k8s系列---EFK日志系统
文章拷于:http://blog.itpub.net/28916011/viewspace-2216748/ 用于本身备份记录错误html
一个完整的k8s集群,应该包含以下六大部分:kube-dns、ingress-controller、metrics server监控系统、dashboard、存储和EFK日志系统。node
咱们的日志系统要部署在k8s集群以外,这样即便整个k8s集群宕机了,咱们还能从外置的日志系统查看到k8s宕机前的日志。 python
另外,咱们生产部署的日志系统要单独放在一个存储卷上。 这里咱们为了方便,本次测试关闭了日志系统的存储卷功能。docker
一、添加incubator源(这个源是开发版的安装包,用起来可能不稳定) shell
访问https://hub.kubeapps.com/chartsjson
[root@master ~]# helm repo list NAME URL local http://127.0.0.1:8879/charts stablehttps://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
[root@master efk]# helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com "incubator" has been added to your repositories
[root@master efk]# helm repo list NAME URL local http://127.0.0.1:8879/charts stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts incubatorhttps://kubernetes-charts-incubator.storage.googleapis.com
二、下载elasticsearch vim
[root@master efk]# helm fetch incubator/elasticsearch [root@master efk]# ls elasticsearch-1.10.2.tgz [root@master efk]# tar -xvf elasticsearch-1.10.2.tgz
三、关闭存储卷(生产上不要关,咱们这里为了测试方便才关的)api
[root@master efk]# vim elasticsearch/values.yaml
把
persistence:
enabled: true
改为
persistence:
enabled: false
有两处须要改
上面咱们关闭了存储卷的功能,而改用本地目录来存储日志。 浏览器
四、建立单独的名称空间 bash
[root@master efk]# kubectl create namespace efk namespace/logs created
[root@master efk]# kubectl get ns NAME STATUS AGE ekf Active 13s
五、把elasticsearch安装在efk名称空间中 ,我没用这个方式,用的下面的
[root@master efk]# helm install --name els1 --namespace=efk -f elasticsearch/values.yaml incubator/elasticsearch
NAME: els1
LAST DEPLOYED: Thu Oct 18 01:59:15 2018
NAMESPACE: efk
STATUS: DEPLOYED
RESOURCES:
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
els1-elasticsearch-client-58899f6794-gxn7x 0/1 Pending 0 0s
els1-elasticsearch-client-58899f6794-mmqq6 0/1 Pending 0 0s
els1-elasticsearch-data-0 0/1 Pending 0 0s
els1-elasticsearch-master-0 0/1 Pending 0 0s
==> v1/ConfigMap
NAME DATA AGE
els1-elasticsearch 4 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
els1-elasticsearch-client ClusterIP 10.103.147.142 <none> 9200/TCP 0s
els1-elasticsearch-discovery ClusterIP None <none> 9300/TCP 0s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
els1-elasticsearch-client 2 0 0 0 0s
==> v1beta1/StatefulSet
NAME DESIRED CURRENT AGE
els1-elasticsearch-data 2 1 0s
els1-elasticsearch-master 3 1 0s
NOTES:
The elasticsearch cluster has been installed.
***
Please note that this chart has been deprecated and moved to stable.
Going forward please use the stable version of this chart.
