红帽全球峰会7.2. 将日志转发到 LokiStack 实例
您可以部署 OpenTelemetry Collector 将日志转发到 LokiStack 实例。
先决条件
- 已安装红帽构建的 OpenTelemetry Operator。
- 已安装 Loki Operator。
- 在集群中部署了受支持的 LokiStack 实例。
流程
为 OpenTelemetry Collector 创建服务帐户。
ServiceAccount对象示例apiVersion: v1 kind: ServiceAccount metadata: name: otel-collector-deployment namespace: openshift-logging
创建一个集群角色,为 Collector 的服务帐户授予将日志推送到 LokiStack 应用程序租户的权限。
ClusterRole对象示例apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: otel-collector-logs-writer rules: - apiGroups: ["loki.grafana.com"] resourceNames: ["logs"] resources: ["application"] verbs: ["create"] - apiGroups: [""] resources: ["pods", "namespaces", "nodes"] verbs: ["get", "watch", "list"] - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: ["replicasets"] verbs: ["get", "list", "watch"]
将集群角色绑定到服务帐户。
ClusterRoleBinding对象示例apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: otel-collector-logs-writer roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: otel-collector-logs-writer subjects: - kind: ServiceAccount name: otel-collector-deployment namespace: openshift-logging创建
OpenTelemetryCollector自定义资源 (CR) 对象。OpenTelemetryCollectorCR 对象示例apiVersion: opentelemetry.io/v1beta1 kind: OpenTelemetryCollector metadata: name: otel namespace: openshift-logging spec: serviceAccount: otel-collector-deployment config: extensions: bearertokenauth: filename: "/var/run/secrets/kubernetes.io/serviceaccount/token" receivers: otlp: protocols: grpc: {} http: {} processors: k8sattributes: {} resource: attributes: 1 - key: kubernetes.namespace_name from_attribute: k8s.namespace.name action: upsert - key: kubernetes.pod_name from_attribute: k8s.pod.name action: upsert - key: kubernetes.container_name from_attribute: k8s.container.name action: upsert - key: log_type value: application action: upsert transform: log_statements: - context: log statements: - set(attributes["level"], ConvertCase(severity_text, "lower")) exporters: otlphttp: endpoint: https://logging-loki-gateway-http.openshift-logging.svc.cluster.local:8080/api/logs/v1/application/otlp encoding: json tls: ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" auth: authenticator: bearertokenauth debug: verbosity: detailed service: extensions: [bearertokenauth] 2 pipelines: logs: receivers: [otlp] processors: [k8sattributes, transform, resource] exporters: [otlphttp] 3 logs/test: receivers: [otlp] processors: [] exporters: [debug]
提示
您可以将 telemetrygen 部署为测试:
apiVersion: batch/v1
kind: Job
metadata:
name: telemetrygen
spec:
template:
spec:
containers:
- name: telemetrygen
image: ghcr.io/open-telemetry/opentelemetry-collector-contrib/telemetrygen:v0.106.1
args:
- logs
- --otlp-endpoint=otel-collector.openshift-logging.svc.cluster.local:4317
- --otlp-insecure
- --duration=180s
- --workers=1
- --logs=10
- --otlp-attributes=k8s.container.name="telemetrygen"
restartPolicy: Never
backoffLimit: 4其他资源
