在 GCP 中的 Kubernetes 中收集日志的选项
[英]Option for collecting logs in Kubernetes in GCP
问题描述
A semi related question: Options for getting logs in kubernetes pods
一个半相关的问题: 在 kubernetes pods 中获取日志的选项
I am running a tomcat application in Google Kubernetes Engine and that has output to log files like catalina.log, localhost.log and more.我在 Google Kubernetes Engine 中运行了一个 tomcat 应用程序,它有输出到日志文件,如 catalina.log、localhost.log 等。 As these are not the usual stdout, I have several options and questions regarding the best way of pulling log files to a shared folder / volume in a Kubernetes environment.由于这些不是通常的标准输出,关于将日志文件拉到 Kubernetes 环境中的共享文件夹/卷的最佳方式,我有几个选项和问题。
Option 1:选项1:
Batch job that uses kubectl cp to move the log files to host, but I don't think this is advisable as pods die frequently and crucial log files will be lost.使用 kubectl cp 将日志文件移动到主机的批处理作业,但我认为这是不可取的,因为 pod 经常死亡并且关键的日志文件将丢失。
Option 2:选项 2:
I'm not sure if this is possible as I am still learning how persistent volumes work compared to docker, but is it possible to mount a PVC with the same mountPath as the tomcat/logs folder so that the logs gets written to the PVC directly?我不确定这是否可行,因为与 docker 相比,我仍在学习持久卷的工作原理,但是是否可以使用与 tomcat/logs 文件夹相同的 mountPath 安装 PVC,以便将日志直接写入 PVC ?
In Docker, I used to supply the container run command with a mount-source to specify the volume used for log consolidation:在 Docker 中,我曾经为容器运行命令提供一个 mount-source 来指定用于日志整合的卷:
docker container run -d -it --rm --mount source=logs,target=/opt/tomcat/logs ....
I am wondering if this is possible in the Kubernetes environment, for example, in the deployment or pod manifest file:我想知道这在 Kubernetes 环境中是否可行,例如在部署或 pod 清单文件中:
volumeMounts:
- mountPath: /opt/tomcat/logs/
name: logs
volumes:
- name: logs
persistentVolumeClaim:
claimName: logs
Option 3:选项 3:
I want to avoid complicating my setup for now, but if all options are exhausted, I would be setting up ElasticSearch, Kibana and Filebeat to ship my log files.我想暂时避免使我的设置复杂化,但如果所有选项都用尽了,我将设置 ElasticSearch、Kibana 和 Filebeat 来传送我的日志文件。
1 个解决方案
解决方案1
1 已采纳 2020-03-25 01:13:22
The solution is actually quite simple after I figured out how everything works.在我弄清楚一切是如何工作的之后,解决方案实际上非常简单。 Hopefully this helps someone.希望这有助于某人。 I went ahead for option #2.我继续选择#2。
First define a pvc for my tomcat log files:首先为我的 tomcat 日志文件定义一个 pvc:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tomcat-logs
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
In my deployment.yaml, reference it to the PVC created:在我的 deployment.yaml 中,将其引用到创建的 PVC:
...
volumeMounts:
- mountPath: opt/tomcat/logs
name: tomcat-logs
volumes:
- name: tomcat-logs
persistentVolumeClaim:
claimName: tomcat-logs
...
As noted, the PVC is mounted as root, the container will not be able to write to it if they do not have sufficient privileges.如前所述,PVC 以 root 身份挂载,如果没有足够的权限,容器将无法写入。 For my case, it was my DockerFile that defined my user, and changing it to root resolves it.就我而言,是我的 DockerFile 定义了我的用户,并将其更改为 root 可以解决它。
Edit: If running the DockerFile as root is not viable, you can escalate the privileges in the deployment by adding:编辑:如果以 root 身份运行 DockerFile 不可行,您可以通过添加以下内容来提升部署中的权限:
...
spec:
securityContext:
runAsUser: 0
....
securityContext:
privileged: true
A related question here: Allowing access to a PersistentVolumeClaim to non-root user这里有一个相关的问题: 允许非 root 用户访问 PersistentVolumeClaim
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.