An easy way to add alerting to Elasticsearch on Kubernetes with Skedler Alerts
There is a simple and effective way to add alerting for your Elasticsearch applications that are deployed to Kubernetes. Skedler Alerts offers no-code alerting for Elasticsearch and reduces the time, effort, and cost of monitoring your machine data for anomalies. In this article, you are going to learn how to deploy Skedler Alerts for Elasticsearch applications to Kubernetes with ease.
What is Kubernetes?
For those that haven’t ventured into container orchestration, you’re probably wondering what Kubernetes is. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
Kubernetes (“k8s” for short), was a project originally started at, and designed by Google, and is heavily influenced by Google’s large scale cluster management system, Borg. More simply, k8s gives you a platform for managing and running your applications at scale across multiple physical (or virtual) machines.
Kubernetes offers the following benefits:
- Workload Scalability
- High Availability
- Designed for deployment
Deploying Skedler Alerts to Kubernetes
If you haven’t already downloaded Skedler Alerts, please download it from www.skedler.com. Review the documentation to get started.
Creating a K8s ConfigMap
Kubernetes ConfigMaps allows a containerized application to become portable without worrying about configurations. Users and system components can store configuration data in ConfigMap. In Skedler Alerts ConfigMaps can be used to store database connection string information such as datastore settings, port number, server information and files locations, log directory etc.
If Skedler Alerts defaults are not enough, one may want to customize alertconfig.yml through a ConfigMap. Please refer to Alertconfig.yml Configuration for all available attributes.
1.Create a file called alerts-configmap.yaml in your project directory and paste the following
alerts-configmap.yaml:
apiVersion: v1
kind: ConfigMap
metadata:
name: alerts-config
labels:
app: alerts
data:
alertconfig.yml: |
—
#port: 3001
#host: “0.0.0.0”
#*******INDEX SETTINGS*********************
elasticsearch_url: “http://localhost:9200”
#alert_display_url: “http://localhost:3001”
#******DATASTORE SETTINGS*****************
alert_index: “.alert”
alert_history: “alert_history”
#alert_history_timestamp: false
alerts_path: “/opt/alerts”
#workerCount: 1
log_dir: “/data/log”
ui_files_location: “/data/uifiles”
#*****SECURITY SETTINGS******************
#To enable Elasticsearch security users in Skedler Alerts set this variable as yes
.
#ESsecurity_user_login: no
#Type of security plugin x-pack
/ searchguard
/ readonlyrest
/ opendistro
#security_plugin: x-pack
#User Impersonation for x-pack / searchguard / opendistro
#If configured yes
then user impersonation will be enabled
#user_impersonation: no
#If Elastic search uses x-pack / search guard / Read Only Rest / any basic auth, add the x-pack user name and password here for alert
#alert_elasticsearch_username: user
#alert_elasticsearch_password: pass
#If elasticsearch behind Ngnix, configure Ngnix username password for elasticsearch here
#alert_nginx_elasticsearch_username: user
#alert_nginx_elasticsearch_password: pass
- To deploy your configmap, execute the following command
kubectl create -f alerts-configmap.yaml
Creating Deployment and Service
To deploy Skedler Alerts, we’re going to use the “skedler-deployment” pod type. A deployment wraps the functionality of Pods and Replica Sets to allow you to update your application. Now that our Skedler Alerts application is deployed, we need a way to expose it to traffic from outside the cluster. To this, we’re going to add a Service inside the skedler-deployment.yaml file. We’re going to open up a NodePort directly to our application on port 30001.
1.Create a file called alerts-deployment.yaml in your project directory and paste the following
alerts-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: skedler-alerts
labels:
app: alerts
spec:
replicas: 1
selector:
matchLabels:
app: alerts
template:
metadata:
labels:
app: alerts
spec:
containers:
– name: alerts
image: skedler/alerts:latest
imagePullPolicy: Always
command: [“/opt/alert/bin/alert”]
ports:
– containerPort: 3001
volumeMounts:
– name: skedler-alerts-storage
mountPath: /data
– name: alerts-config
mountPath: /opt/alert/config/alertconfig.yml
subPath: alertconfig.yml
volumes:
– name: skedler-alerts-storage
– name: alerts-config
configMap:
name: alerts-config
—
apiVersion: v1
kind: Service
metadata:
name: alerts
labels:
app: alerts
spec:
selector:
app: alerts
ports:
– port: 3001
protocol: TCP
nodePort: 30001
type: LoadBalancer
2. For deployment, execute the following command,
kubectl create -f alerts-deployment.yaml
3. To get your deployment with kubectl, execute the following command,
kubectl get deployments
4. We can get the service details by executing the following command,
kubectl get services
Now, Skedler Alerts will be deployed in 30001 port.
Accessing Skedler Alerts
Skedler Alerts can be accessed from the following URL, http://<hostIP>:30001
To learn more about creating Skedler Alerts, visit Skedler documentation site.
Summary
This blog was a very quick overview of how to get Skedler Alerts for Elasticsearch application up and running on Kubernetes with the least amount of configuration possible. Kubernetes is an incredibly powerful platform that has many more features than we used today. We hope that this article gave a headstart and saved you time.