Blog  /  Engineering

How to deploy Grafana Enterprise Logs on Red Hat OpenShift

26 May 2022 3 min read

Here at Grafana Labs, we’re always looking for ways to provide our customers with a choice of platforms where they can run Grafana Enterprise Logs (GEL). As part of that mission, we’re pleased to announce that we’ve added Red Hat OpenShift 4.x support to GEL.

GEL, as you may know, is a leading enterprise logs solution. It has a unique approach to log indexing, storage, and administrative control that allows companies to run it securely at scale and significantly lower their operation costs. GEL is powered by the Grafana Loki open source project for cloud native log aggregation, and built by the maintainers of the project. 

Red Hat OpenShift is one of the leading on-premises enterprise Kubernetes solutions that can also run in various cloud environments. Now, customers who have standardized on OpenShift or are leveraging it either in a cloud provider or on-premises can use GEL.  

By combining Red Hat OpenShift and GEL, Grafana Labs is providing an opportunity to leverage both for your Enterprise Log solution. It ensures logs are collected and can be used to obtain information using LogQL, a super powerful and flexible Log query language. As a result, you’ll be able to resolve issues in a timely manner and analyze metrics that you can build just using the logs and LogQL.

Setting this up is easy, so let’s get started.

Deploying GEL on OpenShift

In the example below, we’re going to deploy GEL on OpenShift using a default configuration. This assumes you have a valid GEL license and that it uses Minio for the buckets, versus AWS, Google, or Azure. 

A few things to note before we begin: To support OpenShift, make sure you are using version 2.0.4 or above of the GEL Helm Chart. Also, OpenShift uses a term called “project,” which is like namespaces.

Unlike other Kubernetes solutions, OpenShift uses Security Context Constraints (SCC) instead of Pod Security Policy (PSP). In order to provide the flexibility to use either security model with GEL, the Helm Chart allows you to specify your security model.

Step 1: Create a project where GEL will be deployed:

oc new-project ${PROJECT_NAME}

Step 2: Add the Grafana Helm charts repository:

helm repo add grafana https://grafana.github.io/helm-charts
helm repo update

Step 3: Deploy the chart to your OpenShift cluster. In this example, ocp-test-gel is the name of the cluster when the license was created and is also used as the release name ( ${GEL_CLUSTER_NAME} ) in the helm command below.

helm install ${GEL_CLUSTER_NAME} \
 grafana/enterprise-logs \
 --set loki-distributed.rbac.sccEnabled=true \
 --set loki-distributed.rbac.pspEnabled=false \
 --set-file 'license.contents=./license.jwt' \
 --namespace ${PROJECT_NAME}

These two properties disable Pod Security Policy (PSP) and enable Security Context Constraints (SCC): 

--set loki-distributed.rbac.sccEnabled=true 
--set loki-distributed.rbac.pspEnabled=false

Step 4: Check the status of the Pod that is running the tokengen job, and once it’s completed, check that job’s logs for the new admin token:

oc logs ${TOKEN_GEN_POD_NAME} -n ${PROJECT_NAME}

After a couple of minutes you should see the following by running: oc get pods -n ${PROJECT_NAME} 

The running GEL pods and completed token job pod

Below is the OpenShift UI representation of the running pods and completed token job.

The running GEL pods and completed token job pod as seen in the OpenShift UI

If you are deploying GEL to use it in production, Grafana Enterprise Support can help you configure it to match your needs. By default, Minio is used as block storage for testing purposes, and memcache, which is recommended for production, is off. To change these, edit the values.yaml file and set minio.enabled.false, then add the following lines under the loki-distributed section for memcache:

memcachedExporter:
  enabled: true
memcachedChunks:
  enabled: true
memcachedFrontend:
  enabled: true
memcachedIndexQueries:
  enabled: true
memcachedIndexWrites:
  enabled: true

And now you’re ready to go! Everything else you would normally do to configure GEL (such as defining your buckets) can be handled as usual. You can then deploy it regardless of where you run OpenShift — on-premises, AWS, GCP, Azure, etc.

If you’re interested in trying out Grafana Enterprise Logs, please contact us!