ELK+阿里云Log-Pilot

下载链接

wget https://github.com/g114486803g/k8s-/raw/master/ELK/Log-Pilot.yaml

cat log-Pilot.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: log-pilot
  labels:
    app: log-pilot
  # 设置期望部署的namespace
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: log-pilot
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: log-pilot
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      # 是否允许部署到Master节点上
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: log-pilot
        # 版本请参考https://github.com/AliyunContainerService/log-pilot/releases
        image: registry.cn-hangzhou.aliyuncs.com/acs/log-pilot:0.9.7-filebeat
        imagePullPolicy: Always
        resources:
          limits:
            memory: 500Mi
          requests:
            cpu: 200m
            memory: 200Mi
        env:
          - name: "NODE_NAME"
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: "LOGGING_OUTPUT"
            value: "elasticsearch"
          # 请确保集群到ES网络可达
          - name: "ELASTICSEARCH_HOSTS"
            value: "10.22.8.33:9200"
          
          # 配置ES访问权限
          #- name: "ELASTICSEARCH_USER"
          #  value: "{es_username}"
          #- name: "ELASTICSEARCH_PASSWORD"
          #  value: "{es_password}"
        volumeMounts:
        - name: sock
          mountPath: /var/run/docker.sock
        - name: root
          mountPath: /host
          readOnly: true
        - name: varlib
          mountPath: /var/lib/filebeat
        - name: varlog
          mountPath: /var/log/filebeat
        - name: localtime
          mountPath: /etc/localtime
          readOnly: true
        livenessProbe:
          failureThreshold: 3
          exec:
            command:
            - /pilot/healthz
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        securityContext:
          capabilities:
            add:
            - SYS_ADMIN
      terminationGracePeriodSeconds: 30
      volumes:
      - name: sock
        hostPath:
          path: /var/run/docker.sock
      - name: root
        hostPath:
          path: /
      - name: varlib
        hostPath:
          path: /var/lib/filebeat
          type: DirectoryOrCreate
      - name: varlog
        hostPath:
          path: /var/log/filebeat
          type: DirectoryOrCreate
      - name: localtime
        hostPath:
          path: /etc/localtime
   

测试

apiVersion: v1
kind: Service
metadata:
 name: cloud-auth
spec:
 ports:
   - name: cloud-auth
     port: 80
 selector:
   app: cloud-auth
 type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
 name: cloud-auth
spec:
 replicas: 1
 selector:
   matchLabels:
     app: cloud-auth
 template:
   metadata:
     labels:
       app: cloud-auth
   spec:
     containers:
       - name: cloud-auth
         image: test:v02
         ports:
           - name: http
             containerPort: 80
         #imagePullPolicy: Always
         env:
           # 1、stdout为约定关键字，表示采集标准输出日志
           # 2、配置标准输出日志采集到ES的catalina索引下
           - name: aliyun_logs_catalina
             value: "stdout"
           # 1、配置采集容器内文件日志，支持通配符
           # 2、配置该日志采集到ES的access索引下
           - name: aliyun_logs_access
             value: "/var/log/nginx/*.log"
         # 容器内文件日志路径需要配置emptyDir
         volumeMounts:
           - name: cloud-auth-log
             mountPath: /var/log/nginx/ 
     volumes:
       - name: cloud-auth-log
         emptyDir: {}

ELK部署

docker pull registry.cn-shenzhen.aliyuncs.com/jbjb/logs:elk761
docker tag registry.cn-shenzhen.aliyuncs.com/jbjb/logs:elk671 sebp/elk:671
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -d --name elk sebp/elk:671

PS：
不建议ELK放在集群里，另外部署