Logging

kubectl apply -f ns.yaml
Shell
복사

eksctl create iamserviceaccount \
    --name fluentd \
    --region=ap-northeast-2 \
    --cluster wsi-eks-cluster \
    --namespace=fluentd \
    --attach-policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess \
    --override-existing-serviceaccounts \
    --approve 
Shell
복사

kubectl create configmap cluster-info \
    --from-literal=cluster.name=wsi-eks-cluster \
    --from-literal=logs.region=ap-northeast-2 -n fluentd
Shell
복사

curl -o permissions.json https://raw.githubusercontent.com/aws-samples/amazon-eks-fluent-logging-examples/mainline/examples/fargate/cloudwatchlogs/permissions.json
Shell
복사

EKS_CLUISTER_NAME="wsi-eks-cluster"
REGION_CODE=$(aws configure get default.region --output text)
FARGATE_POLICY_ARN=$(aws --region "$REGION_CODE" --query Policy.Arn --output text iam create-policy --policy-name fargate-policy --policy-document file://permissions.json)
FARGATE_ROLE_NAME=$(aws iam list-roles --query "Roles[?contains(RoleName, 'eksctl-wsi-eks-cluster-clus-FargatePodExecutionRole')].RoleName" --output text)
NODE_GROUP=$(aws iam get-role --role-name $FARGATE_ROLE_NAME --query "Role.RoleName" --output text)
Shell
복사

aws iam attach-role-policy --policy-arn $FARGATE_POLICY_ARN --role-name $NODE_GROUP
Shell
복사

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fluentd-role
rules:
  - apiGroups: [""]
    resources:
      - namespaces
      - pods
      - pods/logs
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fluentd-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fluentd-role
subjects:
  - kind: ServiceAccount
    name: fluentd
    namespace: fluentd
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluentd-config
  namespace: fluentd
  labels:
    k8s-app: fluentd-cloudwatch
data:
  kubernetes.conf: |
    kubernetes.conf
  fluent.conf: |
    @include customer.conf
    @include product.conf
    @include order.conf
    <match fluent.**>
      @type null
    </match>
  customer.conf: |
    <source>
      @type forward
      bind 0.0.0.0
      port 24224
      tag cloudwatch_logs.fluent-bit-a.access
    </source>
    <match cloudwatch_logs.fluent-bit-a.*>
      @type cloudwatch_logs
      log_group_name /wsi/webapp/customer
      log_stream_name customer
      auto_create_stream true
      <buffer tag>
        flush_mode immediate
      </buffer>
    </match>
  product.conf: |
    <source>
      @type forward
      bind 0.0.0.0
      port 24225
      tag cloudwatch_logs.fluent-bit-b.access
    </source>
    <match cloudwatch_logs.fluent-bit-b.*>
      @type cloudwatch_logs
      log_group_name /wsi/webapp/product
      log_stream_name product
      auto_create_stream true
      <buffer tag>
        flush_mode immediate
      </buffer>
    </match>
  order.conf: |
    <source>
      @type forward
      bind 0.0.0.0
      port 24226
      tag cloudwatch_logs.fluent-bit-c.access
    </source>
    <match cloudwatch_logs.fluent-bit-c.*>
      @type cloudwatch_logs
      log_group_name /wsi/webapp/order
      log_stream_name order
      auto_create_stream true
      <buffer tag>
        flush_mode immediate
      </buffer>
    </match>
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
  namespace: fluentd
spec:
  selector:
    matchLabels:
      k8s-app: fluentd-cloudwatch
  template:
    metadata:
      labels:
        k8s-app: fluentd-cloudwatch
      annotations:
        configHash: 8915de4cf9c3551a8dc74c0137a3e83569d28c71044b0359c2578d2e0461825
    spec:
      serviceAccountName: fluentd
      terminationGracePeriodSeconds: 30
      initContainers:
        - name: copy-fluentd-config
          image: busybox
          command: ['sh', '-c', 'cp /config-volume/..data/* /fluentd/etc']
          volumeMounts:
            - name: config-volume
              mountPath: /config-volume
            - name: fluentdconf
              mountPath: /fluentd/etc
        - name: update-log-driver
          image: busybox
          command: ['sh','-c','']
      containers:
        - name: fluentd-cloudwatch
          image: fluent/fluentd-kubernetes-daemonset:v1.10.3-debian-cloudwatch-1.0
          env:
            - name: AWS_REGION
              valueFrom:
                configMapKeyRef:
                  name: cluster-info
                  key: logs.region
            - name: CLUSTER_NAME
              valueFrom:
                configMapKeyRef:
                  name: cluster-info
                  key: cluster.name
            - name: CI_VERSION
              value: "k8s/1.3.24"
            - name: FLUENT_CONTAINER_TAIL_PARSER_TYPE
              value: /^(?<time>.+) (?<stream>stdout|stderr) (?<logtag>[FP]) (?<log>.*)$/
          resources:
            limits:
              memory: 400Mi
            requests:
              cpu: 100m
              memory: 200Mi
          volumeMounts:
            - name: config-volume
              mountPath: /config-volume
            - name: fluentdconf
              mountPath: /fluentd/etc
            - name: fluentd-config
              mountPath: /fluentd/etc/kubernetes.conf
              subPath: kubernetes.conf
            - name: varlog
              mountPath: /var/log
            - name: varlibdockercontainers
              mountPath: /var/lib/docker/containers
              readOnly: true
            - name: runlogjournal
              mountPath: /run/log/journal
              readOnly: true
            - name: dmesg
              mountPath: /var/log/dmesg
              readOnly: true
      volumes:
        - name: config-volume
          configMap:
            name: fluentd-config
        - name: fluentdconf
          emptyDir: {}
        - name: fluentd-config
          configMap:
            name: fluentd-config
            items:
            - key: kubernetes.conf
              path: kubernetes.conf
        - name: varlog
          hostPath:
            path: /var/log
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
        - name: runlogjournal
          hostPath:
            path: /run/log/journal
        - name: dmesg
          hostPath:
            path: /var/log/dmesg
YAML
복사

