Setup a centralized logging system which helps to visualize logs from multiple nodes of kubernetes applications on a single Platform.

• aws-cli
• aws-configure
• EKS cluster access
• Kubectl
• Helm v3

Filebeat - Generally, the beats family are open-source lightweight data shippers that you install as agents on your servers to send operational data to Elasticsearch. Beats can send data directly to Elasticsearch or via Logstash, where you can further process and enhance the data (image). Filebeat helps keep things simple by offering a lightweight way (low memory footprint) to forward and centralize logs and files, making the use of SSH unnecessary when you have a number of servers, virtual machines, and containers that generate logs. Other benefits of Filebeat are the ability to handle large bulks of data, and deal efficiently with backpressure. Essentially, Filebeat is a logging agent installed on the machine generating the log files, tailing them, and forwarding the data to either Logstash for more advanced processing or directly into Elasticsearch for indexing.

Logstash - It pulls and receives the data from multiple systems, transforming it into a meaningful set of fields and eventually streaming the output to a defined destination for storage.

• Even though Filebeat can directly forward logs to ES, the use of a combination of Filebeat and Logstash is recommended because otherwise, only timestamp and message fields will be visible. Logstash is required for the “T” in ETL (Transformation) and to act as an aggregator for multiple logging pipelines.

• Filebeat does not offer grok (Grok is a way to parse unstructured log data into something structured and queryable) filtering method (combining text patterns into something that matches the logs).

• Logstash requires a JVM to run that causes significant memory consumption. Hence, running it on every system is not feasible.

Therefore, Filebeat would act as a lightweight agent deployed on the edge host, pumping data into Logstash for aggregation, filtering and enrichment.

• aws-cli

  

  Click here to get more information to download aws-cli.

• aws-configure

  

  Click here to get more information to set up aws configure .

• EKS cluster access

  

  Click here to get more information about EKS-access.

• Install kubectl

  

  Click here to get more information to download kubectl.

• Helm v3

  

  Click here to get more information to download the helm.

Note-: You must be in that directory where the helm-chart is.

Output should be like below

Create Kibana service file to access from URL

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-name
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/certificate-arn: "certificate-arn"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/subnets: list-of-subnets
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/actions.authors-redirection: '{"Type":"redirect","RedirectConfig":{"Host":"authors.glorifire.com","Port":"443","Protocol":"HTTPS","Query":"#{query}","StatusCode":"HTTP_301"}}'

spec:
  rules:
    - host: prod-logging-kibana.mypat.in
      http:
        paths:
        - path: /*
          backend:
            serviceName: elk-nginx
            servicePort: 8080

Access Kibana from browser

Create a Dockerfile for Nginx setup along with apache2-utils setup

FROM nginx:1.19

# Install apache2-utils to get htpasswd command
RUN apt-get update -y && apt-get install -y apache2-utils && rm -rf /var/lib/apt/lists/*

# Basic auth credentials
ENV BASIC_USERNAME=username
ENV BASIC_PASSWORD=password

# Forward host and foward port as env variables
# google.com is used as a placeholder, to be replaced using environment variables
ENV FORWARD_HOST=google.com
ENV FORWARD_PORT=80

# Nginx config file
WORKDIR /
COPY nginx-basic-auth.conf nginx-basic-auth.conf

# Startup script
COPY run.sh ./
RUN chmod 0755 ./run.sh
CMD [ "./run.sh" ]

Add a bash script which helps to generate password

#!/bin/sh

# nginx config variable injection
envsubst < nginx-basic-auth.conf > /etc/nginx/conf.d/default.conf

# htpasswd for basic authentication
htpasswd -c -b /etc/nginx/.htpasswd admin kibana@mypat

nginx -g "daemon off;"

Add a nginx-conf file to redirect from kibana service

server {
    listen 8080 default_server;

    location / {
        auth_basic             "Restricted";
        auth_basic_user_file   .htpasswd;

        proxy_pass             http://kibana-kibana:5601;
        proxy_read_timeout     900;
    }
}

Launch above nginx pod

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: elk-nginx
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: elk-nginx
  template:
    metadata:
      labels:
        app: elk-nginx
    spec:
      containers:
      - name: nginx
        image: imageURL
        imagePullPolicy: Always
        ports:
        - containerPort: 8080

---
apiVersion: v1
kind: Service
metadata:
  name: elk-nginx
  namespace: default
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
  selector:
    app: elk-nginx

Yogendra Pratap Singh