1. 使用eventroute监控K8S事件
1.1 介绍eventroute:
我们平时排查K8S的容器故障,最常用的两个命令一般就是:
•
kubectl describe:一般用于容器还没有启动,处于pending状态等。可以通过这个命令来查看容器是否无法调度,是否因为镜像服务下载,是否是因为挂载了volume,但是无法找到volume等原因;
•
kubectl logs -f :实时查看容器的业务日志,对于部分容器启动之后就自动重启,通过这个命令一般可以查到原因。比如java应用启动之后无法连接到数据库就会报错,然后不停的重启等;
•
eventroute部署架构:我们使用kubectl get events -n 命名空间,可以查看k8s发生的时间,但是这个事件是存储在etcd数据库中,默认只存储了1个小时的内容。如果想看1个小时之前的事件,就得把这个事件收集到ELK日志平台;目前我这边采用的架构是,通过开源组件eventrouter来收集此事件,将此容器部署到kube-system命名空间,通过创建SA账户和clusterrolebinding RBAC授权,让eventrouter能够收集所有的deployment pod service等变更的事件。然后通过在同一个POD中运行filebeat容器,将这些事件发送到kafka集群,再有logstash负责转发到ES集群,最后在kibana展示。
1.2 eventrouter部署
我们通过清单文件来部署eventroute,部署的清单文件内容如下:
vim eventroutenew.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: eventrouter
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: eventrouter
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: eventrouter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: eventrouter
subjects:
- kind: ServiceAccount
name: eventrouter
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: eventrouter-cm
namespace: kube-system
data:
config.json: |-
{
"sink": "glog"
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: eventroute-filebeat-config
namespace: kube-system
data:
filebeat.yml: |-
filebeat.prospectors:
- input_type: log
encoding: utf-8
fields:
logtopic: eventrouter
enabled: true
paths:
- "/data/log/eventrouter/*"
multiline.pattern: '^\{'
multiline.negate: true
multiline.match: after
tail_files: false
ignore_older: 24h
output.kafka:
hosts: ["10.10.0.178:9092", "10.10.0.106:9092", "10.10.0.211:9092"]
topic: "kafkalogs-%{[fields.logtopic]}"
partition.hash:
reachable_only: true
required_acks: 1
compression: gzip
max_message_bytes: 1000000
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: eventrouter
namespace: kube-system
labels:
app: eventrouter
spec:
replicas: 1
selector:
matchLabels:
app: eventrouter
template:
metadata:
labels:
app: eventrouter
tier: control-plane-addons
spec:
initContainers:
- name: init-log-dir
image: busybox
command:
- "/bin/sh"
args:
- "-c"
- "chmod 777 -R /data/log/eventrouter"
volumeMounts:
- name: log-path
mountPath: /data/log/eventrouter
containers:
- name: kube-eventrouter
image: baiyongjie/eventrouter:v0.2
command:
- "/bin/sh"
args:
- "-c"
- "/eventrouter -v 3 -log_dir /data/log/eventrouter"
volumeMounts:
- name: eventrouter-cm
mountPath: /etc/eventrouter
- name: log-path
mountPath: /data/log/eventrouter
- name: filebeat
image: 10.10.0.25:31000/system/filebeat:5.4.0
command:
- "/bin/sh"
args:
- "-c"
- "filebeat -c /etc/filebeat/filebeat.yml"
volumeMounts:
- name: eventroute-filebeat-config
mountPath: /etc/filebeat/
- name: log-path
mountPath: /data/log/eventrouter
serviceAccount: eventrouter
volumes:
- name: eventrouter-cm
configMap:
name: eventrouter-cm
- name: eventroute-filebeat-config
configMap:
name: eventroute-filebeat-config
- name: log-path
hostPath:
path: /data/logs/kube-system/eventrouter
"sink": "glog" 注意这里的参数一定要是glog,网上有人说改成stdout,我发现改了之后都无法收集日志了,那是因为改了之后日志都打到标准输出了stdout,反而/data/log/eventrouter/eventrouter.INFO文件是空的了
1.3 通过kibana查看eventrouter收集的k8s事件
将eventrouter收集的日志发送到kafka集群之后,然后通过logstash将对应的topic内容发送到ES集群,然后通过kibana展示出日志就可以了;剩下的操作就和我们前期介绍的ELK日志平台的搭建是一样的呢。创建索引模式,查看日志而已了;好了,今天的博文就写到这里了。最近工作有点忙,只能晚上加班抽时间写一点工作总结了。最近在做一些自动化方面的技术研究,后续会将通过ansible-playbook部署ELK日志平台、REDIS集群、MQ集群等公共组件的一些自动化脚本分享出来给大家共同学习,也期望大家持续关注我的技术博客《云时代IT运维》
