K8S監控實戰-ELK收集K8S内應用日志
目錄
-
- 1 收集K8S日志方案
-
-
- 1.1 傳統ELk模型缺點:
- 1.2 K8s容器日志收集模型
-
-
- 2 制作tomcat底包
-
-
- 2.1 準備tomcat底包
-
-
-
-
- 2.1.1 下載下傳tomcat8
- 2.1.2 簡單配置tomcat
-
-
-
-
- 2.2 準備docker鏡像
-
-
-
-
- 2.2.1 建立dockerfile
- 2.2.2 準備dockerfile所需檔案
- 2.2.3 建構docker
-
-
-
- 3 部署ElasticSearch
-
-
- 3.1 安裝ElasticSearch
-
-
-
-
- 3.1.1 下載下傳二進制包
- 3.1.2 配置elasticsearch.yml
-
-
-
-
- 3.2 優化其他設定
-
-
-
-
- 3.2.1 設定jvm參數
- 3.2.2 建立普通使用者
- 3.2.3 調整檔案描述符
- 3.2.4 調整核心參數
-
-
-
-
- 3.3 啟動ES
-
-
-
-
- 3.3.1 啟動es服務
- 3.3.1 調整ES日志模闆
-
-
-
- 4 部署kafka和kafka-manager
-
-
- 4.1 但節點安裝kafka
-
-
-
-
- 4.1.1 下載下傳包
- 4.1.2 修改配置
- 4.1.3 啟動kafka
-
-
-
-
- 4.2 擷取kafka-manager的docker鏡像
-
-
-
-
- 4.2.1 方法一 通過dockerfile擷取
- 4.2.2 直接下載下傳docker鏡像
- 4.3 部署kafka-manager
-
-
-
-
- 4.3.1 準備dp清單
-
-
-
-
- 4.3.2 準備svc資源清單
- 4.3.3 準備ingress資源清單
- 4.3.4 應用資源配置清單
- 4.3.5 解析域名
- 4.3.6 浏覽器通路
-
-
-
- 5 部署filebeat
-
-
- 5.1 制作docker鏡像
-
-
-
-
- 5.1.1 準備Dockerfile
- 5.1.2 準備filebeat配置檔案
- 5.1.3 準備啟動腳本
- 5.1.4 建構鏡像
-
-
-
-
- 5.2 以邊車模式運作POD
-
-
-
-
- 5.2.1 準備資源配置清單
- 5.2.2 應用資源清單
-
-
-
-
- 5.2.3 驗證
-
-
- 6 部署logstash
-
-
- 6.1 準備docker鏡像
-
-
-
-
- 6.1.1 下載下傳官方鏡像
- 6.1.2 準備配置檔案
-
-
-
-
- 6.2 啟動logstash
-
-
-
-
- 6.2.1 啟動測試環境的logstash
- 6.2.2 檢視es是否接收資料
- 6.2.3 啟動正式環境的logstash
-
-
-
- 7 部署Kibana
-
-
- 7.1 準備相關資源
-
-
-
-
- 7.1.1 準備docker鏡像
- 7.1.3 準備dp資源清單
- 7.1.4 準備svc資源清單
- 7.1.5 準備ingress資源清單
-
-
-
-
- 7.2 應用資源
-
-
-
-
- 7.2.1 應用資源配置清單
- 7.2.2 解析域名
- 7.2.3 浏覽器通路
-
-
-
-
- 7.3 kibana的使用
-
K8s系統裡的業務應用是高度“動态化”的,随着容器編排的進行,業務容器在不斷的被建立、被摧毀、被漂移、被擴縮容…
我們需要這樣一套日志收集、分析的系統:
- 收集 – 能夠采集多種來源的日志資料(流式日志收集器)
- 傳輸 – 能夠穩定的把日志資料傳輸到中央系統(消息隊列)
- 存儲 – 可以将日志以結構化資料的形式存儲起來(搜尋引擎)
- 分析 – 支援友善的分析、檢索方法,最好有GUI管理系統(web)
- 警告 – 能夠提供錯誤報告,監控機制(監控系統)
- Logstash使用Jruby語言開發,吃資源,大量部署消耗極高
- 業務程式與logstash耦合過松,不利于業務遷移
- 日志收集與ES耦合又過緊,(Logstash)易打爆(ES)、丢資料
- 在容器雲環境下,傳統ELk模型難以完成工作
cd /opt/src/
wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.50/bin/apache-tomcat-8.5.50.tar.gz
mkdir /data/dockerfile/tomcat
tar xf apache-tomcat-8.5.50.tar.gz -C /data/dockerfile/tomcat
cd /data/dockerfile/tomcat 删除自帶網頁
rm -rf apache-tomcat-8.5.50/webapps/* 關閉AJP端口
tomcat]# vim apache-tomcat-8.5.50/conf/server.xml
<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> --> 修改日志類型
删除3manager,4host-manager的handlers
tomcat]# vim apache-tomcat-8.5.50/conf/logging.properties
handlers = [1catalina.org.apache.juli.AsyncFileHandler](http://1catalina.org.apache.juli.asyncfilehandler/), [2localhost.org.apache.juli.AsyncFileHandler](http://2localhost.org.apache.juli.asyncfilehandler/), java.util.logging.ConsoleHandler 日志級别改為INFO
1catalina.org.apache.juli.AsyncFileHandler.level = INFO
2localhost.org.apache.juli.AsyncFileHandler.level = INFO
java.util.logging.ConsoleHandler.level = INFO 注釋所有關于3manager,4host-manager日志的配置
#3manager.org.apache.juli.AsyncFileHandler.level = FINE
