k8s安装ELK与EFK
一、Elasticsearch安装
helm安装的也行,而且helm安装的stable/elasticsearch可用性更高,但是使用资源更多。
1、安装elasticsearch(线上环境千万记得把emptyDir改了,一定要使用存储。)
#下载资源文件
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/es-statefulset.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/es-service.yaml
#替换镜像和修改配置
docker.elastic.co/elasticsearch/elasticsearch-oss:6.7.0
#其它配置根据自己情况修改,我这里修改了name的值,其它的测试就不添加或修改了
2、查看
[root@k8s-m elk]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
elasticsearch ClusterIP 10.102.165.164 none 9200/TCP 108s
[root@k8s-m elk]# curl 10.102.165.164:9200/_cluster/health?pretty
{
"cluster_name" : "docker-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
二、Logstash安装
1、下载与修改helm资源清单(修改镜像和配置)
#下载logtsash资源清单
helm fetch stable/logstash
#修改的配置(我这里就拿messages和audit日志做演示,我去掉了pvc的存储,这里就不记录了)
#镜像6.7.0
#elasticsearch配置
elasticsearch:
host: elasticsearch.kube-system.svc.cluster.local
port: 9200
#输入输出等配置
inputs:
main: |-
input {
beats {
port = 5044
}
}
filters:
main: |-
filter {
if "audit_log" in [tags] {
mutate {
rename = { "[host][name]" = "host" }
}
}
if "messages_log" in [tags] {
mutate {
rename = { "[host][name]" = "host" }
}
}
}
outputs:
main: |-
output {
if "audit_log" in [tags] {
elasticsearch {
hosts = ["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"]
index = "audit-%{+YYYY.MM.dd}"
}
}
if "messages_log" in [tags] {
elasticsearch {
hosts = ["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"]
index = "messages-%{+YYYY.MM.dd}"
}
}
}
2、安装与查看
helm install stable/logstash --name logstash -f values.yaml --namespace kube-system
#查看
[root@k8s-m logstash]# kubectl get sts -n kube-system
NAME READY AGE
elasticsearch 2/2 33m
logstash 1/1 19m
三、Filebeat安装
1、下载与修改helm资源清单(修改镜像和配置)
#下载清单
helm fetch stable/filebeat
#修改镜像等配置(演示messages和audit日志)
config:
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
# Reload module configs as they change:
reload.enabled: false
processors:
- add_cloud_metadata:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/messages
close_eof: true
tags: messages_log
clean_*: true
- type: log
paths:
- /var/log/audit/audit.log
close_eof: true
tags: audit_log
clean_*: true
- type: docker
containers.ids:
- "*"
processors:
- add_kubernetes_metadata:
in_cluster: true
- drop_event:
when:
equals:
kubernetes.container.name: "filebeat"
output.file:
enabled: false
output.logstash:
hosts: ["logstash.kube-system.svc.cluster.local:5044"]
http.enabled: true
http.port: 5066
2、安装与查看
#安装
helm install stable/filebeat --name filebeat -f values.yaml --namespace kube-system
#查看
[root@k8s-m filebeat]# kubectl get ds -n kube-system
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
calico-node 3 3 3 3 3 beta.kubernetes.io/os=linux 45m
filebeat 2 2 2 2 2 none 21m
四、Kibana安装
1、下载与修改helm资源清单(修改镜像和配置)
#下载清单
helm fetch stable/kibana
#修改的配置(我把443改成了80端口访问)
files:
kibana.yml:
server.name: kibana
server.host: "0"
elasticsearch.hosts: http://elasticsearch.kube-system.svc.cluster.local:9200
service:
type: ClusterIP
externalPort: 80
internalPort: 5601
2、安装与查看
#安装
helm install stable/kibana --name kibana -f values.yaml --namespace kube-system
#让kibana能外网访问
kubectl patch svc kibana -n kube-system -p '{"spec":{"type":"NodePort"}}'
3、浏览器查看
五、Fluentd安装(filebeat和fluentd选一个安装)(k8s日志收集方案推荐
Fluentd) 安装fluentd就没必要安装logtsah和filebeat了,上面的架构可以说是ELFK,特点是logstash对日志较强的格式处理,格式化输出,还有特点就是之前用过或学过,不用再学习了,可以直接拿来就用。并且logstash保存到Elasticsearch之间还可以添加个消息队列。 EFK (Elasticsearch + Fluentd + Kibana) 是kubernetes官方推荐的日志收集方案。
Fluentd官方安装的就已经收集了许多日志了。可以根据自己的需求添加修改。 推荐一篇博客:blog.laisky.com/p/fluentd/#
1、安装Fluentd(记得修改elasticsearch的配置)
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
2、查看
[root@k8s-m fluentd]# kubectl get ds -n kube-system fluentd-es-v2.7.0
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
fluentd-es-v2.7.0 2 2 2 2 2 none 101m
3、kibana查看
4、总结
EFK的安装完全可以使用官方的yaml文件安装,并且官方安装的方式使用的EFK版本都比较新。
