Deploy Beatsedit
If you do not have an Elasticsearch cluster with Kibana available, see Installing the Elastic Stack and deploy Elasticsearch and Kibana, then come back to this page to deploy Beats.
Kubernetes secretsedit
Rather than putting the Elasticsearch and Kibana endpoints into the manifest files they
are provided to the Filebeat pods as k8s secrets. Edit the files
elasticsearch-hosts-ports and kibana-host-port. The files provided in the
example contain details regarding the file format. You should have two files
resembling:
elasticsearch-hosts-ports:
["http://10.1.1.4:9200", "http://10.1.1.5:9200"]
kibana.host.port:
"http://10.1.1.6:5601"
Create the secretedit
kubectl create secret generic elastic-stack \ --from-file=./elasticsearch-hosts-ports \ --from-file=./kibana-host-port --namespace=kube-system
Deploy data views, visualizations, dashboards, and machine learning jobsedit
Filebeat and Metricbeat provide the configuration for things like web servers, caches, proxies, operating systems, container environments, databases, etc. These are referred to as Beats modules. By deploying these configurations you will be populating Elasticsearch and Kibana with data views, visualizations, dashboards, machine learning jobs, etc.
kubectl create -f filebeat-setup.yaml kubectl create -f metricbeat-setup.yaml
These setup jobs are short lived, you will see them transition to the
completed state in the output of kubectl get pods -n kube-system
Verifyedit
kubectl get pods -n kube-system | grep beat
Verify that the setup pods complete. Check the logs for the setup pods to ensure that they connected to Elasticsearch and Kibana (the setup pod connects to both).
Deploy the Beat DaemonSetsedit
kubectl create -f filebeat-kubernetes.yaml kubectl create -f metricbeat-kubernetes.yaml
Verifyedit
Check for the running DaemonSets. Verify that there is one Filebeat and Metricbeat pod per k8s Node running.
kubectl get pods -n kube-system | grep beat