目的
修改docker 日志模式
首先修改docker 的日志模式为json,对于CentOS使用的yum安装的的docker-1.12,我们需要使用如下进行配置。
修改日志配置文件。如没有则创建 Shell>#vi /etc/docker/daemon.json
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
部署
apiVersion: v1
kind: Namespace
metadata:
name: kube-logging
这里使用deployment部署elasticsearch单机应用,同时在k8s群集内发布服务。服务端口为9200和9300。
这里创建kibana启动需要的配置的文件的configmap,在部署kibana时,我们映射到pod中。在配置文件中,定义了kibana的服务名称,服务主机地址,最重要的是,配置elasticsearch的服务路径和端口。注释部分为elasticsearch启用xpack模式后的安全特性,这里不适用。
apiVersion: v1
kind: ConfigMap
metadata:
name: kibana
namespace: kube-logging
data:
kibana.yml: |
server.name: kibana
server.host: "0"
elasticsearch.url: http://elasticsearch.kube-logging.svc.cluster.local:9200
#elasticsearch.username: elastic
#elasticsearch.password: changeme
#xpack.monitoring.ui.container.elasticsearch.enabled: true
创建kibana的deployment和service
---
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-kibana
name: kubernetes-kibana
namespace: kube-logging
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
k8s-app: kubernetes-kibana
template:
metadata:
labels:
k8s-app: kubernetes-kibana
spec:
containers:
- name: kubernetes-elasticsearch
ports:
- name: kibana-web
containerPort: 5601
protocol: TCP
volumeMounts:
- name: config
mountPath: /usr/share/kibana/config/kibana.yml
subPath: kibana.yml
volumes:
- name: config
configMap:
name: kibana
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-kibana
name: kibana
namespace: kube-logging
spec:
type: ClusterIP
clusterIP: 10.254.0.203
ports:
- name: kibana-web
port: 5601
targetPort: 5601
selector:
k8s-app: kubernetes-kibana
说明:在执行下面命令前,需要先配置k8s的nginx ingress。可以参照《12-A-接入点-nginx ingress》。我们发布域名为kibana.k8s.com的虚拟主机为kibana的虚拟主机,内部服务为kibana,服务端口为5601.
创建RBAC
创建名为fluentd的服务账户,并赋予账户apiGroups的全部权限和获取pods资源,以及可以执行get、list和watch命令。
apiVersion: v1
kind: ServiceAccount
metadata:
name: fluentd
namespace: kube-logging
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: fluentd
rules:
- apiGroups:
- ""
resources:
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: fluentd
roleRef:
kind: ClusterRole
name: fluentd
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: fluentd
namespace: kube-logging
apiVersion: v1
kind: ConfigMap
metadata
name: fluentd
namespace: kube-logging
data:
fluent.conf: |
@include kubernetes.conf
<match **>
type elasticsearch
log_level info
include_tag_key true
host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}"
port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}"
scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'http'}"
user "#{ENV['FLUENT_ELASTICSEARCH_USER']}"
password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}"
reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'true'}"
logstash_prefix "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX'] || 'logstash'}"
logstash_format true
buffer_chunk_limit 2M
buffer_queue_limit 32
flush_interval 5s
max_retry_wait 30
disable_retry_limit
num_threads 8