问题描述
我试图在 GCE 入口后面公开 Kibana,但入口将 kibana 服务报告为 UNHEALTHY
,而它是 healthy and ready
。请注意,Ingress 创建的健康检查仍在使用根 HTTP
和 /
上的默认值 Port
:ex:32021
。
在 HTTPS
和 /login
上将 GCP 控制台中的运行状况检查更改为 Port: 5601
不会改变任何内容,该服务仍报告为 Unhealthy
。健康检查端口也被覆盖为原始值,这很奇怪。
我正在使用 ECK 1.3.1
,以下是我的配置。我错过了什么吗?提前致谢。
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
Metadata:
name: d3m0
spec:
version: 7.10.1
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
Metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
podTemplate:
Metadata:
labels:
kibana: node
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
http:
service:
spec:
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
Metadata:
name: kibana-ingress
spec:
backend:
serviceName: d3m0-kb-http
servicePort: 5601
解决方法
使用 ECK 时,所有安全功能都在 ES 和 Kibana 上启用,这意味着它们的服务不接受默认 GCP 负载均衡器 Healthcheck 使用的 HTTP 流量。您必须向服务添加所需的注释并覆盖健康检查路径,如下面的代码所示。请查找更多详情here。
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
http:
service:
metadata:
labels:
app: kibana
annotations:
# Enable TLS between GCLB and the application
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
# Uncomment the following line to enable container-native load balancing.
cloud.google.com/neg: '{"ingress": true}'
podTemplate:
metadata:
labels:
name: kibana-fleet
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
# Override the readiness probe as GCLB reuses it for its own healthchecks
httpGet:
scheme: HTTPS
path: "/login"
port: 5601