Best way to structure external ELK access on K8S cluster

4/23/2020

I've deployed an ELK stack to a digital ocean k8s cluster by following these instructions: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-elasticsearch-fluentd-and-kibana-efk-logging-stack-on-kubernetes

It worked great, I can access the kibana dashboard via a port-forward, no problem.

I have a handful of external applications that do not run inside of the k8s cluster and I'd like to send all of my application logs to the fluentd instance for viewing inside of kibana.

What's the best way to go about this securely? Should I create a service/ingress for my fluentd instance, set up a letsencrypt cert, and use winston's fluent transport to pass the logs in?

And then access kibana by just opening a local port-forward? What are the security implications of this and what's the best way to go about implementing it.

-- switz
digital-ocean
elk
fluentd
kubernetes
winston

0 Answers