ECK部署
参考文章:
ECK配置:
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elasticsearch-specification.html
ECK搭建:
https://medium.com/@kishorechandran41/elasticsearch-cluster-on-google-kubernetes-engine-71bedd71fa85
https://hmj2088.medium.com/elastic-cloud-on-kubernetes-b5a69339e920
部署:(3节点,1 master-node, 2 data-nodes) 版本: elastic-operator: 1.5.0 ELK: 7.12.0 1. 准备工作 a). 安装 all-in-one (elastic-operator) 下载地址: https://download.elastic.co/downloads/eck/1.5.0/all-in-one.yaml 镜像: docker.elastic.co/eck/eck-operator:1.5.0 # kubectl apply -f all-in-one.yaml //创建 b). 创建存储类 # master 主节点使用 apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: eck-master //存储类名称,和后面es申请空间时关联 provisioner: kubernetes.io/no-provisioner volumeBindingMode: WaitForFirstConsumer reclaimPolicy: Retain # data 数据节点使用 apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: elasticsearch-data //存储类名称,和后面es申请空间时关联 provisioner: kubernetes.io/no-provisioner volumeBindingMode: WaitForFirstConsumer reclaimPolicy: Retain c). 创建pv,使用local PV方式 apiVersion: v1 kind: PersistentVolume metadata: name: master # pv名称 spec: capacity: storage: 30Gi # 容量 volumeMode: Filesystem accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Delete storageClassName: eck-master local: path: /mnt/disks/ssd1 # 宿主机路径。要手动在主机创建访目录 nodeAffinity: required: nodeSelectorTerms: # 节点选择 - matchExpressions: - key: kubernetes.io/hostname operator: In values: - node01 persistentVolumeReclaimPolicy: Retain # 回收策略 storageClassName: eck-master # 关联的存储类 volumeMode: Filesystem # 其它两个数据节点的PV,按照些方式创建。 2. 部署elasticsearch apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elk-k8s # 集群名称,后面kibana要使用这个名称连接es namespace: elastic-system spec: version: 7.12.0 # es版本号 nodeSets: - name: master # 名称,随便取 count: 1 # 节点数 config: node.roles: ["master","ingest"] # master节点。ingest很重要,否则开启xpack.monitoring时会报错 node.store.allow_mmap: true xpack.monitoring.enabled: true xpack.monitoring.collection.enabled: true indices.breaker.total.use_real_memory: false # 关键参数,影响es性能 indices.fielddata.cache.size: 40% # 关键参数,影响es性能 indices.query.bool.max_clause_count: 4096 indices.memory.index_buffer_size: "25%" podTemplate: metadata: labels: # 标签,没有使用,只是写在这里 foo: bar spec: initContainers: - name: sysctl securityContext: privileged: true command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] containers: - name: elasticsearch # 这个名字不要改 env: - name: ES_JAVA_OPTS value: -Xms4g -Xmx4g resources: requests: memory: 6Gi cpu: 2 limits: memory: 6Gi cpu: 2 image: hub.example.com/base/elasticsearch:7.12.0 # 私有镜像仓库里摘取镜像 readinessProbe: # 调大了健康检查时间 exec: command: - bash - -c - /mnt/elastic-internal/scripts/readiness-probe-script.sh failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 20 volumeClaimTemplates: - metadata: name: elasticsearch-data # 名字不要改 spec: accessModes: - ReadWriteOnce resources: requests: storage: 30Gi # 申请的pv空间 storageClassName: eck-master # 关联的存储类 - name: datas count: 2 podTemplate: spec: initContainers: - name: sysctl securityContext: privileged: true command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] containers: - name: elasticsearch # 这个名字不要改 env: - name: ES_JAVA_OPTS value: -Xms6g -Xmx6g resources: requests: memory: 8Gi cpu: 4 limits: memory: 8Gi cpu: 4 image: hub.example.com/base/elasticsearch:7.12.0 readinessProbe: exec: command: - bash - -c - /mnt/elastic-internal/scripts/readiness-probe-script.sh failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 20 config: node.roles: ["data"] # 数据节点 node.store.allow_mmap: true xpack.monitoring.enabled: true xpack.monitoring.collection.enabled: true indices.breaker.total.use_real_memory: false indices.fielddata.cache.size: 40% indices.query.bool.max_clause_count: 4096 indices.memory.index_buffer_size: "25%" volumeClaimTemplates: - metadata: name: elasticsearch-data # 这个名字不要改 spec: accessModes: - ReadWriteOnce resources: requests: storage: 50Gi # 申请的pv空间 storageClassName: eck-node # 关联的存储类 # kubectl apply -f elastic.yaml # 创建es集群。查看一下日志有没有报错 获取elasticsearch默认密码 # PASSWORD=$(kubectl -n elastic-system get secrets elk-k8s-es-elastic-user -o go-template='{{.data.elastic | base64decode}}') 用户名:elastic 密码:$PASSWORD # curl --insecure -u "elastic:$PASSWORD" -k https://10.43.123.78:9200/_cat/nodes?v 3. 使用elasticsearch api 调整参数 PUT _cluster/settings { "persistent": { "xpack.monitoring.collection.enabled": true } } PUT /_cluster/settings { "persistent": { "cluster": { "max_shards_per_node":15000 } } } PUT /_cluster/settings { "persistent" : { "indices.breaker.fielddata.limit" : "60%", "indices.breaker.request.limit" : "40%", "indices.breaker.total.limit" : "70%" } } 4. 部署kibana apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: xn-kibana namespace: elastic-system spec: version: 7.12.0 # kibana版本 count: 1 elasticsearchRef: name: "elk-k8s" # es集群名称 namespace: elastic-system podTemplate: spec: containers: - name: kibana env: - name: NODE_OPTIONS value: "--max-old-space-size=2048" resources: requests: memory: 1Gi cpu: 0.5 limits: memory: 3Gi cpu: 2 image: hub.example.com/base/kibana:7.12.0 # kubectl apply -f kibana.yaml # 部署Kibana 5. 配置代理访问kibana 因为我是使用rancher部署的k8s集群,所以下面是在rancher里创建的nginx-ingress配置
