vlambda博客
学习文章列表

https://www.elastic.co/guide/en/elasticsearch/reference/7.8/docker.html

kubectl label nodes node7 deploy.elk=true

mkdir -p /opt/apps-mgr/es/chmod -R 777 /opt/apps-mgr/es

vi /etc/security/limits.conf，然后末尾追加：--ulimit - nofile 65535vi /etc/security/limits.conf，然后末尾追加：--ulimit - nproc 4096 vi /etc/fstab，然后注释所有包含swap的行vi /etc/sysctl.conf，然后末尾追加：vm.max_map_count=262144，执行sysctl -p生效

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.8.0docker tag docker.elastic.co/elasticsearch/elasticsearch:7.8.0 10.68.60.103:5000/elasticsearch:7.8.0docker push 10.68.60.103:5000/elasticsearch:7.8.0

apiVersion: apps/v1kind: Deploymentmetadata: name: es-deployment namespace: my-namespace labels: app: es-deploymentspec: replicas: 1 selector: matchLabels: app: es-pod template: metadata: labels: app: es-pod spec: nodeSelector: deploy.elk: "true" restartPolicy: Always containers: - name: tsale-server-container image: "10.68.60.103:5000/elasticsearch:7.8.0" ports: - containerPort: 9200 env: - name: node.name value: "es01" - name: cluster.name value: "tsale-sit2-es" - name: discovery.seed_hosts value: "10.68.60.111" - name: cluster.initial_master_nodes value: "es01" - name: bootstrap.memory_lock value: "false" - name: ES_JAVA_OPTS value: "-Xms512m -Xmx1g"        resources: limits: memory: "1G" cpu: "1" requests:            memory: "512Mi"            cpu: "500m" volumeMounts: - mountPath: "/usr/share/elasticsearch/data" name: "es-data-volume" - mountPath: "/usr/share/elasticsearch/logs" name: "es-logs-volume" imagePullSecrets: - name: regcred volumes: - name: "es-data-volume" hostPath: path: "/opt/apps-mgr/es/data" type: DirectoryOrCreate - name: "es-logs-volume" hostPath: path: "/opt/apps-mgr/es/logs" type: DirectoryOrCreate

kubectl apply -f es-deployment.yaml

apiVersion: v1kind: Servicemetadata: namespace: my-namespace name: es-service-9200spec: type: NodePort selector: app: es-pod ports: - protocol: TCP port: 9200 targetPort: 9200      nodePort: 9200---
apiVersion: v1kind: Servicemetadata: namespace: my-namespace name: es-service-9300spec: type: NodePort selector:    app: es-pod ports: - protocol: TCP port: 9300 targetPort: 9300 nodePort: 9300

kubectl apply -f es-service.yaml

http://node7:9200/_cat/health

kubectl get pods -n my-namespace -o widekubectl logs -f es-deployment-67f47f8d44-7cj5p -n my-namespacekubectl describe pod es-deployment-986bc449f-gnjb4 -n my-namespace
# 或者直接进入node7查看绑定宿主机的日志:less /opt/apps-mgr/es/logs/

https://www.elastic.co/guide/en/kibana/7.8/docker.html#environment-variable-config

docker pull docker.elastic.co/kibana/kibana:7.8.0docker tag docker.elastic.co/kibana/kibana:7.8.0 10.68.60.103:5000/kibana:7.8.0docker push 10.68.60.103:5000/kibana:7.8.0

kubectl label nodes node7 deploy.elk=true

mkdir -p /opt/apps-mgr/kibana/chmod -R 777 /opt/apps-mgr/kibana

vi /opt/apps-mgr/kibana/kibana.yaml，内容如下：

elasticsearch.hosts: http://10.68.60.111:9200server.host: 0.0.0.0

https://www.elastic.co/guide/en/kibana/7.8/settings.html

apiVersion: apps/v1kind: Deploymentmetadata: name: kibana-deployment namespace: my-namespace labels: app: kibana-deploymentspec: replicas: 1 selector: matchLabels: app: kibana-pod template: metadata: labels: app: kibana-pod spec: nodeSelector: deploy.elk: "true" restartPolicy: Always containers: - name: kibana-container image: "10.68.60.103:5000/kibana:7.8.0" ports:        - containerPort: 5601 volumeMounts: - mountPath: "/usr/share/kibana/config/kibana.yml" name: "kibana-conf-volume" imagePullSecrets: - name: regcred volumes: - name: "kibana-conf-volume" hostPath: path: "/opt/apps-mgr/kibana/kibana.yml" type: File

