一、架构

为了增加es的扩展性,按角色功能分为master节点、data数据节点、client客户端节点。其整体架构如下:
image.png
其中:

  • Elasticsearch数据节点Pods被部署为一个有状态集(StatefulSet)
  • Elasticsearch master节点Pods被部署为一个Deployment
  • Elasticsearch客户端节点Pods是以Deployment的形式部署的,其内部服务将允许访问R/W请求的数据节点
  • Kibana和APMServer部署为Deployment,其服务可在Kubernetes集群外部访问

1.1、版本说明

软件 版本
Kibana 7.8.0
Elasticsearch 7.8.0
Filebeat 7.8.0
Kubernetes 1.17.2
APM-Server 7.8.0

二、部署ES

先创建estatic的命名空间(es-ns.yaml):

  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4.   name: elastic

执行kubectl apply -f es-ns.yaml

2.1、生成证书

启动es的xpack功能,传输需要加密传输。

脚本如下(es-create-ca.sh):

  1. #!/bin/bash
  2. # 指定 elasticsearch 版本
  3. RELEASE=7.8.0
  4. # 运行容器生成证书
  5. docker run --name elastic-charts-certs -i -w /app \
  6.   elasticsearch:${RELEASE} \
  7.   /bin/sh -c " \
  8.     elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \
  9.     elasticsearch-certutil cert --name security-master --dns security-master --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12" && \
  10. # 从容器中将生成的证书拷贝出来
  11. docker cp elastic-charts-certs:/app/elastic-certificates.p12 ./ && \
  12.   # 证书生成成功该容器删除
  13.   docker rm -f elastic-charts-certs && \
  14.   openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem

生成证书:

  1. chmod +x es-create-ca.sh && ./es-create-ca.sh

然后会在本地生成两个文件,如下:

  1. # ll
  2. -rw-r--r-- 1 root root 4650 Oct 14 16:54 elastic-certificate.pem
  3. -rw------- 1 root root 3513 Oct 14 16:54 elastic-certificates.p12

将证书以secret得方式保存在集群中,如下:

  1. kubectl create secret -n elastic generic elastic-certificates --from-file=elastic-certificates.p12
  2. kubectl create secret -n elastic generic elastic-certificate-pem --from-file=elastic-certificate.pem

2.1、部署es master节点

配置清单如下(es-master.yaml):

  1. ---
  2. apiVersion: v1
  3. kind: ConfigMap
  4. metadata:
  5.   namespace: elastic
  6.   name: elasticsearch-master-config
  7.   labels:
  8.     app: elasticsearch
  9.     role: master
  10. data:
  11.   elasticsearch.yml: |-
  12.     cluster.name: ${CLUSTER_NAME}
  13.     node.name: ${NODE_NAME}
  14.     discovery.seed_hosts: ${NODE_LIST}
  15.     cluster.initial_master_nodes: ${MASTER_NODES}
  17.     network.host: 0.0.0.0
  19.     node:
  20.       master: true
  21.       data: false
  22.       ingest: false
  24.     xpack.security.enabled: true
  25.     xpack.monitoring.collection.enabled: true
  26.     xpack.security.transport.ssl.enabled: true
  27.     xpack.security.transport.ssl.verification_mode: certificate
  28.     xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  29.     xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  30.     xpack.ml.enabled: true
  31.     xpack.license.self_generated.type: basic
  32.     xpack.monitoring.exporters.my_local:
  33.       type: local
  34.       use_ingest: false
  35. ---
  36. apiVersion: v1
  37. kind: Service
  38. metadata:
  39.   namespace: elastic
  40.   name: elasticsearch-master
  41.   labels:
  42.     app: elasticsearch
  43.     role: master
  44. spec:
  45.   ports:
  46.   - port: 9300
  47.     name: transport
  48.   selector:
  49.     app: elasticsearch
  50.     role: master
  51. ---
  52. apiVersion: apps/v1
  53. kind: Deployment
  54. metadata:
  55.   namespace: elastic
  56.   name: elasticsearch-master
  57.   labels:
  58.     app: elasticsearch
  59.     role: master
  60. spec:
  61.   replicas: 1
  62.   selector:
  63.     matchLabels:
  64.       app: elasticsearch
  65.       role: master
  66.   template:
  67.     metadata:
  68.       labels:
  69.         app: elasticsearch
  70.         role: master
  71.     spec:
  72.       initContainers:
  73.       - name: init-sysctl
  74.         image: busybox:1.27.2
  75.         command:
  76.         - sysctl
  77.         - -w
  78.         - vm.max_map_count=262144
  79.         securityContext:
  80.           privileged: true
  81.       containers:
  82.       - name: elasticsearch-master
  83.         image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
  84.         env:
  85.         - name: CLUSTER_NAME
  86.           value: elasticsearch
  87.         - name: NODE_NAME
  88.           value: elasticsearch-master
  89.         - name: NODE_LIST
  90.           value: elasticsearch-master,elasticsearch-data,elasticsearch-client
  91.         - name: MASTER_NODES
  92.           value: elasticsearch-master
  93.         - name: "ES_JAVA_OPTS"
  94.           value: "-Xms512m -Xmx512m"
  95.         ports:
  96.         - containerPort: 9300
  97.           name: transport
  98.         volumeMounts:
  99.         - name: config
  100.           mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
  101.           readOnly: true
  102.           subPath: elasticsearch.yml
  103.         - name: storage
  104.           mountPath: /usr/share/elasticsearch/data
  105.         - name: localtime
  106.           mountPath: /etc/localtime
  107.         - name: keystore
  108.           mountPath: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  109.           readOnly: true
  110.           subPath: elastic-certificates.p12
  111.       volumes:
  112.       - name: config
  113.         configMap:
  114.           name: elasticsearch-master-config
  115.       - name: "storage"
  116.         emptyDir:
  117.           medium: ""
  118.       - name: localtime
  119.         hostPath:
  120.           path: /etc/localtime
  121.       - name: keystore
  122.         secret:
  123.           secretName: elastic-certificates
  124.           defaultMode: 044

