Metricbeat Beat 连接es失败(启用xpack)

Metricbeat Beat failed to connect es (xpack enabled)

头盔版本: "v3.1.1"

helm get release输出

helm 状态 metricbeat 名称:metricbeat 最后部署:2020 年 4 月 30 日星期四 10:05:32 命名空间:默认 状态:已部署 修订:1

错误描述:无法连接到elasticsearch,部署的configmap不包含用户名:和密码输入。

重现步骤:

  1. 在 elasticsearch 中启用 xpack
  2. 运行 - helm install metricbeat elastic/metricbeat --set imageTag=7.6.2 --values metrics.yaml

metrics.yaml

daemonset:
  extraEnvs:
    - name: 'ES_USERNAME'
      valueFrom:
        secretKeyRef:
          name: elastic-credentials
          key: username
    - name: 'ES_PASSWORD'
      valueFrom:
        secretKeyRef:
          name: elastic-credentials
          key: password
  # Allows you to add any config files in /usr/share/metricbeat
  # such as metricbeat.yml for daemonset
  metricbeatConfig:
    metricbeat.yml: |
      metricbeat.modules:
      - module: kubernetes
        metricsets:
          - container
          - node
          - pod
          - system
          - volume
        period: 10s
        host: "${NODE_NAME}"
        hosts: ["${NODE_NAME}:10250"]
        # bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
        # ssl.verification_mode: "none"
        # If using Red Hat OpenShift remove ssl.verification_mode entry and
        # uncomment these settings:
        #ssl.certificate_authorities:
          #- /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
        processors:
        - add_kubernetes_metadata: ~
      - module: kubernetes
        enabled: true
        metricsets:
          - event
      - module: system
        period: 10s
        metricsets:
          - cpu
          - load
          - memory
          - network
          - process
          - process_summary
        processes: ['.*']
        process.include_top_n:
          by_cpu: 5
          by_memory: 5
      - module: system
        period: 1m
        metricsets:
          - filesystem
          - fsstat
        processors:
        - drop_event.when.regexp:
            system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
      output.elasticsearch:
        username: '${ES_USERNAME}'
        password: '${ES_PASSWORD}'
        hosts: ["elasticsearch-master:9200"]


deployment:
  extraEnvs:
    - name: 'ES_USERNAME'
      valueFrom:
        secretKeyRef:
          name: elastic-credentials
          key: username
    - name: ES_PASSWORD'
      valueFrom:
        secretKeyRef:
          name: elastic-credentials
          key: password
  # Allows you to add any config files in /usr/share/metricbeat
  # such as metricbeat.yml for deployment
  metricbeatConfig:
    metricbeat.yml: |
      metricbeat.modules:
      - module: kubernetes
        enabled: true
        metricsets:
          - state_node
          - state_deployment
          - state_replicaset
          - state_pod
          - state_container
        period: 10s
        hosts: ["${KUBE_STATE_METRICS_HOSTS}"]
      output.elasticsearch:
        username: '${ES_USERNAME}'
        password: '${ES_PASSWORD}'
        hosts: ["elasticsearch-master:9200"]

metricbeat.yml部署后不包含用户名和密码输入:

 metricbeat.modules:
    - module: kubernetes
      metricsets:
        - container
        - node
        - pod
        - system
        - volume
      period: 10s
      host: "${NODE_NAME}"
      hosts: ["${NODE_NAME}:10255"]
      processors:
      - add_kubernetes_metadata:
          in_cluster: true
    - module: kubernetes
      enabled: true
      metricsets:
        - event
    - module: system
      period: 10s
      metricsets:
        - cpu
        - load
        - memory
        - network
        - process
        - process_summary
      processes: ['.*']
      process.include_top_n:
        by_cpu: 5
        by_memory: 5
    - module: system
      period: 1m
      metricsets:
        - filesystem
        - fsstat
      processors:
      - drop_event.when.regexp:
          system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
    output.elasticsearch:
      hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}'

预期行为: 应该使用用户名和密码连接到 es 而不会出现问题。

提供日志and/or 服务器输出(如果相关):

   pipeline/output.go:100 Failed to connect to backoff(elasticsearch(http://elasticsearch-master:9200)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}

任何附加上下文:

我能够使用相同的凭据连接弹性搜索,并且它也适用于 Kibana 登录。

我是 Elastic Helm charts 的维护者。

由于最近的重构,Git 存储库 master 分支上记录的值 daemonset.xxxdeployment.xxx 与当前发布的图表版本不兼容。

如果你想安装当前发布的版本(7.6.2), you can find the values to use on the README from 7.6.2 release.

如果你想部署应该很快发布的下一个版本并且将使用 daemonset.xxxdeployment.xxx 值,你可以克隆 repo 并使用 installation instructions from 7.7 branch.

PS:如评论中所述,请注意Elastic charts尚不支持Helm v3,我们仍然建议使用Helm v2。