Skip to content

Instantly share code, notes, and snippets.

@taking

taking/elastic.yaml

Last active June 12, 2022 05:03
Show Gist options
  • Save taking/e477b808d9f123b0dde7cdf4b897248d to your computer and use it in GitHub Desktop.
Save taking/e477b808d9f123b0dde7cdf4b897248d to your computer and use it in GitHub Desktop.
Download ZIP
(Bare Metal) Kubernetes ELK OSS Version Yaml
Raw
elastic.yaml
# elastic.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
namespace: telemetry
labels:
app: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
env:
- name: discovery.type
value: "single-node"
ports:
- containerPort: 9200
- containerPort: 9300
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node
operator: In
values:
- master01
---
apiVersion: v1
kind: Service
metadata:
labels:
app: elasticsearch
name: elasticsearch-svc
namespace: telemetry
spec:
ports:
- name: elasticsearch-rest
nodePort: 30482
port: 9200
protocol: TCP
targetPort: 9200
- name: elasticsearch-nodecom
nodePort: 30930
port: 9300
protocol: TCP
targetPort: 9300
selector:
app: elasticsearch
type: NodePort
Raw
fluentd.yaml
# fluentd.yml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: fluentd
name: fluentd
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fluentd
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- "pods"
- "namespaces"
verbs:
- "get"
- "list"
- "watch"
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fluentd
roleRef:
kind: ClusterRole
name: fluentd
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: fluentd
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
labels:
k8s-app: fluentd-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
selector:
matchLabels:
k8s-app: fluentd-logging
template:
metadata:
labels:
k8s-app: fluentd-logging
version: v1
kubernetes.io/cluster-service: "true"
annotations:
scheduler.alpha.kubernetes.io/affinity: >
{
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [
{
"matchExpressions": [
{
"key": "node",
"operator": "In",
"values": [ "master01" ]
}
]
}
]
}
}
}
spec:
serviceAccount: fluentd
serviceAccountName: fluentd
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: fluentd
# image: fluent/fluentd-kubernetes-daemonset:v1.14.0-debian-elasticsearch7-1.1
image: fluent/fluentd-kubernetes-daemonset:v1.11.5-debian-elasticsearch7-1.1
env:
- name: FLUENT_ELASTICSEARCH_HOST
value: "elasticsearch-svc.telemetry.svc.cluster.local"
- name: FLUENT_ELASTICSEARCH_PORT
value: "9200"
- name: FLUENT_ELASTICSEARCH_SCHEME
value: "http"
- name: FLUENTD_SYSTEMD_CONF
value: "disable"
- name: FLUENT_ELASTICSEARCH_SSL_VERIFY
value: "false"
# - name: FLUENT_ELASTICSEARCH_USER
# value: "elastic"
# - name: FLUENT_ELASTICSEARCH_PASSWORD
# value: {password of user 'elastic'}
- name: FLUENT_ELASTICSEARCH_LOGSTASH_FORMAT
value: "true"
- name: FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX
value: "fluentd.fems"
- name: FLUENT_UID
value: "0"
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
Raw
gw-vs.yaml
# istio-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: telemetry-gateway
namespace: telemetry
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 15443
name: tls
protocol: tls
tls:
mode: AUTO_PASSTHROUGH
hosts:
- "*.local"
---
# kibana-vs.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kibana-vs
namespace: telemetry
spec:
hosts:
- "kibana.{yourIP}.nip.io"
gateways:
- telemetry-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: kibana-svc
# port:
# number: 5601
---
# istio-virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: elastic-vs
namespace: telemetry
spec:
hosts:
- "elastic.{yourIP}.nip.io"
gateways:
- telemetry-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: elasticsearch-svc
port:
number: 9200
---
# istio-destinationrule.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: telemetry-mtls
namespace: telemetry
spec:
host: "*.local"
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
host: "*.nip.io"
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
Raw
jaeger.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jaeger
namespace: istio-system
labels:
app: jaeger
spec:
selector:
matchLabels:
app: jaeger
template:
metadata:
labels:
app: jaeger
annotations:
sidecar.istio.io/inject: "false"
prometheus.io/scrape: "true"
prometheus.io/port: "14269"
spec:
containers:
- name: jaeger
image: "docker.io/jaegertracing/all-in-one:1.23"
env:
- name: BADGER_EPHEMERAL
value: "false"
- name: SPAN_STORAGE_TYPE
value: "badger"
- name: BADGER_DIRECTORY_VALUE
value: "/badger/data"
- name: BADGER_DIRECTORY_KEY
value: "/badger/key"
- name: COLLECTOR_ZIPKIN_HOST_PORT
value: ":9411"
- name: MEMORY_MAX_TRACES
value: "50000"
- name: QUERY_BASE_PATH
value: /jaeger
livenessProbe:
httpGet:
path: /
port: 14269
readinessProbe:
httpGet:
path: /
port: 14269
volumeMounts:
- name: data
mountPath: /badger
resources:
requests:
cpu: 10m
volumes:
- name: data
emptyDir: {}
nodeSelector:
node: master01
---
apiVersion: v1
kind: Service
metadata:
name: tracing
namespace: istio-system
labels:
app: jaeger
spec:
type: NodePort
ports:
- name: http-query
port: 80
protocol: TCP
targetPort: 16686
# Note: Change port name if you add '--query.grpc.tls.enabled=true'
- name: grpc-query
port: 16685
protocol: TCP
targetPort: 16685
selector:
app: jaeger
---
# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
apiVersion: v1
kind: Service
metadata:
labels:
name: zipkin
name: zipkin
namespace: istio-system
spec:
ports:
- port: 9411
targetPort: 9411
name: http-query
selector:
app: jaeger
---
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
namespace: istio-system
labels:
app: jaeger
spec:
type: ClusterIP
ports:
- name: jaeger-collector-http
port: 14268
targetPort: 14268
protocol: TCP
- name: jaeger-collector-grpc
port: 14250
targetPort: 14250
protocol: TCP
- port: 9411
targetPort: 9411
name: http-zipkin
selector:
app: jaeger
Raw
kibana.yaml
# kibana.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
labels:
app: kibana
namespace: telemetry
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: kibana
image: docker.elastic.co/kibana/kibana-oss:7.10.2
env:
- name: SERVER_NAME
value: "kibana.kubenetes.example.com"
- name: ELASTICSEARCH_URL
value: "http://elasticsearch-svc.telemetry.svc.cluster.local:9200"
- name: ELASTICSEARCH_HOSTS
value: "http://elasticsearch-svc.telemetry.svc.cluster.local:9200"
ports:
- containerPort: 5601
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node
operator: In
values:
- master01
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kibana
name: kibana-svc
namespace: telemetry
spec:
ports:
- nodePort: 30920
port: 5601
protocol: TCP
targetPort: 5601
selector:
app: kibana
type: NodePort
Raw
telemetry-ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: "telemetry"
labels:
name: "telemetry"
@taking
Copy link
Author

taking commented Oct 1, 2021

kubectl label node {nodeName} node={nodeName}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment