OpenShift 4 - 配置OpenShift集羣日誌環境EFK

OpenShift 4 缺省安裝完是沒有提供基於ElasticSesrch-Fluentd-Kibana（EFK）的集羣日誌環境。我們可以通過以下步驟在OpenShift上配置出基於EFK的集羣日誌運行環境。

安裝Elastic Search Operator

以下步驟採用了相同的方法創建相關的OpenShift資源，即點擊OpenShift控制檯右側的“+”圖標，然後將以下YAML複製到“Import YAML”頁面中，然後點擊Create按鈕即可。

1. Elastic Search Operator必須運行在名爲openshift-operators-redhat 的項目中，所以創建這個項目。

apiVersion: v1
kind: Namespace
metadata:
  name: openshift-operators-redhat 
  annotations:
    openshift.io/node-selector: ""
  labels:
    openshift.io/cluster-monitoring: "true" 

2. 創建OperatorGroup

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: openshift-operators-redhat
  namespace: openshift-operators-redhat 
spec: {}

3. 創建Subscription。注意：以下指定了channel的版本爲"4.3"，如果是其它版本的OpenShift，請替換。

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: "elasticsearch-operator"
  namespace: "openshift-operators-redhat" 
spec:
  channel: "4.3" 
  installPlanApproval: "Automatic"
  source: "redhat-operators" 
  sourceNamespace: "openshift-marketplace"
  name: "elasticsearch-operator"

4. 創建Role和RoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: prometheus-k8s
  namespace: openshift-operators-redhat
rules:
- apiGroups:
  - ""
  resources:
  - services
  - endpoints
  - pods
  verbs:
  - get
  - list
  - watch

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: prometheus-k8s
  namespace: openshift-operators-redhat
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: prometheus-k8s
subjects:
- kind: ServiceAccount
  name: prometheus-k8s
  namespace: openshift-operators-redhat

安裝Cluster Logging Operator

1. OpenShift的Cluster Logging Operator必須運行在名爲openshift-logging項目中，所以先創建該項目。首先創建內容如下的clo-namespace.yaml文件，其中定義了名爲openshift-logging的項目。

apiVersion: v1
kind: Namespace
metadata:
  name: openshift-logging
  annotations:
    openshift.io/node-selector: ""
  labels:
    openshift.io/cluster-logging: "true"
    openshift.io/cluster-monitoring: "true"

2. 執行命令創建openshift-logging項目。

$ oc create -f clo-namespace.yaml

3. 在OpenShift的Administrator視圖中進入OperatorHub頁面，找到名爲Cluster Logging的Operator後點擊進入，然後在右側頁面中點擊Install按鈕。
4. 在Create Operator Subscription頁面中選擇A specific Namespace on the cluster，然後選擇openshift-logging項目，最後點擊Subscribe按鈕。
5. 此時會來到Installed Operators頁面，確認Cluster Logging的Operator最後變成InstallSucceeded狀態。
   
6. 點擊已經是InstallSucceeded狀態的Cluster Logging，進入以下Operator Details的頁面。然後點擊Cluster Logging資源下方的Create Instance鏈接。
   
7. 在Create ClusterLogging頁面中使用缺省配置創建ClusterLogging對象，然後點擊Create按鈕。
   
8. 執行命令查看資源，最終在openshift-logging中有如下運行的Pod

$ oc get pod -n openshift-logging -w
NAME                                            READY   STATUS    RESTARTS   AGE
cluster-logging-operator-756649775f-fwtzc       1/1     Running   0          26m
elasticsearch-cdm-s5ltwx11-1-7f959f4559-lpmq6   2/2     Running   0          100s
elasticsearch-cdm-s5ltwx11-2-77785cb985-6qg8x   2/2     Running   0          66s
elasticsearch-cdm-s5ltwx11-3-67b8c4fd55-gv99p   2/2     Running   0          63s
fluentd-6b2rl                                   1/1     Running   0          89s
fluentd-6frdl                                   1/1     Running   0          93s
fluentd-jkts2                                   1/1     Running   0          94s
fluentd-rk4dk                                   1/1     Running   0          96s
fluentd-xr92d                                   1/1     Running   0          90s
kibana-5b8bdf44f9-b5g95                         2/2     Running   0          99s

同時ElasticSearch Operator中也會出現名爲elasticsearch的集羣。

9. 在OpenShift的Developer視圖中的Topology查看部署的應用資源。

查看Kibana

1. 刷新OpenShift控制檯的Administrator視圖，可以在Monitoring中看到新出現的Logging鏈接，然後點擊Logging鏈接。
   
2. 首次訪問kibana的時候點擊頁面上的Log in with OpenShift按鈕，然後登錄。
   
3. 查看打開的Kibana控制檯頁面。