minikube start -p eck --memory 8192 --cpus 4 --disk-size 50g
Install the Official CRDs and the ECK Operator, and spawn the quickstart ES with a Kibana:
kubectl apply -f https://download.elastic.co/downloads/eck/1.1.0/all-in-one.yaml
kubectl apply -f pv-standard.yaml
kubectl apply -f quickstart-es+kibana.yaml
$ kubectl get es
NAME HEALTH NODES VERSION PHASE AGE
quickstart green 1 7.6.2 Ready 72m
$ kubectl get kibana
NAME HEALTH NODES VERSION AGE
quickstart green 1 7.6.2 73m
Fetch the password from the minikube:
PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
Start a local kube proxy to reach the ES locally:
kubectl port-forward service/quickstart-es-http 9200
Issue a check GET request to the ES cluster via the local kube proxy:
curl -u "elastic:$PASSWORD" -k "http://localhost:9200"
{
"name" : "quickstart-es-default-0",
"cluster_name" : "quickstart",
"cluster_uuid" : "7QUV_Hn1RnmOsLAHjxknRg",
"version" : {
"number" : "7.6.2",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
"build_date" : "2020-03-26T06:34:37.794943Z",
"build_snapshot" : false,
"lucene_version" : "8.4.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
kubectl port-forward service/quickstart-kb-http 5601
Forwarding from 127.0.0.1:5601 -> 5601
Forwarding from [::1]:5601 -> 5601
And now open Kibana on https://localhost:5601
Let's use the ES cluster we just created with the name quickstart
. Setup fluentBit to use this ES cluster as an output.
es cluster url | elastic user | password secret name | password secret key |
---|---|---|---|
quickstart-es-http.default.svc.cluster.local | elastic | quickstart-es-elastic-user | elastic |
First fetch the official fileBeat manifest:
curl -L -O https://raw.githubusercontent.com/elastic/beats/7.6/deploy/kubernetes/filebeat-kubernetes.yaml
Now you need to modify the manifest to configure the ES credentials. See the diff below:
--- filebeat-kubernetes.yaml 2020-05-04 00:28:40.000000000 +0200
+++ filebeat-eck.yaml 2020-05-05 22:15:32.000000000 +0200
@@ -71,13 +71,17 @@
]
env:
- name: ELASTICSEARCH_HOST
- value: elasticsearch
+ value: quickstart-es-http.default.svc.cluster.local
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
- value: changeme
+ valueFrom:
+ secretKeyRef:
+ optional: false
+ name: quickstart-es-elastic-user
+ key: elastic
- name: ELASTIC_CLOUD_ID
value:
- name: ELASTIC_CLOUD_AUTH
Apply the modified manifest, and filebeat should startup and ship logs to ES.
kubectl apply -f filebeat-eck.yaml
So I have a k8s manifest prepared which which runs an ubuntu POD which just echoes a Hello message into it's stdout and into a file on a volume (emptyDir) which is configured to fileBeat as an input for log files.
kubectl apply -f filebeat-sidecar.yaml