使用kubernetes-event-exporter将k8s的事件导出到elasticsearch日志系统中
前提
| 版本 | |
|---|---|
| kubernetes | v1.17.9 |
| kubernetes-event-exporter | v0.9 |
| elasticsearch | 7.3.0 |
部署
github地址:https://github.com/opsgenie/kubernetes-event-exporter
- git 克隆镜像仓库
# git clone https://github.com/opsgenie/kubernetes-event-exporter.git
Cloning into 'kubernetes-event-exporter'...
remote: Enumerating objects: 518, done.
remote: Counting objects: 100% (518/518), done.
remote: Compressing objects: 100% (426/426), done.
remote: Total 5759 (delta 56), reused 466 (delta 36), pack-reused 5241
Receiving objects: 100% (5759/5759), 7.65 MiB | 4.25 MiB/s, done.
Resolving deltas: 100% (2282/2282), done.
- 配置01-config.yaml
进到deploy目录,可以看到这三个yaml文件
# cd kubernetes-event-exporter/deploy/
# ls
00-roles.yaml 01-config.yaml 02-deployment.yaml
其中00-roles.yaml是设置rbac权限
# cat 00-roles.yaml
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: monitoring
name: event-exporter
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-exporter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
namespace: monitoring
name: event-exporter
01-config.yaml,配置接收者,默认是输出到本地路径
# cat 01-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-cfg
namespace: monitoring
data:
config.yaml: |
logLevel: error
logFormat: json
route:
routes:
- match:
- receiver: "dump"
receivers:
- name: "dump"
file:
path: "/dev/stdout"
02-deployment.yaml,具体部署的pod应用
# cat 02-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: event-exporter
namespace: monitoring
spec:
replicas: 1
template:
metadata:
labels:
app: event-exporter
version: v1
spec:
serviceAccountName: event-exporter
containers:
- name: event-exporter
image: opsgenie/kubernetes-event-exporter:0.9
imagePullPolicy: IfNotPresent
args:
- -conf=/data/config.yaml
volumeMounts:
- mountPath: /data
name: cfg
volumes:
- name: cfg
configMap:
name: event-exporter-cfg
selector:
matchLabels:
app: event-exporter
version: v1
这里有三个yaml,这里我们需要修改01-config.yaml,设置接收者为elasticsearch
# cat 01-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-cfg
namespace: monitoring
data:
config.yaml: |
logLevel: error
logFormat: json
route:
routes:
- match:
- receiver: "dump" # 与下面的name对应
receivers:
- name: "dump"
elasticsearch: # 设置接收者为es
hosts:
- http://10.43.62.184:9200 # es地址
index: kube-events
indexFormat: "kube-events-{2020-09-08}" # 索引格式
useEventID: true
如果是es设置了tls,请参考官方文档设置相关tls参数:https://github.com/opsgenie/kubernetes-event-exporter#elasticsearch
- 启动event-exporter
依次执行这三个文件
kubectl apply -f 00-roles.yaml
kubectl apply -f 01-config.yaml
kubectl apply -f 02-deployment.yaml
- 查看pod状态
# kubectl -n monitoring get pod
NAME READY STATUS RESTARTS AGE
event-exporter-7cfbbcff69-xxg9t 1/1 Running 0 48m
- 查看elasticsearch
# curl http://10.43.62.184:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_task_manager Qb6qPAipQZiAb29B8VCJ3Q 1 1 2 0 59.2kb 29.6kb
green open kube-events-2020-09-08 gbrvIqevRAGGjxIbR993mA 1 1 16 0 129kb 56.2kb
green open .kibana_1 mVv0LHetQ1mcGbYnbaF3Fg 1 1 4 0 64.2kb 32.1kb
对接成功