#3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
#3manager.org.apache.juli.AsyncFileHandler.prefix = manager.
#3manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8
#4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
#4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
#4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.
#4host-manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8 cat >Dockerfile <<'EOF'
From harbor.od.com/public/jre:8u112
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
echo 'Asia/Shanghai' >/etc/timezone
ENV CATALINA_HOME /opt/tomcat
ENV LANG zh_CN.UTF-8
ADD apache-tomcat-8.5.50/ /opt/tomcat
ADD config.yml /opt/prom/config.yml
ADD jmx_javaagent-0.3.1.jar /opt/prom/jmx_javaagent-0.3.1.jar
WORKDIR /opt/tomcat
ADD entrypoint.sh /entrypoint.sh
CMD ["/bin/bash","/entrypoint.sh"]
EOF JVM監控所需jar包
wget -O jmx_javaagent-0.3.1.jar https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.3.1/jmx_prometheus_javaagent-0.3.1.jar jmx_agent讀取的配置檔案
cat >config.yml <<'EOF'
---
rules:
- pattern: '.*'
EOF 容器啟動腳本
cat >entrypoint.sh <<'EOF'
#!/bin/bash
M_OPTS="-Duser.timezone=Asia/Shanghai -javaagent:/opt/prom/jmx_javaagent-0.3.1.jar=$(hostname -i):${M_PORT:-"12346"}:/opt/prom/config.yml" # Pod ip:port 監控規則傳給jvm監控用戶端
C_OPTS=${C_OPTS} # 啟動追加參數
MIN_HEAP=${MIN_HEAP:-"128m"} # java虛拟機初始化時的最小記憶體
MAX_HEAP=${MAX_HEAP:-"128m"} # java虛拟機初始化時的最大記憶體
JAVA_OPTS=${JAVA_OPTS:-"-Xmn384m -Xss256k -Duser.timezone=GMT+08 -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled -XX:+UseCMSCompactAtFullCollection -XX:CMSFullGCsBeforeCompaction=0 -XX:+CMSClassUnloadingEnabled -XX:LargePageSizeInBytes=128m -XX:+UseFastAccessorMethods -XX:+UseCMSInitiatingOccupancyOnly -XX:CMSInitiatingOccupancyFraction=80 -XX:SoftRefLRUPolicyMSPerMB=0 -XX:+PrintClassHistogram -Dfile.encoding=UTF8 -Dsun.jnu.encoding=UTF8"} # 年輕代,gc回收
CATALINA_OPTS="${CATALINA_OPTS}"
JAVA_OPTS="${M_OPTS} ${C_OPTS} -Xms${MIN_HEAP} -Xmx${MAX_HEAP} ${JAVA_OPTS}"
sed -i -e "1a\JAVA_OPTS=\"$JAVA_OPTS\"" -e "1a\CATALINA_OPTS=\"$CATALINA_OPTS\"" /opt/tomcat/bin/catalina.sh
cd /opt/tomcat && /opt/tomcat/bin/catalina.sh run 2>&1 >> /opt/tomcat/logs/stdout.log # 日志檔案
EOF docker build . -t harbor.zq.com/base/tomcat:v8.5.50
docker push harbor.zq.com/base/tomcat:v8.5.50 官網 官方github位址 下載下傳位址
部署
HDSS7-12.host.com
上:
cd /opt/src
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.8.6.tar.gz
tar xf elasticsearch-6.8.6.tar.gz -C /opt/
ln -s /opt/elasticsearch-6.8.6/ /opt/elasticsearch
cd /opt/elasticsearch mkdir -p /data/elasticsearch/{data,logs}
cat >config/elasticsearch.yml <<'EOF'
cluster.name: es.zq.com
node.name: hdss7-12.host.com
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 10.4.7.12
http.port: 9200
EOF elasticsearch]# vi config/jvm.options
# 根據環境設定,-Xms和-Xmx設定為相同的值,推薦設定為機器記憶體的一半左右
-Xms512m
-Xmx512m useradd -s /bin/bash -M es
