Graylog Examples¶
Graylog is a centralized log management platform that provides search, analysis, and alerting capabilities. These examples demonstrate different Graylog deployment patterns for various operational requirements.
Simple Deployment¶
Basic Graylog configuration with essential components:
graylog-simple-values.yaml
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Specifies whether a cluster-admin entities should be create
createClusterAdminEntities: true
# Operating system kind on cloud nodes: centos/rhel/oracle/ubuntu
osKind: centos
# Set to 'true' to deploy to IPv6 environment
ipv6: false
# Cloud containers runtime software. Possible values: docker/cri-o/containerd. In fact so far he differ docker and non-docker environments
containerRuntimeType: docker
## Mandatory values for Graylog
graylog:
install: true
host: graylog.kubernetes.test.org
elasticsearchHost: http://<username>:<password>@elasticsearch.elasticsearch-cluster:9200
resources:
requests:
cpu: 500m
memory: 1500Mi
limits:
cpu: 500m
memory: 1500Mi
nodeSelectorKey: kubernetes.io/os
nodeSelectorValue: linux
## Mandatory values for Fluentd
fluentd:
install: true
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
nodeSelectorKey: kubernetes.io/os
nodeSelectorValue: linux
graylogHost: <graylog_dns_or_ip>
graylogPort: 12201
## Mandatory values for Cloud Events Reader
cloudEventsReader:
install: true
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 100m
memory: 128Mi
nodeSelectorKey: kubernetes.io/os
nodeSelectorValue: linux
This comprehensive configuration includes:
- Graylog server with Elasticsearch integration
- FluentD agent for log collection
- Cloud Events Reader for Kubernetes events
- Resource allocation and node targeting
- Multi-component logging stack
Storage Configurations¶
Dynamic Provisioning¶
Graylog with dynamic storage provisioning for scalable deployments:
graylog-dynamic-provisioning-values.yaml
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
graylog:
install: true
host: graylog.kubernetes.test.org
elasticsearchHost: http://<username>:<password>@opensearch.opensearch.svc:9200
graylogStorageClassName: nginx
storageSize: 10Gi
resources:
requests:
cpu: 500m
memory: 1500Mi
limits:
cpu: 500m
memory: 1500Mi
Static Volume Configuration¶
Graylog with predefined persistent storage:
graylog-static-volume-values.yaml
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
graylog:
install: true
host: graylog.kubernetes.test.org
elasticsearchHost: http://<username>:<password>@opensearch.opensearch.svc:9200
graylogPersistentVolume: pv-graylog
graylogStorageClassName: ""
storageSize: 10Gi
resources:
requests:
cpu: 500m
memory: 1500Mi
limits:
cpu: 500m
memory: 1500Mi
Advanced Configurations¶
Custom Labels and Annotations¶
Graylog deployment with custom Kubernetes metadata:
graylog-custom-labels-and-annotations-values.yaml
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
graylog:
install: true
annotations:
custom/key1: value1
custom/key2: value2
labels:
app.kubernetes.io/custom1: custom-value1
app.kubernetes.io/custom2: custom-value2
host: graylog.kubernetes.test.org
elasticsearchHost: http://<username>:<password>@opensearch.opensearch.svc:9200
resources:
requests:
cpu: 500m
memory: 1500Mi
limits:
cpu: 500m
memory: 1500Mi
This configuration demonstrates:
- Custom labels for resource organization
- Annotations for operational metadata
- Enhanced Kubernetes integration
Migration and Upgrades¶
Migration to Graylog v5¶
Configuration example for upgrading to Graylog version 5:
graylog-migration-to-v5.yaml
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
graylog:
install: true
password: admin
host: graylog.kubernetes.test.org
elasticsearchHost: http://<username>:<password>@opensearch.opensearch.svc:9200
resources:
requests:
cpu: 500m
memory: 1500Mi
limits:
cpu: 500m
memory: 1500Mi
contentDeployPolicy: force-update
mongoUpgrade: true
mongoDBImage: mongo:5.0.19
mongoDBUpgrade:
mongoDBImage40: mongo:4.0.28
mongoDBImage42: mongo:4.2.22
mongoDBImage44: mongo:4.4.17
This migration configuration includes:
- Version-specific parameters
- Compatibility settings
- Upgrade considerations
Key Configuration Parameters¶
| Parameter | Description | Example |
|---|---|---|
graylog.install |
Enable Graylog deployment | true |
graylog.host |
Graylog server hostname | graylog.example.com |
graylog.elasticsearchHost |
Elasticsearch connection URL | http://user:pass@es:9200 |
graylog.resources |
Resource requests and limits | CPU/Memory specs |
graylog.persistence |
Storage configuration | PVC settings |
graylog.nodeSelector |
Node selection criteria | Label selectors |
createClusterAdminEntities |
Create cluster-wide resources | true/false |
osKind |
Operating system type | centos/ubuntu/rhel |
containerRuntimeType |
Container runtime | docker/containerd/cri-o |
Integration Components¶
Most Graylog examples include integration with:
- FluentD: Log collection and forwarding
- Cloud Events Reader: Kubernetes events ingestion
- Elasticsearch: Search and storage backend
Use Cases¶
- Simple Deployment: Complete logging stack for standard environments
- Dynamic Storage: Cloud environments with automatic provisioning
- Static Storage: On-premises with predefined storage
- Custom Metadata: Enhanced Kubernetes integration and organization
- Version Migration: Upgrading between Graylog versions
- Resource Optimization: Specific resource allocation requirements