k8s elk

k8s elk

#方案选择
Log-pilot +elasticsearch+kibana

Log-pilot
阿里开源日志收集agent,封装了filebeathe flutent,支持多后端例如logstash,redis
属于日志采集代理，deamonset 形式部署在k8s每个node节点。
Log-pilot 部署简单配置即可。
可以收集stdout和容器内日志。

Log-pilot k8s部署步骤
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: log-pilot
labels:
app: log-pilot
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: log-pilot
spec:
containers:
- name: log-pilot
image: registry.cn-hangzhou.aliyuncs.com/acs/log-pilot:0.9.7-filebeat
resources:
limits:
memory: 500Mi
requests:
cpu: 200m
memory: 200Mi
env:
- name: “NODE_NAME”
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: “LOGGING_OUTPUT”
value: “elasticsearch”
- name: “ELASTICSEARCH_HOST”
value: " ELASTICSEARCH_HOST "
- name: “ELASTICSEARCH_PORT”
value: “31200”
volumeMounts:
- name: sock
mountPath: /var/run/docker.sock
- name: root
mountPath: /host
readOnly: true
- name: varlib
mountPath: /var/lib/filebeat
- name: varlog
mountPath: /var/log/filebeat
- name: localtime
mountPath: /etc/localtime
readOnly: true
livenessProbe:
failureThreshold: 3
exec:
command:
- /pilot/healthz
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
securityContext:
capabilities:
add:
- SYS_ADMIN
terminationGracePeriodSeconds: 30
volumes:
- name: sock
hostPath:
path: /var/run/docker.sock
- name: root
hostPath:
path: /
- name: varlib
hostPath:
path: /var/lib/filebeat
type: DirectoryOrCreate
- name: varlog
hostPath:
path: /var/log/filebeat
type: DirectoryOrCreate
- name: localtime
hostPath:
path: /etc/localtime

注意点：

1. 注意 es的配置 需要host和port
2. 注意查看日志 kubectl logs pod名字
   a) 1处表示容器没有配置log-pilot收集
   b) 2表示容器配置了log-pilot收集 进入/var/lib/kubelet/pods/40fe1972-bc4e-11ea-90c3-8cec4bd195f8/volumes/kubernetes.io~empty-dir/tomcat-log 目录下查看日志
   c) 必须以aliyun_logs 开头，后边的为索引。

被收集容器配置：主要配置env
apiVersion: v1
kind: Pod
metadata:
name: tomcat
spec:
containers:

• name: tomcat
  image: tomcat:latest
  env:
  • name: aliyun_logs_weather
    value: “stdout”
  • name: aliyun_logs_weather
    value: “/usr/local/tomcat/logs/catalina.*.log”
    volumeMounts:
    • name: tomcat-log
      mountPath: /usr/local/tomcat/logs
      volumes:
  • name: tomcat-log
    emptyDir: {}

elasticsearch部署步骤
k8s elasticsearch部署
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: base-elasticsearch6-deployment
spec:
replicas: 1
template: {metadata: {labels: {name: base-elasticsearch6}}, spec: {initContainers: [{name: init-sysctl, image: ‘busybox:1.27.2’, command: [sysctl, ‘-w’, vm.max_map_count=262144], securityContext: {privileged: true}}], containers: [{name: web-base-elasticsearch6, image: ‘docker.elastic.co/elasticsearch/elasticsearch:6.4.0’, imagePullPolicy: IfNotPresent, resources: {limits: {cpu: 1000m}, requests: {cpu: 100m}}, env: [{name: ES_JAVA_OPTS, value: ‘-Xms512m -Xmx512m’}], ports: [{containerPort: 9200}, {containerPort: 9300}], volumeMounts: [{name: elasticsearch, mountPath: /mnt/search}, {name: elasticsearch-yml, mountPath: /usr/share/elasticsearch/config/elasticsearch.yml, subPath: elasticsearch.yml}]}], volumes: [{name: elasticsearch, hostPath: {path: /mnt/search/student}}, {name: elasticsearch-yml, configMap: {name: esconfig}}]}}

Elastic svc
apiVersion: v1
kind: Service
metadata:
name: base-elasticsearch6
labels:
name: base-elasticsearch6
spec:
type: NodePort
ports:

• name: web-9200
  port: 9200
  targetPort: 9200
  nodePort: 31200
  protocol: TCP
• name: web-9300
  port: 9300
  targetPort: 9300
  nodePort: 31300
  protocol: TCP
  selector:
  name: base-elasticsearch6

Elastic head 展示elastic 数据
kind: List
apiVersion: v1
items:

• apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
  name: elasticsearch-head
  spec:
  replicas: 1
  template:
  metadata:
  name: elasticsearch-head
  labels:
  app: elasticsearch-head
  spec:
  containers:
  - image: docker.io/mobz/elasticsearch-head:5
  name: elasticsearch-head
  ports:
  - name: http
  containerPort: 9100
• apiVersion: v1
  kind: Service
  metadata:
  name: kb-single-svc
  spec:
  type: NodePort
  ports:
  • name: http
    port: 9100
    targetPort: 9100
    nodePort: 31400
    selector:
    app: elasticsearch-head

直接加入elasticsearch 就可以展示

kibana部署步骤
kind: List
apiVersion: v1
items:

• apiVersion: apps/v1beta1
  kind: Deployment
  metadata:
  name: kb-single
  spec:
  replicas: 1
  template:
  metadata:
  name: kb-single
  labels:
  app: kb-single
  spec:
  containers:
  - image: docker.elastic.co/kibana/kibana:6.4.0
  name: kb
  env:
  - name: ELASTICSEARCH_URL
  value: " ELASTICSEARCH_URL "
  ports:
  - name: http
  containerPort: 5601
  Kibana svc
  kind: List
  apiVersion: v1
  items:
• apiVersion: v1
  kind: Service
  metadata:
  name: kb-single
  spec:
  type: NodePort
  ports:
  • name: http
    port: 5601
    targetPort: 5601
    nodePort: 32601
    selector:
    app: kb-single