首页 > 其他分享 >filebeat篇章——QuitStart in K8S

filebeat篇章——QuitStart in K8S

时间:2023-04-24 10:44:25浏览次数:47  
标签:filebeat K8S name namespace QuitStart k8s true metadata

QuitStart in K8S

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-script-config
  namespace: ops-department
  labels:
    k8s-app: filebeat
data:
  set-kafka-topic.js: |
    function process(event) {
      if (event.Get("kubernetes.namespace")) {
        event.Put("kafka_topic", "log-k8s-" + event.Get("kubernetes.namespace"));
      } else {
        throw new Error("Kubernetes namespace is not defined.");
      }
      return event;
    }

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
  namespace: ops-department
  labels:
    k8s-app: filebeat
data:
  filebeat.yml: |-
    http.enabled: true
    http.host: 0.0.0.0
    http.port: 5066
    
    filebeat.inputs:
    - type: container
      stream: stdout
      paths:
        - /var/log/containers/*.log
      processors:
        - add_kubernetes_metadata:
            host: ${NODE_NAME}
            in_cluster: true
            default_matchers.enabled: true
            matchers:
            - logs_path:
                logs_path: "/var/log/containers/"
        - rename:
            fields:
              - from: message
                to: "@message"
              - from: source
                to: "@path"
              - from: node_name
                to: "@hostname"
              - from: "kubernetes.namespace_name"
                to: "kubernetes_namespace"
            ignore_missing: true
        - script:
            lang: javascript
            id: "set_kafka_topic"
            file: "/usr/share/filebeat/scripts/set-kafka-topic.js"
            ignore_imssing: true
    processors:
      - add_cloud_metadata:
          exclude_fields: ["host"]
      - add_host_metadata:
          exclude_fields: ["host"]
      - decode_json_fields:
          fields: ["message"]
          target: ""
          overwrite_keys: true
          add_error_key: true
      - if:
          contains:
            message: kafka_topic
        then:
          - dissect:
              tokenizer: "%{[@metadata][beat]} %{[@metadata][version]} [%{loglevel}] [%{module}] [%{namespace}] [%{podname}] %{[@metadata][message]} kafka_topic:%{kafka_topic}"
              field: "message"
              target_prefix: ""
          - rename:
              fields:
                - { from: "kafka_topic", to: "topic" }
      - drop_fields:
          fields: ["beat", "input", "prospector.type", "offset", "source", "log", "ecs", "host", "container", "agent", "cloud", "tags", "kubernetes.replicaset", "kubernetes.labels", "kubernetes.namespace labels", "kubernetes.container", "kubernetes.node", "kubernetes.namespace_labels"]
          ignore_missing: true
      - drop_event:
          when:
            not:
              or:
                - equals:
                    kubernetes.namespace: "ops-department"
                - equals:
                    kubernetes.namespace: "account"
                - equals:
                    kubernetes.namespace: "jinjiang-online"
    output.kafka:
      enabled: true
      hosts:
        - 10.10.10.10:9092
      topic: "%{[kafka_topic]}" 
      protocol_version: "2.0.0"
      compression: gzip
      max_message_bytes: 1000000
      multiline:
        pattern: ^\d{4}-\d{2}-\d{2}
        negate: true
        match: after

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: ops-department
  labels:
    k8s-app: filebeat
spec:
  selector:
    matchLabels:
      k8s-app: filebeat
  template:
    metadata:
      labels:
        k8s-app: filebeat
    spec:
      serviceAccountName: filebeat
      terminationGracePeriodSeconds: 30
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: filebeat
        image: docker.elastic.co/beats/filebeat:7.17.9
        args: [
          "-c", "/etc/filebeat.yml",
          "-e",
        ]
        env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        securityContext:
          runAsUser: 0
          # If using Red Hat OpenShift uncomment this:
          #privileged: true
        resources:
          limits:
            cpu: 200m
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 100Mi
        volumeMounts:
        - name: scripts
          mountPath: /usr/share/filebeat/scripts
          readOnly: true
        - name: config
          mountPath: /etc/filebeat.yml
          readOnly: true
          subPath: filebeat.yml
        - name: data
          mountPath: /usr/share/filebeat/data
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
        - name: varlog
          mountPath: /var/log
          readOnly: true
        - name: host-time
          mountPath: /etc/localtime
      volumes:
      - name: scripts
        configMap:
          name: filebeat-script-config
      - name: config
        configMap:
          defaultMode: 0640
          name: filebeat-config
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
      - name: varlog
        hostPath:
          path: /var/log
      # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
      - name: data
        hostPath:
          # When filebeat runs as non-root user, this directory needs to be writable by group (g+w).
          path: /var/lib/filebeat-data
          type: DirectoryOrCreate
      - name: host-time
        hostPath:
          path: /etc/localtime

