Kubernetes Deployment

When to use Kubernetes

• Kubernetes is recommended for sustained ingest above 10B events per day (EPD).
• Kubernetes is required for deployments exceeding 20B EPD.

Supported platforms

• Any conformant Kubernetes distribution is supported.
• Examples in this section include Google Kubernetes Engine (GKE), but the manifests are provider agnostic unless noted.

Image tags

• Use the stable tag by default for production deployments.
• If a release pinning policy exists, use the specific release tag (for example, vX.Y.Z).
• Avoid unstable in production. The latest tag is generally used for development workflows only.

Component map

• Backing services: PostgreSQL, Redis, InfluxDB (optional: Grafana).
• LogZilla components: Storage, Query, API (Gunicorn, Tornado, Celery worker), Ingest (syslog-ng, ParserModule, HTTP Receiver), and Front (NGINX UI).
• Ingress/Exposure: LoadBalancer Services for syslog/json/rfc5424/http ingest and an HTTP Ingress for UI/API/WebSocket.

What to do next

• GKE Quickstart:
  • GKE Quickstart
• Review prerequisites and cluster requirements:
  • Prerequisites
• Deploy backing services:
  • PostgreSQL
  • Redis
  • InfluxDB
• Configure shared ConfigMaps/Secrets:
  • Common Config and Secrets
• Deploy LogZilla components:
  • Storage Module
  • Query Module
  • API Module
  • Ingest Module
  • Front End
• Expose services:
  • Ingress (GKE example)
• Operate and tune:
  • Scaling and Tuning
  • Troubleshooting