From a94d2ed00b3b39a8ceef5e0deb080c3a807fba6e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sun, 23 Mar 2025 15:47:56 +0800 Subject: [PATCH] git revert --- efk/fileBeat-config.yaml | 62 +++++++++++++++++++++++++++++++++++++ efk/fileBeat-daemonset.yaml | 38 +++++++++++++++++++++++ efk/fileBeat-ingress.yaml | 22 +++++++++++++ efk/fileBeat-service.yaml | 14 +++++++++ efk/fluentd-configMap2.yaml | 31 +++---------------- efk/fluentd-daemonset.yaml | 2 +- efk/init.sh | 6 +++- efk/kibana-deployment.yaml | 2 +- efk/myFluentd.Dockerfile | 4 ++- efk/tem.yaml | 8 +++++ 10 files changed, 158 insertions(+), 31 deletions(-) create mode 100644 efk/fileBeat-config.yaml create mode 100644 efk/fileBeat-daemonset.yaml create mode 100644 efk/fileBeat-ingress.yaml create mode 100644 efk/fileBeat-service.yaml create mode 100644 efk/tem.yaml diff --git a/efk/fileBeat-config.yaml b/efk/fileBeat-config.yaml new file mode 100644 index 0000000..600eee9 --- /dev/null +++ b/efk/fileBeat-config.yaml @@ -0,0 +1,62 @@ +# filebeat-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: filebeat-config + namespace: efk +data: + filebeat.yml: | + filebeat.inputs: + - type: http_endpoint + enabled: true + listen_address: 0.0.0.0:8888 + path: "/" + json.keys_under_root: true + + processors: + # 提取路径中的变量(严格模式) + - dissect: + tokenizer: "/tanya.candle.%{currency}.%{year}.%{interval}" + field: "http.request.path" + target_prefix: "" + ignore_missing: false # 关键:关闭忽略缺失 + + # 强制设置默认值(即使字段为空) + - script: + lang: javascript + source: | + function process(event) { + // 先检查字段是否存在,不存在则设置默认值 + if (!event.containsKey('currency') || event.get('currency') === '') { + event.put('currency', 'unknown'); + } + if (!event.containsKey('year') || event.get('year') === '') { + event.put('year', '0000'); + } + if (!event.containsKey('interval') || event.get('interval') === '') { + event.put('interval', '0D'); + } + } + + output.elasticsearch: + hosts: ["http://elasticsearch:9200"] + username: "fluentd_user" + password: "fluentd_password" + indices: + - index: "logstash-candle-${currency}-${year}-${interval}" + # 严格验证字段值非空 + when.and: + - not.equals: + currency: "" + - not.equals: + year: "" + - not.equals: + interval: "" + - index: "fallback-index" + when.or: + - equals: + currency: "" + - equals: + year: "" + - equals: + interval: "" diff --git a/efk/fileBeat-daemonset.yaml b/efk/fileBeat-daemonset.yaml new file mode 100644 index 0000000..1a4ea40 --- /dev/null +++ b/efk/fileBeat-daemonset.yaml @@ -0,0 +1,38 @@ +# filebeat-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: filebeat + namespace: efk +spec: + selector: + matchLabels: + app: filebeat + template: + metadata: + labels: + app: filebeat + spec: + containers: + - name: filebeat + image: docker.elastic.co/beats/filebeat:8.12.0 + args: [ + "-c", "/etc/filebeat.yml", + "-e", + "-strict.perms=false" + ] + volumeMounts: + - name: config + mountPath: /etc/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: varlog + mountPath: /var/log + readOnly: true + volumes: + - name: config + configMap: + name: filebeat-config + - name: varlog + hostPath: + path: /var/log diff --git a/efk/fileBeat-ingress.yaml b/efk/fileBeat-ingress.yaml new file mode 100644 index 0000000..fa81654 --- /dev/null +++ b/efk/fileBeat-ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: filebeat-ingress + namespace: efk + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + # 添加 SSL 终止支持的注释,如果需要 TLS/SSL 