我正在kubernetes上设置文件拍。当我将Filebeat部署到Kubernetes时,我第一次获得了所有容器日志。我检查了所有副本和节点。我想对头盔执行相同的操作。但是,我应用了非常复杂的配置,我无法接收所有容器的日志文件,PodList仅返回正在运行的节点容器日志。我不知道我是怎么做到的。我想到的第一个选择是给serviceaccount一个群集管理员角色。但尝试后无法再次访问所有日志文件。
这是我的最后一个配置。只是在运行的节点上工作。 (DAEMONSET非常糟糕的解决方案。因为如果我以某种方式到达主节点吊舱列表,我将能够在一种情况下如上所述获得解决方案。)
自动发现配置。
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: bau
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.autodiscover:
providers:
- type: kubernetes
templates:
- condition:
equals:
kubernetes.namespace: kube-system
config:
- type: docker
containers.ids:
- "${data.kubernetes.container.id}"
exclude_lines: ["^\\s+[\\-`('.|_]"]
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
setup.template.settings:
index.number_of_shards: 5
我的豆荚:
apiVersion: v1
kind: Pod
metadata:
name: filebeat
namespace: bau
spec:
serviceAccountName: filebeat
containers:
-
args:
- "-c"
- /etc/filebeat.yml
- "-e"
env:
-
name: ELASTICSEARCH_HOST
value: "http://bau-sla-elasticsearch"
-
name: ELASTICSEARCH_PORT
value: "9200"
-
name: KIBANA_HOST
value: "http://bau-sla-kibana"
-
name: KIBANA_PORT
value: "5601"
image: "10.6.155.20:5000/filebeat:6.5.3"
name: filebeat
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsUser: 0
fsGroup: 2000
volumeMounts:
-
mountPath: /etc/filebeat.yml
name: config
subPath: filebeat.yml
-
mountPath: /usr/share/filebeat/data
name: data
-
mountPath: /var/lib/docker/containers
name: varlibdockercontainers
readOnly: true
volumes:
-
name: config
configMap:
defaultMode: 384
name: filebeat-config
-
hostPath:
path: /var/lib/docker/containers
name: varlibdockercontainers
-
hostPath:
path: /var/lib/filebeat/bau
type: DirectoryOrCreate
name: data
我的服务和clusterrolebinding:
apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: bau
labels:
k8s-app: filebeat
kubectl create clusterrolebinding filebeat \ --clusterrole=cluster-admin \ --serviceaccount=bau:filebeat