然后执行kubectl apply -f ``es-master.yaml创建配置清单,然后pod变为running状态即为部署成功。

  1. # kubectl get pod -n elastic
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. elasticsearch-master-77d5d6c9db-xt5kq   1/1     Running   0          67s

2.2、部署es data节点

配置清单如下(es-data.yaml):

  1. ---
  2. apiVersion: v1
  3. kind: ConfigMap
  4. metadata:
  5.   namespace: elastic
  6.   name: elasticsearch-data-config
  7.   labels:
  8.     app: elasticsearch
  9.     role: data
  10. data:
  11.   elasticsearch.yml: |-
  12.     cluster.name: ${CLUSTER_NAME}
  13.     node.name: ${NODE_NAME}
  14.     discovery.seed_hosts: ${NODE_LIST}
  15.     cluster.initial_master_nodes: ${MASTER_NODES}
  17.     network.host: 0.0.0.0
  19.     node:
  20.       master: false
  21.       data: true
  22.       ingest: false
  24.     xpack.security.enabled: true
  25.     xpack.monitoring.collection.enabled: true
  26.     xpack.security.transport.ssl.enabled: true
  27.     xpack.security.transport.ssl.verification_mode: certificate
  28.     xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  29.     xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  30.     xpack.ml.enabled: true
  31.     xpack.license.self_generated.type: basic
  32.     xpack.monitoring.exporters.my_local:
  33.       type: local
  34.       use_ingest: false
  35. ---
  36. apiVersion: v1
  37. kind: Service
  38. metadata:
  39.   namespace: elastic
  40.   name: elasticsearch-data
  41.   labels:
  42.     app: elasticsearch
  43.     role: data
  44. spec:
  45.   ports:
  46.   - port: 9300
  47.     name: transport
  48.   selector:
  49.     app: elasticsearch
  50.     role: data
  51. ---
  52. apiVersion: apps/v1
  53. kind: StatefulSet
  54. metadata:
  55.   namespace: elastic
  56.   name: elasticsearch-data
  57.   labels:
  58.     app: elasticsearch
  59.     role: data
  60. spec:
  61.   serviceName: "elasticsearch-data"
  62.   selector:
  63.     matchLabels:
  64.       app: elasticsearch
  65.       role: data
  66.   template:
  67.     metadata:
  68.       labels:
  69.         app: elasticsearch
  70.         role: data
  71.     spec:
  72.       initContainers:
  73.       - name: init-sysctl
  74.         image: busybox:1.27.2
  75.         command:
  76.         - sysctl
  77.         - -w
  78.         - vm.max_map_count=262144
  79.         securityContext:
  80.           privileged: true
  81.       containers:
  82.       - name: elasticsearch-data
  83.         image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
  84.         env:
  85.         - name: CLUSTER_NAME
  86.           value: elasticsearch
  87.         - name: NODE_NAME
  88.           value: elasticsearch-data
  89.         - name: NODE_LIST
  90.           value: elasticsearch-master,elasticsearch-data,elasticsearch-client
  91.         - name: MASTER_NODES
  92.           value: elasticsearch-master
  93.         - name: "ES_JAVA_OPTS"
  94.           value: "-Xms1024m -Xmx1024m"
  95.         ports:
  96.         - containerPort: 9300
  97.           name: transport
  98.         volumeMounts:
  99.         - name: config
  100.           mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
  101.           readOnly: true
  102.           subPath: elasticsearch.yml
  103.         - name: elasticsearch-data-persistent-storage
  104.           mountPath: /usr/share/elasticsearch/data
  105.         - name: keystore
  106.           mountPath: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  107.           readOnly: true
  108.           subPath: elastic-certificates.p12
  109.       volumes:
  110.       - name: config
  111.         configMap:
  112.           name: elasticsearch-data-config
  113.       - name: keystore
  114.         secret:
  115.           secretName: elastic-certificates
  116.           defaultMode: 044
  117.   volumeClaimTemplates:
  118.   - metadata:
  119.       name: elasticsearch-data-persistent-storage
  120.     spec:
  121.       accessModes: [ "ReadWriteOnce" ]
  122.       storageClassName: managed-nfs-storage
  123.       resources:
  124.         requests:
  125.           storage: 20Gi
  126. ---

