在 GCE 入口后暴露 Kibana(不健康状态)
Exposing Kibana behind GCE ingress (UNHEALTHY state)
我试图在 GCE 入口后面公开 Kibana,但入口将 kibana 服务报告为 UNHEALTHY 而它是 healthy and ready。请注意,Ingress 创建的健康检查仍在根 / 和 Port 上使用默认值 HTTP:ex:32021。
在 /login 和 Port: 5601 上将 GCP 控制台中的健康检查更改为 HTTPS 不会改变任何内容,服务仍报告为 Unhealthy。 healthcheck 端口也被覆盖为原始值,这很奇怪。
我正在使用 ECK 1.3.1,下面是我的配置。我错过了什么吗?提前谢谢你。
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: d3m0
spec:
version: 7.10.1
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
podTemplate:
metadata:
labels:
kibana: node
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
http:
service:
spec:
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kibana-ingress
spec:
backend:
serviceName: d3m0-kb-http
servicePort: 5601
使用 ECK 时,ES 和 Kibana 上的所有安全功能都已启用,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须向服务添加所需的注释并覆盖健康检查路径,如下面的代码所示。请查找更多详细信息 here。
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
http:
service:
metadata:
labels:
app: kibana
annotations:
# Enable TLS between GCLB and the application
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
# Uncomment the following line to enable container-native load balancing.
cloud.google.com/neg: '{"ingress": true}'
podTemplate:
metadata:
labels:
name: kibana-fleet
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
# Override the readiness probe as GCLB reuses it for its own healthchecks
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
我试图在 GCE 入口后面公开 Kibana,但入口将 kibana 服务报告为 UNHEALTHY 而它是 healthy and ready。请注意,Ingress 创建的健康检查仍在根 / 和 Port 上使用默认值 HTTP:ex:32021。
在 /login 和 Port: 5601 上将 GCP 控制台中的健康检查更改为 HTTPS 不会改变任何内容,服务仍报告为 Unhealthy。 healthcheck 端口也被覆盖为原始值,这很奇怪。
我正在使用 ECK 1.3.1,下面是我的配置。我错过了什么吗?提前谢谢你。
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: d3m0
spec:
version: 7.10.1
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
podTemplate:
metadata:
labels:
kibana: node
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
http:
service:
spec:
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kibana-ingress
spec:
backend:
serviceName: d3m0-kb-http
servicePort: 5601
使用 ECK 时,ES 和 Kibana 上的所有安全功能都已启用,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须向服务添加所需的注释并覆盖健康检查路径,如下面的代码所示。请查找更多详细信息 here。
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
http:
service:
metadata:
labels:
app: kibana
annotations:
# Enable TLS between GCLB and the application
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
# Uncomment the following line to enable container-native load balancing.
cloud.google.com/neg: '{"ingress": true}'
podTemplate:
metadata:
labels:
name: kibana-fleet
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
# Override the readiness probe as GCLB reuses it for its own healthchecks
httpGet:
scheme: HTTPS
path: "/login"
port: 5601