基于ELK+FileBeat实现日志处理系统(2) 环境搭建部分
利用K8s 搭建ELK 环境
目录
前言
本文搭建的ELK 是基于K8s 部署的docker容器环境。
阅读本篇要求:具备了解K8s相关的基础知识,如K8s相关操作命令、具备阅读理解yml内容的能力等。
本文的搭建环境相关yml配置地址:GitHub - liuchaoOvO/docker
提供参考,若需要自行本地搭建,请修改yml中的相关挂载绝对路径和Service NodePort模式下 访问的个人局域网ip(后面会说明 哪里用到了ip)。
搭建ES
使用的配置为elasticsearch-demo-8.1.0 文件夹下的service-es.yml、deployment-es.yaml
如图位置:
service-es.yml 内容:
apiVersion: v1
kind: Service
metadata:
name: my-elasticsearch
labels:
app: my-elasticsearch
spec:
type: NodePort
selector:
app: my-elasticsearch
ports:
- name: http
port: 9200
nodePort: 30920
deployment-es.yaml 内容:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: my-elasticsearch
spec:
selector:
matchLabels:
app: my-elasticsearch # has to match .spec.template.metadata.labels
serviceName: "elasticsearch-svc" #声明它属于哪个Headless Service.
replicas: 1 # by default is 1
template:
metadata:
labels:
app: my-elasticsearch # has to match .spec.selector.matchLabels
spec:
terminationGracePeriodSeconds: 10
volumes:
- name: data-storage
persistentVolumeClaim:
claimName: my-local-pvc #和之前的PersistentVolumeClaim的name一致
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
ports:
- containerPort: 9200
name: es-cli
- containerPort: 9300
name: es-iner
env:
- name: discovery.type
value: single-node
- name: http.cors.enabled
value: "true"
- name: http.cors.allow-origin
value: "*"
volumeMounts:
- mountPath: "/tmp/data"
name: data-storage
搭建FileBeat
使用的配置为/filebeat-8.1.0
文件夹下的filebeat-kubernetes.yaml
内容如下:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: default
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
matchers:
- logs_path:
logs_path: "/var/log/containers/"
# To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
#filebeat.autodiscover:
# providers:
# - type: kubernetes
# node: ${NODE_NAME}
# hints.enabled: true
# hints.default_config:
# type: container
# paths:
# - /var/log/containers/*${data.kubernetes.container.id}.log
processors:
- add_cloud_metadata:
- add_host_metadata:
cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}
#output.elasticsearch:
# hosts: ["http://10.252.203.240:30920"]
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
namespace: default
labels:
k8s-app: filebeat
spec:
selector:
matchLabels:
k8s-app: filebeat
template:
metadata:
labels:
k8s-app: filebeat
spec:
serviceAccountName: filebeat
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:8.1.0
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
env:
- name: ELASTICSEARCH_HOST
value: 10.252.203.240
- name: ELASTICSEARCH_PORT
value: "30920"
- name: ELASTIC_CLOUD_ID
value:
- name: ELASTICSEARCH_USERNAME
value:
- name: ELASTICSEARCH_PASSWORD
value:
- name: ELASTIC_CLOUD_AUTH
value:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
# If using Red Hat OpenShift uncomment this:
#privileged: true
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: data
mountPath: /usr/share/filebeat/data
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: varlog
mountPath: /var/log
readOnly: true
volumes:
- name: config
hostPath:
path: /Users/liuchao58/Mydocker/renrenche/docker-master/docker-compose/filebeat/filebeat-8.1.0/config
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: varlog
hostPath:
path: /var/log
# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
- name: data
hostPath:
