Send Kubernetes cluster logs to AWS Elasticsearch

霸气de小男生 提交于 2019-12-10 17:22:11

问题


I have a testing Kubernetes cluster and I created elasticsearch on AWS which include Kibana for the log management.

Endpoint: https://search-this-is-my-es-wuktx5la4txs7avvo6ypuuyri.ca-central-1.es.amazonaws.com

As far as I googled, I have to send logs from fluentd. Then I tried to implement DaemonSet using this article. No luck.

Could you please share any good documentation to me, please


回答1:


Kibana provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data.

To push log data into Elasticsearch, mostly people uses logstash/fluentd(log/data collectors)

Checkout below links for more info:

https://www.elastic.co/webinars/introduction-elk-stack

https://logz.io/blog/fluentd-logstash/




回答2:


I had a similar problem. Below are the full details of how I got it working.

Setup:

  • AWS ES instance accessible via a VPC.
  • Using this yaml file as a template.
  • k8s client version v1.9.2
  • k8s server version v1.8.7

Host problem:

The main problem I had was with defining the environment variables correctly. For FLUENT_ELASTICSEARCH_HOST, I was including the https:// prefix on the host URL. Once I removed that, my connection problems went away.

Authentication:

There's no username or password configured for AWS ES. Per this discussion, I set the FLUENT_ELASTICSEARCH_USER and FLUENT_ELASTICSEARCH_PASSWORD values to null.

Sample configuration:

Here's the full set of environment variables in my daemonset yaml file:

- name:  FLUENT_ELASTICSEARCH_HOST
  value: "vpc-MY-DOMAIN.REGION.es.amazonaws.com"
- name:  FLUENT_ELASTICSEARCH_PORT
  value: "443"
- name: FLUENT_ELASTICSEARCH_SCHEME
  value: "https"
- name: FLUENT_ELASTICSEARCH_USER
  value: null
- name: FLUENT_ELASTICSEARCH_PASSWORD
  value: null

Bonus: connecting to Kibana

Instead of setting up AWS Cognito, I created an nginx pod in my kubernetes cluster that I use as a proxy to reach Kibana. I use the kubectl port-foward command to reach the nginx server from my local machine.

Here's my nginx.conf:

server {
  listen 80;
  listen [::]:80;

  server_name MY-DOMAIN;

  location /_plugin/kibana {
      proxy_pass https://vpc-MY-DOMAIN.REGION.es.amazonaws.com/_plugin/kibana;
  }
  location / {
      proxy_pass https://vpc-MY-DOMAIN.REGION.es.amazonaws.com;
  }
}

Once the nginx pod is deployed, I run this command:

kubectl port-forward POD_NAME 8888:80

Now the Kibana is accessible at http://localhost:8888/_plugin/kibana

I'm still having a timeout issue with the port-foward command and a problem with nginx caching the ES service IP (since that can change), but I'll update my response once I resolve those issues.



来源:https://stackoverflow.com/questions/46289774/send-kubernetes-cluster-logs-to-aws-elasticsearch

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!