k8s容器環境收集應用日誌到已有的ELK日誌平臺
Tags: k8s環境下的容器日誌收集
K8S環境下面如何收集應用日誌
===
在本文中重點講一下K8S容器環境中如何收集容器的日誌; html
1. 容器日誌收集方案的選擇:
在K8S集羣中,容器的日誌收集方案通常有三種;第一種方案是經過在每個k8s節點安裝日誌收集客戶端軟件,好比fluentd。這種方案很差的一點是應用的日誌必須輸出到標準輸出,而且是經過在每一臺計算節點的/var/log/containers目錄下面的日誌文件,這個日誌文件的名稱是這種格式user-center-765885677f-j68zt_default_user-center-0867b9c2f8ede64cebeb359dd08a6b05f690d50427aa89f7498597db8944cccc.log,文件名稱有不少隨機字符串,很難和容器裏面的應用對應起來。而且在網上看到別人說這個裏面的日誌,對於JAVA的報錯內容沒有多行合併,不過我尚未測試過此方案。 python
第二種方案就是在應用的pods裏面在運行一個sidecar container(邊角容器),這個容器會和應用的容器掛載同一個volume日誌卷。好比這個sidecar容器能夠是filebeat或者flunetd等;這種方案不足之處是部署了sidecar , 因此會消耗資源 , 每一個pod都要起一個日誌收集容器。
第三種方案就是直接將應用的日誌收集到kafka,而後經過kafka再發送到logstash,再處理成json格式的日誌發送到es集羣,最後在kibana展現。我實驗的就是這種方案。經過修改logsbak配置文件實現了日誌直接發送到kafka緩存的功能;下面直接看配置了 git
1. logsbak配置:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<jmxConfigurator/> <!-- 動態加載-->
<property name="log-path" value="/apptestlogs" /> <!-- 統一 /applogs 下面 -->
<property name="app-name" value="test" /> <!-- 應用系統名稱 -->
<property name="filename" value="test-test" /> <!---日誌文件名,默認組件名稱 -->
<property name="dev-group-name" value="test" /> <!-- 開發團隊名稱 -->
<conversionRule conversionWord="traceId" converterClass="org.lsqt.components.log.logback.TraceIdConvert"/>
<!-- 根據實際狀況修改變量 end-->
-<appender name="consoleAppender" class="ch.qos.logback.core.ConsoleAppender">
<!-- 典型的日誌pattern -->
<!-- -<encoder>-->
<!--<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%traceId] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>-->
<!--</encoder>-->
-<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.apache.skywalking.apm.toolkit.log.logback.v1.x.TraceIdPatternLogbackLayout">
<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%tid] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>
</layout>
</encoder>
</appender>
-<appender name="fileAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${log-path}/${app-name}/${filename}.log</file>
-<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>/${log-path}/${app-name}/${filename}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
<maxHistory>15</maxHistory>
<!--用來指定日誌文件的上限大小,例如設置爲300M的話,那麼到了這個值,就會刪除舊的日誌。-->
<timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
<maxFileSize>300MB</maxFileSize>
</timeBasedFileNamingAndTriggeringPolicy>
</rollingPolicy>
<!-- -<encoder>-->
<!--<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%traceId] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>-->
<!--</encoder>-->
-<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.apache.skywalking.apm.toolkit.log.logback.v1.x.TraceIdPatternLogbackLayout">
<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%tid] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>
</layout>
</encoder>
</appender>
<appender name="errorAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${log-path}/${app-name}/${filename}-error.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>/${log-path}/${app-name}/${filename}-error.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
<timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
<maxFileSize>300MB</maxFileSize>
</timeBasedFileNamingAndTriggeringPolicy>
<maxHistory>15</maxHistory>
</rollingPolicy>
<!--<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">-->
<!--<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%traceId] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>-->
<!--</encoder>-->
<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.apache.skywalking.apm.toolkit.log.logback.v1.x.TraceIdPatternLogbackLayout">
<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%tid] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>
</layout>
</encoder>
<filter class="ch.qos.logback.classic.filter.LevelFilter">
<level>ERROR</level>
<onMatch>ACCEPT</onMatch>
<onMismatch>DENY</onMismatch>
</filter>
</appender>
<!-- This example configuration is probably most unreliable under
failure conditions but wont block your application at all -->
<appender name="very-relaxed-and-fast-kafka-appender" class="com.github.danielwegener.logback.kafka.KafkaAppender">
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>[%date{ISO8601}] [%level] %logger{80} [%thread] [%tid] ${dev-group-name} ${app-name} Line:%-3L - %msg%n</pattern>
</encoder>
<topic>elk-stand-sit-fkp-eureka</topic>
<!-- we don't care how the log messages will be partitioned -->
<keyingStrategy class="com.github.danielwegener.logback.kafka.keying.NoKeyKeyingStrategy" />
<!-- use async delivery. the application threads are not blocked by logging -->