# When filebeat runs as non-root user, this directory needs to be writable by group (g+w).
path: /var/lib/filebeat-data
type: DirectoryOrCreate
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: filebeat
subjects:
- kind: ServiceAccount
name: filebeat
namespace: default
roleRef:
kind: ClusterRole
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat
namespace: default
subjects:
- kind: ServiceAccount
name: filebeat
namespace: default
roleRef:
kind: Role
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat-kubeadm-config
namespace: default
subjects:
- kind: ServiceAccount
name: filebeat
namespace: default
roleRef:
kind: Role
name: filebeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: filebeat
labels:
k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- namespaces
- pods
- nodes
verbs:
- get
- watch
- list
- apiGroups: ["apps"]
resources:
- replicasets
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat
# should be the namespace where filebeat is running
namespace: default
labels:
k8s-app: filebeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat-kubeadm-config
namespace: default
labels:
k8s-app: filebeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: default
labels:
k8s-app: filebeat
---
apiVersion: v1
kind: Service
metadata:
name: filebeat
annotations:
labels:
k8s-app: filebeat
namespace: default
spec:
type: NodePort
ports:
- name: http
port: 80
nodePort: 30099
protocol: TCP
targetPort: 30099
selector:
k8s-app: filebeat
---
相关被挂载到本地的config文件如图:
挂载操作的tips
可以先通过kubectl create -f filebeat-kubernetes.yaml 启动。(记得先将filebeat-kubernetes.yaml 挂载的相关内容删掉)
再利用kubectl get pods -A 查看启动的该pod
再利用kubectl cp 操作该pod 复制容器内容的相关文件路径文件 到宿主机本地。
后续就可以挂载本地的配置文件,然后在通过volume mount 配置到filebeat-kubernetes.yaml
配置一个自定义configMap
用于后面挂载 自定义lctest 文件夹下的mydockerdemo容器中的配置路径。
文件所在路径如图:
beat-manual-config-ConfigMap.yml内容为:
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
filebeat.yml: |
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
matchers:
- logs_path:
logs_path: "/var/log/containers/"
- type: log
paths:
- /mnt/logs/*.log
# To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
#filebeat.autodiscover:
# providers:
# - type: kubernetes
# node: ${NODE_NAME}
# hints.enabled: true
# hints.default_config:
# type: container
# - /var/log/containers/*${data.kubernetes.container.id}.log
processors:
- add_cloud_metadata:
- add_host_metadata:
cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}
output:
# 输出到logstash中,logstash更换为自己的ip
logstash:
hosts: ["10.252.203.240:30044"]
#output.elasticsearch:
# hosts: ["http://10.252.203.240:30920"]
# username:
# password:
# allow_older_versions: true
#output.elasticsearch:
# hosts: ["https://es01:9200","https://es02:9200","https://es03:9200"]
# username: elastic
# password: liuchao123456
kind: ConfigMap
metadata:
name: beat-manual-config
namespace: default
搭建logstash
文件位置如图:
有关k8s-logstash.yml配置内容
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: logstash
namespace: default
labels:
k8s-app: logstash
spec:
selector:
matchLabels:
k8s-app: logstash
template:
metadata:
labels:
k8s-app: logstash
spec:
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: logstash
ports:
- containerPort: 5044
name: logstash
image: docker.elastic.co/logstash/logstash:8.1.0
volumeMounts:
- name: logstashconfig
mountPath: /usr/share/logstash/config/
volumes:
- name: logstashconfig
hostPath:
path: /Users/liuchao58/Mydocker/renrenche/docker-master/docker-compose/logstash/logstash-8.1.0/config/
---
apiVersion: v1
kind: Service
metadata:
name: logstash
annotations:
labels:
k8s-app: logstash
namespace: default
spec:
type: NodePort
ports:
- name: http
port: 5044
nodePort: 30044
protocol: TCP
targetPort: 5044
selector:
k8s-app: logstash
---
搭建自定义pod logging-app-manual
该pod的主要目的是为了作为demo 应用生产业务日志。
有关mydockerstrap:0.0.1镜像 的源码,地址为:GitHub - liuchaoOvO/mydockerDemo
有关将springboot项目 构建成镜像,并推送到harbor仓库。内容自行了解。
相关命令 可参考 docker build/login/tag/push 等
相关K8s操作命令可参考
Docker&K8s 常用命令_CoderTnT的博客-CSDN博客
参考文章
Running Elasticsearch, Logstash, and Kibana on Kubernetes with Helm - Coralogix
更多推荐
所有评论(0)