Kubernetes ELLK
本次方案是按照 Elasticsearch + Logspout + Logstash + kibana 并且手机的日志可以被简单切分:
Elasticsearch-rc 配置文件:
apiVersion: v1
kind: ReplicationController
metadata:
name: elasticsearch-logging-v1
labels:
k8s-app: elasticsearch-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
k8s-app: elasticsearch-logging
version: v1
template:
metadata:
labels:
k8s-app: elasticsearch-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
nodeSelector:
role: elk
containers:
- image: registry.aliyuncs.com/slzcc/elasticsearch
name: elasticsearch
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: db
protocol: TCP
- containerPort: 9300
name: transport
protocol: TCP
volumeMounts:
- name: es-persistent-storage
mountPath: "/usr/share/elasticsearch/data"
volumes:
- name: es-persistent-storage
hostPath:
path: "/data/elasticsearch"
Elasticsearch-svc 配置文件:
apiVersion: v1
kind: Service
metadata:
name: elasticsearch-logging
labels:
k8s-app: elasticsearch-logging
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "Elasticsearch"
spec:
ports:
- port: 9200
name: http
protocol: TCP
targetPort: db
selector:
k8s-app: elasticsearch-logging
Kibana-rc 配置文件:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kibana-logging
labels:
k8s-app: kibana-logging
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
matchLabels:
k8s-app: kibana-logging
template:
metadata:
labels:
k8s-app: kibana-logging
spec:
nodeSelector:
role: elk
containers:
- name: kibana-logging
image: registry.aliyuncs.com/slzcc/kibana
resources:
# keep request = limit to keep this container in guaranteed class
limits:
cpu: 100m
requests:
cpu: 100m
env:
- name: "ELASTICSEARCH_URL"
value: "http://elasticsearch-logging:9200"
ports:
- containerPort: 5601
name: ui
protocol: TCP
Kibana-svc 配置文件:
apiVersion: v1
kind: Service
metadata:
name: kibana-logging
labels:
k8s-app: kibana-logging
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "Kibana"
spec:
ports:
- port: 5601
name: http
protocol: TCP
targetPort: ui
selector:
k8s-app: kibana-logging
Logstash-configmap 配置文件:
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash
data:
logstash.conf: |-
input {
udp {
port => 514
type => syslog
codec => json
}
tcp {
port => 514
type => syslog
codec => json
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOG5424PRI}%{NONNEGINT:ver} +(?:%{TIMESTAMP_ISO8601:ts}|-) +(?:%{HOSTNAME:containerid}|-) +(?:% {NOTSPACE:containername}|-) +(?:%{NOTSPACE:proc}|-) +(?:%{WORD:msgid}|-) +(?:%{SYSLOG5424SD:sd}|-|) +%{GREEDYDATA:msg}" }
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
if !("_grokparsefailure" in [tags]) {
mutate {
replace => [ "@source_host", "%{syslog_hostname}" ]
replace => [ "@message", "%{syslog_message}" ]
}
}
mutate {
remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]
}
}
}
output {
elasticsearch {
hosts => ["elasticsearch-logging:9200"]
index => "k8s-%{type}-%{+YYYY.MM.dd}"
document_type => "%{type}"
workers => 1
flush_size => 20000
idle_flush_time => 10
template_overwrite => true
codec => json
}
}
Logstash-rc 配置文件:
apiVersion: v1
kind: ReplicationController
metadata:
name: logstash
labels:
k8s-app: logstash
version: v1
kubernetes.io/cluster-service: "true"
spec:
replicas: 1
selector:
k8s-app: logstash
version: v1
template:
metadata:
labels:
k8s-app: logstash
version: v1
kubernetes.io/cluster-service: "true"
spec:
nodeSelector:
role: elk
containers:
- image: registry.aliyuncs.com/slzcc/logstash-build
name: logstash
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 514
name: input
protocol: TCP
- containerPort: 514
name: output
protocol: UDP
command:
- '/logstash-5.1.1/bin/logstash'
- '-f'
- '/etc/logstash/logstash.conf'
- '-w 20'
volumeMounts:
- mountPath: "/etc/logstash/"
name: config-volume
volumes:
- name: config-volume
configMap:
name: logstash
Logstash-svc 配置文件:
apiVersion: v1
kind: Service
metadata:
name: logstash
labels:
k8s-app: logstash
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "logstash"
spec:
ports:
- port: 514
name: input
protocol: TCP
targetPort: input
# - port: 514
# name: output
# protocol: UDP
# targetPort: output
selector:
k8s-app: logstash
clusterIP: None
Lospout-daemon 配置文件:
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: logspout-elasticsearch
labels:
k8s-app: logspout-logging
spec:
template:
metadata:
labels:
name: logspout-elasticsearch
spec:
containers:
nodeSelector:
role: elk
- name: logspout-elasticsearch
image: registry.aliyuncs.com/slzcc/logspout-logstash
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
env:
- name: "ROUTE_URIS"
value: "logstash+tcp://logstash:514"
volumeMounts:
- mountPath: "/var/run/docker.sock"
name: sock
volumes:
- hostPath:
path: "/var/run/docker.sock"
name: sock
terminationGracePeriodSeconds: 30