2024-07-12
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
Filebeat+ ELK constructio et interpretatio reference
Link:k8s doctrina - detailed processus ELK log collection secundum k8s
Hoc caput non iterare descriptionem
virtualis apparatus
| Ip | CPU nomen | cpu | Memoria | ferreus orbis |
|---|---|---|---|---|
| 192.168.10.11 | master01 | 2cpu core dual | 4G | 100G |
| 192.168.10.12 | operarius | 2cpu core dual | 4G | 100G |
| 192.168.10.13 | operarius02 | 2cpu core dual | 4G | 100G |
| 192.168.10.17 | ELK | Dual core 1cpu | 4G | 100G |
Version centos7.9
Explicuit k8s-1.27
ELK servo Filebeat explicavit+ ELK
Hoc tempus in applicatione Pod, Tomcat currendo filebeat.
Defalta nulla pagina paginae paginae in vase tomcat.
work01 exercitum operandi
mkdir /opt/tomcatwebroot
echo "tomcat is running" > /opt/tomcatwebroot/index.html
dominus exercitum operandi
vim tomcat-logs.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-demo
namespace: default
spec:
replicas: 2
selector:
matchLabels:
project: www
app: tomcat-demo
template:
metadata:
labels:
project: www
app: tomcat-demo
spec:
nodeName: worker01
containers:
- name: tomcat
image: tomcat:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 500Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
volumeMounts:
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
- name: tomcatwebroot
mountPath: /usr/local/tomcat/webapps/ROOT
- name: filebeat
image: docker.io/elastic/filebeat:7.17.2
imagePullPolicy: IfNotPresent
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
volumes:
- name: tomcat-logs
emptyDir: {}
- name: tomcatwebroot
hostPath:
path: /opt/tomcatwebroot
type: Directory
- name: filebeat-config
configMap:
name: filebeat-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: default
data:
filebeat.yml: |-
filebeat.inputs:
- type: log
paths:
- /usr/local/tomcat/logs/catalina.*
fields:
app: www
type: tomcat-catalina
fields_under_root: true
multiline:
pattern: '^['
negate: true
match: after
setup.ilm.enabled: false
setup.template.name: "tomcat-catalina"
setup.template.pattern: "tomcat-catalina-*"
output.logstash:
hosts: ['192.168.10.17:5056']
Hoc yaml definit Tomcat et Filebeat instruere et Filebeat imaginum fasciculos.
Instruere sectionem
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-demo
namespace: default
spec:
replicas: 2
selector:
matchLabels:
project: www
app: tomcat-demo
template:
metadata:
labels:
project: www
app: tomcat-demo
spec:
nodeName: worker01
containers:
- name: tomcat
image: tomcat:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 500Mi
limits:
cpu: 1
memory: 1Gi
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 20
volumeMounts:
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
- name: tomcatwebroot
mountPath: /usr/local/tomcat/webapps/ROOT
- name: filebeat
image: docker.io/elastic/filebeat:7.17.2
imagePullPolicy: IfNotPresent
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
volumes:
- name: tomcat-logs
emptyDir: {}
- name: tomcatwebroot
hostPath:
path: /opt/tomcatwebroot
type: Directory
- name: filebeat-config
configMap:
name: filebeat-config
metadata: nomen et nomina spatium instruere.
spec: Continet detailed specificationem instruere.
replicas: denotat numerum replicationum, hoc est, instantiarum duarum tomcatorum currentium.
electrix: electrix definit pro adaptandi Pod labels.
template: describit Pod template, additis metadata et spec.
nodeName: significat nodi nomen (worker01) ubi Pod currit.
continentia: Duo vasa definiuntur: Tomcat et Filebeat.
Tomcat continens:
image: Use tomcat: latest image.
portus : Exponere portum 8080 .
opes: definit resource petitiones et limites.
livenessProbe and readinessProbe : usus ad salutem compescit.
volumeMounts: Duo volumina conscendit.
Filebeat continens:
image: Use filebeat: 7.17.2 image.
args: parametri speciem startup.
opes: definit resource petitiones et limites.
securityContext: Curre ut radix user.
volumeMounts: Duo volumina conscendit.
voluminibus;
tomcat-logs: Utere codicibus emptyDir.
tomcatwebroot: Utere volumine hostPath.
filebeat-config: ConfigMap voluminibus utere.
Configurationis file (ConfigMap) section
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
explicare
metadata: Nomen ConfigMap definit.
data: continere debet configurationem contentum Filebeat (hic omissum).
elk exercitum configuratione
Scribere logstash configuratione files sine aliqua prior configuratione files "
vim /etc/logstash/conf.d/tomcat-logstash-to-elastic.conf
input {
beats {
host => "0.0.0.0"
port => "5056"
}
}
filter {
}
output {
elasticsearch {
hosts => "192.168.10.17:9200"
index => "tomcat-catalina-%{+yyyy.MM.dd}"
}
}
Curre
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/tomcat-logstash-to-elastic.conf --path.data /usr/share/logstash/data3 &
Quin usque ad portum est
ss -anput | grep ":5056"
dominus exercitum operandi
kubectl apply -f tomcat-logs.yaml
Exspecta paulisper quod debes imaginem download
Tum reprehendo legumen
Nota: VPN requiratur
kubectl get deployment.apps
kubectl get pods
View tomcat generatae omnia (-c: continens)
Visum filebeat ligna collection
kubectl logs tomcat-demo-664584f857-k8whd -c filebeat
Hostia pasco accessum
192.168.10.17:5601
Videre potes quod stipem vidisti
perago
Si te adiuvat, preme et sequere
technologiae technologiae plus quam 30 annos operam dedit et in variis linguis proficit ut java, linux, javascript, php, css, etc. Multas contributiones in aperto fonte campo fecit elit documentorum statione ad communicandas quaestiones in technologia progressus ad futuram referentiam.
