K8S-ELK日志系统 之一:elasticseatch集群

Posted 老马

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了K8S-ELK日志系统 之一:elasticseatch集群相关的知识,希望对你有一定的参考价值。

生产环境中,我们应当把监控系统和日志系统部署在生产环境之外的自主环境或者Kubernetes集群之上,此处仅为练习。

k8s: v1.21.5

Docker :20.10.5

elasticsearch:  7.16.0(也可以选择自带jdk的版本)

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.0-no-jdk-amd64.deb 

基础镜像:本地仓库:harbor.myland.com/baseimages/openjdk:11

1、创建NFS共享存储

mkdir /data/elasticsearch

echo "/data/elasticsearch *(rw,sync,no_root_squash,no_subtree_check)" >> /etc/exports

exportfs -arv 

NFS地址:10.0.8.131:/data/elasticsearch

2、创建namespace

 apiVersion: v1
 kind: Namespace
 metadata:
    name: es
    labels:
      name: es
es_namespace.yaml

3、创建账号和角色,并绑定

 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: nfs-provisioner
   namespace: neo4j
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
    name: nfs-provisioner-runner
 rules:
    -  apiGroups: [""]
       resources: ["persistentvolumes"]
       verbs: ["get", "list", "watch", "create", "delete"]
    -  apiGroups: [""]
       resources: ["persistentvolumeclaims"]
       verbs: ["get", "list", "watch", "update"]
    -  apiGroups: ["storage.k8s.io"]
       resources: ["storageclasses"]
       verbs: ["get", "list", "watch"]
    -  apiGroups: [""]
       resources: ["events"]
       verbs: ["list", "watch", "create", "update", "patch"]
    -  apiGroups: [""]
       resources: ["services", "endpoints"]
       verbs: ["get","create","list", "watch","update"]
    -  apiGroups: ["extensions"]
       resources: ["podsecuritypolicies"]
       resourceNames: ["nfs-provisioner"]
       verbs: ["use"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: run-nfs-provisioner
 subjects:
   - kind: ServiceAccount
     name: nfs-provisioner
     namespace: neo4j
 roleRef:
   kind: ClusterRole
   name: nfs-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
sc_bind_role.yaml

4、创建nfs-provisioner

参考:https://blog.csdn.net/weixin_41004350/article/details/90168631

使用镜像:image: easzlab/nfs-subdir-external-provisioner:v4.0.1代替 quay.io/external_storage/nfs-client-provisioner:latest,该镜像会报selfLink empty,,导致无法创建pv

 kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: nfs-client-provisioner
   namespace: es
   labels:
     app: nfs-client-provisioner
 spec:
   replicas: 1
   strategy:
     type: Recreate
   selector:
     matchLabels:
       app: nfs-client-provisioner
   template:
     metadata:
       labels:
         app: nfs-client-provisioner
     spec:
       serviceAccount: nfs-provisioner
       containers:
         - name: nfs-client-provisioner
           #image: quay.io/external_storage/nfs-client-provisioner:latest
           image: easzlab/nfs-subdir-external-provisioner:v4.0.1
           volumeMounts:
             - name: nfs-client-root
               mountPath: /persistentvolumes
           env:
             - name: PROVISIONER_NAME
               value: nfs-provisioner
             - name: NFS_SERVER
               value: 10.0.8.131
             - name: NFS_PATH
               value: /data/elasticsearch
       volumes:
         - name: nfs-client-root
           nfs:
             server: 10.0.8.131
             path: /data/elasticsearch
nfs-provissioner.yaml

 

3、创建storageclass

 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: managed-nfs-storage
 provisioner: nfs-provisioner
 parameters:
   archiveOnDelete: "true"
storageclass.yaml

       绑定上一步创建的:nfs-provisioner

4、创建Dockerfile

  harbor.myland.com/baseimages/openjdk:11
  entrypoint.sh /
  elasticsearch-7.16.0-no-jdk-amd64.deb /
  cd / && dpkg -i elasticsearch-7.16.0-no-jdk-amd64.deb && \\
     chown -R  elasticsearch /usr/share/elasticsearch  && \\
     chown -R elasticsearch /etc/elasticsearch  && \\
     chown -R elasticsearch /etc/default/elasticsearch && \\
     chmod +x /entrypoint.sh
  ["/entrypoint.sh"]
  ["/bin/bash","-c","while true;do sleep 5;done"]
Dockerfile
 #! /bin/bash
 chown -R elasticsearch /data/
 echo "cluster.name: $CLUSTER_NAME" > /etc/elasticsearch/elasticsearch.yml
 echo "node.name: node-`hostname |awk -F\'-\' \'print $2\'`" >> /etc/elasticsearch/elasticsearch.yml
 echo "network.host: `hostname -i`" >> /etc/elasticsearch/elasticsearch.yml
 echo "http.port: $HTTP_PORT" >> /etc/elasticsearch/elasticsearch.yml
 echo "discovery.seed_hosts: $SEED_HOSTS" >> /etc/elasticsearch/elasticsearch.yml
 echo "cluster.initial_master_nodes: $MASTER_NODES " >> /etc/elasticsearch/elasticsearch.yml
 echo "path.data: /data/lib/elasticsearch" >> /etc/elasticsearch/elasticsearch.yml
 echo "path.logs: /data/log/elasticsearch" >> /etc/elasticsearch/elasticsearch.yml
 /etc/init.d/elasticsearch start
 
 exec "$@"
entrypoint.sh

变量通过创建容器时传入

5、elasticsearch_statefulset.yaml

创建service,集群通过传入的变量,生成elasticsearch配置文件

elasticsearch_statefulset.yaml

在nfs服务器目录下,可以看到自动创建的卷

6、验证

  进入es-0查看es集群状态

  外部访问:

      通过elasticsearch head插件查看:

 

 

 

 

      

 

 

 

 

 

 

 

以上是关于K8S-ELK日志系统 之一:elasticseatch集群的主要内容,如果未能解决你的问题,请参考以下文章

震惊全网的ELK日志分析系统(齐全详细理论+搭建步骤图释)

震惊全网的ELK日志分析系统(齐全详细理论+搭建步骤图释)

Linux ELK日志分析系统 | logstash日志收集 | elasticsearch 搜索引擎 | kibana 可视化平台 | 架构搭建 | 超详细

Geoserver 审计日志停止工作

ElasticSearch集群日志限制问题

Erlang - 入门之一日志系统如何打印输出使用lager框架