194 lines
8.8 KiB
Markdown
194 lines
8.8 KiB
Markdown
---
|
||
reviewers:
|
||
- piosz
|
||
- x13n
|
||
content_template: templates/concept
|
||
title: 使用 ElasticSearch 和 Kibana 进行日志管理
|
||
---
|
||
|
||
<!--
|
||
---
|
||
reviewers:
|
||
- piosz
|
||
- x13n
|
||
content_template: templates/concept
|
||
title: Logging Using Elasticsearch and Kibana
|
||
---
|
||
-->
|
||
|
||
{{% capture overview %}}
|
||
|
||
<!--
|
||
On the Google Compute Engine (GCE) platform, the default logging support targets
|
||
[Stackdriver Logging](https://cloud.google.com/logging/), which is described in detail
|
||
in the [Logging With Stackdriver Logging](/docs/user-guide/logging/stackdriver).
|
||
-->
|
||
|
||
在 Google Compute Engine (GCE) 平台上,默认的日志管理支持目标是 [Stackdriver Logging](https://cloud.google.com/logging/),在 [使用 Stackdriver Logging 管理日志](/docs/user-guide/logging/stackdriver)中详细描述了这一点。
|
||
|
||
<!--
|
||
This article describes how to set up a cluster to ingest logs into
|
||
[Elasticsearch](https://www.elastic.co/products/elasticsearch) and view
|
||
them using [Kibana](https://www.elastic.co/products/kibana), as an alternative to
|
||
Stackdriver Logging when running on GCE.
|
||
-->
|
||
|
||
本文介绍了如何设置一个集群,将日志导入[Elasticsearch](https://www.elastic.co/products/elasticsearch),并使用 [Kibana](https://www.elastic.co/products/kibana) 查看日志,作为在 GCE 上运行应用时使用 Stackdriver Logging 管理日志的替代方案。
|
||
|
||
{{< note >}}
|
||
<!--
|
||
You cannot automatically deploy Elasticsearch and Kibana in the Kubernetes cluster hosted on Google Kubernetes Engine. You have to deploy them manually.
|
||
-->
|
||
您不能在 Google Kubernetes Engine 平台运行的 Kubernetes 集群上自动的部署 Elasticsearch 和 Kibana。您必须手动部署它们。
|
||
{{< /note >}}
|
||
|
||
{{% /capture %}}
|
||
|
||
{{% capture body %}}
|
||
|
||
<!--
|
||
To use Elasticsearch and Kibana for cluster logging, you should set the
|
||
following environment variable as shown below when creating your cluster with
|
||
kube-up.sh:
|
||
-->
|
||
|
||
要使用 Elasticsearch 和 Kibana 处理集群日志,您应该在使用 kube-up.sh 脚本创建集群时设置下面所示的环境变量:
|
||
|
||
```shell
|
||
KUBE_LOGGING_DESTINATION=elasticsearch
|
||
```
|
||
|
||
<!--
|
||
You should also ensure that `KUBE_ENABLE_NODE_LOGGING=true` (which is the default for the GCE platform).
|
||
-->
|
||
|
||
您还应该确保设置了 `KUBE_ENABLE_NODE_LOGGING=true` (这是 GCE 平台的默认设置)。
|
||
|
||
<!--
|
||
Now, when you create a cluster, a message will indicate that the Fluentd log
|
||
collection daemons that run on each node will target Elasticsearch:
|
||
-->
|
||
|
||
现在,当您创建集群时,将有一条消息将指示每个节点上运行的 Fluentd 日志收集守护进程以 ElasticSearch 为日志输出目标:
|
||
|
||
```shell
|
||
$ cluster/kube-up.sh
|
||
...
|
||
Project: kubernetes-satnam
|
||
Zone: us-central1-b
|
||
... calling kube-up
|
||
Project: kubernetes-satnam
|
||
Zone: us-central1-b
|
||
+++ Staging server tars to Google Storage: gs://kubernetes-staging-e6d0e81793/devel
|
||
+++ kubernetes-server-linux-amd64.tar.gz uploaded (sha1 = 6987c098277871b6d69623141276924ab687f89d)
|
||
+++ kubernetes-salt.tar.gz uploaded (sha1 = bdfc83ed6b60fa9e3bff9004b542cfc643464cd0)
|
||
Looking for already existing resources
|
||
Starting master and configuring firewalls
|
||
Created [https://www.googleapis.com/compute/v1/projects/kubernetes-satnam/zones/us-central1-b/disks/kubernetes-master-pd].
|
||
NAME ZONE SIZE_GB TYPE STATUS
|
||
kubernetes-master-pd us-central1-b 20 pd-ssd READY
|
||
Created [https://www.googleapis.com/compute/v1/projects/kubernetes-satnam/regions/us-central1/addresses/kubernetes-master-ip].
|
||
+++ Logging using Fluentd to elasticsearch
|
||
```
|
||
|
||
<!--
|
||
The per-node Fluentd pods, the Elasticsearch pods, and the Kibana pods should
|
||
all be running in the kube-system namespace soon after the cluster comes to
|
||
life.
