docker筆記48-部署EFK日誌系統
一個完整的k8s叢集,應該包含如下六大部分:kube-dns、ingress-controller、metrics server監控系統、dashboard、儲存和EFK日誌系統。
我們的日誌系統要部署在k8s叢集之外,這樣即使整個k8s叢集當機了,我們還能從外接的日誌系統檢視到k8s當機前的日誌。
另外,我們生產部署的日誌系統要單獨放在一個儲存捲上。 這裡我們為了方便,本次測試關閉了日誌系統的儲存卷功能。
1、新增incubator源(這個源是開發版的安裝包,用起來可能不穩定)
訪問
[root@master ~]# helm repo list NAME URL local stable
[root@master efk]# helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com "incubator" has been added to your repositories
[root@master efk]# helm repo list NAME URL local stable incubatorhttps://kubernetes-charts-incubator.storage.googleapis.com
2、下載elasticsearch
[root@master efk]# helm fetch incubator/elasticsearch [root@master efk]# ls elasticsearch-1.10.2.tgz [root@master efk]# tar -xvf elasticsearch-1.10.2.tgz
3、關閉儲存卷(生產上不要關,我們這裡為了測試方便才關的)
[root@master efk]# vim elasticsearch/values.yaml 把 persistence: enabled: true 改成 persistence: enabled: false 有兩處需要改
上面我們關閉了儲存卷的功能,而改用本地目錄來儲存日誌。
4、建立單獨的名稱空間
[root@master efk]# kubectl create namespace efk namespace/logs created
[root@master efk]# kubectl get ns NAME STATUS AGE ekf Active 13s
5、把elasticsearch安裝在efk名稱空間中
[root@master efk]# helm install --name els1 --namespace=efk -f elasticsearch/values.yaml incubator/elasticsearch
NAME: els1
LAST DEPLOYED: Thu Oct 18 01:59:15 2018
NAMESPACE: efk
STATUS: DEPLOYED
RESOURCES:
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
els1-elasticsearch-client-58899f6794-gxn7x 0/1 Pending 0 0s
els1-elasticsearch-client-58899f6794-mmqq6 0/1 Pending 0 0s
els1-elasticsearch-data-0 0/1 Pending 0 0s
els1-elasticsearch-master-0 0/1 Pending 0 0s
==> v1/ConfigMap
NAME DATA AGE
els1-elasticsearch 4 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
els1-elasticsearch-client ClusterIP 10.103.147.142 <none> 9200/TCP 0s
els1-elasticsearch-discovery ClusterIP None <none> 9300/TCP 0s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
els1-elasticsearch-client 2 0 0 0 0s
==> v1beta1/StatefulSet
NAME DESIRED CURRENT AGE
els1-elasticsearch-data 2 1 0s
els1-elasticsearch-master 3 1 0s
NOTES:
The elasticsearch cluster has been installed.
***
Please note that this chart has been deprecated and moved to stable.
Going forward please use the stable version of this chart.
