##/etc/hosts
192.168.48.101 master01
192.168.48.102 master02
192.168.48.103 master03
192.168.48.201 node01
192.168.48.202 node02
## keepalived的vip
192.168.48.66
IP | Hostname | CPU | Memory |
---|---|---|---|
192.168.48.101 | master01 | 2 | 4G |
192.168.48.102 | master02 | 2 | 4G |
192.168.48.103 | master03 | 2 | 4G |
192.168.48.201 | node01 | 2 | 4G |
192.168.48.202 | node02 | 2 | 4G |
软件 | 版本 |
---|---|
kubernetes | 1.15.2 |
docker-ce | 19.03 |
calico | 3.8 |
etcd | 3.3.13 |
CNI | 0.8.1 |
coredns | 1.4.0 |
metrics-server | 0.3.3 |
ingress-controller | 0.25.0 |
vim elasticsearch.yaml
---
kind: StorageClass ##存储用的local pv
apiVersion: storage.k8s.io/v1
metadata:
name: local-storage
namespace: kube-system
provisioner: kubernetes.io/no-provisioner
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: es-local-pv
namespace: kube-system
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /data/es
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node01
- node02
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: es-local-pvc
namespace: kube-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: local-storage
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
namespace: kube-system
labels:
k8s-app: elasticsearch
spec:
serviceName: elasticsearch
selector:
matchLabels:
k8s-app: elasticsearch
template:
metadata:
labels:
k8s-app: elasticsearch
spec:
containers:
- image: elasticsearch:7.3.1
name: elasticsearch
resources:
limits:
cpu: 1
memory: 2Gi
requests:
cpu: 0.5
memory: 500Mi
env:
- name: "discovery.type"
value: "single-node"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx2g"
ports:
- containerPort: 9200
name: db
protocol: TCP
volumeMounts:
- name: elasticsearch-data
mountPath: /usr/share/elasticsearch/data
volumes:
- name: elasticsearch-data
persistentVolumeClaim:
claimName: es-local-pvc
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
namespace: kube-system
spec:
clusterIP: None
ports:
- port: 9200
protocol: TCP
targetPort: db
selector:
k8s-app: elasticsearch
vim filebeat-kubernetes.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: kube-system
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.config:
inputs:
# Mounted `filebeat-inputs` configmap:
path: ${path.config}/inputs.d/*.yml
# Reload inputs configs as they change:
reload.enabled: false
modules:
path: ${path.config}/modules.d/*.yml
# Reload module configs as they change:
reload.enabled: false
# To enable hints based autodiscover, remove `filebeat.config.inputs` configuration and uncomment this:
#filebeat.autodiscover:
# providers:
# - type: kubernetes
# hints.enabled: true
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-inputs
namespace: kube-system
labels:
k8s-app: filebeat
data:
kubernetes.yml: |-
- type: docker
containers.ids:
- "*"
processors:
- add_kubernetes_metadata:
in_cluster: true
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: filebeat
namespace: kube-system
labels:
k8s-app: filebeat
spec:
template:
metadata:
labels:
k8s-app: filebeat
spec:
serviceAccountName: filebeat
terminationGracePeriodSeconds: 30
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
containers:
- name: filebeat
image: elastic/filebeat:7.3.1
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
env:
- name: ELASTICSEARCH_HOST
value: elasticsearch
- name: ELASTICSEARCH_PORT
value: "9200"
securityContext:
runAsUser: 0
# If using Red Hat OpenShift uncomment this:
#privileged: true
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: inputs
mountPath: /usr/share/filebeat/inputs.d
