前言

EFK指的是：Elasticsearch、Filebeat 和 Kibana， 都将部署在k8s环境中。
其中 Elasticsearch 是 StatefulSet 类型，将会依赖 StorageClass，这里使用 glusterfs + heketi 实现存储共享

参考文章

• 独立部署GlusterFS+Heketi实现Kubernetes共享存储
• 在 Kubernetes 上搭建 EFK 日志收集系统
• 使用filebeat + kafka + logstash收集处理kubernetes日志，配置收集处理nginx-ingress json日志

环境

1. glusterfs部署

在所有节点执行

sudo apt install glusterfs-server -y
systemctl start glusterfs-server
systemctl enable glusterfs-server

启用成功后，在主节点上执行

sudo gluster peer probe node4
sudo gluster peer probe node5

测试一下

#在两个从节点上执行
sudo mkdir -p /glusterfs/data

#在主节点上执行创建
sudo gluster volume create test-volume replica 2  node4:/glusterfs/data node5:/glusterfs/data 
#启用
sudo gluster volume start test-volume
#查看状态
sudo gluster volume info test-volume
#挂载
mount -t glusterfs node4:/test-volume /mnt/mytest
#删除
sudo gluster volume stop test-volume
sudo gluster volume delete test-volume

2. heketi部署

下载程序（在主节点上执行）

wget https://github.com/heketi/heketi/releases/download/v5.0.1/heketi-client-v5.0.1.linux.amd64.tar.gz
wget https://github.com/heketi/heketi/releases/download/v5.0.1/heketi-v5.0.1.linux.amd64.tar.gz

解压并复制到指定位置

tar -zxvf /heketi-v5.0.1.linux.amd64.tar.gz
sudocp ./heketi/heketi /usr/bin/
sudocp ./heketi/heketi-cli /usr/bin/
sudocp ./heketi/heketi.json /etc/heketi/

修改配置文件

sudo vim /etc/heketi/heketi.json

修改内容：

......
#修改端口，防止端口冲突
  "port": "18080",
......
#允许认证
  "use_auth": true,
......
#admin用户的key改为adminkey
      "key": "adminkey"
......
#修改执行插件为ssh，并配置ssh的所需证书，注意要能对集群中的机器免密ssh登陆，使用ssh-copy-id把pub key拷到每台glusterfs服务器上
    "executor": "ssh",
    "sshexec": {
      "keyfile": "/etc/heketi/heketi_key",
      "user": "root",
      "port": "22",
      "fstab": "/etc/fstab"
    },
......
#定义heketi数据库文件位置
    "db": "/var/lib/heketi/heketi.db"
......
#调整日志输出级别
    "loglevel" : "warning"

配置ssh密钥

ssh-keygen -t rsa -q -f /etc/heketi/heketi_key -N ''
chmod 600 /etc/heketi/heketi_key.pub

#ssh公钥传递
ssh-copy-id -i /etc/heketi/heketi_key.pub root@192.168.66.104
ssh-copy-id -i /etc/heketi/heketi_key.pub root@192.168.66.105

#验证是否能通过ssh密钥正常连接到glusterfs节点
ssh -i /etc/heketi/heketi_key root@192.168.75.175

启动heketi

/usr/bin/heketi --config=/etc/heketi/heketi.json

测试一下

curl 192.168.66.103:18080/hello

创建systemctl service

sudo vim /etc/systemd/system/heketi.service

粘贴内容

[Unit]
Description=Heketi Server
 
[Service]
Type=simple
EnvironmentFile=-/etc/heketi/heketi.json
WorkingDirectory=/var/lib/heketi
User=root
ExecStart=/usr/bin/heketi --config=/etc/heketi/heketi.json
 
Restart=on-failure
 
[Install]
WantedBy=multi-user.target

启用

sudo systemctl daemon-reload
sudo systemctl start heketi
sudo systemctl enable heketi

heketi添加glusterfs

添加cluster

heketi-cli --user admin -server http://192.168.66.103:18080 --secret adminkey --json cluster create