执行kubectl apply -f es-data.yaml创建配置清单,其状态变为running即为部署成功。

  1. # kubectl get pod -n elastic
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. elasticsearch-data-0                    1/1     Running   0          4s
  4. elasticsearch-master-77d5d6c9db-gklgd   1/1     Running   0          2m35s
  5. elasticsearch-master-77d5d6c9db-gvhcb   1/1     Running   0          2m35s
  6. elasticsearch-master-77d5d6c9db-pflz6   1/1     Running   0          2m35s

2.3、部署es client节点

配置清单如下(es-client.yaml):

  1. ---
  2. apiVersion: v1
  3. kind: ConfigMap
  4. metadata:
  5.   namespace: elastic
  6.   name: elasticsearch-client-config
  7.   labels:
  8.     app: elasticsearch
  9.     role: client
  10. data:
  11.   elasticsearch.yml: |-
  12.     cluster.name: ${CLUSTER_NAME}
  13.     node.name: ${NODE_NAME}
  14.     discovery.seed_hosts: ${NODE_LIST}
  15.     cluster.initial_master_nodes: ${MASTER_NODES}
  17.     network.host: 0.0.0.0
  19.     node:
  20.       master: false
  21.       data: false
  22.       ingest: true
  24.     xpack.security.enabled: true
  25.     xpack.monitoring.collection.enabled: true
  26.     xpack.security.transport.ssl.enabled: true
  27.     xpack.security.transport.ssl.verification_mode: certificate
  28.     xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  29.     xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  30.     xpack.ml.enabled: true
  31.     xpack.license.self_generated.type: basic
  32.     xpack.monitoring.exporters.my_local:
  33.       type: local
  34.       use_ingest: false
  35. ---
  36. apiVersion: v1
  37. kind: Service
  38. metadata:
  39.   namespace: elastic
  40.   name: elasticsearch-client
  41.   labels:
  42.     app: elasticsearch
  43.     role: client
  44. spec:
  45.   ports:
  46.   - port: 9200
  47.     name: client
  48.   - port: 9300
  49.     name: transport
  50.   selector:
  51.     app: elasticsearch
  52.     role: client
  53. ---
  54. apiVersion: apps/v1
  55. kind: Deployment
  56. metadata:
  57.   namespace: elastic
  58.   name: elasticsearch-client
  59.   labels:
  60.     app: elasticsearch
  61.     role: client
  62. spec:
  63.   selector:
  64.     matchLabels:
  65.       app: elasticsearch
  66.       role: client
  67.   template:
  68.     metadata:
  69.       labels:
  70.         app: elasticsearch
  71.         role: client
  72.     spec:
  73.       initContainers:
  74.       - name: init-sysctl
  75.         image: busybox:1.27.2
  76.         command:
  77.         - sysctl
  78.         - -w
  79.         - vm.max_map_count=262144
  80.         securityContext:
  81.           privileged: true
  82.       containers:
  83.       - name: elasticsearch-client
  84.         image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
  85.         env:
  86.         - name: CLUSTER_NAME
  87.           value: elasticsearch
  88.         - name: NODE_NAME
  89.           value: elasticsearch-client
  90.         - name: NODE_LIST
  91.           value: elasticsearch-master,elasticsearch-data,elasticsearch-client
  92.         - name: MASTER_NODES
  93.           value: elasticsearch-master
  94.         - name: "ES_JAVA_OPTS"
  95.           value: "-Xms256m -Xmx256m"
  96.         ports:
  97.         - containerPort: 9200
  98.           name: client
  99.         - containerPort: 9300
  100.           name: transport
  101.         volumeMounts:
  102.         - name: config
  103.           mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
  104.           readOnly: true
  105.           subPath: elasticsearch.yml
  106.         - name: storage
  107.           mountPath: /usr/share/elasticsearch/data
  108.         - name: keystore
  109.           mountPath: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
  110.           readOnly: true
  111.           subPath: elastic-certificates.p12
  112.       volumes:
  113.       - name: config
  114.         configMap:
  115.           name: elasticsearch-client-config
  116.       - name: "storage"
  117.         emptyDir:
  118.           medium: ""
  119.       - name: keystore
  120.         secret:
  121.           secretName: elastic-certificates
  122.           defaultMode: 044

执行kubectl apply -f es-client.yaml创建配置清单,其状态变为running即为部署成功。

  1. # kubectl get pod -n elastic
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. elasticsearch-client-f79cf4f7b-pbz9d    1/1     Running   0          5s
  4. elasticsearch-data-0                    1/1     Running   0          3m11s
  5. elasticsearch-master-77d5d6c9db-gklgd   1/1     Running   0          5m42s
  6. elasticsearch-master-77d5d6c9db-gvhcb   1/1     Running   0          5m42s
  7. elasticsearch-master-77d5d6c9db-pflz6   1/1     Running   0          5m42s

