search
GreyMatter.ioTwitterGitHubSupport

Deploy an ELK Stack

For reference on the ELK stack, see the docsarrow-up-right.

hashtag
Prerequisites

  1. An existing Grey Matter deployment running on Kubernetes (tutorial)

  2. kubectl or oc setup with access to the cluster

  3. greymatter cli setup with access to the deployment

hashtag
Steps

hashtag
1. Clone and configure

If you have not already, clone the Grey Matter helm-charts repositoryarrow-up-right and cd into it:

git clone --single-branch --branch release-2.3 https://github.com/greymatter-io/helm-charts.git && cd ./helm-charts

If you installed Grey Matter using the installation guide, and your core Grey Matter services are running in the default namespace, move on to install.

If your core Grey Matter services are running in a Kubernetes namespace other than default, edit the file custom-values-files/kibana-proxy-values.yamlarrow-up-right in your cloned repo, and change the sidecar.envvars.xds_host value to control.<your-gm-namespace>.svc.

hashtag
2. Install

Run the following from the root directory of the helm-charts to install the ELK stack into a namespace observables:

make observables EKS=true

If you want to install the ELK stack into a different namespace, or your Grey Matter deployment is not running in EKS, modify the command to make observables EKS=<true or false> OBSERVABLES_NAMESPACE=<desired-namespace>

The ELK stack may take up to 15 minutes to stabilize. You can check the status with:

While it starts up, move on to step 3.

hashtag
3. Upgrade Grey Matter for the observables namespace

To allow Grey Matter Fabric to discover the observables namespace, open the global.yaml file you originally used when installing Grey Matter. Edit the global.control.additional_namespaces value and add observables:

Then, upgrade your Grey Matter fabric and sense installations for the new namespace:

hashtag
4. Configure the Kibana proxy in the mesh

Now, to configure the Kibana proxy with the mesh, run the following to generate the mesh configurations:

Answer the prompts as follows:

  1. serviceName = kibana-observables-proxy

  2. serviceHost = kibana-kibana.observables.svc.cluster.local - if you changed the namespace, replace .observables. with .<your-namespace>.

  3. servicePort = 5601

  4. sidecarIngressPort = 10808

  5. sidecarEgressPort = 10909

  6. trustDomain = quickstart.greymatter.io

  7. zone = zone-default-zone

  8. displayName = Kibana Observables Proxy

  9. version = 7.1.0

  10. owner = kibana

  11. capability = observables

  12. documentation = /services/kibana-observables-proxy/7.1.0

  13. minInstances = 1

  14. maxInstances = 1

The configurations will be saved into a directory kibana-observables-proxy, make sure that your cli is configured and control-api is accessible on port 5555. When ready, run the following to apply them:

You should then be able to see the card Kibana Observables Proxy on your Grey Matter application, and access it via the documentation link.

hashtag
5. Verify

Once all of the pods are running in the observables namespace, and you can access the Kibana proxy at the documentation link from the Grey Matter application, you have successfully installed the ELK stack! Move on to configure audits.

hashtag
Questions

circle-check

Create an account at Grey Matter Supportarrow-up-right to reach our team.

PreviousAudits and ObservablesNextConfigure Audits

Last updated

Was this helpful?