elastic官方提供了efk相关charts以供我们使用k8s部署efk。
此版本为7.16分支。如需开启SSL功能,可移步这里=>Helm部署ES及Kibana(默认开启SSL),且步骤精简了一些。
elastic charts:https://github.com/elastic/helm-charts.git
切换至7.16分支
git checkout 7.16
目录结构如下:
$ cd helm-charts && tree -L 1
.
├── apm-server
├── elasticsearch
├── filebeat
├── helpers
├── kibana
├── LICENSE
├── logstash
├── Makefile
├── metricbeat
├── README.md
└── requirements.txt
Elasticsearch
生成密码相关secret
在elasticsearch/examples/security
目录下可以执行make secrets
命令来创建elastic密码相关的secret。执行前可以通过定义环境变量ELASTIC_PASSWORD
来指定自己的密码。
$ cd helm-charts/elasticsearch/examples/security
$ export ELASTIC_PASSWORD=[your password]
$ make secret
value.yaml
es开启密码功能需要指定xpack.security.enabled
为 true
,同时也要开启 xpack.security.transport.ssl.enabled
为 true
。如果不开启此功能,在启动es时会报如下错误:
value.yaml修改如下:
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
antiAffinity: "soft"
因为我的k8s是单节点的,所以将antiAffinity
设置为soft
,不然三节点的es集群无法启动成功。
部署es
$ cd helm-charts/elasticsearch/
$ helm install elasticsearch -f value.yaml .
Kibana
部署kibana时需要指定es的用户名和密码。
value.yaml:
elasticsearchHosts: "http://elasticsearch-master-headless.default.svc.cluster.local:9200"
extraEnvs:
- name: "ELASTICSEARCH_USERNAME"
value: "elastic"
- name: "ELASTICSEARCH_PASSWORD"
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
service:
type: NodePort
port: 5601
nodePort: "30601"
部署kibana
$ cd helm-charts/kibana
$ helm install kibana -f value.yaml .
部署结果
POD运行情况:
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
elasticsearch-master-0 1/1 Running 0 1h
elasticsearch-master-1 1/1 Running 0 1h
elasticsearch-master-2 1/1 Running 0 1h
kibana-74c748ddc4-khtvt 1/1 Running 0 1h
kibana页面: