diff --git a/### 验证和部署: b/### 验证和部署: new file mode 100644 index 0000000..788ef3a --- /dev/null +++ b/### 验证和部署: @@ -0,0 +1,5 @@ + +<<<<<<< HEAD +======= + kubectl apply -f elasticsearch-metricbeat-daemonset.yaml +>>>>>>> Snippet diff --git a/2. **验证 Pod 状态**: b/2. **验证 Pod 状态**: new file mode 100644 index 0000000..1c73083 --- /dev/null +++ b/2. **验证 Pod 状态**: @@ -0,0 +1,5 @@ + +<<<<<<< HEAD +======= + kubectl get pods -n efk +>>>>>>> Snippet diff --git a/elasticsearch-metricbeat-daemonset.yaml b/elasticsearch-metricbeat-daemonset.yaml new file mode 100644 index 0000000..2c015f7 --- /dev/null +++ b/elasticsearch-metricbeat-daemonset.yaml @@ -0,0 +1,165 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: metricbeat + namespace: efk + labels: + k8s-app: metricbeat +spec: + selector: + matchLabels: + k8s-app: metricbeat + template: + metadata: + labels: + k8s-app: metricbeat + spec: + serviceAccountName: metricbeat + terminationGracePeriodSeconds: 30 + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: metricbeat + image: docker.elastic.co/beats/metricbeat:8.8.0 + args: [ + "-c", "/etc/metricbeat.yml", + "-e", + ] + env: + - name: ELASTICSEARCH_HOSTS + value: "http://elasticsearch-0.efk.svc.cluster.local:9200,http://elasticsearch-1.efk.svc.cluster.local:9200,http://elasticsearch-2.efk.svc.cluster.local:9200,http://elasticsearch-3.efk.svc.cluster.local:9200" + - name: ELASTICSEARCH_USERNAME + value: "elastic" + - name: ELASTICSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: elasticsearch-secret + key: elastic_password + securityContext: + runAsUser: 0 + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: config + mountPath: /etc/metricbeat.yml + subPath: metricbeat.yml + readOnly: true + - name: data + mountPath: /usr/share/metricbeat/data + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: proc + mountPath: /hostfs/proc + readOnly: true + - name: cgroup + mountPath: /hostfs/sys/fs/cgroup + readOnly: true + volumes: + - name: config + configMap: + defaultMode: 0640 + name: metricbeat-config + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: data + emptyDir: {} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: metricbeat-config + namespace: efk +data: + metricbeat.yml: | + metricbeat.modules: + - module: system + metricsets: + - cpu + - load + - memory + - network + - process + - process_summary + enabled: true + period: 10s + processes: ['.*'] + + # X-Pack 监控模块配置 + - module: elasticsearch + xpack.enabled: true + metricsets: + - ccr + - cluster_stats + - index + - index_recovery + - index_summary + - node_stats + - shard + period: 10s + hosts: ${ELASTICSEARCH_HOSTS} + username: "${ELASTICSEARCH_USERNAME}" + password: "${ELASTICSEARCH_PASSWORD}" + ssl.certificate_authorities: ["/etc/ssl/certs/ca-certificates.crt"] + ssl.verification_mode: "certificate" + + output.elasticsearch: + hosts: + - "http://elasticsearch-0.efk.svc.cluster.local:9200" + - "http://elasticsearch-1.efk.svc.cluster.local:9200" + - "http://elasticsearch-2.efk.svc.cluster.local:9200" + - "http://elasticsearch-3.efk.svc.cluster.local:9200" + username: "${ELASTICSEARCH_USERNAME}" + password: "${ELASTICSEARCH_PASSWORD}" + + setup.kibana: + host: "http://kibana.efk.svc.cluster.local:5601" + + logging.level: info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metricbeat +rules: +- apiGroups: [""] + resources: + - nodes + - namespaces + - events + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metricbeat +subjects: +- kind: ServiceAccount + name: metricbeat + namespace: efk +roleRef: + kind: ClusterRole + name: metricbeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metricbeat + namespace: efk + diff --git a/elasticsearch-pvandpvc_incluster.yaml b/elasticsearch-pvandpvc_incluster.yaml index e8733bb..be0af9a 100644 --- a/elasticsearch-pvandpvc_incluster.yaml +++ b/elasticsearch-pvandpvc_incluster.yaml @@ -133,6 +133,22 @@ spec: volumeName: elasticsearch-cold-pv storageClassName: "" # 显式禁用 StorageClass --- +# PVC for cold config +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: elasticsearch-config-pvc-elasticsearch-2 + namespace: efk +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + volumeName: elasticsearch-cold-config-pv + storageClassName: "" # 显式禁用 StorageClass + +--- # PV for Hot Config apiVersion: v1 kind: PersistentVolume diff --git a/kibana-deployment.yaml b/kibana-deployment.yaml index 470dd74..814c1db 100644 --- a/kibana-deployment.yaml +++ b/kibana-deployment.yaml @@ -22,7 +22,7 @@ spec: - containerPort: 5601 env: - name: ELASTICSEARCH_HOSTS - value: "http://elasticsearch.efk.svc.cluster.local:9200" + value: "http://elasticsearch-lb.efk.svc.cluster.local:9200" - name: XPACK_SECURITY_ENCRYPTIONKEY value: "a_secure_random_string_of_32_characters" - name: XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY @@ -30,4 +30,4 @@ spec: - name: XPACK_REPORTING_ENCRYPTIONKEY value: "yet_another_secure_random_string_of_32_characters" - name: ELASTICSEARCH_SERVICEACCOUNTTOKEN - value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOlo1dC0xNDFQVHQyajdBeEVtQzZjZ2c" + value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOlRuLTZ2M1NSUl82VXpmUWI5SnRjTGc"