search

bitsensor / elastalert-kibana-plugin

ElastAlert Kibana Plugin
https://bitsensor.io/blog/elastalert-kibana-plugin-centralized-logging-with-integrated-alerting
Other
556 stars 118 forks source link

Can't work on kubernetes #134

Open sysword opened 4 years ago

sysword commented 4 years ago

Hi , i have an es cluster on kubernetes, an elastalert server installed using helm charts, and i want to install this kibana plugin too. But when i tried, I never get succeed. In kibana 7.2, it log:

{"type":"log","@timestamp":"2019-11-13T05:56:54Z","tags":["info","optimize"],"pid":1,"message":"Optimizing and caching bundles for opendistro-alerting, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist`
Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite

In kibana 7.3.2, its log:

"type":"log","@timestamp":"2019-11-14T02:43:09Z","tags":["info","optimize"],"pid":6,"message":"Optimizing and caching bundles for elastalert-kibana-plugin, kibana, stateSessionStorageRedirect, status_page and timelion. This may take a few minutes"}

  `@babel/polyfill` is deprecated. Please, use required parts of `core-js`
  and `regenerator-runtime/runtime` separately

  `@babel/polyfill` is deprecated. Please, use required parts of `core-js`
  and `regenerator-runtime/runtime` separately

  `@babel/polyfill` is deprecated. Please, use required parts of `core-js`
  and `regenerator-runtime/runtime` separately

  `@babel/polyfill` is deprecated. Please, use required parts of `core-js`
  and `regenerator-runtime/runtime` separately

  `@babel/polyfill` is deprecated. Please, use required parts of `core-js`
  and `regenerator-runtime/runtime` separately

both of them can not start the kibana server. have anyone installed this plugin on kubernetes? Will appreciate if you let my how.

jaskiratr commented 4 years ago

Just got it working. Kibana takes a few minutes to spin up. Haven't tested any rules yet. image

kibana-config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: kibana
  namespace: kube-logging
  labels:
    app: kibana
data:
  kibana.yml: |
    elastalert-kibana-plugin.serverHost: elastalert
    elastalert-kibana-plugin.serverPort: 9000
    elasticsearch.hosts: http://elasticsearch:9200
    server.host: "0"
    server.name: kibana

kibana-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: kube-logging
  labels:
    app: kibana
spec:
  replicas: 1
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      initContainers:
        - name: kibana-plugins-install
          image: docker.elastic.co/kibana/kibana:7.2.0
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - "-c"
            - |
              set -e
              rm -rf plugins/lost+found
              ./bin/kibana-plugin install https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.1.0/elastalert-kibana-plugin-1.1.0-7.2.0.zip
          env:
          volumeMounts:
            - name: plugins
              mountPath: /usr/share/kibana/plugins
            - name: kibana
              mountPath: "/usr/share/kibana/config/kibana.yml"
              subPath: kibana.yml
      containers:
        - name: kibana
          image: docker.elastic.co/kibana/kibana:7.2.0
          resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
          env:
            - name: ELASTICSEARCH_URL
              value: http://elasticsearch:9200
          ports:
            - containerPort: 5601
          volumeMounts:
            - name: plugins
              mountPath: /usr/share/kibana/plugins
            - name: kibana
              mountPath: "/usr/share/kibana/config/kibana.yml"
              subPath: kibana.yml
      volumes:
        - name: plugins
          emptyDir: {}
        - name: kibana
          configMap:
            name: kibana

kibana-service.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app: kibana
  name: kibana
spec:
  type: ClusterIP
  ports:
    - port: 443
      targetPort: 5601
      protocol: TCP
  selector:
    app: kibana

elastalert-config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: elastalert-config
  namespace: kube-logging
  labels:
    app: elastalert
data:
  elastalert_config: |-
    ---
    rules_folder: /opt/rules
    scan_subdirectories: false
    run_every:
      minutes: 1
    buffer_time:
      minutes: 15
    es_host: elasticsearch
    es_port: 9200
    writeback_index: elastalert_status
    use_ssl: False
    verify_certs: True
    alert_time_limit:
      minutes: 2880

elastalert-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: elastalert
  namespace: kube-logging
  labels:
    app: elastalert
spec:
  selector:
    matchLabels:
      app: elastalert
  replicas: 1
  revisionHistoryLimit: 5
  template:
    metadata:
      annotations:
        checksum/config: b66cdafddfee3915c7ea9f36da1bd68fadd5f87fb82e8f5fc66ff3235795b71a
        checksum/rules: 2e558c448de806ac4cce0e048ac571a527296ec096bcf825766d976778874470
      labels:
        name: elastalert
        app: elastalert
    spec:
      containers:
        - name: elastalert
          image: "jertel/elastalert-docker:0.2.1"
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: config
              mountPath: "/opt/config"
            - name: rules
              mountPath: "/opt/rules"
          resources: {}

      restartPolicy: Always
      volumes:
        - name: rules
          configMap:
            name: elastalert-rules
            items:
        - name: config
          configMap:
            name: elastalert-config
            items:
              - key: elastalert_config
                path: elastalert_config.yaml

elastalert-service.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app: elastalert
  name: elastalert
  namespace: kube-logging
spec:
  ports:
    - name: web
      port: 3030
      targetPort: web
  selector:
    app: elastalert
jaskiratr commented 4 years ago

So, I'm not able to create a rule from Kibana. Also, unsure of how to describe the rules. @sysword Got any hints for that? elastalert-rules.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: elastalert-rules
  namespace: kube-logging
  labels:
    app: elastalert
data:
  # ????