下载filebeat
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.4.0-linux-x86_64.tar.gz
tar -xf filebeat-7.4.0-linux-x86_64.tar.gz制作filebeat镜像
cat filebeat-7.4.0-linux-x86_64/dockerfile
FROM registry.cn-shanghai.aliyuncs.com/wikifx/base:alpine-glibc-Shanghai
WORKDIR /app
COPY . .
RUN chmod +x filebeat
ENTRYPOINT ["/app/filebeat", "-e", "-path.home", "./", "-path.data", "./data"]编排文件编写
apiVersion: v1
kind: Namespace
metadata:
name: ops
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: ops
labels:
k8s-app: filebeat
kubernetes.io/cluster-service: "true"
data:
filebeat.yml: |-
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/applogs/*/*.log
tags: ["k8s_applogs", "SH"]
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
tail_files: true
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
output.logstash:
hosts: ["172.19.111.144:8080"]
processors:
- add_host_metadata:
netinfo.enabled: true
cache.ttl: 5m
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: logscollection
name: logscollection
namespace: ops
spec:
selector:
matchLabels:
app: logscollection
template:
metadata:
labels:
app: logscollection
spec:
containers:
- args: [
"-c", "/etc/filebeat.yml"
]
image: registry.cn-shanghai.aliyuncs.com/wikifx/base:logscollection-public
name: logscollection-public
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 10m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: applogs
mountPath: /var/applogs
volumes:
- name: config
configMap:
defaultMode: 0444
name: filebeat-config
- hostPath:
path: /var/applogs
type: DirectoryOrCreate
name: applogs安装执行
[root@node002 DaemonSet]# kubectl apply -f logscollection
namespace/ops created
configmap/filebeat-config created
daemonset.apps/logscollection created
