热门标签
热门文章
- 1Linux安装MySQL8.0_没有可用软件包 mysql80-community-release-el7-10.noarch.rp
- 2Python 知识星球爬虫(二)获取星球评论信息
- 3python官方帮助文档中文版,python中文官网下载安装_python官方文档中文版
- 4在python中用pyTorch实现数字(0~9)语音识别_基于pytorch的0-10数字的语音识别
- 5Linux命令:wget命令
- 6centos7安装openstack教程_centos7安装部署openstack
- 7[转]漫谈虚拟化-计算虚拟化中的 I/O 虚拟化_驱动实现ip虚拟化
- 850个Python重要模块
- 9termux 玩法(一)_termux命令大全
- 10Ceph分布式存储 原理+架构图详解_ceph架構 pdf
当前位置: article > 正文
在k8s集群部署ELK
作者:我家小花儿 | 2024-08-07 21:50:15
赞
踩
在k8s集群部署ELK
使用kubeadm或者其他方式部署一套k8s集群。
在k8s集群创建一个namespace:halashow
2 ELK部署架构
3.1 准备资源配置清单
Deployment中存在一个es的业务容器,和一个init容器,init容器主要是配置vm.max_map_count=262144。
service暴露了9200端口,其他服务可通过service name加端口访问es。
3.1 准备资源配置清单
Deployment中存在一个es的业务容器,和一个init容器,init容器主要是配置vm.max_map_count=262144。
service暴露了9200端口,其他服务可通过service name加端口访问es。
- apiVersion: v1
- kind: Service
- metadata:
- namespace: halashow
- name: elasticsearch
- labels:
- app: elasticsearch-logging
- spec:
- type: ClusterIP
- ports:
- - port: 9200
- name: elasticsearch
- selector:
- app: elasticsearch-logging
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- generation: 1
- labels:
- app: elasticsearch-logging
- version: v1
- name: elasticsearch
- namespace: halashow
- spec:
- serviceName: elasticsearch-logging
- minReadySeconds: 10
- progressDeadlineSeconds: 600
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- app: elasticsearch-logging
- version: v1
- strategy:
- type: Recreate
- template:
- metadata:
- creationTimestamp: null
- labels:
- app: elasticsearch-logging
- version: v1
- spec:
- affinity:
- nodeAffinity: {}
- containers:
- - env:
- - name: discovery.type
- value: single-node
- - name: ES_JAVA_OPTS
- value: -Xms512m -Xmx512m
- - name: MINIMUM_MASTER_NODES
- value: "1"
- image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0-amd64
- imagePullPolicy: IfNotPresent
- name: elasticsearch-logging
- ports:
- - containerPort: 9200
- name: db
- protocol: TCP
- - containerPort: 9300
- name: transport
- protocol: TCP
- resources:
- limits:
- cpu: "1"
- memory: 1Gi
- requests:
- cpu: "1"
- memory: 1Gi
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: /data
- name: es-persistent-storage
- dnsPolicy: ClusterFirst
- imagePullSecrets:
- - name: user-1-registrysecret
- initContainers:
- - command:
- - /sbin/sysctl
- - -w
- - vm.max_map_count=262144
- image: alpine:3.6
- imagePullPolicy: IfNotPresent
- name: elasticsearch-logging-init
- resources: {}
- securityContext:
- privileged: true
- procMount: Default
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- terminationGracePeriodSeconds: 30
- volumes:
- - hostPath:
- path: /data/elk/elasticsearch-logging
- type: DirectoryOrCreate
- name: es-persistent-storage
- nodeSelector:
- alibabacloud.com/is-edge-worker: 'false'
- beta.kubernetes.io/arch: amd64
