我试图在 GCE 入口后面暴露 Kibana,但入口将 kibana 服务报告为
UNHEALTHY
,而它是 healthy and ready
。请注意,Ingress 创建的健康检查仍在根 HTTP
和 /
上使用默认值 Port
:ex:32021
。
将 GCP 控制台中的运行状况检查更改为 HTTPS
和 /login
上的 Port: 5601
不会改变任何内容,服务仍报告为 Unhealthy
。 healthcheck 端口也被覆盖为原始值,这很奇怪。
我正在使用 ECK 1.3.1
,下面是我的配置。我是不是漏掉了什么?预先感谢您。
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: d3m0
spec:
version: 7.10.1
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
podTemplate:
metadata:
labels:
kibana: node
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
http:
service:
spec:
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kibana-ingress
spec:
backend:
serviceName: d3m0-kb-http
servicePort: 5601
使用 ECK 时,ES 和 Kibana 上启用了所有安全功能,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须向服务添加所需的注释并覆盖运行状况检查路径,如下面的代码所示。请在此处查找更多详细信息。
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
http:
service:
metadata:
labels:
app: kibana
annotations:
# Enable TLS between GCLB and the application
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
# Uncomment the following line to enable container-native load balancing.
cloud.google.com/neg: '{"ingress": true}'
podTemplate:
metadata:
labels:
name: kibana-fleet
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
# Override the readiness probe as GCLB reuses it for its own healthchecks
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
如果您通过 Helm Chart 安装 Kibana:
helm install kibana elastic/kibana -n elastic-stack
那么 GCP 默认入口将无法工作。为此,您必须使用
nginx-ingress
。
安装 Helm Chart 后,请确保您还安装了
nginx-ingress
Helm Chart。
然后,应用此入口配置以启用 HTTPS
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kibana-ingress
namespace: elastic-stack
spec:
ingressClassName: "nginx" # Specify NGINX Ingress Class
tls:
- hosts:
- "kibana.test.com"
secretName: cloudflare-origin-cert
rules:
- host: "kibana.test.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kibana-kibana
port:
number: 5601