Skip to content

ltblueberry/efk-k8s-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
example
example
 
 
fluentbit
fluentbit
 
 
kibana
kibana
 
 
screenshots
screenshots
 
 
README.md
README.md
 
 

Repository files navigation

Example of EFK in K8S cluster

Example

Namespace

Create the monitoring namespace

kubectl create namespace monitoring

created namespace

Elasticsearch

Install Elasticsearch from this helm chart

Add and update elastic helm repository

helm repo add elastic https://helm.elastic.co
helm repo update

elastic helm repo

Deploy elasticsearch release from the helm chart

helm install elasticsearch elastic/elasticsearch --set imageTag="7.9.1" -n monitoring

or if you want to change the storage size

helm install elasticsearch elastic/elasticsearch --set imageTag="7.9.1",volumeClaimTemplate.resources.requests.storage="60Gi" -n monitoring

elastic pods

Kibana

Deploy Kibana manifests

kubectl apply -f kibana/

kibana-deploy

Example domain

Add our example domain to /etc/hosts

34.66.45.242  kibana.example.com

Kibana Lifecycle Policy

Open Kibana in web-browser kibana.example.com

Create Index Lifecycle Policy to delete stale indices

Go to the side menu and open Management/Dev Tools

kibana-dev-tools

Next request will create Index Lifecycle Policy, that will delete indices older that 20 days

PUT _ilm/policy/delete-20-days
{
    "policy" : {
      "phases" : {
        "delete" : {
          "min_age" : "20d",
          "actions" : {
            "delete" : { }
          }
        }
      }
    } 
}

kibana-policy

Next request will create Index Template and bind the created lifecycle policy

PUT _template/example_template
{
  "index_patterns": ["example-*"],
  "settings": {
    "index.lifecycle.name": "delete-20-days"
  }
}

kibana-index-template

Now all indices that match the example index template will apply that lifecycle policy when created.

Fluent Bit

Official installation guide

Deploy FluentBit manifests

kubectl apply -f fluentbit/

fluentbit-deploy

configmap.yaml - configuration for Fluent Bit

  • INPUT - define Tag Regex to match by namespace
  • FILTER - define custom parser 'k8s-custom-tag'
  • OUTPUT - match only example namespace and write to example index
  • PARSER - parser for defined tag regex

Generate demo data

Create the example namespace

kubectl create namespace example

Deploy log-generator pod

kubectl apply -f example/pod.yaml

log-generator-deploy

Check out example logs

Open Kibana in web-browser kibana.example.com

Go to the side menu and open Management/Stack Management/Index Management

Check out our new example index

kibana-index-management

Check out the index detail info about the lifecycle policy

kibana-index-management-policy

Create new Index Pattern for our example indecies. It should match all indecies that start with 'example'.

kibana-index-management-policy

Select time field @timestamp

kibana-index-management-policy

Check out logs from the log generator. Go to the side menu and open Kibana/Discover and select the index pattern.

kibana-discover

About

Example of EFK in K8S cluster

Topics

elasticsearch kibana example k8s example-project efk fluentbit

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

1 fork
Report repository