13.2.5 Enabling Logstash

Perform the following steps to enable logstash:
  1. Navigate to the $WORKDIR/kubernetes/elasticsearch-and-kibana directory and create a logstash.yaml file as follows:
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: oig-logstash
      namespace: <ELKNS>
    spec:
      selector:
        matchLabels:
          k8s-app: logstash
      template: # create pods using pod definition in this template
        metadata:
          labels:
            k8s-app: logstash
        spec:
          imagePullSecrets:
          - name: dockercred
          containers:
          - command:
            - logstash
            image: logstash:<ELK_VER>
            imagePullPolicy: IfNotPresent
            name: oig-logstash
            env:
            - name: ELASTICSEARCH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: elasticsearch-pw-elastic
                  key: password
            resources:
            ports:
            - containerPort: 5044
              name: logstash
            volumeMounts:
            - mountPath: <mountPath>
              name: weblogic-domain-storage-volume
            - name: shared-logs
              mountPath: /shared-logs
            - mountPath: /usr/share/logstash/pipeline/
              name: oig-logstash-pipeline
            - mountPath: /usr/share/logstash/config/logstash.yml
              subPath: logstash.yml
              name: config-volume
            - mountPath: /usr/share/logstash/config/certs
              name: elk-cert
          volumes:
          - configMap:
              defaultMode: 420
              items:
              - key: elk.crt
                path: elk.crt
              name: elk-cert
            name: elk-cert
          - configMap:
              defaultMode: 420
              items:
              - key: logstash-config.conf
                path: logstash-config.conf
              name: oig-logstash-configmap
            name: oig-logstash-pipeline
          - configMap:
              defaultMode: 420
              items:
              - key: logstash.yml
                path: logstash.yml
              name: oig-logstash-configmap
            name: config-volume
          - name: weblogic-domain-storage-volume
            persistentVolumeClaim:
              claimName: governancedomain-domain-pvc
          - name: shared-logs
            emptyDir: {}
    
    • Change the <ELK_VER>, <ELK_SSL> to match the values for your environment.
    • Change <mountPath> to match the mountPath returned in Finding Required Domain Details.
    • Change the claimName value to match the claimName returned earlier
    • If your Kubernetes environment does not allow access to the internet to pull the logstash image, you must load the logstash image in your own container registry and change image: logstash:<ELK_VER> to the location of the image in your container registry, for example container-registry.example.com/logstash:8.3.1
    For example:
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: oig-logstash
      namespace: oigns
    spec:
      selector:
        matchLabels:
          k8s-app: logstash
      template: # create pods using pod definition in this template
        metadata:
          labels:
            k8s-app: logstash
        spec:
          imagePullSecrets:
          - name: dockercred
          containers:
          - command:
            - logstash
            image: logstash:8.3.1
            imagePullPolicy: IfNotPresent
            name: oig-logstash
            env:
            - name: ELASTICSEARCH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: elasticsearch-pw-elastic
                  key: password
            resources:
            ports:
            - containerPort: 5044
              name: logstash
            volumeMounts:
            - mountPath: /u01/oracle/user_projects
              name: weblogic-domain-storage-volume
            - name: shared-logs
              mountPath: /shared-logs
            - mountPath: /usr/share/logstash/pipeline/
              name: oig-logstash-pipeline
            - mountPath: /usr/share/logstash/config/logstash.yml
              subPath: logstash.yml
              name: config-volume
            - mountPath: /usr/share/logstash/config/certs
              name: elk-cert
          volumes:
          - configMap:
              defaultMode: 420
              items:
              - key: elk.crt
                path: elk.crt
              name: elk-cert
            name: elk-cert
          - configMap:
              defaultMode: 420
              items:
              - key: logstash-config.conf
                path: logstash-config.conf
              name: oig-logstash-configmap
            name: oig-logstash-pipeline
          - configMap:
              defaultMode: 420
              items:
              - key: logstash.yml
                path: logstash.yml
              name: oig-logstash-configmap
            name: config-volume
          - name: weblogic-domain-storage-volume
            persistentVolumeClaim:
              claimName: governancedomain-domain-pvc
          - name: shared-logs
            emptyDir: {}
    
  2. Deploy the logstash pod by executing the following command:
    kubectl create -f $WORKDIR/kubernetes/elasticsearch-and-kibana/logstash.yaml 
    
    The output will look similar to the following:
    deployment.apps/oig-logstash created