Kibana 与 Kubernetes 中的 nginx 入口控制器
Kibana with nginx ingress controller in Kubernetes
我试图在我的 GKE Kubernetes 集群 运行ning www.mydomain.com/kibana 下获取 Kibana 6.2.4 但没有成功。不过,我可以 运行 使用 kubectl proxy 和默认 SERVER_BASEPATH.
就可以了
这是我的 Kibana 部署,删除了 SERVER_BASEPATH。
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana-logging
namespace: logging
labels:
k8s-app: kibana-logging
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
selector:
matchLabels:
k8s-app: kibana-logging
template:
metadata:
labels:
k8s-app: kibana-logging
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
containers:
- name: kibana-logging
image: docker.elastic.co/kibana/kibana-oss:6.2.4
resources:
# need more cpu upon initialization, therefore burstable class
limits:
cpu: 1000m
requests:
cpu: 100m
env:
- name: ELASTICSEARCH_URL
value: http://elasticsearch-logging:9200
# - name: SERVER_BASEPATH
# value: /api/v1/namespaces/logging/services/kibana-logging/proxy
ports:
- containerPort: 5601
name: ui
protocol: TCP
我的 nginx 入口定义 (nginx-ingress-controller:0.19.0):
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: logging-ingress
namespace: logging
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/kibana/(.*)$ / break;
spec:
tls:
- hosts:
- dev.mydomain.net
secretName: mydomain-net-tls-secret
rules:
- host: dev.mydomain.net
http:
paths:
- path: /kibana
backend:
serviceName: kibana-logging
servicePort: 5601
这导致这个 nginx 位置
location /kibana {
set $namespace "logging";
set $ingress_name "logging-ingress";
set $service_name "kibana-logging";
set $service_port "5601";
set $location_path "/kibana";
rewrite_by_lua_block {
balancer.rewrite()
}
log_by_lua_block {
balancer.log()
monitor.call()
}
port_in_redirect off;
set $proxy_upstream_name "logging-kibana-logging-5601";
# enforce ssl on server side
if ($redirect_to_https) {
return 308 https://$best_http_host$request_uri;
}
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_tries 3;
rewrite ^/kibana/(.*)$ / break;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
但是,转到 /kibana 会导致 404。
Stackdriver
2018-10-30 08:30:48.000 MDT
GET /kibana 404 61ms - 9.0B
网页
{
statusCode: 404,
error: "Not Found",
message: "Not Found"
}
我觉得我的 nginx 入口配置 SERVER_BASEPATH and/or 似乎缺少某种设置。
我相信你想要的是入口中的 nginx.ingress.kubernetes.io/rewrite-target: / 注释。
这样 location {} 块将看起来像这样:
location ~* ^/kibana\/?(?<baseuri>.*) {
...
rewrite (?i)/kibana/(.*) / break;
rewrite (?i)/kibana$ / break;
...
}
我试图在我的 GKE Kubernetes 集群 运行ning www.mydomain.com/kibana 下获取 Kibana 6.2.4 但没有成功。不过,我可以 运行 使用 kubectl proxy 和默认 SERVER_BASEPATH.
这是我的 Kibana 部署,删除了 SERVER_BASEPATH。
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana-logging
namespace: logging
labels:
k8s-app: kibana-logging
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
replicas: 1
selector:
matchLabels:
k8s-app: kibana-logging
template:
metadata:
labels:
k8s-app: kibana-logging
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
containers:
- name: kibana-logging
image: docker.elastic.co/kibana/kibana-oss:6.2.4
resources:
# need more cpu upon initialization, therefore burstable class
limits:
cpu: 1000m
requests:
cpu: 100m
env:
- name: ELASTICSEARCH_URL
value: http://elasticsearch-logging:9200
# - name: SERVER_BASEPATH
# value: /api/v1/namespaces/logging/services/kibana-logging/proxy
ports:
- containerPort: 5601
name: ui
protocol: TCP
我的 nginx 入口定义 (nginx-ingress-controller:0.19.0):
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: logging-ingress
namespace: logging
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/kibana/(.*)$ / break;
spec:
tls:
- hosts:
- dev.mydomain.net
secretName: mydomain-net-tls-secret
rules:
- host: dev.mydomain.net
http:
paths:
- path: /kibana
backend:
serviceName: kibana-logging
servicePort: 5601
这导致这个 nginx 位置
location /kibana {
set $namespace "logging";
set $ingress_name "logging-ingress";
set $service_name "kibana-logging";
set $service_port "5601";
set $location_path "/kibana";
rewrite_by_lua_block {
balancer.rewrite()
}
log_by_lua_block {
balancer.log()
monitor.call()
}
port_in_redirect off;
set $proxy_upstream_name "logging-kibana-logging-5601";
# enforce ssl on server side
if ($redirect_to_https) {
return 308 https://$best_http_host$request_uri;
}
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_tries 3;
rewrite ^/kibana/(.*)$ / break;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
但是,转到 /kibana 会导致 404。
Stackdriver
2018-10-30 08:30:48.000 MDT
GET /kibana 404 61ms - 9.0B
网页
{
statusCode: 404,
error: "Not Found",
message: "Not Found"
}
我觉得我的 nginx 入口配置 SERVER_BASEPATH and/or 似乎缺少某种设置。
我相信你想要的是入口中的 nginx.ingress.kubernetes.io/rewrite-target: / 注释。
这样 location {} 块将看起来像这样:
location ~* ^/kibana\/?(?<baseuri>.*) {
...
rewrite (?i)/kibana/(.*) / break;
rewrite (?i)/kibana$ / break;
...
}