|
||
-->
|
||
|
||
每个节点的 Fluentd pod、Elasticsearch pod 和 Kibana pod 都应该在集群启动后不久运行在 kube-system 命名空间中。
|
||
|
||
```shell
|
||
$ kubectl get pods --namespace=kube-system
|
||
NAME READY STATUS RESTARTS AGE
|
||
elasticsearch-logging-v1-78nog 1/1 Running 0 2h
|
||
elasticsearch-logging-v1-nj2nb 1/1 Running 0 2h
|
||
fluentd-elasticsearch-kubernetes-node-5oq0 1/1 Running 0 2h
|
||
fluentd-elasticsearch-kubernetes-node-6896 1/1 Running 0 2h
|
||
fluentd-elasticsearch-kubernetes-node-l1ds 1/1 Running 0 2h
|
||
fluentd-elasticsearch-kubernetes-node-lz9j 1/1 Running 0 2h
|
||
kibana-logging-v1-bhpo8 1/1 Running 0 2h
|
||
kube-dns-v3-7r1l9 3/3 Running 0 2h
|
||
monitoring-heapster-v4-yl332 1/1 Running 1 2h
|
||
monitoring-influx-grafana-v1-o79xf 2/2 Running 0 2h
|
||
```
|
||
|
||
<!--
|
||
The `fluentd-elasticsearch` pods gather logs from each node and send them to
|
||
the `elasticsearch-logging` pods, which are part of a
|
||
[service](/docs/concepts/services-networking/service/) named `elasticsearch-logging`. These
|
||
Elasticsearch pods store the logs and expose them via a REST API.
|
||
The `kibana-logging` pod provides a web UI for reading the logs stored in
|
||
Elasticsearch, and is part of a service named `kibana-logging`.
|
||
-->
|
||
|
||
`fluentd-elasticsearch` pod 从每个节点收集日志并将其发送到 `elasticsearch-logging` pods,该 pod 是名为 `elasticsearch-logging` 的[服务](/docs/concepts/services-networking/service/)的一部分。
|
||
这些 ElasticSearch pod 存储日志,并通过 REST API 将其公开。
|
||
`kibana-logging` pod 提供了一个用于读取 ElasticSearch 中存储的日志的 Web UI,它是名为 `kibana-logging` 的服务的一部分。
|
||
|
||
<!--
|
||
The Elasticsearch and Kibana services are both in the `kube-system` namespace
|
||
and are not directly exposed via a publicly reachable IP address. To reach them,
|
||
follow the instructions for [Accessing services running in a cluster](/docs/concepts/cluster-administration/access-cluster/#accessing-services-running-on-the-cluster).
|
||
-->
|
||
|
||
Elasticsearch 和 Kibana 服务都位于 `kube-system` 命名空间中,并且没有通过可公开访问的 IP 地址直接暴露。
|
||
要访问它们,请参照[访问集群中运行的服务](/docs/concepts/cluster-administration/access-cluster/#accessing-services-running-on-the-cluster)的说明进行操作。
|
||
|
||
<!--
|
||
If you try accessing the `elasticsearch-logging` service in your browser, you'll
|
||
see a status page that looks something like this:
|
||
-->
|
||
|
||
如果你想在浏览器中访问 `elasticsearch-logging` 服务,你将看到类似下面的状态页面:
|
||
|
||
|
||
|
||
<!--
|
||
You can now type Elasticsearch queries directly into the browser, if you'd
|
||
like. See [Elasticsearch's documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html)
|
||
for more details on how to do so.
|
||
-->
|
||
|
||
现在你可以直接在浏览器中输入 Elasticsearch 查询,如果你愿意的话。
|
||
请参考 [Elasticsearch 的文档](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-uri-request.html) 以了解这样做的更多细节。
|
||
|
||
<!--
|
||
Alternatively, you can view your cluster's logs using Kibana (again using the
|
||
[instructions for accessing a service running in the cluster](/docs/user-guide/accessing-the-cluster/#accessing-services-running-on-the-cluster)).
|
||
The first time you visit the Kibana URL you will be presented with a page that
|
||
asks you to configure your view of the ingested logs. Select the option for
|
||
timeseries values and select `@timestamp`. On the following page select the
|
||
`Discover` tab and then you should be able to see the ingested logs.
|
||
You can set the refresh interval to 5 seconds to have the logs
|
||
regularly refreshed.
|
||
-->
|
||
|
||
或者,您可以使用 Kibana 查看集群的日志(再次使用[访问集群中运行的服务的说明](/docs/user-guide/accessing-the-cluster/#accessing-services-running-on-the-cluster))。
|
||
第一次访问 Kibana URL 时,将显示一个页面,要求您配置所接收日志的视图。
|
||
选择时间序列值的选项,然后选择 `@timestamp`。
|
||
在下面的页面中选择 `Discover` 选项卡,然后您应该能够看到所摄取的日志。
|
||
您可以将刷新间隔设置为 5 秒,以便定期刷新日志。
|
||
|
||
<!--
|
||
Here is a typical view of ingested logs from the Kibana viewer:
|
||
-->
|
||
|
||
以下是从 Kibana 查看器中摄取日志的典型视图:
|
||
|
||
|
||
|
||
{{% /capture %}}
|
||
|
||
{{% capture whatsnext %}}
|
||
|
||
<!--
|
||
Kibana opens up all sorts of powerful options for exploring your logs! For some
|
||
ideas on how to dig into it, check out [Kibana's documentation](https://www.elastic.co/guide/en/kibana/current/discover.html).
|
||
-->
|
||
|
||
Kibana 为浏览您的日志提供了各种强大的选项!有关如何深入研究它的一些想法,请查看 [Kibana 的文档](https://www.elastic.co/guide/en/kibana/current/discover.html)。
|
||
|
||
{{% /capture %}}
|