0

我试图在 GCE 入口后面公开 Kibana,但入口正在报告 kibana 服务,UNHEALTHY而它是healthy and ready. 请注意,由 Ingress 创建的运行状况检查仍在使用HTTP/Port:上的默认值ex:32021。将 GCP 控制台中的运行状况检查更改为HTTPSon/login并且Port: 5601不会更改任何内容,并且该服务仍报告为Unhealthy. 健康检查端口也被覆盖为原始值,这很奇怪。我正在使用ECK 1.3.1,以下是我的配置。我错过了什么吗?先感谢您。

apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
  name: d3m0
spec:
  version: 7.10.1
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
  name: d3m0
spec:
  version: 7.10.1
  count: 1
  elasticsearchRef:
    name: d3m0
  podTemplate:
    metadata:
      labels:
        kibana: node
    spec:
      containers:
      - name: kibana
        resources:
          limits:
            memory: 1Gi
            cpu: 1
        readinessProbe:
          httpGet:
            scheme: HTTPS
            path: "/login"
            port: 5601
  http:
    service:
      spec:
        type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: kibana-ingress
spec:
  backend:
      serviceName: d3m0-kb-http
      servicePort: 5601
4

1 回答 1

1

使用 ECK 时,在 ES 和 Kibana 上启用了所有安全功能,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须将所需的注释添加到服务并覆盖运行状况检查路径,如下面的代码所示。请在此处找到更多详细信息。

    apiVersion: kibana.k8s.elastic.co/v1
    kind: Kibana
    metadata:
      name: d3m0
    spec:
      version: 7.10.1
      count: 1
      elasticsearchRef:
        name: d3m0
      http:
        service:
          metadata:
            labels:
              app: kibana
            annotations:
              # Enable TLS between GCLB and the application
              cloud.google.com/app-protocols: '{"https":"HTTPS"}'
              service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
              # Uncomment the following line to enable container-native load balancing.
              cloud.google.com/neg: '{"ingress": true}'
    
      podTemplate:
        metadata:
          labels:
            name: kibana-fleet
        spec:
          containers:
          - name: kibana
            resources:
              limits:
                memory: 1Gi
                cpu: 1
            readinessProbe:
                  # Override the readiness probe as GCLB reuses it for its own healthchecks
                  httpGet:
                    scheme: HTTPS
                    path: "/login"
                    port: 5601
于 2021-03-22T09:23:33.317 回答