暴露 GCE 入口背后的 Kibana(不健康状态)

问题描述 投票:0回答:2

我试图在 GCE 入口后面暴露 Kibana,但入口将 kibana 服务报告为 

UNHEALTHY
,而它是 
healthy and ready
。请注意,Ingress 创建的健康检查仍在根 
HTTP
/
上使用默认值 
Port
ex:32021
。 将 GCP 控制台中的运行状况检查更改为 
HTTPS
/login
上的 
Port: 5601
不会改变任何内容,服务仍报告为 
Unhealthy
。 healthcheck 端口也被覆盖为原始值,这很奇怪。 我正在使用 
ECK 1.3.1
,下面是我的配置。我是不是漏掉了什么?预先感谢您。

apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
  name: d3m0
spec:
  version: 7.10.1
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
  name: d3m0
spec:
  version: 7.10.1
  count: 1
  elasticsearchRef:
    name: d3m0
  podTemplate:
    metadata:
      labels:
        kibana: node
    spec:
      containers:
      - name: kibana
        resources:
          limits:
            memory: 1Gi
            cpu: 1
        readinessProbe:
          httpGet:
            scheme: HTTPS
            path: "/login"
            port: 5601
  http:
    service:
      spec:
        type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: kibana-ingress
spec:
  backend:
      serviceName: d3m0-kb-http
      servicePort: 5601
elasticsearch kibana google-kubernetes-engine kubernetes-ingress elastic-cloud
2个回答
2
投票

使用 ECK 时,ES 和 Kibana 上启用了所有安全功能,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须向服务添加所需的注释并覆盖运行状况检查路径,如下面的代码所示。请在此处查找更多详细信息。

    apiVersion: kibana.k8s.elastic.co/v1
    kind: Kibana
    metadata:
      name: d3m0
    spec:
      version: 7.10.1
      count: 1
      elasticsearchRef:
        name: d3m0
      http:
        service:
          metadata:
            labels:
              app: kibana
            annotations:
              # Enable TLS between GCLB and the application
              cloud.google.com/app-protocols: '{"https":"HTTPS"}'
              service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
              # Uncomment the following line to enable container-native load balancing.
              cloud.google.com/neg: '{"ingress": true}'
    
      podTemplate:
        metadata:
          labels:
            name: kibana-fleet
        spec:
          containers:
          - name: kibana
            resources:
              limits:
                memory: 1Gi
                cpu: 1
            readinessProbe:
                  # Override the readiness probe as GCLB reuses it for its own healthchecks
                  httpGet:
                    scheme: HTTPS
                    path: "/login"
                    port: 5601
0
投票

如果您通过 Helm Chart 安装 Kibana

helm install kibana elastic/kibana -n elastic-stack

那么 GCP 默认入口将无法工作。为此,您必须使用 

nginx-ingress

安装 Helm Chart 后,请确保您还安装了 

nginx-ingress
Helm Chart。

然后,应用此入口配置以启用 HTTPS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kibana-ingress
  namespace: elastic-stack
spec:
  ingressClassName: "nginx"  # Specify NGINX Ingress Class
  tls:
  - hosts:
    - "kibana.test.com"
    secretName: cloudflare-origin-cert
  rules:
  - host: "kibana.test.com"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kibana-kibana
            port:
              number: 5601
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.