chown -R es.es /opt/elasticsearch-6.8.6
chown -R es.es /data/elasticsearch/ vim /etc/security/limits.d/es.conf
es hard nofile 65536
es soft fsize unlimited
es hard memlock unlimited
es soft memlock unlimited sysctl -w vm.max_map_count=262144
echo "vm.max_map_count=262144" > /etc/sysctl.conf
sysctl -p ]# su -c "/opt/elasticsearch/bin/elasticsearch -d" es
]# netstat -luntp|grep 9200
tcp6 0 0 10.4.7.12:9200 :::* LISTEN 16784/java curl -XPUT http://10.4.7.12:9200/_template/k8s -d '{
"template" : "k8s*",
"index_patterns": ["k8s*"],
"settings": {
"number_of_shards": 5,
"number_of_replicas": 0 # 生産為3份副本集,本es為單節點,不能配置副本集
}
}' HDSS7-11.host.com
cd /opt/src
wget https://archive.apache.org/dist/kafka/2.2.0/kafka_2.12-2.2.0.tgz
tar xf kafka_2.12-2.2.0.tgz -C /opt/
ln -s /opt/kafka_2.12-2.2.0/ /opt/kafka
cd /opt/kafka mkdir /data/kafka/logs -p
cat >config/server.properties <<'EOF'
log.dirs=/data/kafka/logs
zookeeper.connect=localhost:2181 # zk消息隊列位址
log.flush.interval.messages=10000
log.flush.interval.ms=1000
delete.topic.enable=true
host.name=hdss7-11.host.com
EOF bin/kafka-server-start.sh -daemon config/server.properties
]# netstat -luntp|grep 9092
tcp6 0 0 10.4.7.11:9092 :::* LISTEN 34240/java 源碼下載下傳位址
運維主機
HDSS7-200.host.com
kafka-manager是kafka的一個web管理頁面,非必須
1 準備Dockerfile
cat >/data/dockerfile/kafka-manager/Dockerfile <<'EOF'
FROM hseeberger/scala-sbt
ENV ZK_HOSTS=10.4.7.11:2181 \
KM_VERSION=2.0.0.2
RUN mkdir -p /tmp && \
cd /tmp && \
wget https://github.com/yahoo/kafka-manager/archive/${KM_VERSION}.tar.gz && \
tar xxf ${KM_VERSION}.tar.gz && \
cd /tmp/kafka-manager-${KM_VERSION} && \
sbt clean dist && \
unzip -d / ./target/universal/kafka-manager-${KM_VERSION}.zip && \
rm -fr /tmp/${KM_VERSION} /tmp/kafka-manager-${KM_VERSION}
WORKDIR /kafka-manager-${KM_VERSION}
EXPOSE 9000
ENTRYPOINT ["./bin/kafka-manager","-Dconfig.file=conf/application.conf"]
EOF 2 制作docker鏡像
cd /data/dockerfile/kafka-manager
docker build . -t harbor.od.com/infra/kafka-manager:v2.0.0.2
(漫長的過程)
docker push harbor.zq.com/infra/kafka-manager:latest 建構過程極其漫長,大機率會失敗,是以可以通過第二種方式下載下傳建構好的鏡像
但建構好的鏡像寫死了zk位址,要注意傳入變量修改zk位址
鏡像下載下傳位址
docker pull sheepkiller/kafka-manager:latest
docker images|grep kafka-manager
docker tag 4e4a8c5dabab harbor.zq.com/infra/kafka-manager:latest
docker push harbor.zq.com/infra/kafka-manager:latest mkdir /data/k8s-yaml/kafka-manager
cd /data/k8s-yaml/kafka-manager cat >deployment.yaml <<'EOF'
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: kafka-manager
namespace: infra
labels:
name: kafka-manager
spec:
replicas: 1
selector:
matchLabels:
name: kafka-manager
template:
metadata:
labels:
app: kafka-manager
name: kafka-manager
spec:
containers:
- name: kafka-manager
image: harbor.zq.com/infra/kafka-manager:latest
ports:
- containerPort: 9000
protocol: TCP
env:
- name: ZK_HOSTS
value: zk1.od.com:2181
- name: APPLICATION_SECRET
value: letmein
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: harbor
restartPolicy: Always
terminationGracePeriodSeconds: 30
securityContext:
runAsUser: 0
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600
EOF cat >service.yaml <<'EOF'
kind: Service
apiVersion: v1
metadata:
name: kafka-manager
namespace: infra
spec:
ports:
- protocol: TCP
port: 9000
targetPort: 9000
selector:
app: kafka-manager
EOF cat >ingress.yaml <<'EOF'
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: kafka-manager
namespace: infra
spec:
rules:
- host: km.zq.com
http:
paths:
- path: /
backend:
serviceName: kafka-manager
servicePort: 9000
EOF 任意一台運算節點上:
kubectl apply -f http://k8s-yaml.od.com/kafka-manager/deployment.yaml
kubectl apply -f http://k8s-yaml.od.com/kafka-manager/service.yaml
kubectl apply -f http://k8s-yaml.od.com/kafka-manager/ingress.yaml HDSS7-11.host.com
上
~]# vim /var/named/zq.com.zone
km A 10.4.7.10
~]# systemctl restart named
~]# dig -t A km.od.com @10.4.7.11 +short
10.4.7.10 http://km.zq.com
添加叢集
檢視叢集資訊
官方下載下傳位址
HDSS7-200.host.com
mkdir /data/dockerfile/filebeat
cd /data/dockerfile/filebeat cat >Dockerfile <<'EOF'
FROM debian:jessie
# 如果更換版本,需在官網下載下傳同版本LINUX64-BIT的sha替換FILEBEAT_SHA1
ENV FILEBEAT_VERSION=7.5.1 \ FILEBEAT_SHA1=daf1a5e905c415daf68a8192a069f913a1d48e2c79e270da118385ba12a93aaa91bda4953c3402a6f0abf1c177f7bcc916a70bcac41977f69a6566565a8fae9c
RUN set -x && \
apt-get update && \
apt-get install -y wget && \
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-linux-x86_64.tar.gz -O /opt/filebeat.tar.gz && \
cd /opt && \
echo "${FILEBEAT_SHA1} filebeat.tar.gz" | sha512sum -c - && \
tar xzvf filebeat.tar.gz && \
cd filebeat-* && \
cp filebeat /bin && \
cd /opt && \
rm -rf filebeat* && \
apt-get purge -y wget && \
apt-get autoremove -y && \
apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
COPY filebeat.yaml /etc/
COPY docker-entrypoint.sh /
ENTRYPOINT ["/bin/bash","/docker-entrypoint.sh"]
EOF cat >/etc/filebeat.yaml << EOF
filebeat.inputs:
- type: log
fields_under_root: true
fields:
topic: logm-PROJ_NAME
paths:
- /logm/*.log
- /logm/*/*.log
- /logm/*/*/*.log
- /logm/*/*/*/*.log
- /logm/*/*/*/*/*.log
scan_frequency: 120s
max_bytes: 10485760
multiline.pattern: 'MULTILINE'
multiline.negate: true
multiline.match: after
multiline.max_lines: 100
- type: log
fields_under_root: true
fields:
topic: logu-PROJ_NAME
paths:
- /logu/*.log
- /logu/*/*.log
- /logu/*/*/*.log
- /logu/*/*/*/*.log
- /logu/*/*/*/*/*.log
- /logu/*/*/*/*/*/*.log
output.kafka:
hosts: ["10.4.7.11:9092"]
topic: k8s-fb-ENV-%{[topic]}
version: 2.0.0 # kafka版本超過2.0,預設寫2.0.0
required_acks: 0
max_message_bytes: 10485760
EOF cat >docker-entrypoint.sh <<'EOF'
#!/bin/bash
ENV=${ENV:-"test"} # 定義日志收集的環境
PROJ_NAME=${PROJ_NAME:-"no-define”} # 定義項目名稱