2.4、生成密码

我们启用了 xpack 安全模块来保护我们的集群,所以我们需要一个初始化的密码。我们可以执行如下所示的命令,在客户端节点容器内运行 bin/elasticsearch-setup-passwords 命令来生成默认的用户名和密码:

  1. # kubectl exec $(kubectl get pods -n elastic | grep elasticsearch-client | sed -n 1p | awk '{print $1}') \
  2.      -n elastic \
  3.      -- bin/elasticsearch-setup-passwords auto -b
  4. Changed password for user apm_system
  5. PASSWORD apm_system = hvlXFW1lIn04Us99Mgew
  7. Changed password for user kibana_system
  8. PASSWORD kibana_system = 7Zwfbd250QfV6VcqfY9z
  10. Changed password for user kibana
  11. PASSWORD kibana = 7Zwfbd250QfV6VcqfY9z
  13. Changed password for user logstash_system
  14. PASSWORD logstash_system = tuUsRXDYMOtBEbpTIJgX
  16. Changed password for user beats_system
  17. PASSWORD beats_system = 36HrrpwqOdd7VFAzh8EW
  19. Changed password for user remote_monitoring_user
  20. PASSWORD remote_monitoring_user = bD1vsqJJZoLxGgVciXYR
  22. Changed password for user elastic
  23. PASSWORD elastic = BA72sAEEY1Bphgruxlcw

注意需要将 elastic 用户名和密码也添加到 Kubernetes 的 Secret 对象中:

  1.   # kubectl create secret generic elasticsearch-pw-elastic \
  2.      -n elastic \
  3.      --from-literal password=BA72sAEEY1Bphgruxlcw
  4. secret/elasticsearch-pw-elastic created

2.5、验证集群状态

部署完成后我们需要验证以下集群状态是否正常。使用如下命令:

  1. # kubectl exec -it -n elastic elasticsearch-client-f79cf4f7b-pbz9d -- curl -u elastic:BA72sAEEY1Bphgruxlcw http://elasticsearch-client.elastic:9200/_cluster/health?pretty
  2. {
  3.   "cluster_name" : "elasticsearch",
  4.   "status" : "green",
  5.   "timed_out" : false,
  6.   "number_of_nodes" : 3,
  7.   "number_of_data_nodes" : 1,
  8.   "active_primary_shards" : 2,
  9.   "active_shards" : 2,
  10.   "relocating_shards" : 0,
  11.   "initializing_shards" : 0,
  12.   "unassigned_shards" : 0,
  13.   "delayed_unassigned_shards" : 0,
  14.   "number_of_pending_tasks" : 0,
  15.   "number_of_in_flight_fetch" : 0,
  16.   "task_max_waiting_in_queue_millis" : 0,
  17.   "active_shards_percent_as_number" : 100.0
  18. }

我们可以看到集群状态是green,表示正常。

三、部署Kibana

Kibana是一个简单的可视化ES数据的工具,其yaml清单如下:

  1. ---
  2. apiVersion: v1
  3. kind: ConfigMap
  4. metadata:
  5.   namespace: elastic
  6.   name: kibana-config
  7.   labels:
  8.     app: kibana
  9. data:
  10.   kibana.yml: |-
  11.     server.host: 0.0.0.0
  13.     elasticsearch:
  14.       hosts: ${ELASTICSEARCH_HOSTS}
  15.       username: ${ELASTICSEARCH_USER}
  16.       password: ${ELASTICSEARCH_PASSWORD}
  17. ---
  18. apiVersion: v1
  19. kind: Service
  20. metadata:
  21.   namespace: elastic
  22.   name: kibana
  23.   labels:
  24.     app: kibana
  25. spec:
  26.   ports:
  27.   - port: 5601
  28.     name: webinterface
  29.   selector:
  30.     app: kibana
  31. ---
  32. apiVersion: networking.k8s.io/v1beta1
  33. kind: Ingress
  34. metadata:
  35.   annotations:
  36.     prometheus.io/http-probe: 'true'
  37.     prometheus.io/scrape: 'true'
  38.   name: kibana
  39.   namespace: elastic
  40. spec:
  41.   rules:
  42.     - host: kibana.coolops.cn
  43.       http:
  44.         paths:
  45.           - backend:
  46.               serviceName: kibana
  47.               servicePort: 5601 
  48.             path: /
  49. ---
  50. apiVersion: apps/v1
  51. kind: Deployment
  52. metadata:
  53.   namespace: elastic
  54.   name: kibana
  55.   labels:
  56.     app: kibana
  57. spec:
  58.   selector:
  59.     matchLabels:
  60.       app: kibana
  61.   template:
  62.     metadata:
  63.       labels:
  64.         app: kibana
  65.     spec:
  66.       containers:
  67.       - name: kibana
  68.         image: docker.elastic.co/kibana/kibana:7.8.0
  69.         ports:
  70.         - containerPort: 5601
  71.           name: webinterface
  72.         env:
  73.         - name: ELASTICSEARCH_HOSTS
  74.           value: "http://elasticsearch-client.elastic.svc.cluster.local:9200"
  75.         - name: ELASTICSEARCH_USER
  76.           value: "elastic"
  77.         - name: ELASTICSEARCH_PASSWORD
  78.           valueFrom:
  79.             secretKeyRef:
  80.               name: elasticsearch-pw-elastic
  81.               key: password
  82.         volumeMounts:
  83.         - name: config
  84.           mountPath: /usr/share/kibana/config/kibana.yml
  85.           readOnly: true
  86.           subPath: kibana.yml
  87.       volumes:
  88.       - name: config
  89.         configMap:
  90.           name: kibana-config
  91. ---