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: filebeat
subjects:
- kind: ServiceAccount
  name: filebeat
  namespace: ops-department
roleRef:
  kind: ClusterRole
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: filebeat
  namespace: ops-department
subjects:
  - kind: ServiceAccount
    name: filebeat
    namespace: ops-department
roleRef:
  kind: Role
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: filebeat-kubeadm-config
  namespace: ops-department
subjects:
  - kind: ServiceAccount
    name: filebeat
    namespace: ops-department
roleRef:
  kind: Role
  name: filebeat-kubeadm-config
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: filebeat
  labels:
    k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
  resources:
  - namespaces
  - pods
  - nodes
  verbs:
  - get
  - watch
  - list
- apiGroups: ["apps"]
  resources:
    - replicasets
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: filebeat
  # should be the namespace where filebeat is running
  namespace: ops-department
  labels:
    k8s-app: filebeat
rules:
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: filebeat-kubeadm-config
  namespace: ops-department
  labels:
    k8s-app: filebeat
rules:
  - apiGroups: [""]
    resources:
      - configmaps
    resourceNames:
      - kubeadm-config
    verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: filebeat
  namespace: ops-department
  labels:
    k8s-app: filebeat
---

  

标签:filebeat,K8S,name,namespace,QuitStart,k8s,true,metadata
From: https://www.cnblogs.com/zuoyang/p/17348726.html

相关文章

  • elasticsearch+filebeat+kafka+kibana——filbeat篇章——overview
    filbeat篇章——overviewhttps://www.elastic.co/guide/en/beats/filebeat/8.7/filebeat-overview.html#filebeat-overview Filebeatisalightweightshipperforforwardingandcentralizinglogdata.Installedasanagentonyourservers,Filebeatmonitorsthelog......
  • 下篇(开始写代码):运维开发人员不得不看的K8S API实战
    支持的客户端库可参考:https://kubernetes.io/zh-cn/docs/reference/using-api/client-libraries/身份验证插件在K8SAPI客户端库golangclient-go中,Authplugins(身份验证插件)是用于处理Kubernetes集群中用户身份验证的组件。一般来说,客户端的配置信息通常从kubeconfig文......
  • 上篇:运维人员不得不看的K8S API入门实战,呕心沥血整理得又臭又长,有人看吗
    K8SAPI概述可参考:https://kubernetes.io/zh-cn/docs/concepts/overview/kubernetes-api/KubernetesAPI是Kubernetes控制平面的核心。它是一组RESTAPI,用于与Kubernetes中的各种对象进行交互,如Pods、Namespaces、ConfigMaps和Events等。通过这些API,可以查询和操作Kubernetes中A......
  • 如何校验K8S Yaml文件
    Kubernetes已经占据如何管理集容器化应用程序的核心位置。因此,存在许多定义Kubernetes应用程序的约定文件格式,包括YAML、JSON、INI等。这使得我们需要考虑应用程序的最佳策略是什么。此外,我们还必须考虑如何根据所选择的文件结构(特别是安全性)路径来验证应用程序配置。本文,我们将......
  • k8s-问题:[root@master log]# kubectl get node The connection to the server 192.168
    记一次测试虚拟机异常关机导致的问题[root@masterlog]#kubectlgetnodeTheconnectiontotheserver192.168.0.105:6443wasrefused-didyouspecifytherighthostorport?这个问题网上的大部分解决方案是kubeadminit直接这么搞我相信肯定能恢复,毕竟是重新初始化,但......
  • k8s 1.23 traefik v2.9.10 的应用
    1.部署traefik1.1相关版本介绍k8s:v1.23.17traefik:v2.9.10链接地址:GitHub:https://github.com/traefik/traefikDockerhub:https://hub.docker.com/_/traefik官网:https://doc.traefik.io/traefikgateway-api:https://github.com/kubernetes-sigs/gateway-api......
  • k8s flannel
    ------------恢复内容开始------------k8scorednsContainerCreatingfailed:open/run/flannel/subnet.env:nosuchfileordirectory kube-flannel-ds-kjtd8 CrashLoopBackOff K8s23-公司自建环境SwapoffFirewalldsystemctlstatusfirewalldSystemctlstopfir......
  • 利用Velero对K8S备份还原与集群迁移实战
    一、简介Velero是一款云原生时代的灾难恢复和迁移工具,采用Go语言编写,并在github上进行了开源,利用velero用户可以安全的备份、恢复和迁移Kubernetes集群资源和持久卷。开源地址:https://github.com/vmware-tanzu/velero官方文档:https://velero.io/docs/v1.11/1.1支......
  • k8s etcd 备份还原
    先根据etcd找到hostpatch持久化目录,/var/lib/etcd 进入pod备份:ETCDCTL_API=3etcdctlsnapshotsavesnap.db\--endpoints=https://127.0.0.1:2379\--cacert=/etc/kubernetes/pki/etcd/ca.crt\--cert=/etc/kubernetes/pki/etcd/server.crt\--key=/etc......
  • kubeatm安装k8s成功后的提示说明
    使用kubeadm安装完成k8s成功后,有一段提示信息如下:YourKubernetescontrol-planehasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.ku......