MULTILINE=${MULTILINE:-"^\d{2}"} # 多行比對,以2個資料開頭的為一行,反之
# 替換配置檔案中的内容
sed -i 's#PROJ_NAME#${PROJ_NAME}#g' /etc/filebeat.yaml
sed -i 's#MULTILINE#${MULTILINE}#g' /etc/filebeat.yaml
sed -i 's#ENV#${ENV}#g' /etc/filebeat.yaml
if [[ "$1" == "" ]]; then
exec filebeat -c /etc/filebeat.yaml
else
exec "$@"
fi
EOF docker build . -t harbor.od.com/infra/filebeat:v7.5.1
docker push harbor.od.com/infra/filebeat:v7.5.1 使用dubbo-demo-consumer的鏡像,以邊車模式運作filebeat
]# vim /data/k8s-yaml/test/dubbo-demo-consumer/deployment.yaml
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: dubbo-demo-consumer
namespace: test
labels:
name: dubbo-demo-consumer
spec:
replicas: 1
selector:
matchLabels:
name: dubbo-demo-consumer
template:
metadata:
labels:
app: dubbo-demo-consumer
name: dubbo-demo-consumer
annotations:
blackbox_path: "/hello?name=health"
blackbox_port: "8080"
blackbox_scheme: "http"
prometheus_io_scrape: "true"
prometheus_io_port: "12346"
prometheus_io_path: "/"
spec:
containers:
- name: dubbo-demo-consumer
image: harbor.zq.com/app/dubbo-tomcat-web:apollo_200513_1808
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 20880
protocol: TCP
env:
- name: JAR_BALL
value: dubbo-client.jar
- name: C_OPTS
value: -Denv=fat -Dapollo.meta=http://config-test.zq.com
imagePullPolicy: IfNotPresent
#--------新增内容--------
volumeMounts:
- mountPath: /opt/tomcat/logs
name: logm
- name: filebeat
image: harbor.zq.com/infra/filebeat:v7.5.1
imagePullPolicy: IfNotPresent
env:
- name: ENV
value: test # 測試環境
- name: PROJ_NAME
value: dubbo-demo-web # 項目名
volumeMounts:
- mountPath: /logm
name: logm
volumes:
- emptyDir: {} #随機在主控端找目錄建立,容器删除時一起删除
name: logm
#--------新增結束--------
imagePullSecrets:
- name: harbor
restartPolicy: Always
terminationGracePeriodSeconds: 30
securityContext:
runAsUser: 0
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
revisionHistoryLimit: 7
progressDeadlineSeconds: 600 任意node節點
kubectl apply -f http://k8s-yaml.od.com/test/dubbo-demo-consumer/deployment.yaml 浏覽器通路
http://km.zq.com,看到kafaka-manager裡,topic打進來,即為成功
進入dubbo-demo-consumer的容器中,檢視logm目錄下是否有日志
kubectl -n test exec -it dobbo...... -c filebeat /bin/bash
ls /logm
# -c參數指定pod中的filebeat容器
# /logm是filebeat容器挂載的目錄 HDSS7-200.host.com
docker pull logstash:6.8.6
docker tag d0a2dac51fcb harbor.od.com/infra/logstash:v6.8.6
docker push harbor.zq.com/infra/logstash:v6.8.6 準備目錄
mkdir /etc/logstash/ 建立test.conf
cat >/etc/logstash/logstash-test.conf <<'EOF'
input {
kafka {
bootstrap_servers => "10.4.7.11:9092"
client_id => "10.4.7.200"
consumer_threads => 4
group_id => "k8s_test" # 為test組
topics_pattern => "k8s-fb-test-.*" # 隻收集k8s-fb-test開頭的topics
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["10.4.7.12:9200"]
index => "k8s-test-%{+YYYY.MM.DD}"
}
}
EOF 建立prod.conf
![Java String.format方法的簡單使用[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)