将4个glusterfs作为node添加到cluster
由于我们开启了heketi认证，所以每次执行heketi-cli操作时，都需要带上一堆的认证字段，比较麻烦，我在这里创建一个别名来避免相关操作：

alias heketi-cli='heketi-cli --server "http://192.168.66.103:18080" --user "admin" --secret "adminkey"'

编写配置文件

sudo vim /etc/heketi/topology.json

粘贴内容：

{
    "clusters": [
        {
            "nodes": [
                {
                    "node": {
                        "hostnames": {
                            "manage": [
                                "192.168.66.104"
                            ],
                            "storage": [
                                "192.168.66.104"
                            ]
                        },
                        "zone": 1
                    },
                    "devices": [
                        "/dev/sdb"
                    ]
                },
                {
                    "node": {
                        "hostnames": {
                            "manage": [
                                "192.168.66.105"
                            ],
                            "storage": [
                                "192.168.66.105"
                            ]
                        },
                        "zone": 1
                    },
                    "devices": [
                        "/dev/sdb"
                    ]
                }
            ]
        }
    ]
}

其中 devices 表示的是两台glusterfs上的存储盘，注意这个盘需要是裸盘，不能带文件系统。虚拟机的话，可以在vm直接增加一个硬盘即可。

使用配置

heketi-cli topology load --json topology-sample.json

测试通过heketi创建volume

heketi-cli --json volume create --size 3 --replica 2

在执行创建的时候，抛出了如下异常：

Error: /usr/sbin/thin_check: execvp failed: No such file or directory
  WARNING: Integrity check of metadata for pool vg_90bf6daf935a1e117adca466e171ac0f/tp_82c5ac62341c4231936f26228761c1d9 failed.
  /usr/sbin/thin_check: execvp failed: No such file or directory
  Check of pool vg_90bf6daf935a1e117adca466e171ac0f/tp_82c5ac62341c4231936f26228761c1d9 failed (status:2). Manual repair required!
  Failed to activate thin pool vg_90bf6daf935a1e117adca466e171ac0f/tp_82c5ac62341c4231936f26228761c1d9.
Removal of pool metadata spare logical volume vg_90bf6daf935a1e117adca466e171ac0f/lvol0_pmspare disables automatic recovery attempts after damage to a thin or cache pool. Proceed? [y/n]: [n]
  Logical volume vg_90bf6daf935a1e117adca466e171ac0f/lvol0_pmspare not removed.

这需要在所有glusterfs节点机上安装thin-provisioning-tools包：

sudo apt -y install thin-provisioning-tools

重新执行创建命令，然后查看后删除

heketi-cli volume list
heketi-cli volume delete <id>

3. Elasticsearch部署

创建 kube-logging.yaml 文件

apiVersion: v1
kind: Namespace
metadata:
  name: logging

创建 Namespace

kubectl apply -f kube-logging.yaml

创建 elasticsearch-svc.yaml 文件

apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: logging
  labels:
    app: elasticsearch
spec:
  selector:
    app: elasticsearch
  clusterIP: None
  ports:
    - port: 9200
      name: rest
    - port: 9300
      name: inter-node

创建 elasticsearch-storageclass.yaml 文件

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: es-data-db
provisioner: kubernetes.io/glusterfs
parameters:
  resturl: http://192.168.66.103:18080
  restuser: "admin"
  restuserkey: "adminkey"
  gidMin: "40000"
  gidMax: "50000"
  volumetype: "replicate:2"

创建 elasticsearch-statefulset.yaml 文件

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es
  namespace: logging
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels: 
        app: elasticsearch
    spec:
      nodeSelector:
        es: log
      initContainers:
      - name: increase-vm-max-map
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "ulimit -n 65536"]
        securityContext:
          privileged: true
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:7.6.2
        imagePullPolicy: IfNotPresent
        ports:
        - name: rest
          containerPort: 9200
        - name: inter
          containerPort: 9300
        resources:
          limits:
            cpu: 1000m
          requests:
            cpu: 200m
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        env:
        - name: cluster.name
          value: k8s-logs
        - name: node.name
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: cluster.initial_master_nodes
          value: "es-0,es-1,es-2"
        - name: discovery.zen.minimum_master_nodes
          value: "2"
        - name: discovery.seed_hosts
          value: "elasticsearch"
        - name: ES_JAVA_OPTS
          value: "-Xms512m -Xmx512m"
        - name: network.host
          value: "0.0.0.0"
  volumeClaimTemplates:
  - metadata:
      name: data
      labels:
        app: elasticsearch
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: es-data-db
      resources:
        requests:
          storage: 3Gi

