使用kubernetes-event-exporter将k8s的事件导出到elasticsearch日志系统中
前提
版本
kubernetes
v1.17.9
kubernetes-event-exporter
v0.9
elasticsearch
7.3.0
部署 github地址:https://github.com/opsgenie/kubernetes-event-exporter
git 克隆镜像仓库
1 2 3 4 5 6 7 8 Cloning into 'kubernetes-event-exporter' ... remote: Enumerating objects: 518 , done. remote: Counting objects: 100 % (518 /518 ), done. remote: Compressing objects: 100 % (426 /426 ), done. remote: Total 5759 (delta 56 ), reused 466 (delta 36 ), pack-reused 5241 Receiving objects: 100 % (5759 /5759 ), 7.65 MiB | 4.25 MiB/s, done. Resolving deltas: 100 % (2282 /2282 ), done.
配置01-config.yaml
进到deploy目录,可以看到这三个yaml文件
1 2 3 00-roles.yaml 01-config.yaml 02-deployment.yaml
其中00-roles.yaml是设置rbac权限
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 apiVersion: v1 kind: Namespace metadata: name: monitoring --- apiVersion: v1 kind: ServiceAccount metadata: namespace: monitoring name: event-exporter --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: event-exporter roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: view subjects: - kind: ServiceAccount namespace: monitoring name: event-exporter
01-config.yaml,配置接收者,默认是输出到本地路径
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 apiVersion: v1 kind: ConfigMap metadata: name: event-exporter-cfg namespace: monitoring data: config.yaml: | logLevel: error logFormat: json route: routes: - match: - receiver: "dump" receivers: - name: "dump" file: path: "/dev/stdout"
02-deployment.yaml,具体部署的pod应用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 apiVersion: apps/v1 kind: Deployment metadata: name: event-exporter namespace: monitoring spec: replicas: 1 template: metadata: labels: app: event-exporter version: v1 spec: serviceAccountName: event-exporter containers: - name: event-exporter image: opsgenie/kubernetes-event-exporter:0.9 imagePullPolicy: IfNotPresent args: - -conf=/data/config.yaml volumeMounts: - mountPath: /data name: cfg volumes: - name: cfg configMap: name: event-exporter-cfg selector: matchLabels: app: event-exporter version: v1
这里有三个yaml,这里我们需要修改01-config.yaml,设置接收者为elasticsearch
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 apiVersion: v1 kind: ConfigMap metadata: name: event-exporter-cfg namespace: monitoring data: config.yaml: | logLevel: error logFormat: json route: routes: - match: - receiver: "dump" receivers: - name: "dump" elasticsearch: hosts: - http://10.43.62.184:9200 index: kube-events indexFormat: "kube-events-{2020-09-08}" useEventID: true
如果是es设置了tls,请参考官方文档设置相关tls参数:https://github.com/opsgenie/kubernetes-event-exporter#elasticsearch
启动event-exporter
依次执行这三个文件
1 2 3 kubectl apply -f 00 -roles .yaml kubectl apply -f 01 -config .yaml kubectl apply -f 02 -deployment .yaml
查看pod状态
1 2 3 NAME READY STATUS RESTARTS AGE event-exporter -7cfbbcff69 -xxg9t 1 /1 Running 0 48 m
查看elasticsearch
1 2 3 4 5 health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .kibana_task_manager Qb6qPAipQZiAb29B8VCJ3Q 1 1 2 0 59.2 kb 29.6 kb green open kube-events -8080 -09 -08 gbrvIqevRAGGjxIbR993mA 1 1 16 0 129 kb 56.2 kb green open .kibana_1 mVv0LHetQ1mcGbYnbaF3Fg 1 1 4 0 64.2 kb 32.1 kb
对接成功