helm部署Filebeat + ELK
helm部署Filebeat + ELK
系統架構圖:html
1) 多個Filebeat在各個Node進行日誌採集,而後上傳至Logstashjava
2) 多個Logstash節點並行(負載均衡,不做爲集羣),對日誌記錄進行過濾處理,而後上傳至Elasticsearch集羣git
3) 多個Elasticsearch構成集羣服務,提供日誌的索引和存儲能力github
4) Kibana負責對Elasticsearch中的日誌數據進行檢索、分析docker
1. Elasticsearch部署
官方chart地址:https://github.com/elastic/helm-charts/tree/master/elasticsearchjson
建立logs命名空間bash
kubectl create ns logs
添加elastic helm charts 倉庫架構
helm repo add elastic https://helm.elastic.co
安裝負載均衡
helm install --name elasticsearch elastic/elasticsearch --namespace logs
參數說明elasticsearch
image: "docker.elastic.co/elasticsearch/elasticsearch"
imageTag: "7.2.0"
imagePullPolicy: "IfNotPresent"
podAnnotations: {}
esJavaOpts: "-Xmx1g -Xms1g"
resources:
requests:
cpu: "100m"
memory: "2Gi"
limits:
cpu: "1000m"
memory: "2Gi"
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "nfs-client"
resources:
requests:
storage: 50Gi
2. Filebeat部署
官方chart地址:https://github.com/elastic/helm-charts/tree/master/filebeat
Add the elastic helm charts repo
helm repo add elastic https://helm.elastic.co
Install it
helm install --name filebeat elastic/filebeat --namespace logs
參數說明:
image: "docker.elastic.co/beats/filebeat"
imageTag: "7.2.0"
imagePullPolicy: "IfNotPresent"
resources:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "1000m"
memory: "200Mi"
那麼問題來了,filebeat默認收集宿主機上docker的日誌路徑:/var/lib/docker/containers。若是咱們修改了docker的安裝路徑要怎麼收集呢,很簡單修改chart裏的DaemonSet文件裏邊的hostPath參數:
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers #改成docker安裝路徑
對java程序的報錯異常log實現多行合併,用multiline定義正則來匹配。
filebeatConfig:
filebeat.yml: |
filebeat.inputs:
- type: docker
containers.ids:
- '*'
multiline.pattern: '^[0-9]'
multiline.negate: true
multiline.match: after
processors:
- add_kubernetes_metadata:
in_cluster: true
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
3. Kibana部署
官方chart地址:https://github.com/elastic/helm-charts/tree/master/kibana
Add the elastic helm charts repo
helm repo add elastic https://helm.elastic.co
Install it
helm install --name kibana elastic/kibana --namespace logs
參數說明:
elasticsearchHosts: "http://elasticsearch-master:9200"
replicas: 1
image: "docker.elastic.co/kibana/kibana"
imageTag: "7.2.0"
imagePullPolicy: "IfNotPresent"
resources:
requests:
cpu: "100m"
memory: "500m"
limits:
cpu: "1000m"
memory: "1Gi"
4. Logstash部署
官方chart地址:https://github.com/helm/charts/tree/master/stable/logstash
安裝
$ helm install --name logstash stable/logstash --namespace logs
參數說明:
image: repository: docker.elastic.co/logstash/logstash-oss tag: 7.2.0 pullPolicy: IfNotPresent persistence: enabled: true storageClass: "nfs-client" accessMode: ReadWriteOnce size: 2Gi
匹配label:json的pod日誌,沒有的話正常收集。
filebeatConfig:
filebeat.yml: |
filebeat.autodiscover:
providers:
- type: kubernetes
templates:
- condition:
equals:
kubernetes.labels.logFormat: "json"
config:
- type: docker
containers.ids:
- "${data.kubernetes.container.id}"
json.keys_under_root: true
json.overwrite_keys: true
json.add_error_key: true
- config:
- type: docker
containers.ids:
- "${data.kubernetes.container.id}"
processors:
- add_kubernetes_metadata:
in_cluster: true
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
5. Elastalert部署
官方chart地址:https://github.com/helm/charts/tree/master/stable/elastalert
安裝
helm install -n elastalert ./elastalert --namespace logs
效果圖:
原文出處:https://www.cnblogs.com/Dev0ps/p/11465673.html
- 1. helm部署Filebeat + ELK
- 2. Docker 部署 elk + filebeat
- 3. filebeat + ELK 部署篇
- 4. ELK套件FileBeat部署
- 5. ELK + filebeat集羣部署
- 6. ELK部署詳解--filebeat
- 7. Filebeat+ELK部署文檔
- 8. elk(elasticsearch、logstast,kibana)filebeat部署與實踐
- 9. Filebeat安裝部署
- 10. ELK6.3.2+filebeat部署過程
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • ionic 頭部與底部 - ionic 教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • NewSQL-TiDB相關
-
每一个你不满意的现在,都有一个你没有努力的曾经。