本文默认k8s环境以及已经部署ingress controller

公司所用ingress监控是由prometheus+grafana进行，但是监控不够全面，故使用filebeat去采集ingress日志，并自主进行可视化展示

1、ingress nginx日志数据落盘

在ingress controller中将configmap改为

kind: ConfigMap
apiVersion: v1
metadata:
  name: ingress-nginx-controller
data:
  access-log-path: /var/log/nginx/access.log
  compute-full-forwarded-for: 'true'
  enable-vts-status: 'true'
  error-log-path: /var/log/nginx/error.log
  forwarded-for-header: X-Forwarded-For
  log-format-upstream: >-
    {"@timestamp":
    "$time_iso8601","remote_addr":"$remote_addr","x-forward-for":"$http_x_forwarded_for","request_id":"$req_id","remote_user":"$remote_user","bytes_sent":$bytes_sent,"request_time":$request_time,"status":$status,"vhost":"$host","request_proto":"$server_protocol","path":"$uri","request_query":"$args","request_length":$request_length,"duration":$request_time,"method":"$request_method","http_referrer":"$http_referer","http_user_agent":"$http_user_agent","upstream-sever":"$proxy_upstream_name","proxy_alternative_upstream_name":"$proxy_alternative_upstream_name","upstream_addr":"$upstream_addr","upstream_response_length":$upstream_response_length,"upstream_response_time":$upstream_response_time,"upstream_status":$upstream_status}
  use-forwarded-headers: 'true'

2、生成filebeat镜像

新建目录，目录如下

dockerfile

FROM  million12/centos-supervisor:4.0.2
WORKDIR /usr/local
ADD filebeat-7.5.0-linux-x86_64.tar.gz .
RUN ln -s filebeat-7.5.0-linux-x86_64  filebeat \
 && cd filebeat       \
 && mkdir  config     \
 && chmod +x filebeat \
 && cp filebeat.yml config/ \ 
 && yum -y install logrotate crontabs


COPY supervisord.conf /etc/supervisord.conf

RUN mkdir -p /var/log/supervisor
EXPOSE 22 80
CMD ["/usr/bin/supervisord"]

因为需要使用logrotate进行日志轮转，需要安装

logrotate crontabs

supervisord.conf配置如下

[supervisord]
nodaemon=true

[program:cron]
command=/usr/sbin/crond -i

[program:filebeat]
command=/usr/local/filebeat/filebeat -c /usr/local/filebeat/config/filebeat.yml

3、修改原有ingress controller depl，将filebeat与ingress controller放到同一pod中，使用emptydir卷共享ingress日志，使filebeat能够读取，另外一个是面对日志的持续正常如何处理，这里使用logrotate，将logrotate在filebeat中配置，尽量对ingress影响小点，首先增加filebeat configmap

kind: ConfigMap
apiVersion: v1
metadata:
  name: filebeat-config
data:
  filebeat.yml: |
    filebeat.inputs:
      - type: log
        enabled: true 
        paths:
          - /var/log/nginx/access.log
        json.keys_under_root: true
        json.overwrite_keys: true
        json.add_error_key: true      
        json.ignore_decoding_error: true      
        tags: ["access"]
      - type: log
        enabled: true 
        paths:
          - /var/log/nginx/error.log
        json.keys_under_root: true
        json.overwrite_keys: true
        json.add_error_key: true      
        json.ignore_decoding_error: true      
        tags: ["error"]
    filebeat.config.modules:
      path: ${path.config}/modules.d/*.yml
      reload.enabled: false
    setup.template.settings:
      index.number_of_shards: 3
    output.elasticsearch:
      hosts: ["es-local.nxgp.svc.cluster.local:9200"]
      index: "nginx_log-%{+yyyy.MM.dd}"
      indices:
        - index: "nginx_access-%{[beat.version]}-%{+yyyy.MM.dd}"
          when.contains:
            tags: "access"
        - index: "nginx_error-%{[beat.version]}-%{+yyyy.MM.dd}"
          when.contains:
            tags: "error"
    setup.template.name: "nginx_log"
    setup.template.pattern: "nginx_*"
    setup.template.enabled: true
    setup.ilm.enabled: false
    setup.template.overwrite: false

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-ingress-logrotate
data:
  nginx: |
    /var/log/nginx/*.log {
      su root root
      size 50M
      notifempty
      copytruncate
      rotate 3
      missingok
      compress
      dateext
      dateformat .%Y%m%d-%H
  }

然后进行depl更新，只展示新增部分

      volumes:
        - name: ingress-log
          emptyDir: {}
        - name: filebeat-config
          configMap:
            name: filebeat-config
            defaultMode: 420
        - name: logrotateconf
          configMap:
            name: nginx-ingress-logrotate
            items:
              - key: nginx
                path: nginx
            defaultMode: 420
      containers:
        - name: controller
          volumeMounts:
            - name: ingress-log
              mountPath: /var/log/nginx/
        - name: filebeat
          image: 'xxx/filebeat:7.5.0'
          resources:
            limits:
              cpu: '2'
              memory: 2Gi
            requests:
              cpu: '1'
              memory: 1Gi
          volumeMounts:
            - name: filebeat-config
              mountPath: /usr/local/filebeat/config/
            - name: ingress-log
              mountPath: /var/log/nginx/
            - name: logrotateconf
              mountPath: /etc/logrotate.d/nginx
              subPath: nginx
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: Always
      restartPolicy: Always
      terminationGracePeriodSeconds: 300
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: ingress-nginx
      serviceAccount: ingress-nginx
      securityContext: {}
      schedulerName: default-scheduler
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 25%
      maxSurge: 25%
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600

logrotate是按天更新，更新时间不定

轮转效果内存占用高的是还没有进行打包的







4、es可视化展示

(1)PV

(2)UV

(3)Top10(接口访问量)

(4)Top10(客户端IP访问占比)

(5)Top10(最慢接口)

(6)后端upstream占比

(7)实时流量

(8)客户端访问占比

(9)平均并发数

(10)异常状态码统计

(11)总流量

(12)接口异常响应码

(13)接口访问耗时占比

(14)每10秒接口访问平均耗时

(15)每10秒接口访问最大耗时

(16)状态码统计

(17)访问量趋势图

(18)超过30秒以上的接口

(19)超过30秒以上的接口出现次数