日志接收器 - 配置 OpenSearch 日志接收器 - 《KubeSphere 企业版 v4.1.1 中文文档》

前提条件
配置步骤

本节介绍如何配置 OpenSearch 日志接收器，以便将日志数据发送到指定的 OpenSearch 数据库。

说明
在扩展组件安装时或安装完成后均可以修改扩展组件配置，以配置日志接收器。下文仅介绍扩展组件已安装的情况下，如何配置 OpenSearch 日志接收器。

前提条件

您需要在 KubeSphere 企业版平台具有 platform-admin 角色。
已获取 OpenSearch 的服务地址和服务端口。

配置步骤

以具有 platform-admin 角色的用户登录 KubeSphere 企业版 Web 控制台。
点击扩展中心。
点击扩展组件的名称，进入组件详情页。
点击组件图标下的，选择扩展组件配置。

编辑 WhizardTelemetry 日志管理的扩展组件配置，修改 vector-logging 下 opensearch 的相关配置。

vector-logging:
  sinks:
    opensearch:
      # Create opensearch sink or not
      enabled: true
      # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
      # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      metadata:
        api_version: v8
        auth:
          strategy: basic
          user: admin
          password: admin
        batch:
          timeout_secs: 5
        buffer:
          max_events: 10000
        endpoints:
          - https://<the opensearch cluster url>:<port>
        tls:
          verify_certificate: false

编辑 WhizardTelemetry 审计管理的扩展组件配置，修改 kube-auditing 下 opensearch 的相关配置。

说明
另外，还需要启用 KubeSphere 和 Kubernetes 审计。有关更多信息，请参阅扩展中心“WhizardTelemetry 审计管理”扩展组件的详情页说明。

kube-auditing:
  sinks:
    opensearch:
      # Create opensearch sink or not
      enabled: true
      # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
      # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
  #    metadata:
  #      api_version: v8
  #      auth:
  #        strategy: basic
  #        user: admin
  #        password: admin
  #      batch:
  #        timeout_secs: 5
  #      buffer:
  #        max_events: 10000
  #      endpoints:
  #        - https://<the opensearch cluster url>:<port>
  #      tls:
  #        verify_certificate: false

编辑 WhizardTelemetry 事件管理的扩展组件配置，修改 kube-events-exporter 下 opensearch 的相关配置。

kube-events-exporter:
  sinks:
    opensearch:
      # Create opensearch sink or not
      enabled: true
      # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
      # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
  #    metadata:
  #      api_version: v8
  #      auth:
  #        strategy: basic
  #        user: admin
  #        password: admin
  #      batch:
  #        timeout_secs: 5
  #      buffer:
  #        max_events: 10000
  #      endpoints:
  #        - https://<the opensearch cluster url>:<port>
  #      tls:
  #        verify_certificate: false

编辑 WhizardTelemetry 通知管理的扩展组件配置，修改 notification-history 下 opensearch 的相关配置。

notification-history:
  sinks:
    opensearch:
      # Create opensearch sink or not
      enabled: true
      # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
      # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
  #    metadata:
  #      api_version: v8
  #      auth:
  #        strategy: basic
  #        user: admin
  #        password: admin
  #      batch:
  #        timeout_secs: 5
  #      buffer:
  #        max_events: 10000
  #      endpoints:
  #        - https://<the opensearch cluster url>:<port>
  #      tls:
  #        verify_certificate: false

编辑 WhizardTelemetry 平台服务的扩展组件配置，确保其中各组件配置下的 endpoints 与以上各个扩展组件的 endpoints 配置一致，以便 KubeSphere 企业版平台能够正确查询日志数据。有关更多信息，请参阅扩展中心“WhizardTelemetry 平台服务”扩展组件的详情页说明。

至此，OpenSearch 日志接收器配置完成。在集群设置 > 日志接收器页面，可以看到 OpenSearch 已被配置为容器日志、资源事件、审计日志和通知历史的日志接收器。