本节介绍如何配置 OpenSearch 日志接收器,以便将日志数据发送到指定的 OpenSearch 数据库。

说明

在扩展组件安装时或安装完成后均可以修改扩展组件配置,以配置日志接收器。下文仅介绍扩展组件已安装的情况下,如何配置 OpenSearch 日志接收器。

前提条件

  • 您需要在 KubeSphere 企业版平台具有 platform-admin 角色。

  • 已获取 OpenSearch 的服务地址和服务端口。

配置步骤

  1. 以具有 platform-admin 角色的用户登录 KubeSphere 企业版 Web 控制台。

  2. 点击扩展中心

  3. 点击扩展组件的名称,进入组件详情页。

  4. 点击组件图标下的more,选择扩展组件配置

  5. 编辑 WhizardTelemetry 日志管理的扩展组件配置,修改 vector-logging 下 opensearch 的相关配置。

    vector-logging:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
          metadata:
            api_version: v8
            auth:
              strategy: basic
              user: admin
              password: admin
            batch:
              timeout_secs: 5
            buffer:
              max_events: 10000
            endpoints:
              - https://<the opensearch cluster url>:<port>
            tls:
              verify_certificate: false
  6. 编辑 WhizardTelemetry 审计管理的扩展组件配置,修改 kube-auditing 下 opensearch 的相关配置。

    说明

    另外,还需要启用 KubeSphere 和 Kubernetes 审计。有关更多信息,请参阅扩展中心“WhizardTelemetry 审计管理”扩展组件的详情页说明。

    kube-auditing:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      #    metadata:
      #      api_version: v8
      #      auth:
      #        strategy: basic
      #        user: admin
      #        password: admin
      #      batch:
      #        timeout_secs: 5
      #      buffer:
      #        max_events: 10000
      #      endpoints:
      #        - https://<the opensearch cluster url>:<port>
      #      tls:
      #        verify_certificate: false
  7. 编辑 WhizardTelemetry 事件管理的扩展组件配置,修改 kube-events-exporter 下 opensearch 的相关配置。

    kube-events-exporter:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      #    metadata:
      #      api_version: v8
      #      auth:
      #        strategy: basic
      #        user: admin
      #        password: admin
      #      batch:
      #        timeout_secs: 5
      #      buffer:
      #        max_events: 10000
      #      endpoints:
      #        - https://<the opensearch cluster url>:<port>
      #      tls:
      #        verify_certificate: false
  8. 编辑 WhizardTelemetry 通知管理的扩展组件配置,修改 notification-history 下 opensearch 的相关配置。

    notification-history:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      #    metadata:
      #      api_version: v8
      #      auth:
      #        strategy: basic
      #        user: admin
      #        password: admin
      #      batch:
      #        timeout_secs: 5
      #      buffer:
      #        max_events: 10000
      #      endpoints:
      #        - https://<the opensearch cluster url>:<port>
      #      tls:
      #        verify_certificate: false
  9. 编辑 WhizardTelemetry 平台服务的扩展组件配置,确保其中各组件配置下的 endpoints 与以上各个扩展组件的 endpoints 配置一致,以便 KubeSphere 企业版平台能够正确查询日志数据。有关更多信息,请参阅扩展中心“WhizardTelemetry 平台服务”扩展组件的详情页说明。

    至此,OpenSearch 日志接收器配置完成。在集群设置 > 日志接收器页面,可以看到 OpenSearch 已被配置为容器日志、资源事件、审计日志和通知历史的日志接收器。