Deployments, Services and Ingresses to run a recent Graylog2 on Kubernetes in #yolo mode without any persistence.

README.md

These Kubernetes resources deploy a recent Graylog2 cluster on Kubernetes in #yolo mode without any persistence – The ideal way to quickly run, inspect and adapt a Graylog cluster in Kubernetes. The Deployment will install:

• Graylog 2.4.0
• Elasticsearch 5.6.3
• Kibana 5.6.3

Deploy Graylog

1. To install Graylog, download the YAML-files
2. Change the <SOME_GRAYLOG_SECRET_WITH_AT_LEAST_16_CHARS> to a secret only known to you.
3. To access your Graylog/Elasticsearch/Kibana stack from outside of Kubernetes (like from your browser), you need a running Ingress controller like Traefik and ideally a wildcard domain pointing at Traefik (*.k8s.yoursite.io).
4. Replace <YOUR_EXTERNAL_GRAYLOG_URL>, <YOUR_EXTERNAL_ELASTICSEARCH_URL> and <YOUR_EXTERNAL_KIBANA_URL> with the ones pointing at your Ingress controller. Examples:
   • http://graylog.k8s.yoursite.io
   • http://elasticsearch.k8s.yoursite.io
   • http://kibana.k8s.yoursite.io
5. Point the GELF-Appender in your apps to:
   • From outside of Kubernetes, point at graylog.k8s.yoursite.io:12201
   • From outside of Kubernetes, point at graylog-service:12201

Yoiu can log in to Graylog using the default admin:admin password. And yes, you should change that ... have fun analyzing your logs :-)

More Information

More about Graylog: http://docs.graylog.org/en/latest/pages/installation/docker.html

More about Kubernetes: https://kubernetes.io/docs/home/

graylog-deployment.yml

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: graylog-deployment
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: graylog
    spec:
      containers:
        # mongo
      - name: mongo
        image: mongo:3
        ports:
        - containerPort: 27017

        # elastic
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:5.6.3
        command:
        - /bin/bash
        - bin/elasticsearch
        - -Expack.security.enabled=false
        - -Ecluster.name=graylog
        env:
        - name: ES_JAVA_OPTS
          value: -Xms2g -Xmx2g
        resources:
          requests:
            cpu: "1"
            memory: 3Gi
          limits:
            cpu: "4"
            memory: 4Gi
        ports:
        - containerPort: 9200
        - containerPort: 9300

        # kibana
      - name: kibana
        image: docker.elastic.co/kibana/kibana:5.6.3
        env:
        - name: ELASTICSEARCH_URL
          value: http://localhost:9200
        command:
        - /bin/bash
        - /usr/local/bin/kibana-docker
        - xpack.security.enabled=false
        - xpack.monitoring.enabled=false
        - xpack.reporting.enabled=false
        - elasticsearch.url=http://localhost:9200
        - server.name=<YOUR_EXTERNAL_KIBANA_URL>
        resources:
          requests:
            cpu: 100m
            memory: 256Mi
          limits:
            cpu: "1"
            memory: "1Gi"
        ports:
        - containerPort: 5601

        # graylog
      - name: graylog
        image: graylog/graylog:2.4.0-1
        env:
        - name: GRAYLOG_PASSWORD_SECRET
          value: <SOME_GRAYLOG_SECRET_WITH_AT_LEAST_16_CHARS>
        - name: GRAYLOG_ROOT_PASSWORD_SHA2
          value: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
        - name: GRAYLOG_WEB_ENDPOINT_URI
          value: http://<YOUR_EXTERNAL_GRAYLOG_URL>/api
        - name: GRAYLOG_MONGODB_URI
          value: mongodb://localhost:27017/graylog
        - name: GRAYLOG_ELASTICSEARCH_HOSTS
          value: http://localhost:9200
        - name: GRAYLOG_ROTATION_STRATEGY
          value: time
        - name: GRAYLOG_ELASTICSEARCH_MAX_TIME_PER_INDEX
          value: "1d"
        - name: GRAYLOG_ELASTICSEARCH_MAX_NUMBER_OF_IINDICES
          value: "10"
        - name: GRAYLOG_ELASTICSEARCH_INDEX_PREFIX
          value: "graylog"
        - name: GRAYLOG_ELASTICSEARCH_SHARDS
          value: "1"
        resources:
          requests:
            cpu: "1"
            memory: "1Gi"
          limits:
            cpu: "4"
            memory: "3Gi"
        ports:
        - containerPort: 9000

graylog-ingress.yml

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    app: graylog
  name: graylog-ingress
spec:
  rules:
  - host: <YOUR_EXTERNAL_GRAYLOG_URL>
    http:
      paths:
      - backend:
          serviceName: graylog-service
          servicePort: 9000
  - host: <YOUR_EXTERNAL_ELASTICSEARCH_URL>
    http:
      paths:
      - backend:
          serviceName: graylog-service
          servicePort: 9200
  - host: <YOUR_EXTERNAL_KIBANA_URL>
    http:
      paths:
      - backend:
          serviceName: graylog-service
          servicePort: 5601

graylog-service.yml

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: graylog
  name: graylog-service
spec:
  ports:
  - name: graylog
    port: 9000
    protocol: TCP
    targetPort: 9000
  - name: elasticsearch
    port: 9200
    protocol: TCP
    targetPort: 9200
  - name: kibana
    port: 5601
    protocol: TCP
    targetPort: 5601
  - name: gelf
    port: 12201
    protocol: TCP
    targetPort: 12201
  selector:
    app: graylog