K
Q

Elastic search cluster on Kubernetes Cluster vs VM

8/30/2019

I want to setup elastic stack (elastic search, logstash, beats and kibana) for monitoring my kubernetes cluster which is running on on-prem bare metals. I need some recommendations on the following 2 approaches, like which one would be more robust,fault-tolerant and of production grade. Let's say I have a K8 cluster named as K8-abc.

Approach 1- Will be it be good to setup the elastic stack outside the kubernetes cluster?

In this approach, all the logs from pods running in kube-system namespace and user-defined namespaces would be fetched by beats(running on K8-abc) and put into into the ES Cluster which is configured on Linux Bare Metals via Logstash (which is also running on VMs). And for fetching the kubernetes node logs, the beats running on respective VMs (which are participating in forming the K8-abc) would fetch the logs and put it into the ES Cluster which is configured on VMs. The thing to note here is the VMs used for forming the ES Cluster are not the part of the K8-abc.

Approach 2- Will be it be good to setup the elastic stack on the kubernetes cluster k8-abc itself?

In this approach, all the logs from pods running in kube-system namespace and user-defined namespaces would be send to Elastic search cluster configured on the K8-abc via logstash and beats (both running on K8-abc). For fetching the K8-abc node logs, the beats running on VMs (which are participating in forming the K8-abc) would put the logs into ES running on K8-abc via logstash which is running on k8-abc.

Can some one help me in evaluating the pros and cons of the before mentioned two approaches? It will be helpful even if the relevant links to blogs and case studies is provided.

-- Nitesh Ratnaparkhe
elastic-stack
elasticsearch
kibana
kubernetes
logstash

Similar Questions

How can i fix this code elasitcsearch on kubernetes
How to build multiple containers in Jenkins file?
Why memory usage is greater than what I set in Kubernetes's node?
Portworx not able to access securd etcd cluster even if i provide certs
Volumes in k8s pod/Container ... loosing some dirs from the Conatiner Image
How to assign existing elastic IP to master nodes of kops cluster in AWS

1 Answer

9/20/2019

I would be more inclined to the second solution. It has many advantages over the first one however it may seem more complex as it comes to the initial setup. You can actually ask similar question when it comes to migrate any other type of workload to Kubernetes. It has many advantages over VM. To name just a few:

  1. self-healing cluster,
  2. service discovery and integrated load balancing,
  3. Such solution is much easier to scale (HPA) in comparison with VMs,
  4. Storage orchestration. Kubernetes allows you to automatically mount a storage system of your choice, such as local storage, public cloud providers, and many more including Dynamic Volume Provisioning mechanism.

All the above points could be easily applied to any other workload and may bee seen as Kubernetes advantages in general so let's look why to use it for implementing Elastic Stack:

  1. It looks like Elastic is actively promoting use of Kubernetes on their website. See also this article.
  2. They also provide an official elasticsearch helm chart so it is already quite well supported by Elastic.

Probably there are many other reasons in favour of Kubernetes solution I didn't mention here. Here you can find a hands-on article about setting up Highly Available and Scalable Elasticsearch on Kubernetes.

-- mario
Source: StackOverflow