- Add Catalog
- Install Nginx Ingress
- Install Cert- Manager
- Install mongodb-replicaset
- Install elasticsearch
- Install graylog
- Install fluent-bit
- Install Issuer
- DNS Records ADD
- Create Ingress for graylog
- Access graylog web ui
- Configure Graylog input
- Deploy sample application (nginx web server)
- Validate graylog lmessages/metrics
-
Go to Rancher Console > Cluster -> Default -> Apps -> Manage Catalogs > Add Catalog Name: google-repo Catalog URL: https://kubernetes-charts.storage.googleapis.com/
-
Go to Rancher Console > Cluster -> System -> Apps -> Manage Catalogs > Add Catalog Name: cert-manager Catalog URL: https://charts.jetstack.io
- Go to Rancher Console > Cluster -> Default -> Apps -> Launch
- Search "Nginx ingress"
- Select "Nginx ingress" and Launch.
- Go to Rancher Console > Cluster -> System -> Apps -> Launch
- Search "cert manager"
- Select "cert manager"
- Select Namespace "kube-system"
- Add Variable
installCRDs=true
- Launch.
- Go to Rancher Console > Cluster -> Default -> Apps -> Launch
- Search "mongodb-replicaset"
- Select "mongodb-replicaset"
- Select Namespace "graylog" and Launch.
- Go to Rancher Console > Cluster -> Default -> Apps -> Launch
- Search "elasticsearch"
- Select "elasticsearch"
- Select Namespace "graylog" and Launch.
- Go to Rancher Console > Cluster -> Default -> Apps -> Launch
- Search "graylog"
- Select "graylog"
- Select Namespace "graylog"
- Set Variables
graylog.elasticsearch.hosts=http://elasticsearch-client.graylog.svc.cluster.local:9200
graylog.externalUri=https://graylog.kubelancer.net
graylog.mongodb.uri=mongodb://mongodb-replicaset.graylog.svc.cluster.local:27017/graylog?replicaSet=rs0
tags.install-elasticsearch=false
tags.install-mongodb=false- Launch
- Go to Rancher Console > Cluster -> Default -> Resources -> Config Select graylog Click Edit Modify parameter http_external_uri as like
http_external_uri = https://graylog.kubelancer.net/- To Re-deploy pod to take configmap, Go to Rancher Console > Cluster -> Default -> Resources -> Workloads Click graylog Select graylog-0 Click Delete
Once POD up and running, then repeat same
Click graylog Select graylog-1 Click Delete
- Go to Rancher Console > Cluster -> Default -> Apps -> Launch
- Search "fluent-bit"
- Select "fluent-bit"
- Select Namespace "graylog"
- Launch
- Go to Rancher Console > Cluster -> Default -> Resources -> Config Select fluent-bit-config Click Edit Modify parameter fluent-bit-output.conf as like
[OUTPUT]
Name gelf
Match *
Host graylog-0.graylog.graylog.svc.cluster.local
Port 12201
Mode tcp
Gelf_Short_Message_Key log
Retry_Limit False
tls off
tls.verify on
tls.debug 1
[OUTPUT]
Name gelf
Match *
Host graylog-1.graylog.graylog.svc.cluster.local
Port 12201
Mode tcp
Gelf_Short_Message_Key log
Retry_Limit False
tls off
tls.verify on
tls.debug 1- To Re-deploy pod to take configmap, Go to Rancher Console > Cluster -> Default -> Resources -> Workloads Click fluent-bit Click Redeploy
- create letsencrypt-prod-graylog.yaml
vi letsencrypt-prod-graylog.yamlapiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: graylog
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: kubernetio@gmail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginxkubectl apply -f letsencrypt-prod-graylog.yaml- To check Issuer status
kubectl get issuer -n graylog- To get ingress External IP
kubectl get svc -n nginx-ingress- Add A record on DNS controller
Ex:
graylog.kubelancer.net A 35.184.146.232
- create graylog-ingress.yaml
vi graylog-ingress.yamlapiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: graylog-ingress-tls
namespace: graylog
annotations:
fluentbit.io/parser: "k8s-nginx-ingress"
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: letsencrypt-prod
spec:
tls:
- secretName: graylog-ingress-tls
hosts:
- graylog.kubelancer.net
rules:
- host: graylog.kubelancer.net
http:
paths:
- path: /
backend:
serviceName: graylog-web
servicePort: 9000- Create ingress for Graylog
kubectl apply -f graylog-ingress.yaml- To check certs status
kubectl get certs -n grayloghttps://graylog.kubelancer.net
Credentials: user: admin password:
To get password, run below command
kubectl get secret/graylog -n graylog -o yaml | grep graylog-password-secret: | awk {'print $2'} | base64 -d ; echo- Goto graylog Console -> system/inputs -> inputs
- Select
GELF TCP-> Launch new input - Select Global
- Title GELF TCP
- Click Save
- create deployment file nginx.yaml
vi nginx.yamlapiVersion: v1
kind: Service
metadata:
namespace: graylog
creationTimestamp: null
labels:
app: nginx
name: nginx
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
status:
loadBalancer: {}
---
---
apiVersion: v1
kind: Pod
metadata:
namespace: graylog
creationTimestamp: null
labels:
app: nginx
name: nginx
annotations:
fluentbit.io/parser: nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}- Apply the deployment
kubectl apply -f nginx.yaml-
Create DNS record. web1.kubelancer.net A 35.225.208.53
-
create ingress for web application
vi web1-ingress.yamlapiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web1-ingress-tls
namespace: graylog
annotations:
fluentbit.io/parser: "k8s-nginx-ingress"
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: letsencrypt-prod
spec:
tls:
- secretName: web1-ingress-tls
hosts:
- web1.kubelancer.net
rules:
- host: web1.kubelancer.net
http:
paths:
- path: /
backend:
serviceName: nginx
servicePort: 80- Apply the web Ingress
kubectl apply -f web1-ingress.yaml- Goto graylog Console -> Search