top of page

Kubernetes EFK (Elasticsearch, Fluentbit ve Kibana) Kurulumu


Fluentbit, yüksek performans için tasarlandı ve sadece ~450 KB hafıza kullanan çok hafif bir kaynak kullanımına sahip. Soyutlanmış bir G/Ç işleyicisi, eşzamansız ve olaya dayalı (event-driven) okuma/yazma işlemlerine izin verir. Esneklik ve güvenilirlik için, yeniden denemeleri ve tampon limitini tanımlamak için çeşitli konfigürasyon seçenekleri mevcuttur.

Kibana, Elasticsearch’ün üstünde çalışan ve kullanıcılara verileri analiz etme ve görselleştirme olanağı sağlayan bir görselleştirme katmanıdır.

Elasticsearch, Apache Lucene arama motorunu temel alan açık kaynaklı, tam metinli bir arama ve analiz motorudur.


İlk olarak Namespace create edelim



kubectl create ns monitoring

elastic yaml da storageClassName: nfs-client yaptım nfs server kurulumunu gerçekleştirmiştim onunda linkine buradan ulaşabilirsiniz.




elastic.yaml

apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: monitoring
  labels:
    app: elasticsearch
spec:
  clusterIP: None
  selector:
    app: elasticsearch
  ports:
    - name: http
      protocol: TCP
      port: 9200
    - name: node
      protocol: TCP
      port: 9300
---
 
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elasticsearch-node
  namespace: monitoring
spec:
  serviceName: elasticsearch
  replicas: 2
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
        - name: elasticsearch
          image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
          resources:
            limits:
              cpu: 1000m
              memory: 1Gi
            requests:
              cpu: 500m
              memory: 1Gi
          ports:
            - name: http
              protocol: TCP
              containerPort: 9200
            - name: node
              protocol: TCP
              containerPort: 9300
          volumeMounts:
            - name: elasticsearch-data
              mountPath: /usr/share/elasticsearch/data
          env:
            - name: cluster.name
              value: k8s-monitoring
            - name: node.name
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: discovery.seed_hosts
              value: "elasticsearch-node-0.elasticsearch,elasticsearch-node-1.elasticsearch,elasticsearch-node-2.elasticsearch"
            - name: cluster.initial_master_nodes
              value: "elasticsearch-node-0,elasticsearch-node-1,elasticsearch-node-2"
            - name: ES_JAVA_OPTS
              value: "-Xms512m -Xmx512m"
      initContainers:
        - name: chown
          image: busybox
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-data
              mountPath: /usr/share/elasticsearch/data
        - name: sysctl
          image: busybox
          command: ["sysctl", "-w", "vm.max_map_count=262144"]
          securityContext:
            privileged: true
        - name: ulimit
          image: busybox
          command: ["sh", "-c", "ulimit -n 65536"]
          securityContext:
            privileged: true
  volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        storageClassName: nfs-client
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 5Gi

fluentbit.yaml


apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluentbit
  namespace: monitoring
  labels:
    app: fluentbit
 
---
 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fluentbit
  labels:
    app: fluentbit
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - namespaces
    verbs:
      - get
      - list
      - watch
 
---
 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fluentbit
roleRef:
  kind: ClusterRole
  name: fluentbit
  apiGroup: rbac.authorization.k8s.io
subjects:
  - kind: ServiceAccount
    name: fluentbit
    namespace: monitoring
 
---
 
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluentbit-config
  namespace: monitoring
  labels:
    k8s-app: fluentbit
data:
  fluent-bit.conf: |
    [SERVICE]
        Flush         5
        Log_Level     info
        Daemon        Off
        Parsers_File  parsers.conf
        HTTP_Server   On
        HTTP_Listen   0.0.0.0
        HTTP_Port     2020
    @INCLUDE input-kubernetes.conf
    @INCLUDE filter-kubernetes.conf
    @INCLUDE output-elasticsearch.conf
  input-kubernetes.conf: |
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*.log
        Exclude_Path      /var/log/containers/*_kube-system_*.log,/var/log/containers/*_kubernetes-dashboard_*.log,/var/log/containers/*_monitoring_*.log
        Parser            docker
        DB                /var/log/flb_kube.db
        Mem_Buf_Limit     5MB
        Skip_Long_Lines   On
        Refresh_Interval  10
  filter-kubernetes.conf: |
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        Merge_Log           On
        Merge_Log_Key       log_field
        Merge_Log_Trim      On
        K8S-Logging.Parser  On
        K8S-Logging.Exclude Off
  output-elasticsearch.conf: |
    [OUTPUT]
        Name         es
        Host         ${FLUENT_ELASTICSEARCH_HOST}
        Port         ${FLUENT_ELASTICSEARCH_PORT}
        Match        *
        Index        kubernetes-logs
        Type         json
        Replace_Dots On
        Retry_Limit  False
  parsers.conf: |
    [PARSER]
        Name        docker
        Format      json
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L
        Time_Keep   On
 
---
 
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentbit
  namespace: monitoring
  labels:
    app: fluentbit
spec:
  selector:
    matchLabels:
      app: fluentbit
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
        app: fluentbit
    spec:
      serviceAccount: fluentbit
      serviceAccountName: fluentbit
      terminationGracePeriodSeconds: 30
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      containers:
        - name: fluentbit
          image: fluent/fluent-bit:1.3.11
          ports:
            - containerPort: 2020
          env:
            - name: FLUENT_ELASTICSEARCH_HOST
              value: "elasticsearch"
            - name: FLUENT_ELASTICSEARCH_PORT
              value: "9200"
          volumeMounts:
            - name: fluentbit-config
              mountPath: /fluent-bit/etc/
            - name: fluentbit-log
              mountPath: /var/log
            - name: fluentbit-lib
              mountPath: /var/lib/docker/containers
              readOnly: true
      volumes:
        - name: fluentbit-config
          configMap:
            name: fluentbit-config
        - name: fluentbit-log
          hostPath:
            path: /var/log
        - name: fluentbit-lib
          hostPath:
            path: /var/lib/docker/containers

kibana.yaml

apiVersion: v1
kind: Service
metadata:
  name: kibana
  namespace: monitoring
  labels:
    app: kibana
spec:
  selector:
    app: kibana
  ports:
    - name: http
      protocol: TCP
      port: 5601
 
---
 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: monitoring
  labels:
    app: kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
        - name: kibana
          image: docker.elastic.co/kibana/kibana:7.2.0
          resources:
            limits:
              cpu: 1000m
              memory: 1Gi
            requests:
              cpu: 500m
              memory: 1Gi
          ports:
            - name: http
              protocol: TCP
              containerPort: 5601
          env:
            - name: ELASTICSEARCH_HOSTS
              value: http://elasticsearch:9200


testpod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: loggenerator
spec:
  containers:
  - name: loggenerator
    image: busybox
    args: [/bin/sh, -c,'i=0; while true; do echo "emirhanaydin $i"; i=$((i+1)); sleep 1; done']

Podları ayağa kaldıralım


kubectl create -f  elastic.yaml -f kibana.yaml -f fluentbit.yaml -f testpod.yaml

Evet podlarım ayağa kalktı

Kibana arayüzüne localhost:5601 den giriş yapıp Index Patterns bölümüne giriyoruz.Kubernetes-logs seçiyoruz.

@timestamp seçiyoruz.




Ve create ettiğim testpodum emirhanaydin diye log basıyor discover kısmından logları filtrelediğimde loglarımı görüyorum.





































186 görüntüleme0 yorum

Son Yazılar

Hepsini Gör

Commentaires


bottom of page