注意，此处指定了es的选择节点，我这里只给node4 和node5，打上了标签，会导致只起来2个es实例。

kubectl label node node4 es=log
kubectl label node node5 es=log
kubectl get nodes --show-labels

创建 Makefile 文件

.PHONY: apply delete
apply:
    kubectl apply -n logging -f elasticsearch-svc.yaml
    kubectl apply -n logging -f elasticsearch-statefulset.yaml
delete:
    kubectl delete -n logging -f elasticsearch-svc.yaml
    kubectl delete -n logging -f elasticsearch-statefulset.yaml

启用

 kubectl apply -f kube-logging.yaml
 kubectl apply -n logging -f elasticsearch-storageclass.yaml
 make apply

使用命令 kubectl get all -n logging 查看状态

测试一下
等待pod启用成功后，在k8s节点上转发端口：

kubectl port-forward es-0 9200:9200 --namespace=logging

另开一个该节点窗口

curl http://localhost:9200/_cluster/state?pretty

4. Kibana部署

创建 kibana.yaml 文件

apiVersion: v1
kind: Service
metadata:
  name: kibana
  namespace: logging
  labels:
    app: kibana
spec:
  ports:
  - port: 5601
    targetPort: 5601
    nodePort: 5601
  type: NodePort
  selector:
    app: kibana
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: logging
  labels:
    app: kibana
spec:
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
      - name: kibana
        image: docker.elastic.co/kibana/kibana:7.6.2
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1000m
          requests:
            cpu: 1000m
        env:
        - name: ELASTICSEARCH_HOSTS
          value: http://elasticsearch:9200
        ports:
        - containerPort: 5601

创建 Makefile 文件

.PHONY: apply delete
apply:
    kubectl apply -f kibana.yaml
delete:
    kubectl delete -f kibana.yaml

启用

make apply

访问 <k8s任意节点ip>:5601

5. filebeat部署

下载helm部署文件

helm3 fetch elastic/filebeat
tar -zxvf filebeat-xxxx.tgz

修改 values.yaml 中的配置部分

filebeatConfig:
  filebeat.yml: |-
    filebeat.inputs:
    - type: container
      paths:
        - /var/lib/docker/containers/*/*.log
      processors:
        - add_kubernetes_metadata: # 增加kubernetes的属性
            host: ${NODE_NAME}
            matchers:
            - logs_path:
                logs_path: "/var/lib/docker/containers/"
    processors:
      - add_cloud_metadata:
      - add_host_metadata:
    cloud.id: ${ELASTIC_CLOUD_ID}
    cloud.auth: ${ELASTIC_CLOUD_AUTH}
    output.elasticsearch:
      hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
      indices:
        - index: "liaotian"
          when.regexp: # 通过when.regexp 正则表达式匹配
            # kubernetes.labels.app: user-.*
            kubernetes.namespace: liaotian
            
extraEnvs:   #定义语言环境
 - name: LANG
   value: en_US.UTF-8
extraVolumeMounts:   #挂载目录
  - name: sysdate
    mountPath: /etc/localtime
extraVolumes:    #挂载本地文件目录
  - name: sysdate
    hostPath:
      path: /etc/localtime

创建 Makefile 文件

.PHONY: apply delete
apply:
    helm3 install -n logging filebeat .
delete:
    helm3 uninstall -n logging filebeat

启动 filebeat

make apply

等待全部节点都running后
打开kibana页面，点击Management

image.png

点击 Index patterns 后点击创建

image.png

输入liaotian后，点击next，等待创建完毕后，点击左侧栏的 Discover 便可搜索日志

image.png