Expose GELF HTTP input outside Kubernetes

CMDaniel · January 8, 2021, 10:54am

Hello all.
I am running a containerized Graylog deployment inside a Kubernetes cluster.
Due to some restrictions, I am unable to use TCP or UDP inputs.
The question I have is how do I expose the GELF HTTP input outside the cluster, so I can send my logs via HTTP from an external application?
I thought about using Ingress, but I am unsure about the configuration (what is the service it should point to) and also the helm chart configuration for Graylog.
Can I use the same service used to expose the web interface, only on a different port?

Thank you!

aaronsachs · January 12, 2021, 10:35pm

Hi there,

When spinning up an input in a containerized deployment, the container itself will start listening on a given port (e.g., I run a raw/plaintext on :5555, it will start up and the container will have the application listening on :5555 inside the container). Using your ingress controller you should be able to point to the GELF input that you’ve spun up, but I believe you’ll also need to update your Graylog k8s config to expose the GELF input port so that traffic coming in via the ingress controller would reach your Graylog k8s pod.

CMDaniel · January 13, 2021, 8:51am

Hi Aaron.
Thanks for the reply.
Indeed, my plan was to point an ingress to the GELF input, but I am getting a connection refused.
The “update Graylog config to expose the input” is what is fuzzy, I only find examples for TCP/UDP (for the Helm chart), so I am unsure of what to use for GELF HTTP.

If you have any more suggestions, please reply. Thanks!

aaronsachs · January 13, 2021, 5:13pm

What helm chart are you using? We don’t put one out officially. So I’m happy to take a look and see if I can make sense of it (admittedly I’m still a bit of a n00b when it comes to k8s), but you might also benefit from asking the chart’s maintainers.

CMDaniel · January 14, 2021, 8:56am

I’m using KongZ graylog chart (recently moved from charts/stable/graylog at master · helm/charts · GitHub). I will also ask around with the maintainers. Don’t worry, I’m a noob at both Graylog and K8s, but we’re all here to learn.

aaronsachs · January 14, 2021, 1:57pm

No worries. So from what I can see, it looks like you can create a config for an input using something like what they have in the example input section. That’d probably be your best bet, IMO.

CMDaniel · January 18, 2021, 5:26pm

Hey Aaron.

I contacted the chart maintainers, it seems I needed to configure the input in the helm chart as TCP:

  input:
    tcp:
      service:
        type: ClusterIP
      ports:
        - name: gelfHttp
          port: 12221

Afterwards, I can start a GELF HTTP input from the UI, on 12201 node. I believed there was a difference between TCP and HTTP when configuring the input from the helm chart.

All works fine now, I managed to create an Ingress on top of it so I can send messages from outside the cluster
Thanks again for the help. Have a great one!