***
Elasticsearch can be accessed:
* Within your cluster, at the following DNS name at port 9200:
els1-elasticsearch-client.efk.svc
* From outside the cluster, run these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace efk -l "app=elasticsearch,component=client,release=els1" -o jsonpath="{.items[0].metadata.name}")
echo "Visit
kubectl port-forward --namespace efk $POD_NAME 9200:9200
說明:--name els1是chart部署後的release名字,名字自己隨便取就行。
上面我們是透過values.yaml檔案線上安裝的els。但是我們已經下載els安裝包了,也可以透過下載的els包進行離線安裝,如下:
[root@master efk]# ls elasticsearch elasticsearch-1.10.2.tgz
[root@master efk]# helm install --name els1 --namespace=efk ./elasticsearch
說明:./elasticsearch就是當前els安裝包目錄的名字。
安裝完後,我們就能在efk名稱空間中看到相應的pods資源了(我在安裝elasticsearch時,當時是安裝不上的,因為說是打不開elasticseartch的官網,也就是不能再這個官網下載映象,後來我就放置了兩天沒管,再登入上看,發現映象竟然自己下載好了,真是有意思)
[root@master efk]# kubectl get pods -n efk -o wide NAME READY STATUS RESTARTS AGE IP NODE els1-elasticsearch-client-78b54979c5-kzj7z 1/1 Running 2 1h 10.244.2.157 node2 els1-elasticsearch-client-78b54979c5-xn2gb 1/1 Running 1 1h 10.244.2.151 node2 els1-elasticsearch-data-0 1/1 Running 0 1h 10.244.1.165 node1 els1-elasticsearch-data-1 1/1 Running 0 1h 10.244.2.169 node2 els1-elasticsearch-master-0 1/1 Running 0 1h 10.244.1.163 node1 els1-elasticsearch-master-1 1/1 Running 0 1h 10.244.2.168 node2 els1-elasticsearch-master-2 1/1 Running 0 57m 10.244.1.170 node1
檢視安裝好的release:
[root@master efk]# helm list NAME REVISIONUPDATED STATUS CHART NAMESPACE els1 1 Thu Oct 18 23:11:54 2018DEPLOYEDelasticsearch-1.10.2efk
檢視els1的狀態:
[root@k8s-master1 ~]# helm status els1
* Within your cluster, at the following DNS name at port 9200:
els1-elasticsearch-client.efk.svc ##這個就是els1 service的主機名
* From outside the cluster, run these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace efk -l "app=elasticsearch,component=client,release=els1" -o jsonpath="{.items[0].metadata.name}")
echo "Visit
kubectl port-forward --namespace efk $POD_NAME 9200:9200
cirror是專門為測試虛擬環境的客戶端,它可以快速建立一個kvm的虛擬機器,一共才幾兆的大小,而且裡面提供的工具還是比較完整的。
下面我們執行cirror:
[root@k8s-master1 ~]# kubectl run cirror-$RANDOM --rm -it --image=cirros -- /bin/sh kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead. If you don't see a command prompt, try pressing enter. / # / # nslookup els1-elasticsearch-client.efk.svc Server: 10.96.0.10 Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: els1-elasticsearch-client.efk.svc Address 1: 10.103.105.170 els1-elasticsearch-client.efk.svc.cluster.local
-rm:表示退出我們就直接刪除掉
-it:表示互動式登入
上面我們看到els1-elasticsearch-client.efk.svc服務名解析出來的ip地址。
下面我們再訪問http:els1-elasticsearch-client.efk.svc:9200 頁面:
/ # curl els1-elasticsearch-client.efk.svc:9200
curl: (6) Couldn't resolve host 'els1-elasticsearch-client.efk.svc'
/ #
/ # curl els1-elasticsearch-client.efk.svc.cluster.local:9200
{
"name" : "els1-elasticsearch-client-b898c9d47-5gwzq",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "RFiD2ZGWSAqM2dF6wy24Vw",
"version" : {
"number" : "6.4.2",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
看裡面的內容:
/ # curl els1-elasticsearch-client.efk.svc.cluster.local:9200/_cat
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates
看有幾個節點:
