本案例在worker01主机上安装nginx并收集其日志
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install nginx
# cd /usr/share/nginx/html/
# ls
404.html 50x.html en-US icons img index.html nginx-logo.png poweredby.png
# echo "work1 web page" > index.html
# systemctl enable nginx
# systemctl start nginx
# curl http://192.168.10.12
work1 web page
[root@master01 ~]# cat filebeat-to-logstash-nginx.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-filebeat-config-nginx-logs
namespace: default
data:
filebeat.yml: |
filebeat.inputs:
- type: log
paths:
- /var/log/nginx/access.log
fields:
app: k8s
type: module
fields_under_root: true
- type: log
paths:
- /var/log/nginx/error.log
fields:
app: k8s
type: module
fields_under_root: true
setup.ilm.enabled: false
setup.template.name: "k8s-module"
setup.template.pattern: "k8s-module-*"
output.logstash:
hosts: ['192.168.10.14:5055']
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: k8s-logs
namespace: default
spec:
selector:
matchLabels:
project: k8s
app: filebeat
template:
metadata:
labels:
project: k8s
app: filebeat
spec:
nodeName: worker01 # 指定pod运行节点,未指定时每个节点都部署
containers:
- name: filebeat
image: docker.io/elastic/filebeat:7.17.2
imagePullPolicy: IfNotPresent
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: nginx-access
mountPath: /var/log/nginx/access.log
- name: nginx-error
mountPath: /var/log/nginx/error.log
volumes:
- name: nginx-access
hostPath:
path: /var/log/nginx/access.log
- name: nginx-error
hostPath:
path: /var/log/nginx/error.log
- name: filebeat-config
configMap:
name: k8s-filebeat-config-nginx-logs
[root@logstash ~]# cat /etc/logstash/conf.d/nginx-logstash-to-elastic.conf
input {
beats {
host => "0.0.0.0"
port => "5055"
}
}
filter {
}
output {
elasticsearch {
hosts => "192.168.10.14:9200"
index => "nginx-%{+YYYY.MM.dd}"
}
}
[root@logstash ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx-logstash-to-elastic.conf --path.data /usr/share/logstash/data2 &
[root@logstash ~]# ss -anput | grep ":5055"
tcp LISTEN 0 128 [::]:5055 [::]:* users:(("java",pid=14296,fd=106))
[root@master01 ~]# kubectl apply -f filebeat-to-logstash-nginx.yaml
configmap/k8s-filebeat-config-nginx-logs created
daemonset.apps/k8s-logs created
[root@master01 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
k8s-logs-ndznb 1/1 Running 0 14s 10.244.194.84 worker01 <none> <none>
[root@master01 ~]# # kubectl logs k8s-logs-ndznb
注:
linux释放内存缓存
在Linux系统中,清空内存通常用于释放系统中的缓存以及未使用的内存页,以便提高系统的性能
这种操作在某些情况下可能很有用,例如在进行性能测试或者遇到系统资源不足的情况下
以下是与清空内存相关的知识点以及相关命令的解释:
sync命令:syncsync 命令用于将缓冲数据写入磁盘,并且等待写入完成。它确保所有未写入的数据都被刷新到磁盘中,从而避免数据丢失或损坏
echo 3 > /proc/sys/vm/drop_caches:用于通过写入特定的值到 /proc/sys/vm/drop_caches 文件来清空系统中的页缓存、目录项缓存以及索引节点缓存
具体来说,这个命令通过向 /proc/sys/vm/drop_caches 文件中写入以下数字来执行不同的操作:
0:清除页面缓存(page cache)
1:清除目录项和索引节点缓存
2:清除页面缓存以及目录项和索引节点缓存
3:在上述所有内容的基础上执行清空操作
这个命令通常需要 root 权限才能执行。清空缓存可以帮助释放系统中的内存并提高性能,但在生产环境中应谨慎使用,因为这可能会导致性能下降,尤其是在大量磁盘 I/O 操作期间
通常情况下,Linux内核会很好地管理内存,不需要手动进行这样的操作。
free -m
total used free shared buff/cache available
Mem: 1948 832 575 11 540 947
内存总量 已使用的 未使用的 共享的 缓冲/缓存 可用的
Buffers:缓冲,是对原始磁盘块的临时存储,也就是用来缓存写磁盘的数据,通常不会特别大(20MB 左右)。
这样,内核就可以把分散的写集中起来,统一优化磁盘的写入,比如可以把多次小的写合并成单次大的写等等。
Cache:缓存,是从磁盘读取文件的页缓存,也就是用来缓存从磁盘文件读取的数据。
这样,下次访问这些文件数据时,就可以直接从内存中快速获取,而不需要再次访问缓慢的磁盘。
Shared 共享内存是一种高效的进程通信方法。它允许多个进程访问同一块内存区域,从而实现数据的共享和交换。
通过在应用程序Pod中运行filebeat(sidecar边车)实现,本次将以tomcat为例进行说明。
默认tomcat容器中没有网站首页文件,不添加会导致pod中容器无法正常运行。
[root@worker01 ~]# mkdir /opt/tomcatwebroot
[root@worker01 ~]# echo "tomcat running" > /opt/tomcatwebroot/index.html
[root@master01 ~]# cat tomcat-logs.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-demo
namespace: default
spec:
replicas: 2
selector:
matchLabels:
project: www
app: tomcat-demo
template:
metadata:
labels:
project: www
app: tomcat-demo
spec:
nodeName: worker01
containers:
- name: tomcat
image: tomcat:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 500Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
volumeMounts:
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
- name: tomcatwebroot
mountPath: /usr/local/tomcat/webapps/ROOT
- name: filebeat
image: docker.io/elastic/filebeat:7.17.2
imagePullPolicy: IfNotPresent
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
volumes:
- name: tomcat-logs
emptyDir: {}
- name: tomcatwebroot
hostPath:
path: /opt/tomcatwebroot
type: Directory
- name: filebeat-config
configMap:
name: filebeat-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: default
data:
filebeat.yml: |-
filebeat.inputs:
- type: log
paths:
- /usr/local/tomcat/logs/catalina.*
fields:
app: www
type: tomcat-catalina
fields_under_root: true
multiline:
pattern: '^['
negate: true
match: after
setup.ilm.enabled: false
setup.template.name: "tomcat-catalina"
setup.template.pattern: "tomcat-catalina-*"
output.logstash:
hosts: ['192.168.10.14:5056']
编写logstash配置文件,不影响以往配置文件
[root@logstash ~]# cat /etc/logstash/conf.d/tomcat-logstash-to-elastic.conf
input {
beats {
host => "0.0.0.0"
port => "5056"
}
}
filter {
}
output {
elasticsearch {
hosts => "192.168.10.14:9200"
index => "tomcat-catalina-%{+yyyy.MM.dd}"
}
}
[root@logstash ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tomcat-logstash-to-elastic.conf --path.data /usr/share/logstash/data3 &
验证端口是否启动
[root@logstash ~]# ss -anput | grep ":5056"
tcp LISTEN 0 128 [::]:5056 [::]:* users:(("java",pid=14144,fd=106))
[root@master01 ~]# kubectl apply -f tomcat-logs.yaml
[root@master01 ~]# kubectl get deployment.apps
NAME READY UP-TO-DATE AVAILABLE AGE
tomcat-demo 2/2 2 2 5m26s
[root@master01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
tomcat-demo-664584f857-k8whd 2/2 Running 0 5m33s
tomcat-demo-664584f857-xncpk 2/2 Running 0 5m33s
如果显示如下状态,需要再等待大于1分钟的时间,filebeat容器(边车)才会运行
tomcat-demo-5bfd96b74-5pw2g 1/2 Running 0 76s
tomcat-demo-5bfd96b74-6pbpj 1/2 Running 0 76s
查看tomcat产生日志 (-c: container)
[root@master01 ~]# kubectl logs tomcat-demo-664584f857-k8whd -c tomcat
查看filebeat收集日志
[root@master01 ~]# kubectl logs tomcat-demo-664584f857-k8whd -c filebeat
