目的

修改docker 日志模式

首先修改docker 的日志模式为json，对于CentOS使用的yum安装的的docker-1.12，我们需要使用如下进行配置。

修改日志配置文件。如没有则创建 Shell>#vi /etc/docker/daemon.json

        "log-driver": "json-file",
        "log-opts": {
                "max-size": "10m",
                "max-file": "3"
        }
}

部署

apiVersion: v1
kind: Namespace
metadata:
  name: kube-logging

这里使用deployment部署elasticsearch单机应用，同时在k8s群集内发布服务。服务端口为9200和9300。

这里创建kibana启动需要的配置的文件的configmap，在部署kibana时，我们映射到pod中。在配置文件中，定义了kibana的服务名称，服务主机地址，最重要的是，配置elasticsearch的服务路径和端口。注释部分为elasticsearch启用xpack模式后的安全特性，这里不适用。

apiVersion: v1
kind: ConfigMap
metadata:
  name: kibana
  namespace: kube-logging
data:
  kibana.yml: |
    server.name: kibana
    server.host: "0"
    elasticsearch.url: http://elasticsearch.kube-logging.svc.cluster.local:9200
    #elasticsearch.username: elastic
    #elasticsearch.password: changeme
    #xpack.monitoring.ui.container.elasticsearch.enabled: true

创建kibana的deployment和service

---
kind: Deployment
apiVersion: apps/v1beta2
metadata:
  labels:
    k8s-app: kubernetes-kibana
  name: kubernetes-kibana
  namespace: kube-logging
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
      k8s-app: kubernetes-kibana
  template:
    metadata:
      labels:
        k8s-app: kubernetes-kibana
    spec:
      containers:
      - name: kubernetes-elasticsearch
        ports:
        - name: kibana-web
          containerPort: 5601
          protocol: TCP
        volumeMounts:
            - name: config
              mountPath: /usr/share/kibana/config/kibana.yml
              subPath: kibana.yml
      volumes:
      - name: config
        configMap:
          name: kibana
---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-kibana
  name: kibana
  namespace: kube-logging
spec:
  type: ClusterIP
  clusterIP: 10.254.0.203
  ports:
    - name: kibana-web
      port: 5601
      targetPort: 5601
  selector:
    k8s-app: kubernetes-kibana

说明：在执行下面命令前，需要先配置k8s的nginx ingress。可以参照《12-A-接入点-nginx ingress》。我们发布域名为kibana.k8s.com的虚拟主机为kibana的虚拟主机，内部服务为kibana，服务端口为5601.

创建RBAC

创建名为fluentd的服务账户，并赋予账户apiGroups的全部权限和获取pods资源，以及可以执行get、list和watch命令。

apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluentd
  namespace: kube-logging
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: fluentd
rules:
- apiGroups:
  - ""
  resources:
  verbs:
  - get
  - list
  - watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: fluentd
roleRef:
  kind: ClusterRole
  name: fluentd
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: fluentd
  namespace: kube-logging

apiVersion: v1
kind: ConfigMap
metadata
  name: fluentd
  namespace: kube-logging
data:
  fluent.conf: |
    @include kubernetes.conf
    <match **>
       type elasticsearch
       log_level info
       include_tag_key true
       host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}"
       port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}"
       scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'http'}"
       user "#{ENV['FLUENT_ELASTICSEARCH_USER']}"
       password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}"
       reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'true'}"
       logstash_prefix "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX'] || 'logstash'}"
       logstash_format true
       buffer_chunk_limit 2M
       buffer_queue_limit 32
       flush_interval 5s
       max_retry_wait 30
       disable_retry_limit
       num_threads 8

创建DaemonSet