Kubernetes 開發了一個 Elasticsearch 附加元件來實作叢集的日志管理。這是一個 Elasticsearch、Fluentd 和 Kibana 的組合。
Elasticsearch 是一個搜尋引擎,負責存儲日志并提供查詢接口;
Fluentd 負責從 Kubernetes 搜集日志,每個node節點上面的fluentd監控并收集該節點上面的系統日志,并将處理過後的日志資訊發送給Elasticsearch;
Kibana 提供了一個 Web GUI,使用者可以浏覽和搜尋存儲在 Elasticsearch 中的日志。
從官方github倉庫下載下傳yaml檔案
[root@hello ~/efk]# git clone https://github.com/kubernetes/kubernetes.git
[root@hello ~/efk]# kubectl create namespace logging
[root@hello ~/efk]# 執行所有yaml檔案
[root@hello ~/efk]# cd kubernetes/cluster/addons/fluentd-elasticsearch/
[root@hello ~/efk/kubernetes/cluster/addons/fluentd-elasticsearch]# kubectl apply -f ./
namespace/logging created
service/elasticsearch-logging created
serviceaccount/elasticsearch-logging created
clusterrole.rbac.authorization.k8s.io/elasticsearch-logging created
clusterrolebinding.rbac.authorization.k8s.io/elasticsearch-logging created
statefulset.apps/elasticsearch-logging created
configmap/fluentd-es-config-v0.2.1 created
serviceaccount/fluentd-es created
clusterrole.rbac.authorization.k8s.io/fluentd-es created
clusterrolebinding.rbac.authorization.k8s.io/fluentd-es created
daemonset.apps/fluentd-es-v3.1.1 created
deployment.apps/kibana-logging created
service/kibana-logging created 檢視pod狀态:
[root@hello ~]# kubectl get pod -n logging
NAME READY STATUS RESTARTS AGE
elasticsearch-logging-0 1/1 Running 0 2m17s
elasticsearch-logging-1 1/1 Running 0 96s
fluentd-es-v3.1.1-qw9dj 1/1 Running 1 (97s ago) 2m16s
kibana-logging-75bd6cccf5-pskrr 1/1 Running 1 (106s ago) 2m16s
[root@hello ~]#
[root@hello ~]# kubectl get service -n logging
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
elasticsearch-logging ClusterIP None <none> 9200/TCP,9300/TCP 2m41s
kibana-logging ClusterIP 10.68.145.186 <none> 5601/TCP 2m40s
[root@hello ~]# 通路 kibana
[root@hello ~]# kubectl proxy --address='192.168.1.11' --port=8086 --accept-hosts='^*$'
#通路
http://192.168.1.11:8086//api/v1/namespaces/logging/services/kibana-logging/proxy/ 建立一個index-pattern索引
預設為 logstash-* 即可,之後這裡會看到日志