***
Elasticsearch can be accessed:
* Within your cluster, at the following DNS name at port 9200:
els1-elasticsearch-client.efk.svc
* From outside the cluster, run these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace efk -l "app=elasticsearch,component=client,release=els1" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:9200 to use Elasticsearch"
kubectl port-forward --namespace efk $POD_NAME 9200:9200
说明:--name els1是chart部署后的release名字,名字本身随便取就行。
上面咱们是经过values.yaml文件在线安装的els。可是咱们已经下载els安装包了,也能够经过下载的els包进行离线安装,以下:
[root@master efk]# ls elasticsearch elasticsearch-1.10.2.tgz
root@master efk]# helm install --name els1 --namespace=efk ./elasticsearch
说明:./elasticsearch就是当前els安装包目录的名字。
安装完后,咱们就能在efk名称空间中看到相应的pods资源了(我在安装elasticsearch时,当时是安装不上的,由于说是打不开elasticseartch的官网,也就是不能再这个官网下载镜像,后来我就放置了两天没管,再登陆上看,发现镜像居然本身下载好了,真是有意思)我是第一次没安装成,机器内存小了,而后又加的内存。删掉了这个namespace次日又从新建的,而后一次成功了。
故障二: els1-...client 出现了READY 0/1的状态,describe发现健康检查没经过,进到pod里去ping其余node的pod发现ping不通了,其余pod也是这种状况,不一样node之间的pod是不通的,ip route show 有问题,参照flannel那一章 。很奇葩,没找到问题,flannel是正常的。但就是不通。删了flannel又从新搞了一次flannel 最后就行了
[root@master efk]# kubectl get pods -n efk -o wide NAME READY STATUS RESTARTS AGE IP NODE els1-elasticsearch-client-78b54979c5-kzj7z 1/1 Running 2 1h 10.244.2.157 node2 els1-elasticsearch-client-78b54979c5-xn2gb 1/1 Running 1 1h 10.244.2.151 node2 els1-elasticsearch-data-0 1/1 Running 0 1h 10.244.1.165 node1 els1-elasticsearch-data-1 1/1 Running 0 1h 10.244.2.169 node2 els1-elasticsearch-master-0 1/1 Running 0 1h 10.244.1.163 node1 els1-elasticsearch-master-1 1/1 Running 0 1h 10.244.2.168 node2 els1-elasticsearch-master-2 1/1 Running 0 57m 10.244.1.170 node1
查看安装好的release:
[root@master efk]# helm list NAME REVISIONUPDATED STATUS CHART NAMESPACE els1 1 Thu Oct 18 23:11:54 2018DEPLOYEDelasticsearch-1.10.2efk
查看els1的状态:
[root@k8s-master1 ~]# helm status els1
* Within your cluster, at the following DNS name at port 9200:
els1-elasticsearch-client.efk.svc ##这个就是els1 service的主机名
* From outside the cluster, run these commands in the same shell:
export POD_NAME=$(kubectl get pods --namespace efk -l "app=elasticsearch,component=client,release=els1" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:9200 to use Elasticsearch"
kubectl port-forward --namespace efk $POD_NAME 9200:9200
cirror是专门为测试虚拟环境的客户端,它能够快速建立一个kvm的虚拟机,一共才几兆的大小,并且里面提供的工具仍是比较完整的。
下面咱们运行cirror:
[root@k8s-master1 ~]# kubectl run cirror-$RANDOM --rm -it --image=cirros -- /bin/sh kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead. If you don't see a command prompt, try pressing enter. / # / # nslookup els1-elasticsearch-client.efk.svc Server: 10.96.0.10 Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local Name: els1-elasticsearch-client.efk.svc Address 1: 10.103.105.170 els1-elasticsearch-client.efk.svc.cluster.local
由于我删除namespace后出现了其余问题,最后重启了集群,没想到flannel又鸡巴的出问题了,routing模式又没了,而后nslookup一直出问题,我还觉得个人版本又出了问题,最后删了flannel又从新生成
-rm:表示退出咱们就直接删除掉
-it:表示交互式登陆
上面咱们看到els1-elasticsearch-client.efk.svc服务名解析出来的ip地址。
下面咱们再访问http:els1-elasticsearch-client.efk.svc:9200 页面:
/ # curl els1-elasticsearch-client.efk.svc:9200
curl: (6) Couldn't resolve host 'els1-elasticsearch-client.efk.svc'
/ #
/ # curl els1-elasticsearch-client.efk.svc.cluster.local:9200
{
