目录

前言

搭建ES

搭建FileBeat

挂载操作的tips

配置一个自定义configMap

搭建logstash

搭建自定义pod logging-app-manual 

相关K8s操作命令可参考

参考文章

前言

本文搭建的ELK 是基于K8s 部署的docker容器环境。

阅读本篇要求:具备了解K8s相关的基础知识,如K8s相关操作命令、具备阅读理解yml内容的能力等。

本文的搭建环境相关yml配置地址:GitHub - liuchaoOvO/docker

提供参考,若需要自行本地搭建,请修改yml中的相关挂载绝对路径和Service NodePort模式下 访问的个人局域网ip(后面会说明 哪里用到了ip)。

搭建ES

使用的配置为elasticsearch-demo-8.1.0 文件夹下的service-es.yml、deployment-es.yaml

如图位置:

 service-es.yml 内容:

apiVersion: v1
kind: Service
metadata:
  name: my-elasticsearch
  labels:
    app: my-elasticsearch
spec:
  type: NodePort
  selector:
    app: my-elasticsearch
  ports:
  - name: http
    port: 9200
    nodePort: 30920

deployment-es.yaml 内容:

apiVersion: apps/v1
kind: StatefulSet 
metadata:
  name: my-elasticsearch
spec:
  selector:
    matchLabels:
      app: my-elasticsearch  # has to match .spec.template.metadata.labels
  serviceName: "elasticsearch-svc"  #声明它属于哪个Headless Service.
  replicas: 1 # by default is 1
  template:
    metadata:
      labels:
        app: my-elasticsearch  # has to match .spec.selector.matchLabels
    spec:
      terminationGracePeriodSeconds: 10
      volumes:
       - name: data-storage
         persistentVolumeClaim:
           claimName: my-local-pvc #和之前的PersistentVolumeClaim的name一致
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
        ports:
        - containerPort: 9200
          name: es-cli
        - containerPort: 9300
          name: es-iner
        env:
        - name: discovery.type
          value: single-node  
        - name: http.cors.enabled
          value: "true"
        - name: http.cors.allow-origin
          value: "*"
        volumeMounts:
         - mountPath: "/tmp/data"
           name: data-storage

搭建FileBeat

使用的配置为/filebeat-8.1.0
文件夹下的filebeat-kubernetes.yaml 

 内容如下:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
  namespace: default
  labels:
    k8s-app: filebeat
data:
  filebeat.yml: |-
    filebeat.inputs:
    - type: container
      paths:
        - /var/log/containers/*.log
      processors:
        - add_kubernetes_metadata:
            host: ${NODE_NAME}
            matchers:
            - logs_path:
                logs_path: "/var/log/containers/"
    # To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
    #filebeat.autodiscover:
    #  providers:
    #    - type: kubernetes
    #      node: ${NODE_NAME}
    #      hints.enabled: true
    #      hints.default_config:
    #        type: container
    #        paths:
    #          - /var/log/containers/*${data.kubernetes.container.id}.log
    processors:
      - add_cloud_metadata:
      - add_host_metadata:
    cloud.id: ${ELASTIC_CLOUD_ID}
    cloud.auth: ${ELASTIC_CLOUD_AUTH}
    #output.elasticsearch:
    #  hosts: ["http://10.252.203.240:30920"]
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: default
  labels:
    k8s-app: filebeat
spec:
  selector:
    matchLabels:
      k8s-app: filebeat
  template:
    metadata:
      labels:
        k8s-app: filebeat
    spec:
      serviceAccountName: filebeat
      terminationGracePeriodSeconds: 30
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: filebeat
        image: docker.elastic.co/beats/filebeat:8.1.0
        args: [
          "-c", "/etc/filebeat.yml",
          "-e",
        ]
        env:
        - name: ELASTICSEARCH_HOST
          value: 10.252.203.240
        - name: ELASTICSEARCH_PORT
          value: "30920"
        - name: ELASTIC_CLOUD_ID
          value:
        - name: ELASTICSEARCH_USERNAME
          value: 
        - name: ELASTICSEARCH_PASSWORD
          value: 
        - name: ELASTIC_CLOUD_AUTH
          value:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        securityContext:
          runAsUser: 0
          # If using Red Hat OpenShift uncomment this:
          #privileged: true
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 100Mi
        volumeMounts:
        - name: config
          mountPath: /etc/filebeat.yml
          readOnly: true
          subPath: filebeat.yml
        - name: data
          mountPath: /usr/share/filebeat/data
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
        - name: varlog
          mountPath: /var/log
          readOnly: true
      volumes:
      - name: config
        hostPath:
          path: /Users/liuchao58/Mydocker/renrenche/docker-master/docker-compose/filebeat/filebeat-8.1.0/config
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
      - name: varlog
        hostPath:
          path: /var/log
      # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
      - name: data
        hostPath:
          # When filebeat runs as non-root user, this directory needs to be writable by group (g+w).
          path: /var/lib/filebeat-data
          type: DirectoryOrCreate
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: filebeat
subjects:
- kind: ServiceAccount
  name: filebeat
  namespace: default
roleRef:
  kind: ClusterRole
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: filebeat
  namespace: default
subjects:
  - kind: ServiceAccount
    name: filebeat
    namespace: default
roleRef:
  kind: Role
  name: filebeat
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: filebeat-kubeadm-config
  namespace: default
subjects:
  - kind: ServiceAccount
    name: filebeat
    namespace: default
roleRef:
  kind: Role
  name: filebeat-kubeadm-config
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: filebeat
  labels:
    k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
  resources:
  - namespaces
  - pods
  - nodes
  verbs:
  - get
  - watch
  - list
- apiGroups: ["apps"]
  resources:
    - replicasets
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: filebeat
  # should be the namespace where filebeat is running
  namespace: default
  labels:
    k8s-app: filebeat
rules:
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: filebeat-kubeadm-config
  namespace: default
  labels:
    k8s-app: filebeat
rules:
  - apiGroups: [""]
    resources:
      - configmaps
    resourceNames:
      - kubeadm-config
    verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: filebeat
  namespace: default
  labels:
    k8s-app: filebeat
---
apiVersion: v1
kind: Service
metadata:
  name: filebeat
  annotations:
  labels:
    k8s-app: filebeat
  namespace: default
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    nodePort: 30099
    protocol: TCP
    targetPort: 30099
  selector:
    k8s-app: filebeat
---