- beta.kubernetes.io/os: linux
- tolerations:
- - effect: NoSchedule
- key: node-role.alibabacloud.com/addon
- operator: Exists
elasticsearch持久化部署,参考资料
https://www.51cto.com/article/673023.html-
- apiVersion: v1
- kind: Service
- metadata:
- name: es
- namespace: default
- labels:
- k8s-app: es
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- kubernetes.io/name: "Elasticsearch"
- spec:
- ports:
- - port: 9200
- protocol: TCP
- targetPort: db
- selector:
- k8s-app: es
- ---
- # RBAC authn and authz
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: es
- namespace: default
- labels:
- k8s-app: es
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: es
- labels:
- k8s-app: es
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- rules:
- - apiGroups:
- - ""
- resources:
- - "services"
- - "namespaces"
- - "endpoints"
- verbs:
- - "get"
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- namespace: default
- name: es
- labels:
- k8s-app: es
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- subjects:
- - kind: ServiceAccount
- name: es
- namespace: default
- apiGroup: ""
- roleRef:
- kind: ClusterRole
- name: es
- apiGroup: ""
- ---
- # Elasticsearch deployment itself
- apiVersion: apps/v1
- kind: StatefulSet #使用statefulset创建Pod
- metadata:
- name: es #pod名称,使用statefulSet创建的Pod是有序号有顺序的
- namespace: default #命名空间
- labels:
- k8s-app: es
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- srv: srv-elasticsearch
- spec:
- serviceName: es #与svc相关联,这可以确保使用以下DNS地址访问Statefulset中的每个pod (es-cluster-[0,1,2].elasticsearch.elk.svc.cluster.local)
- replicas: 1 #副本数量,单节点
- selector:
- matchLabels:
- k8s-app: es #和pod template配置的labels相匹配
- template:
- metadata:
- labels:
- k8s-app: es
- kubernetes.io/cluster-service: "true"
- spec:
- serviceAccountName: es
- containers:
- - image: docker.io/library/elasticsearch:7.10.1
- name: es
- resources:
- # need more cpu upon initialization, therefore burstable class
- limits:
- cpu: 1000m
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 500Mi
- ports:
- - containerPort: 9200
- name: db
- protocol: TCP
- - containerPort: 9300
- name: transport
- protocol: TCP
- volumeMounts:
- - name: es
- mountPath: /usr/share/elasticsearch/data/ #挂载点
- env:
- - name: "NAMESPACE"
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: "discovery.type" #定义单节点类型
- value: "single-node"
- - name: ES_JAVA_OPTS #设置Java的内存参数,可以适当进行加大调整
- value: "-Xms1024m -Xmx4g"
- volumes:
- - name: es
- hostPath:
- path: /data/es/
- nodeSelector: #如果需要匹配落盘节点可以添加nodeSelect
- es: data
- tolerations:
- - effect: NoSchedule
- operator: Exists
- # Elasticsearch requires vm.max_map_count to be at least 262144.
- # If your OS already sets up this number to a higher value, feel free
- # to remove this init container.
