Kubernetes 1.20.15 上部署 ELK 高可用方案:基于 YAML 的 Pod 日志采集和 Kibana 暴露
Kubernetes 1.20.15 上部署 ELK 高可用方案:基于 YAML 的 Pod 日志采集和 Kibana 暴露
本指南详细介绍如何在 Kubernetes 1.20.15 上部署 ELK,包括 Elasticsearch、Logstash 和 Kibana,并使用 YAML 文件配置。本文重点讲解高可用方案,确保 ELK 稳定性,以及如何使用 Logstash 采集 Pod 日志,并通过 NodePort 暴露 Kibana 端口供外部访问。
1. 部署 Elasticsearch
首先需要部署 Elasticsearch 作为 ELK 的基础组件,用于存储和索引日志数据。在部署 Elasticsearch 时,需要设置副本数为 3,以保证高可用性。这可以通过以下 YAML 文件实现:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
spec:
replicas: 3
serviceName: elasticsearch
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: elasticsearch:7.10.1
ports:
- containerPort: 9200
name: http
- containerPort: 9300
name: transport
env:
- name: 'cluster.name'
value: 'my-es-cluster'
- name: 'node.name'
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: 'discovery.seed_hosts'
value: 'es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch'
- name: 'cluster.initial_master_nodes'
value: 'es-cluster-0,es-cluster-1,es-cluster-2'
2. 部署 Logstash
Logstash 是用于采集和处理日志的组件,可以将日志数据发送到 Elasticsearch 进行存储和索引。在部署 Logstash 时,需要配置 input、filter 和 output,以满足采集和处理日志的需求。下面是一个示例 YAML 文件:
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-config
data:
logstash.conf: |
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts => ["es-cluster-0.elasticsearch:9200", "es-cluster-1.elasticsearch:9200", "es-cluster-2.elasticsearch:9200"]
index => "logstash-%{+YYYY.MM.dd}"
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: logstash
spec:
replicas: 1
selector:
matchLabels:
app: logstash
template:
metadata:
labels:
app: logstash
spec:
containers:
- name: logstash
image: docker.elastic.co/logstash/logstash:7.10.1
volumeMounts:
- name: logstash-config
mountPath: /usr/share/logstash/pipeline/
ports:
- containerPort: 5044
env:
- name: "ELASTICSEARCH_HOSTS"
value: "es-cluster-0.elasticsearch:9200,es-cluster-1.elasticsearch:9200,es-cluster-2.elasticsearch:9200"
- name: "ELASTICSEARCH_INDEX"
value: "logstash-%{+YYYY.MM.dd}"
volumes:
- name: logstash-config
configMap:
name: logstash-config
3. 部署 Kibana
Kibana 是用于可视化和查询日志数据的工具,可以通过 web 界面查看和分析日志数据。在部署 Kibana 时,需要将其暴露为 NodePort 类型的 Service,以便通过外部访问。下面是一个示例 YAML 文件:
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
containers:
- name: kibana
image: docker.elastic.co/kibana/kibana:7.10.1
ports:
- containerPort: 5601
env:
- name: "ELASTICSEARCH_HOSTS"
value: "http://es-cluster-0.elasticsearch:9200,http://es-cluster-1.elasticsearch:9200,http://es-cluster-2.elasticsearch:9200"
---
apiVersion: v1
kind: Service
metadata:
name: kibana
spec:
selector:
app: kibana
type: NodePort
ports:
- name: http
port: 5601
targetPort: 5601
nodePort: 30001
通过上述步骤,我们成功地在 Kubernetes 集群中部署了 ELK,实现了对 Pod 日志的采集和存储,并通过 Kibana 进行了可视化和查询。同时,我们还通过高可用方案,保证了 ELK 的稳定性和可用性。
原文地址: https://www.cveoy.top/t/topic/na1p 著作权归作者所有。请勿转载和采集!