时间戳

首页 > 解决方案 > 如何使用 terraform 将 AKS 主日志发送到 eventthub?

azure - 如何使用 terraform 将 AKS 主日志发送到 eventthub?

问题描述

如何使用 Azurerm terraform 将 AKS 主日志发送到 eventthub?由于 Terraform 仅提供日志分析选项。

标签: azurekubernetesterraformazure-rm

解决方案

为了使用 terraform 将日志发送到事件中心,您需要创建一些资源:

  1. 事件中心命名空间 ( azurerm_eventhub_namespace)
  2. 事件中心 ( azurerm_eventhub)
  3. 事件中心命名空间的授权规则 ( azurerm_eventhub_namespace_authorization_rule)
  4. 现有资源的诊断设置 ( azurerm_monitor_diagnostic_setting)

以下示例基于此 repo


# Create the AKS cluster

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_kubernetes_cluster" "example" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "Production"
  }
}

# Create Event hub namespace

resource "azurerm_eventhub_namespace" "logging" {
  name                = "logging-eventhub"
  location            = "${azurerm_resource_group.example.location}"
  resource_group_name = "${azurerm_resource_group.example.name}"
  sku                 = "Standard"
  capacity            = 1
  kafka_enabled       = false
}


# Create Event hub

resource "azurerm_eventhub" "logging_aks" {
  name                = "logging-aks-eventhub"
  namespace_name      = "${azurerm_eventhub_namespace.logging.name}"
  resource_group_name = "${azurerm_resource_group.example.name}"
  partition_count     = 2
  message_retention   = 1
}

# Create an authorization rule

resource "azurerm_eventhub_namespace_authorization_rule" "logging" {
  name                = "authorization_rule"
  namespace_name      = "${azurerm_eventhub_namespace.logging.name}"
  resource_group_name = "${azurerm_resource_group.example.name}"

  listen = true
  send   = true
  manage = true
}

# Manages a Diagnostic Setting for an existing Resource

resource "azurerm_monitor_diagnostic_setting" "aks-logging" {
  name                           = "diagnostic_aksl"
  target_resource_id             = "${azurerm_kubernetes_cluster.example.id}"
  eventhub_name                  = "${azurerm_eventhub.logging_aks.name}"
  eventhub_authorization_rule_id = "${azurerm_eventhub_namespace_authorization_rule.logging.id}"

  log {
    category = "kube-scheduler"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "kube-controller-manager"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "cluster-autoscaler"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "kube-audit"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "kube-apiserver"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }
}

推荐阅读