�ݺ�ߣ

2
HELLO!
I am Gregory Fod�� Sanderson
Jive DevOps team
You can email me at gregory.sanderson@logmein.com

8 DATACENTERS
Distributed across US, Brazil & Europe
5

4000 PODS
6

10600 CONTAINERS
7

2TB LOGS PER DAY
8

A LOT OF LOGS !
How do we store them ?!?!?!?!?!
9

SOLUTION: LOG PRODUCERS
? Docker reconfigured to add log metadata
? DOCKER_OPTS=
--log-driver=json-file
--log-opt env=K8S_CLUSTER
--log-opt labels=
io.kubernetes.pod.name,
io.kubernetes.container.name,
io.kubernetes.container.restartCount,
io.kubernetes.pod.namespace
--log-opt max-size=20m
--log-opt max-file=2

SOLUTION: LOG PRODUCERS
? Filebeat
? Daemonset
? /var/lib/docker/containers/*/*.log
? Push logs to kafka
? Journalbeat
? Daemonset
? Reads logs from journald (system logs)
? Push logs to kafka

SOLUTION: LOG TRANSPORT
? Kafka
? Distributed data streaming pipelines
? Producer & Consumer model
? Fault tolerance for cluster & consumers
? Logstash
? Consumes logs and sends to ES cluster
? All instances part of the same consumer group
? Adds metadata to logs

SOLUTION: LOG TRANSPORT
grok {
match => { '[attrs][io.kubernetes.pod.name]' =>
'(?<service>.*).[0-9]+-(?<pod_id>[A-Za-z0-9]{5})' }
}
mutate {
add_field => {
'container' => '%{[attrs][io.kubernetes.container.name]}'
'provider' => ��K8S'
}
replace => { "hostname" => "%{[beat][name]}.%{site}"}
}

SOLUTION: LOG STORAGE
? Elasticsearch
? Search engine + distributed document index
? Fault tolerant: shard replication
? Vast community of open source tooling
? Retention of 5 days
? Kibana
? Web UI for filtering Elasticsearch
? Used for searching and consulting logs
? Tag-based filtering

FUTURE PLANS: MOVE ES TO AWS
? Current cluster
? 3 bare metal servers
? 56 CPUs
? 256 RAM
? 2 Disks (2TB + 4TB)
? AWS cluster
? AWS ES managed
? 10 i3.2xlarge instances
? 64GB RAM
? NVMe 1.9 TB disks
? 2 AZ

21
THANKS!
Any questions?
You can find me at
gregory.sanderson@logmein.com

�ݺ�ߣ

Distributed Logging with Kubernetes

More Related Content

Distributed Logging with Kubernetes

Editor's Notes