Depolyment of Graylog in kubernetes

hey everyone,

i want to depoly graylog with its dependecies ( opensearch and mongodb) in kubernetes but i cant find a reasonable guide for the depolyment, can someone help me please.

ChatGPT answer for you
Deploying Graylog with OpenSearch and MongoDB on Kubernetes is absolutely doable, but you’re right — official, consolidated documentation is limited. Here’s a practical and reasonably production-ready guide to help you deploy the entire Graylog stack in Kubernetes, step-by-step.


:white_check_mark: Overview: What We’re Deploying

You will deploy:

  • Graylog – log collection, parsing, and UI
  • OpenSearch – stores and indexes log data (replaces Elasticsearch)
  • MongoDB – stores configuration and metadata for Graylog
  • Optional: LoadBalancer or Ingress

:gear: Prerequisites

  • Kubernetes cluster (Minikube, kind, GKE, EKS, AKS, etc.)
  • kubectl configured
  • helm installed (for MongoDB & OpenSearch)
  • Persistent storage enabled (dynamic or manual)

:wrench: Step-by-Step Kubernetes Deployment


:brick: Step 1: Deploy MongoDB (via Helm)

bash

CopyEdit

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

helm install mongodb bitnami/mongodb --set auth.enabled=false

Disable auth for simplicity (you can secure it later). This will expose MongoDB on a ClusterIP service named mongodb.


:magnifying_glass_tilted_right: Step 2: Deploy OpenSearch (via Helm)

OpenSearch doesn’t yet have an official Helm chart, but the opensearch-project/helm-charts is the go-to.

bash

CopyEdit

git clone https://github.com/opensearch-project/helm-charts.git
cd helm-charts/charts/opensearch
helm dependency update
helm install opensearch . --set singleNode=true

This installs OpenSearch in single-node mode for dev/test. For production, set up multi-node.


:package: Step 3: Deploy Graylog

Unfortunately, there’s no official Graylog Helm chart. But here’s how to deploy Graylog using a Kubernetes Deployment + Service.

1. Create a ConfigMap for Graylog config

yaml

CopyEdit

# graylog-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: graylog-config
data:
  graylog.conf: |
    is_master = true
    node_id_file = /usr/share/graylog/data/config/node-id
    password_secret = changemechangemechangeme
    root_password_sha2 = <your-root-password-sha256>
    root_username = admin
    http_bind_address = 0.0.0.0:9000
    http_external_uri = http://localhost:9000/
    mongo_uri = mongodb://mongodb:27017/graylog
    opensearch_hosts = http://opensearch-cluster-master:9200

Generate a SHA-256 hash of your admin password:

bash

CopyEdit

echo -n yourpassword | sha256sum

2. Graylog Deployment

yaml

CopyEdit

# graylog-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: graylog
spec:
  replicas: 1
  selector:
    matchLabels:
      app: graylog
  template:
    metadata:
      labels:
        app: graylog
    spec:
      containers:
        - name: graylog
          image: graylog/graylog:5.2
          ports:
            - containerPort: 9000
            - containerPort: 12201
            - containerPort: 1514
          env:
            - name: GRAYLOG_SERVER_CONF
              value: /usr/share/graylog/config/graylog.conf
          volumeMounts:
            - name: config-volume
              mountPath: /usr/share/graylog/config
      volumes:
        - name: config-volume
          configMap:
            name: graylog-config

3. Graylog Service

yaml

CopyEdit

# graylog-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: graylog
spec:
  selector:
    app: graylog
  ports:
    - protocol: TCP
      port: 9000
      targetPort: 9000
    - protocol: TCP
      port: 12201
      targetPort: 12201
    - protocol: TCP
      port: 1514
      targetPort: 1514
  type: LoadBalancer  # or NodePort if LoadBalancer not supported

:rocket: Step 4: Deploy Everything

Apply your configs:

bash

CopyEdit

kubectl apply -f graylog-configmap.yaml
kubectl apply -f graylog-deployment.yaml
kubectl apply -f graylog-service.yaml

Once deployed, access Graylog:

  • Run:

bash

CopyEdit

kubectl get svc graylog
  • Visit the EXTERNAL-IP:9000 in your browser.