09-4.部署 EFK 插件

注意:

  1. 如果没有特殊指明,本文档的所有操作均在 zhangjun-k8s01 节点上执行
  2. kuberntes 自带插件的 manifests yaml 文件使用 gcr.io 的 docker registry,国内被墙,需要手动替换为其它 registry 地址;
  3. 可以从微软中国提供的 gcr.io 免费代理下载被墙的镜像;

修改配置文件

将下载的 kubernetes-server-linux-amd64.tar.gz 解压后,再解压其中的 kubernetes-src.tar.gz 文件。

  1. cd /opt/k8s/work/kubernetes/
  2. tar -xzvf kubernetes-src.tar.gz

EFK 目录是 kubernetes/cluster/addons/fluentd-elasticsearch

  1. $ cd /opt/k8s/work/kubernetes/cluster/addons/fluentd-elasticsearch
  2. $ cp fluentd-es-ds.yaml  fluentd-es-ds.yaml.orig
  3. $ diff fluentd-es-ds.yaml.orig fluentd-es-ds.yaml
  4. 105c105
  5. <           path: /var/lib/docker/containers
  6. ---
  7. >           path: /data/k8s/docker/data/containers/

执行定义文件

  1. $ pwd
  2. /opt/k8s/work/kubernetes/cluster/addons/fluentd-elasticsearch
  3. $ ls *.yaml
  4. es-service.yaml  es-statefulset.yaml  fluentd-es-configmap.yaml  fluentd-es-ds.yaml  kibana-deployment.yaml  kibana-service.yaml
  5. $ kubectl apply -f .

检查执行结果

  1. $ kubectl get pods -n kube-system -o wide|grep -E 'elasticsearch|fluentd|kibana'
  2. elasticsearch-logging-0                  1/1       Running   0          5m        172.30.81.7   zhangjun-k8s01
  3. elasticsearch-logging-1                  1/1       Running   0          2m        172.30.39.8   zhangjun-k8s03
  4. fluentd-es-v2.0.4-hntfp                  1/1       Running   0          5m        172.30.39.6   zhangjun-k8s03
  5. kibana-logging-7445dc9757-pvpcv          1/1       Running   0          5m        172.30.39.7   zhangjun-k8s03
  7. $ kubectl get service  -n kube-system|grep -E 'elasticsearch|kibana'
  8. elasticsearch-logging   ClusterIP   10.254.50.198    <none>        9200/TCP        5m
  9. kibana-logging          ClusterIP   10.254.255.190   <none>        5601/TCP        5m

kibana Pod 第一次启动时会用较长时间(0-20分钟)来优化和 Cache 状态页面,可以 tailf 该 Pod 的日志观察进度:

  1. $ kubectl logs kibana-logging-7445dc9757-pvpcv -n kube-system -f
  2. {"type":"log","@timestamp":"2019-05-26T11:36:18Z","tags":["info","optimize"],"pid":1,"message":"Optimizing and caching bundles for graph, ml, kibana, stateSessionStorageRedirect, timelion and status_page. This may take a few minutes"}
  3. {"type":"log","@timestamp":"2019-05-26T11:40:03Z","tags":["info","optimize"],"pid":1,"message":"Optimization of bundles for graph, ml, kibana, stateSessionStorageRedirect, timelion and status_page complete in 224.57 seconds"}

注意:只有当 Kibana pod 启动完成后,浏览器才能查看 kibana dashboard,否则会被拒绝。

访问 kibana

  1. 通过 kube-apiserver 访问:

    1.  $ kubectl cluster-info|grep -E 'Elasticsearch|Kibana'
    2.  Elasticsearch is running at https://127.0.0.1:8443/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy
    3.  Kibana is running at https://127.0.0.1:8443/api/v1/namespaces/kube-system/services/kibana-logging/proxy

    浏览器访问 URL: https://172.27.137.240:6443/api/v1/namespaces/kube-system/services/kibana-logging/proxy 对于 virtuabox 做了端口映射: http://127.0.0.1:8080/api/v1/namespaces/kube-system/services/kibana-logging/proxy

  2. 通过 kubectl proxy 访问:

    创建代理

    1.  $ kubectl proxy --address='172.27.137.240' --port=8086 --accept-hosts='^*$'
    2.  Starting to serve on 172.27.129.150:8086

    浏览器访问 URL:http://172.27.137.240:8086/api/v1/namespaces/kube-system/services/kibana-logging/proxy

    对于 virtuabox 做了端口映射: http://127.0.0.1:8086/api/v1/namespaces/kube-system/services/kibana-logging/proxy

在 Management -> Indices 页面创建一个 index(相当于 mysql 中的一个 database),选中 Index contains time-based events,使用默认的 logstash-* pattern,点击 Create ;

es-setting

创建 Index 后,稍等几分钟就可以在 Discover 菜单下看到 ElasticSearch logging 中汇聚的日志;

es-home