Kibana Meets Kubernetes

Second Sight

Check It Out

If you tried to jump ahead and run a Helm command, you might have been disappointed. First, you need to make sure that Helm and K3s are playing together nicely by telling Helm where to access the Kubernetes cluster:

$ export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
$ kubectl get pods --all-namespaces
$ helm ls --all-namespaces

If you didn't get any errors, then all is well and you can continue; otherwise, search online for Helm errors relating to issues such as cluster unreachable and the like.

Next, having tweaked the values file to your requirements, run the chart installation command:

$ helm install stable/elastic-stack --generate-name

Listing 3 reports some welcome news – an installed set of Helm charts that report a DNS name to access. Now you can access Elastic Stack from inside or outside the cluster.

Listing 3

Kibana Access Info

NAME: elastic-stack-1583501473
LAST DEPLOYED: Fri Mar  6 13:31:15 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
The elasticsearch cluster and associated extras have been installed.
Kibana can be accessed:
  * Within your cluster, at the following DNS name at port 9200:
    elastic-stack-1583501473.default.svc.cluster.local
  * From outside the cluster, run these commands in the same shell:
    export POD_NAME=$(kubectl get pods --namespace default -l "app=elastic-stack,release=elastic-stack-1583501473" -o jsonpath="{.items[0].metadata.name}")
    echo "Visit http://127.0.0.1:5601 to use Kibana"
    kubectl port-forward --namespace default $POD_NAME 5601:5601

Instead of following the details in the listing, for now, I'll adapt them and access Kibana (in the default Kubernetes namespace) with the commands:

$ export POD_NAME=$(kubectl get pods -n default | grep kibana | awk '{print $1}')
$ echo "Visit http://127.0.0.1:5601 to use Kibana"
$ kubectl port-forward --namespace default $POD_NAME 5601:5601

By clicking the URL displayed in the echo statement – et voilà! – a Kibana installation awaits your interaction. To test that things look sane, click through the sample data links in the Discover section (Figure 1).

Figure 1: Elastic Stack installed by Helm and running on K3s with sample data.

In normal circumstances, you need to ingest data into your Elastic Stack. Detailed information on exactly how to do that, dependent on your needs, is on the Elastic site [9]. This comprehensive document is easy to follow and well worth a look. Another resource [10] describes a slightly different approach to the one I've taken, with information on how to get Kubernetes to push logs into Elasticsearch to monitor Kubernetes activities with Fluentd [11]. Note the warning about leaving Kibana opened up to public access and the security pain that may cause you. If you're interested in monitoring Kubernetes, you can find information on that page to get you started.

As promised at the beginning of this article, the aim of my lab installation was to create some dashboards, as shown in a more visual representation of the sample data in Figure 2.

Figure 2: The dashboard section in Kibana.

The End Is Nigh

There's something very satisfying about being able to set up a lab quickly by getting a piece of tech working before rolling it out into some form of consumer-facing service. As you can see, the full stack, including K3s, is slick and fast to set up. The solution is pretty much perfect for experimentation. The installation is so quick, you are able to tear it down and rebuild it (or, e.g., write an Ansible playbook to create it) without the interminable wait.

I will leave you to ingest some useful telemetry into your shiny new Elastic Stack.

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus