大家好,我是小碗汤。2021年最后一天,提前祝大家元旦快乐,明年实现财富自由,走上人生巅峰~
Kubernetes 中的资源,例如 Pod、Deployment、Ingress、Service 事件用来指示状态更新或异常。大多数情况下,这些Event会被忽视,它们 1 小时的生命周期,可能会导致丢失重要的事件。它们也不可搜索且无法聚合。
下面用event-exporter将Event导出到ES 用于后续的搜索聚合分析。
实验版本
kubernetes:v1.17.9
kubernetes-event-exporter:v0.9
elasticsearch:7.3.0
部署exporter
这里部署的是kubernetes-event-exporter:github地址[1]
- 克隆仓库代码
git clone https://github.com/opsgenie/kubernetes-event-exporter.git
- 配置01-config.yaml
进到deploy目录,可以看到以下三个yaml文件
# cd kubernetes-event-exporter/deploy/
# ls
00-roles.yaml 01-config.yaml 02-deployment.yaml
其中00-roles.yaml是设置rbac权限
# cat 00-roles.yaml
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: monitoring
name: event-exporter
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-exporter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
namespace: monitoring
name: event-exporter
01-config.yaml,用来配置接收者,默认是输出到标准输出
# cat 01-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-cfg
namespace: monitoring
data:
config.yaml: |
logLevel: error
logFormat: json
route:
routes:
- match:
- receiver: "dump"
receivers:
- name: "dump"
file:
path: "/dev/stdout"
02-deployment.yaml,用来部署具体的Deployment对象:
# cat 02-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: event-exporter
namespace: monitoring
spec:
replicas: 1
template:
metadata:
labels:
app: event-exporter
version: v1
spec:
serviceAccountName: event-exporter
containers:
- name: event-exporter
image: opsgenie/kubernetes-event-exporter:0.9
imagePullPolicy: IfNotPresent
args:
- -conf=/data/config.yaml
volumeMounts:
- mountPath: /data
name: cfg
volumes:
- name: cfg
configMap:
name: event-exporter-cfg
selector:
matchLabels:
app: event-exporter
version: v1
以上三个yaml,我们需要修改01-config.yaml,设置接收者为elasticsearch
# cat 01-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-cfg
namespace: monitoring
data:
config.yaml: |
logLevel: error
logFormat: json
route:
routes:
- match:
- receiver: "dump"
# 与下面的name对应
receivers:
- name: "dump"
# 设置接收者为es
elasticsearch:
hosts:
# es地址
- http://10.1.0.12:9200
index: kube-events
# 索引格式
indexFormat: "kube-events-{2021-12-30}"
useEventID: true
如果ES配置了tls,请参考官方文档[2]设置TLS相关参数。
- 启动event-exporter
依次执行这三个文件
kubectl apply -f 00-roles.yaml
kubectl apply -f 01-config.yaml
kubectl apply -f 02-deployment.yaml
- 查看pod状态
# kubectl -n monitoring get pod
NAME READY STATUS RESTARTS AGE
event-exporter-7cfbbcff69-xxg9t 1/1 Running 0 48m
- 查看ES索引
# curl http://10.1.0.12:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_task_manager Qb6qPAipQZiAb29B8VCJ3Q 1 1 2 0 59.2kb 29.6kb
green open kube-events-2021-12-30 gbrvIqevRAGGjxIbR993mA 1 1 16 0 129kb 56.2kb
green open .kibana_1 mVv0LHetQ1mcGbYnbaF3Fg 1 1 4 0 64.2kb 32.1kb
对接成功,可以看到日志以设定的格式写入到了kube-events-2021-12-30这个index中。
参考资料
[1]github地址: https://github.com/opsgenie/kubernetes-event-exporter
[2]官方文档: https://github.com/opsgenie/kubernetes-event-exporter#elasticsearch