Expose GELF HTTP input outside Kubernetes

CMDaniel · January 8, 2021, 10:54am

Hello all.
I am running a containerized Graylog deployment inside a Kubernetes cluster.
Due to some restrictions, I am unable to use TCP or UDP inputs.
The question I have is how do I expose the GELF HTTP input outside the cluster, so I can send my logs via HTTP from an external application?
I thought about using Ingress, but I am unsure about the configuration (what is the service it should point to) and also the helm chart configuration for Graylog.
Can I use the same service used to expose the web interface, only on a different port?

Thank you!

aaronsachs · January 12, 2021, 10:35pm

Hi there,

When spinning up an input in a containerized deployment, the container itself will start listening on a given port (e.g., I run a raw/plaintext on :5555, it will start up and the container will have the application listening on :5555 inside the container). Using your ingress controller you should be able to point to the GELF input that you’ve spun up, but I believe you’ll also need to update your Graylog k8s config to expose the GELF input port so that traffic coming in via the ingress controller would reach your Graylog k8s pod.

CMDaniel · January 13, 2021, 8:51am

Hi Aaron.
Thanks for the reply.
Indeed, my plan was to point an ingress to the GELF input, but I am getting a connection refused.
The “update Graylog config to expose the input” is what is fuzzy, I only find examples for TCP/UDP (for the Helm chart), so I am unsure of what to use for GELF HTTP.

If you have any more suggestions, please reply. Thanks!

aaronsachs · January 13, 2021, 5:13pm

What helm chart are you using? We don’t put one out officially. So I’m happy to take a look and see if I can make sense of it (admittedly I’m still a bit of a n00b when it comes to k8s), but you might also benefit from asking the chart’s maintainers.

CMDaniel · January 14, 2021, 8:56am

I’m using KongZ graylog chart (recently moved from charts/stable/graylog at master · helm/charts · GitHub). I will also ask around with the maintainers. Don’t worry, I’m a noob at both Graylog and K8s, but we’re all here to learn.

aaronsachs · January 14, 2021, 1:57pm

No worries. So from what I can see, it looks like you can create a config for an input using something like what they have in the example input section. That’d probably be your best bet, IMO.

CMDaniel · January 18, 2021, 5:26pm

Hey Aaron.

I contacted the chart maintainers, it seems I needed to configure the input in the helm chart as TCP:

  input:
    tcp:
      service:
        type: ClusterIP
      ports:
        - name: gelfHttp
          port: 12221

Afterwards, I can start a GELF HTTP input from the UI, on 12201 node. I believed there was a difference between TCP and HTTP when configuring the input from the helm chart.

All works fine now, I managed to create an Ingress on top of it so I can send messages from outside the cluster
Thanks again for the help. Have a great one!

system · February 1, 2021, 5:27pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't send logs to graylog2 docker container via HTTP endpoint Graylog Central (peer support)	3	2007	May 1, 2017
Create Graylog Config from Yaml files in kubernetes Graylog Central (peer support)	3	1683	November 16, 2018
Inputs for Docker container logs Graylog Central (peer support)	2	2142	August 3, 2020
Graylog Gelf http Input not working Graylog Central (peer support)	3	350	February 21, 2024
Cannot send docker container logs to graylog 3.3 with "gelf" driver Graylog Central (peer support)	1	1657	May 16, 2021

Expose GELF HTTP input outside Kubernetes

Related topics