eksctl create iamserviceaccount \
--name fluentd \
--region=ap-northeast-2 \
--cluster finance-eks-cluster \
--namespace=fluentd \
--attach-policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
--override-existing-serviceaccounts \
--approve
Shell
복사
kubectl create configmap cluster-info \
--from-literal=cluster.name=finance-eks-cluster \
--from-literal=logs.region=ap-northeast-2 -n fluentd
Shell
복사
apiVersion: v1
kind: Namespace
metadata:
name: fluentd
labels:
name: amazon-s3
YAML
복사
kubectl apply -f ns.yaml
Shell
복사
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fluentd-role
rules:
- apiGroups: [""]
resources:
- namespaces
- pods
- pods/logs
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fluentd-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fluentd-role
subjects:
- kind: ServiceAccount
name: fluentd
namespace: fluentd
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fluentd-config
namespace: fluentd
labels:
k8s-app: fluentd-s3
data:
kubernetes.conf: |
kubernetes.conf
fluent.conf: |
@include product.conf
<match fluent.**>
@type null
</match>
product.conf: |
<source>
@type forward
bind 0.0.0.0
port 24224
tag s3.fluent-bit.access
</source>
<match s3.fluent-bit.*>
@type s3
s3_bucket finance-storage-01
s3_region ap-northeast-2
path data
s3_object_key_format %{path}/%Y-%m-%d_%H_%M/finance_access.log
<buffer tag,time>
@type file
path /var/log/fluent/s3
timekey 60
timekey_wait 10m
timekey_use_utc false
chunk_limit_size 256m
</buffer>
</match>
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: fluentd
spec:
selector:
matchLabels:
k8s-app: fluentd-s3
template:
metadata:
labels:
k8s-app: fluentd-s3
annotations:
configHash: 8915de4cf9c3551a8dc74c0137a3e83569d28c71044b0359c2578d2e0461825
spec:
serviceAccountName: fluentd
terminationGracePeriodSeconds: 30
initContainers:
- name: copy-fluentd-config
image: busybox
command: ['sh', '-c', 'cp /config-volume/..data/* /fluentd/etc']
volumeMounts:
- name: config-volume
mountPath: /config-volume
- name: fluentdconf
mountPath: /fluentd/etc
- name: update-log-driver
image: busybox
command: ['sh','-c','']
containers:
- name: fluentd-s3
image: fluent/fluentd-kubernetes-daemonset:v1.18-debian-s3-1
env:
- name: AWS_REGION
valueFrom:
configMapKeyRef:
name: cluster-info
key: logs.region
- name: CLUSTER_NAME
valueFrom:
configMapKeyRef:
name: cluster-info
key: cluster.name
- name: CI_VERSION
value: "k8s/1.3.24"
- name: FLUENT_CONTAINER_TAIL_PARSER_TYPE
value: /^(?<time>.+) (?<stream>stdout|stderr) (?<logtag>[FP]) (?<log>.*)$/
resources:
limits:
memory: 400Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: config-volume
mountPath: /config-volume
- name: fluentdconf
mountPath: /fluentd/etc
- name: fluentd-config
mountPath: /fluentd/etc/kubernetes.conf
subPath: kubernetes.conf
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: runlogjournal
mountPath: /run/log/journal
readOnly: true
- name: dmesg
mountPath: /var/log/dmesg
readOnly: true
volumes:
- name: config-volume
configMap:
name: fluentd-config
- name: fluentdconf
emptyDir: {}
- name: fluentd-config
configMap:
name: fluentd-config
items:
- key: kubernetes.conf
path: kubernetes.conf
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: runlogjournal
hostPath:
path: /run/log/journal
- name: dmesg
hostPath:
path: /var/log/dmesg
---
apiVersion: v1
kind: Service
metadata:
name: fluentd-svc
namespace: fluentd
spec:
selector:
k8s-app: fluentd-s3
type: ClusterIP
ports:
- name : product
protocol: TCP
port: 24224
targetPort: 24224
YAML
복사
kubectl apply -f fluentd.yaml
Shell
복사
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-sidecar-config
namespace: finance-ns
data:
fluent-bit.conf: |
[SERVICE]
Flush 1
Log_Level info
Daemon off
[INPUT]
Name tail
Path /log/*.log
Tag s3.fluent-bit.access
Refresh_Interval 10
Mem_Buf_Limit 50MB
Skip_Long_Lines On
[OUTPUT]
Name forward
Match *
Host fluentd-svc.fluentd.svc.cluster.local
Port 24224
Retry_Limit False
YAML
복사
kubectl apply -f fluentbit.yaml
Shell
복사
apiVersion: apps/v1
kind: Deployment
metadata:
name: finance-user-dpn
namespace: finance-ns
labels:
app: user
spec:
replicas: 2
selector:
matchLabels:
app: user
template:
metadata:
labels:
app: user
spec:
containers:
- name: finance-ecr
image: 362708816803.dkr.ecr.ap-northeast-2.amazonaws.com/finance-ecr:latest
imagePullPolicy: Always
env:
- name: MYSQL_USER
value: "admin"
- name: MYSQL_PASSWORD
value: "Skill53##"
- name: MYSQL_HOST
value: "finance-db-cluster.cluster-cxytji5957dw.ap-northeast-2.rds.amazonaws.com"
- name: MYSQL_PORT
value: "3306"
- name: MYSQL_DBNAME
value: "day1"
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: log-volume
mountPath: /log
- name: fluent-bit-cnt
image: fluent/fluent-bit:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 2020
name: metrics
protocol: TCP
volumeMounts:
- name: config-volume
mountPath: /fluent-bit/etc/
- name: log-volume
mountPath: /log
volumes:
- name: log-volume
emptyDir: {}
- name: config-volume
configMap:
name: fluent-bit-sidecar-config
YAML
복사
kubectl apply -f deployment.yaml
Shell
복사