Splunk货运代理与kubernates在侧车模式

时间:2018-11-20 09:36:55

标签: kubernetes splunk

我创建了一个自定义的splunkforwarder图片。

图片名称:vrathore/splunkuniversalforwarder

我已验证日志已推送到服务器。我正在使用主机(c/Users/var/log)中存在的虚拟日志。如果运行此docker命令:

docker run --name splunkforwarder -d -v /c/Users/var/log://var/log/messages -p 8089:8089 -p 8088:8088 -e SPLUNK_SERVER_HOST=splunk-prodtest-gsp.test.com:9997 -e
FORWARD_HOSTNAME=kubernetes vrathore/splunkuniversalforwarder

现在我想在kubernetes容器中使用相同的图像。其中2个容器将与我的splunk转发器映像共享其日志文件夹。

spec:
  revisionHistoryLimit: 5
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 10%
      maxSurge: 10%
  replicas: 1
  template:
    metadata:
      name: %APP_FULL_NAME%-pod
      labels:
        appname: %APP_FULL_NAME%
        stage: %APP_ENV%
        component: app-kube-pod-object
    spec:
      containers:
      - name: %APP_FULL_NAME%-service
        image: %DOCKER_IMAGE%
        imagePullPolicy: Always
        envFrom:
        - configMapRef:
            name: %APP_CONFIG_MAP%
        command: ["catalina.sh", "run"]
        ports:
        - containerPort: 8080
      imagePullSecrets:
      - name: %DOCKER_REPO_REGKEY%
  selector:
    matchLabels:
      appname: %APP_FULL_NAME%
      stage: %APP_ENV%

Kubernetes对我来说是新的。有人可以帮助我如何在容器之间共享日志文件夹。谢谢

1 个答案:

答案 0 :(得分:1)

您需要定义一个emptyDir类型的卷并将其附加到两个容器。假设来自应用程序的日志位于/var/log/myapp/下(我也添加了第二个容器)

spec:
  revisionHistoryLimit: 5
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 10%
      maxSurge: 10%
  replicas: 1
  template:
    metadata:
      name: %APP_FULL_NAME%-pod
      labels:
        appname: %APP_FULL_NAME%
        stage: %APP_ENV%
        component: app-kube-pod-object
    spec:
      containers:
      - name: %APP_FULL_NAME%-service
        image: %DOCKER_IMAGE%
        imagePullPolicy: Always
        envFrom:
        - configMapRef:
            name: %APP_CONFIG_MAP%
        command: ["catalina.sh", "run"]
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: logs
          mountPath: /var/log/myapp/
      - name: uf
        image: vrathore/splunkuniversalforwarder
        ...
        volumeMounts:
        - name: logs
          mountPath: /var/log/myapp/
      imagePullSecrets:
      - name: %DOCKER_REPO_REGKEY%
      volumes:
      - name: logs
        emptyDir: {}
  selector:
    matchLabels:
      appname: %APP_FULL_NAME%
      stage: %APP_ENV%

此外,我建议您寻求一种替代解决方案,借助Collectord和Monitoring Kubernetes / OpenShift,您可以告诉Collectord在哪里查找日志,而您无需运行Sidecar容器https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v5/annotations/#application-logs,只需一个Collectord守护程序将完成工作。

相关问题
最新问题