文件就可以创建它configmap fluent-bit-config --from-file=fluent-bit.conf --from-file=parsers.conf --dry-run=cluent -o yml > configmap.yml)。这些文件最终作为文件挂载到正在运行的容器上的/fluent-bit/etc/下(这就是我在/fluent-bit/etc 中引用 parsers.conf 的原因)。

apiVersion: v1
data:
fluent-bit.conf: |-
[SERVICE]
Parsers_File /fluent-bit/etc/parsers.conf

[INPUT]
Name tail
Tag logs.*
Path /logs/*.log
DB /logs/flb_kube.db
Parser read_firstline
Mem_Buf_Limit 100MB
Skip_Long_Lines On
Refresh_Interval 5

[FILTER]
Name modify
Match logs.*
RENAME log event
SET source ${HOSTNAME}
SET sourcetype ${APP_NAME}
SET host ${KUBERNETES_SERVICE_HOST}

[OUTPUT]
Name stdout
parsers.conf: |-
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$

[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On

[PARSER]
# http://rubular.com/r/tjUt3Awgg4
Name cri
Format regex
Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z

[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
kind: ConfigMap
metadata:
creationTimestamp: null
name: fluent-bit-config

请注意,其中一个笨拙的部分是对 fluentbit 配置的任何更改都需要您强制部署应用程序,因为您需要 fluentbit sidecar 来获取新配置(您可以使用带有DateTime 或提交哈希,或者您甚至可以通过就绪探测变得聪明)。

还要注意 [FILTER] 部分。这就是从运行时环境获取 kubernetes-contextual-info 的神奇之处(HOSTNAME 和 KUBERNETES_SERVICE_HOST 由 K8s 提供,您将元数据部分中的标签作为 APP_NAME 注入(inject))。注入(inject)标签仅在 1.19 中添加到 K8s DownwardAPI,因此您需要使用较新的版本。

关于logging - 使用 Sidecar 模式进行 Kubernetes 日志收集,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60710515/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com