相关被挂载到本地的config文件如图:

挂载操作的tips

可以先通过kubectl create -f  filebeat-kubernetes.yaml 启动。(记得先将filebeat-kubernetes.yaml 挂载的相关内容删掉)

再利用kubectl get pods -A 查看启动的该pod

再利用kubectl cp 操作该pod 复制容器内容的相关文件路径文件 到宿主机本地。

后续就可以挂载本地的配置文件,然后在通过volume mount 配置到filebeat-kubernetes.yaml

配置一个自定义configMap

用于后面挂载 自定义lctest 文件夹下的mydockerdemo容器中的配置路径。

文件所在路径如图:

beat-manual-config-ConfigMap.yml内容为:

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  filebeat.yml: |
    filebeat.inputs:
    - type: container
      paths:
        - /var/log/containers/*.log
      processors:
        - add_kubernetes_metadata:
            host: ${NODE_NAME}
            matchers:
            - logs_path:
                logs_path: "/var/log/containers/"
    - type: log
      paths:
        - /mnt/logs/*.log
    # To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
    #filebeat.autodiscover:
    #  providers:
    #    - type: kubernetes
    #      node: ${NODE_NAME}
    #      hints.enabled: true
    #      hints.default_config:
    #        type: container
    #          - /var/log/containers/*${data.kubernetes.container.id}.log
    processors:
      - add_cloud_metadata:
      - add_host_metadata:
    cloud.id: ${ELASTIC_CLOUD_ID}
    cloud.auth: ${ELASTIC_CLOUD_AUTH}
    output:
    #  输出到logstash中,logstash更换为自己的ip
      logstash:
        hosts: ["10.252.203.240:30044"]
    #output.elasticsearch:
    #  hosts: ["http://10.252.203.240:30920"]
    #  username:
    #  password:
    #  allow_older_versions: true
    #output.elasticsearch:
    #  hosts: ["https://es01:9200","https://es02:9200","https://es03:9200"]
    #  username: elastic
    #  password: liuchao123456
kind: ConfigMap
metadata:
  name: beat-manual-config
  namespace: default

搭建logstash

文件位置如图:

 有关k8s-logstash.yml配置内容

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: logstash
  namespace: default
  labels:
    k8s-app: logstash
spec:
  selector:
    matchLabels:
      k8s-app: logstash
  template:
    metadata:
      labels:
        k8s-app: logstash
    spec:
      terminationGracePeriodSeconds: 30
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: logstash
        ports:
        - containerPort: 5044
          name: logstash
        image: docker.elastic.co/logstash/logstash:8.1.0
        volumeMounts:
        - name: logstashconfig
          mountPath: /usr/share/logstash/config/
      volumes:  
      - name: logstashconfig     
        hostPath:
          path: /Users/liuchao58/Mydocker/renrenche/docker-master/docker-compose/logstash/logstash-8.1.0/config/

---
apiVersion: v1
kind: Service
metadata:
  name: logstash
  annotations:
  labels:
    k8s-app: logstash
  namespace: default
spec:
  type: NodePort
  ports:
  - name: http
    port: 5044
    nodePort: 30044
    protocol: TCP
    targetPort: 5044
  selector:
    k8s-app: logstash
---

搭建自定义pod logging-app-manual 

该pod的主要目的是为了作为demo 应用生产业务日志。

有关mydockerstrap:0.0.1镜像 的源码,地址为:GitHub - liuchaoOvO/mydockerDemo

有关将springboot项目 构建成镜像,并推送到harbor仓库。内容自行了解。

相关命令 可参考 docker build/login/tag/push 等

相关K8s操作命令可参考

Docker&K8s 常用命令_CoderTnT的博客-CSDN博客

参考文章

Running Elasticsearch, Logstash, and Kibana on Kubernetes with Helm - Coralogix

# elk # k8s
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes