CCE日志节点操作
CCE日志节点操作仪表盘主要展示节点数趋势、非系统用户操作趋势、create操作状态码分布、delete操作状态码分布等。
前提条件
- 已采集CCE日志,详情请参见云容器引擎CCE应用日志接入LTS。
- 日志配置结构化,详情请参见结构化配置。
背景信息
云容器引擎(Cloud Container Engine,简称CCE)提供高度可扩展的、高性能的企业级Kubernetes集群。借助云容器引擎,您可以在华为云上轻松部署、管理和扩展容器化应用程序。
分析网站访问情况
- 登录云日志服务控制台。
- 在左侧导航栏中选择“仪表盘 ”。
- 在仪表盘模板下方,选择“CCE日志节点操作”仪表盘,查看图表详情。
CCE日志节点操作仪表盘中的过滤器说明如下所示:
- 节点名称,所关联的查询分析语句如下所示:
select distinct("objectRef.name")
- 操作用户,所关联的查询分析语句如下所示:
select distinct("user.username")
- 状态码,所关联的查询分析语句如下所示:
select distinct("responseStatus.code")
- 操作类型,所关联的查询分析语句如下所示:
select distinct("verb")
重要图表说明
CCE日志节点操作仪表盘中重要图表说明如下所示:
- 节点数趋势,所关联的查询分析语句如下所示:
SELECT time_series( TIME_PARSE(LEFT(requestReceivedTimestamp, 23),'yyyy-MM-dd''T''HH:mm:ss.SSS'), 'PT1H', 'yyyy-MM-dd HH', '0' ) as "dt", count(DISTINCT("objectRef.name")) as "节点数" where "objectRef.resource" = 'nodes' and "objectRef.subresource" = 'status' and "verb" in ('update', 'patch') and "user.username" = 'system:node' group by "dt" order by "dt" desc limit 10000
- 非系统用户操作趋势,所关联的查询分析语句如下所示:
SELECT time_series( TIME_PARSE(LEFT(requestReceivedTimestamp, 23),'yyyy-MM-dd''T''HH:mm:ss.SSS'), 'PT1H', 'yyyy-MM-dd HH', '0' ) as "dt", count(*) as "请求", "user.username" where "objectRef.resource" = 'nodes' and "user.username" not in ( 'kube-controller-manager','kube-apiserver-kubelet-client','apiserver') and "user.username" not like 'system:%' and "verb" in ('create','delete','update','patch') group by "dt", "user.username" order by "dt","请求" desc limit 10000
- create操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'create' group by "状态码"
- delete操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'delete' group by "状态码"
- patch操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'patch' group by "状态码"
- update操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" = 'update' group by "状态码"
- 节点封锁/解除封锁操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "requestObject" in ('{"spec":{"unschedulable":false}}','{"spec":{"unschedulable":true}}') group by "状态码"
- Label操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" in ('patch','update') and "requestObject" = 'labels' and "requestObject" = 'metadata' group by "状态码"
- Taint操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.resource" = 'nodes' and "verb" in ('patch','update') and "requestObject" = 'taints' group by "状态码"
- 驱逐操作状态码分布,所关联的查询分析语句如下所示:
select cast("responseStatus.code" as varchar) as "状态码", count(*) as "count" where "objectRef.subresource" = 'eviction' and "objectRef.resource" = 'pods' and "verb" = 'create' group by "状态码"
- 节点增删操作列表,所关联的查询分析语句如下所示:
select "auditID" AS "Audit ID", "objectRef.name" AS "节点名", "verb" AS "操作动作", "stageTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "objectRef.resource" = 'nodes' and "verb" in ('create','delete')
- Taint操作列表,所关联的查询分析语句如下所示:
select "auditID" AS "Audit ID", "objectRef.name" AS "节点名","requestObject" AS "Taints", "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "objectRef.resource" = 'nodes' and "verb" = 'patch' and "requestObject" = 'taints'
- 驱逐操作列表,所关联的查询分析语句如下所示:
select "auditID" AS "Audit ID", "objectRef.name" AS "pod", "sourceIPs" AS "源地址", "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "objectRef.resource" = 'pods' and "verb" = 'create' and "objectRef.subresource" = 'eviction'
- Label操作列表,所关联的查询分析语句如下所示:
select "auditID" AS "Audit ID", "objectRef.name" AS "节点名", "requestObject" AS "Label", "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "objectRef.resource" = 'nodes' and "verb" = 'patch' and "requestObject" = 'labels'
- 封锁操作列表,所关联的查询分析语句如下所示:
select "auditID" AS "Audit ID", "objectRef.name" AS "节点名", "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "verb" = 'patch' and "objectRef.resource" = 'nodes' and "requestObject" ='true' and "requestObject" = 'unschedulable'
- 取消封锁操作列表,所关联的查询分析语句如下所示:
select "auditID" AS "Audit ID", "objectRef.name" AS "节点名", "requestReceivedTimestamp" AS "操作时间", "user.username" AS "操作账号", "responseStatus.code" AS "状态码" where "verb" = 'patch' and "objectRef.resource" = 'nodes' and "requestObject" not in ('true','taints','unschedulable')