Installing Elasticsearch as an external service at OpenShift

We have OpenShift cluster and we want to install elasticsearch at ocp to serve both internal and external audit shipment. our design should be something like this:
FileBeat (outside ocp) --> Logstash (inside ocp) --> Elasticsearch (inside ocp) --> Kibana (inside ocp)

I found ocp operator (internal/core service) for ECK. However, it does not include logstach. so my question is:

• should I create logstash pod at one project and use CRD from ECK operator then expose only logstash as a route for external calls?
• how could I call CRD and pods from the operator to define logstash?
• if I want to expose only logstash to outside as a route before calling ECK (elasticsearch) internally, what is proper way to do the same?
• do you have any best practice for implementing the same?
  Thanks

Hi @Yasser_Alsawy,

Can you confirm you're going through our official ECK operator? Supported versions | Elastic Cloud on Kubernetes [2.9] | Elastic

Please refer to the same documentation to add the Logstash specification to your configuration file: Quickstart | Elastic Cloud on Kubernetes [2.9] | Elastic.

You can decide indeed to only expose Logstash externally and output Logstash to the internal Elasticsearch endpoint.

Best practice will depend on your specific case, which is usually tied to the Elasticsearch architecture that bets fits your use cases. Other than that, go with general Kubernetes/Openshift best practices.