系統 Log 資料收集至 EFK

今晚簡略說一下，如何透過HELM安裝EFK在K8s中

EFK 安裝

# install EFK
helm install --name efk stable/elastic-stack -f efk-values.yaml

# upgrade
helm upgrade efk stable/elastic-stack -f efk-values.yaml

Values 參數介紹

來看下efk-values.yaml的內容概要

# Default values for elk.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
elasticsearch:
  enabled: true

kibana:
  enabled: true
  env:
    ELASTICSEARCH_HOSTS: http://{{ .Release.Name }}-elasticsearch-client:9200

logstash:
  enabled: false
  # elasticsearch:
  #   host: elastic-stack-elasticsearch-client

filebeat:
  enabled: false
  # config:
  #   output.file.enabled: false
  #   output.logstash:
  #     hosts: ["elastic-stack-logstash:5044"]
  # indexTemplateLoad:
  #   - elastic-stack-elasticsearch-client:9200

fluentd:
  enabled: false

fluent-bit:
  enabled: true

fluentd-elasticsearch:
  enabled: false

nginx-ldapauth-proxy:
  enabled: false
  # Example config to get it working with ELK. Adjust as you need to.
  # proxy:
  #   port: 5601
  #   # This is the internal hostname for the kibana service
  #   host: "elk-kibana.default.svc.cluster.local"
  #   authName: "ELK:Infrastructure:LDAP"
  #   ldapHost: "ldap.example.com"
  #   ldapDN: "dc=example,dc=com"
  #   ldapFilter: "objectClass=organizationalPerson"
  #   ldapBindDN: "cn=reader,dc=example,dc=com"
  #   requires:
  #     - name: "ELK-USER"
  #       filter: "cn=elkuser,ou=groups,dc=example,dc=com"
  # ingress:
  #   enabled: true
  #   hosts:
  #     - "elk.example.com"
  #   annotations:
  #     kubernetes.io/ingress.class: nginx
  #   tls:
  #     - hosts:
  #       - elk.example.com
  #       secretName: example-elk-tls
  # secrets:
  #   ldapBindPassword: PASSWORD
elasticsearch-curator:
  enabled: false

elasticsearch-exporter:
  enabled: false

基本上以下幾項，勢必要安裝之項目，其他則是需求而選

• elasticsearch

• kibana

• fluent-bit

  • 以下是非必選，但有機會用到。

  • elasticsearch-curator ~ 這是作為ES index 管理的好工具，此時不用未來仍然會用到。

  • elasticsearch-exporter ~ 這是給予Prometheus收集有關ES Metric系統狀態的元件。

元件

安裝後有下列元件，並且以不同的部屬模式完成元件安裝。

kubectl get deploy,sts,ds
NAME                                             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/efk-elasticsearch-client   2         2         2            2           1d
deployment.extensions/efk-kibana                 1         1         1            1           1d

NAME                                        DESIRED   CURRENT   AGE
statefulset.apps/efk-elasticsearch-data     3         3         1d
statefulset.apps/efk-elasticsearch-master   3         3         1d

NAME                                  DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.extensions/efk-fluent-bit   3         3         3       3            3           <none>          1d