# 系統 Log 資料收集至 EFK

今晚簡略說一下，如何透過HELM安裝EFK在K8s中

## EFK 安裝

```bash
# install EFK
helm install --name efk stable/elastic-stack -f efk-values.yaml

# upgrade
helm upgrade efk stable/elastic-stack -f efk-values.yaml

```

### Values 參數介紹

來看下`efk-values.yaml`的內容概要

```yaml
# Default values for elk.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
elasticsearch:
  enabled: true

kibana:
  enabled: true
  env:
    ELASTICSEARCH_HOSTS: http://{{ .Release.Name }}-elasticsearch-client:9200

logstash:
  enabled: false
  # elasticsearch:
  #   host: elastic-stack-elasticsearch-client

filebeat:
  enabled: false
  # config:
  #   output.file.enabled: false
  #   output.logstash:
  #     hosts: ["elastic-stack-logstash:5044"]
  # indexTemplateLoad:
  #   - elastic-stack-elasticsearch-client:9200

fluentd:
  enabled: false

fluent-bit:
  enabled: true

fluentd-elasticsearch:
  enabled: false

nginx-ldapauth-proxy:
  enabled: false
  # Example config to get it working with ELK. Adjust as you need to.
  # proxy:
  #   port: 5601
  #   # This is the internal hostname for the kibana service
  #   host: "elk-kibana.default.svc.cluster.local"
  #   authName: "ELK:Infrastructure:LDAP"
  #   ldapHost: "ldap.example.com"
  #   ldapDN: "dc=example,dc=com"
  #   ldapFilter: "objectClass=organizationalPerson"
  #   ldapBindDN: "cn=reader,dc=example,dc=com"
  #   requires:
  #     - name: "ELK-USER"
  #       filter: "cn=elkuser,ou=groups,dc=example,dc=com"
  # ingress:
  #   enabled: true
  #   hosts:
  #     - "elk.example.com"
  #   annotations:
  #     kubernetes.io/ingress.class: nginx
  #   tls:
  #     - hosts:
  #       - elk.example.com
  #       secretName: example-elk-tls
  # secrets:
  #   ldapBindPassword: PASSWORD
elasticsearch-curator:
  enabled: false

elasticsearch-exporter:
  enabled: false
```

基本上以下幾項，勢必要安裝之項目，其他則是需求而選

* elasticsearch
* kibana
* fluent-bit
  * 以下是非必選，但有機會用到。
  * elasticsearch-curator \~ 這是作為ES index 管理的好工具，此時不用未來仍然會用到。
  * elasticsearch-exporter \~ 這是給予Prometheus收集有關ES Metric系統狀態的元件。

### 元件

安裝後有下列元件，並且以不同的部屬模式完成元件安裝。

```bash
kubectl get deploy,sts,ds
NAME                                             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/efk-elasticsearch-client   2         2         2            2           1d
deployment.extensions/efk-kibana                 1         1         1            1           1d

NAME                                        DESIRED   CURRENT   AGE
statefulset.apps/efk-elasticsearch-data     3         3         1d
statefulset.apps/efk-elasticsearch-master   3         3         1d

NAME                                  DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.extensions/efk-fluent-bit   3         3         3       3            3           <none>          1d
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://fufu.gitbook.io/kk8s/task-memory/18.log-output-efk.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.