惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
小众软件
小众软件
J
Java Code Geeks
V
Visual Studio Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
美团技术团队
阮一峰的网络日志
阮一峰的网络日志
V
V2EX
博客园 - 叶小钗
N
Netflix TechBlog - Medium
月光博客
月光博客
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
The Last Watchdog
The Last Watchdog
T
Threatpost
I
Intezer
T
Tenable Blog
L
LINUX DO - 热门话题
T
Tailwind CSS Blog
Scott Helme
Scott Helme
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
Engineering at Meta
Engineering at Meta
S
Schneier on Security
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Fortinet All Blogs
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
量子位
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
人人都是产品经理
人人都是产品经理
博客园 - 【当耐特】
博客园 - Franky
www.infosecurity-magazine.com
www.infosecurity-magazine.com

ike‘s blog

mac软件推荐 用Siri来控制Windows电脑开机关机吧 clickhouse的一些优化建议和工具 2023sumppary 记录一下我的第一个网页游戏Mazeball 如何使用Clickhouse的索引 如何从zookeeper切换为clickhouse—keeper cloki分布式查询和clickhouse副本存储 clickhouse集群部署指南 快速安装部署clickhouse和cloki 快速部署thanos架构 如何使用go的jwt 如何修改git commit记录 业务容器化需要注意的一些地方 游戏企划 Prometheus Metrics精简优化2 来在线听音乐吧 Chatgpt的API入门 简单搭建国内也可以使用的chatgpt Prometheus Metrics精简优化 Kubernetes的探针机制 本地部署chatAI【chatglm】 AI绘画工具webui简单入门 之 高清化 写在地下城邂逅Ⅳ·灾厄篇·完结之后 如何部署gitalk作为评论系统 AI绘画工具webui简单入门 之 工具安装 grafanadb迁移到mysql kubectl常用命令 开始写博客啦 隐私政策URL Markdown Example Include Video in the Posts Markdown Extended Features Simple Guides for Fuwari Golang net/http & HTTP Serve 源码分析
使用ilogtail+cloki+clickhouse来做日志系统吧
ike · 2023-08-30 · via ike‘s blog

相关开源工具#

简介#

clickhouse就不说了,可以参考我前面的博文,这里主要介绍一下cloki和ilogtail。

ilogtail是阿里开源的一款轻量级的日志采集工具,针对k8s环境也有很好的优化,比filebeat轻,资源消耗低,采集效率也快一些。目前官方也支持多种输入、处理和输出, 其中就包含输出到loki或者clickhouse。(要注意logtail是阿里自带的一个日志采集工具,只能采集到阿里的sls,ilogtail是开源社区的,支持多种插件)

cloki也是国外开源的一个工具,类似于loki,API也和loki一模一样,但是后台可以关联到更高效的clickhouse作为存储。(目前相关文章不多,但可用)

部署#

因为所有的都是部署在k8s上的,所以直接上yaml文件吧

cloki#

cloki-deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cloki
  labels:
    io.metrico.service: cloki
spec:
  replicas: 1
  selector:
    matchLabels:
      io.metrico.service: cloki
  strategy: {}
  template:
    metadata:
      annotations:
        qryn.cmd: qryn.dev
      creationTimestamp: null
      labels:
        io.metrico.service: cloki
    spec:
      containers:
        - env:
            - name: CLICKHOUSE_SERVER                   # 具体配置参考文档
              value: clickhouse                     
            - name: CLICKHOUSE_AUTH
              value: 'default:xxxxxx'
            - name: CLICKHOUSE_PORT
              value: '8123'
            - name: CLICKHOUSE_DB
              value: cloki
            - name: CLICKHOUSE_TSDB
              value: cloki
            - name: FASTIFY_METRICS
              value: 'true'
            - name: DEBUG
              value: 'true'
            - name: FASTIFY_BODYLIMIT
              value: '52428800'
            - name: CLUSTER_NAME     #用于ck集群
              value: 'my_cluster'
          image: qxip/qryn:latest
          name: cloki
          ports:
            - containerPort: 3100
          resources: {}
      restartPolicy: Always
status: {}

cloki-service.yml

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    io.metrico.service: cloki
  name: cloki
spec:
  ports:
    - name: "3100"
      port: 3100
      targetPort: 3100
  selector:
    io.metrico.service: cloki
status:
  loadBalancer: {}

kubectl apply -f cloki-service.yaml,cloki-deployment.yaml -n ops

ilogtai#

ilogtail-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: ilogtail-user-cm
  namespace: ops
data:
  loki_stdout.yaml: |
    enable: true
    inputs:
      - Type: service_docker_stdout
        Stderr: false
        Stdout: true                # 只采集标准输出
        IncludeK8sLabel:            # 采集nginx的日志,这里可以修改为label或者其他指定,具体看文档
          app: nginx
    processors:
      - Type: processor_default    # 默认不做数据处理
        SourceKey: content
    flushers:
      - Type: flusher_loki         #输出也可以改成stdout来测试,或者直接输出到clickhouse,具体看文档
        URL: http://cloki:3100/loki/api/v1/push
        TenantID: ilogtail
        StaticLabels:
          source: ilogtail

ilogtail-daemonset.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ilogtail-ds
  namespace: ops
  labels:
    k8s-app: logtail-ds
spec:
  selector:
    matchLabels:
      k8s-app: logtail-ds
  template:
    metadata:
      labels:
        k8s-app: logtail-ds
    spec:
      tolerations:
        - operator: Exists                    # deploy on all nodes
      containers:
        - name: logtail
          env:
            - name: ALIYUN_LOG_ENV_TAGS       # add log tags from env
              value: _node_name_|_node_ip_
            - name: _node_name_
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
            - name: _node_ip_
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: status.hostIP
            - name: cpu_usage_limit           # iLogtail's self monitor cpu limit
              value: "1"
            - name: mem_usage_limit           # iLogtail's self monitor mem limit
              value: "512"
          image: >-
            sls-opensource-registry.cn-shanghai.cr.aliyuncs.com/ilogtail-community-edition/ilogtail:latest
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: 1000m
              memory: 1Gi
            requests:
              cpu: 400m
              memory: 384Mi
          volumeMounts:
            - mountPath: /var/run                       # for container runtime socket
              name: run
            - mountPath: /logtail_host                  # for log access on the node
              mountPropagation: HostToContainer
              name: root
              readOnly: true
            - mountPath: /usr/local/ilogtail/checkpoint # for checkpoint between container restart
              name: checkpoint
            - mountPath: /usr/local/ilogtail/user_yaml_config.d # mount config dir
              name: user-config
              readOnly: true
      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      volumes:
        - hostPath:
            path: /var/run
            type: Directory
          name: run
        - hostPath:
            path: /
            type: Directory
          name: root
        - hostPath:
            path: /etc/ilogtail-ilogtail-ds/checkpoint
            type: DirectoryOrCreate
          name: checkpoint
        - configMap:
            defaultMode: 420
            name: ilogtail-user-cm
          name: user-config

部署完后ilogtail就作为daemonset开始采集nginx的日志并输出到cloki里啦,因为loki是可以直接与grafana集成的,所以只需要在grafana里把cloki作为数据源加上,就可以直接可视化查询了!