kubectl apply -f kibana-deployment.yaml

kubectl get pods -n my-namespace -o widekubectl logs -f kibana-deployment-67f47f8d44-7cj5p -n my-namespacekubectl describe pod kibana-deployment-986bc449f-gnjb4 -n my-namespace

apiVersion: v1kind: Servicemetadata: namespace: my-namespace name: kibana-servicespec: type: NodePort selector: app: kibana-pod ports: - protocol: TCP port: 5601 targetPort: 5601 nodePort: 5601

kubectl apply -f kibana-service.yamlkubectl get service -n my-namespace

http://node7:5601

mkdir -p /opt/docker/build/logstash

wget https://artifacts.elastic.co/downloads/logstash/logstash-7.8.0.tar.gz

FROM 10.68.60.103:5000/jdk:v1.8.0_181_x64
LABEL maintainer="lazy"
ADD logstash-7.8.0.tar.gz /
RUN mkdir -p /opt/soft &&\ mv /logstash-7.8.0 /opt/soft/logstash &&\ mkdir -p /opt/soft/logstash/pipeline &&\ cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
WORKDIR /opt/soft/logstash
ENV LOGSTASH_HOME /opt/soft/logstashENV PATH $LOGSTASH_HOME/bin:$PATH
ENTRYPOINT [ "sh", "-c", "/opt/soft/logstash/bin/logstash" ]

docker build -t 10.68.60.103:5000/logstash:7.8.0 -f Dockerfile .docker push 10.68.60.103:5000/logstash:7.8.0

---# 创建ConfigMap定义logstash配置文件内容apiVersion: v1kind: ConfigMapmetadata: name: logstash-config namespace: my-namespace labels: k8s-app: logstashdata: logstash.yml: |- # 节点描述 node.name: ${NODE_NAME} # 持久化数据存储路径 path.data: /opt/soft/logstash/data # 管道ID pipeline.id: ${NODE_NAME} # 主管道配置目录(需要手工创建该目录) path.config: /opt/soft/logstash/pipeline # 定期检查配置是否已更改，并在配置发生更改时重新加载配置 config.reload.automatic: true # 几秒钟内，Logstash会检查配置文件 config.reload.interval: 30s # 绑定网卡地址 http.host: "0.0.0.0" # 绑定端口 http.port: 9600 # logstash 日志目录 path.logs: /opt/soft/logstash/logs logstash.conf: |- # 输入块定义 input { # 文件收集插件 file { # 收集器ID id => "admin-server" # 以\n换行符结尾作为一个事件发送 # 排除.gz结尾的文件 exclude => "*.gz" # tail模式 mode => tail # 从文件尾部开始读取 start_position => "end" # 收据数据源路径文件 path => ["/opt/apps-mgr/admin-server/logs/*.log"] # 为每个事件添加type字段 type => "admin-server" # 每个事件编解码器，类似过滤器 # multiline支持多行拼接起来作为一个事件 codec => multiline { # 不以时间戳开头的 pattern => "^%{TIMESTAMP_ISO8601}" # 如果匹配上面的pattern模式，将执行what策略 negate => true # previous策略是拼接到前一个事件后面 what => "previous" #总结：凡是不以时间戳开头的事件行直接拼接到上一个事件行后面作为一个事件处理， # 例如Java堆栈处理结果是整个Java错误堆栈作为一条数据,因为Java报错信息是不以时间戳开头的 } } }  input { # 文件收集插件 file { # 收集器ID id => "api-server" # 以\n换行符结尾作为一个事件发送 # 排除.gz结尾的文件 exclude => "*.gz" # tail模式 mode => tail # 从文件尾部开始读取 start_position => "end" # 收据数据源路径文件 path => ["/opt/apps-mgr/api-server/logs/*.log"] # 为每个事件添加type字段 type => "api-server" # 每个事件编解码器，类似过滤器 # multiline支持多行拼接起来作为一个事件 codec => multiline { # 不以时间戳开头的 pattern => "^%{TIMESTAMP_ISO8601}" # 如果匹配上面的pattern模式，将执行what策略 negate => true # previous策略是拼接到前一个事件后面 what => "previous" #总结：凡是不以时间戳开头的事件行直接拼接到上一个事件行后面作为一个事件处理， # 例如Java堆栈处理结果是整个Java错误堆栈作为一条数据,因为Java报错信息是不以时间戳开头的 } }    }  # 过滤块定义 filter { #不做任何过滤，原样发送给输出阶段 }  # 输出块定义 output { # 输出到elasticsearch if [type] == "admin-server" { elasticsearch { hosts => ["http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"]          index => "admin_server_%{+YYYY.MM.dd}" } }
 if [type] == "api-server" { elasticsearch { hosts => ["http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] index => "api_server_%{+YYYY.MM.dd}" }      } }
---# 通过DaemonSet对象使指定的多个节点分别运行一个PodapiVersion: apps/v1kind: DaemonSetmetadata: name: logstash namespace: my-namespace labels: k8s-app: logstashspec: selector: matchLabels: k8s-app: logstash template: metadata: labels: k8s-app: logstash spec:      # 指定运行节点标签 nodeSelector:  deploy.type: biz_app       # 指定当前DaemonSet权限账号       serviceAccountName: logstash  terminationGracePeriodSeconds: 30 hostNetwork: true dnsPolicy: ClusterFirstWithHostNet # 禁用环境变量DNS enableServiceLinks: false containers: - name: logstash-container image: 10.68.60.103:5000/logstash:7.8.0        # 如果本地存在镜像则不拉取 imagePullPolicy: IfNotPresent        # 注入环境变量信息 env: - name: ELASTICSEARCH_HOST value: "10.68.60.111" - name: ELASTICSEARCH_PORT value: "9200" - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName# resources:# limits:# memory: 256Mi# requests:# cpu: 200m# memory: 100Mi securityContext: # 指定运行的用户0=root runAsUser: 0        # 挂载 volumeMounts: - name: logstash-config-volume mountPath: /opt/soft/logstash/config/logstash.yml subPath: logstash.yml - name: logstash-pipeline-volume mountPath: /opt/soft/logstash/pipeline/logstash.conf subPath: logstash.conf - name: logstash-collect-volume mountPath: /opt/apps-mgr - name: logstash-data-volume mountPath: /opt/soft/logstash/data - name: logstash-logs-volume mountPath: /opt/soft/logstash/logs volumes: - name: logstash-config-volume configMap: name: logstash-config defaultMode: 0777 items: - key: logstash.yml path: logstash.yml - name: logstash-pipeline-volume configMap: name: logstash-config defaultMode: 0777 items: - key: logstash.conf path: logstash.conf - name: logstash-collect-volume hostPath: path: /opt/apps-mgr type: DirectoryOrCreate - name: logstash-data-volume hostPath:  path: /opt/soft/logstash/data type: DirectoryOrCreate - name: logstash-logs-volume hostPath:  path: /opt/soft/logstash/logs type: DirectoryOrCreate

 ---# 将角色和账号绑定apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: name: logstashsubjects:- kind: ServiceAccount name: logstash namespace: my-namespaceroleRef: kind: ClusterRole name: logstash apiGroup: rbac.authorization.k8s.io ---# 创建一个集群级别的角色对象apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata: name: logstash labels: k8s-app: logstash# 配置角色权限 rules:- apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods verbs: - get - watch - list---# 创建一个抽象的ServiceAccount逻辑账号对象apiVersion: v1kind: ServiceAccountmetadata: name: logstash namespace: my-namespace labels: k8s-app: logstash---

kubectl apply -f logstash-daemonset.yaml

http://node7:5601/app/kibana