We have OpenShift cluster and we want to install elasticsearch at ocp to serve both internal and external audit shipment. our design should be something like this:
FileBeat (outside ocp) --> Logstash (inside ocp) --> Elasticsearch (inside ocp) --> Kibana (inside ocp)
I found ocp operator (internal/core service) for ECK. However, it does not include logstach. so my question is:
should I create logstash pod at one project and use CRD from ECK operator then expose only logstash as a route for external calls?
how could I call CRD and pods from the operator to define logstash?
if I want to expose only logstash to outside as a route before calling ECK (elasticsearch) internally, what is proper way to do the same?
do you have any best practice for implementing the same?
Thanks
You can decide indeed to only expose Logstash externally and output Logstash to the internal Elasticsearch endpoint.
Best practice will depend on your specific case, which is usually tied to the Elasticsearch architecture that bets fits your use cases. Other than that, go with general Kubernetes/Openshift best practices.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.