Kubernetes ELLK

最新推荐文章于 2024-07-19 09:47:26 发布

。傲娇小野猫°

最新推荐文章于 2024-07-19 09:47:26 发布

阅读量216

点赞数

文章标签： kubernetes

本文链接：https://blog.youkuaiyun.com/weixin_45735613/article/details/123637943

版权

该博客介绍了如何在Kubernetes环境下部署ELK (Elasticsearch, Logstash, Kibana)堆栈，并实现了日志收集和可视化。配置文件包括Elasticsearch、Logstash、Kibana的rc和svc文件，以及Logspout-daemon配置。" 126498322,9369275,Verilog HDL实战：奇偶校验原理与实现,"['FPGA开发', 'Verilog HDL', '硬件设计']

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Kubernetes ELLK

本次方案是按照 Elasticsearch + Logspout + Logstash + kibana 并且手机的日志可以被简单切分：

Elasticsearch-rc 配置文件：

apiVersion: v1

kind: ReplicationController

metadata:

name: elasticsearch-logging-v1

labels:

k8s-app: elasticsearch-logging

version: v1

kubernetes.io/cluster-service: "true"

spec:

replicas: 1

selector:

k8s-app: elasticsearch-logging

version: v1

template:

metadata:

labels:

k8s-app: elasticsearch-logging

version: v1

kubernetes.io/cluster-service: "true"

spec:

nodeSelector:

role: elk

containers:

- image: registry.aliyuncs.com/slzcc/elasticsearch

name: elasticsearch

resources:

limits:

cpu: 1000m

requests:

cpu: 100m

ports:

- containerPort: 9200

name: db

protocol: TCP

- containerPort: 9300

name: transport

protocol: TCP

volumeMounts:

- name: es-persistent-storage

mountPath: "/usr/share/elasticsearch/data"

volumes:

- name: es-persistent-storage

hostPath:

path: "/data/elasticsearch"

Elasticsearch-svc 配置文件：

apiVersion: v1

kind: Service

metadata:

name: elasticsearch-logging

labels:

k8s-app: elasticsearch-logging

kubernetes.io/cluster-service: "true"

kubernetes.io/name: "Elasticsearch"

spec:

ports:

- port: 9200

name: http

protocol: TCP

targetPort: db

selector:

k8s-app: elasticsearch-logging

Kibana-rc 配置文件：

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: kibana-logging

labels:

k8s-app: kibana-logging

kubernetes.io/cluster-service: "true"

spec:

replicas: 1

selector:

matchLabels:

k8s-app: kibana-logging

template:

metadata:

labels:

k8s-app: kibana-logging

spec:

nodeSelector:

role: elk

containers:

- name: kibana-logging

image: registry.aliyuncs.com/slzcc/kibana

resources:

# keep request = limit to keep this container in guaranteed class

limits:

cpu: 100m

requests:

cpu: 100m

env:

- name: "ELASTICSEARCH_URL"

value: "http://elasticsearch-logging:9200"

ports:

- containerPort: 5601

name: ui

protocol: TCP

Kibana-svc 配置文件：

apiVersion: v1

kind: Service

metadata:

name: kibana-logging

labels:

k8s-app: kibana-logging

kubernetes.io/cluster-service: "true"

kubernetes.io/name: "Kibana"

spec:

ports:

- port: 5601

name: http

protocol: TCP

targetPort: ui

selector:

k8s-app: kibana-logging

Logstash-configmap 配置文件：

apiVersion: v1

kind: ConfigMap

metadata:

name: logstash

data:

logstash.conf: |-

input {

udp {

port => 514

type => syslog

codec => json

}

tcp {

port => 514

type => syslog

codec => json

}

filter {

if [type] == "syslog" {

grok {

match => { "message" => "%{SYSLOG5424PRI}%{NONNEGINT:ver} +(?:%{TIMESTAMP_ISO8601:ts}|-) +(?:%{HOSTNAME:containerid}|-) +(?:% {NOTSPACE:containername}|-) +(?:%{NOTSPACE:proc}|-) +(?:%{WORD:msgid}|-) +(?:%{SYSLOG5424SD:sd}|-|) +%{GREEDYDATA:msg}" }

}

syslog_pri { }

date {

match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]

}

if !("_grokparsefailure" in [tags]) {

mutate {

replace => [ "@source_host", "%{syslog_hostname}" ]

replace => [ "@message", "%{syslog_message}" ]

}

mutate {

remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]

}

output {

elasticsearch {

hosts => ["elasticsearch-logging:9200"]

index => "k8s-%{type}-%{+YYYY.MM.dd}"

document_type => "%{type}"

workers => 1

flush_size => 20000

idle_flush_time => 10

template_overwrite => true

codec => json

}

Logstash-rc 配置文件：

apiVersion: v1

kind: ReplicationController

metadata:

name: logstash

labels:

k8s-app: logstash

version: v1

kubernetes.io/cluster-service: "true"

spec:

replicas: 1

selector:

k8s-app: logstash

version: v1

template:

metadata:

labels:

k8s-app: logstash

version: v1

kubernetes.io/cluster-service: "true"

spec:

nodeSelector:

role: elk

containers:

- image: registry.aliyuncs.com/slzcc/logstash-build

name: logstash

resources:

limits:

cpu: 1000m

requests:

cpu: 100m

ports:

- containerPort: 514

name: input

protocol: TCP

- containerPort: 514

name: output

protocol: UDP

command:

- '/logstash-5.1.1/bin/logstash'

- '-f'

- '/etc/logstash/logstash.conf'

- '-w 20'

volumeMounts:

- mountPath: "/etc/logstash/"

name: config-volume

volumes:

- name: config-volume

configMap:

name: logstash

Logstash-svc 配置文件：

apiVersion: v1

kind: Service

metadata:

name: logstash

labels:

k8s-app: logstash

kubernetes.io/cluster-service: "true"

kubernetes.io/name: "logstash"

spec:

ports:

- port: 514

name: input

protocol: TCP

targetPort: input

# - port: 514

# name: output

# protocol: UDP

# targetPort: output

selector:

k8s-app: logstash

clusterIP: None

Lospout-daemon 配置文件：

apiVersion: extensions/v1beta1

kind: DaemonSet

metadata:

name: logspout-elasticsearch

labels:

k8s-app: logspout-logging

spec:

template:

metadata:

labels:

name: logspout-elasticsearch

spec:

containers:

nodeSelector:

role: elk

- name: logspout-elasticsearch

image: registry.aliyuncs.com/slzcc/logspout-logstash

resources:

limits:

memory: 200Mi

requests:

cpu: 100m

memory: 200Mi

env:

- name: "ROUTE_URIS"

value: "logstash+tcp://logstash:514"

volumeMounts:

- mountPath: "/var/run/docker.sock"

name: sock

volumes:

- hostPath:

path: "/var/run/docker.sock"

name: sock

terminationGracePeriodSeconds: 30