hostpath日志

yamls/filebeat-file.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: filebeat-config
+  namespace: kube-system
+  labels:
+    k8s-app: filebeat
+data:
+  # java日志以日期开头，node日志以[日期开头
+  filebeat.yml: |-
+    filebeat.inputs:
+    - type: log
+      paths:
+        - /var/log/containers2/*/*/*/*.log
+      multiline.pattern: '^\[?[0-9]{4}-[0-9]{2}-[0-9]{2}'
+      multiline.negate: true
+      multiline.match: after
+      ignore_older: 5m
+      close_inactive: 1m
+      clean_removed: true
+      processors:
+        - script:
+            lang: javascript
+            id: k8s_metadata
+            source: >
+              function process(event) {
+                event.Tag("js");
+                var path = event.Get('log.file.path');
+                path = path.split('/');
+                event.Put('k8s.namespace', path[4]);
+                event.Put('k8s.svcname', path[5]);
+                event.Put('k8s.podname', path[6]);
+              }
+
+    output.kafka:
+      hosts: ['172.20.1.135:9092', '172.20.1.145:9092', '172.20.1.185:9092']
+      topic: 'test-docker-tencent-qak8s'
+      required_acks: 1
+      compression: gzip
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: filebeat
+  namespace: kube-system
+  labels:
+    k8s-app: filebeat
+spec:
+  template:
+    metadata:
+      labels:
+        k8s-app: filebeat
+    spec:
+      serviceAccountName: filebeat
+      terminationGracePeriodSeconds: 30
+      imagePullSecrets:
+        - name: qcloudregistrykey
+        - name: tencenthubkey
+      containers:
+      - name: filebeat
+        image: docker.elastic.co/beats/filebeat:7.2.1
+        args: [
+          "-c", "/etc/filebeat.yml",
+          "-e",
+        ]
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        securityContext:
+          runAsUser: 0
+          # If using Red Hat OpenShift uncomment this:
+          #privileged: true
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+        - name: config
+          mountPath: /etc/filebeat.yml
+          readOnly: true
+          subPath: filebeat.yml
+        - name: data
+          mountPath: /usr/share/filebeat/data
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+        - name: varlog
+          mountPath: /var/log
+          readOnly: true
+      volumes:
+      - name: config
+        configMap:
+          defaultMode: 0600
+          name: filebeat-config
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
+      - name: varlog
+        hostPath:
+          path: /var/log
+      # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
+      - name: data
+        hostPath:
+          path: /var/lib/filebeat-data
+          type: DirectoryOrCreate
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: filebeat
+subjects:
+- kind: ServiceAccount
+  name: filebeat
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: filebeat
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: filebeat
+  labels:
+    k8s-app: filebeat
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources:
+  - namespaces
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: filebeat
+  namespace: kube-system
+  labels:
+    k8s-app: filebeat
+---
\ No newline at end of file

yamls/ui.node.yaml

@@ -73,7 +73,7 @@ spec:
       volumes:
         - name: filelog
           hostPath:
-            path: /var/log/containers2
+            path: /var/log/containers2/{{namespace}}/{{serviceName}}
       restartPolicy: Always
       dnsPolicy: ClusterFirst
       imagePullSecrets: