装置配置 elasticsearch
- 下载 helm 包
helm pull elastic/elasticsearch
- 容器中生成 elastic 证书
#!/bin/bash
RELEASE=7.9.1
docker run --name elastic-charts-certs -i -w /app \
harbor-k8s.iwgame.com/containers/elasticsearch:$RELEASE \
/bin/sh -c " \
elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \
elasticsearch-certutil cert --name security-master --dns security-master --ca /app/elastic-stack-ca.p12 --pass ''--ca-pass'' --out /app/elastic-certificates.p12" && \
docker cp elastic-charts-certs:/app/elastic-certificates.p12 ./ && \
docker rm -f elastic-charts-certs && \
openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem
- 创立 secrets 生成账号密码和证书
kubectl create secret -n efk generic elastic-certificates --from-file=elastic-certificates.p12
kubectl create secret -n efk generic elastic-certificate-pem --from-file=elastic-certificate.pem
kubectl create secret -n efk generic elastic-credentials --from-literal=password=123 --from-literal=username=elastic
- 批改 values.yaml 文件
volumeClaimTemplate:
accessModes: ["ReadWriteOnce"]
storageClassName: "iwgame-nfs-storage"
resources:
requests:
storage: 30Gi
esConfig:
elasticsearch.yml: |
cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
- 装置 elasticsearch
helm install --namespace=logging elastic ./
- 查看 pod 运行状态
个别都须要装置奇数,因为我只有两个 node 所以部署了 2 个,生产环境倡议装置三个
装置 kibana
- 下载 helm 包
helm pull elastic/kinaba
- 批改 values.yaml 文件
extraEnvs:
- name: "NODE_OPTIONS"
value: "--max-old-space-size=1800"
- name: 'ELASTICSEARCH_USERNAME'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
- name: 'ELASTICSEARCH_PASSWORD'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
kibanaConfig:
kibana.yml: |
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://elasticsearch-master:9200"]
i18n.locale: "zh-CN"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- elastic.kibana.com
- 装置 kibana
helm install --namespace=logging kibana ./
装置 filebeat
- 下载 helm 包
helm pull elastic/filebeat
- 批改 values.yaml 文件
filebeatConfig:
filebeat.yml: |
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
matchers:
- logs_path:
logs_path: "/var/log/containers/"
output.elasticsearch:
username: 'elastic'
password: '123'
host: '${NODE_NAME}'
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
extraEnvs:
- name: 'ELASTICSEARCH_USERNAME'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
- name: 'ELASTICSEARCH_PASSWORD'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
- 装置 filebeat
helm install filebeat --namespace=logging ./
登录 kibana 输出账号密码建设索引查看数据