728x90
반응형
지난 글에 이어 EFK Stack에 FluentBit과 OpenSearch 사이에 버퍼 역할을 하는 Kinesis Firehose를 추가하여 구성하고자 합니다.
[목표]
[기본 환경]
- Internet Outbound 통신이 가능한 Kubernetes Cluster
- EFK용 IAM User
- Amazon OpenSearch
[추가 배포 순서]
1. IAM Role 수정 [Terraform]
bash
resource "aws_iam_role" "role-efk-test" {
name = "role-efk-test"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${var.aws-account-id}:user/efk-test",
"Service": [
"firehose.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "role-efk-test-policya-1" {
role = aws_iam_role.role-efk-test.name
policy_arn = "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess"
}
resource "aws_iam_role_policy_attachment" "role-efk-test-policya-2" {
role = aws_iam_role.role-efk-test.name
policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
}
resource "aws_iam_role_policy_attachment" "role-efk-test-policya-3" {
role = aws_iam_role.role-efk-test.name
policy_arn = "arn:aws:iam::aws:policy/AmazonKinesisFullAccess"
}
resource "aws_iam_role_policy_attachment" "role-efk-test-policya-4" {
role = aws_iam_role.role-efk-test.name
policy_arn = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess"
}
2. Kinesis Firehose 생성 [Terraform]
bash
resource "aws_kinesis_firehose_delivery_stream" "kinesis-firehose-test" {
name = "kinesis-firehose-test-stream"
destination = "elasticsearch"
s3_configuration {
role_arn = aws_iam_role.role-efk-test.arn
bucket_arn = aws_s3_bucket.s3-kinesis-firehose-test.arn
buffer_size = 10
buffer_interval = 400
compression_format = "GZIP"
}
elasticsearch_configuration {
domain_arn = aws_elasticsearch_domain.log-opensearch.arn
role_arn = aws_iam_role.role-efk-test.arn
index_name = "kubernetes-log" ## 원하는 Index
index_rotation_period = "OneDay"
processing_configuration {
enabled = "false"
}
s3_backup_mode = "FailedDocumentsOnly"
}
depends_on = [
aws_iam_role.role-efk-test,
aws_s3_bucket.s3-kinesis-firehose-test
]
}
3. S3 생성 [Terraform]
bash
resource "aws_s3_bucket" "s3-kinesis-firehose-test" {
bucket = "s3-kinesis-firehose-xxx-test"
acl = "private"
}
4. fluentbit configmap 수정 및 배포
[fluent-bit-configmap.yaml]
bash
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-config
namespace: logging
labels:
k8s-app: fluent-bit
data:
# Configuration files: server, input, filters and output
# ======================================================
fluent-bit.conf: |
[SERVICE]
Flush 1
Log_Level info
Daemon off
Parsers_File parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
@INCLUDE input-kubernetes.conf
@INCLUDE filter-kubernetes.conf
@INCLUDE output-kinesisfirehose.conf
input-kubernetes.conf: |
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*.log
Parser docker
DB /var/log/flb_kube.db
Mem_Buf_Limit 5MB
Skip_Long_Lines On
Refresh_Interval 10
filter-kubernetes.conf: |
[FILTER]
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
Kube_Tag_Prefix kube.var.log.containers.
Merge_Log On
Merge_Log_Key log_processed
K8S-Logging.Parser On
K8S-Logging.Exclude Off
output-kinesisfirehose.conf: |
[OUTPUT]
Name kinesis_firehose
Match *
region ap-northeast-2
delivery_stream kinesis-firehose-test-stream
role_arn arn:aws:iam::{aws-account-id}:role/role-efk-test
parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
[PARSER]
# http://rubular.com/r/tjUt3Awgg4
Name cri
Format regex
Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
5. fluentbit ds image 버전 확인 및 배포
(Kinesis firehose plugin은 1.7 이후 버전부터 사용 가능한 것으로 보임)
[fluent-bit-ds.yaml]
yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluent-bit
namespace: logging
labels:
k8s-app: fluent-bit-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
selector:
matchLabels:
k8s-app: fluent-bit-logging
template:
metadata:
labels:
k8s-app: fluent-bit-logging
version: v1
kubernetes.io/cluster-service: "true"
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "2020"
prometheus.io/path: /api/v1/metrics/prometheus
spec:
containers:
- name: fluent-bit
image: fluent/fluent-bit:1.7
imagePullPolicy: Always
ports:
- containerPort: 2020
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: secret-aws-credentials
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: secret-aws-credentials
key: AWS_SECRET_ACCESS_KEY
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: fluent-bit-config
mountPath: /fluent-bit/etc/
terminationGracePeriodSeconds: 10
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: fluent-bit-config
configMap:
name: fluent-bit-config
serviceAccountName: fluent-bit
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- operator: "Exists"
effect: "NoExecute"
- operator: "Exists"
effect: "NoSchedule"
[참고자료]
EKS 환경에서의 EFK 도입기
안녕하세요, 인프라개발팀의 데이터 엔지니어 루 입니다. 이번 글은 EKS 환경 위의 애플리케이션과 API에서 보다 효율적인 로그 수집을 위해 EFK 스택을 도입한 이야기에 관해 다룹니다.
techblog.gccompany.co.kr
Amazon Kinesis Data Streams - Fluent Bit: Official Manual
If you enable a single worker, you are enabling a dedicated thread for your Kinesis output. We recommend starting with without workers, evaluating the performance, and then adding workers one at a time until you reach your desired/needed throughput. For mo
docs.fluentbit.io
728x90
'Kubernetes' 카테고리의 다른 글
| EKS Node의 최대 Pod 수 (0) | 2022.08.01 |
|---|---|
| EFS 권장 옵션을 포함한 EKS 내 PV 생성 (0) | 2022.06.24 |
| EFK Stack 구성하기 (Amazon OpenSearch + FluentBit + Kibana) (0) | 2022.05.23 |
| Amazon EKS Cluster Autoscaler OOM killed 현상 (0) | 2022.05.08 |
| Kubernetes 스토리지 관련 객체 (0) | 2021.08.21 |