然后执行kubectl apply -f kibana.yaml创建kibana,查看pod的状态是否为running。

  1. # kubectl get pod -n elastic 
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. elasticsearch-client-f79cf4f7b-pbz9d    1/1     Running   0          30m
  4. elasticsearch-data-0                    1/1     Running   0          33m
  5. elasticsearch-master-77d5d6c9db-gklgd   1/1     Running   0          36m
  6. elasticsearch-master-77d5d6c9db-gvhcb   1/1     Running   0          36m
  7. elasticsearch-master-77d5d6c9db-pflz6   1/1     Running   0          36m
  8. kibana-6b9947fccb-4vp29                 1/1     Running   0          3m51s

如下图所示,使用上面我们创建的 Secret 对象的 elastic 用户和生成的密码即可登录:
image.png
登录成功后即可进入以下界面。
image.png

四、部署Elastic APM

Elastic APM 是 Elastic Stack 上用于应用性能监控的工具,它允许我们通过收集传入请求、数据库查询、缓存调用等方式来实时监控应用性能。这可以让我们更加轻松快速定位性能问题。
Elastic APM 是兼容 OpenTracing 的,所以我们可以使用大量现有的库来跟踪应用程序性能。比如我们可以在一个分布式环境(微服务架构)中跟踪一个请求,并轻松找到可能潜在的性能瓶颈。
11.7、elastic stack搭建 - 图4
Elastic APM 通过一个名为 APM-Server 的组件提供服务,用于收集并向 ElasticSearch 以及和应用一起运行的 agent 程序发送追踪数据。

4.1、安装APM Server

配置清单如下(apm-server.yaml):

  1. ---
  2. apiVersion: v1
  3. kind: ConfigMap
  4. metadata:
  5.   namespace: elastic
  6.   name: apm-server-config
  7.   labels:
  8.     app: apm-server
  9. data:
  10.   apm-server.yml: |-
  11.     apm-server:
  12.       host: "0.0.0.0:8200"
  14.     output.elasticsearch:
  15.       hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
  16.       username: ${ELASTICSEARCH_USERNAME}
  17.       password: ${ELASTICSEARCH_PASSWORD}
  19.     setup.kibana:
  20.       host: '${KIBANA_HOST:kibana}:${KIBANA_PORT:5601}'
  21. ---
  22. apiVersion: v1
  23. kind: Service
  24. metadata:
  25.   namespace: elastic
  26.   name: apm-server
  27.   labels:
  28.     app: apm-server
  29. spec:
  30.   ports:
  31.   - port: 8200
  32.     name: apm-server
  33.   selector:
  34.     app: apm-server
  35. ---
  36. apiVersion: apps/v1
  37. kind: Deployment
  38. metadata:
  39.   namespace: elastic
  40.   name: apm-server
  41.   labels:
  42.     app: apm-server
  43. spec:
  44.   replicas: 1
  45.   selector:
  46.     matchLabels:
  47.       app: apm-server
  48.   template:
  49.     metadata:
  50.       labels:
  51.         app: apm-server
  52.     spec:
  53.       containers:
  54.       - name: apm-server
  55.         image: docker.elastic.co/apm/apm-server:7.8.0
  56.         env:
  57.         - name: ELASTICSEARCH_HOST
  58.           value: elasticsearch-client.elastic.svc.cluster.local
  59.         - name: ELASTICSEARCH_PORT
  60.           value: "9200"
  61.         - name: ELASTICSEARCH_USERNAME
  62.           value: elastic
  63.         - name: ELASTICSEARCH_PASSWORD
  64.           valueFrom:
  65.             secretKeyRef:
  66.               name: elasticsearch-pw-elastic
  67.               key: password
  68.         - name: KIBANA_HOST
  69.           value: kibana.elastic.svc.cluster.local
  70.         - name: KIBANA_PORT
  71.           value: "5601"
  72.         ports:
  73.         - containerPort: 8200
  74.           name: apm-server
  75.         volumeMounts:
  76.         - name: config
  77.           mountPath: /usr/share/apm-server/apm-server.yml
  78.           readOnly: true
  79.           subPath: apm-server.yml
  80.       volumes:
  81.       - name: config
  82.         configMap:
  83.           name: apm-server-config

然后执行kubectl apply -f apm-server.yaml,查看其pod状态,当其成为running则代表启动成功。

  1. # kubectl get pod -n elastic
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. apm-server-667bfc5cff-7vqsd             1/1     Running   0          91s
  4. elasticsearch-client-f79cf4f7b-pbz9d    1/1     Running   0          177m
  5. elasticsearch-data-0                    1/1     Running   0          3h
  6. elasticsearch-master-77d5d6c9db-gklgd   1/1     Running   0          3h3m
  7. elasticsearch-master-77d5d6c9db-gvhcb   1/1     Running   0          3h3m
  8. elasticsearch-master-77d5d6c9db-pflz6   1/1     Running   0          3h3m
  9. kibana-6b9947fccb-4vp29                 1/1     Running   0          150m

4.2、部署APM Agent

这里以Java agent为例。

接下来我们在示例应用程序 spring-boot-simple 上配置一个 Elastic APM Java agent。
首先我们需要把 elastic-apm-agent-1.8.0.jar 这个 jar 包程序内置到应用容器中去,在构建镜像的 Dockerfile 文件中添加一行如下所示的命令直接下载该 JAR 包即可:

  1. RUN wget -O /apm-agent.jar https://search.maven.org/remotecontent?filepath=co/elastic/apm/elastic-apm-agent/1.8.0/elastic-apm-agent-1.8.0.jar

完整的 Dockerfile 文件如下所示:

  1. FROM openjdk:8-jdk-alpine
  2. ENV ELASTIC_APM_VERSION "1.8.0"RUN wget -O /apm-agent.jar https://search.maven.org/remotecontent?filepath=co/elastic/apm/elastic-apm-agent/$ELASTIC_APM_VERSION/elastic-apm-agent-$ELASTIC_APM_VERSION.jar
  3. COPY target/spring-boot-simple.jar /app.jar
  4. CMD java -jar /app.jar

然后需要在示例应用中添加上如下依赖关系,这样我们就可以集成 open-tracing 的依赖库或者使用 Elastic APM API 手动检测。

  1. <dependency>
  2.     <groupId>co.elastic.apm</groupId>
  3.     <artifactId>apm-agent-api</artifactId>
  4.     <version>${elastic-apm.version}</version>
  5. </dependency>
  6. <dependency>
  7.     <groupId>co.elastic.apm</groupId>
  8.     <artifactId>apm-opentracing</artifactId>
  9.     <version>${elastic-apm.version}</version>
  10. </dependency>
  11. <dependency>
  12.     <groupId>io.opentracing.contrib</groupId>
  13.     <artifactId>opentracing-spring-cloud-mongo-starter</artifactId>
  14.     <version>${opentracing-spring-cloud.version}</version>
  15. </dependency>

然后部署一个示例代码,用于验证。
(1)、先部署mongo,yaml清单如下:

  1. ---
  2. apiVersion: v1
  3. kind: Service
  4. metadata:
  5.   name: mongo
  6.   namespace: elastic
  7.   labels:
  8.     app: mongo
  9. spec:
  10.   ports:
  11.   - port: 27017
  12.     protocol: TCP
  13.   selector:
  14.     app: mongo
  15. ---
  16. apiVersion: apps/v1
  17. kind: StatefulSet
  18. metadata:
  19.   namespace: elastic
  20.   name: mongo
  21.   labels:
  22.     app: mongo
  23. spec:
  24.   serviceName: "mongo"
  25.   selector:
  26.     matchLabels:
  27.       app: mongo
  28.   template:
  29.     metadata:
  30.       labels:
  31.         app: mongo
  32.     spec:
  33.       containers:
  34.       - name: mongo
  35.         image: mongo
  36.         ports:
  37.         - containerPort: 27017

(2)、部署java应用,yaml清单如下:

  1. ---
  2. apiVersion: v1
  3. kind: Service
  4. metadata:
  5.   namespace: elastic
  6.   name: spring-boot-simple
  7.   labels:
  8.     app: spring-boot-simple
  9. spec:
  10.   type: NodePort
  11.   ports:
  12.   - port: 8080
  13.     protocol: TCP
  14.   selector:
  15.     app: spring-boot-simple
  16. ---
  17. apiVersion: apps/v1
  18. kind: Deployment
  19. metadata:
  20.   namespace: elastic
  21.   name: spring-boot-simple
  22.   labels:
  23.     app: spring-boot-simple
  24. spec:
  25.   selector:
  26.     matchLabels:
  27.       app: spring-boot-simple
  28.   template:
  29.     metadata:
  30.       labels:
  31.         app: spring-boot-simple
  32.     spec:
  33.       containers:
  34.       - image: gjeanmart/spring-boot-simple:0.0.1-SNAPSHOT
  35.         imagePullPolicy: Always
  36.         name: spring-boot-simple
  37.         command:
  38.           - "java"
  39.           - "-javaagent:/apm-agent.jar"
  40.           - "-Delastic.apm.active=$(ELASTIC_APM_ACTIVE)"
  41.           - "-Delastic.apm.server_urls=$(ELASTIC_APM_SERVER)"
  42.           - "-Delastic.apm.service_name=spring-boot-simple"
  43.           - "-jar"
  44.           - "app.jar"
  45.         env:
  46.           - name: SPRING_DATA_MONGODB_HOST
  47.             value: mongo
  48.           - name: ELASTIC_APM_ACTIVE
  49.             value: "true"
  50.           - name: ELASTIC_APM_SERVER
  51.             value: http://apm-server.elastic.svc.cluster.local:8200
  52.         ports:
  53.         - containerPort: 8080
  54. ---

