filebeat_daemonset.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
---
# 建立一个filebeat的ns
apiVersion: v1
kind: Namespace
metadata:
name: filebeat-ns
---
# 配置证书
apiVersion: v1
kind: Secret
metadata:
name: filebeat-ca
namespace: filebeat-ns
data:
ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lVWTFIQ3Qyc2RWVU9aeEVVYjhvdzRua1R4K1JBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05ERXlNREFHQTFVRUF4TXBSV3hoYzNScFl5QkRaWEowYVdacFkyRjBaU0JVYjI5c0lFRjFkRzluWlc1bApjbUYwWldRZ1EwRXdIaGNOTWpFd09ERTVNRFl4TXpNNVdoY05NalF3T0RFNE1EWXhNek01V2pBME1USXdNQVlEClZRUURFeWxGYkdGemRHbGpJRU5sY25ScFptbGpZWFJsSUZSdmIyd2dRWFYwYjJkbGJtVnlZWFJsWkNCRFFUQ0MKQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPQzZWUUJoeFBKUUhYMzQrZDdxY21QbgoyMkRvaVV0NUdERjFycEJ3Zm96Nlo4aVp5VHdNUVlncXZJRUJsUGt3MlF6WThObVVIZGg4RSt3c1c1dlFWdEg4CjFqMHFwaTFxZWNuWXpmTUNzVWVlRmVWamtTRjRMK3JYZXl2RFUyWDgvK1Y1YVhxQ2xOeVJXWUpLRFQxejFVZ00KUEQ3enFPWnFjTFVITE54bG9TMW1vYjl6N29Rekw3clRkTW11WEFBTHFwRW4zLzdnTXJHWFhqV0ZNcHNadTFxYQpSWVBqSU9oUzFKY2tyUmVydmV3RWN2bTBud3lCQnpiQWhHRFFoRCszdjdUS0xRQTBNRytwTXlTWmVSQlJPZnJDCkhWcjh4b04yYVF5bCszWWJKMDBKeGJjYlVkNUl6dWtScmVFeFJnWGRtamRKbEd5N1NMY0NwcVBXQVBXaDUya0MKQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRkhRUk1oWmJZVlB4WjlVSUxWU3NGS3dzZ3lUZk1COEdBMVVkSXdRWQpNQmFBRkhRUk1oWmJZVlB4WjlVSUxWU3NGS3dzZ3lUZk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBREFRbTNhaEIxSEVTVWU0dEhiTENKaGN5TG1BZFEzdnNLcSs4Lzk3RGo3Q2cyWUEKam5ucHZJUEpVcWdtalcrYm9JL0N1WmRIN1hjZlNKWlVKdG9TbXFmMk1RQU9QOVEwZXd3aEdlKzhSNmRjYllzNwpHc3crV3drYWRoZ2R1N3JYdTBTSFNBZ0lndWVNVmNyY20xL094cEdhbzlGYWsvWEQyUDV1S3F0N0tsR0dNZVJHCjN6STduc0tQblFMTjRlcjhTR3I5SkJYTEszTGhrNHlGN0Znb05UeXBKVFVlWTRTMEN1bFpsTEhMT3MySXlWTGEKenZ0YUJ4T2l0ZjYycm5ZdjBTWWgxYWkvQXBVZ1NMSjZYd2VMK0xMUmgxSGhQR2hDSnlUUUtobFFxTnRuNmJQdQp1YnVMc2pmcm5VOEZJVHdxZDRiYkFMS3RSY1lNamRZcXYwQkQ4Z2M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: filebeat-ns
data:
node1.logstash.com: <内网证书域名映射的ip>
filebeat.yml: |-
filebeat.config:
inputs:
enabled: true
path: inputs.d/*.yml
#可以实现不重启服务,仅仅在修改配置文件的情况下,让filebeat重新加载配置文件就可以生效
reload.enabled: true
reload.period: 10s
modules:
enabled: false
path: modules.d/*.yml
reload.enabled: true
reload.period: 10s
# ------------------------------ Logstash Output -------------------------------
output.logstash:
# logstash服务ip
hosts: ["node1.logstash.com:5044"]
ssl.certificate_authorities:
- /usr/share/filebeat/ssl/ca.crt
# ================================= Processors =================================
processors:
- drop_fields:
fields: ["log","host","input","agent","ecs"]
ignore_missing: false
# ================================== Logging ===================================
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
logging.metrics.enabled: true
logging.metrics.period: 300s
acc.yml: |-
- type: log
paths:
- /var/log/<服务日志路径>/*/log/acc/acc*.log
fields:
logtype: acc
env: prod
fields_under_root: true
multiline.pattern: ^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.?\d{3})
multiline.negate: true
multiline.match: after
biz.yml: |-
- type: log
paths:
- /var/log/<服务日志路径>/*/log/biz/biz*.log
fields:
logtype: biz
env: prod
fields_under_root: true
multiline.pattern: ^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.?\d{3})
multiline.negate: true
multiline.match: after
debug.yml: |-
- type: log
paths:
- /var/log/<服务日志路径>/*/log/app/debug*.log
fields:
logtype: debug
env: prod
fields_under_root: true
multiline.pattern: ^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.?\d{3})
multiline.negate: true
multiline.match: after
error.yml: |-
- type: log
paths:
- /var/log/<服务日志路径>/*/log/app/error*.log
fields:
logtype: error
env: prod
fields_under_root: true
multiline.pattern: ^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.?\d{3})
multiline.negate: true
multiline.match: after
sql.yml: |-
- type: log
paths:
- /var/log/<服务日志路径>/*/log/sql/sql*.log
fields:
logtype: sql
env: prod
fields_under_root: true
multiline.pattern: ^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.?\d{3})
multiline.negate: true
multiline.match: after
warn.yml: |-
- type: log
paths:
- /var/log/<服务日志路径>/*/log/app/warn*.log
fields:
logtype: warn
env: prod
fields_under_root: true
multiline.pattern: ^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.?\d{3})
multiline.negate: true
multiline.match: after
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
namespace: filebeat-ns
labels:
app: filebeat
spec:
selector:
matchLabels:
app: filebeat
template:
metadata:
labels:
app: filebeat
spec:
# 等待容器进程完全停止,如果在 terminationGracePeriodSeconds 内 (默认 30s) 还未完全停止,就发送 SIGKILL 信号强制杀死进程。
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:7.14.0
env:
- name: LOGSTASH_HOST
valueFrom:
configMapKeyRef:
name: filebeat-config
key: node1.logstash.com
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command: ["/bin/sh","-c"]
# 当前所在路径: /usr/share/filebeat
# 将域名对应映射ip写入hosts文件
args:
- |
echo $LOGSTASH_HOST node1.logstash.com >> /etc/hosts
./filebeat -c ./filebeat.yml
securityContext:
runAsUser: 0
# If using Red Hat OpenShift uncomment this:
#privileged: true
volumeMounts:
- name: config
mountPath: /usr/share/filebeat/filebeat.yml
subPath: filebeat.yml
- name: config
mountPath: /usr/share/filebeat/inputs.d/acc.yml
subPath: acc.yml
- name: config
mountPath: /usr/share/filebeat/inputs.d/biz.yml
subPath: biz.yml
- name: config
mountPath: /usr/share/filebeat/inputs.d/debug.yml
subPath: debug.yml
- name: config
mountPath: /usr/share/filebeat/inputs.d/error.yml
subPath: error.yml
- name: config
mountPath: /usr/share/filebeat/inputs.d/sql.yml
subPath: sql.yml
- name: config
mountPath: /usr/share/filebeat/inputs.d/warn.yml
subPath: warn.yml
- name: filebeat-log
mountPath: /var/log/filebeat
- name: secret
mountPath: /usr/share/filebeat/ssl/ca.crt
# 必须添加subPath, 否则Exiting: error initializing publisher: 1 error: read /usr/share/filebeat/ssl/ca.crt: is a directory reading /usr/share/filebeat/ssl/ca.crt
subPath: ca.crt
- name: var-log
mountPath: /var/log/<服务日志路径>
readOnly: true
- name: data
mountPath: /usr/share/filebeat/data
volumes:
- name: config
configMap:
defaultMode: 0640
name: filebeat-config
- name: secret
secret:
defaultMode: 0640
secretName: filebeat-ca
- name: filebeat-log
hostPath:
path: /var/log/filebeat
type: DirectoryOrCreate
- name: var-log
hostPath:
path: /var/log/<服务日志路径>
# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
- name: data
hostPath:
path: /var/lib/filebeat-data
type: DirectoryOrCreate