---- 空行 --------
添加注释: nginx.ingress.kubernetes.io/backend-protocol=https
在kibana里查看一下集群状态:
GET _cat/nodes GET _cluster/settings GET _cat/health GET _cat/thread_pool?v 根据需要调整对应index模板: { "index": { "mapping": { "total_fields": { "limit": "10000" } }, "refresh_interval": "15s", "number_of_shards": "1", "translog": { "flush_threshold_size": "1024mb", "sync_interval": "120s", "durability": "async" }, "max_docvalue_fields_search": "500", "query": { "default_field": [ "message", "tags", "agent.ephemeral_id", "agent.id", ...... 6. 部署filebeat apiVersion: beat.k8s.elastic.co/v1beta1 kind: Beat metadata: name: filebeat namespace: elastic-system spec: type: filebeat version: 7.11.1 elasticsearchRef: name: xn-elastic namespace: elastic-system kibanaRef: name: xn-kibana namespace: elastic-system config: filebeat: autodiscover: providers: - type: kubernetes node: ${NODE_NAME} hints: enabled: true default_config: type: container paths: - /var/log/containers/*${data.kubernetes.container.id}.log tail_files: true harvester_buffer_size: 65536 exclude_lines: ['SqlSession', '<== Total: 0', 'JDBC Connection', '<== Columns'] #multiline: # pattern: ^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2} # negate: true # match: after filebeat.config: modules: path: ${path.config}/modules.d/*.yml reload.enabled: false filebeat.modules: - module: system syslog: enabled: true var.paths: ["/var/log/messages"] var.convert_timezone: true auth: enabled: true var.paths: ["/var/log/secure"] var.convert_timezone: true filebeat.shutdown_timeout: 10s logging.level: info # debug #logging.selectors: ["prospector","harvester"] output.elasticsearch: worker: 4 bulk_max_size: 22000 flush_interval: 1s indices: - index: "k8s-syslog-%{+yyyy.MM.dd}" when.equals: event.module: "system" - index: "k8s-%{[kubernetes.namespace]}-%{+yyyy.MM.dd}" username: ${ELASTICSEARCH_USERNAME} password: ${ELASTICSEARCH_PASSWORD} ##setup.template.enabled: true setup.template.name: "k8s" setup.template.pattern: "k8s-*" setup.ilm.enabled: false processors: - add_cloud_metadata: {} - add_host_metadata: {} - drop_fields: fields: ["host.ip", "host.mac", "host.id", "host.name", "host.architecture", "host.os.family", "host.os.name", "host.os.version", "host.os.codename", "host.os.kernel", "ecs.version", "agent.name", "agent.version", "kubernetes.node.l abels.beta_kubernetes_io/arch", "kubernetes.node.labels.beta_kubernetes_io/os"] queue.mem: events: 16000 flush.min_events: 9000 flush.timeout: 1s daemonSet: podTemplate: spec: serviceAccountName: filebeat automountServiceAccountToken: true terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirstWithHostNet hostNetwork: true # Allows to provide richer host metadata containers: - name: filebeat securityContext: runAsUser: 0 # If using Red Hat OpenShift uncomment this: #privileged: true image: registry.cqxndb.com/base/filebeat:7.11.1 resources: limits: cpu: 300m memory: 300Mi requests: cpu: 300m memory: 300Mi volumeMounts: - name: varlogcontainers mountPath: /var/log/containers - name: varlogpods mountPath: /var/log/pods - name: varlibdockercontainers mountPath: /var/lib/docker/containers - name: varlogmessages mountPath: /var/log/messages - name: varlogsecure mountPath: /var/log/secure env: - name: ELASTICSEARCH_USERNAME value: elastic - name: ELASTICSEARCH_PASSWORD valueFrom: secretKeyRef: key: elastic name: xn-elastic-es-elastic-user - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - name: varlogcontainers hostPath: path: /var/log/containers - name: varlogpods hostPath: path: /var/log/pods - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: varlogmessages hostPath: path: /var/log/messages - name: varlogsecure hostPath: path: /var/log/secure --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - nodes - pods verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: elastic-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: elastic-system roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io 7. 部署APMServer apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: xn-apmserver namespace: elastic-system spec: version: 7.11.1 count: 1 elasticsearchRef: name: "xn-elastic" # 引用ES名称 kibanaRef: name: "xn-kibana" # 引用kibana名称 config: apm-server: rum.enabled: true ilm.enabled: true rum.event_rate.limit: 300 rum.event_rate.lru_size: 1000 rum.allow_origins: ['*'] logging: level: warning queue.mem: events: 10240 output.elasticsearch: worker: 2 bulk_max_size: 500 podTemplate: spec: containers: - name: apm-server resources: requests: memory: 2Gi cpu: 2 limits: memory: 4Gi cpu: 4 image: registry.example.com/base/apm-server:7.11.1
应用接入APMServer:
参考链接:https://github.com/maieve/Eck-apm-example