"name" : "els1-elasticsearch-client-b898c9d47-5gwzq",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "RFiD2ZGWSAqM2dF6wy24Vw",
"version" : {
"number" : "6.4.2",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
看里面的内容:
/ # curl els1-elasticsearch-client.efk.svc.cluster.local:9200/_cat
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates
看有几个节点:
/ # curl els1-elasticsearch-client.efk.svc.cluster.local:9200/_cat/nodes 10.244.2.104 23 95 0 0.00 0.02 0.05 di - els1-elasticsearch-data-0 10.244.4.83 42 99 1 0.01 0.11 0.13 mi * els1-elasticsearch-master-1 10.244.4.81 35 99 1 0.01 0.11 0.13 i - els1-elasticsearch-client-b898c9d47-5gwzq 10.244.4.84 31 99 1 0.01 0.11 0.13 mi - els1-elasticsearch-master-2 10.244.2.105 35 95 0 0.00 0.02 0.05 i - els1-elasticsearch-client-b898c9d47-shqd2 10.244.4.85 18 99 1 0.01 0.11 0.13 di - els1-elasticsearch-data-1 10.244.4.82 40 99 1 0.01 0.11 0.13 mi - els1-elasticsearch-master-0
六、把fluentd安装在efk空间中
[root@k8s-master1 ~]# helm fetch incubator/fluentd-elasticsearch
[root@k8s-master1 ~]# tar -xvf fluentd-elasticsearch-0.7.2.tgz
[root@k8s-master1 ~]# cd fluentd-elasticsearch
[root@k8s-master1 fluentd-elasticsearch]# vim values.yaml
一、改其中的host: 'elasticsearch-client',改为host: 'els1-elasticsearch-client.efk.svc.cluster.local'表示到哪找咱们的elasticsearch服务。
二、改tolerations污点,表示让k8s master也能接受部署fluentd pod,这样才能收集主节点的日志:
把
tolerations: {}
# - key: node-role.kubernetes.io/master
# operator: Exists
# effect: NoSchedule
改为
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
三、改annotations,这样也就能收集监控prometheus的日志了
把
annotations: {}
# prometheus.io/scrape: "true"
# prometheus.io/port: "24231"
大概就这个位置个人annotations下面是PodAnnktation的位置,底下改的。改为
annotations:
prometheus.io/scrape: "true" prometheus.io/port: "24231"
同时把
service: {}
# type: ClusterIP
# ports:
# - name: "monitor-agent"
# port: 24231
改为
service:
type: ClusterIP
ports:
- name: "monitor-agent"
port: 24231
这样经过service 24231找监控prometheus的fluentd
开始安装fluentd:
[root@k8s-master1 fluentd-elasticsearch]# helm install --name fluentd1 --namespace=efk -f values.yaml ./
[root@k8s-master1 fluentd-elasticsearch]# helm list NAME REVISIONUPDATED STATUS CHART NAMESPACE els1 1 Sun Nov 4 09:37:35 2018DEPLOYEDelasticsearch-1.10.2 efk fluentd11 Tue Nov 6 09:28:42 2018DEPLOYEDfluentd-elasticsearch-0.7.2efk
[root@k8s-master1 fluentd-elasticsearch]# kubectl get pods -n efk
NAME READY STATUS RESTARTS AGE
els1-elasticsearch-client-b898c9d47-5gwzq 1/1 Running 0 47h
els1-elasticsearch-client-b898c9d47-shqd2 1/1 Running 0 47h
els1-elasticsearch-data-0 1/1 Running 0 47h
els1-elasticsearch-data-1 1/1 Running 0 45h
els1-elasticsearch-master-0 1/1 Running 0 47h
els1-elasticsearch-master-1 1/1 Running 0 45h
els1-elasticsearch-master-2 1/1 Running 0 45h
fluentd1-fluentd-elasticsearch-9k456 1/1 Running 0 2m28s
fluentd1-fluentd-elasticsearch-dcnsc 1/1 Running 0 2m28s
fluentd1-fluentd-elasticsearch-p5h88 1/1 Running 0 2m28s
fluentd1-fluentd-elasticsearch-sdvn9 1/1 Running 0 2m28s
fluentd1-fluentd-elasticsearch-ztm9s 1/1 Running 0 2m28s
七、把kibanna安装在efk空间中
注意,安装kibana的版本号必定要和elasticsearch的版本号一致,不然两者没法结合起来。我刚开始没在乎,后面看日志发现的确有这个问题的存在,而后把kibanna的value.yaml改为了和es一致的版本,两个版本能够从value里看到
[root@k8s-master1 ~]# helm fetch stable/kibana [root@k8s-master1 ~]# ls kibana-0.2.2.tgz
