In this video, we use the ELK Stack to collect logs of applications deployed on a Kubernetes cluster.
Click here for full video: click here
- Docker Desktop (on Mac & Windows) or Docker Engine (on Linux)
- Kubectl
- Minikube
docker --versionkubectl version --clientminikube versionminikube start --cpus=4 --memory=4096 --driver=dockerkubectl get nodeskubectl create namespace demo-appskubectl apply -f app1.yamlkubectl apply -f app2.yamlkubectl create namespace loggingkubectl apply -f elasticsearch-updated.yamlkubectl get pods -n loggingkubectl get pvc -n loggingkubectl get pv -n loggingkubectl apply -f kibana.yamlkubectl get pods -n loggingminikube service kibana -n logging --urlcurl -L -O https://raw.githubusercontent.com/elastic/beats/7.17/deploy/kubernetes/filebeat-kubernetes.yaml- Update ELASTICSEARCH_HOST with = http://elasticsearch.logging.svc.cluster.local:9200
- Add the namespace "demo-apps" to the Filebeat pod annotations if you want namespace-specific logs.
- But Filebeat is running as a DaemonSet to it has access to all pods across all namespaces via its ClusterRole.
kubectl apply -f filebeat-kubernetes-updated.yaml- Explore on My Own
- Click Home Left Panel
- Go to Stack Management
- Click Index Patterns - create an index pattern name e.g: filebeat-*
- Select @timestamp in Timestamp field
- Click create index pattern.
- Go to Discover on the left panel of homepage to see logs from app1 and app2.
kubectl logs app1 -n demo-apps | tailkubectl logs app2 -n demo-apps | head- On the left panel (under Available fields)
- Scroll down to the bottom to see e.g. log message, log.file.path, etc.
- Click to examine them.
kubectl apply -f nginx-deployment.yamlminikube service nginx-service -n demo-apps --url- Add filter
- Field = kubernetes.labels.app, Operator = is, Value = nginx & Save. (You may have to change timestamp next to the "Refresh button" to see some logs)
kubectl delete ns loggingkubectl delete ns demo-appsminikube stopminikube delete --all