Run kubectl apply -f elasticsearch.yml to deploy Elasticsearch Pod.Ĭreate a Kubernetes manifest file, filebeat-ds.yaml:ĪpiVersion : extensions/v1beta1 kind : DaemonSet metadata : name : filebeat labels : app : filebeat spec : template : metadata : labels : app : filebeat spec : terminationGracePeriodSeconds : 30 containers : - name : filebeat image : /beats/filebeat:6.6.1 args : env : - name : ELASTICSEARCH_HOST value : elasticsearch - name : ELASTICSEARCH_PORT value : "9200" - name : ELASTICSEARCH_USERNAME value : - name : ELASTICSEARCH_PASSWORD value : - name : ELASTIC_CLOUD_ID value : - name : ELASTIC_CLOUD_AUTH value : securit圜ontext : runAsUser : 0 volumeMounts : - name : filebeat-config mountPath : /usr/share/filebeat/filebeat.yml readOnly : true subPath : filebeat.yml - name : filebeat-data mountPath : /usr/share/filebeat/data - name : varlibdockercontainers mountPath : /var/lib/docker/containers readOnly : true volumes : - name : filebeat-config configMap : defaultMode : 0600 name : filebeat-config - name : varlibdockercontainers hostPath : path : /var/lib/docker/containers - name : filebeat-data hostPath : path : /data/filebeat/data type : DirectoryOrCreate Save the content into Kubernetes' ConfigMaps using kubectl create cm filebeat-config -from-file=filebeat.yml for later use.Ĭreate a Kubernetes manifest file, filebeat-roles.yaml:ĪpiVersion : v1 kind : Service metadata : name : elasticsearch labels : app : elasticsearch spec : ports : - port : 9200 name : elastic targetPort : 9200 protocol : TCP - port : 9300 name : elastic-cluster targetPort : 9300 protocol : TCP selector : app : elasticsearch clusterIP : None - apiVersion : apps/v1 kind : StatefulSet metadata : name : elasticsearch labels : app : elasticsearch spec : serviceName : elasticsearch replicas : 1 selector : matchLabels : app : elasticsearch template : metadata : labels : app : elasticsearch spec : containers : - name : elasticsearch imagePullPolicy : Always image : /elasticsearch/elasticsearch:6.6.1 ports : - containerPort : 9200 name : elastic - containerPort : 9300 name : elastic-cluster env : - name : cluster.name value : "gluu-cluster" - name : mory_lock value : "false" - name : ES_JAVA_OPTS value : "-Xms512m -Xmx512m" - name : TAKE_FILE_OWNERSHIP value : "true" volumeMounts : - name : elasticsearch-data mountPath : /usr/share/elasticsearch/data volumes : - name : elasticsearch-data hostPath : path : /data/elasticsearch/data type : DirectoryOrCreate Logging Containers in Docker/Docker Swarm #Ĭreate filebeat.yml for custom Filebeat configuration:įnfig : modules : path : $" encoding : utf-8 enabled : true document_type : docker exclude_files : processors : # decode the log field (sub JSON document) if JSONencoded, then maps it's fields to elasticsearch fields - decode_json_fields : fields : target : "" # overwrite existing target elasticsearch fields while decoding json fields overwrite_keys : true - add_kubernetes_metadata : ~ - add_cloud_metadata : ~ # Write Filebeat own logs only to file to avoid catching them with itself in docker log files logging.to_files : true logging.to_syslog : false logging.level : warning Refer to the official installation page of Elasticsearch here. The Elasticsearch container requires the host's specific vm.max_map_count kernel setting to be at least 262144. Use docker info | grep 'Logging Driver' to check current logging driver. By default, the Docker installation uses json-file driver, unless set to another driver. Choose the json-file logging driver for the Docker daemon, as Filebeat works best with this driver.This guide will show an example of how to collect selected container's logs (oxAuth, oxTrust, OpenDJ, oxShibboleth, oxPassport, and optionally NGINX), using Filebeat, Elasticsearch, and Kibana. There are tools available to assist in this task, both open source and paid. In a Docker environment where each container can have one or more replicas, it is easier to check the log by collecting all containers' logs, storing them in a single place and possibly searching the logs later.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |