Day 11:Deploying ELK Stack on Docker Swarm Cluster
"Hello, I'm Kiran Pawar, a passionate Cloud and Devops Engineer with a strong background in cloud automation, configuration, and deployment. My journey in the world of technology has been a thrilling adventure, where I've had the privilege to work with cutting-edge tools and practices.
๐ As a DevOps Engineer:
I specialize in automating, configuring, and deploying instances in cloud environments and data centers. My expertise extends to DevOps, GitOps, CI/CD pipeline management, HashiCorp Terraform, and containerization. I'm proficient in AWS and Linux/Unix administration, ensuring robust infrastructure and application performance.
๐ง My Tech Stack:
Front-end skills: HTML, CSS, SCSS, Tailwind CSS, Bootstrap, React, Material-UI, JavaScript DevOps toolbox: GIT, OWASP,Nexus,Trivy, Github, Gitlab, Terraform, Ansible, Docker, Kubernetes, Helm, Jenkins, Prometheus, Grafana, Argo CD, AWS EKS.
๐ My Cloud Expertise:
I have hands-on experience managing AWS services, including EC2, S3, EBS, VPC, ELB, RDS, IAM, Route53, and more.
๐ Networking and Security:
My skills include managing networking concepts such as TCP/IP protocols, security policies, and subnet interfacing. I have a strong understanding of infrastructure and networking, covering topics like firewalls, IP addressing, DNS, and more.
๐ก What Sets Me Apart:
I bring a positive attitude, a strong work ethic, and a collaborative spirit to every project. I'm a self-starter, a fast learner, and an effective team player with strong interpersonal skills. In addition to my DevOps skills, I've developed shell scripts (Bash) for automating tasks and have proficiency in Python scripting. My ability to communicate and manage projects, along with a track record of resolving client issues, adds value to every team I work with. If you're looking for a DevOps engineer who is also well-versed in front-end technologies, feel free to connect with me. Let's explore new possibilities and create exceptional technical solutions together!"
Introduction
In modern DevOps workflows, monitoring and logging play a crucial role in diagnosing issues and analyzing system performance. ELK Stack (Elasticsearch, Logstash, and Kibana) is a popular choice for log management. In this guide, we will deploy an ELK stack in a Docker Swarm Cluster to achieve scalable and fault-tolerant centralized logging.
Prerequisites
Before starting, ensure you have:
A Docker Swarm cluster (at least 1 manager and 2 worker nodes)
Docker & Docker Compose installed
At least 4GB RAM per node for optimal performance
Port 9200 (Elasticsearch) & 5601 (Kibana) open in firewall settings
Step 1: Create an Overlay Network
To allow communication between ELK services, create an overlay network:
$ docker network create --driver=overlay elk-network
Step 2: Deploy Elasticsearch
Create a file named elasticsearch.yml:
version: '3.8'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- xpack.security.enabled=false
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
networks:
- elk-network
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
elasticsearch-data:
networks:
elk-network:
external: true
Deploy Elasticsearch:
$ docker stack deploy -c elasticsearch.yml elk
Step 3: Deploy Logstash
Create a logstash.yml file:
version: '3.8'
services:
logstash:
image: docker.elastic.co/logstash/logstash:8.5.0
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
networks:
- elk-network
deploy:
replicas: 1
volumes:
logstash-data:
networks:
elk-network:
external: true
Create a logstash.conf pipeline configuration:
input {
beats {
port => 5044
}
}
filter {
mutate {
remove_field => [ "@version" ]
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "logs-%{+YYYY.MM.dd}"
}
}
Deploy Logstash:
$ docker stack deploy -c logstash.yml elk
Step 4: Deploy Kibana
Create kibana.yml:
version: '3.8'
services:
kibana:
image: docker.elastic.co/kibana/kibana:8.5.0
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
ports:
- "5601:5601"
networks:
- elk-network
deploy:
replicas: 1
networks:
elk-network:
external: true
Deploy Kibana:
$ docker stack deploy -c kibana.yml elk
Step 5: Verify the Deployment
Check running services:
$ docker service lsAccess Kibana at:
http://<manager-node-ip>:5601Navigate to Index Management in Kibana and verify indices.
Step 6: Sending Logs to ELK
To send logs from a Docker container to Logstash, install Filebeat:
docker run --rm --network=elk-network \
-v /var/lib/docker/containers:/var/lib/docker/containers:ro \
-v /var/run/docker.sock:/var/run/docker.sock \
docker.elastic.co/beats/filebeat:8.5.0 \
-E output.logstash.hosts=["logstash:5044"]
Conclusion
You have successfully deployed the ELK stack in a Docker Swarm cluster for centralized logging. This setup helps in aggregating logs from multiple containers and visualizing them in Kibana. For production, consider enabling security settings, persistent storage, and load balancing.
Next Steps
Integrate with Traefik for Ingress control
Set up Loki and Promtail for advanced log management
Automate deployment using Terraform
Stay tuned for more DevOps tutorials! ๐
