Kubernetes+EFK构建日志分析平台

目录

Elasticsearch产品介绍

Fluentd 工作原理

Kibana产品介绍

一、环境准备

1.1、主机初始化配置

1.2、部署docker环境

二、部署kubernetes集群

2.1、组件介绍

2.2、配置阿里云yum源

2.3、安装kubelet kubeadm kubectl

2.4、配置init-config.yaml

2.5、安装master节点

2.6、安装node节点

2.7、安装flannel

3、部署企业镜像仓库

3.1、部署Harbor仓库

3.2、导入EFK镜像

4、部署EFK业务环境

4.1、准备组件Yaml文件

4.2、部署Elasticsearch

4.3、部署kibana

4.4、部署Fluentd

4.5、验证容器日志收集

4.6、配置 Kibana

---

        随着 Docker 容器及云原生相关技术的迅速发展，国内外厂商开始逐步向云原生方向转型。其中以 Kubernetes 为代表性的云原生技术凭借强大的功能成为各大厂商的第一选择。由于 Kubernetes 在容器编排领域的强势领先，使得越来越多的企业将业务迁至基于 Docker+Kubernetes 技术栈打造的容器管理平台，所以在 Kubernetes 集群环境下如何打造高效、可靠的业务日志收集系统也成为企业必须面临的问题。本章将主要介绍基于Elasticsearch、Fluentd 和 Kibana（EFK）技术栈实现完整 Kubernetes 集群日志收集解决方案。

Elasticsearch产品介绍

        Elasticsearch 是一个 Restful 风格的、开源的分布式搜索引擎，具备搜索和数据分析功能，它的底层是开源库 Apache Lucene。Elasticsearch 具有如下特点。

• 一个分布式的实时文档存储，每个字段可以被索引与搜索；
• 一个分布式实时分析搜索引擎；
• 能支撑上百个服务节点的扩展，并支持 PB 级别的结构化或者非结构化数据。

Fluentd 工作原理

        Fluentd 是一个日志的收集、处理、转发系统。通过丰富的插件，可以收集来自各种系统或应用的日志，转化为用户指定的格式后，转发到用户所指定的日志存储系统中。

        Fluentd 通过一组给定的数据源抓取日志数据，处理后（转换成结构化的数据格式）将它们转发给其他服务，比如 Elasticsearch、对象存储等等。Fluentd 支持超过 300 个日志存储和分析服务，所以对日志存储和分析服务的支持是非常灵活的。Fluentd 采用了插件式的架构，具有高可扩展性及高可用性，同时还实现了高可靠的信息转发。其主要运行步骤如下所示：

（1）首先 Fluentd 从多个日志源获取数据。

（2）结构化并且标记这些数据。

（3）最后根据匹配的标签将数据发送到多个目标服务。

Kibana产品介绍

        Kibana 是一个开源的可视化分析平台，用于和 Elasticsearch 一起工作。可以通过Kibana 搜索、查看、交互存放在 Elasticsearch 索引中的数据。也可以轻松地执行高级数据分析，并且以各种图表、表格和地图的形式可视化数据。Kibana 简单的、基于浏览器的界面便于对大量数据进行呈现，能够快速创建和共享动态仪表板，实时显示 Elasticsearch 查询的变化。

一、环境准备

操作系统	IP地址	主机名	组件
CentOS7.x	192.168.2.115	k8s-master	kubeadm、kubelet、kubectl、docker-ce
CentOS7.x	192.168.2.116	k8s-node01	kubeadm、kubelet、kubectl、docker-ce、elasticsearch、fluentd
CentOS7.x	192.168.2.117	6-node02	kubeadm、kubelet、kubectl、docker-ce、kibana、fluentd
CentOS7.x	192.168.2.118	harbor	docker-ce、docker-compose、harbor

注意：所有主机配置推荐CPU：2C+  Memory：4G+、运行 Elasticsearch 的节点要有足够的内存（不低于 4GB）。若 Elasticsearch 容器退出，请检查宿主机中的/var/log/message 日志，观察是否因为系统 OOM 导致进程被杀掉。

项目拓扑

1.1、主机初始化配置

所有主机配置禁用防火墙和selinux 

[root@localhost ~]# setenforce 0
[root@localhost ~]# iptables -F
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
[root@localhost ~]# sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config

配置主机名并绑定hosts，不同主机名称不同

[root@localhost ~]# hostname k8s-master    (不同主机名称不同)
[root@localhost ~]# bash

[root@k8s-master ~]# cat <<EOF>> /etc/hosts
> 192.168.2.115 k8s-master
> 192.168.2.116 k8s-node1
> 192.168.2.117 k8s-node2
> EOF

[root@k8s-master ~]# scp /etc/hosts 192.168.2.116:/etc/hosts
[root@k8s-master ~]# scp /etc/hosts 192.168.2.117:/etc/hosts

[root@localhost ~]# hostname k8s-node01
[root@localhost ~]# bash
[root@k8s-node01 ~]#

[root@localhost ~]# hostname k8s-node02
[root@localhost ~]# bash
[root@k8s-node02 ~]#

主机配置初始化（所有主机）

[root@k8s-master ~]# yum -y install vim wget net-tools lrzsz

[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# sed -i '/swap/s/^/#/' /etc/fstab

