ELK EFK Kubernetes

k8s安装ELK与EFK

Posted on 2020-10-15,6 min read

一、Elasticsearch安装

helm安装的也行,而且helm安装的stable/elasticsearch可用性更高,但是使用资源更多。

1、安装elasticsearch(线上环境千万记得把emptyDir改了,一定要使用存储。)

#下载资源文件
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/es-statefulset.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/es-service.yaml

#替换镜像和修改配置
docker.elastic.co/elasticsearch/elasticsearch-oss:6.7.0
#其它配置根据自己情况修改,我这里修改了name的值,其它的测试就不添加或修改了
复制代码

2、查看

[root@k8s-m elk]# kubectl get svc -n kube-system
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
elasticsearch   ClusterIP   10.102.165.164   none        9200/TCP                 108s

[root@k8s-m elk]# curl  10.102.165.164:9200/_cluster/health?pretty
{
  "cluster_name" : "docker-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
复制代码

二、Logstash安装

1、下载与修改helm资源清单(修改镜像和配置)

#下载logtsash资源清单
helm fetch stable/logstash

#修改的配置(我这里就拿messages和audit日志做演示,我去掉了pvc的存储,这里就不记录了)
#镜像6.7.0

#elasticsearch配置
elasticsearch:
  host: elasticsearch.kube-system.svc.cluster.local
  port: 9200

#输入输出等配置
inputs:
  main: |-
    input {
      beats {
        port = 5044
      }
    }

filters:
  main: |-
    filter {
      if "audit_log" in [tags] {
        mutate {
          rename = { "[host][name]" = "host" }
        }
      }

      if "messages_log" in [tags] {
        mutate {
          rename = { "[host][name]" = "host" }
        }
      }
    }
outputs:
  main: |-
    output {
      if "audit_log" in [tags] {
        elasticsearch {
          hosts = ["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"]
          index = "audit-%{+YYYY.MM.dd}"
        }
      }
      if "messages_log" in [tags] {
        elasticsearch {
          hosts = ["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"]
          index = "messages-%{+YYYY.MM.dd}"
        }
      }
    }
复制代码

2、安装与查看

helm  install stable/logstash     --name logstash -f values.yaml    --namespace  kube-system

#查看
[root@k8s-m logstash]# kubectl get sts -n kube-system
NAME            READY   AGE
elasticsearch   2/2     33m
logstash        1/1     19m

三、Filebeat安装

1、下载与修改helm资源清单(修改镜像和配置)

#下载清单
helm fetch stable/filebeat

#修改镜像等配置(演示messages和audit日志)
config:
  filebeat.config:
    modules:
      path: ${path.config}/modules.d/*.yml
      # Reload module configs as they change:
      reload.enabled: false

  processors:
    - add_cloud_metadata:

  filebeat.inputs:
    - type: log
      enabled: true
      paths:
        - /var/log/messages
      close_eof: true
      tags: messages_log
      clean_*: true
    - type: log
      paths:
        - /var/log/audit/audit.log
      close_eof: true
      tags: audit_log
      clean_*: true
    - type: docker
      containers.ids:
      - "*"
      processors:
        - add_kubernetes_metadata:
            in_cluster: true
        - drop_event:
            when:
              equals:
                kubernetes.container.name: "filebeat"

  output.file:
    enabled: false
  output.logstash:
    hosts: ["logstash.kube-system.svc.cluster.local:5044"]
  http.enabled: true
  http.port: 5066

2、安装与查看

#安装
helm install stable/filebeat  --name  filebeat   -f  values.yaml  --namespace kube-system

#查看
[root@k8s-m filebeat]# kubectl get ds -n kube-system
NAME          DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
calico-node   3         3         3       3            3           beta.kubernetes.io/os=linux   45m
filebeat      2         2         2       2            2           none                        21m
复制代码

四、Kibana安装

1、下载与修改helm资源清单(修改镜像和配置)

#下载清单
helm  fetch stable/kibana

#修改的配置(我把443改成了80端口访问)
files:
  kibana.yml:
    server.name: kibana
    server.host: "0"
    elasticsearch.hosts: http://elasticsearch.kube-system.svc.cluster.local:9200
service:
  type: ClusterIP
  externalPort: 80
  internalPort: 5601
复制代码

2、安装与查看

#安装
helm install  stable/kibana   --name kibana -f values.yaml  --namespace kube-system

#让kibana能外网访问
kubectl  patch svc  kibana -n kube-system -p '{"spec":{"type":"NodePort"}}'
复制代码

3、浏览器查看

img
img
img

五、Fluentd安装(filebeat和fluentd选一个安装)(k8s日志收集方案推荐

Fluentd) 安装fluentd就没必要安装logtsah和filebeat了,上面的架构可以说是ELFK,特点是logstash对日志较强的格式处理,格式化输出,还有特点就是之前用过或学过,不用再学习了,可以直接拿来就用。并且logstash保存到Elasticsearch之间还可以添加个消息队列。 EFK (Elasticsearch + Fluentd + Kibana) 是kubernetes官方推荐的日志收集方案。

Fluentd官方安装的就已经收集了许多日志了。可以根据自己的需求添加修改。 推荐一篇博客:blog.laisky.com/p/fluentd/#

1、安装Fluentd(记得修改elasticsearch的配置)

wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
复制代码

2、查看

[root@k8s-m fluentd]# kubectl get ds -n kube-system fluentd-es-v2.7.0 
NAME                DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
fluentd-es-v2.7.0   2         2         2       2            2           none          101m
复制代码

3、kibana查看

img
img

4、总结

EFK的安装完全可以使用官方的yaml文件安装,并且官方安装的方式使用的EFK版本都比较新。

原文链接:https://juejin.im/post/6844903924797964301

下一篇: Jenkines Pipline CI/CD 发布至k8s →