Kubernetes-filebeat-nfs集群部署
背景
安装EFK
一、环境准备,安装kubernetes集群
当前节点base、master、node1、node2、node3
kubernetes安装不在此赘述,请参考参考资料进行安装
kubernetes安装nfs不在此赘述,请参考参考资料进行安装
参考资料
/kubernetes/1-Kubernetes基于Centos7构建基础环境(一)
/kubernetes/2-Kubernetes基于Centos7构建基础环境(二)
/kubernetes/3-Kubernetes基于Centos7构建基础环境(三)
/kubernetes/4-Kubernetes-基于Centos7安装面板及监控(四)
/kubernetes/nfs/1-kubernetes-nfs动态存储部署
/kubernetes/nfs/10-Kubernetes-elasticsearch-nfs集群部署
/kubernetes/nfs/12-Kubernetes-kibana-nfs集群部署
| 集群名称 | 集群域名 | 说明 |
|---|---|---|
| base | base.xincan.cn | 部署harbor、nfs等服务 |
| master | master.xincan.cn | kubernetes主节点,做污点容忍,排除业务资源,nfs客户端等 |
| node1 | node1.xincan.cn | kubernetes从节点,nfs客户端等 |
| node2 | node2.xincan.cn | kubernetes从节点,nfs客户端等 |
| node3 | node3.xincan.cn | kubernetes从节点,nfs客户端等 |
二、总体流程
-
下载filebeat的版本为7.4.2
-
在Kubernetes集群的主节点上创建filebeat文件夹,用于存放Kuberntes文件编排,文件目录如下;
[root@master efk]# tree
.
├── 0-efk-namespace.yaml
├── 1-filebeat-kibana-rbac.yaml
├── elasticsearch
│ ├── 1-elasticsearch-rbac.yaml
│ ├── master
│ │ ├── 1-elasticsearch-master-service.yaml
│ │ └── 2-elasticsearch-master-statefulset.yaml
│ └── node
│ ├── 1-elasticsearch-node-storageclass.yaml
│ ├── 2-elasticsearch-node-nfs-provisioner.yaml
│ ├── 3-elasticsearch-node-service.yaml
│ └── 4-elasticsearch-node-statefulset.yaml
├── filebeat
│ ├── 1-filebeat-configmap.yaml
│ └── 2-filebeat-daemonset.yaml
└── kibana
├── 1-kibana-configmap.yaml
├── 2-kibana-deployment.yaml
└── 3-kibana-service.yaml
- 镜像制作;
- 资源创建;
- 效果展示;
三、镜像处理
- 下载镜像
[root@master /]# docker pull elastic/filebeat:7.4.2
- 镜像tag
[root@master /]# docker tag elastic/filebeat:7.4.2 base.xincan.cn/library/filebeat:7.4.2
- 镜像提交到Harbor
[root@master /]# docker push base.xincan.cn/library/filebeat:7.4.2
四、资源创建
-
基于10-Kubernetes-elasticsearch-nfs集群部署基础上继续创建,沿用命名空间
-
创建filebeat服务配置资源ConfigMap,名称为:filebeat-config
- elasticsearch用户名密码为空
[root@master filebeat]# cat 1-filebeat-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: efk
labels:
xincan.kubernetes.io/company: xincan.cn
xincan.kubernetes.io/version: 0.0.1
xincan.kubernetes.io/type: plugins
xincan.kubernetes.io/product: xincan
xincan.kubernetes.io/app: filebeat
data:
filebeat.yml: |-
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
matchers:
- logs_path:
logs_path: "/var/log/containers/"
# To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
#filebeat.autodiscover:
# providers:
# - type: kubernetes
# host: ${NODE_NAME}
# hints.enabled: true
# hints.default_config:
# type: container
# paths:
# - /var/log/containers/*${data.kubernetes.container.id}.log
processors:
- add_cloud_metadata:
- add_host_metadata:
cloud.id: ${ELASTIC_CLOUD_ID}
cloud.auth: ${ELASTIC_CLOUD_AUTH}
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
#username: ${ELASTICSEARCH_USERNAME}
#password: ${ELASTICSEARCH_PASSWORD}
username: ""
password: ""
[root@master filebeat]#
- 创建filebeat主节点无头服务DaemonSet
[root@master filebeat]# cat 2-filebeat-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
namespace: efk
labels:
xincan.kubernetes.io/company: xincan.cn
xincan.kubernetes.io/version: 0.0.1
xincan.kubernetes.io/type: plugins
xincan.kubernetes.io/product: xincan
xincan.kubernetes.io/app: filebeat
spec:
selector:
matchLabels:
xincan.kubernetes.io/company: xincan.cn
xincan.kubernetes.io/version: 0.0.1
xincan.kubernetes.io/type: plugins
xincan.kubernetes.io/product: xincan
xincan.kubernetes.io/app: filebeat
template:
metadata:
name: filebeat
labels:
xincan.kubernetes.io/company: xincan.cn
xincan.kubernetes.io/version: 0.0.1
xincan.kubernetes.io/type: plugins
xincan.kubernetes.io/product: xincan
xincan.kubernetes.io/app: filebeat
spec:
serviceAccountName: fk-rbac
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: filebeat
image: base.hatech.com.cn/library/filebeat:7.4.2
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
env:
- name: ELASTICSEARCH_HOST
value: elasticsearch-node-service.efk
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value:
- name: ELASTICSEARCH_PASSWORD
value:
- name: ELASTIC_CLOUD_ID
value:
- name: ELASTIC_CLOUD_AUTH
value:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
# If using Red Hat OpenShift uncomment this:
#privileged: true
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: data
mountPath: /usr/share/filebeat/data
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: varlog
mountPath: /var/log
readOnly: true
volumes:
- name: config
configMap:
defaultMode: 0600
name: filebeat-config
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: varlog
hostPath:
path: /var/log
# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
- name: data
hostPath:
path: /var/lib/filebeat-data
type: DirectoryOrCreate
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
[root@master filebeat]#
五、创建filebeat资源
[root@master efk]# kubectl apply -f filebeat/
configmap/filebeat-config created
daemonset.apps/filebeat created
- 查看部署的资源
[root@master efk]# kubectl -n efk get all
NAME READY STATUS RESTARTS AGE
pod/elasticsearch-master-0 1/1 Running 0 33m
pod/elasticsearch-master-1 1/1 Running 0 33m
pod/elasticsearch-master-2 1/1 Running 0 33m
pod/elasticsearch-node-0 1/1 Running 0 33m
pod/elasticsearch-node-1 1/1 Running 0 32m
pod/elasticsearch-node-2 1/1 Running 0 32m
pod/elasticsearch-node-nfs-client-provisioner-b6b66c5c9-whtt8 1/1 Running 0 33m
pod/filebeat-lc4w7 1/1 Running 0 2m34s
pod/filebeat-mmmbs 1/1 Running 0 2m34s
pod/filebeat-s68sv 1/1 Running 0 2m34s
pod/filebeat-vndc9 1/1 Running 0 2m34s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/elasticsearch-master-service ClusterIP 10.107.124.254 <none> 9300/TCP 33m
service/elasticsearch-node-service NodePort 10.110.13.94 <none> 9200:31180/TCP 33m
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/filebeat 4 4 4 4 4 <none> 2m34s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/elasticsearch-node-nfs-client-provisioner 1/1 1 1 33m
NAME DESIRED CURRENT READY AGE
replicaset.apps/elasticsearch-node-nfs-client-provisioner-b6b66c5c9 1 1 1 33m
NAME READY AGE
statefulset.apps/elasticsearch-master 3/3 33m
statefulset.apps/elasticsearch-node 3/3 33m
[root@master efk]#
六:结束语
至此集群版Kubernetes部署filebeat完成
