在 GCE 入口后暴露 Kibana(不健康状态)

Exposing Kibana behind GCE ingress (UNHEALTHY state)

我试图在 GCE 入口后面公开 Kibana,但入口将 kibana 服务报告为 UNHEALTHY 而它是 healthy and ready。请注意,Ingress 创建的健康检查仍在根 /Port 上使用默认值 HTTPex:32021。 在 /loginPort: 5601 上将 GCP 控制台中的健康检查更改为 HTTPS 不会改变任何内容,服务仍报告为 Unhealthy。 healthcheck 端口也被覆盖为原始值,这很奇怪。 我正在使用 ECK 1.3.1,下面是我的配置。我错过了什么吗?提前谢谢你。

apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
  name: d3m0
spec:
  version: 7.10.1
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
  name: d3m0
spec:
  version: 7.10.1
  count: 1
  elasticsearchRef:
    name: d3m0
  podTemplate:
    metadata:
      labels:
        kibana: node
    spec:
      containers:
      - name: kibana
        resources:
          limits:
            memory: 1Gi
            cpu: 1
        readinessProbe:
          httpGet:
            scheme: HTTPS
            path: "/login"
            port: 5601
  http:
    service:
      spec:
        type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: kibana-ingress
spec:
  backend:
      serviceName: d3m0-kb-http
      servicePort: 5601

使用 ECK 时,ES 和 Kibana 上的所有安全功能都已启用,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须向服务添加所需的注释并覆盖健康检查路径,如下面的代码所示。请查找更多详细信息 here

    apiVersion: kibana.k8s.elastic.co/v1
    kind: Kibana
    metadata:
      name: d3m0
    spec:
      version: 7.10.1
      count: 1
      elasticsearchRef:
        name: d3m0
      http:
        service:
          metadata:
            labels:
              app: kibana
            annotations:
              # Enable TLS between GCLB and the application
              cloud.google.com/app-protocols: '{"https":"HTTPS"}'
              service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
              # Uncomment the following line to enable container-native load balancing.
              cloud.google.com/neg: '{"ingress": true}'
    
      podTemplate:
        metadata:
          labels:
            name: kibana-fleet
        spec:
          containers:
          - name: kibana
            resources:
              limits:
                memory: 1Gi
                cpu: 1
            readinessProbe:
                  # Override the readiness probe as GCLB reuses it for its own healthchecks
                  httpGet:
                    scheme: HTTPS
                    path: "/login"
                    port: 5601