第 7 章 收集并存储 Kubernetes 事件

OpenShift Container Platform 事件路由器是一个 pod,它监视 Kubernetes 事件,并通过集群日志记录记录它们以收集。您必须手动部署 Event Router。

Event Router 从所有项目收集事件,并将其写入 STDOUT。Fluentd 收集这些事件并将其转发到 OpenShift Container Platform Elasticsearch 实例。Elasticsearch 将事件索引到 infra 索引。

重要

事件路由器为 Fluentd 增加额外的负载,并可能会影响其他可以被处理的日志消息数量。

7.1. 部署和配置事件路由器

使用以下步骤将事件路由器部署到集群中。您应该始终将 Event Router 部署到 openshift-logging 项目,以确保其从集群中收集事件。

以下 Template 对象创建事件路由器所需的服务帐户、集群角色和集群角色绑定。模板还会配置和部署 Event Router pod。您可以使用此模板而无需更改,或更改部署对象 CPU 和内存请求。

先决条件

  • 需要适当的权限,以便能创建服务帐户和更新集群角色绑定。例如,您可以使用具有 cluster-admin 角色的用户来运行以下模板。
  • 必须安装集群日志记录。

流程

  1. 为事件路由器创建模板: 

    kind: Template
apiVersion: v1
metadata:
  name: eventrouter-template
  annotations:
    description: "A pod forwarding kubernetes events to cluster logging stack."
    tags: "events,EFK,logging,cluster-logging"
objects:
  - kind: ServiceAccount 1
    apiVersion: v1
    metadata:
      name: eventrouter
      namespace: ${NAMESPACE}
  - kind: ClusterRole 2
    apiVersion: v1
    metadata:
      name: event-reader
    rules:
    - apiGroups: [""]
      resources: ["events"]
      verbs: ["get", "watch", "list"]
  - kind: ClusterRoleBinding  3
    apiVersion: v1
    metadata:
      name: event-reader-binding
    subjects:
    - kind: ServiceAccount
      name: eventrouter
      namespace: ${NAMESPACE}
    roleRef:
      kind: ClusterRole
      name: event-reader
  - kind: ConfigMap 4
    apiVersion: v1
    metadata:
      name: eventrouter
      namespace: ${NAMESPACE}
    data:
      config.json: |-
        {
          "sink": "stdout"
        }
  - kind: Deployment 5
    apiVersion: apps/v1
    metadata:
      name: eventrouter
      namespace: ${NAMESPACE}
      labels:
        component: "eventrouter"
        logging-infra: "eventrouter"
        provider: "openshift"
    spec:
      selector:
        matchLabels:
          component: "eventrouter"
          logging-infra: "eventrouter"
          provider: "openshift"
      replicas: 1
      template:
        metadata:
          labels:
            component: "eventrouter"
            logging-infra: "eventrouter"
            provider: "openshift"
          name: eventrouter
        spec:
          serviceAccount: eventrouter
          containers:
            - name: kube-eventrouter
              image: ${IMAGE}
              imagePullPolicy: IfNotPresent
              resources:
                requests:
                  cpu: ${CPU}
                  memory: ${MEMORY}
              volumeMounts:
              - name: config-volume
                mountPath: /etc/eventrouter
          volumes:
            - name: config-volume
              configMap:
                name: eventrouter
parameters:
  - name: IMAGE
    displayName: Image
    value: "registry.redhat.io/openshift4/ose-logging-eventrouter:latest"
  - name: CPU  6
    displayName: CPU
    value: "100m"
  - name: MEMORY 7
    displayName: Memory
    value: "128Mi"
  - name: NAMESPACE
    displayName: Namespace
    value: "openshift-logging" 8
    1
    openshift-logging 项目中为事件路由器创建一个服务帐户。
    2
    创建用于监控集群中事件的 ClusterRole。
    3
    创建一个 ClusterRoleBinding 将 ClusterRole 绑定到服务帐户。
    4
    openshift-logging 项目中创建一个配置映射来生成所需的 config.json 文件。
    5
    openshift-logging 项目中创建一个部署,以生成并配置 Event Router pod。
    6
    指定分配给事件路由器 pod 的最小内存量。默认值为128Mi
    7
    指定分配给事件路由器 pod 的最小 CPU 量。默认值为100m
    8
    指定要在其中安装对象的 openshift-logging 项目。

  2. 使用以下命令来处理和应用模板: 

    $ oc process -f <templatefile> | oc apply -n openshift-logging -f -

    例如: 

    $ oc process -f eventrouter.yaml | oc apply -n openshift-logging -f -

    输出示例

    serviceaccount/logging-eventrouter created
clusterrole.authorization.openshift.io/event-reader created
clusterrolebinding.authorization.openshift.io/event-reader-binding created
configmap/logging-eventrouter created
deployment.apps/logging-eventrouter created

  3. 验证 openshift-logging 项目中安装的 Event Router:

    1. 查看新的事件路由器 Pod: 

      $ oc get pods --selector  component=eventrouter -o name -n openshift-logging

      输出示例

      pod/cluster-logging-eventrouter-d649f97c8-qvv8r

    2. 查看事件路由器收集的事件: 

      $ oc logs <cluster_logging_eventrouter_pod> -n openshift-logging

      例如: 

      $ oc logs cluster-logging-eventrouter-d649f97c8-qvv8r -n openshift-logging

      输出示例

      {"verb":"ADDED","event":{"metadata":{"name":"openshift-service-catalog-controller-manager-remover.1632d931e88fcd8f","namespace":"openshift-service-catalog-removed","selfLink":"/api/v1/namespaces/openshift-service-catalog-removed/events/openshift-service-catalog-controller-manager-remover.1632d931e88fcd8f","uid":"787d7b26-3d2f-4017-b0b0-420db4ae62c0","resourceVersion":"21399","creationTimestamp":"2020-09-08T15:40:26Z"},"involvedObject":{"kind":"Job","namespace":"openshift-service-catalog-removed","name":"openshift-service-catalog-controller-manager-remover","uid":"fac9f479-4ad5-4a57-8adc-cb25d3d9cf8f","apiVersion":"batch/v1","resourceVersion":"21280"},"reason":"Completed","message":"Job completed","source":{"component":"job-controller"},"firstTimestamp":"2020-09-08T15:40:26Z","lastTimestamp":"2020-09-08T15:40:26Z","count":1,"type":"Normal"}}

      您还可以使用 Elasticsearch infra index 创建索引模式来使用 Kibana 来查看事件。