/ # curl els1-elasticsearch-client.efk.svc.cluster.local:9200/_cat/nodes 10.244.2.104 23 95 0 0.00 0.02 0.05 di - els1-elasticsearch-data-0 10.244.4.83 42 99 1 0.01 0.11 0.13 mi * els1-elasticsearch-master-1 10.244.4.81 35 99 1 0.01 0.11 0.13 i - els1-elasticsearch-client-b898c9d47-5gwzq 10.244.4.84 31 99 1 0.01 0.11 0.13 mi - els1-elasticsearch-master-2 10.244.2.105 35 95 0 0.00 0.02 0.05 i - els1-elasticsearch-client-b898c9d47-shqd2 10.244.4.85 18 99 1 0.01 0.11 0.13 di - els1-elasticsearch-data-1 10.244.4.82 40 99 1 0.01 0.11 0.13 mi - els1-elasticsearch-master-0
6、把fluentd安裝在efk空間中
[root@k8s-master1 ~]# helm fetch incubator/fluentd-elasticsearch
[root@k8s-master1 ~]# tar -xvf fluentd-elasticsearch-0.7.2.tgz
[root@k8s-master1 ~]# cd fluentd-elasticsearch
[root@k8s-master1 fluentd-elasticsearch]# vim values.yaml
1、改其中的host: 'elasticsearch-client',改成host: 'els1-elasticsearch-client.efk.svc.cluster.local'表示到哪找我們的elasticsearch服務。
2、改tolerations汙點,表示讓k8s master也能接受部署fluentd pod,這樣才能收集主節點的日誌:
把
tolerations: {}
# - key: node-role.kubernetes.io/master
# operator: Exists
# effect: NoSchedule
改成
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
3、改annotations,這樣也就能收集監控prometheus的日誌了
把
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "24231"
改成
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "24231"
同時把
service: {}
# type: ClusterIP
# ports:
# - name: "monitor-agent"
# port: 24231
改成
service:
type: ClusterIP
ports:
- name: "monitor-agent"
port: 24231
這樣透過service 24231找監控prometheus的fluentd
開始安裝fluentd:
[root@k8s-master1 fluentd-elasticsearch]# helm install --name fluentd1 --namespace=efk -f values.yaml ./
[root@k8s-master1 fluentd-elasticsearch]# helm list NAME REVISIONUPDATED STATUS CHART NAMESPACE els1 1 Sun Nov 4 09:37:35 2018DEPLOYEDelasticsearch-1.10.2 efk fluentd11 Tue Nov 6 09:28:42 2018DEPLOYEDfluentd-elasticsearch-0.7.2efk
[root@k8s-master1 fluentd-elasticsearch]# kubectl get pods -n efk NAME READY STATUS RESTARTS AGE els1-elasticsearch-client-b898c9d47-5gwzq 1/1 Running 0 47h els1-elasticsearch-client-b898c9d47-shqd2 1/1 Running 0 47h els1-elasticsearch-data-0 1/1 Running 0 47h els1-elasticsearch-data-1 1/1 Running 0 45h els1-elasticsearch-master-0 1/1 Running 0 47h els1-elasticsearch-master-1 1/1 Running 0 45h els1-elasticsearch-master-2 1/1 Running 0 45h fluentd1-fluentd-elasticsearch-9k456 1/1 Running 0 2m28s fluentd1-fluentd-elasticsearch-dcnsc 1/1 Running 0 2m28s fluentd1-fluentd-elasticsearch-p5h88 1/1 Running 0 2m28s fluentd1-fluentd-elasticsearch-sdvn9 1/1 Running 0 2m28s fluentd1-fluentd-elasticsearch-ztm9s 1/1 Running 0 2m28s
7、把kibanna安裝在efk空間中
注意,安裝kibana的版本號一定要和elasticsearch的版本號一致,否則二者無法結合起來。
[root@k8s-master1 ~]# helm fetch stable/kibana [root@k8s-master1 ~]# ls kibana-0.2.2.tgz
[root@k8s-master1 ~]# tar -xvf kibana-0.2.2.tgz [root@k8s-master1 ~]# cd kibana
[root@t-cz-mysql1 appuser]# vim last_10_null_sql.txt 修改ELASTICSEARCH_URL為: ELASTICSEARCH_URL: els的域名是透過helm status els1輸出結果檢視到: [root@k8s-master1 ~]# helm status els1 * Within your cluster, at the following DNS name at port 9200: els1-elasticsearch-client.efk.svc 另外,把vim last_10_null_sql.txt中 service: type: ClusterIP externalPort: 443 internalPort: 5601 改成 service: type: NodePort externalPort: 443 internalPort: 5601
開始部署kibana:
[root@k8s-master1 kibana]# helm install --name=kib1 --namespace=efk -f values.yaml ./ ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kib1-kibana NodePort 10.108.188.4 <none> 443:31865/TCP 0s
[root@k8s-master1 kibana]# kubectl get svc -n efk NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE els1-elasticsearch-client ClusterIP 10.103.105.170 <none> 9200/TCP 2d22h els1-elasticsearch-discovery ClusterIP None <none> 9300/TCP 2d22h kib1-kibana NodePort 10.108.188.4 <none> 443:31865/TCP 4m27s
[root@k8s-master1 kibana]# kubectl get pods -n efk NAME READY STATUS RESTARTS AGE els1-elasticsearch-client-b898c9d47-5gwzq 1/1 Running 0 2d22h els1-elasticsearch-client-b898c9d47-shqd2 1/1 Running 0 2d22h els1-elasticsearch-data-0 1/1 Running 0 22h els1-elasticsearch-data-1 1/1 Running 0 22h els1-elasticsearch-master-0 1/1 Running 0 2d22h els1-elasticsearch-master-1 1/1 Running 0 2d19h els1-elasticsearch-master-2 1/1 Running 0 2d19h fluentd1-fluentd-elasticsearch-9k456 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-dcnsc 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-p5h88 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-sdvn9 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-ztm9s 1/1 Running 0 22h kib1-kibana-68f9fbfd84-pt2dt 0/1 Running 0 9m59s #這個映象如果下載不下來,多等幾天就下載下來了
然後找個瀏覽器,開啟宿主機ip:nodeport
不過我這個開啟的頁面有錯誤,做如下操作即可:
[root@k8s-master1 ~]# kubectl get pods -n efk |grep ela els1-elasticsearch-client-b898c9d47-8pntr 1/1 Running 1 43h els1-elasticsearch-client-b898c9d47-shqd2 1/1 Running 1 5d13h els1-elasticsearch-data-0 1/1 Running 0 117m els1-elasticsearch-data-1 1/1 Running 0 109m els1-elasticsearch-master-0 1/1 Running 1 2d11h els1-elasticsearch-master-1 1/1 Running 0 14h els1-elasticsearch-master-2 1/1 Running 0 14h [root@k8s-master1 ~]# kubectl exec -it els1-elasticsearch-client-b898c9d47-shqd2 -n efk -- /bin/bash 刪除elasticsearch下的.kibana即可 [root@els1-elasticsearch-client-b898c9d47-shqd2 elasticsearch]# curl -XDELETE
最終,看到我們做出了EFK的日誌收集系統
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28916011/viewspace-2216748/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Docker Compose部署 EFK(Elasticsearch + Fluentd + Kibana)收集日誌DockerElasticsearch
- 通過helm部署EFK收集應用日誌,ingress-nginx日誌解析。應用日誌Nginx
- 清空系統日誌shell scripts——自學筆記筆記
- Centos部署Loki日誌聚合系統CentOSLoki
- Kubernetes 叢集日誌 和 EFK 架構日誌方案架構
- ELK 日誌分析系統 ----------- 部署ElasticSearch群集Elasticsearch
- 部署Sentry日誌監控系統
- k8s 日誌收集之 EFKK8S
- Docker筆記(十三):容器日誌採集實踐Docker筆記
- 基於AWS-ELK部署系統日誌告警系統
- 雲原生系列5 容器化日誌之EFK
- 部署Zipkin分散式效能追蹤日誌系統的操作記錄分散式
- 使用Redis記錄系統日誌Redis
- 部署 Graylog 日誌系統 - 每天5分鐘玩轉 Docker 容器技術(92)Docker
- Docker筆記五之Docker系統變數Docker筆記變數
- 最新Centos7.6 部署ELK日誌分析系統CentOS
- Kubernetes 中 搭建 EFK 日誌搜尋中心
- 日誌系統
- 使用Docker快速部署ELK分析Nginx日誌實踐DockerNginx
- AIX系統日誌AI
- AIX 系統日誌AI
- docker-compose搭建grafana+loki+promtail日誌系統DockerGrafanaLokiAI
- 日誌分析系統 - k8s部署ElasticSearch叢集K8SElasticsearch
- docker日誌引擎Docker
- Docker筆記三之執行Django系統Docker筆記Django
- 日誌收集系統PLG(Promtail+Loki+Grafana)介紹及部署AILokiGrafana
- Rainbond通過外掛整合ELK/EFK,實現日誌收集AI
- Go學習筆記-Zap日誌Go筆記
- 【安卓筆記】崩潰日誌收集安卓筆記
- 7.管理重做日誌(筆記)筆記
- struts 日誌包(學習筆記)筆記
- Linux系統級日誌系統Linux
- 日誌審計系統
- Rsyslog日誌系統
- ELK日誌分析系統
- elk 日誌分析系統
- 日誌檔案系統
- 【ELK】日誌分析系統