# K8s 上一鍵安裝 EFK

# EFK

Elasticsearch,Fluentd,Kibana 的組合 Teck stack

Elasticsearch 用於儲存與搜尋
Fluentd 用於收集系統 Log
Kibana 提供資料視覺化

# 開始安裝

把下列內容儲存成 template.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch-kibana
  labels:
    app: elasticsearch-kibana
spec:
  type: ClusterIP
  selector:
    app: elasticsearch-kibana
  ports:
    - name: es-port
      protocol: TCP
      port: 9200
      targetPort: 9200
    - name: kibana-port
      protocol: TCP
      port: 5601
      targetPort: 5601
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: elasticsearch-kibana
  labels:
    app: elasticsearch-kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: elasticsearch-kibana
  template:
    metadata:
      labels:
        app: elasticsearch-kibana
    spec:
      containers:
        - name: elasticsearch-kibana
          image: nshou/elasticsearch-kibana:kibana7
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
          ports:
            - name: es-port
              protocol: TCP
              containerPort: 9200
            - name: kibana-port
              protocol: TCP
              containerPort: 5601
          env:
            - name: "SSL_MODE"
              value: "false"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: fluent-bit
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fluent-bit-read
rules:
  - apiGroups:
      - ""
    resources:
      - "nodes"
      - "events"
      - "namespaces"
      - "pods"
    verbs:
      - "get"
      - "list"
      - "watch"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fluent-bit-read
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fluent-bit-read
subjects:
  - kind: ServiceAccount
    name: fluent-bit
    namespace: aio
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: fluent-bit-cm
data:
  # https://github.com/microsoft/fluentbit-containerd-cri-o-json-log?tab=readme-ov-file#fluent-bit-with-containerd-cri-o-and-json
  fluent-bit.conf: |-
    [SERVICE]
        Flush         1
        Log_Level     info
        Parsers_File  parsers.conf

    @INCLUDE input-cpu.conf
    @INCLUDE input-mem.conf
    @INCLUDE input-k8s.conf
    @INCLUDE input-disk.conf
    @INCLUDE input-network.conf
    @INCLUDE filter-k8s.conf
    @INCLUDE output-elasticsearch.conf
  parsers.conf: |-
    [PARSER]
        Name        cri
        Format      regex
        Regex       ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<log>.*)$
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L%z
  input-cpu.conf: |
    [INPUT]
        Name cpu
        Tag  cpu
  input-mem.conf: |
    [INPUT]
        Name mem
        Tag  memory
  input-disk.conf: |
    [INPUT]
        Name disk
        Tag  disk
        Interval_Sec  1
        Interval_NSec 0
  input-network.conf: |
    [INPUT]
        Name netif
        Tag netif
        Interval_Sec  1
        Interval_NSec 0
        Interface     eth0
  input-k8s.conf: |
    [INPUT]
        Name              tail
        Tag               kube.*
        Path              /var/log/containers/*_default_*.log
        Parser            cri
        DB                /var/log/fluentbit.db
        Mem_Buf_Limit     5MB
        Skip_Long_Lines   on
        Refresh_Interval  10
  filter-k8s.conf: |
    [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        Merge_Log           on
        Merge_Log_Key       log_processed
        K8S-Logging.Parser  off
        K8S-Logging.Exclude off
  output-elasticsearch.conf: |
    [OUTPUT]
        Name                es
        Match               *
        Host                elasticsearch-kibana
        Port                9200
        Type                _doc
        Logstash_Format     on
        Logstash_Prefix     project
        Logstash_DateFormat %Y.%m.%d
        Time_Key_Format     %Y-%m-%dT%H:%M:%S
        Buffer_Size         16k
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluent-bit
  labels:
    app: fluent-bit
spec:
  selector:
    matchLabels:
      app: fluent-bit
  template:
    metadata:
      labels:
        app: fluent-bit
    spec:
      volumes:
        - name: log
          hostPath:
            path: /var/log
            type: Directory
        - name: config
          configMap:
            name: fluent-bit-cm
      containers:
        - name: fluent-bit
          image: fluent/fluent-bit:1.7.0
          imagePullPolicy: IfNotPresent
          ports:
            - name: http-port
              protocol: TCP
              containerPort: 2020
          volumeMounts:
            - name: log
              mountPath: /var/log
            - name: config
              mountPath: /fluent-bit/etc
      terminationGracePeriodSeconds: 10
      serviceAccountName: fluent-bit
      tolerations:
        - key: node-role.kubernetes.io/master
          operator: "Exists"
          effect: "NoSchedule"
        - operator: "Exists"
          effect: "NoExecute"
        - operator: "Exists"
          effect: "NoSchedule"

1	kubectl apply -f template.yaml #套用至 K8s

k8s