红帽全球峰会6.3. 使用 CLI 安装 Logging 和 Loki Operator
要在 OpenShift Container Platform 集群上安装和配置日志记录,需要首先安装用于日志存储的 Operator,如 Loki Operator。这可以通过 OpenShift Container Platform CLI 完成。
先决条件
- 有管理员权限。
-
已安装 OpenShift CLI(
oc)。 - 您可以访问受支持的对象存储。例如:AWS S3、Google Cloud Storage、Azure、Swift、Minio 或 OpenShift Data Foundation。
stable 频道只为日志记录的最新版本提供更新。要继续获得之前版本的更新,您必须将订阅频道改为 stable-x.y,其中 x.y 代表您安装的日志记录的主版本和次版本。例如,stable-5.7。
为 Loki Operator 创建一个
Namespace对象:Namespace对象示例apiVersion: v1 kind: Namespace metadata: name: openshift-operators-redhat1 annotations: openshift.io/node-selector: "" labels: openshift.io/cluster-monitoring: "true"2 - 1
- 您必须指定
openshift-operators-redhat命名空间。为了防止可能与指标(metrics)冲突,您应该将 Prometheus Cluster Monitoring 堆栈配置为从openshift-operators-redhat命名空间中提取指标数据,而不是从openshift-operators命名空间中提取。openshift-operators命名空间可能包含社区 Operator,这些 Operator 不被信任,并可能会发布与 OpenShift Container Platform 指标相同的名称,从而导致冲突。 - 2
- 指定所示的标签的字符串值,以确保集群监控提取
openshift-operators-redhat命名空间。
运行以下命令来应用
Namespace对象:$ oc apply -f <filename>.yaml为 Loki Operator 创建一个
Subscription对象:Subscription对象示例apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: loki-operator namespace: openshift-operators-redhat1 spec: channel: stable2 name: loki-operator source: redhat-operators3 sourceNamespace: openshift-marketplace运行以下命令来应用
Subscription对象:$ oc apply -f <filename>.yaml为 Red Hat OpenShift Logging Operator 创建一个
Namespace对象:namespace对象示例apiVersion: v1 kind: Namespace metadata: name: openshift-logging1 annotations: openshift.io/node-selector: "" labels: openshift.io/cluster-logging: "true" openshift.io/cluster-monitoring: "true"2 运行以下命令来应用
namespace对象:$ oc apply -f <filename>.yaml创建一个
OperatorGroup对象:OperatorGroup对象示例apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: cluster-logging namespace: openshift-logging1 spec: targetNamespaces: - openshift-logging- 1
- 您必须指定
openshift-logging命名空间。
运行以下命令来应用
OperatorGroup对象:$ oc apply -f <filename>.yaml创建
Subscription对象:apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: cluster-logging namespace: openshift-logging1 spec: channel: stable2 name: cluster-logging source: redhat-operators3 sourceNamespace: openshift-marketplace运行以下命令来应用
Subscription对象:$ oc apply -f <filename>.yaml创建
LokiStackCR:LokiStackCR 示例apiVersion: loki.grafana.com/v1 kind: LokiStack metadata: name: logging-loki1 namespace: openshift-logging2 spec: size: 1x.small3 storage: schemas: - version: v13 effectiveDate: "<yyyy>-<mm>-<dd>" secret: name: logging-loki-s34 type: s35 credentialMode:6 storageClassName: <storage_class_name>7 tenants: mode: openshift-logging8 - 1
- 使用名称
logging-loki。 - 2
- 您必须指定
openshift-logging命名空间。 - 3
- 指定部署大小。在日志记录 5.8 及更新的版本中,Loki 实例支持的大小选项为
1x.extra-small、1x.small或1x.medium。 - 4
- 指定日志存储 secret 的名称。
- 5
- 指定对应的存储类型。
- 6
- 可选字段,日志记录 5.9 及更新的版本。支持的用户配置值如下:
static是所有受支持的对象存储类型的默认身份验证模式,使用存储在 Secret 中的凭证。token是从凭证源检索的短期令牌。在这个模式中,静态配置不包含对象存储所需的凭证。相反,它们会使用服务在运行时生成,允许提供较短的凭证,以及更精细的控制。并不是所有对象存储类型都支持这个身份验证模式。当 Loki 在受管 STS 模式下运行并使用 CCO on STS/WIF 集群时,token-cco是默认值。 - 7
- 为临时存储指定存储类的名称。为获得最佳性能,请指定分配块存储的存储类。可以使用
oc get storageclasses命令列出集群的可用存储类。 - 8
- LokiStack 默认为以多租户模式运行,无法修改。为每个日志类型提供一个租户: audit、infrastructure 和 application logs。这为单个用户和用户组启用对不同的日志流的访问控制。
运行以下命令来应用
LokiStack CR对象:$ oc apply -f <filename>.yaml创建一个
ClusterLoggingCR 实例。ClusterLogging CR 对象示例
apiVersion: logging.openshift.io/v1 kind: ClusterLogging metadata: name: instance1 namespace: openshift-logging2 spec: collection: type: vector logStore: lokistack: name: logging-loki type: lokistack visualization: type: ocp-console ocpConsole: logsLimit: 15 managementState: Managed运行以下命令来应用
ClusterLogging CR:$ oc apply -f <filename>.yaml运行以下命令来验证安装。
$ oc get pods -n openshift-logging输出示例
$ oc get pods -n openshift-logging NAME READY STATUS RESTARTS AGE cluster-logging-operator-fb7f7cf69-8jsbq 1/1 Running 0 98m collector-222js 2/2 Running 0 18m collector-g9ddv 2/2 Running 0 18m collector-hfqq8 2/2 Running 0 18m collector-sphwg 2/2 Running 0 18m collector-vv7zn 2/2 Running 0 18m collector-wk5zz 2/2 Running 0 18m logging-view-plugin-6f76fbb78f-n2n4n 1/1 Running 0 18m lokistack-sample-compactor-0 1/1 Running 0 42m lokistack-sample-distributor-7d7688bcb9-dvcj8 1/1 Running 0 42m lokistack-sample-gateway-5f6c75f879-bl7k9 2/2 Running 0 42m lokistack-sample-gateway-5f6c75f879-xhq98 2/2 Running 0 42m lokistack-sample-index-gateway-0 1/1 Running 0 42m lokistack-sample-ingester-0 1/1 Running 0 42m lokistack-sample-querier-6b7b56bccc-2v9q4 1/1 Running 0 42m lokistack-sample-query-frontend-84fb57c578-gq2f7 1/1 Running 0 42m
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}