Platform Engineers

Kubernetes Logging: Centralized Logging with ELK Stack

Platform Engineers's photo
Platform Engineers
·

2 min read

Kubernetes, a container orchestration system, generates a vast amount of log data from its various components, including pods, nodes, and control plane components. Effective log management is crucial for monitoring, troubleshooting, and maintaining the reliability of Kubernetes clusters. This blog post will delve into the technical aspects of implementing centralized logging using the ELK Stack (Elasticsearch, Logstash, Kibana) in a Kubernetes environment.

Log Collection and Forwarding

To collect logs from Kubernetes, we will use Fluentd, a popular log collector and forwarder. Fluentd can be deployed as a DaemonSet in the Kubernetes cluster, ensuring that each node runs a Fluentd instance. This setup allows Fluentd to collect logs from all pods running on the node.

Here is an example of a Fluentd DaemonSet configuration:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
spec:
  selector:
    matchLabels:
      app: fluentd
  template:
    metadata:
      labels:
        app: fluentd
    spec:
      containers:
      - name: fluentd
        image: fluent/fluentd:v1.12.0
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: fluentdconf
          mountPath: /fluentd/etc
  volumes:
  - name: varlog
    hostPath:
      path: /var/log
      type: Directory
  - name: fluentdconf
    configMap:
      name: fluentd-config

Log Processing and Storage

Logstash will be used to process and transform the collected logs before storing them in Elasticsearch. Logstash can be deployed as a Deployment in the Kubernetes cluster.

Here is an example of a Logstash Deployment configuration:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: logstash
spec:
  replicas: 1
  selector:
    matchLabels:
      app: logstash
  template:
    metadata:
      labels:
        app: logstash
    spec:
      containers:
      - name: logstash
        image: docker.elastic.co/logstash/logstash:7.10.2
        volumeMounts:
        - name: logstashconf
          mountPath: /usr/share/logstash/config
  volumes:
  - name: logstashconf
    configMap:
      name: logstash-config

Log Visualization and Analysis

Kibana will be used to visualize and analyze the logs stored in Elasticsearch. Kibana can be deployed as a Deployment in the Kubernetes cluster.

Here is an example of a Kibana Deployment configuration:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
      - name: kibana
        image: docker.elastic.co/kibana/kibana:7.10.2
        volumeMounts:
        - name: kibanconf
          mountPath: /usr/share/kibana/config
  volumes:
  - name: kibanconf
    configMap:
      name: kibana-config

When implementing centralized logging in a Kubernetes environment, platform engineers must ensure that the logging infrastructure is scalable, reliable, and secure. This includes configuring Fluentd, Logstash, and Elasticsearch to handle high volumes of log data, implementing data retention policies, and securing access to the logging components.

Conclusion

In this blog post, we have discussed the technical details of implementing centralized logging using the ELK Stack in a Kubernetes environment. By deploying Fluentd, Logstash, and Kibana as Kubernetes resources, we can effectively collect, process, store, and visualize logs from our Kubernetes cluster. This setup provides a robust logging infrastructure for monitoring and troubleshooting Kubernetes applications.