3 K8s安裝ELK+filebeat
1 Filebeat:
apiVersion: v1
kind: Service
metadata:
name: XX
spec:
ports:
- name: http
port:
targetPort: http
selector:
app: XX---
apiVersion: apps/v1
kind: Deployment
metadata:
name: XX
labels:
app: XX
spec:
replicas:
minReadySeconds:
revisionHistoryLimit:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: %
maxSurge: %
selector:
matchLabels:
app: XX
template:
metadata:
labels:
app: XX
spec:
terminationGracePeriodSeconds:
imagePullSecrets:
- name: registry-key
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:6.2.
args: [
"-c", "/etc/filebeat/filebeat.yml",
]
volumeMounts:
- name: app-logs
mountPath: /aaa/log
- name: filebeat-config
mountPath: /etc/filebeat/
- name: forecast-user-profile
image: your_application_imageURL
volumeMounts:
- name: app-logs
mountPath: /var/log
#imagePullPolicy: IfNotPresent
imagePullPolicy: Always
ports:
- name: http
containerPort:
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: forecast-conf
key: db_host
- name: DB_PORT
valueFrom:
configMapKeyRef:
name: forecast-conf
key: db_port
- name: DB_NAME
valueFrom:
configMapKeyRef:
name: forecast-conf
key: db_name
- name: DB_USER
valueFrom:
secretKeyRef:
name: db-auth
key: username
- name: DB_PWD
valueFrom:
secretKeyRef:
name: db-auth
key: password
volumes:
- name: app-logs
emptyDir: {}
- name: filebeat-config
configMap:
name: filebeat-config # lifecycle:
# preStop:
# exec:
# command: ["consul", "leave']
# PostStart:
# exec:
# command: ["consule", "entry"]
# livenessProbe:
# readinessProbe:
# resources:
# workingDir:
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
data:
filebeat.yml: |
filebeat.prospectors:
- input_type: log
paths:
- "/aaa/log/*.log"
output.elasticsearch:
hosts: ["logstash-elasticsearch-service:9200"]
2 Elasticsearch:
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
elastic-app: elasticsearch
role: data
name: logstash-elasticsearch-deployment
spec:
replicas:
revisionHistoryLimit:
selector:
matchLabels:
elastic-app: elasticsearch
template:
metadata:
labels:
elastic-app: elasticsearch
role: data
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:6.2.
ports:
- containerPort:
protocol: TCP
volumeMounts:
- name: esdata
mountPath: /usr/share/elasticsearch/data
env:
- name: "ES_JAVA_OPTS"
value: "-Xms256m -Xmx256m"
volumes:
- name: esdata
emptyDir: {}
initContainers:
- image: alpine:3.6
command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"]
name: elasticsearch-logging-init
securityContext:
privileged: true
---
kind: Service
apiVersion: v1
metadata:
labels:
elastic-app: elasticsearch-service
name: logstash-elasticsearch-service
spec:
ports:
- port:
targetPort:
selector:
elastic-app: elasticsearch
type: NodePort
3 kibana:
---
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
elastic-app: kibana
name: kibana
spec:
replicas:
revisionHistoryLimit:
selector:
matchLabels:
elastic-app: kibana
template:
metadata:
labels:
elastic-app: kibana
spec:
containers:
- name: kibana
image: docker.elastic.co/kibana/kibana:6.2.
ports:
- containerPort:
protocol: TCP
volumeMounts:
- name: config-volume
mountPath: /opt/kibana/config
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: config-volume
configMap:
name: logging-configmap
items:
- key: kibana.yml
path: kibana.yml ---
kind: Service
apiVersion: v1
metadata:
labels:
elastic-app: kibana
name: kibana-service
spec:
ports:
- port:
targetPort:
selector:
elastic-app: kibana
type: NodePort
apiVersion: v1
kind: ConfigMap
metadata:
name: logging-configmap
namespace: default
data:
logstash.yml: |
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline ## Disable X-Pack
## see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
xpack.monitoring.enabled: false
logstash.conf: |
# all input will come from filebeat, no local logs
input {
beats {
port =>
}
} ## some more advanced filtering and tagging of incoming kubernetes logs is done in logstash
filter {
if [type] == "kube-logs" {
mutate {
rename => ["log", "message"]
add_tag => [ "pelias", "kubernetes" ]
} date {
match => ["time", "ISO8601"]
remove_field => ["time"]
} # all standard container logs files match a common pattern
grok {
match => { "source" => "%{DATA:pod_name}" }
remove_field => ["source"]
} # system services have a simpler log filename format that does not include namespace, pod names, or container ids
grok {
match => { "source" => "%{DATA:container_name}" }
add_field => { "namespace" => "default" }
remove_field => ["source"]
}
}
} output {
elasticsearch {
hosts => [ "logstash-elasticsearch-service:9200" ]
}
} kibana.yml: |
## Default Kibana configuration from kibana-docker.
## from https://github.com/elastic/kibana-docker/blob/master/build/kibana/config/kibana.yml
#
#server.host: ""
elasticsearch.url: http://logstash-elasticsearch-service:9200
## Disable X-Pack
## see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
## https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html#xpack-enabling
#
xpack.security.enabled: false
xpack.monitoring.enabled: false
xpack.ml.enabled: false
xpack.graph.enabled: false
xpack.reporting.enabled: false
4: 常用命令:
kubectl delete -f xxxxxxxxx.yaml
kubectl creatge -f xxxxxxxxxx.yaml
kubectl get pods
kubectl get service
kubectl logs -f podname containername -n namespacename
kubectl exec -it podname sh
kubectl get pod podname -o yaml
3 K8s安裝ELK+filebeat的更多相关文章
- 基于docker部署使用ELK+FileBeat日志管理平台
Docker从狭义上来讲就是一个进程,从广义上来讲是一个虚拟容器,专业叫法为 Application Container(应用容器).Docker进程和普通的进程没有任何区别,它就是一个普通的应用进程 ...
