K8S-ELK日志系统之五:logstash+kabana
1、Dockerfile
logstash:7.6.12
kibana:7.6.12
FROM openjdk:11 ENV TIME_ZONE Asia/Shanghai COPY logstash-7.16.2-amd64.deb / COPY kibana-7.16.2-amd64.deb / COPY sources.list /etc/apt/ COPY entrypoint.sh / RUN apt-get update -y && \ apt-get install vim inetutils-ping net-tools telnet -y && \ echo "${TIME_ZONE}" > /etc/timezone && \ ln -sf /usr/share/zoneinfo/${TIME_ZONE} /etc/localtime && \ chmod +x /entrypoint.sh && \ dpkg -i /logstash-7.16.2-amd64.deb && \ dpkg -i /kibana-7.16.2-amd64.deb ENTRYPOINT ["/entrypoint.sh"] CMD ["bash","-c","while true;do sleep 1000000;done"] EXPOSE 5061Dockerfile
#!/bin/bash nohup /usr/share/kibana/bin/kibana --allow-root &> /kibana.log & nohup /usr/share/logstash/bin/logstash -f /etc/logstash/logstash.conf &> /logstash.log & exec "$@"entrypoint.sh
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释 deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bullseye-security main contrib non-free # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bullseye-security main contrib non-freesources.list
docker build -t harbor.myland.com/baseimages/logstash_kibana:7.16.2 .
docker push harbor.myland.com/baseimages/logstash_kibana:7.16.2
2、yaml
kind: Service
apiVersion: v1
metadata:
name: kibana
namespace: es
spec:
type: NodePort
ports:
- name: kibana
port: 5601
targetPort: 5601
nodePort: 30400
protocol: TCP
selector:
app: lk
---
kind: ConfigMap
apiVersion: v1
metadata:
name: config
namespace: es
data:
logstash-config: |
input {
kafka {
bootstrap_servers => ["kafka-0.kafka:9092,kafka-1.kafka:9092,kafka-2.kafka:9092"]
topics => ["system","tomcat"]
codec => "json"
}
}
output {
if [fields][app_id] == "system" {
elasticsearch {
hosts => ["es-0.es:9200","es-1.es:9200","es-2.es:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
if [fields][app_id] == "tomcat" {
elasticsearch {
hosts => ["es-0.es:9200","es-1.es:9200","es-2.es:9200"]
index => "tomcat-%{+YYYY.MM.dd}"
}
}
}
kibana-config: |
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://es-0.es:9200","http://es-1.es:9200","http://es-2.es:9200"]
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: logstash-kibana
namespace: es
spec:
replicas: 1
selector:
matchLabels:
app: lk
template:
metadata:
name: lk
namespace: es
labels:
app: lk
spec:
containers:
- name: lk
image: harbor.myland.com/baseimages/logstash_kibana:7.16.2
imagePullPolicy: Always
resources:
limits:
cpu: 300m
memory: 1920Mi
requests:
cpu: 200m
memory: 500Mi
volumeMounts:
- name: logstash
mountPath: /etc/logstash/
- name: kibana
mountPath: /etc/kibana/
ports:
- name: kibana
containerPort: 5601
protocol: TCP
volumes:
- name: kibana
configMap:
name: config
items:
- key: kibana-config
path: kibana.yml
- name: logstash
configMap:
name: config
items:
- key: logstash-config
path: logstash.conf
deployment.yaml
kubectl apply -f deployment.yaml
3、检查状态
进入容器查看:
4、kibana页面
http://http://10.0.8.111:30400/
增加索引匹配模式
分别增加system和tomcat
查看日志: