Last active
November 20, 2019 18:33
-
-
Save wppurking/112740ed3875714a810a2881e1f57661 to your computer and use it in GitHub Desktop.
完成正 filebeat.yaml 部署 k8s 监控, 调整了对索引的配置
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: filebeat-config | |
| namespace: kube-system | |
| labels: | |
| k8s-app: filebeat | |
| data: | |
| filebeat.yml: |- | |
| filebeat.inputs: | |
| - type: container | |
| paths: | |
| - /var/log/containers/*.log | |
| processors: | |
| - add_kubernetes_metadata: | |
| host: ${NODE_NAME} | |
| matchers: | |
| - logs_path: | |
| logs_path: "/var/log/containers/" | |
| # To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this: | |
| #filebeat.autodiscover: | |
| # providers: | |
| # - type: kubernetes | |
| # host: ${NODE_NAME} | |
| # hints.enabled: true | |
| # hints.default_config: | |
| # type: container | |
| # paths: | |
| # - /var/log/containers/*${data.kubernetes.container.id}.log | |
| processors: | |
| - add_cloud_metadata: | |
| - add_host_metadata: | |
| logging.level: warning | |
| logging.metrics.enabled: false | |
| # 设置 ilm 的 policy life, 日志保留 45 天, 每 7 天一轮训, 最大 30g | |
| setup.ilm.policy_file: /etc/indice-lifecycle.json | |
| # 如果是第一次则不需要, 如果 index-template 已经存在需要更新, 则需要 | |
| setup.template.overwrite: false | |
| setup.template.settings: | |
| # 根据收集的日志量级, 因为日志会每天一份, 如果一天的日志量小于 30g, 一个 shard 足够 | |
| index.number_of_shards: 1 | |
| # 这个日志并不是那么重要, 并且如果是单节点的话, 直接设置为 0 个副本 | |
| index.number_of_replicas: 0 | |
| output.elasticsearch: | |
| hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}'] | |
| protocol: https | |
| username: "${USER}" | |
| password: "${PASS}" | |
| ssl.verification_mode: none | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| namespace: kube-system | |
| name: filebeat-indice-lifecycle | |
| labels: | |
| k8s-app: filebeat | |
| data: | |
| indice-lifecycle.json: |- | |
| { | |
| "policy": { | |
| "phases": { | |
| "hot": { | |
| "actions": { | |
| "rollover": { | |
| "max_size": "30GB" , | |
| "max_age": "7d" | |
| } | |
| } | |
| }, | |
| "delete": { | |
| "min_age": "30d", | |
| "actions": { | |
| "delete": {} | |
| } | |
| } | |
| } | |
| } | |
| } | |
| --- | |
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| name: filebeat | |
| namespace: kube-system | |
| labels: | |
| k8s-app: filebeat | |
| spec: | |
| selector: | |
| matchLabels: | |
| k8s-app: filebeat | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: filebeat | |
| spec: | |
| serviceAccountName: filebeat | |
| terminationGracePeriodSeconds: 30 | |
| hostNetwork: true | |
| dnsPolicy: ClusterFirstWithHostNet | |
| containers: | |
| - name: filebeat | |
| image: docker.elastic.co/beats/filebeat:7.4.2 | |
| args: [ | |
| "-c", "/etc/filebeat.yml", | |
| "-e", | |
| ] | |
| env: | |
| - name: ELASTICSEARCH_HOST | |
| value: efk.easya.cc | |
| - name: ELASTICSEARCH_PORT | |
| value: "9207" | |
| - name: USER | |
| value: "elastic" | |
| - name: PASS | |
| value: "iQS7zxAM383nWmA4lACo" | |
| - name: NODE_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: spec.nodeName | |
| securityContext: | |
| runAsUser: 0 | |
| # If using Red Hat OpenShift uncomment this: | |
| #privileged: true | |
| resources: | |
| limits: | |
| memory: 200Mi | |
| requests: | |
| cpu: 100m | |
| memory: 100Mi | |
| volumeMounts: | |
| - name: config | |
| mountPath: /etc/filebeat.yml | |
| readOnly: true | |
| subPath: filebeat.yml | |
| - name: filebeat-indice-lifecycle | |
| mountPath: /etc/indice-lifecycle.json | |
| readOnly: true | |
| subPath: indice-lifecycle.json | |
| - name: data | |
| mountPath: /usr/share/filebeat/data | |
| - name: varlibdockercontainers | |
| mountPath: /var/lib/docker/containers | |
| readOnly: true | |
| - name: varlog | |
| mountPath: /var/log | |
| readOnly: true | |
| volumes: | |
| - name: config | |
| configMap: | |
| defaultMode: 0600 | |
| name: filebeat-config | |
| - name: filebeat-indice-lifecycle | |
| configMap: | |
| defaultMode: 0600 | |
| name: filebeat-indice-lifecycle | |
| - name: varlibdockercontainers | |
| hostPath: | |
| path: /var/lib/docker/containers | |
| - name: varlog | |
| hostPath: | |
| path: /var/log | |
| # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart | |
| - name: data | |
| hostPath: | |
| path: /var/lib/filebeat-data | |
| type: DirectoryOrCreate | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: filebeat | |
| subjects: | |
| - kind: ServiceAccount | |
| name: filebeat | |
| namespace: kube-system | |
| roleRef: | |
| kind: ClusterRole | |
| name: filebeat | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole | |
| metadata: | |
| name: filebeat | |
| labels: | |
| k8s-app: filebeat | |
| rules: | |
| - apiGroups: [""] # "" indicates the core API group | |
| resources: | |
| - namespaces | |
| - pods | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: filebeat | |
| namespace: kube-system | |
| labels: | |
| k8s-app: filebeat | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
增加对 index manager 的处理, metric 最长 30 天, 索引达到 30g 或者 7 天进行索引滚动