<deliveryStrategy class="com.github.danielwegener.logback.kafka.delivery.AsynchronousDeliveryStrategy" />
<!-- each <producerConfig> translates to regular kafka-client config (format: key=value) -->
<!-- producer configs are documented here: https://kafka.apache.org/documentation.html#newproducerconfigs -->
<!-- bootstrap.servers is the only mandatory producerConfig -->
<producerConfig>bootstrap.servers=192.168.1.12:9092,192.168.1.14:9092,192.168.1.15:9092</producerConfig>
<!-- don't wait for a broker to ack the reception of a batch. -->
<producerConfig>acks=0</producerConfig>
<!-- wait up to 1000ms and collect log messages before sending them as a batch -->
<producerConfig>linger.ms=1000</producerConfig>
<!-- even if the producer buffer runs full, do not block the application but start to drop messages -->
<producerConfig>max.block.ms=0</producerConfig>
<!-- define a client-id that you use to identify yourself against the kafka broker -->
<producerConfig>client.id=${HOSTNAME}-${CONTEXT_NAME}-logback-relaxed</producerConfig>
<!-- define All log messages that cannot be delivered fast enough will then immediately go to the fallback appenders -->
<producerConfig>block.on.buffer.full=false</producerConfig>
<!-- this is the fallback appender if kafka is not available. -->
<appender-ref ref="consoleAppender" />
</appender>
<root level="debug">
<appender-ref ref="very-relaxed-and-fast-kafka-appender" />
<appender-ref ref="fileAppender"/>
<appender-ref ref="consoleAppender"/>
<appender-ref ref="errorAppender"/>
</root>
</configuration>
###2. 針對logsbak配置說明:### github
- logsbak直接發送日誌到kafka有幾種方式,一種是異步模式,一種是同步模式。異步模式的意思就是若是kafka由於網絡狀況出現故障,則阻塞發送日誌或者直接將日誌發送到後備存儲,好比後備存儲是發送到日誌文件;同步模式的意思就是即便kafka出現網絡狀況不可達,則就會影響到日誌線程,進而影響到應用的性能。不過這個模式的我沒有測試過;配置以下:
<!-- This example configuration is more restrictive and will try to ensure that every message
is eventually delivered in an ordered fashion (as long the logging application stays alive) -->
<appender name="very-restrictive-kafka-appender" class="com.github.danielwegener.logback.kafka.KafkaAppender">
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
<topic>important-logs</topic>
<!-- ensure that every message sent by the executing host is partitioned to the same partition strategy -->
<keyingStrategy class="com.github.danielwegener.logback.kafka.keying.HostNameKeyingStrategy" />
<!-- block the logging application thread if the kafka appender cannot keep up with sending the log messages -->
<deliveryStrategy class="com.github.danielwegener.logback.kafka.delivery.BlockingDeliveryStrategy">
<!-- wait indefinitely until the kafka producer was able to send the message -->
<timeout>0</timeout>
</deliveryStrategy>
<!-- each <producerConfig> translates to regular kafka-client config (format: key=value) -->
<!-- producer configs are documented here: https://kafka.apache.org/documentation.html#newproducerconfigs -->
<!-- bootstrap.servers is the only mandatory producerConfig -->
<producerConfig>bootstrap.servers=localhost:9092</producerConfig>
<!-- restrict the size of the buffered batches to 8MB (default is 32MB) -->
<producerConfig>buffer.memory=8388608</producerConfig>
<!-- If the kafka broker is not online when we try to log, just block until it becomes available -->
<producerConfig>metadata.fetch.timeout.ms=99999999999</producerConfig>
<!-- define a client-id that you use to identify yourself against the kafka broker -->
<producerConfig>client.id=${HOSTNAME}-${CONTEXT_NAME}-logback-restrictive</producerConfig>
<!-- use gzip to compress each batch of log messages. valid values: none, gzip, snappy -->
<producerConfig>compression.type=gzip</producerConfig>
<!-- Log every log message that could not be sent to kafka to STDERR -->
<appender-ref ref="STDERR"/>
</appender>
經過配置logsbak直接輸出到kafka,而且使用異步模式,就成功的在kibana裏面看到了容器的日誌了; 
redis
博文的更詳細內容請關注個人我的微信公衆號 「雲時代IT運維」,本公衆號旨在共享互聯網運維新技術,新趨勢; 包括IT運維行業的諮詢,運維技術文檔分享。重點關注devops、jenkins、zabbix監控、kubernetes、ELK、各類中間件的使用,好比redis、MQ等;shell和python等運維編程語言;本人從事IT運維相關的工做有十多年。2008年開始專職從事Linux/Unix系統運維工做;對運維相關技術有必定程度的理解。本公衆號全部博文均是個人實際工做經驗總結,基本都是原創博文。我很樂意將我積累的經驗、心得、技術與你們分享交流!但願和你們在IT運維職業道路上一塊兒成長和進步;
相關文章
- 1. 日誌分析平臺ELK之日誌收集器filebeat
- 2. 日誌分析平臺ELK之日誌收集器logstash
- 3. 使用ELK收集k8s集羣日誌
- 4. ELK日誌收集平臺部署
- 5. ELK:日誌收集分析平臺
- 6. ELK 平臺收集Tomcat日誌記錄
- 7. Kubernetes運維之使用ELK Stack收集K8S平臺日誌
- 8. ELK日誌收集環境linux安裝
- 9. ELK日誌收集
- 10. [日誌收集]-ELK
- 更多相關文章...
- • ionic 平臺 - ionic 教程
- • SQLite 日期 & 時間 - SQLite教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章