K8s ECK Logstash Pod 连接问题

问题描述 投票:0回答:1

Elasticsearch (v2.9) pod 和 Logstash Pod 在名为 

elastic-system
的同一默认命名空间中运行,但 elasticsearch pod 阻止来自 Logstash Pod 的所有 http 请求。此输出共享如下:

Logstash Pod 日志输出:

[2023-11-03T10:57:39,092][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elastic:xxxxxx@quickstart-es-http:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://quickstart-es-http:9200/][Manticore::ClientProtocolException] quickstart-es-http:9200 failed to respond"}

Elasticsearch Pod 日志输出:

{"@timestamp":"2023-11-03T11:04:55.719Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/10.10.234.134:9200, remoteAddress=/10.10.234.158:60508}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#1]","log.logger":"org.elasticsearch.http.netty4.Netty4HttpServerTransport","elasticsearch.cluster.uuid":"cLtrkFiZSXGk9Y7Vkh1dIA","elasticsearch.node.id":"ixrbei6lTcKEJhIxmhemJw","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}

我在下面共享了持久卷和logstash yaml文件:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: logstash-data
  labels:
    type: local
spec:
  storageClassName: ls-scn
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/logstash/data"
---
apiVersion: logstash.k8s.elastic.co/v1alpha1
kind: Logstash
metadata:
  name: quickstart
spec:
  count: 1
  elasticsearchRefs:
    - name: quickstart
      clusterName: qs
  version: 8.10.2
  podTemplate:
    spec:
      containers:
        - name: logstash
          env:
            - name: ECK_CACRT
              value: 81FCA623ED460EA0832CB35AD73D9A87B2E9B323ACFF07B985451E815CABF3D2
  pipelines:
    - pipeline.id: main
      config.string: |
        input {
          beats {
            port => 5044
          }
        }
        output {
          elasticsearch {
            hosts => [ "quickstart-es-http" ]
            user => "elastic"
            password => "4PyI3513SR21cSHs7lj6GyN9"
            ca_trusted_fingerprint => "${ECK_CACRT}"
          }
        }
  services:
    - name: beats
      service:
        spec:
          type: NodePort
          ports:
            - port: 5044
              name: "filebeat"
              protocol: TCP
              targetPort: 5044
              nodePort: 32000

  volumeClaimTemplates:
    - metadata:
        name: logstash-data # Do not change this name unless you set up a volume mount for the data path.
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: ls-scn
kubernetes elastic-stack cicd
1个回答
0
投票

解决方案:

logstash.yaml
中的主机应如下所示:

output {
  elasticsearch {
    hosts => [ "https://quickstart-es-http:9200" ]
    user => "elastic"
    password => "4PyI3513SR21cSHs7lj6GyN9"
    ca_trusted_fingerprint => "${ECK_CACRT}"
  }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.