AWS运维部署实践--EKS集群事件采集
文章发布较早,内容可能过时,阅读注意甄别。
默认情况下,k8s 集群的事件会保留一个小时,当你在遇到容器异常重启,想要追溯更早的事件时,会发现已经看不到了,因此集群事件的导出并采集也是集群管理的一个基本事项。
在开源社区也有一些项目集成了这个能力,本文介绍其中一种。
项目地址: kubernetes-event-exporter (opens new window)
将事件输出到标准输出以便于观察与调试:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: event-exporter
namespace: monitor
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: event-exporter
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-exporter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: event-exporter
subjects:
- kind: ServiceAccount
name: event-exporter
namespace: monitor
---
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-config
namespace: monitor
data:
config.yaml: |
logLevel: debug
logFormat: json
clusterName: "aws3-sgp-eks-cluster"
route:
routes:
- match:
- receiver: "stdout"
receivers:
- name: "stdout"
stdout: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: event-exporter
namespace: monitor
spec:
replicas: 1
selector:
matchLabels:
app: event-exporter
template:
metadata:
labels:
app: event-exporter
spec:
serviceAccountName: event-exporter
containers:
- name: event-exporter
image: registry.cn-hangzhou.aliyuncs.com/opsre/kubernetes-event-exporter
args:
- "-conf=/config/config.yaml"
volumeMounts:
- name: config-volume
mountPath: /config
volumes:
- name: config-volume
configMap:
name: event-exporter-config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
同时也支持将日志导出到 kafka,只需要替换其中的 configmap 即可:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-config
namespace: monitor
data:
config.yaml: |
logLevel: warn
logFormat: json
clusterName: aws3-sgp-eks-cluster
route:
routes:
- match:
- receiver: "kafka"
receivers:
- name: "kafka"
kafka:
clientId: "aws3-sgp-eks-cluster"
topic: "eks_event_log"
brokers:
- "10.0.0.1:9092"
compressionCodec: "snappy"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
同时该工具还支持对事件内容的预处理,比如你可能只关心如下几个字段:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: event-exporter-config
namespace: monitor
data:
config.yaml: |
logLevel: warn
logFormat: json
clusterName: aws3-sgp-eks-cluster
route:
routes:
- match:
- receiver: "kafka"
receivers:
- name: "kafka"
kafka:
clientId: "aws3-sgp-eks-cluster"
topic: "eks_event_log"
brokers:
- "10.0.0.1:9092"
compressionCodec: "snappy"
layout: #optional
kind: "{{ .InvolvedObject.Kind }}"
namespace: "{{ .InvolvedObject.Namespace }}"
name: "{{ .InvolvedObject.Name }}"
reason: "{{ .Reason }}"
message: "{{ .Message }}"
type: "{{ .Type }}"
createdAt: "{{ .GetTimestampISO8601 }}"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
这样输出的内容就只会有这几个字段,如果你还需要其他字段,可根据 stdout 调试的输出自行配置。
上次更新: 2025/01/29, 19:08:54
|