一、云原生日志框架ECK介绍

官网链接:Elastic Cloud on Kubernetes | Elastic Docs

Elastic Cloud on Kubernetes(CCK)是Elastic官方提供的Kubernetes Operator,用于简化在Kubernetes环境中部署、管理和扩展Elastic Stack的全方位组件。

ECK基于Kubernetes的Custom Resource Definitions(CRDs),可以让用户以声明式的方式定义和管理Elastic Stack组件,比如创建一个Elasticsearch的集群只需要像创建一个Deployment声明一个Yaml,然后创建即可。

ECK核心资源:

  • Elasticsearch:用于管理和部署Elasticsearch集群
  • Elasticsearch:用于管理和部署Elasticsearch集群
  • Kibana:用于管理和部署Kibana服务
  • Beat:用于管理和部署Filebeat服务
  • Logstash:用户管理和部署logstash服务

2.2 ECK核心资源Elasticsearch配置详解

ECK核心资源Elasticsearch配置示例:

apiVersion: elasticsearch.k8s.elastic.co/v1 
kind: Elasticsearch 
metadata:
  name: es-cluster
spec:
  # ES版本
  version: 8.14.3 
  image: registry.cn-beijing.aliyuncs.com/dotbalo/elasticsearch:8.14.3
  nodeSets: 
    #节点组名称,全局唯一
  - name: default 
    #当前节点组的节点数量
    count: 3 
    config:
      # node.roles: "master"
      # 节点自定义配置,禁用内存映射
      node.store.allow_mmap: false 
      # no persistent(pod相关配置) 
    podTemplate:
      spec:
        volumes:
        - name: elasticsearch-data
          emptyDir: {}

2.3 ECK核心资源Kibana配置详解

ECK核心资源Kibana配置示例:

apiVersion: kibana.k8s.elastic.co/v1  
kind: Kibana
metadata:
  name: kibana                        
spec:
  version: 8.14.3                     
  image: registry.cn-beijing.aliyuncs.com/dotbalo/kibana:8.14.3 
  count: 1    
  # ES集群配置,ECK部署的ES集群名字
  elasticsearchRef:                   
    name: es-cluster                  
  http:
    service:
      spec:
        # 默认是ClusterIP
        type: NodePort                
    tls:
      selfSignedCertificate:
        disabled: true

2.4 ECK核心资源Logstash配置详解

ECK核心资源Logstash配置示例:

apiVersion: logstash.k8s.elastic.co/v1alpha1
kind: Logstash
metadata:
  name: logstash                          # Logstash实例名称
spec:
  version: 8.14.3                         # 版本与ES/Kibana保持一致
  image: registry.cn-beijing.aliyuncs.com/dotbalo/logstash:8.14.3  # 阿里云定制镜像
  count: 1                                # 实例数量(生产建议≥3)
  elasticsearchRef:                      
    name: es-cluster                      # 关联已创建的ES集群(必填)
  pipelines:
  - pipeline.id: main                    
    # 内联配置(生产建议外部挂载configmap)
    config: |
      input {
        beats {
          port => 5044
        }
      }
      filter {
        grok {
          match => { "message" => "%{COMBINEDAPACHELOG}" }
        }
      }
      output {
        elasticsearch {
          hosts => ["es-cluster-http:9200"]
          index => "logs-%{+YYYY.MM.dd}"
        }
      }
  # Pod级配置(资源/存储/安全)
  podTemplate:
    spec:
      volumes:
      - name: logstash-data
        emptyDir: {}                      # 临时存储(开发测试用)
      containers:
      - name: logstash
        resources:
          requests:
            cpu: 500m                     # 最小CPU(根据日志量调整)
            memory: 1Gi                   # 最小内存
          limits:
            memory: 2Gi                   # 内存硬限制
        # env: 可添加环境变量(如LS_JAVA_OPTS="-Xmx1g -Xms1g")