【Kubernetes日志收集方案】基于ECK部署生产级ElasticSearch + Kibana + FileBeat（v8.14.1）

官方文档：Deploy ECK in your Kubernetes cluster

部署ECK crd

kubectl create -f https://download.elastic.co/downloads/eck/2.13.0/crds.yaml

部署Operator

kubectl apply -f https://download.elastic.co/downloads/eck/2.13.0/operator.yaml

部署ElasticSearch集群

cat > elasticsearch.yaml << EOF
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  version: 8.14.1
  nodeSets:
  - name: master
    count: 3
    config:
      node.store.allow_mmap: false
    podTemplate:
      spec:
        initContainers:
        - name: sysctl
          securityContext:
            privileged: true
          command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 200Gi
        storageClassName: nfs-storage
EOF

kubectl apply -f elasticsearch.yaml

获取密码

kubectl get secret elasticsearch-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode; echo

部署kibana

cat > kibana.yaml << EOF
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana
spec:
  version: 8.14.1
  count: 1
  elasticsearchRef:
    name: elasticsearch
  podTemplate:
    spec:
      containers:
      - name: kibana
        env:
        - name: I18N_LOCALE
          value: "zh-CN"
EOF

kubectl apply -f kibana.yaml

访问

修改svc为NodePort或LoadBalancer

账号：elastic

密码：kubectl get secret elasticsearch-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode; echo

部署Beats（DaemonSet模式）

cat > beats.yaml << EOF
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
  name: filebeat
spec:
  type: filebeat
  version: 8.14.1
  elasticsearchRef:
    name: elasticsearch
  config:
    filebeat.inputs:
    - type: container
      paths:
      - /var/log/containers/*.log
  daemonSet:
    podTemplate:
      spec:
        dnsPolicy: ClusterFirstWithHostNet
        hostNetwork: true
        securityContext:
          runAsUser: 0
        containers:
        - name: filebeat
          volumeMounts:
          - name: varlogcontainers
            mountPath: /var/log/containers
          - name: varlogpods
            mountPath: /var/log/pods
          - name: varlibdockercontainers
            mountPath: /var/lib/docker/containers
        volumes:
        - name: varlogcontainers
          hostPath:
            path: /var/log/containers
        - name: varlogpods
          hostPath:
            path: /var/log/pods
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
EOF

kubectl apply -f beats.yaml

Elijah's Blog

【Kubernetes日志收集方案】基于ECK部署生产级ElasticSearch + Kibana + FileBeat（v8.14.1）

部署ECK crd

部署Operator

部署ElasticSearch集群

获取密码

部署kibana

访问

部署Beats（DaemonSet模式）

配置索引