metricbeat ok

2025-04-02 01:14:05 +08:00 · 2025-04-02 01:14:05 +08:00 · e48090763b
commit e48090763b
parent 11a10273d4
5 changed files with 193 additions and 2 deletions
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+
+<<<<<<< HEAD
+=======
+   kubectl apply -f elasticsearch-metricbeat-daemonset.yaml
+>>>>>>> Snippet
--- a/2.
+++ b/2.
@ -0,0 +1,5 @@
+
+<<<<<<< HEAD
+=======
+   kubectl get pods -n efk
+>>>>>>> Snippet
--- a/elasticsearch-metricbeat-daemonset.yaml
+++ b/elasticsearch-metricbeat-daemonset.yaml
@ -0,0 +1,165 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: metricbeat
+  namespace: efk
+  labels:
+    k8s-app: metricbeat
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metricbeat
+  template:
+    metadata:
+      labels:
+        k8s-app: metricbeat
+    spec:
+      serviceAccountName: metricbeat
+      terminationGracePeriodSeconds: 30
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+      - name: metricbeat
+        image: docker.elastic.co/beats/metricbeat:8.8.0
+        args: [
+          "-c", "/etc/metricbeat.yml",
+          "-e",
+        ]
+        env:
+        - name: ELASTICSEARCH_HOSTS
+          value: "http://elasticsearch-0.efk.svc.cluster.local:9200,http://elasticsearch-1.efk.svc.cluster.local:9200,http://elasticsearch-2.efk.svc.cluster.local:9200,http://elasticsearch-3.efk.svc.cluster.local:9200"
+        - name: ELASTICSEARCH_USERNAME
+          value: "elastic"
+        - name: ELASTICSEARCH_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: elasticsearch-secret
+              key: elastic_password
+        securityContext:
+          runAsUser: 0
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+        - name: config
+          mountPath: /etc/metricbeat.yml
+          subPath: metricbeat.yml
+          readOnly: true
+        - name: data
+          mountPath: /usr/share/metricbeat/data
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+        - name: proc
+          mountPath: /hostfs/proc
+          readOnly: true
+        - name: cgroup
+          mountPath: /hostfs/sys/fs/cgroup
+          readOnly: true
+      volumes:
+      - name: config
+        configMap:
+          defaultMode: 0640
+          name: metricbeat-config
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
+      - name: proc
+        hostPath:
+          path: /proc
+      - name: cgroup
+        hostPath:
+          path: /sys/fs/cgroup
+      - name: data
+        emptyDir: {}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: metricbeat-config
+  namespace: efk
+data:
+  metricbeat.yml: |
+    metricbeat.modules:
+    - module: system
+      metricsets:
+        - cpu
+        - load
+        - memory
+        - network
+        - process
+        - process_summary
+      enabled: true
+      period: 10s
+      processes: ['.*']
+
+    # X-Pack 监控模块配置
+    - module: elasticsearch
+      xpack.enabled: true
+      metricsets:
+        - ccr
+        - cluster_stats
+        - index
+        - index_recovery
+        - index_summary
+        - node_stats
+        - shard
+      period: 10s
+      hosts: ${ELASTICSEARCH_HOSTS}
+      username: "${ELASTICSEARCH_USERNAME}"
+      password: "${ELASTICSEARCH_PASSWORD}"
+      ssl.certificate_authorities: ["/etc/ssl/certs/ca-certificates.crt"]
+      ssl.verification_mode: "certificate"
+
+    output.elasticsearch:
+      hosts:
+        - "http://elasticsearch-0.efk.svc.cluster.local:9200"
+        - "http://elasticsearch-1.efk.svc.cluster.local:9200"
+        - "http://elasticsearch-2.efk.svc.cluster.local:9200"
+        - "http://elasticsearch-3.efk.svc.cluster.local:9200"
+      username: "${ELASTICSEARCH_USERNAME}"
+      password: "${ELASTICSEARCH_PASSWORD}"
+
+    setup.kibana:
+      host: "http://kibana.efk.svc.cluster.local:5601"
+
+    logging.level: info
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metricbeat
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - namespaces
+  - events
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metricbeat
+subjects:
+- kind: ServiceAccount
+  name: metricbeat
+  namespace: efk
+roleRef:
+  kind: ClusterRole
+  name: metricbeat
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metricbeat
+  namespace: efk
+
--- a/elasticsearch-pvandpvc_incluster.yaml
+++ b/elasticsearch-pvandpvc_incluster.yaml
@ -133,6 +133,22 @@ spec:
  volumeName: elasticsearch-cold-pv
  storageClassName: "" # 显式禁用 StorageClass
 ---
+# PVC for cold config
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: elasticsearch-config-pvc-elasticsearch-2
+  namespace: efk
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  volumeName: elasticsearch-cold-config-pv
+  storageClassName: "" # 显式禁用 StorageClass
+  
+---  
 # PV for Hot Config
 apiVersion: v1
 kind: PersistentVolume
--- a/kibana-deployment.yaml
+++ b/kibana-deployment.yaml
@ -22,7 +22,7 @@ spec:
            - containerPort: 5601
          env:
            - name: ELASTICSEARCH_HOSTS
-              value: "http://elasticsearch.efk.svc.cluster.local:9200"
+              value: "http://elasticsearch-lb.efk.svc.cluster.local:9200"
            - name: XPACK_SECURITY_ENCRYPTIONKEY
              value: "a_secure_random_string_of_32_characters"
            - name: XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY
@ -30,4 +30,4 @@ spec:
            - name: XPACK_REPORTING_ENCRYPTIONKEY
              value: "yet_another_secure_random_string_of_32_characters"
            - name: ELASTICSEARCH_SERVICEACCOUNTTOKEN
-              value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOlo1dC0xNDFQVHQyajdBeEVtQzZjZ2c"
+              value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOlRuLTZ2M1NSUl82VXpmUWI5SnRjTGc"