安装配置elasticsearch
- 下载helm包
helm repo add elastic https://helm.elastic.co
helm pull elastic/elasticsearch- 容器中生成elastic证书
#!/bin/bash
RELEASE=7.9.1
docker run --name elastic-charts-certs -i -w /app \
harbor-k8s.iwgame.com/containers/elasticsearch:$RELEASE \
/bin/sh -c " \
elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \
elasticsearch-certutil cert --name security-master --dns security-master --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12" && \
docker cp elastic-charts-certs:/app/elastic-certificates.p12 ./ && \
docker rm -f elastic-charts-certs && \
openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem- 创建secrets生成账号密码和证书
kubectl create secret -n efk generic elastic-certificates --from-file=elastic-certificates.p12
kubectl create secret -n efk generic elastic-certificate-pem --from-file=elastic-certificate.pem
kubectl create secret -n efk generic elastic-credentials --from-literal=password=123 --from-literal=username=elastic- 修改values.yaml文件
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "iwgame-nfs-storage"
resources:
requests:
storage: 30Gi
esConfig:
elasticsearch.yml: |
cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs- 安装elasticsearch
helm install --namespace=logging elastic ./- 查看pod运行状态
一般都需要安装奇数,因为我只有两个node所以部署了2个,生产环境建议安装三个
安装kibana
- 下载helm包
helm pull elastic/kinaba- 修改values.yaml文件
extraEnvs:
- name: "NODE_OPTIONS"
value: "--max-old-space-size=1800"
- name: 'ELASTICSEARCH_USERNAME'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
- name: 'ELASTICSEARCH_PASSWORD'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
kibanaConfig:
kibana.yml: |
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://elasticsearch-master:9200" ]
i18n.locale: "zh-CN"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- elastic.kibana.com- 安装kibana
helm install --namespace=logging kibana ./安装filebeat
- 下载helm包
helm pull elastic/filebeat- 修改values.yaml文件
filebeatConfig:
filebeat.yml: |
filebeat.inputs:
- type: container
paths:
- /var/log/containers/*.log
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
matchers:
- logs_path:
logs_path: "/var/log/containers/"
setup.ilm.enabled: false
output.elasticsearch:
username: 'elastic'
password: '123'
host: '${NODE_NAME}'
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'
index: "kubernetes-%{+yyyy.MM.dd}"
setup.template.name: "kubernetes"
setup.template.pattern: "kubernetes-*"
extraEnvs:
- name: 'ELASTICSEARCH_USERNAME'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
- name: 'ELASTICSEARCH_PASSWORD'
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"- 安装filebeat
helm install filebeat --namespace=logging ./
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。