Ubakgithub
diff --git a/‎Kubernetese/logging/efk/README.md‎
Lines changed: 196 additions & 0 deletions b/‎Kubernetese/logging/efk/README.md‎
Lines changed: 196 additions & 0 deletions
diff --git a/‎Kubernetese/logging/efk/counter.yaml‎
Lines changed: 10 additions & 0 deletions b/‎Kubernetese/logging/efk/counter.yaml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Kubernetese/logging/efk/elasticsearch-pv.yaml‎
Lines changed: 48 additions & 0 deletions b/‎Kubernetese/logging/efk/elasticsearch-pv.yaml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎Kubernetese/logging/efk/elasticsearch-pvc.yaml‎
Lines changed: 48 additions & 0 deletions b/‎Kubernetese/logging/efk/elasticsearch-pvc.yaml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎Kubernetese/logging/efk/elasticsearch-statefulset.yaml‎
Lines changed: 71 additions & 0 deletions b/‎Kubernetese/logging/efk/elasticsearch-statefulset.yaml‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎Kubernetese/logging/efk/elasticsearch-svc.yaml‎
Lines changed: 17 additions & 0 deletions b/‎Kubernetese/logging/efk/elasticsearch-svc.yaml‎
Lines changed: 17 additions & 0 deletions
@@ -0,0 +1,196 @@
+# EFK (ElasticSearch - FluentD - Kibana )
+
+### ElasticSearch
+
+> ElasticSearch is a document-oriented database designed to store, retrieve, and manage document-oriented or semi-structured data. When you use Elasticsearch, you store data in JSON document form. Then, you query them for retrieval.
+
+### FluentD
+
+> Fluentd is a popular open-source data collector that runs on a machine to tail log files, filter and transform the log data, and deliver it to the Elasticsearch cluster, where it will be indexed and stored
+
+### Kibana
+
+> Kibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to search, view, and interact with data stored in Elasticsearch indices. You can easily perform advanced data analysis and visualize your data in a variety of charts, tables, and maps.
+
+##  Steps to install EFK stack on kubernetes cluster
+
+##  Pre-requisite 
+
+> Since EFK is a heavy application - the cluster needs to be atleast 6 cpu x 10 GB memory with 30 GB storage. EFK stack is a good example to understand the concepts of Deployment, Statefulset and DaemonSet. Lets start installing EFK stack on kubernetes - 
+
+* Create the namespace to install the stack 
+
+` kubectl create ns kube-logging ` 
+
+```
+kubectl get ns kube-logging
+NAME           STATUS   AGE
+kube-logging   Active   11s
+```
+
+* Create persistent volumes and persistent volume claims
+
+> Elasticsearch will need a persistent volume and a corresponding claim that will be attached to the 3 replicas that we will create. The files pv.yaml and pvc.yaml contains the definition of persistent volume and persistent volume claim respectively. 
+
+` kubectl create -f pv.yaml -f pvc.yaml -n kube-logging `
+
+> The output will show that 3 PVCs are **BOUND** to 3 PVs. 
+
+~~~
+kubectl get pv,pvc -n kube-logging 
+NAME                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                              STORAGECLASS   REASON   AGE
+persistentvolume/es-pv-0   10Gi       RWO            Retain           Bound    kube-logging/es-pvc-es-cluster-0                           9s
+persistentvolume/es-pv-1   10Gi       RWO            Retain           Bound    kube-logging/es-pvc-es-cluster-1                           9s
+persistentvolume/es-pv-2   10Gi       RWO            Retain           Bound    kube-logging/es-pvc-es-cluster-2                           9s
+
+NAME                                        STATUS   VOLUME    CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+persistentvolumeclaim/es-pvc-es-cluster-0   Bound    es-pv-0   10Gi       RWO                           9s
+persistentvolumeclaim/es-pvc-es-cluster-1   Bound    es-pv-1   10Gi       RWO                           9s
+persistentvolumeclaim/es-pvc-es-cluster-2   Bound    es-pv-2   10Gi       RWO                           9s
+
+~~~
+
+* Create elasticsearch Statefulset
+
+> As elasticsearch acts as the default backend of fluentd aggregated logs, its important that we deploy elasticsearch as an application that maintains state. Fluentd will continuously push data to elasticsearch. To reduce any latency and to associate the elasticsearch replicas directly to fluentd, we use the concept of Headless service. By using headless service - the DNS of the elasticsearch pods will be - *STATEFULSET-NAME-STICKYIDENTIFIER.HEADLESS-SERVICE-NAME*, i.e. **es-cluster-0.elasticsearch**
+
+> Lets install elasticsearch headless service first  - 
+
+` kubectl create -f elasticsearch_svc.yaml`
+
+```
+kubectl get svc -n kube-logging
+NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)             AGE
+elasticsearch   ClusterIP   None         <none>        9200/TCP,9300/TCP   7s
+```
+
+> Install elasticsearch statefulset
+
+` kubectl create -f elasticsearch_statefulset.yaml`
+
+```
+kubectl get pods -n kube-logging
+NAME           READY   STATUS    RESTARTS   AGE
+es-cluster-0   1/1     Running   0          21s
+es-cluster-1   1/1     Running   0          14s
+es-cluster-2   1/1     Running   0          8s
+```
+
+> Using port-forward, verify the status of statefulset deployment
+
+` kubectl port-forward es-cluster-0 9200:9200 --namespace=kube-logging`
+
+` curl http://localhost:9200/_cluster/state?pretty  `
+
+> The output should be as below
+
+```
+curl http://localhost:9200/_cluster/state?pretty
+{
+  "cluster_name" : "k8s-logs",
+  "compressed_size_in_bytes" : 351,
+  "cluster_uuid" : "fDRfwLflQjuKeOLAXuPwLg",
+  "version" : 3,
+  "state_uuid" : "NkdqNF34SKq0bmIMHrG96Q",
+  "master_node" : "28Vbx-gdR7CKje0oT1PFhA",
+  "blocks" : { },
+  "nodes" : {
+    "4FNwm6qBS6qBZDDpMg4x9g" : {
+      "name" : "es-cluster-2",
+      "ephemeral_id" : "s182JiZdSHCYG8Ja-swyuA",
+      "transport_address" : "192.168.1.192:9300",
+      "attributes" : { }
+    },
+    "VwgBprBNTA6kDP1BUJs_Zg" : {
+      "name" : "es-cluster-0",
+      "ephemeral_id" : "IQmaLDsJRzWU9tY7JDiUQg",
+      "transport_address" : "192.168.1.191:9300",
+      "attributes" : { }
+    },
+    "28Vbx-gdR7CKje0oT1PFhA" : {
+      "name" : "es-cluster-1",
+      "ephemeral_id" : "lJFv0XwaShm_y8eIjuMf-g",
+      "transport_address" : "192.168.2.178:9300",
+      "attributes" : { }
+    }
+  },
+```
+
+* Install Kibana
+
+` kubectl create -f kibana.yaml `
+
+> The output now should be as below - 
+
+~~~
+kubectl get pods,svc -n kube-logging 
+NAME                         READY   STATUS    RESTARTS   AGE
+pod/es-cluster-0             1/1     Running   0          5m13s
+pod/es-cluster-1             1/1     Running   0          5m6s
+pod/es-cluster-2             1/1     Running   0          5m
+pod/kibana-bd6f49775-zmt4g   1/1     Running   0          22s
+
+NAME                    TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
+service/elasticsearch   ClusterIP   None           <none>        9200/TCP,9300/TCP   6m14s
+service/kibana          NodePort    10.99.16.215   <none>        5601:32182/TCP      22s
+~~~
+
+> Get the nodeport from the kibana service, and visit the kibana dashboard on your browser using - http://EXTERNAL_IP:nodeport. Currently kibana is empty as there are no logs being pushed to elasticsearch. 
+
+* Install FluentD daemonset 
+
+> FluentD will be installed as daemonset as we need one instance of fluentD running on all nodes. In order to run it on master, the corresponding tolerations has to be added to the fluentd yaml definition. The fluentd daemonset will look for the elasticsearch service to push the logs to. As a part of the environment variables, we define the headless service DNS (elasticsearch.kube-logging.svc.cluster.local) and the port 9200 so that fluentd can push all logs to the elasticsearch backend. 
+
+> FluentD will aggregate logs from all pods running in all namespaces. In order to provide fluentd the corresponding privileges, we have to create a RBAC policy for fluentd to fetch data from the "POD" resource and fetch pods from all "NAMESPACES". The file clusterrole-fluentd.yaml provides the necessary clusterrole definition. The file clusterrolebinding-fluentd.yaml will bind the clusterrole to a serviceaccount which will be used to run the fluentd daemonset. 
+
+` kubectl create -f sa-fluentd.yaml -f clusterrole-fluentd.yaml -f clusterrolebinding-fluentd.yaml  `
+
+Output should be as below - 
+
+~~~
+kubectl create -f sa-fluentd.yaml -f clusterrole-fluentd.yaml -f clusterrolebinding-fluentd.yaml
+serviceaccount/fluentd created
+clusterrole.rbac.authorization.k8s.io/fluentd created
+clusterrolebinding.rbac.authorization.k8s.io/fluentd created
+~~~
+
+> Deploy the fluentd daemonset 
+
+` kubectl create -f fluentd_daemonset.yaml `
+
+> Below should be the output of the kube-logging namespace now 
+~~~
+kubectl get pods -n kube-logging
+NAME                     READY   STATUS    RESTARTS   AGE
+es-cluster-0             1/1     Running   0          16m
+es-cluster-1             1/1     Running   0          16m
+es-cluster-2             1/1     Running   0          15m
+fluentd-dcstb            1/1     Running   0          20s
+fluentd-kqmcd            1/1     Running   0          20s
+fluentd-xr987            1/1     Running   0          20s
+kibana-bd6f49775-zmt4g   1/1     Running   0          11m
+~~~
+
+
+* Refresh kibana dashboard to see if the logstash-* index patterns are getting created. 
+
+> In Discovery section - use the index pattern as logstash-* with timestamp as the filter to view all the logs. 
+
+* Cleanup 
+
+` kubectl delete ns kube-logging`
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: counter
+spec:
+  containers:
+  - name: count
+    image: busybox
+    args: [/bin/sh, -c, 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
+
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: es-pv-0
+  labels:
+    app: es-pv
+    podindex: "0"
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 10Gi
+  hostPath:
+    path: /data/pods/es-0/datadir
+
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: es-pv-1
+  labels:
+    app: es-pv
+    podindex: "1"
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 10Gi
+  hostPath:
+    path: /data/pods/es-1/datadir
+
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: es-pv-2
+  labels:
+    app: es-pv
+    podindex: "2"
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 10Gi
+  hostPath:
+    path: /data/pods/es-2/datadir
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: es-pvc-es-cluster-0
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  selector:
+    matchLabels:
+      app: es-pv
+      podindex: "0"
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: es-pvc-es-cluster-1
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  selector:
+    matchLabels:
+      app: es-pv
+      podindex: "1"
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: es-pvc-es-cluster-2
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  selector:
+    matchLabels:
+      app: es-pv
+      podindex: "2"
@@ -0,0 +1,71 @@
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+  name: es-cluster
+  namespace: kube-logging
+spec:
+  serviceName: elasticsearch
+  replicas: 3
+  selector:
+    matchLabels:
+      app: elasticsearch
+  template:
+    metadata:
+      labels:
+        app: elasticsearch
+    spec:
+      containers:
+      - name: elasticsearch
+        image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.4.3
+        resources:
+            limits:
+              cpu: 1000m
+            requests:
+              cpu: 100m
+        ports:
+        - containerPort: 9200
+          name: rest
+          protocol: TCP
+        - containerPort: 9300
+          name: inter-node
+          protocol: TCP
+        volumeMounts:
+        - name: es-pvc
+          mountPath: /usr/share/elasticsearch/data
+        env:
+          - name: cluster.name
+            value: k8s-logs
+          - name: node.name
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: discovery.zen.ping.unicast.hosts
+            value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
+          - name: discovery.zen.minimum_master_nodes
+            value: "2"
+          - name: ES_JAVA_OPTS
+            value: "-Xms512m -Xmx512m"
+      initContainers:
+      - name: fix-permissions
+        image: busybox
+        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: es-pvc
+          mountPath: /usr/share/elasticsearch/data
+      - name: increase-vm-max-map
+        image: busybox
+        command: ["sysctl", "-w", "vm.max_map_count=262144"]
+        securityContext:
+          privileged: true
+      - name: increase-fd-ulimit
+        image: busybox
+        command: ["sh", "-c", "ulimit -n 65536"]
+        securityContext:
+          privileged: true
+  volumeClaimTemplates:
+  - metadata:
+      name: es-pvc
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
@@ -0,0 +1,17 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: elasticsearch
+  namespace: kube-logging
+  labels:
+    app: elasticsearch
+spec:
+  selector:
+    app: elasticsearch
+  clusterIP: None
+  ports:
+    - port: 9200
+      name: rest
+    - port: 9300
+      name: inter-node
+