[root@k8s-node01 ~]# cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

[root@k8s-node01 ~]# modprobe br_netfilter
[root@k8s-node01 ~]# sysctl -p

1.2、部署docker环境

三台主机上分别部署 Docker 环境，因为 Kubernetes 对容器的编排需要 Docker 的支持。

[root@k8s-master ~]# cd /etc/yum.repos.d/

[root@k8s-master yum.repos.d]# ls
CentOS-Base.repo       CentOS-fasttrack.repo  CentOS-Vault.repo
CentOS-CR.repo         CentOS-Media.repo      CentOS-x86_64-kernel.repo
CentOS-Debuginfo.repo  CentOS-Sources.repo

[root@k8s-master yum.repos.d]# mkdir test

[root@k8s-master yum.repos.d]# mv CentOS-* test/

[root@k8s-master yum.repos.d]# ls
test

[root@k8s-master yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
--2023-08-16 14:59:38--  http://mirrors.aliyun.com/repo/Centos-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 42.202.208.239, 42.202.208.240, 42.202.208.241, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|42.202.208.239|:80... 已连接。
已发出 HTTP 请求，正在等待回应... 200 OK
长度：2523 (2.5K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/CentOS-Base.repo”

100%[========================================>] 2,523       --.-K/s 用时 0.002s  

2023-08-16 14:59:38 (1.17 MB/s) - 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2523/2523])


[root@k8s-master yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

使用 YUM 方式安装 Docker 时，推荐使用阿里的 YUM 源。

[root@k8s-master yum.repos.d]# yum-config-manager --add-repo 

https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
已加载插件：fastestmirror
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo

[root@k8s-master ~]# yum -y install docker-ce
[root@k8s-master ~]# systemctl start docker
[root@k8s-master ~]# systemctl enable docker

镜像加速器（所有主机配置）

[root@k8s-master ~]# cat << END > /etc/docker/daemon.json
{
        "registry-mirrors":[ "https://nyakyfun.mirror.aliyuncs.com" ]
}
END
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker

二、部署kubernetes集群

2.1、组件介绍

三个节点都需要安装下面三个组件

1. kubeadm：安装工具，使所有的组件都会以容器的方式运行
2. kubectl：客户端连接K8S API工具
3. kubelet：运行在node节点，用来启动容器的工具

2.2、配置阿里云yum源

使用 YUM 方式安装 Kubernetes时，推荐使用阿里的 YUM 源。

[root@k8s-master ~]#  cat <<EOF > /etc/yum.repos.d/kubernetes.repo 
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
>        https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF

[root@k8s-master ~]# ls /etc/yum.repos.d/
CentOS-Base.repo  docker-ce.repo  kubernetes.repo  test

2.3、安装kubelet kubeadm kubectl

所有主机配置

[root@k8s-master ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0

[root@k8s-master ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

        kubelet 刚安装完成后，通过 systemctl start kubelet 方式是无法启动的，需要加入节点或初始化为 master 后才可启动成功。

2.4、配置init-config.yaml

        Kubeadm 提供了很多配置项，Kubeadm 配置在 Kubernetes 集群中是存储在ConfigMap 中的，也可将这些配置写入配置文件，方便管理复杂的配置项。Kubeadm 配内容是通过 kubeadm config 命令写入配置文件的。

        在master节点安装，master 定于为192.168.2.115，通过如下指令创建默认的init-config.yaml文件：

[root@k8s-master ~]# kubeadm config print init-defaults > init-config.yaml

[root@k8s-master ~]# cat init-config.yaml 

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.2.115		//master节点IP地址
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master		//如果使用域名保证可以解析，或直接使用 IP 地址
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd		//etcd 容器挂载到本地的目录
imageRepository: registry.aliyuncs.com/google_containers	//修改为国内地址
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16 	//新增加 Pod 网段
scheduler: {}

2.5、安装master节点

拉取所需镜像

镜像提取链接：https://pan.baidu.com/s/1rVjcflmO2K5_HW4jwnG2vQ?pwd=v54d 
提取码：v54d

[root@k8s-master ~]#  kubeadm config images list --config init-config.yaml

registry.aliyuncs.com/google_containers/kube-apiserver:v1.20.0
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.20.0
registry.aliyuncs.com/google_containers/kube-scheduler:v1.20.0
registry.aliyuncs.com/google_containers/kube-proxy:v1.20.0
registry.aliyuncs.com/google_containers/pause:3.2
registry.aliyuncs.com/google_containers/etcd:3.4.13-0
registry.aliyuncs.com/google_containers/coredns:1.7.0

[root@k8s-master ~]# mkdir master 

[root@k8s-master ~]# cd master

[root@k8s-master master]# rz -E
rz waiting to receive.

[root@k8s-master master]# ls | while read line
> do
> docker load < $line
> done
225df95e717c: Loading layer  336.4kB/336.4kB
96d17b0b58a7: Loading layer  45.02MB/45.02MB
Loaded image: registry.aliyuncs.com/google_containers/coredns:1.7.0
d72a74c56330: Loading layer  3.031MB/3.031MB
d61c79b29299: Loading layer   2.13MB/2.13MB
1a4e46412eb0: Loading layer  225.3MB/225.3MB
bfa5849f3d09: Loading layer   2.19MB/2.19MB
bb63b9467928: Loading layer  21.98MB/21.98MB
Loaded image: registry.aliyuncs.com/google_containers/etcd:3.4.13-0
e7ee84ae4d13: Loading layer  3.041MB/3.041MB
597f1090d8e9: Loading layer  1.734MB/1.734MB
52d5280a7533: Loading layer  118.1MB/118.1MB
Loaded image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.20.0
201617abe922: Loading layer  112.3MB/112.3MB
Loaded image: registry.aliyuncs.com/google_containers/kube-controller-manager:v1.20.0
f00bc8568f7b: Loading layer  53.89MB/53.89MB
6ee930b14c6f: Loading layer  22.05MB/22.05MB
2b046f2c8708: Loading layer  4.894MB/4.894MB
f6be8a0f65af: Loading layer  4.608kB/4.608kB
3a90582021f9: Loading layer  8.192kB/8.192kB
94812b0f02ce: Loading layer  8.704kB/8.704kB
3a478f418c9c: Loading layer  39.49MB/39.49MB
Loaded image: registry.aliyuncs.com/google_containers/kube-proxy:v1.20.0
aa679bed73e1: Loading layer  42.85MB/42.85MB
Loaded image: registry.aliyuncs.com/google_containers/kube-scheduler:v1.20.0
ba0dae6243cc: Loading layer  684.5kB/684.5kB
Loaded image: registry.aliyuncs.com/google_containers/pause:3.2

安装matser节点

[root@k8s-master ~]# kubeadm init --config=init-config.yaml	        //初始化安装K8S

[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
	[WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.5. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.2.115]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.2.115 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.2.115 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 13.003694 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the labels "node-role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: abcdef.0123456789abcdef
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.2.115:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:ec00f259095635fec9e0b54bc6fd6d1b7c65c20ee8a60b1494f14a43b0d65cb6 

根据提示操作

        kubectl 默认会在执行的用户家目录下面的.kube 目录下寻找config 文件。这里是将在初始化时[kubeconfig]步骤生成的admin.conf 拷贝到.kube/config

[root@k8s-master ~]#   mkdir -p $HOME/.kube
[root@k8s-master ~]#   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]#   sudo chown $(id -u):$(id -g) $HOME/.kube/config

        Kubeadm 通过初始化安装是不包括网络插件的，也就是说初始化之后是不具备相关网络功能的，比如 k8s-master 节点上查看节点信息都是“Not Ready”状态、Pod 的 CoreDNS无法提供服务等。

2.6、安装node节点

根据master安装时的提示信息

[root@k8s-node1 ~]# kubeadm join 192.168.2.115:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:ec00f259095635fec9e0b54bc6fd6d1b7c65c20ee8a60b1494f14a43b0d65cb6

[root@k8s-node2 ~]# kubeadm join 192.168.2.115:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:ec00f259095635fec9e0b54bc6fd6d1b7c65c20ee8a60b1494f14a43b0d65cb6
[preflight] Running pre-flight checks
	[WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.5. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W0816 15:22:52.578889    3319 common.go:148] WARNING: could not obtain a bind address for the API Server: no default routes found in "/proc/net/route" or "/proc/net/ipv6_route"; using: 0.0.0.0
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS     ROLES                  AGE     VERSION
k8s-master   NotReady   control-plane,master   5m25s   v1.20.0
k8s-node1    NotReady   <none>                 2m32s   v1.20.0
k8s-node2    NotReady   <none>                 2m38s   v1.20.0

        前面已经提到，在初始化 k8s-master 时并没有网络相关配置，所以无法跟 node 节点通信，因此状态都是“NotReady”。但是通过 kubeadm join 加入的 node 节点已经在k8s-master 上可以看到。

2.7、安装flannel

Master 节点NotReady 的原因就是因为没有使用任何的网络插件，此时Node 和Master的连接还不正常。目前最流行的Kubernetes 网络插件有Flannel、Calico、Canal、Weave 这里选择使用flannel。

flannel所需提取链接：https://pan.baidu.com/s/1lj2DuEVvzvvM1u0v1dwb3w?pwd=sylj 
提取码：sylj

所有主机上传flannel_v0.12.0-amd64.tar、cni-plugins-linux-amd64-v0.8.6

[root@k8s-master ~]# rz -E
rz waiting to receive.
[root@k8s-master ~]# docker load < flannel_v0.12.0-amd64.tar 
256a7af3acb1: Loading layer  5.844MB/5.844MB
d572e5d9d39b: Loading layer  10.37MB/10.37MB
57c10be5852f: Loading layer  2.249MB/2.249MB
7412f8eefb77: Loading layer  35.26MB/35.26MB
05116c9ff7bf: Loading layer   5.12kB/5.12kB
Loaded image: quay.io/coreos/flannel:v0.12.0-amd64

[root@k8s-master ~]# tar xf cni-plugins-linux-amd64-v0.8.6.tgz 
[root@k8s-master ~]# cp flannel /opt/cni/bin/

master上传kube-flannel.yml

master主机配置：

[root@k8s-master ~]# kubectl apply -f kube-flannel.yml

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES                  AGE   VERSION
k8s-master   Ready    control-plane,master   14m   v1.20.0
k8s-node1    Ready    <none>                 11m   v1.20.0
k8s-node2    Ready    <none>                 11m   v1.20.0

[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-7f89b7bc75-skttb             1/1     Running   0          15m
coredns-7f89b7bc75-t29xn             1/1     Running   0          15m
etcd-k8s-master                      1/1     Running   0          16m
kube-apiserver-k8s-master            1/1     Running   0          16m
kube-controller-manager-k8s-master   1/1     Running   0          16m
kube-flannel-ds-amd64-2qs6m          1/1     Running   1          6m59s
kube-flannel-ds-amd64-724d6          1/1     Running   0          6m59s
kube-flannel-ds-amd64-fpt5l          1/1     Running   0          6m59s
kube-proxy-5q72g                     1/1     Running   0          13m
kube-proxy-mdf2s                     1/1     Running   0          15m
kube-proxy-xtfk8                     1/1     Running   0          13m
kube-scheduler-k8s-master            1/1     Running   0          16m

已经是ready状态

3、部署企业镜像仓库

3.1、部署Harbor仓库

所有主机配置禁用防火墙和selinux 

[root@localhost ~]# setenforce 0
[root@localhost ~]# iptables -F
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
[root@localhost ~]# sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config

配置主机名

[root@k8s-node2 ~]# hostname harbor
[root@k8s-node2 ~]# bash
[root@harbor ~]# 

部署docker环境

Harbor 仓库需要 Docker 容器支持，所以 Docker 环境是必不可少的。

[root@harbor yum.repos.d]# mkdir test
[root@harbor yum.repos.d]# mv CentOS-* test/

[root@harbor ~]#  wget -O /etc/yum.repos.d/CentOS-Base.repo 

http://mirrors.aliyun.com/repo/Centos-7.repo
--2023-08-16 15:46:03--  http://mirrors.aliyun.com/repo/Centos-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 42.202.208.244, 42.202.208.248, 42.202.208.238, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|42.202.208.244|:80... 已连接。
已发出 HTTP 请求，正在等待回应... 200 OK
长度：2523 (2.5K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/CentOS-Base.repo”

100%[====================================================>] 2,523       --.-K/s 用时 0.004s  

2023-08-16 15:46:03 (593 KB/s) - 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2523/2523])

[root@harbor ~]#  yum install -y yum-utils device-mapper-persistent-data lvm2

部署docker环境

Harbor 仓库需要 Docker 容器支持，所以 Docker 环境是必不可少的。

[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

已加载插件：fastestmirror
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo

[root@harbor ~]# yum clean all && yum makecache fast

已加载插件：fastestmirror
正在清理软件源： base docker-ce-stable extras updates
Cleaning up list of fastest mirrors
已加载插件：fastestmirror
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                   | 3.6 kB  00:00:00     
docker-ce-stable                                                       | 3.5 kB  00:00:00     
extras                                                                 | 2.9 kB  00:00:00     
updates                                                                | 2.9 kB  00:00:00     
(1/6): docker-ce-stable/7/x86_64/updateinfo                            |   55 B  00:00:00     
(2/6): base/7/x86_64/group_gz                                          | 153 kB  00:00:00     
(3/6): docker-ce-stable/7/x86_64/primary_db                            | 116 kB  00:00:00     
(4/6): extras/7/x86_64/primary_db                                      | 250 kB  00:00:00     
(5/6): base/7/x86_64/primary_db                                        | 6.1 MB  00:00:14     
(6/6): updates/7/x86_64/primary_db                                     |  22 MB  00:00:53     
元数据缓存已建立

[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]# systemctl start docker
[root@harbor ~]#  systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@harbor ~]# cat << END > /etc/docker/daemon.json
> {
>         "registry-mirrors":[ "https://nyakyfun.mirror.aliyuncs.com" ]
> }
> END
[root@harbor ~]# systemctl daemon-reload
[root@harbor ~]# systemctl restart docker

部署docker-compose（上传docker-compose）

docker-compose提取链接：https://pan.baidu.com/s/1UVQ7l0Sme1V6ahpk0XNzRg?pwd=yau1 
提取码：yau1

[root@harbor ~]# rz -E
rz waiting to receive.
[root@harbor ~]# mv docker-compose /usr/local/bin/
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose 

部署harbor

        Harbor 私有仓库程序采用 docker-compose 方式部署，不同的功能和应用处于不同的容器，这样带来了很好的兼容性，可在众多支持 Docker 的系统上运行 Harbor。

 链接：https://pan.baidu.com/s/1_ah_OL00YhmbCkCbVPhrXQ?pwd=38c6 
提取码：38c6

[root@harbor ~]# rz -E
rz waiting to receive.

[root@harbor ~]# tar xf harbor-offline-installer-v2.0.0.tgz 

[root@harbor ~]# mv harbor /usr/local/

        Harbor 的配置文件是/usr/local/harbor/harbor.yml 文件，默认的 hostname 要修改为

Harbor 虚拟机节点的 IP 地址。

[root@harbor ~]# vim /usr/local/harbor/harbor.yml.tmpl

  5 hostname: 192.168.2.118
 13 #https:   //https 相关配置都注释掉，包括 https、port、certificate 和 private_key
 14   # https port for harbor, default is 443
 15   #port: 443
 16   # The path of cert and key files for nginx
 17   #certificate: /your/certificate/path
 18   #private_key: /your/private/key/path

启动harbor

[root@harbor ~]# cd /usr/local/harbor/

[root@harbor harbor]# mv harbor.yml.tmpl harbor.yml

[root@harbor harbor]# ls

common.sh  harbor.v2.0.0.tar.gz  harbor.yml  input  install.sh  LICENSE  prepare

[root@harbor harbor]# sh install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 24.0.5

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.21.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/notary-signer-photon:v2.0.0
Loaded image: goharbor/clair-adapter-photon:v2.0.0
Loaded image: goharbor/chartmuseum-photon:v2.0.0
Loaded image: goharbor/harbor-log:v2.0.0
Loaded image: goharbor/harbor-registryctl:v2.0.0
Loaded image: goharbor/registry-photon:v2.0.0
Loaded image: goharbor/clair-photon:v2.0.0
Loaded image: goharbor/notary-server-photon:v2.0.0
Loaded image: goharbor/redis-photon:v2.0.0
Loaded image: goharbor/nginx-photon:v2.0.0
Loaded image: goharbor/harbor-core:v2.0.0
Loaded image: goharbor/harbor-db:v2.0.0
Loaded image: goharbor/harbor-jobservice:v2.0.0
Loaded image: goharbor/trivy-adapter-photon:v2.0.0
Loaded image: goharbor/prepare:v2.0.0
Loaded image: goharbor/harbor-portal:v2.0.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db     ... done
Creating redis         ... done
Creating registry      ... done
Creating registryctl   ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----


[root@harbor harbor]# docker-compose ps
      Name                     Command                  State                   Ports             
--------------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh            Up (healthy)                                 
harbor-db           /docker-entrypoint.sh            Up (healthy)   5432/tcp                      
harbor-jobservice   /harbor/entrypoint.sh            Up (healthy)                                 
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp     
harbor-portal       nginx -g daemon off;             Up (healthy)   8080/tcp                      
nginx               nginx -g daemon off;             Up (healthy)   0.0.0.0:80->8080/tcp,:::80->80
                                                                    80/tcp                        
redis               redis-server /etc/redis.conf     Up (healthy)   6379/tcp                      
registry            /home/harbor/entrypoint.sh       Up (healthy)   5000/tcp                      
registryctl         /home/harbor/start.sh            Up (healthy)                                 

Harbor 启动完成后，浏览器访问 http://192.168.2.118，打开 Harbor Web 页面

 

 

 修改所有主机docker启动脚本

[root@harbor ~]# vim /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.2.118


[root@harbor ~]# scp /usr/lib/systemd/system/docker.service 192.168.2.115:/usr/lib/systemd/system/

The authenticity of host '192.168.2.115 
(192.168.2.115)' can't be established.
ECDSA key fingerprint is SHA256:stDOWr6tPaYeJ0AOLVXtS1p4CCHL9jFdbywH36Wa6ko.
ECDSA key fingerprint is MD5:68:2b:49:24:3b:cf:97:33:c0:3e:d5:ee:bc:2d:35:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.115' (ECDSA) to the list of known hosts.
root@192.168.2.115's password: 
docker.service                                                  100% 1764     2.2MB/s   00:00    

[root@harbor ~]# scp /usr/lib/systemd/system/docker.service 192.168.2.116:/usr/lib/systemd/system/ 

The authenticity of host '192.168.2.116 (192.168.2.116)' can't be established.
ECDSA key fingerprint is SHA256:RG6SwP4IEdCtwZTqmw5B3lW7k3e06TBVBtpIQQhXXU8.
ECDSA key fingerprint is MD5:30:ae:c1:97:d5:fd:9f:ca:6b:36:a1:6d:e3:b7:06:d2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.116' (ECDSA) to the list of known hosts.
root@192.168.2.116's password: 
docker.service                                                  100% 1764     1.4MB/s   00:00    

[root@harbor ~]# scp /usr/lib/systemd/system/docker.service 192.168.2.117:/usr/lib/systemd/system/ 

The authenticity of host '192.168.2.117 (192.168.2.117)' can't be established.
ECDSA key fingerprint is SHA256:a7IpGawJCffvD7q1hMT/WIP+ZT/Bm9Qhy8NxapJa1GA.
ECDSA key fingerprint is MD5:a6:56:1e:0c:59:62:fa:bf:f5:9b:77:d5:f0:0c:65:5d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.117' (ECDSA) to the list of known hosts.
root@192.168.2.117's password: 
docker.service                                                  100% 1764     2.4MB/s   00:00    

所有主机重启docker服务

[root@harbor ~]# systemctl daemon-reload
[root@harbor ~]# systemctl restart docker

3.2、导入EFK镜像

[root@harbor ~]# sh /usr/local/harbor/install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 24.0.5

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.21.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/notary-signer-photon:v2.0.0
Loaded image: goharbor/clair-adapter-photon:v2.0.0
Loaded image: goharbor/chartmuseum-photon:v2.0.0
Loaded image: goharbor/harbor-log:v2.0.0
Loaded image: goharbor/harbor-registryctl:v2.0.0
Loaded image: goharbor/registry-photon:v2.0.0
Loaded image: goharbor/clair-photon:v2.0.0
Loaded image: goharbor/notary-server-photon:v2.0.0
Loaded image: goharbor/redis-photon:v2.0.0
Loaded image: goharbor/nginx-photon:v2.0.0
Loaded image: goharbor/harbor-core:v2.0.0
Loaded image: goharbor/harbor-db:v2.0.0
Loaded image: goharbor/harbor-jobservice:v2.0.0
Loaded image: goharbor/trivy-adapter-photon:v2.0.0
Loaded image: goharbor/prepare:v2.0.0
Loaded image: goharbor/harbor-portal:v2.0.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping harbor-portal     ... done
Stopping registry          ... done
Stopping harbor-db         ... done
Stopping registryctl       ... done
Stopping redis             ... done
Stopping harbor-log        ... done
Removing nginx             ... done
Removing harbor-jobservice ... done
Removing harbor-core       ... done
Removing harbor-portal     ... done
Removing registry          ... done
Removing harbor-db         ... done
Removing registryctl       ... done
Removing redis             ... done
Removing harbor-log        ... done
Removing network harbor_harbor


[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating harbor-db     ... done
Creating redis         ... done
Creating registryctl   ... done
Creating registry      ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----


[root@harbor ~]# docker login -u admin -p Harbor12345 http://192.168.2.118

WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

#上传elasticsearch-7.4.2.tar、fluentd-es.tar、kibana-7.4.2.tar、alpine-3.6.tar

[root@harbor ~]# rz -E
rz waiting to receive.

[root@harbor ~]# ls
alpine-3.6.tar   elasticsearch-7.4.2.tar  harbor-offline-installer-v2.0.0.tgz
anaconda-ks.cfg  fluentd-es.tar           kibana-7.4.2.tar

[root@harbor ~]# docker load < elasticsearch-7.4.2.tar 

877b494a9f30: Loading layer  209.6MB/209.6MB
d88e30aec0f6: Loading layer    173MB/173MB
1c5056425cea: Loading layer  379.4kB/379.4kB
5e54fa4095eb: Loading layer  487.1MB/487.1MB
4e90d125f1e5: Loading layer  4.608kB/4.608kB
115e3e5a8759: Loading layer   7.68kB/7.68kB
4d2c21064d7c: Loading layer  9.728kB/9.728kB
Loaded image ID: sha256:b1179d41a7b42f921f8ea0c5fa319c8aac4a3083dd733494170428917007e55f

[root@harbor ~]# docker  load < fluentd-es.tar 

f1b5933fe4b5: Loading layer  5.796MB/5.796MB
741e6e2c94d4: Loading layer   43.4MB/43.4MB
08e69dc70e17: Loading layer  13.82kB/13.82kB
921d47fed072: Loading layer  3.584kB/3.584kB
9e5da15b8bd1: Loading layer  3.072kB/3.072kB
ac62943fb2fc: Loading layer  2.729MB/2.729MB
5d526fbfafec: Loading layer  147.5kB/147.5kB
55e5db4c6e54: Loading layer  12.93MB/12.93MB
3e2e1fdff900: Loading layer  61.95kB/61.95kB
e9ed50a34eed: Loading layer  31.74kB/31.74kB
9d2b48d1be99: Loading layer  248.3kB/248.3kB
7432b737c247: Loading layer  3.072kB/3.072kB
19293dbdc1a1: Loading layer  3.072kB/3.072kB
89f0ad125648: Loading layer   1.32MB/1.32MB
22c80d316b5c: Loading layer  178.1MB/178.1MB
bda24b542570: Loading layer  7.534MB/7.534MB
3f0b69f8144c: Loading layer  4.559MB/4.559MB
38714652f7e6: Loading layer  11.16MB/11.16MB
9af19f0dccca: Loading layer  256.5kB/256.5kB
Loaded image ID: sha256:636f3d316141c1fcef8c793b5d9935347a13eba8a8b5bb6a75b2574722f863c1

[root@harbor ~]# docker load < kibana-7.4.2.tar 

01fc07851996: Loading layer  179.4MB/179.4MB
9cfbbc5ed16e: Loading layer  82.43kB/82.43kB
80642e52e3f7: Loading layer  57.86kB/57.86kB
90cabfea98a8: Loading layer  806.2MB/806.2MB
0b8e2117240b: Loading layer  2.048kB/2.048kB
b34d7a00ef38: Loading layer  4.096kB/4.096kB
cb5328c9d961: Loading layer  10.24kB/10.24kB
3234e7f24c9c: Loading layer   2.56kB/2.56kB
ccde9566aa40: Loading layer  374.8kB/374.8kB
Loaded image ID: sha256:230d3ded1abc1468536e41d80a9cc6a67908358c0e4ebf065c29b8ef0370ba4b

[root@harbor ~]# docker load < alpine-3.6.tar 

721384ec99e5: Loading layer  4.283MB/4.283MB
Loaded image ID: sha256:43773d1dba76c4d537b494a8454558a41729b92aa2ad0feb23521c3e58cd0440

[root@harbor ~]# docker tag b1179d 192.168.2.118/efk/elasticsearch:7.4.2
[root@harbor ~]# docker tag 636f3d 192.168.2.118/efk/fluentd-es-root:v2.5.2
[root@harbor ~]# docker tag 230d3d 192.168.2.118/efk/kibana-7.4.2
[root@harbor ~]# docker tag 43773d 192.168.2.118/efk/alpine-3.6

[root@harbor ~]# docker push 192.168.2.118/efk/elasticsearch:7.4.2

The push refers to repository [192.168.2.118/efk/elasticsearch]
4d2c21064d7c: Preparing 
115e3e5a8759: Preparing 
4e90d125f1e5: Preparing 
5e54fa4095eb: Preparing 
1c5056425cea: Preparing 
d88e30aec0f6: Waiting 
877b494a9f30: Waiting 
unauthorized: project not found, name: efk: project not found, name: efk

[root@harbor ~]# docker push 192.168.2.118/efk/fluentd-es-root:v2.5.2

The push refers to repository [192.168.2.118/efk/fluentd-es-root]
9af19f0dccca: Preparing 
38714652f7e6: Preparing 
3f0b69f8144c: Preparing 
bda24b542570: Preparing 
22c80d316b5c: Preparing 
89f0ad125648: Waiting 
19293dbdc1a1: Waiting 
7432b737c247: Waiting 
9d2b48d1be99: Waiting 
e9ed50a34eed: Waiting 
3e2e1fdff900: Waiting 
55e5db4c6e54: Waiting 
5d526fbfafec: Waiting 
ac62943fb2fc: Waiting 
9e5da15b8bd1: Waiting 
921d47fed072: Waiting 
08e69dc70e17: Waiting 
741e6e2c94d4: Waiting 
f1b5933fe4b5: Waiting 
unauthorized: project not found, name: efk: project not found, name: efk

[root@harbor ~]# docker push 192.168.2.118/efk/kibana-7.4.2

Using default tag: latest
The push refers to repository [192.168.2.118/efk/kibana-7.4.2]
ccde9566aa40: Preparing 
3234e7f24c9c: Preparing 
cb5328c9d961: Preparing 
b34d7a00ef38: Preparing 
0b8e2117240b: Preparing 
90cabfea98a8: Waiting 
80642e52e3f7: Waiting 
9cfbbc5ed16e: Waiting 
01fc07851996: Waiting 
877b494a9f30: Waiting 
unauthorized: project not found, name: efk: project not found, name: efk

[root@harbor ~]# docker push 192.168.2.118/efk/alpine-3.6

Using default tag: latest
The push refers to repository [192.168.2.118/efk/alpine-3.6]
721384ec99e5: Preparing 
unauthorized: project not found, name: efk: project not found, name: efk

4、部署EFK业务环境

4.1、准备组件Yaml文件

链接：https://pan.baidu.com/s/1iUA2zhTBfrpNAEpAJw6pMQ?pwd=xaev 
提取码：xaev

Yaml文件中涉及到镜像地址和 nodeSelector 选择器地址需要注意修改。

[root@k8s-master ~]# cd /opt/efk/
[root@k8s-master efk]# rz -E            #上传对应的yaml文件
rz waiting to receive.

[root@k8s-master efk]# vim elasticsearch.yaml 
        image: 192.168.2.118/efk/elasticsearch:7.4.2
        image: 192.168.2.118/efk/alpine:3.6
        image: 192.168.2.118/efk/alpine:3.6

        NodeSelector 节点选择器的修改，实际作用是决定将 Elasticsearch 服务部署到哪个节点。当前配置文件内是调度到 k8s-node1 节点，请根据实际负载情况进行调整。节点名称可以通过 kubectl get nodes 获取，在选择节点时务必确保节点有足够的资源。

[root@k8s-master efk]# vim elasticsearch.yaml
      nodeSelector:
        kubernetes.io/hostname: k8s-node1

对kibana.yaml文件镜像地址和调度节点进行修改，将 Kibana 部署到 k8s-node2 节点。

[root@k8s-master efk]# vim kibana.yaml 

      nodeSelector:
        kubernetes.io/hostname: k8s-node2

        image: 192.168.2.118/efk/kibana:7.4.2

修改 fluentd.yaml的镜像地址

[root@k8s-master efk]# vim fluentd.yaml 

        image: 192.168.2.118/efk/fluentd-es-root:v2.5.2

修改 test-pod.yaml的镜像地址

[root@k8s-master efk]# vim test-pod.yaml 

    image: 192.168.2.118/efk/alpine:3.6

4.2、部署Elasticsearch

创建命名空间

        创建名为 logging 的命名空间，用于存放 EFK 相关的服务。在 k8s-master节点的/opt/efk 目录下。

[root@k8s-master efk]# kubectl create -f namespace.yaml
namespace/logging created

[root@k8s-master efk]# kubectl get namespace | grep logging
logging           Active   34s

创建 es 数据存储目录

Elasticsearch 服务通常可以简写为 es。到 k8s-node1 节点创建数据目录/esdata。

[root@k8s-node1 ~]# mkdir /esdata

部署 es 容器

进入 k8s-master节点的/opt/efk 目录，部署 es 容器，执行如下操作。

[root@k8s-master ~]# cd /opt/efk/

[root@k8s-master efk]# kubectl create -f elasticsearch.yaml

statefulset.apps/elasticsearch-logging created
service/elasticsearch created

等待片刻，即可查看到 es 的 Pod，已经部署到 k8s-node1 节点，状态变为 running。

[root@k8s-master efk]# kubectl -n logging get pods -o wide
NAME                      READY   STATUS    RESTARTS   AGE   IP           NODE        NOMINATED NODE   READINESS GATES
elasticsearch-logging-0   1/1     Running   0          66s   10.244.2.5   k8s-node1   <none>           <none>


[root@k8s-master efk]# kubectl -n logging get svc
NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
elasticsearch   ClusterIP   10.97.190.214   <none>        9200/TCP   2m20s

通过 curl 命令访问服务，验证 es 是否部署成功。

[root@k8s-master efk]# curl 10.97.190.214:9200
{
  "name" : "elasticsearch-logging-0",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "eJ6WwijmSweA-Ap8aj8kdg",
  "version" : {
    "number" : "7.4.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "2f90bbf7b93631e52bafb59b3b049cb44ec25e96",
    "build_date" : "2019-10-28T20:40:44.881551Z",
    "build_snapshot" : false,
    "lucene_version" : "8.2.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

4.3、部署kibana

进入 k8s-master 的/opt/efk 目录，执行如下命令。

[root@k8s-master efk]# kubectl create -f kibana.yaml
service/kibana created
deployment.apps/kibana created

查看 Pod 的状态。

[root@k8s-master efk]# kubectl -n logging get pods
NAME                      READY   STATUS    RESTARTS   AGE
elasticsearch-logging-0   1/1     Running   0          5m45s
kibana-769f5fd4cf-sffbj   1/1     Running   0          78s

        查看对应的 Service，得到 NodePort 值为 31732，此端口为随机端口，不同环境会不一致，请以实际结果为准。

[root@k8s-master efk]# kubectl -n logging get svc |grep kibana
kibana          NodePort    10.103.116.114   <none>        5601:30380/TCP   119s

        通过访问 192.168.2.118:30380 进入到 kibana 的访问界面，观察是否可以正常打开，其中 31732 端口需要替换成实际的端口号。若能正常访问，说明 Kibana 连接 es 已经正常。

 

4.4、部署Fluentd

给集群节点打标签

        为了自由控制需要采集集群中节点上业务容器的服务日志。因此，需要给 k8s-node1和 k8s-node2 节点打上 fluentd=true 的标签 label。

[root@k8s-master efk]# kubectl label node k8s-node1 fluentd=true
node/k8s-node1 labeled
[root@k8s-master efk]# kubectl label node k8s-node2 fluentd=true
node/k8s-node2 labeled

        k8s-node1 和 k8s-node2 已经打上了 fluentd=true 的 label，那么 Fluentd 服务就会启动到这两个节点，也就意味着运行在这两个节点的 Pod 日志会被收集起来。

启动 Fluentd 服务

在 k8s-master节点的/opt/efk 目录，启动 Fluentd 服务

[root@k8s-master efk]# kubectl create -f fluentd-es-config-main.yaml

configmap/fluentd-es-config-main created

[root@k8s-master efk]# kubectl create -f fluentd-configmap.yaml

configmap/fluentd-config created

[root@k8s-master efk]# kubectl create -f fluentd.yaml

serviceaccount/fluentd-es created
clusterrole.rbac.authorization.k8s.io/fluentd-es created
clusterrolebinding.rbac.authorization.k8s.io/fluentd-es created
daemonset.apps/fluentd-es-v2.5.2 created

 查看 Pod 是否已经在 k8s-node1 和 k8s-node2 节点启动成功。

[root@k8s-master efk]# kubectl -n logging get pods
NAME                      READY   STATUS    RESTARTS   AGE
elasticsearch-logging-0   1/1     Running   0          13m
fluentd-es-v2.5.2-pxqxt   1/1     Running   0          47s
fluentd-es-v2.5.2-zf49b   1/1     Running   0          47s
kibana-769f5fd4cf-sffbj   1/1     Running   0          8m34s

4.5、验证容器日志收集

创建测试容器

进入 k8s-master的/opt/efk 目录，执行如下命令。

[root@k8s-master efk]# kubectl create -f test-pod.yaml

pod/counter created

[root@k8s-master efk]# kubectl get pods

NAME      READY   STATUS    RESTARTS   AGE
counter   1/1     Running   0          5s

4.6、配置 Kibana

        索引创建完成后，可以发现已经生成了多个索引域，稍等片刻再次点击左上角的

discover 图标，进入日志检索页面。

         然后通过索引键去过滤，比如根据Kubernetes.host、Kubernetes.container_name、 kubernetes.container_image_id等去做过滤。

 

        通过其他元数据也可以过滤日志数据，比如单击任何日志条目以查看其他元数据，如容

器名称、Kubernetes 节点、命名空间等。

        到这里，在 Kubernetes 集群上已经成功部署了 EFK。