S A
Home » DevOps » How to Use Kubernetes with Elastic Stack for Logging and Analysis

How to Use Kubernetes with Elastic Stack for Logging and Analysis

Updated: January 30, 2024 By: Guest Contributor Post a comment
Table Of Contents
1 Introduction
1.1 Prerequisites
2 Step-by-Step Guide
2.1 Step 1: Setting Up Fluentd
2.2 Step 2: Deploying Elasticsearch
2.3 Step 3: Setting Up Kibana
3 Advanced Configuration
4 Visualizing Data with Kibana
5 Conclusion

Introduction

Kubernetes and the Elastic Stack are two powerful technologies commonly used in modern DevOps environments. While Kubernetes is an open-source container orchestration platform that simplifies the deployment, scaling, and operations of application containers across clusters of hosts, the Elastic Stack (formerly known as ELK Stack) provides powerful tools for logging, searching, analyzing and visualizing data in real-time.

In this tutorial, we shall delve into integrating these two technologies to enhance the logging and analytical operations of your containers managed by Kubernetes with the seamless analytical power of the Elastic Stack.

Prerequisites

Before we start, you should have the following ready:

  • A running Kubernetes cluster
  • Kubectl command-line tool configured
  • Basic understanding of Docker and Kubernetes concepts
  • An installed Elastic Stack or access to Elastic Cloud

Step-by-Step Guide

Step 1: Setting Up Fluentd

To begin collecting logs from Kubernetes, we need a log shipper that is compatible with both Kubernetes and the Elastic Stack. Fluentd is a widely used open-source data collector for such purposes. Below is a basic Fluentd config file to start with:

<match kubernetes.**>
    @type elasticsearch
    host "elasticsearch-logging"
    port 9200
    logstash_format true
    include_tag_key true
    tag_key @log_name
    flush_interval 10s
</match>

To deploy Fluentd as a DaemonSet in your Kubernetes cluster, you can use the following Kubernetes manifest file:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: fluentd-logging
  template:
    metadata:
      labels:
        k8s-app: fluentd-logging
    spec:
            containers:
                - name: fluentd-elasticsearch
                image: fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch
                env:
                    - name: FLUENT_ELASTICSEARCH_HOST
                    value: "elasticsearch-logging"
                    - name: FLUENT_ELASTICSEARCH_PORT
                    value: "9200"

To apply this DaemonSet, use the command:

kubectl apply -f fluentd-daemonset.yaml

Step 2: Deploying Elasticsearch

If you do not have Elasticsearch running, you can deploy it to your Kubernetes cluster. Here is a simple deployment manifest for a basic Elasticsearch setup:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: elasticsearch
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
        ports:
        - containerPort: 9200
        - containerPort: 9300
        env:
        - name: discovery.type
        value: single-node

To create the Elasticsearch deployment:

kubectl apply -f elasticsearch-deployment.yaml

Step 3: Setting Up Kibana

Kibana is a part of the Elastic Stack that provides visualization capabilities. It should be configured to connect to the Elasticsearch deployed in the previous step. Use the following Kibana deployment configuration:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
      - name: kibana
        image: docker.elastic.co/kibana/kibana:7.9.2
        ports:
        - containerPort: 5601
        env:
        - name: ELASTICSEARCH_HOSTS
        value: "http://elasticsearch:9200"

To deploy Kibana in your Kubernetes cluster:

kubectl apply -f kibana-deployment.yaml

Advanced Configuration

For a production environment, it’s essential to configure data persistence, handle multi-node Elasticsearch clusters, set up security, and perform fine-grained performance tuning. Let’s touch on each:

  • Data Persistence: Attach persistent volumes to your Elasticsearch deployment to ensure data safety in case of pod failure.
  • Multi-node Clusters: Scale your Elasticsearch deployment by increasing the replica count and configuring proper node discovery settings.
  • Security: Secure your Elastic Stack components using Elasticsearch’s built-in security features or Kubernetes network policies.
  • Performance Tuning: Customize JVM options, memory limits, and resource requests according to your cluster’s capabilities and expected workload.

Visualizing Data with Kibana

Once Kibana is up and running, access the web interface and connect it to Elasticsearch. Use Kibana’s Discover feature to explore your Kubernetes logs. Here is how you might create an index pattern to view container logs:

GET /_cat/indices?v

# In Kibana
# Go to Management > Index Patterns > Create Index Pattern
# Enter "logstash-*" and follow the wizard

After setting up the index pattern, use Kibana visualizations and dashboards to monitor and analyze your Kubernetes clusters’ logging data.

Conclusion

In this tutorial, we learned how to combine Kubernetes with the Elastic Stack to create a robust logging and analysis solution. This setup can be an invaluable tool for monitoring and diagnosing issues in distributed systems and to help in making data-driven decisions in your IT infrastructure.

Search tutorials, examples, and resources