EFK安装

EFK 可以通过 helm包来安装,但是没有逐个安装的方案来的灵活,所以这里使用逐个安装的方式

https://helm.elastic.co/

ELasticsearch

作为单机节点启动 Elasticsearch的话需要环境变量

discovery.type = single-node

启动之后,这里有一个选择,是设置Elasticsearch密码,这是一个可选项

/usr/share/elasticsearch/config/elasticsearch.yml

xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
network.host: 0.0.0.0

bin/elasticsearch-setup-passwords interactive

想要修改密码的话

curl -H "Content-Type:application/json" -XPOST -u elastic 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "123456" }'

Filebeat

关于 Filebeat 你唯一需要注意的是

filebeat.yml

/usr/share/filebeat/filebeat.yml

filebeat.inputs:
- type: log
  paths:
    - /run/containerd/io.containerd.runtime.v1.linux/**/app.log

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~

output.elasticsearch:
  hosts: 'elasticsearch.efk.svc:9200'
  username: "elastic"
  password: "xxxxxxxxxxxx"

Kibana

关于 Kibana 也是一个配置文件

/usr/share/kibana/config/kibana.yml

#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch.efk.svc:9200" ]
elasticsearch.username: "elastic"
elasticsearch.password: "xxxxxxxxxxxxxxx"

/run/containerd/io.containerd.runtime.v1.linux/k8s.io

新版本

{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["info","plugins-service"],"pid":952,"message":"Plugin \"timelines\" is disabled."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","config","deprecation"],"pid":952,"message":"Setting [elasticsearch.username] to \"elastic\" is deprecated. You should use the \"kibana_system\" user instead."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","config","deprecation"],"pid":952,"message":"plugins.scanDirs is deprecated and is no longer used"}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","config","deprecation"],"pid":952,"message":"Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0.\""}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","config","deprecation"],"pid":952,"message":"Setting [monitoring.username] to \"elastic\" is deprecated. You should use the \"kibana_system\" user instead."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["info","plugins-system"],"pid":952,"message":"Setting up [106] plugins: [taskManager,licensing,globalSearch,globalSearchProviders,banners,code,usageCollection,xpackLegacy,telemetryCollectionManager,telemetry,telemetryCollectionXpack,kibanaUsageCollection,securityOss,share,newsfeed,mapsEms,mapsLegacy,kibanaLegacy,translations,licenseApiGuard,legacyExport,embeddable,uiActionsEnhanced,expressions,charts,esUiShared,bfetch,data,home,console,consoleExtensions,apmOss,searchprofiler,painlessLab,grokdebugger,management,advancedSettings,savedObjects,visualizations,visTypeTable,visTypeTagcloud,visTypeVislib,visTypeVega,visTypeTimelion,features,licenseManagement,watcher,visTypeMarkdown,visTypeMetric,visTypeXy,tileMap,regionMap,presentationUtil,canvas,graph,timelion,dashboard,dashboardEnhanced,visualize,visTypeTimeseries,inputControlVis,indexPatternManagement,discover,discoverEnhanced,savedObjectsManagement,spaces,security,savedObjectsTagging,lens,reporting,lists,encryptedSavedObjects,dataEnhanced,dashboardMode,cloud,upgradeAssistant,snapshotRestore,fleet,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,enterpriseSearch,beatsManagement,transform,ingestPipelines,fileUpload,maps,fileDataVisualizer,eventLog,actions,alerting,triggersActionsUi,stackAlerts,ruleRegistry,observability,osquery,ml,securitySolution,cases,infra,monitoring,logstash,apm,uptime]"}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["info","plugins","taskManager"],"pid":952,"message":"TaskManager is identified by the Kibana UUID: 5fc48a3d-4d2d-483a-b064-77fce3198095"}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","plugins","security","config"],"pid":952,"message":"Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","plugins","security","config"],"pid":952,"message":"Session cookies will be transmitted over insecure connections. This is not recommended."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","plugins","reporting","config"],"pid":952,"message":"Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","plugins","reporting","config"],"pid":952,"message":"Chromium sandbox provides an additional layer of protection, but is not supported for Linux CentOS 8.4.2105\n OS. Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'."}
{"type":"log","@timestamp":"2021-06-24T11:35:14+00:00","tags":["warning","plugins","encryptedSavedObjects"],"pid":952,"message":"Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-06-24T11:35:15+00:00","tags":["warning","plugins","actions","actions"],"pid":952,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-06-24T11:35:15+00:00","tags":["warning","plugins","alerting","plugins","alerting"],"pid":952,"message":"APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command."}
{"type":"log","@timestamp":"2021-06-24T11:35:15+00:00","tags":["info","plugins","monitoring","monitoring"],"pid":952,"message":"config sourced from: production cluster"}
{"type":"log","@timestamp":"2021-06-24T11:35:15+00:00","tags":["info","savedobjects-service"],"pid":952,"message":"Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations..."}
{"type":"log","@timestamp":"2021-06-24T11:35:15+00:00","tags":["error","savedobjects-service"],"pid":952,"message":"Unable to retrieve version information from Elasticsearch nodes."}

7.13.2

Send a Message