9.6. 收集并存储 Kubernetes 事件

OpenShift Container Platform 事件路由器是一个 pod,它监视 Kubernetes 事件,并通过 logging 记录它们以收集。您必须手动部署 Event Router。

Event Router 从所有项目收集事件,并将其写入 STDOUT。然后,收集器将这些事件转发到 ClusterLogForwarder 自定义资源(CR)中定义的存储。

重要

事件路由器为 Fluentd 增加额外的负载,并可能会影响其他可以被处理的日志消息数量。

9.6.1. 部署和配置事件路由器

使用以下步骤将事件路由器部署到集群中。您应该始终将 Event Router 部署到 openshift-logging 项目,以确保其从集群中收集事件。

注意

Event Router 镜像不是 Red Hat OpenShift Logging Operator 的一部分,必须单独下载。

以下 Template 对象创建事件路由器所需的服务帐户、集群角色和集群角色绑定。模板还会配置和部署 Event Router pod。您可以使用此模板而无需更改或编辑模板来更改部署对象 CPU 和内存请求。

先决条件

  • 需要适当的权限,以便能创建服务帐户和更新集群角色绑定。例如,您可以使用具有 cluster-admin 角色的用户来运行以下模板。
  • 必须安装 Red Hat OpenShift Logging Operator。

流程

  1. 为事件路由器创建模板:

    apiVersion: template.openshift.io/v1
    kind: Template
    metadata:
      name: eventrouter-template
      annotations:
        description: "A pod forwarding kubernetes events to OpenShift Logging stack."
        tags: "events,EFK,logging,cluster-logging"
    objects:
      - kind: ServiceAccount 1
        apiVersion: v1
        metadata:
          name: eventrouter
          namespace: ${NAMESPACE}
      - kind: ClusterRole 2
        apiVersion: rbac.authorization.k8s.io/v1
        metadata:
          name: event-reader
        rules:
        - apiGroups: [""]
          resources: ["events"]
          verbs: ["get", "watch", "list"]
      - kind: ClusterRoleBinding 3
        apiVersion: rbac.authorization.k8s.io/v1
        metadata:
          name: event-reader-binding
        subjects:
        - kind: ServiceAccount
          name: eventrouter
          namespace: ${NAMESPACE}
        roleRef:
          kind: ClusterRole
          name: event-reader
      - kind: ConfigMap 4
        apiVersion: v1
        metadata:
          name: eventrouter
          namespace: ${NAMESPACE}
        data:
          config.json: |-
            {
              "sink": "stdout"
            }
      - kind: Deployment 5
        apiVersion: apps/v1
        metadata:
          name: eventrouter
          namespace: ${NAMESPACE}
          labels:
            component: "eventrouter"
            logging-infra: "eventrouter"
            provider: "openshift"
        spec:
          selector:
            matchLabels:
              component: "eventrouter"
              logging-infra: "eventrouter"
              provider: "openshift"
          replicas: 1
          template:
            metadata:
              labels:
                component: "eventrouter"
                logging-infra: "eventrouter"
                provider: "openshift"
              name: eventrouter
            spec:
              serviceAccount: eventrouter
              containers:
                - name: kube-eventrouter
                  image: ${IMAGE}
                  imagePullPolicy: IfNotPresent
                  resources:
                    requests:
                      cpu: ${CPU}
                      memory: ${MEMORY}
                  volumeMounts:
                  - name: config-volume
                    mountPath: /etc/eventrouter
                  securityContext:
                    allowPrivilegeEscalation: false
                    capabilities:
                      drop: ["ALL"]
              securityContext:
                runAsNonRoot: true
                seccompProfile:
                  type: RuntimeDefault
              volumes:
              - name: config-volume
                configMap:
                  name: eventrouter
    parameters:
      - name: IMAGE 6
        displayName: Image
        value: "registry.redhat.io/openshift-logging/eventrouter-rhel8:v0.4"
      - name: CPU 7
        displayName: CPU
        value: "100m"
      - name: MEMORY 8
        displayName: Memory
        value: "128Mi"
      - name: NAMESPACE
        displayName: Namespace
        value: "openshift-logging" 9
    1
    openshift-logging 项目中为事件路由器创建一个服务帐户。
    2
    创建用于监控集群中事件的 ClusterRole。
    3
    创建一个 ClusterRoleBinding 将 ClusterRole 绑定到服务帐户。
    4
    openshift-logging 项目中创建一个配置映射来生成所需的 config.json 文件。
    5
    openshift-logging 项目中创建一个部署,以生成并配置 Event Router pod。
    6
    指定镜像,由标签标识,如 v0.4
    7
    指定分配给事件路由器 pod 的最小 CPU 量。默认值为100m
    8
    指定分配给事件路由器 pod 的最小内存量。默认值为128Mi
    9
    指定要在其中安装对象的 openshift-logging 项目。
  2. 使用以下命令来处理和应用模板:

    $ oc process -f <templatefile> | oc apply -n openshift-logging -f -

    例如:

    $ oc process -f eventrouter.yaml | oc apply -n openshift-logging -f -

    输出示例

    serviceaccount/eventrouter created
    clusterrole.rbac.authorization.k8s.io/event-reader created
    clusterrolebinding.rbac.authorization.k8s.io/event-reader-binding created
    configmap/eventrouter created
    deployment.apps/eventrouter created

  3. 验证 openshift-logging 项目中安装的 Event Router:

    1. 查看新的事件路由器 Pod:

      $ oc get pods --selector  component=eventrouter -o name -n openshift-logging

      输出示例

      pod/cluster-logging-eventrouter-d649f97c8-qvv8r

    2. 查看事件路由器收集的事件:

      $ oc logs <cluster_logging_eventrouter_pod> -n openshift-logging

      例如:

      $ oc logs cluster-logging-eventrouter-d649f97c8-qvv8r -n openshift-logging

      输出示例

      {"verb":"ADDED","event":{"metadata":{"name":"openshift-service-catalog-controller-manager-remover.1632d931e88fcd8f","namespace":"openshift-service-catalog-removed","selfLink":"/api/v1/namespaces/openshift-service-catalog-removed/events/openshift-service-catalog-controller-manager-remover.1632d931e88fcd8f","uid":"787d7b26-3d2f-4017-b0b0-420db4ae62c0","resourceVersion":"21399","creationTimestamp":"2020-09-08T15:40:26Z"},"involvedObject":{"kind":"Job","namespace":"openshift-service-catalog-removed","name":"openshift-service-catalog-controller-manager-remover","uid":"fac9f479-4ad5-4a57-8adc-cb25d3d9cf8f","apiVersion":"batch/v1","resourceVersion":"21280"},"reason":"Completed","message":"Job completed","source":{"component":"job-controller"},"firstTimestamp":"2020-09-08T15:40:26Z","lastTimestamp":"2020-09-08T15:40:26Z","count":1,"type":"Normal"}}

      您还可以使用 Elasticsearch infra index 创建索引模式来使用 Kibana 来查看事件。