- elk + filebeat,6.3.2版本简单搭建,实现我们自己的集中式日志系统
前言 刚从事开发那段时间不习惯输出日志,认为那是无用功,徒增代码量,总认为自己的代码无懈可击:老大的叮嘱.强调也都视为耳旁风,最终导致的结果是我加班排查问题,花的时间还挺长的,要复现问题.排查问题等, ...
- ELK + filebeat集群部署
ELK + filebeat集群部署 一.ELK简介 1. Elasticsearch Elasticsearch是一个实时的分布式搜索分析引擎, 它能让你以一个之前从未有过的速度和规模,去探索你的数 ...
- ELK + Filebeat日志分析系统安装
之前搭建过elk,用于分析日志,无奈服务器资源不足,开了多个Logstash之后发现占用内存过高,于是现在改为Filebeat做日志收集,记录一下搭建过程和遇到问题的解决方案. 第一步 , 安装jdk ...
- 免安裝、免設定的 Hadoop 開發環境 - cloudera 的 QuickStart VM
cloudera 的 QuickStart VM,為一種免安裝.免設定 Linux 及 Hadoop,已幫你建好 CDH 5.x.Hadoop.Eclipse 的一個虛擬機環境.下載後解壓縮,可直接以 ...
- 安裝 14.04.1 Ubuntu 到 Lenovo thinkpad t460p
在 Lenovo Thinkpad T460p 安裝 ubuntu, BIOS 需要做一些設定, 沒設定的現象:不斷地停在 usb disk 設定 可以 使用 usb disk install 了!
- Ubuntu 安裝 嘸蝦米 輸入法
O S : 14.04.1-Ubuntu 加入fcitx開發團隊的repository: sudo add-apt-repository ppa:fcitx-team/nightly sudo apt ...
- Linux下安裝Oracle database內核參數設置
參考:1529864.1 ************************************************** RAM ...
- 從 Internet 安裝 Cygwin
從 Internet 安裝 Cygwin 如果您有高速的 Internet 連線, 可以考慮用這個方法, 否則不建議使用 執行 setup.exe Cygwin Setup 畫面, 按 Next. C ...
随机推荐
- ElasticSearch(二十一)正排和倒排索引
1.区别 搜索的时候,要依靠倒排索引:排序的时候,需要依靠正排索引,看到每个document的每个field,然后进行排序,所谓的正排索引,其实就是doc values 在建立索引的时候,一方面会建立 ...
- python爬虫之Selenium
Selenium的使用 #!/usr/bin/env python # -*- coding:utf-8 -*- """ Selenium是一个第三方模块,可以完全模拟用 ...
- Opennms -安装
参考官方网站:https://docs.opennms.org/opennms/releases/latest/guide-install/guide-install.html#gi-install- ...
- centOS-64位通过YUM源安装nginx
第一步:在 /etc/yum.repos.d/ 目录下,建立名叫nginx.repo的软件源配置文件. 文件 nginx.repo 的内容是: [nginx] name=nginx re ...
- HTML5离线存储和本地缓存
一.离线存储 有一个web应用有三个文件index.html,a.js,b.css,现在需要把js和css文件缓存起来 1.在index.html里加上<html manifest=" ...
- PAT 天梯赛 L3-001. 凑零钱 【DP】【DFS】
题目链接 https://www.patest.cn/contests/gplt/L3-001 思路 DP[I][J] I 表示第几个物品 J 表示多少钱 dp[i][j] 为 bool 值 表示 当 ...
- 每天一个Linux命令(19)find命令_初识
Linux下find命令在目录结构中搜索文件,并执行指定的操作. (1)用法: 用法: find pathname -option [-print | -exec | -ok] ...
- 删除power by dedecms的方法
在include/dedesql.class.php文件,会发现最新的include/dedesql.class.php文件会多出第588到第592行的那几段代码,代码如下图: $arrs1 = ar ...
- 织梦dedecms 扩展channel栏目标签 获取交叉栏目名称和链接
channel栏目标签默认有调用顶级栏目(top).子栏目(son).同级栏目(self),那想获取交叉栏目的名称和链接怎么获取呢? 其实在原来的代码上改一下就可以了.下面是具体代码.打开文件chan ...
- Codeforces 876C Classroom Watch:枚举
题目链接:http://codeforces.com/contest/876/problem/C 题意: 定义函数:f(x) = x + 十进制下x各位上的数字之和 给你f(x)的值(f(x) < ...