支持 + # nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: traefik + rules: + - host: filebeat.k8s.xunlang.home + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: filebeat-service + port: + number: 8888 diff --git a/efk/fileBeat-service.yaml b/efk/fileBeat-service.yaml new file mode 100644 index 0000000..ca32ead --- /dev/null +++ b/efk/fileBeat-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: filebeat-service + namespace: efk +spec: + type: LoadBalancer + selector: + k8s-app: filebeat + ports: + - protocol: TCP + port: 8888 # Service 暴露的端口 + targetPort: 8888 # Fluentd 容器内部的端口 + diff --git a/efk/fluentd-configMap2.yaml b/efk/fluentd-configMap2.yaml index 3e0b6de..e698764 100644 --- a/efk/fluentd-configMap2.yaml +++ b/efk/fluentd-configMap2.yaml @@ -10,6 +10,10 @@ data: @id input_http port 8888 @label @main + @log_level debug + + @type json + - @type stdout @id output_stdout_all diff --git a/efk/fluentd-daemonset.yaml b/efk/fluentd-daemonset.yaml index 06430c8..249b7c4 100644 --- a/efk/fluentd-daemonset.yaml +++ b/efk/fluentd-daemonset.yaml @@ -24,7 +24,7 @@ spec: effect: NoSchedule containers: - name: fluentd - image: localhost:32000/efk/fluentd-k8s-daemon-withrewrite + image: fluent/fluentd-kubernetes-daemonset:v1.17.1-debian-elasticsearch8-1.0 env: - name: K8S_NODE_NAME valueFrom: diff --git a/efk/init.sh b/efk/init.sh index e25c5ee..210f4b0 100644 --- a/efk/init.sh +++ b/efk/init.sh @@ -11,6 +11,10 @@ sudo su mkdir /var/snap/microk8s/common/mnt/data/elasticsearch-data -p || true mkdir /var/snap/microk8s/common/mnt/data/elasticsearch-config -p || true cp config/* /var/snap/microk8s/common/mnt/data/elasticsearch-config -r + +microk8s.ctr image import ~/shared/powerssd/images/docker/x86/fluentd-x86-image.tar +microk8s.ctr image import ~/shared/powerssd/images/docker/x86/elasticsearch-8-8-0.tar + // 创建 es 资源 microk8s.kubectl apply -f efk-namespace.yaml microk8s.kubectl apply -f elasticsearch-deployment.yaml @@ -19,7 +23,7 @@ microk8s.kubectl apply -f elasticsearch-pv.yaml microk8s.kubectl apply -f elasticsearch-pvc.yaml microk8s.kubectl apply -f elasticsearch-service.yaml // 这个时候正在创建elasticsearch的pod,需要拉取镜像,大概1个多小时,如果有离线的直接导入离线的镜像 -sleep 3600 +sleep 60 ./createSecure_passwd_forES.sh ./createFluentdAccoutnIn.sh diff --git a/efk/kibana-deployment.yaml b/efk/kibana-deployment.yaml index 0bce0a6..1e49872 100644 --- a/efk/kibana-deployment.yaml +++ b/efk/kibana-deployment.yaml @@ -30,4 +30,4 @@ spec: - name: XPACK_REPORTING_ENCRYPTIONKEY value: "yet_another_secure_random_string_of_32_characters" - name: ELASTICSEARCH_SERVICEACCOUNTTOKEN - value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOmlnZWdqMGp5UWI2ODVaZzZaMElVVmc" + value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOmd3ZG9idU5kVEM2b3BLRUJDS2g5YVE" diff --git a/efk/myFluentd.Dockerfile b/efk/myFluentd.Dockerfile index 22ea2ba..5b5fe2b 100644 --- a/efk/myFluentd.Dockerfile +++ b/efk/myFluentd.Dockerfile @@ -1,2 +1,4 @@ FROM fluent/fluentd-kubernetes-daemonset:v1.16-debian-elasticsearch8-2 -RUN fluent-gem install fluent-plugin-rewrite-tag-filter +USER root +RUN fluent-gem install fluent-plugin-rewrite-tag-filter fluent-plugin-dynamic +USER fluent diff --git a/efk/tem.yaml b/efk/tem.yaml new file mode 100644 index 0000000..83a6ff3 --- /dev/null +++ b/efk/tem.yaml @@ -0,0 +1,8 @@ +# filebeat-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: filebeat-config + namespace: efk +data: + filebeat.yml: |