jalogisch/README.md

## README.md

      
    Raw
  

              README.md
            
          
    These Kubernetes resources deploy a recent Graylog2 cluster on Kubernetes in #yolo mode
without any persistence – The ideal way to quickly run, inspect and adapt a Graylog
cluster in Kubernetes. The Deployment will install:

Graylog 2.4.0
Elasticsearch 5.6.3
Kibana 5.6.3

Deploy Graylog


To install Graylog, download the YAML-files
Change the <SOME_GRAYLOG_SECRET_WITH_AT_LEAST_16_CHARS> to a secret only known to you.
To access your Graylog/Elasticsearch/Kibana stack from outside of Kubernetes (like from your browser), you need a running Ingress controller like Traefik and ideally a wildcard domain pointing at Traefik (*.k8s.yoursite.io).
Replace <YOUR_EXTERNAL_GRAYLOG_URL>, <YOUR_EXTERNAL_ELASTICSEARCH_URL> and
<YOUR_EXTERNAL_KIBANA_URL> with the ones pointing at your Ingress controller. Examples:

http://graylog.k8s.yoursite.io
http://elasticsearch.k8s.yoursite.io
http://kibana.k8s.yoursite.io


Point the GELF-Appender in your apps to:

From outside of Kubernetes, point at graylog.k8s.yoursite.io:12201
From outside of Kubernetes, point at graylog-service:12201


Yoiu can log in to Graylog using the default admin:admin password. And yes, you should change that ... have fun analyzing your logs :-)
More Information

More about Graylog: http://docs.graylog.org/en/latest/pages/installation/docker.html
More about Kubernetes: https://kubernetes.io/docs/home/

  
## graylog-deployment.yml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: graylog-deployment
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: graylog
    spec:
      containers:
        # mongo
      - name: mongo
        image: mongo:3
        ports:
        - containerPort: 27017

        # elastic
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:5.6.3
        command:
        - /bin/bash
        - bin/elasticsearch
        - -Expack.security.enabled=false
        - -Ecluster.name=graylog
        env:
        - name: ES_JAVA_OPTS
          value: -Xms2g -Xmx2g
        resources:
          requests:
            cpu: "1"
            memory: 3Gi
          limits:
            cpu: "4"
            memory: 4Gi
        ports:
        - containerPort: 9200
        - containerPort: 9300

        # kibana
      - name: kibana
        image: docker.elastic.co/kibana/kibana:5.6.3
        env:
        - name: ELASTICSEARCH_URL
          value: http://localhost:9200
        command:
        - /bin/bash
        - /usr/local/bin/kibana-docker
        - xpack.security.enabled=false
        - xpack.monitoring.enabled=false
        - xpack.reporting.enabled=false
        - elasticsearch.url=http://localhost:9200
        - server.name=<YOUR_EXTERNAL_KIBANA_URL>
        resources:
          requests:
            cpu: 100m
            memory: 256Mi
          limits:
            cpu: "1"
            memory: "1Gi"
        ports:
        - containerPort: 5601

        # graylog
      - name: graylog
        image: graylog/graylog:2.4.0-1
        env:
        - name: GRAYLOG_PASSWORD_SECRET
          value: <SOME_GRAYLOG_SECRET_WITH_AT_LEAST_16_CHARS>
        - name: GRAYLOG_ROOT_PASSWORD_SHA2
          value: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
        - name: GRAYLOG_WEB_ENDPOINT_URI
          value: http://<YOUR_EXTERNAL_GRAYLOG_URL>/api
        - name: GRAYLOG_MONGODB_URI
          value: mongodb://localhost:27017/graylog
        - name: GRAYLOG_ELASTICSEARCH_HOSTS
          value: http://localhost:9200
        - name: GRAYLOG_ROTATION_STRATEGY
          value: time
        - name: GRAYLOG_ELASTICSEARCH_MAX_TIME_PER_INDEX
          value: "1d"
        - name: GRAYLOG_ELASTICSEARCH_MAX_NUMBER_OF_IINDICES
          value: "10"
        - name: GRAYLOG_ELASTICSEARCH_INDEX_PREFIX
          value: "graylog"
        - name: GRAYLOG_ELASTICSEARCH_SHARDS
          value: "1"
        resources:
          requests:
            cpu: "1"
            memory: "1Gi"
          limits:
            cpu: "4"
            memory: "3Gi"
        ports:
        - containerPort: 9000

## graylog-ingress.yml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    app: graylog
  name: graylog-ingress
spec:
  rules:
  - host: <YOUR_EXTERNAL_GRAYLOG_URL>
    http:
      paths:
      - backend:
          serviceName: graylog-service
          servicePort: 9000
  - host: <YOUR_EXTERNAL_ELASTICSEARCH_URL>
    http:
      paths:
      - backend:
          serviceName: graylog-service
          servicePort: 9200
  - host: <YOUR_EXTERNAL_KIBANA_URL>
    http:
      paths:
      - backend:
          serviceName: graylog-service
          servicePort: 5601

## graylog-service.yml
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: graylog
  name: graylog-service
spec:
  ports:
  - name: graylog
    port: 9000
    protocol: TCP
    targetPort: 9000
  - name: elasticsearch
    port: 9200
    protocol: TCP
    targetPort: 9200
  - name: kibana
    port: 5601
    protocol: TCP
    targetPort: 5601
  - name: gelf
    port: 12201
    protocol: TCP
    targetPort: 12201
  selector:
    app: graylog
	apiVersion: apps/v1beta1
	kind: Deployment
	metadata:
	name: graylog-deployment
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: graylog
	spec:
	containers:
	# mongo
	- name: mongo
	image: mongo:3
	ports:
	- containerPort: 27017

	# elastic
	- name: elasticsearch
	image: docker.elastic.co/elasticsearch/elasticsearch:5.6.3
	command:
	- /bin/bash
	- bin/elasticsearch
	- -Expack.security.enabled=false
	- -Ecluster.name=graylog
	env:
	- name: ES_JAVA_OPTS
	value: -Xms2g -Xmx2g
	resources:
	requests:
	cpu: "1"
	memory: 3Gi
	limits:
	cpu: "4"
	memory: 4Gi
	ports:
	- containerPort: 9200
	- containerPort: 9300

	# kibana
	- name: kibana
	image: docker.elastic.co/kibana/kibana:5.6.3
	env:
	- name: ELASTICSEARCH_URL
	value: http://localhost:9200
	command:
	- /bin/bash
	- /usr/local/bin/kibana-docker
	- xpack.security.enabled=false
	- xpack.monitoring.enabled=false
	- xpack.reporting.enabled=false
	- elasticsearch.url=http://localhost:9200
	- server.name=<YOUR_EXTERNAL_KIBANA_URL>
	resources:
	requests:
	cpu: 100m
	memory: 256Mi
	limits:
	cpu: "1"
	memory: "1Gi"
	ports:
	- containerPort: 5601

	# graylog
	- name: graylog
	image: graylog/graylog:2.4.0-1
	env:
	- name: GRAYLOG_PASSWORD_SECRET
	value: <SOME_GRAYLOG_SECRET_WITH_AT_LEAST_16_CHARS>
	- name: GRAYLOG_ROOT_PASSWORD_SHA2
	value: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
	- name: GRAYLOG_WEB_ENDPOINT_URI
	value: http://<YOUR_EXTERNAL_GRAYLOG_URL>/api
	- name: GRAYLOG_MONGODB_URI
	value: mongodb://localhost:27017/graylog
	- name: GRAYLOG_ELASTICSEARCH_HOSTS
	value: http://localhost:9200
	- name: GRAYLOG_ROTATION_STRATEGY
	value: time
	- name: GRAYLOG_ELASTICSEARCH_MAX_TIME_PER_INDEX
	value: "1d"
	- name: GRAYLOG_ELASTICSEARCH_MAX_NUMBER_OF_IINDICES
	value: "10"
	- name: GRAYLOG_ELASTICSEARCH_INDEX_PREFIX
	value: "graylog"
	- name: GRAYLOG_ELASTICSEARCH_SHARDS
	value: "1"
	resources:
	requests:
	cpu: "1"
	memory: "1Gi"
	limits:
	cpu: "4"
	memory: "3Gi"
	ports:
	- containerPort: 9000
	---
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	labels:
	app: graylog
	name: graylog-ingress
	spec:
	rules:
	- host: <YOUR_EXTERNAL_GRAYLOG_URL>
	http:
	paths:
	- backend:
	serviceName: graylog-service
	servicePort: 9000
	- host: <YOUR_EXTERNAL_ELASTICSEARCH_URL>
	http:
	paths:
	- backend:
	serviceName: graylog-service
	servicePort: 9200
	- host: <YOUR_EXTERNAL_KIBANA_URL>
	http:
	paths:
	- backend:
	serviceName: graylog-service
	servicePort: 5601
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: graylog
	name: graylog-service
	spec:
	ports:
	- name: graylog
	port: 9000
	protocol: TCP
	targetPort: 9000
	- name: elasticsearch
	port: 9200
	protocol: TCP
	targetPort: 9200
	- name: kibana
	port: 5601
	protocol: TCP
	targetPort: 5601
	- name: gelf
	port: 12201
	protocol: TCP
	targetPort: 12201
	selector:
	app: graylog