- initContainers: #容器初始化前的操作
- - name: es-init
- image: alpine:3.6
- command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"] #添加mmap计数限制,太低可能造成内存不足的错误
- securityContext: #仅应用到指定的容器上,并且不会影响Volume
- privileged: true #运行特权容器
- - name: increase-fd-ulimit
- image: busybox
- imagePullPolicy: IfNotPresent
- command: ["sh", "-c", "ulimit -n 65536"] #修改文件描述符最大数量
- securityContext:
- privileged: true
- - name: elasticsearch-volume-init #es数据落盘初始化,加上777权限
- image: alpine:3.6
- command:
- - chmod
- - -R
- - "777"
- - /usr/share/elasticsearch/data/
- volumeMounts:
- - name: es
- mountPath: /usr/share/elasticsearch/data/
-
-
- ---
-
- apiVersion: v1
- kind: Service
- metadata:
- name: kibana
- namespace: default
- labels:
- k8s-app: kibana
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- kubernetes.io/name: "Kibana"
- srv: srv-kibana
- spec:
- type: NodePort #采用nodeport方式进行暴露,端口默认为25601
- ports:
- - port: 5601
- nodePort: 30561
- protocol: TCP
- targetPort: ui
- selector:
- k8s-app: kibana
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: kibana
- namespace: default
- labels:
- k8s-app: kibana
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- srv: srv-kibana
- spec:
- replicas: 1
- selector:
- matchLabels:
- k8s-app: kibana
- template:
- metadata:
- labels:
- k8s-app: kibana
- annotations:
- seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
- spec:
- containers:
- - name: kibana
- image: docker.io/kubeimages/kibana:7.9.3 #该镜像支持arm64和amd64两种架构
- resources:
- # need more cpu upon initialization, therefore burstable class
- limits:
- cpu: 1000m
- requests:
- cpu: 100m
- env:
- - name: ELASTICSEARCH_HOSTS
- value: http://es:9200
- ports:
- - containerPort: 5601
- name: ui
- protocol: TCP
- ---
- apiVersion: extensions/v1beta1
- kind: Ingress
- metadata:
- name: kibana
- namespace: yk-mysql-test
- spec:
- rules:
- - host: kibana.ctnrs.com
- http:
- paths:
- - path: /
- backend:
- serviceName: kibana
- servicePort: 5601
-
4 部署logstash
创建configMap定义logstash相关配置项,主要包括一下几项。
input:定义输入到logstash的源。
filter:定义过滤条件。
output:可以定义输出到es,redis,kafka等等。
- ---
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: logstash-config
- namespace: halashow
- data:
- logstash.conf: |-
-
- input {
- redis {
- host => "10.36.21.220"
- port => 30079
- db => 0
- key => "localhost"
- password => "123456"
- data_type => "list"
- threads => 4
- batch_count => "1"
- #tags => "user.log"
- }
-
- }
-
- filter {
- dissect {
- mapping => { "message" => "[%{Time}] %{LogLevel} %{message}" }
- }
- }
-
- output {
- if "nginx.log" in [tags] {
- elasticsearch {
- hosts => ["elasticsearch:9200"]
- index => "nginx.log"
- }
- }
-
- if "osale-uc-test" in [tags] {
- elasticsearch {
- hosts => ["elasticsearch:9200"]
- index => "osale-uc-test"
- }
- }
- if "osale-jindi-client-test" in [tags] {
- elasticsearch {
- hosts => ["elasticsearch:9200"]
- index => "osale-jindi-client-test"
- }
- }
- if "osale-admin-weixin" in [tags] {
- elasticsearch {
- hosts => ["elasticsearch:9200"]
- index => "osale-admin-weixin"
- }
- }
- }
-
-
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: logstash
- namespace: halashow
- labels:
- name: logstash
- spec:
- replicas: 1
- selector:
- matchLabels:
- name: logstash
- template:
- metadata:
- labels:
- app: logstash
- name: logstash
- spec:
- containers:
- - name: logstash
- image: docker.elastic.co/logstash/logstash:7.12.0
- ports:
- - containerPort: 5044
- protocol: TCP
- - containerPort: 9600
- protocol: TCP
-
- volumeMounts:
- - name: logstash-config
- #mountPath: /usr/share/logstash/logstash-simple.conf
- #mountPath: /usr/share/logstash/config/logstash-sample.conf
- mountPath: /usr/share/logstash/pipeline/logstash.conf
- subPath: logstash.conf
- #ports:
- # - containerPort: 80
- # protocol: TCP
-
-
- volumes:
- - name: logstash-config
- configMap:
- #defaultMode: 0644
- name: logstash-config
-
- ---
- apiVersion: v1
- kind: Service
- metadata:
- namespace: halashow
- name: logstash
- labels:
- app: logstash
- spec:
- type: ClusterIP
- ports:
- - port: 5044
- name: logstash
- selector:
- app: logstash
5.部署redis5.0
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: elk-redis
- labels:
- app: elk-redis
- data:
- redis.conf: |-
- bind 0.0.0.0
- daemonize no
- pidfile "/var/run/redis.pid"
- port 6380
- timeout 300
- loglevel warning
- logfile "redis.log"
- databases 16
- rdbcompression yes
- dbfilename "redis.rdb"
- dir "/data"
- requirepass "123456"
- masterauth "123456"
- maxclients 10000
- maxmemory 1000mb
- maxmemory-policy allkeys-lru
- appendonly yes
- appendfsync always
- ---
- apiVersion: apps/v1
- kind: StatefulSet
- metadata:
- name: elk-redis
- labels:
- app: elk-redis
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: elk-redis
- template:
- metadata:
- labels:
- app: elk-redis
- spec:
- containers:
- - name: redis
- image: redis:5.0.7
- command:
- - "sh"
- - "-c"
- - "redis-server /usr/local/redis/redis.conf"
- ports:
- - containerPort: 6379
- resources:
- limits:
- cpu: 1000m
- memory: 1024Mi
- requests:
- cpu: 1000m
- memory: 1024Mi
- livenessProbe:
- tcpSocket:
- port: 6379
- initialDelaySeconds: 300
- timeoutSeconds: 1
- periodSeconds: 10
- successThreshold: 1
- failureThreshold: 3
- readinessProbe:
- tcpSocket:
- port: 6379
- initialDelaySeconds: 5
- timeoutSeconds: 1
- periodSeconds: 10
- successThreshold: 1
- failureThreshold: 3
- volumeMounts:
- - name: data
- mountPath: /data
- # 时区设置
- - name: timezone
- mountPath: /etc/localtime
- - name: config
- mountPath: /usr/local/redis/redis.conf
- subPath: redis.conf
- volumes:
- - name: config
- configMap:
- name: elk-redis
- - name: timezone
- hostPath:
- path: /usr/share/zoneinfo/Asia/Shanghai
- - name: data
- hostPath:
- type: DirectoryOrCreate
- path: /data/elk/elk-redis
- nodeName: gem-yxyw-t-c02
- ---
为了提升redis的性能需要关闭持久化
、redis默认是开启持久化的
2、默认持久化方式为RDB
1、注释掉原来的持久化规则
-
# save 3600 1 300 100 60 10000
2、把 save 节点设置为空
save ""3、删除 dump.rdb 转储文件
rm -f dump.rdb1、设置 appendonly 的值为 no 即可
6. 部署filebeat,部署k8s上没有成功,改成源码部署到主机成功了
- wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.8.0-linux-x86_64.tar.gz
-
- tar -zxvf filebeat-7.8.0-linux-x86_64.tar.gz
-
- vi /data/elk/filebeat/filebeat-7.8.0-linux-x86_64/filebeat.yml
-
- filebeat.inputs:
- - type: log
- enabled: true
- paths:
- - /data/test-logs/osale-uc-test/*.log
- fields:
- tags: ["osale-uc-test"]
- - type: log
- enabled: true
- paths:
- - /data/test-logs/osale-jindi-client-test/*.log
- fields:
- tags: ["osale-jindi-client-test"]
- - type: log
- enabled: true
- paths:
- - /data/test-logs/osale-admin-weixin-test/*/osale-admin-weixin/*.log
- fields:
- tags: ["osale-admin-weixin"]
- - type: log
- enabled: true
- paths:
