maifusha / kubernetes-efk Goto Github PK

Kubernetes compose orchestra for EFK：ElasticSech（With Curator、ElastAlert）、Fluentd、Kibana

1. kubectl label nodes your-desired-node efk-node=true
2. cp -a .env.example .env and update it (avoid the # char)
3. ./deploy
4. 创建ES索引
   • 创建日志存储的索引（要求使用@timestamp字段存储时间）
   • 进入elastalert容器中执行命令python /opt/elastalert/elastalert/create_index.py创建elastalert的状态存储索引
5. Kibana配置
   • 目标检索的index pattern：php.error-*、application.error-*

• https://github.com/giantswarm/kubernetes-elastic-stack
• https://github.com/elastic/examples/tree/master/Miscellaneous/docker/full_stack_example
• https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch
• https://github.com/kayrus/elk-kubernetes
• https://github.com/kubernetes/charts/tree/master/stable/elastalert
• https://github.com/fluent/fluentd-kubernetes-daemonset