Kubernetes Monitoring Using ELK Stack

curl -L -O <https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-linux-x86_64.tar.gz>
tar -xzvf elasticsearch-7.2.0-linux-x86_64.tar.gz
cd elasticsearch-7.2.0

network.host: 0.0.0.0
cluster.initial_master_nodes: ["172.16.169.17"]

sudo sysctl -w vm.max_map_count=262144

./bin/elasticsearch

curl -L -O <https://artifacts.elastic.co/downloads/kibana/kibana-7.2.0-linux-x86_64.tar.gz>
tar xzvf kibana-7.2.0-linux-x86_64.tar.gz
cd kibana-7.2.0-linux-x86_64/

server.host: "0.0.0.0"

./bin/kibana

["<http://172.16.169.17:9200>"]

- condition.contains:
    kubernetes.labels.app: redis
  config:
    - module: redis
      log:
        input:
          type: docker
          containers.ids:
            - ${data.kubernetes.container.id}
      slowlog:
        enabled: true
        var.hosts: ["${data.host}:${data.port}"]

kubectl create -f filebeat-kubernetes.yaml
kubectl get pods -n kube-system -l k8s-app=filebeat-dynamic

- condition.equals:
    kubernetes.labels.tier: backend
  config:
    - module: redis
      metricsets: ["info", "keyspace"]
      period: 10s

      # Redis hosts
      hosts: ["${data.host}:${data.port}"]

kubectl create -f metricbeat-kubernetes.yaml
kubectl get pods -n kube-system -l k8s-app=metricbeat

packetbeat.interfaces.device: any

packetbeat.protocols:
- type: dns
  ports: [53]
  include_authorities: true
  include_additionals: true

- type: http
  ports: [80, 8000, 8080, 9200]

- type: mysql
  ports: [3306]

- type: redis
  ports: [6379]

packetbeat.flows:
  timeout: 30s
  period: 10s

kubectl create -f packetbeat-kubernetes.yaml
kubectl get pods -n kube-system -l k8s-app=packetbeat-dynamic