Centralized logging is provided by Filebeat, Elasticsearch and Kibana.
The following procedure walks through installation of a centralized logging stack using the Helm repositories provided by Elastic NV.
Our centralized logging solution requires that all hosts be configured with the same timezone and synchronized clocks. This should be done automatically in our Kubernetes deployment process, but can be enforced manually by running the Chrony playbook:
ansible-playbook playbooks/generic/chrony-client.ymlAdd the Elastic repo in Helm:
helm repo add elastic https://helm.elastic.co# Install Elasticsearch
# - Note that this document uses three replicas for availability, but you may
# want to set a different value depending on cluster size
helm install elasticsearch elastic/elasticsearch --set replicas=3
# Wait for the cluster to come online
kubectl get pods --namespace=default -l app=elasticsearch-master -w
# Test the cluster health
helm --namespace=default test elasticsearchNote that the default Filebeat configuration will import all container logs from the Kubernetes cluster nodes.
# Install Filebeat
helm install filebeat elastic/filebeat
# Wait for all containers to come up
kubectl get pods --namespace=default -l app=filebeat-filebeat -w# Install Kibana
helm install kibana elastic/kibana
# Wait for the container to come up
kubectl get pods --namespace=default -l app=kibana -wBy default, Kibana is only deployed as a ClusterIP service. In order to expose it for user access, see the chart documentation or just expose it as a NodePort service:
kubectl expose deployment kibana-kibana \
--type=NodePort \
--name=kibana-nodeport
service/kibana-nodeport exposed
kubectl get service kibana-nodeport
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kibana-nodeport NodePort 10.233.39.104 <none> 5601:30965/TCP 42sIf there is an issue, you can follow these steps to delete the logging stack:
helm delete kibana
helm delete filebeat
helm delete elasticsearch
kubectl delete pvc -l app=elasticsearch-master