#### 工作流程 ```sh 1. helm安装微服务配置filebeat sidercar容器 2. 微服务pod运行的包含一个业务容器和filebeat sidercar容器 3. filebeat会读取业务容器的日志，把日志推送到elasticsearch集群 ``` ##### 1.helm安装微服务配置filebeat sidercar容器 deployment.yaml ```yaml ... containers: - name: {{ .Values.image2.name }} #filebeat容器 image: "{{ .Values.image2.repository }}:{{ .Values.image2.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - "/bin/sh" args: - "-c" - "filebeat -c /etc/filebeat/filebeat.yml" volumeMounts: - name: app-logs mountPath: /log - name: filebeat-{{.Release.Name}}-config mountPath: /etc/filebeat/ - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: app-logs mountPath: /serverlog ports: - name: http containerPort: {{ .Values.service.targetPort | default 80 }} protocol: TCP livenessProbe: httpGet: path: /actuator/health/liveness port: {{ .Values.service.targetPort | default 80 }} initialDelaySeconds: 20 failureThreshold: 15 timeoutSeconds: 10 periodSeconds: 5 readinessProbe: httpGet: path: /actuator/health/readiness port: {{ .Values.service.targetPort | default 80 }} initialDelaySeconds: 20 failureThreshold: 15 timeoutSeconds: 10 periodSeconds: 5 resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: app-logs emptyDir: {} - name: filebeat-{{.Release.Name}}-config configMap: name: filebeat-{{.Release.Name}}-config #filebat的配置文件 ... ``` configmap.yaml ```yml apiVersion: v1 kind: ConfigMap metadata: name: filebeat-{{.Release.Name}}-config data: filebeat.yml: | filebeat.inputs: - type: log enabled: true paths: - "/log/*/log_info.log" #日志路径 - "/log/*/*/log_info.log" - "/log/*/*/*/log_info.log" tags: ["{{ .Release.Name }}"] multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}' multiline.negate: true multiline.match: after exclude_lines: ['.*com.alibaba.nacos.naming.client.listener.*'] output.elasticsearch: #配置日志输出到elasticsearch hosts: ["xxxxx.elasticsearch.com"] username: "elastic" password: "xxxxx" index: "{{ .Release.Name }}-%{+yyyy.MM.dd}" setup.ilm.enabled: false setup.template.name: "{{ .Release.Name }}" setup.template.pattern: "{{ .Release.Name }}-*" ``` values.yaml ```yaml image2: name: filebeat repository: shudoon-k8s-registry-test-registry-vpc.cn-shenzhen.cr.aliyuncs.com/shudoon/filebeat pullPolicy: IfNotPresent imagePullPolicy: Always tag: "7.4.2" ``` ##### 2.微服务pod运行的包含一个业务容器和filebeat sidercar容器 ```sh $ kubectl describe pod shudoon-data-service-springboot-demo-74d7d7d656-9fb7w Name: shudoon-data-service-springboot-demo-74d7d7d656-9fb7w Namespace: default Priority: 0 Node: k8s-master1/172.16.100.100 Start Time: Tue, 28 Sep 2021 12:14:17 +0800 Labels: app.kubernetes.io/instance=shudoon-data-service app.kubernetes.io/name=springboot-demo pod-template-hash=74d7d7d656 Annotations: <none> Status: Running IP: 10.244.0.136 IPs: IP: 10.244.0.136 Controlled By: ReplicaSet/shudoon-data-service-springboot-demo-74d7d7d656 Init Containers: skywalking-agent-sidecar: Container ID: docker://c4254f70dfe4d8f75b8f163ef4731c7a5a7f3e9299ccf509fb6eb4c334a762b1 Image: harbor.example.com/shudoon/skywalking-agent-sidecar:8.7.0-fixbug-1 Image ID: docker-pullable://harbor.example.com/shudoon/skywalking-agent-sidecar@sha256:b39e3d2174eac4a1e50a6d1c08c7f4e882601856c8741604e02740f95a57862d Port: <none> Host Port: <none> Command: sh Args: -c mkdir -p /skywalking/agent && cp -r /usr/skywalking/agent/* /skywalking/agent State: Terminated Reason: Completed Exit Code: 0 Started: Tue, 28 Sep 2021 12:14:18 +0800 Finished: Tue, 28 Sep 2021 12:14:18 +0800 Ready: True Restart Count: 0 Environment: <none> Mounts: /skywalking/agent from sw-agent (rw) /var/run/secrets/kubernetes.io/serviceaccount from shudoon-data-service-springboot-demo-token-8zfkb (ro) Containers: filebeat: Container ID: docker://17de1c185b0c943e883ec1225d1da78103a6456b2edbe3c2fee03661aa350b36 Image: harbor.example.com/shudoon/filebeat:7.4.2 Image ID: docker-pullable://harbor.example.com/shudoon/filebeat@sha256:d223bd603c1e2b6cfde0123d0f89a48bcd9feac29a788653f9873728d05a3b12 Port: <none> Host Port: <none> Command: /bin/sh Args: -c filebeat -c /etc/filebeat/filebeat.yml State: Running Started: Tue, 28 Sep 2021 12:14:19 +0800 Ready: True Restart Count: 0 Environment: <none> Mounts: /etc/filebeat/ from filebeat-shudoon-data-service-config (rw) /log from app-logs (rw) /var/run/secrets/kubernetes.io/serviceaccount from shudoon-data-service-springboot-demo-token-8zfkb (ro) springboot-demo: Container ID: docker://29e9068d215e0257302f116b826c25bea69d4c0c8f2ea5bd94928d85ae4929b1 Image: harbor.example.com/shudoon/shudoon-data-service:master-bb01f0f-2 Image ID: docker-pullable://harbor.example.com/shudoon/shudoon-data-service@sha256:efb4b305cc40a3787984ef028678d6cb2ed6c15a1dae1dec410e63f9acf8213f Port: 18004/TCP Host Port: 0/TCP State: Running Started: Tue, 28 Sep 2021 12:16:27 +0800 Last State: Terminated Reason: Error Exit Code: 137 Started: Tue, 28 Sep 2021 12:14:26 +0800 Finished: Tue, 28 Sep 2021 12:16:27 +0800 Ready: True Restart Count: 1 Limits: cpu: 1 memory: 2Gi Requests: cpu: 100m memory: 256Mi Liveness: http-get http://:18004/actuator/health/liveness delay=20s timeout=10s period=5s #success=1 #failure=15 Readiness: http-get http://:18004/actuator/health/readiness delay=20s timeout=10s period=5s #success=1 #failure=15 Environment: JAVA_TOOL_OPTIONS: -javaagent:/usr/skywalking/agent/skywalking-agent.jar SW_AGENT_NAME: shudoon-data-service SW_AGENT_COLLECTOR_BACKEND_SERVICES: skywalking-oap:11800 Mounts: /serverlog from app-logs (rw) /usr/skywalking/agent from sw-agent (rw) /var/run/secrets/kubernetes.io/serviceaccount from shudoon-data-service-springboot-demo-token-8zfkb (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: app-logs: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> sw-agent: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> filebeat-shudoon-data-service-config: Type: ConfigMap (a volume populated by a ConfigMap) Name: filebeat-shudoon-data-service-config Optional: false shudoon-data-service-springboot-demo-token-8zfkb: Type: Secret (a volume populated by a Secret) SecretName: shudoon-data-service-springboot-demo-token-8zfkb Optional: false QoS Class: Burstable Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: <none> ``` 3.filebeat会读取业务容器的日志，把日志推送到elasticsearch集群 ```yaml filebeat.yml: | filebeat.inputs: - type: log enabled: true paths: - "/log/*/log_info.log" #日志路径 - "/log/*/*/log_info.log" - "/log/*/*/*/log_info.log" tags: ["{{ .Release.Name }}"] multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}' multiline.negate: true multiline.match: after exclude_lines: ['.*com.alibaba.nacos.naming.client.listener.*'] output.elasticsearch: #配置日志输出到elasticsearch hosts: ["xxxxx.elasticsearch.com"] username: "elastic" password: "xxxxx" index: "{{ .Release.Name }}-%{+yyyy.MM.dd}" setup.ilm.enabled: false setup.template.name: "{{ .Release.Name }}" setup.template.pattern: "{{ .Release.Name }}-*" ```