我们将分析Docker和Kubernetes中的日志记录基础知识,然后考虑可以在生产中安全使用的两个工具:Grafana Loki和EFK堆栈(Elasticsearch + Fluent Bit + Kibana)。
本文的内容摘自Slurm学校的公开演讲。如果有需求,甚至对于生产需求如此,您可以完成一次完整的培训-报名参加Kubernetes中有关监视和日志记录基础结构的课程。
Docker日志记录
在Kubernetes级别,应用程序在Pod中运行,但是在较低级别,它们通常在Docker中运行。因此,您需要配置日志记录,以便从容器中收集日志。容器是由Docker启动的-因此您需要弄清楚日志记录在Docker级别是如何工作的。
, : stdout/stderr, . Docker Daemon, , stdout/stderr. : ( Logrotate ), Docker Daemon .
Docker - . Docker Community Edition (CE) - , Docker Enterprise Edition (EE).
Docker EE : Southbridge Open Source , Docker EE .
- Docker CE:
local — Docker Daemon;
json-file — json-log ;
journald — journald.
Docker daemon.json.
“log-driver” , “log-opts” — . “json-file”, — “max-size”: “10m”; ( ) — “max-file”: “3”; , .
- . , -.
Docker:
: -, json-file, . (Rsyslog, Fluentd, Logagent ) Elastic, Sematext .
Kubernetes
Kubernetes : pod, , stdout/stderr. Docker , .
Kubernetes.
. . , , . Kubernetes --previous, Pod, .
. , . , .
, . (, Rsyslog), — Docker (, journal-bit - Docker journald). journal-bit — ( - Docker , journald), ( CentOS 7 systemd journald). , . , journal-bit , .
— . CentOS 7 (messages, audit, secure) var- . Docker json. , CentOS 7 Docker .
ELK Stack. : Elasticsearch, Logstash Kibana.
Elasticsearch , Logstash , Kibana , . ELK Stack , , , . , .
. , , , . , . , , , Pod , namespace . .
. , . , , . — .
, , — , «warning» «error». nginx ingress-, , 200. : - Nginx, .
, . , , . 200. — ingress-.
, : , , , .
. , Prometheus, .
: , — . , .
, Kubernetes :
, , -, ( — Logging Backend). , , Kubernetes.
.
Grafana Loki
Grafana Loki , . : , , Elasticsearch, TSDB (time series database). , Prometheus, . , Loki — «Prometheus ».
Loki — Grafana. : Grafana , Loki, . .
Loki :
DaemonSet — Promtail Fluent Bit. . Loki TSDB. , : Pods, namespaces, .
Loki Grafana. Loki , LogQL — PromQL Prometheus. Loki , .
Loki Grafana
, Loki (“400”, “404” ); ; , “error”. , .
Loki , , , . Loki .
Elastic + Fluent Bit + Kibana (EFK Stack)
EFK — , .
ELK (Elasticsearch + Logstash + Kibana), - Logstash. Fluentd, Fluent Bit — -.
, Fluent Bit , 100 , Fluentd: «, Fluentd 20 , Fluent Bit 150 » — . , Fluent Bit .
Fluent Bit , Fluentd, , Fluent Bit.
EFK: ( , DaemonSet, ) (Elasticsearch, PostgreSQL Kafka). Kibana .
Kibana -. , .
.
Fluent Bit
Fluent Bit, , , Logstash, . Fluent Bit 6 , , Fluent Bit.
Input , systemd tcp-socket ( endpoint, Fluent Bit ). , , .
Parser . Nginx . JSON: . JSON , , .
Filter. . , “warning” . .
Buffer. Fluent Bit : . — , . , . , .
Routing/Output . , Elasticsearch, PostgreSQL , , Kafka.
, Fluent Bit Fluentd. , Fluentd, , , .
Elasticsearch…
, Elasticsearch .
- ElastAlert. . , , .
- Curator API Elasticsearch. Elastic, , . : - — , . - . , 5 . , , .
...
: , Kubernetes, Southbridge, .