云原生日志模式
云原生日志模式
日志类型
| 类型 | 说明 | 示例 |
|---|---|---|
| 结构化日志 | JSON格式 | 应用日志 |
| 非结构化日志 | 纯文本 | 传统应用 |
| 访问日志 | HTTP请求 | Nginx/Apache |
| 审计日志 | 操作记录 | 安全审计 |
结构化日志
日志格式
{
"timestamp": "2024-01-01T12:00:00Z",
"level": "INFO",
"service": "user-api",
"trace_id": "abc123",
"span_id": "def456",
"message": "User login successful",
"user_id": "12345",
"ip": "192.168.1.100"
}
日志级别
FATAL > ERROR > WARN > INFO > DEBUG > TRACE
日志收集模式
Sidecar模式
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
template:
spec:
containers:
- name: myapp
image: myapp:v1
volumeMounts:
- name: logs
mountPath: /var/log/app
- name: log-collector
image: fluentd:latest
volumeMounts:
- name: logs
mountPath: /var/log/app
volumes:
- name: logs
emptyDir: {}
DaemonSet模式
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
containers:
- name: fluentd
image: fluentd:latest
volumeMounts:
- name: varlog
mountPath: /var/log
- name: containers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: varlog
hostPath:
path: /var/log
- name: containers
hostPath:
path: /var/lib/docker/containers
日志标准化
字段标准
{
"timestamp": "ISO 8601格式",
"level": "日志级别",
"service": "服务名称",
"trace_id": "分布式追踪ID",
"message": "日志消息",
"error": {
"type": "错误类型",
"message": "错误消息",
"stack": "堆栈跟踪"
},
"context": {
"user_id": "用户ID",
"request_id": "请求ID"
}
}
实践:日志配置
应用日志配置
// Node.js Winston配置
const winston = require('winston');
const logger = winston.createLogger({
level: process.env.LOG_LEVEL || 'info',
format: winston.format.combine(
winston.format.timestamp(),
winston.format.json()
),
defaultMeta: {
service: process.env.SERVICE_NAME || 'myapp',
version: process.env.APP_VERSION || '1.0.0'
},
transports: [
new winston.transports.Console(),
new winston.transports.File({
filename: '/var/log/app/error.log',
level: 'error'
}),
new winston.transports.File({
filename: '/var/log/app/combined.log'
})
]
});
// 使用
logger.info('User login', {
user_id: '12345',
ip: '192.168.1.100'
});
Fluentd配置
<source>
@type tail
path /var/log/app/*.log
pos_file /var/log/fluentd/app.log.pos
tag app.*
<parse>
@type json
</parse>
</source>
<filter app.**>
@type record_transformer
<record>
hostname "#{Socket.gethostname}"
service "myapp"
</record>
</filter>
<match app.**>
@type elasticsearch
host elasticsearch
port 9200
index_name app-logs
<buffer>
flush_mode interval
flush_interval 5s
</buffer>
</match>
日志查询
# Kibana查询
service:user-api AND level:ERROR
service:user-api AND user_id:12345
# Elasticsearch查询
curl -X GET "localhost:9200/app-logs-*/_search" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "match": { "service": "user-api" } },
{ "match": { "level": "ERROR" } }
],
"filter": [
{ "range": { "@timestamp": { "gte": "now-1h" } } }
]
}
}
}'
最佳实践
- 使用结构化日志
- 包含上下文信息
- 设置合理的日志级别
- 避免记录敏感信息
- 使用关联ID跟踪请求
总结
云原生日志模式强调结构化、标准化和可观测性。通过合理的日志架构,可以实现高效的日志收集、存储和分析。