# Elasticsearch Add-On This add-on consists of a combination of [Elasticsearch][elasticsearch], [Fluentd][fluentd] and [Kibana][kibana]. Elasticsearch is a search engine that is responsible for storing our logs and allowing for them to be queried. Fluentd sends log messages from Kubernetes to Elasticsearch, whereas Kibana is a graphical interface for viewing and querying the logs stored in Elasticsearch. **Note:** this addon should **not** be used as-is in production. This is an example and you should treat it as such. Please see at least the [Security](#security) and the [Storage](#storage) sections for more information. ## Elasticsearch Elasticsearch is deployed as a [StatefulSet][statefulSet], which is like a Deployment, but allows for maintaining state on storage volumes. ### Security Elasticsearch has capabilities to enable authorization using the [X-Pack plugin][xPack]. For the sake of simplicity this example uses the fully open source prebuild images from elastic that do not contain the X-Pack plugin. If you need these features, please consider building the images from either the "basic" or "platinum" version. After enabling these features, follow [official documentation][setupCreds] to set up credentials in Elasticsearch and Kibana. Don't forget to propagate those credentials also to Fluentd in its [configuration][fluentdCreds], using for example [environment variables][fluentdEnvVar]. You can utilize [ConfigMaps][configMap] and [Secrets][secret] to store credentials in the Kubernetes apiserver. ### Initialization The Elasticsearch StatefulSet manifest specifies that there shall be an [init container][initContainer] executing before Elasticsearch containers themselves, in order to ensure that the kernel state variable `vm.max_map_count` is at least 262144, since this is a requirement of Elasticsearch. You may remove the init container if you know that your host OS meets this requirement. ### Storage The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to store data. EmptyDir is erased when the pod terminates, here it is used only for testing purposes. **Important:** please change the storage to persistent volume claim before actually using this StatefulSet in your setup! ## Fluentd Fluentd is deployed as a [DaemonSet][daemonSet] which spawns a pod on each node that reads logs, generated by kubelet, container runtime and containers and sends them to Elasticsearch. Learn more in the [official Kubernetes documentation][k8sElasticsearchDocs]. ## Building Both images are now being hosted in google cloud and are built via the [cloud build](https://cloud.google.com/cloud-build/) product. To build these images yourself you will need to have the [gcloud sdk](https://cloud.google.com/sdk/install) installed and you will need to login. You can then run `make` in either image directory to trigger a container build. ### Known problems Since Fluentd talks to the Elasticsearch service inside the cluster, instances on masters won't work, because masters have no kube-proxy. Don't mark masters with the label mentioned in the previous paragraph or add a taint on them to avoid Fluentd pods scheduling there. ### Known problems Since Fluentd talks to the Elasticsearch service inside the cluster, instances on masters won't work, because masters have no kube-proxy. Don't mark masters with the label mentioned in the previous paragraph or add a taint on them to avoid Fluentd pods scheduling there. If you like to run these tools in a production environment you could use the [Helm](https://helm.sh) charts, provided by the Helm community, which are used by a lot of people and therefore are widely tested. You can find them all via the [Helm Hub](https://hub.helm.sh/). The source of the mentioned charts can be found here: * [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch) * [Fluentd-elasticsearch](https://github.com/kiwigrid/helm-charts/tree/master/charts/fluentd-elasticsearch) * [Kibana](https://github.com/helm/charts/tree/master/stable/kibana)