[root@k8s-master1 ~]# tar -xvf kibana-0.2.2.tgz [root@k8s-master1 ~]# cd kibana
修改ELASTICSEARCH_URL,把type改为NodePort类型
[root@master kibana]# cat values.yaml |more image: repository: "docker.elastic.co/kibana/kibana-oss" tag: "6.4.2" pullPolicy: "IfNotPresent" env: # All Kibana configuration options are adjustable via env vars. # To adjust a config option to an env var uppercase + replace `.` with `_` # Ref: https://www.elastic.co/guide/en/kibana/current/settings.html # ELASTICSEARCH_URL: http://els1-elasticsearch-client.efk.svc:9200 #SERVER_PORT: 9200 # LOGGING_VERBOSE: "true" # SERVER_DEFAULTROUTE: "/app/kibana" service: type: NodePort externalPort: 443 internalPort: 5601 ## External IP addresses of service ## Default: nil ## # externalIPs: # - 192.168.0.1
开始部署kibana:
[root@k8s-master1 kibana]# helm install --name=kib1 --namespace=efk -f values.yaml ./ ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kib1-kibana NodePort 10.108.188.4 <none> 443:31865/TCP 0s
[root@k8s-master1 kibana]# kubectl get svc -n efk NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE els1-elasticsearch-client ClusterIP 10.103.105.170 <none> 9200/TCP 2d22h els1-elasticsearch-discovery ClusterIP None <none> 9300/TCP 2d22h kib1-kibana NodePort 10.108.188.4 <none> 443:31865/TCP 4m27s
[root@k8s-master1 kibana]# kubectl get pods -n efk NAME READY STATUS RESTARTS AGE els1-elasticsearch-client-b898c9d47-5gwzq 1/1 Running 0 2d22h els1-elasticsearch-client-b898c9d47-shqd2 1/1 Running 0 2d22h els1-elasticsearch-data-0 1/1 Running 0 22h els1-elasticsearch-data-1 1/1 Running 0 22h els1-elasticsearch-master-0 1/1 Running 0 2d22h els1-elasticsearch-master-1 1/1 Running 0 2d19h els1-elasticsearch-master-2 1/1 Running 0 2d19h fluentd1-fluentd-elasticsearch-9k456 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-dcnsc 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-p5h88 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-sdvn9 1/1 Running 0 22h fluentd1-fluentd-elasticsearch-ztm9s 1/1 Running 0 22h kib1-kibana-68f9fbfd84-pt2dt 0/1 Running 0 9m59s #这个镜像若是下载不下来,多等几天就下载下来了,我是一下就下载下来了
而后找个浏览器,打开宿主机ip:nodeport
不过我这个打开的页面有错误,作以下操做便可:我那个时候也有错,有时能删掉,有时删也删不掉,就没管他,最后登陆正常
[root@k8s-master1 ~]# kubectl get pods -n efk |grep ela els1-elasticsearch-client-b898c9d47-8pntr 1/1 Running 1 43h els1-elasticsearch-client-b898c9d47-shqd2 1/1 Running 1 5d13h els1-elasticsearch-data-0 1/1 Running 0 117m els1-elasticsearch-data-1 1/1 Running 0 109m els1-elasticsearch-master-0 1/1 Running 1 2d11h els1-elasticsearch-master-1 1/1 Running 0 14h els1-elasticsearch-master-2 1/1 Running 0 14h [root@k8s-master1 ~]# kubectl exec -it els1-elasticsearch-client-b898c9d47-shqd2 -n efk -- /bin/bash 删除elasticsearch下的.kibana便可 [root@els1-elasticsearch-client-b898c9d47-shqd2 elasticsearch]# curl -XDELETE http://els1-elasticsearch-client.efk.svc:9200/.kibana
最终,看到咱们作出了EFK的日志收集系统
相关文章
- 1. k8s系列---EFK日志系统
- 2. k8s-搭建 EFK 日志系统
- 3. 日志系统EFK搭建
- 4. helm,efk日志系统
- 5. kubernetes集群EFK日志系统搭建
- 6. 日志搜集系统从ELK到EFK
- 7. centos7搭建EFK日志分析系统
- 8. k8s日志:efk方案详解
- 9. 在k8s上部署日志系统elfk
- 10. [实战] 基于Docker的EFK日志系统与使用经验( 一 )-EFK部署
- 更多相关文章...
- • 系统定义的TypeHandler - MyBatis教程
- • 操作系统(OS)平台 统计 - 浏览器信息
- • Docker容器实战(七) - 容器眼光下的文件系统
- • TiDB 在摩拜单车在线数据业务的应用和实践
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章