Kubernetes集群通过Filebeat收集日志
Filebeat收集容器日志,其中NODE_NAME配置,是将node信息添加到日志中,所以需要serviceAccount权限,如果不需要配置NODE信息,可以不创建serviceAccount,其他内容可根据实际情况修改
apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: elk
labels:
app: filebeat
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: filebeat-clusterrole
labels:
app: filebeat
rules:
- apiGroups: [""]
resources:
- nodes
- namespaces
- pods
verbs:
- watch
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: filebaet-clusterrolebinding
labels:
app: filebeat
subjects:
- kind: ServiceAccount
name: filebeat
namespace: elk
roleRef:
kind: ClusterRole
name: filebeat-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat
namespace: elk
data:
filebeat.yml: |-
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
processors:
- add_kubernetes_metadata:
in_cluster: true
host: ${NODE_NAME}
- add_fields:
fields:
node_name: ${NODE_NAME}output.elasticsearch:
hosts: ["http://elasticsearch:9200"]
indices:
- index: "containers_log"
setup.template.name: "containers"
setup.template.pattern: "containers-*"
setup.ilm.enabled: false
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
namespace: elk
spec:
selector:
matchLabels:
app: filebeat-log
template:
metadata:
labels:
app: filebeat-log
spec:
serviceAccount: filebeat
containers:
- args:
- -c
- /config/filebeat.yml
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: docker.elastic.co/beats/filebeat:8.5.0
imagePullPolicy: Always
name: container-log
volumeMounts:
- mountPath: /config/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
- mountPath: /var/log/containers
name: containerslog
- mountPath: /var/log/pods
name: pods
volumes:
- name: filebeat-conf
configMap:
name: filebeat
- name: containerslog
hostPath:
path: /var/log/containers
- name: pods
hostPath:
path: /var/log/pods