朔州建设机械网站,营销网站建设套餐,如何伪原创 网站,WordPress发文章同步一、概述 本文主要介绍观测云对 Serverless 容器内日志采集的最佳实践#xff0c;通过观测云 CRDDataKit Operator 注入 logfwd sidecar 的方式实现采集#xff0c;方案主要特点如下#xff1a; 集中管理采集配置#xff1a;支持监听 Kubernetes ClusterLoggingConfig CR…一、概述本文主要介绍观测云对 Serverless 容器内日志采集的最佳实践通过观测云 CRDDataKit Operator 注入 logfwd sidecar 的方式实现采集方案主要特点如下集中管理采集配置支持监听 Kubernetes ClusterLoggingConfig CRD并暴露匹配结果供 logfwd sidecar 轮询获取sidecar 默认每 60 秒向 Operator 发起 HTTP 请求logfwd 需 ≥ 1.86.0。热更新 精细匹配CRD selectorNamespace/Pod/Label/Container随改随生效无需重建 Workload。二、前置条件Kubernetes 集群版本 1.16安装 DataKit 并开启logfwdserver采集器例如默认监听端口是9533DataKit service 需要开放9533端口使得其他 Pod 能访问datakit-service.datakit.svc:9533DataKit-Operator v1.7.0 以及以上版本集群管理员权限用于注册 CRD三、采集流程1. 注册 Kubernetes CRD使用以下 YAML 注册 ClusterLoggingConfig CRDapiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterloggingconfigs.logging.datakits.io labels: app: datakit-logging-config version: v1alpha1 spec: group: logging.datakits.io versions: - name: v1alpha1 served: true storage: true schema: openAPIV3Schema: type: object properties: apiVersion: type: string kind: type: string metadata: type: object spec: type: object required: - selector properties: selector: type: object properties: namespaceRegex: type: string podRegex: type: string podLabelSelector: type: string containerRegex: type: string podTargetLabels: type: array items: type: string configs: type: array items: type: object required: - source - type properties: source: type: string type: type: string disable: type: boolean path: type: string multiline_match: type: string pipeline: type: string storage_index: type: string tags: type: object additionalProperties: type: string scope: Cluster names: plural: clusterloggingconfigs singular: clusterloggingconfig kind: ClusterLoggingConfig shortNames: - logging创建 CRD 资源自动应用采集配置kubectl apply -f clusterloggingconfig-crd.yaml验证 CRD 注册kubectl get crd clusterloggingconfigs.logging.datakits.io2. 安装配置 DataKit-Operator安装 DataKit-Operator v1.7.0 及以上版本可通过命令 kubectl apply -f datakit-operator.yaml 安装最新的 datakit-operator.yaml 即可带上必要权限或参考下列最小示例apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: datakit-operator rules: - apiGroups: [logging.datakits.io] resources: [clusterloggingconfigs] verbs: [get, list, watch] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: datakit-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: datakit-operator subjects: - kind: ServiceAccount name: datakit-operator namespace: datakit --- apiVersion: v1 kind: ServiceAccount metadata: name: datakit-operator namespace: datakit --- apiVersion: apps/v1 kind: Deployment metadata: name: datakit-operator namespace: datakit labels: app: datakit-operator spec: replicas: 1 # Do not change the ReplicaSet number! selector: matchLabels: app: datakit-operator template: metadata: labels: app: datakit-operator spec: serviceAccountName: datakit-operator containers: - name: operator # other..如下图在 DataKit-Operator 配置中设置 logfwds 数组主要配置 namespace_selectors/label_selectors 匹配规则和 log_volume_paths 挂载目录字段namespace_selectors 和 label_selectors 为且的关系。3. DataKit Deployment 部署在超级节点集群安装部署 Deployment 类型的 DataKit主要注意资源类型副本logfwdserver 采集器开关以及 Deployment 的更新策略修改如下apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: datakit rules: - apiGroups: [rbac.authorization.k8s.io] resources: [clusterroles] verbs: [get, list, watch] - apiGroups: [] resources: [nodes, nodes/stats, nodes/metrics, namespaces, pods, pods/log, events, services, endpoints, persistentvolumes, persistentvolumeclaims, pods/exec] verbs: [get, list, watch] - apiGroups: [apps] resources: [deployments, daemonsets, statefulsets, replicasets] verbs: [get, list, watch] - apiGroups: [batch] resources: [jobs, cronjobs] verbs: [ get, list, watch] - apiGroups: [monitoring.coreos.com] resources: [podmonitors, servicemonitors] verbs: [get, list, watch] - apiGroups: [logging.datakits.io] resources: [clusterloggingconfigs] verbs: [get, list, watch] - apiGroups: [metrics.k8s.io] resources: [pods, nodes] verbs: [get, list] - nonResourceURLs: [/metrics] verbs: [get] --- apiVersion: v1 kind: ServiceAccount metadata: name: datakit namespace: datakit --- apiVersion: v1 kind: Service metadata: name: datakit-service namespace: datakit spec: selector: app: daemonset-datakit ports: - name: svc-http-port protocol: TCP # for HTTP apis and some collector(inputs) HTTP server, such as DDTrace port: 9529 targetPort: http-port - name: svc-statsd-port protocol: UDP port: 8125 targetPort: statsd-port - name: svc-otel-grpc-port protocol: TCP port: 4317 targetPort: otel-grpc-port - name: svc-logfwd-port protocol: TCP port: 9533 targetPort: logfwd-port --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: datakit roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: datakit subjects: - kind: ServiceAccount name: datakit namespace: datakit --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: daemonset-datakit name: datakit namespace: datakit spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: daemonset-datakit template: metadata: labels: app: daemonset-datakit spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ENV_K8S_NODE_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: ENV_K8S_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName #- name: ENV_K8S_CLUSTER_NODE_NAME # value: cluster_a_$(ENV_K8S_NODE_NAME) - name: ENV_DATAWAY value: https://openway.guance.com?tokentkn_3a0052c9f6d3498c8ce9ca0988fd9c82 # Fill your real Dataway server and(or) workspace token - name: ENV_CLUSTER_NAME_K8S value: lyr-test - name: ENV_GLOBAL_HOST_TAGS value: host__datakit_hostname,host_ip__datakit_ip - name: ENV_GLOBAL_ELECTION_TAGS # Default not set value: - name: ENV_DEFAULT_ENABLED_INPUTS value: statsd,dk,cpu,disk,diskio,mem,swap,system,hostobject,net,host_processes,container,kubernetesprometheus,logfwdserver,ddtrace - name: ENV_ENABLE_ELECTION value: enable - name: ENV_HTTP_LISTEN value: 0.0.0.0:9529 - name: HOST_PROC value: /rootfs/proc - name: HOST_SYS value: /rootfs/sys - name: HOST_ETC value: /rootfs/etc - name: HOST_VAR value: /rootfs/var - name: HOST_RUN value: /rootfs/run - name: HOST_DEV value: /rootfs/dev - name: HOST_ROOT value: /rootfs image: pubrepo.guance.com/datakit/datakit:1.86.2 imagePullPolicy: IfNotPresent name: datakit ports: - containerPort: 9529 hostPort: 9529 name: http-port protocol: TCP - containerPort: 8125 hostPort: 8125 name: statsd-port protocol: UDP - containerPort: 4317 hostPort: 4317 name: otel-grpc-port protocol: TCP - containerPort: 9533 hostPort: 9533 name: logfwd-port protocol: TCP resources: requests: cpu: 200m memory: 128Mi limits: cpu: 2000m memory: 4Gi securityContext: privileged: true volumeMounts: - mountPath: /usr/local/datakit/cache name: cache readOnly: false - mountPath: /rootfs name: rootfs mountPropagation: HostToContainer - mountPath: /var/run name: run mountPropagation: HostToContainer - mountPath: /sys/kernel/debug name: debugfs - mountPath: /var/lib/containerd/container_logs name: container-logs mountPropagation: HostToContainer hostIPC: true hostPID: true restartPolicy: Always serviceAccount: datakit serviceAccountName: datakit tolerations: - operator: Exists volumes: - configMap: name: datakit-conf name: datakit-conf # - name: hellopythond # configMap: # name: python-scripts - hostPath: path: / name: rootfs - hostPath: path: /var/run name: run - hostPath: path: /sys/kernel/debug name: debugfs - hostPath: path: /root/datakit_cache name: cache - hostPath: path: /var/lib/containerd/container_logs name: container-logs # # ---iploc-start #- emptyDir: {} # name: datakit-ipdb # # ---iploc-end strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate安装部署执行kubectl apply -f datakit.yaml4. 创建日志 CRD 采集配置对应采集配置如下,该采集配置用于采集 default 工作空间 demo 业务的容器内日志容器内日志来源 source 自定义命名为 demo-file更多配置参考链接 https://docs.guance.com/integrations/container-log-for-k8s-crd/#configuration-detailsapiVersion: logging.datakits.io/v1alpha1 kind: ClusterLoggingConfig metadata: name: demo-logs spec: selector: namespaceRegex: ^(default)$ podRegex: ^(deploy.*)$ podLabelSelector: appdemo podTargetLabels: - app - version - enviroment configs: - source: demo-file type: file path: /data/logs/server/server.log tags: log_type: server component: springboot-server应用配置kubectl apply -f logging-config.yaml5. 查看日志上报首次需重启业务在 DataKit 容器内通过“datakit monitor”命令查看日志上报容器内日志如下图数据成功上报到观测云在观测云控制台筛选相关 source 为demo-file即可查看并可以查看到 CRD 配置的相关字段展示