阅读量:2
CentOS上Kubernetes集群日志管理指南
一、日志收集方案选择
Kubernetes日志收集需根据场景选择合适方案,常见工具及特点如下:
- EFK Stack(Elasticsearch+Fluentd+Kibana):官方推荐的全链路日志方案,适合需要全文检索、复杂分析、可视化的场景(如故障排查、业务指标监控)。Fluentd作为DaemonSet部署在每个节点,收集容器/系统日志并转发至Elasticsearch,Kibana提供Web界面展示。
- Loki+Promtail+Grafana:轻量级云原生方案,适合大规模集群、低成本存储(如S3、OSS)。Promtail作为Sidecar或DaemonSet收集日志,Loki存储并索引,Grafana实现可视化,集成Prometheus可实现日志与指标联动。
- Filebeat+Elasticsearch+Kibana:简化版ELK,Filebeat作为轻量级收集器(资源占用低),适合资源受限的环境(如小型集群)。需配合DaemonSet部署,收集
/var/log/containers/*.log中的容器日志。
二、EFK Stack部署步骤(以DaemonSet为例)
1. 部署Elasticsearch
Elasticsearch需持久化存储(如NFS、云盘),配置资源限制(避免OOM):
# elasticsearch-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
spec:
serviceName: "elasticsearch"
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
ports:
- containerPort: 9200
env:
- name: discovery.type
value: "single-node"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
volumeMounts:
- name: elasticsearch-data
mountPath: /usr/share/elasticsearch/data
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: nfs-client # 替换为实际存储类
resources:
requests:
storage: 10Gi
2. 部署Fluentd(DaemonSet)
Fluentd收集节点上所有容器日志(路径:/var/log/containers/*.log),转发至Elasticsearch:
# fluentd-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
spec:
selector:
matchLabels:
app: fluentd
template:
metadata:
labels:
app: fluentd
spec:
containers:
- name: fluentd
image: fluent/fluentd-kubernetes-daemonset:v1.16-es
env:
- name: FLUENT_ELASTICSEARCH_HOST
value: "elasticsearch.default.svc.cluster.local"
- name: FLUENT_ELASTICSEARCH_PORT
value: "9200"
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
3. 部署Kibana
Kibana连接Elasticsearch,提供可视化界面:
kubectl apply -f https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.16/deploy/kibana/kibana.yaml
访问http://,配置Elasticsearch连接(默认地址:elasticsearch.default.svc.cluster.local:9200)。
三、Loki+Promtail部署步骤(轻量级替代)
1. 部署Loki(StatefulSet)
Loki存储日志,支持S3/OSS等外部存储:
# loki-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki
spec:
serviceName: "loki"
replicas: 1
selector:
matchLabels:
app: loki
template:
metadata:
labels:
app: loki
spec:
containers:
- name: loki
image: grafana/loki:2.9.0
ports:
- containerPort: 3100
args:
- "--config.file=/etc/loki/config.yaml"
volumeMounts:
- name: loki-config
mountPath: /etc/loki
volumeClaimTemplates:
- metadata:
name: loki-storage
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: nfs-client
resources:
requests:
storage: 20Gi
2. 部署Promtail(DaemonSet)
Promtail收集日志并发送至Loki:
# promtail-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail
spec:
selector:
matchLabels:
app: promtail
template:
metadata:
labels:
app: promtail
spec:
containers:
- name: promtail
image: grafana/promtail:2.9.0
args:
- "-config.file=/etc/promtail/config.yaml"
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: promtail-config
mountPath: /etc/promtail
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: promtail-config
configMap:
name: promtail-config
3. 配置Grafana可视化
添加Loki数据源(地址:loki.default.svc.cluster.local:3100),创建Dashboard展示日志(如按命名空间、Pod筛选)。
四、日志轮转与清理
使用logrotate避免日志文件无限增长,配置示例(/etc/logrotate.d/kubernetes):
/var/log/containers/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
copytruncate
sharedscripts
postrotate
/usr/bin/killall -HUP fluentd 2>/dev/null || true
endscript
}
五、日志查看与分析
- kubectl logs:查看指定Pod日志(
kubectl logs),支持-n -f实时跟踪、--tail指定行数。 - Kibana/Grafana:通过可视化界面查询、过滤日志(如Kibana的“Discover”页面,Grafana的“Explore”页面)。
- 第三方工具:如Kubetail(聚合多个Pod日志)、Stern(支持正则匹配Pod名称)。
六、日志管理最佳实践
- 日志分类:按应用类型(如Java、Nginx)、环境(如prod、dev)分类存储,便于快速定位。
- 日志输出优化:应用日志输出到
stdout/stderr(Kubernetes原生采集),避免写入本地文件(减少维护成本)。 - 资源限制:为日志收集器(如Fluentd、Filebeat)设置CPU/内存限制,避免占用过多节点资源。
- 保留策略:根据日志重要性设置保留时间(如业务日志保留7天,审计日志保留30天),降低存储成本。
以上就是关于“centos k8s部署后如何进行日志管理”的相关介绍,筋斗云是国内较早的云主机应用的服务商,拥有10余年行业经验,提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩,主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复;电子化备案,提交快速,专业团队7×24小时服务支持!
简单好用、高性价比云服务器租用链接:https://www.jindouyun.cn/product/cvm