赞
踩
在现代 DevOps 实践中,日志管理和分析变得至关重要。尤其是在使用 Kubernetes 的动态环境中,分布式系统生成的日志数量庞大且复杂,传统的日志管理方式难以胜任。EFK 堆栈——由 Elasticsearch、Fluentd 和 Kibana 组成的强大组合,提供了一种高效的日志处理和可视化解决方案。
Elasticsearch 作为一种分布式搜索和分析引擎,能够快速存储、搜索和分析海量数据;Fluentd 是一个开源的数据收集器,用于统一记录、过滤和传输日志数据;而 Kibana 则提供了一个强大的用户界面,允许用户可视化和分析存储在 Elasticsearch 中的数据。这三者协同工作,可以帮助开发和运维团队轻松地收集、处理和可视化 Kubernetes 集群中的日志信息,从而提高系统的可观测性和故障诊断效率。
本篇文章将详细介绍如何在 Kubernetes 环境中部署和配置 EFK 堆栈,帮助您构建一个高效、可靠的日志管理系统。通过实际案例和步骤演示,您将学会如何使用 EFK 堆栈实现日志的集中收集、存储和可视化,从而提升应用程序的运维能力。
https://www.elastic.co/cn/support/matrix#matrix_compatibility
apiVersion: v1
kind: Namespace
metadata:
name: log-efk
kubectl apply -f namespace.yaml
kubectl get ns
结果:
NAME STATUS AGE
default Active 30d
kube-flannel Active 30d
kube-node-lease Active 30d
kube-public Active 30d
kube-system Active 30d
log-efk Active 3s
storageclass.yaml
# 创建用户ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: name: elasticsearch-storageclass-sa namespace: log-efk --- # 创建ClusterRole apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elasticsearch-storageclass-clusterrole namespace: log-efk rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "delete"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] verbs: ["use"] # 用于指定资源名称 resourceNames: ["elasticsearch-storageclass-deployment-nfs-provisioner"] --- # 创建ClusterRoleBinding绑定ClusterRole和ServiceAccount apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elasticsearch-storageclass-clusterrolebinding namespace: log-efk # 用于指定的ServiceAccount subjects: - kind: ServiceAccount name: elasticsearch-storageclass-sa namespace: log-efk # 用于指定要绑定的 ClusterRole roleRef: kind: ClusterRole name: elasticsearch-storageclass-clusterrole apiGroup: rbac.authorization.k8s.io --- # 创建NFS供应商Pod apiVersion: apps/v1 kind: Deployment metadata: # Deployment的名称 name: elasticsearch-storageclass-deployment-nfs-provisioner # Deployment的命名空间 namespace: log-efk spec: selector: # 标签选择器 matchLabels: # 管理Pod的标签-与下方模板中的标签对应 app: elasticsearch-storageclass-nfs-provisioner # 副本数量 replicas: 1 strategy: type: Recreate template: metadata: # Pod的标签 labels: app: elasticsearch-storageclass-nfs-provisioner spec: # 服务账号,使用上方创建的ServiceAccount,因为需要对PV进行操作,所以不能使用默认的ServiceAccount serviceAccountName: elasticsearch-storageclass-sa # 容器 containers: - name: elasticsearch-storageclass-nfs-provisioner image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 # 镜像拉取策略 imagePullPolicy: IfNotPresent # 环境变量 env: - name: PROVISIONER_NAME # 供应商的名称,需要于StorageClass中的provisioner的值一致 value: elasticsearch-storageclass-nfs-provisioner - name: NFS_SERVER # NFS 服务器的主机名或 IP 地址 value: 198.19.249.80 - name: NFS_PATH # NFS 服务器导出的路径 value: /data/nfs_pro # 容器的卷挂载 volumeMounts: # 挂载到容器内部的目录 - mountPath: /persistentvolumes # 卷的名称 name: nfs-client-root # 容器的卷 volumes: # 卷的名称。必须是 DNS_LABEL 并且在 Pod 内是唯一的 - name: nfs-client-root nfs: # 服务器是 NFS 服务器的主机名或 IP 地址 server: 198.19.249.80 # NFS 服务器导出的路径 path: /data/nfs_pro --- # 创建StorageClass apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: # StorageClass的名称,使用类型为StorageClass的卷时,需要指定StorageClass的名称 name: elasticsearch-storageclass namespace: log-efk # provisioner 是供应商的名称,需要与NFS供应商Pod中的PROVISIONER_NAME的值一致 provisioner: elasticsearch-storageclass-nfs-provisioner
创建用户绑定权限
