一、创建一个新的命名空间
kubectl create ns elk
二、部署elasticSearch
创建yaml存放目录
mkdir elk
cd elk
资源配置清单
cat >> elasticsearch.yaml<<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
generation: 1
labels:
app: elasticsearch-logging
version: v1
name: elasticsearch
namespace: elk
spec:
minReadySeconds: 10
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: elasticsearch-logging
version: v1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
app: elasticsearch-logging
version: v1
spec:
affinity:
nodeAffinity: {}
containers:
- env:
- name: discovery.type
value: single-node
- name: ES_JAVA_OPTS
value: -Xms512m -Xmx512m
- name: MINIMUM_MASTER_NODES
value: "1"
image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0-amd64
imagePullPolicy: IfNotPresent
name: elasticsearch-logging
ports:
- containerPort: 9200
name: db
protocol: TCP
- containerPort: 9300
name: transport
protocol: TCP
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: "1"
memory: 1Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: es-persistent-storage
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: user-1-registrysecret
initContainers:
- command:
- /sbin/sysctl
- -w
- vm.max_map_count=262144
image: alpine:3.6
imagePullPolicy: IfNotPresent
name: elasticsearch-logging-init
resources: {}
securityContext:
privileged: true
procMount: Default
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /opt/paas/hanju/es_data
type: ""
name: es-persistent-storage
---
apiVersion: v1
kind: Service
metadata:
namespace: elk
name: elasticsearch
labels:
app: elasticsearch-logging
spec:
type: ClusterIP
ports:
- port: 9200
name: elasticsearch
selector:
app: elasticsearch-logging
EOF
三、部署logstash
configMap定义logstash相关配置项,主要包括一下几项。
input:定义输入到logstash的源。
filter:定义过滤条件。
output:可以定义输出到es,redis,kafka等等。
资源配置清单
cat >> logstash.yaml<<EOF
---
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-config
namespace: elk
data:
logstash.conf: |-
input {
beats {
port => 5044
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["elasticsearch:9200"]
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: logstash
namespace: elk
labels:
name: logstash
spec:
replicas: 1
selector:
matchLabels:
name: logstash
template:
metadata:
labels:
app: logstash
name: logstash
spec:
containers:
- name: logstash
image: docker.elastic.co/logstash/logstash:7.12.0
ports:
- containerPort: 5044
protocol: TCP
- containerPort: 9600
protocol: TCP
volumeMounts:
- name: logstash-config
#mountPath: /usr/share/logstash/logstash-simple.conf
#mountPath: /usr/share/logstash/config/logstash-sample.conf
mountPath: /usr/share/logstash/pipeline/logstash.conf
subPath: logstash.conf
#ports:
# - containerPort: 80
# protocol: TCP
volumes:
- name: logstash-config
configMap:
#defaultMode: 0644
name: logstash-config
---
apiVersion: v1
kind: Service
metadata:
namespace: elk
name: logstash
labels:
app: logstash
spec:
type: ClusterIP
ports:
- port: 5044
name: logstash
selector:
app: logstash
EOF
四、部署nginx和filebeat
资源配置清单
cat >> nginx_With_filebeat_to_logstash.yaml<<EOF
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config-to-logstash
namespace: elk
data:
filebeat.yml: |-
filebeat.inputs:
- type: log
paths:
- /logm/*.log
output.logstash:
hosts: ['logstash:5044']
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
namespace: elk
data:
nginx.conf: |-
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format log_json '{"@timestamp":"$time_local","user_ip":"$http_x_real_ip","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_req":"$request","http_code":"$status","body_bytes_sents":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent","server_addr":"$server_addr","uri":"$uri"}';
access_log /var/log/nginx/access.log log_json;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: elk
labels:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
name: nginx
template:
metadata:
labels:
app: nginx
name: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
protocol: TCP
volumeMounts:
- name: logm
mountPath: /var/log/nginx/
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: filebeat
image: docker.elastic.co/beats/filebeat:7.12.0
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
volumeMounts:
- mountPath: /logm
name: logm
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
volumes:
- name: logm
emptyDir: {}
- name: config
configMap:
defaultMode: 0640
name: filebeat-config-to-logstash
- name: nginx-conf
configMap:
defaultMode: 0640
name: nginx-conf
EOF
五、部署kibana
资源配置清单
cat >> kibana.yaml<<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
namespace: elk
labels:
name: kibana
spec:
replicas: 1
selector:
matchLabels:
name: kibana
template:
metadata:
labels:
app: kibana
name: kibana
spec:
containers:
- name: kibana
image: docker.elastic.co/kibana/kibana:7.12.0
ports:
- containerPort: 5601
protocol: TCP
env:
- name: ELASTICSEARCH_URL
value: http://elasticsearch:9200
---
apiVersion: v1
kind: Service
metadata:
name: kibana
namespace: elk
spec:
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 5601
selector:
app: kibana
EOF
六、发布服务
# kubectl apply -f `pwd`
# kubectl get po,svc -n elk -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/elasticsearch-64884b99f6-w4znx 1/1 Running 0 62m 10.244.1.19 node2 <none> <none>
pod/kibana-8487685985-q4sg4 1/1 Running 0 62m 10.244.2.35 node1 <none> <none>
pod/logstash-5957f547cd-xkq2h 1/1 Running 0 62m 10.244.2.36 node1 <none> <none>
pod/nginx-5db7666949-d96h2 2/2 Running 0 62m 10.244.2.37 node1 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/elasticsearch ClusterIP 10.104.201.124 <none> 9200/TCP 62m app=elasticsearch-logging
service/kibana NodePort 10.98.234.194 <none> 80:31089/TCP 62m app=kibana
service/logstash ClusterIP 10.109.81.210 <none> 5044/TCP 62m app=logstash
# curl 10.104.201.124:9200
{
"name" : "elasticsearch-64884b99f6-w4znx",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "z3S2dz14SVKqlagFZtC2KA",
"version" : {
"number" : "7.12.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "78722783c38caa25a70982b5b042074cde5d3b3a",
"build_date" : "2021-03-18T06:17:15.410153305Z",
"build_snapshot" : false,
"lucene_version" : "8.8.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
七、浏览器访问
在浏览器地址栏输入任意节点IP地址+kibana的NodePort暴露的端口进行访问
image.png
添加索引
image.png
查看
image.png
网友评论