部署后观察pod的状态是否变为running。

  1. # kubectl get pod -n elastic 
  2. NAME                                    READY   STATUS    RESTARTS   AGE
  3. apm-server-667bfc5cff-7vqsd             1/1     Running   0          34m
  4. elasticsearch-client-f79cf4f7b-pbz9d    1/1     Running   0          3h30m
  5. elasticsearch-data-0                    1/1     Running   0          3h33m
  6. elasticsearch-master-77d5d6c9db-gklgd   1/1     Running   0          3h36m
  7. elasticsearch-master-77d5d6c9db-gvhcb   1/1     Running   0          3h36m
  8. elasticsearch-master-77d5d6c9db-pflz6   1/1     Running   0          3h36m
  9. kibana-6b9947fccb-4vp29                 1/1     Running   0          3h3m
  10. mongo-0                                 1/1     Running   0          11m
  11. spring-boot-simple-fb5564885-rvh6q      1/1     Running   0          80s

测试应用。

  1. # curl -X GET 172.17.100.50:30809
  2. Greetings from Spring Boot!
  3. # 获取所有发布的 messages 数据:
  4. # curl -X GET 172.17.100.50:30809/message
  5. # 使用 sleep=<ms> 来模拟慢请求:
  6. # curl -X GET 172.17.100.50:30809/message?sleep=3000
  7. # 使用 error=true 来触发一异常:
  8. # curl -X GET 172.17.100.50:30809/message?error=true

然后我们可以在kibane的APM页面看到应用以及其数据了。
image.png
点击应用可以查看其性能追踪。
image.png
点击错误,可以查看错误数据。
image.png
而且还可以查到详细的错误信息。
image.png
还可以查看JVM的数据监控。
image.png
可以查看一些详细的数据。
image.png

五、采集日志

使用filebeat采集日志。配置清单如下:

  1. ---
  2. apiVersion: v1
  3. kind: ConfigMap
  4. metadata:
  5.   namespace: elastic
  6.   name: filebeat-indice-lifecycle
  7.   labels:
  8.     app: filebeat
  9. data:
  10.   indice-lifecycle.json: |-
  11.     {
  12.       "policy": {
  13.         "phases": {
  14.           "hot": {
  15.             "actions": {
  16.               "rollover": {
  17.                 "max_size": "5GB" ,
  18.                 "max_age": "1d"
  19.               }
  20.             }
  21.           },
  22.           "delete": {
  23.             "min_age": "3d",
  24.             "actions": {
  25.               "delete": {}
  26.             }
  27.           }
  28.         }
  29.       }
  30.     }
  31. ---
  32. ---
  33. apiVersion: v1
  34. kind: ConfigMap
  35. metadata:
  36.   namespace: elastic
  37.   name: filebeat-config
  38.   labels:
  39.     app: filebeat
  40. data:
  41.   filebeat.yml: |-
  42.     filebeat.inputs:
  43.     - type: container
  44.       enabled: true
  45.       paths:
  46.       - /var/log/containers/*.log
  47.       processors:
  48.       - add_kubernetes_metadata:
  49.           in_cluster: true
  50.           host: ${NODE_NAME}
  51.           matchers:
  52.           - logs_path:
  53.               logs_path: "/var/log/containers/"
  55.     filebeat.autodiscover:
  56.       providers:
  57.         - type: kubernetes
  58.           templates:
  59.             - condition.equals:
  60.                 kubernetes.labels.app: mongo
  61.               config:
  62.                 - module: mongodb
  63.                   enabled: true
  64.                   log:
  65.                     input:
  66.                       type: docker
  67.                       containers.ids:
  68.                         - ${data.kubernetes.container.id}
  70.     processors:
  71.       - drop_event:
  72.           when.or:
  73.               - and:
  74.                   - regexp:
  75.                       message: '^\d+\.\d+\.\d+\.\d+ '
  76.                   - equals:
  77.                       fileset.name: error
  78.               - and:
  79.                   - not:
  80.                       regexp:
  81.                           message: '^\d+\.\d+\.\d+\.\d+ '
  82.                   - equals:
  83.                       fileset.name: access
  84.       - add_cloud_metadata:
  85.       - add_kubernetes_metadata:
  86.           matchers:
  87.           - logs_path:
  88.               logs_path: "/var/log/containers/"
  89.       - add_docker_metadata:
  91.     output.elasticsearch:
  92.       hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
  93.       username: ${ELASTICSEARCH_USERNAME}
  94.       password: ${ELASTICSEARCH_PASSWORD}
  96.     setup.kibana:
  97.       host: '${KIBANA_HOST:kibana}:${KIBANA_PORT:5601}'
  99.     setup.dashboards.enabled: true
  100.     setup.template.enabled: true
  102.     setup.ilm:
  103.       policy_file: /etc/indice-lifecycle.json
  104. ---
  105. apiVersion: apps/v1
  106. kind: DaemonSet
  107. metadata:
  108.   namespace: elastic
  109.   name: filebeat
  110.   labels:
  111.     app: filebeat
  112. spec:
  113.   selector:
  114.     matchLabels:
  115.       app: filebeat
  116.   template:
  117.     metadata:
  118.       labels:
  119.         app: filebeat
  120.     spec:
  121.       serviceAccountName: filebeat
  122.       terminationGracePeriodSeconds: 30
  123.       containers:
  124.       - name: filebeat
  125.         image: docker.elastic.co/beats/filebeat:7.8.0
  126.         args: [
  127.           "-c", "/etc/filebeat.yml",
  128.           "-e",
  129.         ]
  130.         env:
  131.         - name: ELASTICSEARCH_HOST
  132.           value: elasticsearch-client.elastic.svc.cluster.local
  133.         - name: ELASTICSEARCH_PORT
  134.           value: "9200"
  135.         - name: ELASTICSEARCH_USERNAME
  136.           value: elastic
  137.         - name: ELASTICSEARCH_PASSWORD
  138.           valueFrom:
  139.             secretKeyRef:
  140.               name: elasticsearch-pw-elastic
  141.               key: password
  142.         - name: KIBANA_HOST
  143.           value: kibana.elastic.svc.cluster.local
  144.         - name: KIBANA_PORT
  145.           value: "5601"
  146.         - name: NODE_NAME
  147.           valueFrom:
  148.             fieldRef:
  149.               fieldPath: spec.nodeName
  150.         securityContext:
  151.           runAsUser: 0
  152.         resources:
  153.           limits:
  154.             memory: 200Mi
  155.           requests:
  156.             cpu: 100m
  157.             memory: 100Mi
  158.         volumeMounts:
  159.         - name: config
  160.           mountPath: /etc/filebeat.yml
  161.           readOnly: true
  162.           subPath: filebeat.yml
  163.         - name: filebeat-indice-lifecycle
  164.           mountPath: /etc/indice-lifecycle.json
  165.           readOnly: true
  166.           subPath: indice-lifecycle.json
  167.         - name: data
  168.           mountPath: /usr/share/filebeat/data
  169.         - name: varlog
  170.           mountPath: /var/log
  171.           readOnly: true
  172.         - name: varlibdockercontainers
  173.           mountPath: /var/lib/docker/containers
  174.           readOnly: true
  175.         - name: dockersock
  176.           mountPath: /var/run/docker.sock
  177.       volumes:
  178.       - name: config
  179.         configMap:
  180.           defaultMode: 0600
  181.           name: filebeat-config
  182.       - name: filebeat-indice-lifecycle
  183.         configMap:
  184.           defaultMode: 0600
  185.           name: filebeat-indice-lifecycle
  186.       - name: varlog
  187.         hostPath:
  188.           path: /var/log
  189.       - name: varlibdockercontainers
  190.         hostPath:
  191.           path: /var/lib/docker/containers
  192.       - name: dockersock
  193.         hostPath:
  194.           path: /var/run/docker.sock
  195.       - name: data
  196.         hostPath:
  197.           path: /var/lib/filebeat-data
  198.           type: DirectoryOrCreate
  199. ---
  200. apiVersion: rbac.authorization.k8s.io/v1beta1
  201. kind: ClusterRoleBinding
  202. metadata:
  203.   name: filebeat
  204. subjects:
  205. - kind: ServiceAccount
  206.   name: filebeat
  207.   namespace: elastic
  208. roleRef:
  209.   kind: ClusterRole
  210.   name: filebeat
  211.   apiGroup: rbac.authorization.k8s.io
  212. ---
  213. apiVersion: rbac.authorization.k8s.io/v1beta1
  214. kind: ClusterRole
  215. metadata:
  216.   name: filebeat
  217.   labels:
  218.     app: filebeat
  219. rules:
  220. - apiGroups: [""]
  221.   resources:
  222.   - namespaces
  223.   - pods
  224.   verbs:
  225.   - get
  226.   - watch
  227.   - list
  228. ---
  229. apiVersion: v1
  230. kind: ServiceAccount
  231. metadata:
  232.   namespace: elastic
  233.   name: filebeat
  234.   labels:
  235.     app: filebeat
  236. ---

上面是采集containers的日志。

参考文档: