์ด์ ํฌ์คํธ์์ EFK์ ๋ํด ๊ฐ๋ตํ๊ฒ ์ค๋ช ํ์์ต๋๋ค. ์ด์ ๋ถํฐ EFK๋ฅผ ์ง์ ๊ตฌ์ถํด ๋ณด๊ฒ ์ต๋๋ค.
Fluent Bit ๊ตฌ์ฑ
fluent bit๋ helm์ ํตํด ์ค์นํ์ต๋๋ค.
helm install์ ์ํํ๊ธฐ ์ values.yaml์์ config ๋ถ๋ถ์ ์์ ํด์ผ ํฉ๋๋ค.
fluent bit๋ Daemonset์ผ๋ก ๊ฐ ๋
ธ๋๋ณ๋ก ์์ฑ๋ฉ๋๋ค.
helm repo add fluent https://fluent.github.io/helm-charts
helm fetch fluent/fluent-bit --untar
helm install fluent-bit fluent/fluent-bit -f values.yaml # values.yaml ํ์ผ ์์ ํ ์คํ
config:
service: |
[SERVICE]
Daemon Off
Flush {{ .Values.flush }}
Log_Level {{ .Values.logLevel }}
Parsers_File /fluent-bit/etc/conf/custom_parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port {{ .Values.metricsPort }}
Health_Check On
inputs: |
[INPUT]
Name tail
Path /var/log/containers/*.log
Parser cri
Tag kube.*
Mem_Buf_Limit 5MB
Skip_Long_Lines Off
[INPUT]
Name systemd
Tag host.*
Systemd_Filter _SYSTEMD_UNIT=kubelet.service
Read_From_Tail On
filters: |
[FILTER]
Name kubernetes
Match kube.*
Merge_Log On
Keep_Log Off
K8S-Logging.Parser On
K8S-Logging.Exclude On
outputs: |
[OUTPUT]
Name es
Match *
Host elasticsearch.logging
Port 9200
Logstash_Format Off
Elasticsearch ๊ตฌ์ฑ
Elasticsearch๋ 8.0 ์ดํ ๋ฒ์ ๋ถํฐ๋ security๊ฐ ๊ธฐ๋ณธ์ ์ผ๋ก enabled ์ํ์
๋๋ค. security๋ฅผ ์ฌ์ฉํ์ง ์์ ๊ฒฝ์ฐ 7.17.0 ๋ฒ์ ์ ์ฌ์ฉํ์๋ฉด ๋ฉ๋๋ค. ๊ทธ๋ฆฌ๊ณ Elasticsearch์ Kibana ์ฐ๋ ์ ๊ฐ์ ๋ฒ์ ์ผ๋ก ์งํํ์
์ผ ํฉ๋๋ค.
์๋ ์ฝ๋๋ ํ์ฌ Minimal Security๊น์ง๋ง ๋์ด์์ผ๋ฉฐ, Alert ๊ธฐ๋ฅ๊น์ง๋ ์ฌ์ฉํ ์ ์๋๋ก ์ค์ ๋์ด ์์ต๋๋ค.
apiVersion: v1
kind: ServiceAccount
metadata:
name: elasticsearch-service-account
namespace: logging
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: elasticsearch-cluster-role
namespace: logging
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "services", "endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "replicasets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["monitoring.coreos.com"]
resources: ["servicemonitors", "prometheuses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["logging.k8s.io"]
resources: ["logs"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: elasticsearch-cluster-role-binding
namespace: logging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: elasticsearch-cluster-role
subjects:
- kind: ServiceAccount
name: elasticsearch-service-account
namespace: logging
apiVersion: v1
kind: ConfigMap
metadata:
name: elasticsearch-config
namespace: logging
data:
elasticsearch.yml: |
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["elasticsearch-discovery"]
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.authc.api_key.enabled: true
apiVersion: apps/v1
kind: Deployment
metadata:
name: elasticsearch
namespace: logging
labels:
app: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
serviceAccountName: elasticsearch-service-account
containers:
- name: elasticsearch
image: elasticsearch:7.17.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9200
- containerPort: 9300
env:
- name: discovery.type
value: "single-node"
- name: ES_JAVA_OPTS
value: "-Xms500m -Xmx1000m"
volumeMounts:
- name: elasticsearch-config
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
subPath: elasticsearch.yml
- name: elasticsearch-data
mountPath: /usr/share/elasticsearch/data
volumes:
- name: elasticsearch-config
configMap:
name: elasticsearch-config
- name: elasticsearch-data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
namespace: logging
labels:
app: elasticsearch
spec:
selector:
app: elasticsearch
ports:
- name: elasticsearch
port: 9200
protocol: TCP
targetPort: 9200
- name: elasticsearch-ssl
port: 9300
protocol: TCP
targetPort: 9300
Kibana ๊ตฌ์ฑ
Kibana๋ฅผ ํตํด Slack ์๋ฆผ๊น์ง ์ฐ๋ํ๊ณ ์ถ์์ผ๋ ์ด ๊ธฐ๋ฅ์ ์ ๋ฃ์ธ ๊ฒฝ์ฐ์๋ง ์ฌ์ฉ์ด ๊ฐ๋ฅํฉ๋๋ค.
Elasticsearch์ Security๋ฅผ Basic security + SSL/TLS๋ก ์ค์ ํ๋ฉด 14์ผ trial ๋ฒ์ ์ผ๋ก ์ฌ์ฉํด ๋ณด์ค ์ ์์ต๋๋ค.
apiVersion: v1
kind: ConfigMap
metadata:
name: kibana-config
namespace: logging
labels:
app: kibana
data:
kibana.yml: |
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://elasticsearch.logging:9200" ]
server.publicBaseUrl: ${{ secrets.SERVER_NAME }}
elasticsearch.username: "${ ELASTICSEARCH_USERNAME }"
elasticsearch.password: "${ ELASTICSEARCH_PASSWORD }"
xpack.encryptedSavedObjects.encryptionKey: ${{ vars.ENCRYPTEDSAVEDOBJECTS }}
xpack.reporting.encryptionKey: ${{ vars.REPORTING }}
xpack.security.encryptionKey: ${{ vars.SECURITY }}
xpack.security.enabled: true
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
namespace: logging
labels:
app: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
name: kibana
labels:
app: kibana
spec:
containers:
- name: kibana
image: kibana:7.17.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5601
protocol: TCP
volumeMounts:
- mountPath: /usr/share/kibana/config/kibana.yml
name: config
subPath: kibana.yml
env:
- name: ELASTICSEARCH_URL
value: http://elasticsearch.logging:9200
- name: discovery.type
value: single-node
- name: ELASTICSEARCH_USERNAME
value: ${{ secrets.ELASTICSEARCH_USERNAME }}
- name: ELASTICSEARCH_PASSWORD
value: ${{ secrets.ELASTICSEARCH_PASSWORD }}
- name: SERVER_NAME
value: ${{ secrets.SERVER_NAME }}
volumes:
- name: config
configMap:
name: kibana-config
---
apiVersion: v1
kind: Service
metadata:
name: kibana
namespace: logging
labels:
app: kibana
spec:
selector:
app: kibana
ports:
- nodePort: 30651
port: 5601
protocol: TCP
targetPort: 5601
type: NodePort
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kibana-ingress
namespace: logging
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
labels:
name: kibana-ingress
spec:
ingressClassName: "alb-ingress-class"
rules:
- host: ${{ secrets.SERVER_NAME }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kibana
port:
number: 5601
AWSํ๊ฒฝ์ด ์๋ ๊ฒฝ์ฐ Ingress Class๋ฅผ ์ค์น ํ ์งํํ์
์ผ ํฉ๋๋ค.
์ ๋ ํ์ฌ AWS์ EKS ํ๊ฒฝ์์ ๊ตฌ์ถํ์๊ธฐ ๋๋ฌธ์ annotations๋ถ๋ถ์ ์์ฑํ์์ต๋๋ค.
SSL๊ณผ TLS ์ค์ ์ ๊ณ์ ๋งํ์ ์ถํ ์ฑ๊ณตํ๋ฉด ์ฌ๋ฆฌ๊ฒ ์ต๋๋ค.๐ฅฒ
๋ค์์ PLG ๊ฐ์ ๋ฐ ๊ตฌ์ถ๊ณผ slack ์๋ฆผ ์ฐ๋์ ๋ํด์ ์ฌ๋ฆฌ๊ฒ ์ต๋๋ค.
'Cloud > Kubernetes' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
[Kubernetes] kind๋ก ์ค์ต ํ๊ฒฝ ๊ตฌ์ฑํ๊ธฐ (0) | 2024.10.21 |
---|---|
[k8s] Kubernetes ๋ก๊ทธ - EFK ๊ฐ์ (1) | 2024.09.28 |