readOnly: true
- name: data
mountPath: /usr/share/filebeat/data
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: config
configMap:
defaultMode: 0600
name: filebeat-config
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: inputs
configMap:
defaultMode: 0600
name: filebeat-inputs
# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
- name: data
hostPath:
path: /var/lib/filebeat-data
type: DirectoryOrCreate
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: filebeat
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: ClusterRole
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: filebeat
labels:
k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- namespaces
- pods
verbs:
- get
- watch
- list
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: kube-system
labels:
k8s-app: filebeat
---
vim kibana.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
namespace: kube-system
labels:
k8s-app: kibana
spec:
replicas: 1
selector:
matchLabels:
k8s-app: kibana
template:
metadata:
labels:
k8s-app: kibana
spec:
containers:
- name: kibana
image: kibana:7.3.1
resources:
limits:
cpu: 1
memory: 500Mi
requests:
cpu: 0.5
memory: 200Mi
env:
- name: ELASTICSEARCH_HOSTS
value: http://elasticsearch:9200
ports:
- containerPort: 5601
name: ui
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: kibana
namespace: kube-system
spec:
ports:
- port: 5601
protocol: TCP
targetPort: ui
selector:
k8s-app: kibana
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kibana
namespace: kube-system
spec:
rules:
- host: kibana.tk8s.com
http:
paths:
- path: /
backend:
serviceName: kibana
servicePort: 5601
yaml文件下载
链接: https://pan.baidu.com/s/1Z1NKSBpeR75r-itX2vfgVQ 提取码: u6au
elasticsearch:7.3.1
kibana:7.3.1
elastic/filebeat:7.3.1
镜像下载地址
链接: https://pan.baidu.com/s/1NObNnZGMZgzkyrEkyY_qeg 提取码: y3eu
docker load -i efk.tar.gz
由于存储用的local pv,先在node01和node02上创建local pv目录
mkdir -p /data/es
chmod 777 /data
chmod 777 /data/es
kubectl apply -f filebeat-kubernetes.yaml
kubectl apply -f elasticsearch.yaml
kubectl apply -f kibana.yaml
[root@master01 efk]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-5df986d44c-65qlx 1/1 Running 4 14d
calico-node-2qqp8 1/1 Running 4 14d
calico-node-f52nt 1/1 Running 4 14d
calico-node-jzgw9 1/1 Running 4 14d
calico-node-ll9bb 1/1 Running 4 14d
calico-node-trnqd 1/1 Running 4 14d
coredns-5c6c9cf6c8-49jtf 1/1 Running 4 14d
coredns-5c6c9cf6c8-lx6pc 1/1 Running 4 14d
elasticsearch-0 1/1 Running 0 45s
filebeat-77vxx 1/1 Running 0 12m
filebeat-7txpb 1/1 Running 0 12m
filebeat-cqx2c 1/1 Running 0 12m
filebeat-mt6tj 1/1 Running 0 12m
filebeat-pgjrb 1/1 Running 0 12m
kibana-b7d98644-wkk5n 1/1 Running 0 12m
metrics-server-966fd6966-vp6vr 1/1 Running 3 14d
索引用 filebeat*
vim counter.yaml
apiVersion: v1
kind: Pod
metadata:
name: counter
spec:
containers:
- name: count
image: busybox
args: [/bin/sh, -c,'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
kubectl apply -f counter.yaml
[root@master01 efk]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter 1/1 Running 0 18s
[root@master01 efk]# kubectl logs -f counter
0: Sun Nov 24 05:25:56 UTC 2019
1: Sun Nov 24 05:25:57 UTC 2019
2: Sun Nov 24 05:25:58 UTC 2019
3: Sun Nov 24 05:25:59 UTC 2019
4: Sun Nov 24 05:26:00 UTC 2019
5: Sun Nov 24 05:26:01 UTC 2019
6: Sun Nov 24 05:26:02 UTC 2019
7: Sun Nov 24 05:26:03 UTC 2019
8: Sun Nov 24 05:26:04 UTC 2019
9: Sun Nov 24 05:26:05 UTC 2019
10: Sun Nov 24 05:26:06 UTC 2019
11: Sun Nov 24 05:26:07 UTC 2019
....
过滤kubernetes.pod.name:counter,等几十秒