特点总结

daemonset是用来部署守护进程的,DaemonSet用于在每个Kubernetes节点中将守护进程的副本作为后台进程运行,说白了就是在每个节点部署一个Pod副本,当节点加入到Kubernetes集群中,Pod会被调度到该节点上运行,当节点从集群只能够被移除后,该节点上的这个Pod也会被移除,当然,如果我们删除DaemonSet,所有和这个对象相关的Pods都会被删除。

在哪种情况下我们会需要用到这种业务场景呢?其实这种场景还是比较普通的,比如:

  • 集群存储守护程序,如glusterdceph要部署在每个节点上以提供持久性存储;
  • 节点监视守护进程,如Prometheus监控集群,可以在每个节点上运行一个node-exporter进程来收集监控节点的信息;
  • 日志收集守护程序,如fluentd,filebeatlogstash,在每个节点上运行以收集容器的日志

这里需要特别说明的一个就是关于DaemonSet运行的Pod的调度问题,正常情况下,Pod运行在哪个节点上是由Kubernetes的调度器策略来决定的,然而,由DaemonSet控制器创建的Pod实际上提前已经确定了在哪个节点上了(Pod创建时指定了.spec.nodeName),所以:

  • DaemonSet并不关心一个节点的unshedulable字段
  • DaemonSet可以创建Pod,即使调度器还没有启动,这点非常重要。