kubectl apply -f fluentd.yaml
Shell
복사

apiVersion: v1
kind: Service
metadata:
  name: fluentd-svc
  namespace: fluentd
spec:
  selector:
    k8s-app: fluentd-cloudwatch
  type: ClusterIP
  ports:
    - name : customer
      protocol: TCP
      port: 24224
      targetPort: 24224
    - name: product
      protocol: TCP
      port: 24225
      targetPort: 24225
    - name: order
      protocol: TCP
      port: 24226
      targetPort: 24226
YAML
복사

kubectl apply -f service.yaml
Shell
복사

SVC_CLUSTER_IP=$(kubectl get svc -n fluentd -o json | jq -r '.items[].spec.clusterIP')
Shell
복사

apiVersion: v1
kind: ConfigMap
metadata:
  name: customer
  namespace: wsi
data:
  fluent-bit.conf: |
    [SERVICE]
        Flush               1
        Log_Level           info
        Daemon              off

    [INPUT]
        Name                tail
        Path                /log/*.log
        Tag                 customer
        Refresh_Interval    10
        Mem_Buf_Limit       50MB
        Skip_Long_Lines     On

    [FILTER]
        Name                grep
        Match               *customer*
        Exclude             log /.*healthcheck.*/
        Exclude             log /.*healthcheck.*/
        Exclude             log .*healthcheck.*

    [OUTPUT]
        Name                forward
        Match               *
        Host                SVC_IP
        Port                24224
        Retry_Limit         False
YAML
복사

sed -i "s|SVC_IP|$SVC_CLUSTER_IP|g" customer.yaml
Shell
복사

kubectl apply -f customer.yaml
Shell
복사

apiVersion: v1
kind: ConfigMap
metadata:
  name: product
  namespace: wsi
data:
  fluent-bit.conf: |
    [SERVICE]
        Flush               1
        Log_Level           info
        Daemon              off

    [INPUT]
        Name                tail
        Path                /log/*.log
        Tag                 product
        Refresh_Interval    10
        Mem_Buf_Limit       50MB
        Skip_Long_Lines     On

    [FILTER]
        Name                grep
        Match               *product*
        Exclude             log /.*healthcheck.*/
        Exclude             log /.*healthcheck.*/
        Exclude             log .*healthcheck.*

    [OUTPUT]
        Name                forward
        Match               *
        Host                SVC_IP
        Port                24225
        Retry_Limit         False
YAML
복사

sed -i "s|SVC_IP|$SVC_CLUSTER_IP|g" product.yaml
Shell
복사

kubectl apply -f product.yaml
Shell
복사

kind: ConfigMap
apiVersion: v1
metadata:
  name: order
  namespace: wsi
data:
  flb_log_cw: "false"
  fluent-bit.conf: |
    [SERVICE]
        Flush               1
        Log_Level           info
        Daemon              off

    [INPUT]
        Name                tail
        Path                /log/*.log
        Tag                 order
        Refresh_Interval    10
        Mem_Buf_Limit       50MB
        Skip_Long_Lines     On

    [FILTER]
        Name                grep
        Match               *order*
        Exclude             log /.*healthcheck.*/
        Exclude             log /.*healthcheck.*/
        Exclude             log .*healthcheck.*

    [OUTPUT]
        Name                forward
        Match               *
        Host                SVC_IP
        Port                24226
        Retry_Limit         False
YAML
복사

sed -i "s|SVC_IP|$SVC_CLUSTER_IP|g" order.yaml
YAML
복사

kubectl apply -f order.yaml
YAML
복사