- - /data/tengine/logs/*.log
- fields:
- tags: ["nginx.log"]
-
- filebeat.config.modules:
- path: ${path.config}/modules.d/*.yml
- reload.enabled: false
- setup.template.settings:
- index.number_of_shards: 1
- setup.kibana:
- output.redis:
- enabled: true
- hosts: ["10.36.21.220:30079"]
- password: "123456"
- db: 0
- key: localhost
- worker: 4
- timeout: 5
- max_retries: 3
- datatype: list
- processors:
- - add_host_metadata: ~
- - add_cloud_metadata: ~
- - add_docker_metadata: ~
- - add_kubernetes_metadata: ~
- ---
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: filebeat-config-to-logstash
- namespace: halashow
- data:
- filebeat.yml: |-
- filebeat.inputs:
- - type: log
- paths:
- - /logm/*.log
- output.logstash:
- hosts: ['logstash:5044']
-
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: filebeat
- namespace: halashow
- labels:
- name: filebeat
- spec:
- replicas: 1
- selector:
- matchLabels:
- name: filebeat
- template:
- metadata:
- labels:
- app: filebeat
- name: filebeat
- spec:
- containers:
- - name: filebeat
- image: docker.elastic.co/beats/filebeat:7.12.0
- args: [
- "-c", "/etc/filebeat.yml",
- "-e",
- ]
-
- volumeMounts:
- - mountPath: /logm
- name: logm
- - name: config
- mountPath: /etc/filebeat.yml
- readOnly: true
- subPath: filebeat.yml
-
- volumes:
- - name: logm
- emptyDir: {}
- - name: config
- configMap:
- defaultMode: 0640
- name: filebeat-config-to-logstash
cd /data/elk/filebeat-7.8.0-linux-x86_64
sudo ./filebeat -e -c filebeat.yml -d "publish" #前台启动filebeat
nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1& #后台启动
6 部署kibana
6.1 准备资源配置清单
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: kibana
- namespace: halashow
- labels:
- name: kibana
- spec:
- serviceName: halashow
- replicas: 1
- selector:
- matchLabels:
- name: kibana
- template:
- metadata:
- labels:
- app: kibana
- name: kibana
- spec:
- restartPolicy: Always
- containers:
- - name: kibana
- image: kibana:7.12.0
- imagePullPolicy: Always
- ports:
- - containerPort: 5601
- resources:
- requests:
- memory: 1024Mi
- cpu: 50m
- limits:
- memory: 1024Mi
- cpu: 1000m
- volumeMounts:
- - name: kibana-config
- mountPath: /usr/share/kibana/config/kibana.yml
- subPath: kibana.yml
- volumes:
- - name: kibana-config
- configMap:
- name: kibana-cm
- items:
- - key: "kibana.yml"
- path: "kibana.yml"
- ---
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- app: kibana
- name: kibana
- namespace: halashow
- spec:
- type: NodePort
- ports:
- - name: kibana
- port: 5601
- nodePort: 30102
- protocol: TCP
- targetPort: 5601
- selector:
- app: kibana
-
- server.name: kibana
- server.host: "0"
- elasticsearch.hosts: [ "http://elasticsearch:9200" ]
- monitoring.ui.container.elasticsearch.enabled: true
- i18n.locale: "zh-CN" #kibana汉化
location / #必须是/否则代码不上
passpoxry http:ip:port
1.Kibana设置elasticsearch索引过期时间,到期自动删除
首先创建一个索引,索引必须名字后面*这样所有日期都能检索出。然后在创建一个十天的日志生命周期管理,在创建一个索引模板,索引模板可以检索出所有需要检索的日志,这个索引模板可以直接复制日志生命周期管理代码,也可之后日志生命周期里面加入这个索引模板。
2.创建一个索引生命周期策略
Index Management 索引管理
Index Lifecycle Policies 索引生命周期策略
Delete phase 删除阶段
3.创建一个索引模板用来管理所有索引
Index Templates 索引模板
- {
- "index": {
- "lifecycle": {
- "name": "gdnb-tes*"
- }
- }
- }
可将索引周期管理的代码复制过去,也可直接到索引周期管理里面选择gdnb-test-10day这个索引模板
3.将需要保存十天的日志索引模板加入刚创建的周期生命管理
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/我家小花儿/article/detail/944657
推荐阅读
相关标签
