Skip to content

shafnir/Graylog-Kubernetes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

27 Commits
README.md
README.md
ย 
ย 
datanode.yaml
datanode.yaml
ย 
ย 
graylog.yaml
graylog.yaml
ย 
ย 
mongodb.yaml
mongodb.yaml
ย 
ย 

Repository files navigation

Graylog Logo

Graylog Open Source SIEM on Kubernetes

A fully working Kubernetes deployment of Graylog Open Source.

๐Ÿ“Œ Overview

This setup deploys a minimal Graylog stack with:

  • Graylog Core
  • Graylog DataNode
  • Secrets Management
  • Persistent Volumes (PVCs) via hostpath-provisioner
  • NodePort Exposure

Additional Notes

Please review the allocated resources in the PVCs and the mongodb StatefulSet and ensure it matches your requirements.
This deployment is made for a small lab environment, it is recommened to increase the replicas and the allocated storage in the PVCs.

โš™๏ธ Prerequisites

  • Kubernetes cluster (e.g. Minikube or real cluster)
  • kubectl CLI configured
  • hostpath-provisioner installed from ArtifactHub

๐Ÿš€ Deployment Steps

  1. Create a namespace named graylog:

    kubectl create ns graylog

  2. Create the graylog-password-secret used for internal communication:

    kubectl create secret generic -n graylog graylog-password-secret \
  --from-literal=GRAYLOG_PASSWORD_SECRET=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-96}; echo)

  3. Generate a SHA256 hash of your desired root password:

    echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

  4. Create the graylog-root-password-sha256 secret using the hash:

    kubectl create secret generic -n graylog graylog-root-password-sha256 \
  --from-literal=GRAYLOG_PASSWORD_SHA256=[YOUR_PASSWORD_HASH]

  5. Clone this repository and apply the manifest files:

    git clone https://github.com/shafnir/Graylog-Kubernetes.git
cd Graylog-Kubernetes
kubectl apply -f .

  6. Verify pods are running:

    kubectl get pods -n graylog

    Example output:

    NAME                        READY   STATUS    RESTARTS   AGE
datanode-5dcff9cffb-qf26r   1/1     Running   0          57m
graylog-74558bdf5b-zcc8h    1/1     Running   0          61m
mongodb-0                   1/1     Running   0          61m

  7. Retrieve the initial admin password from Graylog logs:

    kubectl logs -n graylog graylog-74558bdf5b-zcc8h

    You should see something like:

    Initial configuration is accessible at 0.0.0.0:9000, with username 'admin' and password 'bhQRFNUvIe'.
Try clicking on http://admin:bhQRFNUvIe@0.0.0.0:9000

  8. Access the Graylog UI:

    http://[your-node-ip]:30900

  9. After completing the initial setup wizard, log in with username admin and the password you set in Step 3.

About

Full Kubernetes setup for for Graylog open-source environment

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published