The services in the K8S cluster need to collect logs. The services are deployed in pod mode in the cluster, that is, collect logs in containers.
Second, the plan
There are two types of container logs
Console logs: Console logs are stored in the docker directory of the host computer. The container directory is mounted to FluentD. Fluentd collects logs and sends them to ELK through Kafka.
User-generated logging: You need to mount internal container logs to third-party storage and send logs to ELK via Kafka via Fluted.
Users can perform log retrieval, service monitoring, and alarm configurations based on their own requirements in ELK.
Three, configuration,
Yaml contains the configuration of Fluentd, presented in configMap, and the deployment of Fluentd.
For details about fluentD configuration files, see the official website.
The indicators include: Prometheus Indicators:
@type tail Configuration related to log collection
Added custom Prometheus indicators
Configuration kafka
configmap
apiVersion:v1kind:ConfigMapmetadata:name:fluentd-config-proThis name should correspond to that in deploymentnamespace:kube-systemlabels:k8s-app:fluentd-loggingversion:v1kubernetes.io/cluster-service:"true"data:fluent.conf:| # # Prometheus exposure index input plugin that exports the metrics < source > @ type Prometheus bind 0.0.0.0 port # 24231 Metrics_path /metrics aggregated_metrics_path/Aggregated_metrics @type Port for which Prometheus indicators are exposed Monitor_agent bind 0.0.0.0 port 24220 @type forward bind 0.0.0.0 port 24224 # input plugin that collects metrics for output plugin<source>@typeprometheus_output_monitor<labels>host${hostname}</labels></source># input plugin that collects metrics for in_tail plugin<source>@typeprometheus_tail_monitor<labels>host${hostname}</labels></source>## Collect file log configuration<source>@typetailpath/home/work/logs/hadoop_nm_test/*The path of logs to be collected can be matched with *taglogpath.*Add a tag and filter it by tagrotate_wait120refresh_interval10read_from_headtrue#time_key event_timekeep_time_keytrue#path_key sourceid#limit_recently_modified 86400#timekey_zone Asia/Shanghaipos_file_compaction_interval1hpos_file/home/work/log-pos/fluentd-log-1.pos# Fluentd Read the location of the log file. It is best to save it outside the container, otherwise the POD restart will cause the log to be collected from scratch.<parse>@typenone</parse></source><filter* * >@typerecord_transformer<record>nodeip"#{ENV['MY_NODE_IP']}"</record></filter><filter* * >@typerecord_transformer<record>message${record["nodeip"]}${record["message"]}</record></filter><filterlogpath.home.work.face.logs.hadoop_nm_test.**>@typeprometheus# You can use counter type without specifying a key# This just increments counter by 1<metric>namede_input_num_records_total# Total number of rows read for Prometheus monitoringtypecounterdescThetotalnumberofinputrecords<labels>tag${tag}host${hostname}host$.nodeip</labels></metric></filter># configuration kafka<matchlogpath.home.work.face.logs.hadoop_nm_test.**>@typecopy# for MonitorAgent sample<store>@typekafka2brokers [Kafka node] # kafka cluster nodes<buffertopic>@typefilepath/fluentd/buffer/td/apiflush_interval3s</buffer><format>@typesingle_value</format>default_topic [kafkatopic] # Kafka cluster topic</store><store>@idcaelus_prometheus@typeprometheus<metric>namede_output_num_records_total# Total number of output lines for Prometheus monitoringtypecounterdescThetotalnumberofoutgoingrecords<labels>tag${tag}host${hostname}host$.nodeip</labels></metric></store></match>Copy the code
deployment
apiVersion:apps/v1kind:DaemonSetmetadata:name:fluentd-pronamespace:kube-systemlabels:k8s-app:fluentd-loggingversion:v1annotations:configmap.reloader.stakater.com/reload:"fluentd-config-name"# fluentd-config-name specifies the configmap namespec:selector:matchLabels:k8s-app:fluentd-loggingversion:v1template:metadata:labels:k8s-app:fluentd-loggingversion:v1spec:tolerations:-key:node-role.kubernetes.io/mastereffect:NoSchedulecontainers:-name:fluentdenv:-name:MY_NODE_IPvalueFrom:fieldRef:apiVersion:v1fieldPath:status.hostIP# image: fluentd: v1.14.0-1.0image:registry.ke.com/docker-virtual/common/fluentd:v1.10.2-1.0args:#- -v# - -c /fluentd/etc/fluent.conf#command: [ "sleep", "3600" ]securityContext:runAsUser:0allowPrivilegeEscalation:falseimagePullPolicy:IfNotPresentports:-name:fluentdcontainerPort:24231NodePort is used for index exposurehostPort:24231resources:limits:cpu:500mmemory:1000Mirequests:cpu:500mmemory:1000MivolumeMounts:-name:api-logsmountPath:/home/work/face/logsreadOnly:true-name:tz-configmountPath:/etc/localtimereadOnly:true-name:config-sourcemountPath:/fluentd/etc/fluent.confsubPath:fluent.conf-name:fluted-log-posmountPath:/home/work/log-posterminationGracePeriodSeconds:30volumes:-name:api-logshostPath:path:/home/work/face/logs# host log file location-name:tz-confighostPath:path:/usr/share/zoneinfo/Asia/Shanghai-name:fluted-log-poshostPath:path:/home/work/face/log-ops-name:config-sourceconfigMap:name:fluentd-config-pro# corresponds to configmap aboveitems:-key:fluent.confpath:fluent.confCopy the code
Hot loading of fluentD configuration files
During FluentD deployment, newly added services often need to collect logs. In this case, you only need to modify the ConfigMap to add the Fluentd configuration. However, if you only modify the ConfigMap, the configuration is not hot loaded in POD.
So use a plug-in Reloader to deploy the plug-in.
kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
Copy the code
And add it in deployment
annotations: configmap.reloader.stakater.com/reload: "fluentd-config-name"
Copy the code
Note: This hot loading will cause pod to restart, so the pos_file in FluentD must be mounted outside the container or the logs will be recollected each time.
Five, the pit
There are subdirectories in log files
Fluentd does not collect files under subdirectories if there are subdirectories under the source directory, so you need to add each subdirectory separately. Multiple directories can be configured at the same time.
Error collecting docker container console logs
2018-08-03 06:36:53 +0000 [warn]: /var/log/containers/samplelog-79bd66868b-t7xn9_logging1_fluentd-70e85c5d6328e7d.log unreadable. It is excluded and would be examined next time. 2018-08-03 06:37:53 +0000 [warn]: /var/log/containers/samplelog-79bd66868b-t7xn9_logging1_fluentd-70e85c5bc89ab24.log unreadable. It is excluded and would be examined next time.Copy the code
Because the/var/log/containers is soft chain to/var/lib/containers or/home/work/docker/containers below, so the actual log is stored in the soft even the source address.
You need to mount the original address into the POD as well
