By Arslan Abbasi, Technical Product Manager, Cloud-Native Apps

In today’s dynamic world of application development and deployment, a good monitoring framework is a bare minimum. Elastic Stack (formerly known as the ELK Stack) is a monitoring framework that lets you reliably and securely ingest data from a variety of sources and formats so you can analyze it in real time. The large open-source community behind this project has done a wonderful job of making it a huge success.

vSphere Integrated Containers lets you run containers natively on VMware vSphere infrastructure. vSphere Integrated Containers is well suited for large-scale, ephemeral container workloads as well as long-lived, traditional applications packaged as containers. One of the key use cases for vSphere Integrated Containers is application repackaging. vSphere Integrated Containers leverages native vSphere constructs to provide high availability, fault tolerance, persistent storage, and container-level networking. All these necessities are available with minimum effort and without investing time or money, training users on new technologies, or buying new container orchestration platforms. vSphere Integrated Containers provides an easy way of consuming your familiar vSphere infrastructure by using the Docker API.

A quick and robust way of running Elastic Stack is using containers. Elastic Stack works well on vSphere Integrated Containers whether you are bringing Elastic Stack up quickly for a test environment to verify functionality or running it in production. Numerous users are running Elastic Stack on vSphere Integrated Containers in all kinds of Elastic Stack deployment scenarios.  

In this post, I cover bringing up Elastic Stack on vSphere natively using vSphere Integrated Containers. If you would like more information on using vSphere Integrated Containers, please refer to the documentation.


Getting Started with Elastic Stack

Elastic Stack is a vast platform with multiple components, each of which is a subject on its own. The main components are Elasticsearch, Logstash, Beats, and Kibana. I will not go into details of the components and will assume that you have a basic understanding of them. In this post, I will focus on bringing up Elastic Stack using docker-compose on vSphere Integrated Containers.

Before I proceed, please verify that you have the vSphere Integrated Containers OVA deployed with at least one Virtual Container Host running. In this post, the FQDN of my Virtual Container Host is and it is configured to use TLS authentication, which is the default deployment configuration. Run all the commands from a host that has the Docker client pre-installed.

Start with downloading this docker-compose file, which contains helpful links to expose environment variables to configure Elastic Stack containers. It is created from the perspective of a user that would like to easily extend and modify configurations of the Elastic Stack.

Next, set some environment variables and execute the docker-compose command to bring up Elastic Stack:

Run the following command to get the status of deployed stack:

In the output above, you can see ports exposed from the Virtual Container Host. In this case, the IP address of the Virtual Container Host is and all the containers are exposed using different ports. Since two Kibana containers are running in the example above, you can reach the Kibana Dashboard from either Port 5601 or Port 5602 with the Virtual Container Host’s IP address.


Elastic Stack is running now and ready to be used. You can start forwarding your application logs to the Logstash instance and start using it. Details of pushing your logs to Elastic Stack is out of scope for this blog. Please refer to the Elastic Stack documentation for that.

Modifying the Configuration Files for Elastic Stack Containers

Moving forward, I will go over modifying configuration files for Elastic Stack containers. I will also cover pushing and pulling containers with Harbor, an open-source private container registry that is part of vSphere Integrated Containers. Note that you can use your own private registry instead if you want.  

For advanced use cases, there is a need to modify configuration files on the Elasticsearch and Logstash containers. Now I will go over how to build a new container with your custom configuration already added to the container image.

For building and pushing images, you either need a Docker Container Host in vSphere Integrated Containers or a Linux VM with Docker installed. Because the process of building and pushing images using a Docker Container Host is covered in the documentation, this blog will cover building and pushing images using a Linux VM to Harbor.

Let’s start with Elasticsearch. The main configuration file for Elasticsearch is the elasticsearch.yml under /usr/share/elasticsearch/config/ directory. This file is used to modify the configuration of the Elasticsearch, and for the purposes of this blog I assume that you have modified the settings in elasticsearch.yml on your own to address your own requirements for Elasticsearch. For information about configuring elasticsearch.yml, see the Elasticsearch documentation. To add the elasticsearch.yml file that you modified to the container image, I will build the container for Elasticsearch using a Dockerfile.

The Dockerfile is the standard way of building containers. Create a file named ‘Dockerfile’ and paste the following content in it. The first command is telling Docker to pull the Elasticsearch image and use it as the base image for your custom container image. The second line is copying the elasticsearch.yml file to the config directory in the container; the command assumes that you have placed elasticsearch.yml in the same directory as the Dockerfile. Notice that the command is also changing the permissions of the config file. You can copy and modify the second line to change other configuration files in the same Dockerfile if needed.

Now run the standard docker command below, from the same directory as the Dockerfile, to build your custom container image. Note the trailing period (.) at the end of the command:

After the container is build, you can check the container image on the linux VM using the following command:


Similar steps can be followed for Logstash. The following Dockerfile can be used as a reference. Details on the configuration files for Logstash can be found in the documentation. The ADD command in the file below is similar to the COPY command used above to modify the configuration files in the “pipeline” and “config” directories of the container. This Dockerfile assumes that you have “pipeline” and “config” directories created locally with the right configuration files.


Pushing Containers to Harbor from a Linux VM

Now the container image is built, we will push it to Harbor. Harbor is an enterprise grade private registry that is part of vSphere Integrated Containers. For a Linux VM to be able to push images to Harbor, it needs to trust Harbor’s certificate. In this case, Harbor is using a self-signed certificate; you must first copy this certificate from the appliance running vSphere Integrated Containers to the location specified in the command. Follow the commands below to correctly trust your self-generated ca.crt that is used by Harbor.


Once the steps above are completed, log in to the Harbor registry by running the following command. Provide the username and password for your user configured in the vSphere Integrated Container management portal. If you have not configured individual permissions on the project level, you can use the vSphere administrator username and password.

Before tagging the container image locally on your Linux VM and pushing it to Harbor, log in to your vSphere Integrated Containers appliance and get the path for your project. This sanity check helps eliminate errors later.

First navigate to  <vic-appliance-FQDN>:8282 on the browser and navigate to your project.


Copy the tag and push commands as shown in the above screenshot in the right hand side and modify them to tag and push images as shown the example below.


Now navigate back to the same page at <vic-appliance-FQDN>:8282 on your browser and verify that the image is pushed under the intended project.

Now, the image location for Elasticsearch (or other containers) can be changed in the docker-compose file to reflect the location of your custom Elasticsearch container. Modify the docker-compose file to edit the image field to change the location of Elasticsearch or Logstash container’s location.


This concludes running modified Elastic Stack containers on vSphere Integrated Containers. Let me know if you have any questions; looking forward to your comments.