apiVersion: v1
kind: ServiceAccount
metadata:
name: elasticsearch-storageclass-sa
namespace: log-efk
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elasticsearch-storageclass-clusterrole namespace: log-efk rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "delete"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] verbs: ["use"] # 用于指定资源名称 resourceNames: ["elasticsearch-storageclass-deployment-nfs-provisioner"]
权限说明
对
endpoints
资源的权限:- apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "delete"]
- 1
- 2
- 3
- apiGroups:
[""]
表示核心 API 组。- resources:
["endpoints"]
指定资源类型为 Endpoints。- verbs:
["get", "list", "watch", "create", "update", "delete"]
表示允许执行读取(get、list、watch)、创建、更新和删除操作。对
nodes
资源的权限:- apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"]
- 1
- 2
- 3
- apiGroups:
[""]
表示核心 API 组。- resources:
["nodes"]
指定资源类型为 Nodes。- verbs:
["get", "list", "watch"]
表示允许执行读取操作。对
persistentvolumes
资源的权限:- apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"]
- 1
- 2
- 3
- apiGroups:
[""]
表示核心 API 组。- resources:
["persistentvolumes"]
指定资源类型为 PersistentVolumes。- verbs:
["get", "list", "watch", "create", "delete"]
表示允许执行读取、创建和删除操作。对
persistentvolumeclaims
资源的权限:- apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"]
- 1
- 2
- 3
- apiGroups:
[""]
表示核心 API 组。- resources:
["persistentvolumeclaims"]
指定资源类型为 PersistentVolumeClaims。- verbs:
["get", "list", "watch", "update"]
表示允许执行读取和更新操作。对
storageclasses
资源的权限:- apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"]
- 1
- 2
- 3
- apiGroups:
["storage.k8s.io"]
表示存储 API 组。- resources:
["storageclasses"]
指定资源类型为 StorageClasses。- verbs:
["get", "list", "watch"]
表示允许执行读取操作。对
events
资源的权限:- apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"]
- 1
- 2
- 3
- apiGroups:
[""]
表示核心 API 组。- resources:
["events"]
指定资源类型为 Events。- verbs:
["create", "update", "patch"]
表示允许执行创建、更新和部分更新(patch)操作。对
podsecuritypolicies
资源的权限:- apiGroups: ["extensions"] resources: ["podsecuritypolicies"] verbs: ["use"] resourceNames: ["elasticsearch-storageclass-deployment-nfs-provisioner"]
- 1
- 2
- 3
- 4
- apiGroups:
["extensions"]
表示扩展 API 组。- resources:
["podsecuritypolicies"]
指定资源类型为 PodSecurityPolicies。- verbs:
["use"]
表示允许使用指定的 PodSecurityPolicy。- resourceNames:
["elasticsearch-storageclass-deployment-nfs-provisioner"]
限制只能使用名为elasticsearch-storageclass-deployment-nfs-provisioner
的 PodSecurityPolicy。
# 创建ClusterRoleBinding绑定ClusterRole和ServiceAccount apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elasticsearch-storageclass-clusterrolebinding namespace: log-efk # 用于指定的ServiceAccount subjects: - kind: ServiceAccount name: elasticsearch-storageclass-sa namespace: log-efk # 用于指定要绑定的 ClusterRole roleRef: kind: ClusterRole name: elasticsearch-storageclass-clusterrole apiGroup: rbac.authorization.k8s.io
创建用户 创建角色,将用户与角色绑定,角色权限为 操作 pv和pvc的全部操作
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。