K8S 日誌收集（一）：在K8S建立fluentd的ds

下載fluentd 的images

https://hub.docker.com/r/fluent/fluentd-kubernetes-daemonset/

docker pull 192.168.19.111/baseimages/fluentd-kubernetes-daemonset:v0.12-alpine-elasticsearch

因爲鏡像沒有kafka插件修改鏡像，dockerfile文件以下

FROM 192.168.19.111/baseimages/fluentd-kubernetes-daemonset:v0.12-alpine-elasticsearch
RUN gem install  fluent-plugin-kafka
COPY fluent.conf /fluentd/etc/fluent.conf
ENTRYPOINT ["fluentd","-c","/fluentd/etc/fluent.conf","-p","/fluentd/plugins"]

最後生成鏡像：192.168.19.111/baseimages/fluentd:201803101322

建立fluentd的yaml文件：

因爲fluentd要從kube-apiserver抓取鏡像的相關信息，因此必須配置sa
sa文件：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluentd-es
  namespace: kube-system
  labels:
    k8s-app: fluentd-es
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

建立ClusterRole文件：

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: fluentd-es
  labels:
    k8s-app: fluentd-es
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups:
  - ""
  resources:
  - "namespaces"
  - "pods"
  verbs:
  - "get"
  - "watch"
  - "list"

建立ClusterRoleBinding角色綁定文件

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: fluentd-es
  labels:
    k8s-app: fluentd-es
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
subjects:
- kind: ServiceAccount
  name: fluentd-es
  namespace: kube-system
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: fluentd-es
  apiGroup: ""

建立cm配置文件

kind: ConfigMap
apiVersion: v1
metadata:
  name: fluentd-config
  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
data:
  fluent.conf: |-
    <source>     
      @type tail
      path /var/log/containers/*.log
      pos_file /var/log/fluentd-containers.log.pos
      time_format %Y-%m-%dT%H:%M:%S.%NZ
      tag kubernetes.*
      format json
    </source>
    <filter kubernetes.**>
       @type kubernetes_metadata
    </filter>
    <match **>
      @type               kafka_buffered
      brokers             192.168.7.204:9092,192.168.7.204:9093,192.168.7.204:9094
      output_data_type    json
      default_topic       test-panjunbai
      compression_codec   gzip
      required_acks       1
    </match>

建立ds文件（因爲/var/log/containers能被fluentd和kube-apiserver鏈接作處理，必須掛載/var/log/containers的軟件目的地文件路徑）

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: fluentd-ds
  namespace: kube-system
  labels:
    k8s-app: fluentd
    kubernetes.io/cluster-service: "true"
spec:
  selector:
    matchLabels:
      k8s-app: fluentd
  template:
    metadata:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
      labels:
        k8s-app: fluentd
        kubernetes.io/cluster-service: "true"
    spec:
      serviceAccountName: fluentd-es
      containers:
      - name: fluentd-ds
        image: 192.168.19.111/baseimages/fluentd:201803101322
        resources:
          limits:
            memory: 500Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - mountPath: /var/log
          name: varlog
        - mountPath: /fluentd/etc
          name: fluentd-cm
        - name: tz-config
          mountPath: /etc/localtime
        - name: real-dir
          mountPath: /opt/docker/containers
      terminationGracePeriodSeconds: 30
      volumes:
      - name: real-dir
        hostPath:
          path: /opt/docker/containers
      - name: varlog
        hostPath:
          path: /var/log
      - configMap:
          defaultMode: 420
          items:
          - key: fluent.conf
            path: fluent.conf
          name: fluentd-config
        name: fluentd-cm
      - name: tz-config
        hostPath:
          path: /usr/share/zoneinfo/Asia/Shanghai

https://docs.fluentd.org/v0.12/articles/kubernetes-fluentd
https://github.com/fluent/fluent-plugin-kafka
https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter
https://kubernetes.io/docs/concepts/cluster-administration/logging/