[Kubernetes](Logging)Install EFK for kubernetes logging with helm chart in Kubernetes

업데이트: May 11, 2021

Purpose

kubernetes logging

1. Install elasticsearch

helm repo add elastic https://helm.elastic.co
helm fetch elastic/elasticsearch

Create pv first for elasticsearch

apiVersion: v1
kind: PersistentVolume
metadata:
  name: efk-elasticsearch
spec:
  capacity:
    storage: 20Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  nfs:
    path: /k8s-nas
    server: 10.50.20.40
    #hostPath:
    #  path: /k8s-nas/efk
---

Edit value.yaml

mapping volumeName to pv name

volumeClaimTemplate:
  #storageClassName: join-nfs-storageclass
  accessModes: [ "ReadWriteOnce" ]
  resources:
    requests:
      storage: 20Gi
  volumeName: efk-elasticsearch

helm install elasticsearch . -n efk

Check elasticsearch

root@jv0535 [~/workspace/yaml/efk/elasticsearch]curl 10.111.12.152:9200
{
  "name" : "elasticsearch-master-0",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "WnHSjspTRz61gJ7dVwWsLw",
  "version" : {
    "number" : "7.12.0",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "78722783c38caa25a70982b5b042074cde5d3b3a",
    "build_date" : "2021-03-18T06:17:15.410153305Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

2. Install Fluentd

helm fetch stable/fluentd-elasticsearch
helm install fluentd -n efk . --dry-run

Edit value.yaml

elasticsearch:
  host: 'elasticsearch-master'

Specify mount path ( HostPath )

Edit templates/daemonset.yaml

volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
        - name: libsystemddir
          mountPath: /host/lib
          readOnly: true
        - name: config-volume
          mountPath: /etc/fluent/config.d

+) input tail usage

tail usage link: docs.fluentd.org

3. Install Kibana

helm fetch elastic/kibana

Edit value.yaml

ingress:
  enabled: true
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: kibana.ta.com
      paths:
        - path: /

helm install kibana . -n efk

4. Using EFK

Define index pattern

Stack Management → Index Patterns

logstash-*

Use Discover

Analytics → Discover

Use Logs

Twitter Facebook LinkedIn

Jongmin Han

Categories

[Kubernetes](Logging)Install EFK for kubernetes logging with helm chart in Kubernetes

Purpose

1. Install elasticsearch

Create pv first for elasticsearch

Edit value.yaml

Check elasticsearch

2. Install Fluentd

Edit value.yaml

Specify mount path ( HostPath )

+) input tail usage

3. Install Kibana

Edit value.yaml

4. Using EFK

Define index pattern

Use Discover

Use Logs

공유하기

댓글남기기

참고

[Kubernetes](Service)How to use Kubernetes Headless service

[Kubernetes](Service)How to use Kubernetes ExternalName

[Kubernetes](Service)How to use Kubernetes LoadBalancer

[Kubernetes](Service)How to use Kubernetes NodePort