如何使用反向代理入口在Azure Kubernetes群集上设置Kibana(EFK堆栈)?
首先,我想感谢你写了一篇精彩的文章 我有一个想获得帮助的场景,所以我在AKS集群上安装了Elastic search、Filebeat和Kibana。现在,因为我正在使用Nginx入口控制器在反向代理负载平衡器上公开应用程序,反向代理负载平衡器连接到主机名 我不能把kibana暴露在外面。我得到404错误。我试图在kibana部署等中添加serverbasepath变量,但仍然得到404错误如何使用反向代理入口在Azure Kubernetes群集上设置Kibana(EFK堆栈)?,kubernetes,kibana,nginx-ingress,efk,Kubernetes,Kibana,Nginx Ingress,Efk,首先,我想感谢你写了一篇精彩的文章 我有一个想获得帮助的场景,所以我在AKS集群上安装了Elastic search、Filebeat和Kibana。现在,因为我正在使用Nginx入口控制器在反向代理负载平衡器上公开应用程序,反向代理负载平衡器连接到主机名 我不能把kibana暴露在外面。我得到404错误。我试图在kibana部署等中添加serverbasepath变量,但仍然得到404错误 名称:服务器\基本路径 值:“/kibana” 以下是我的设置: 1.入口 apiVersion:
- 名称:服务器\基本路径 值:“/kibana”
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-dev
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: frontend-ui-service
servicePort: 80
path: /(.*)
- backend:
serviceName: home-micro-service
servicePort: 3333
path: /api-dev(/|$)(.*)
- backend:
serviceName: kibana-kibana
servicePort: 5601
path: /kibana(/|$)(.*)
2.Kibana-values.yaml
---
elasticsearchHosts: "http://elasticsearch-master:9200"
replicas: 1
# Extra environment variables to append to this nodeGroup
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
# syntax here
extraEnvs:
# - name: "NODE_OPTIONS"
# value: "--max-old-space-size=1800"
# - name: MY_ENVIRONMENT_VAR
# value: the_value_goes_here
# Allows you to load environment variables from kubernetes secret or config map
envFrom: []
# - secretRef:
# name: env-secret
# - configMapRef:
# name: config-map
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security and for mounting
# the X-Pack license
secretMounts: []
# - name: kibana-keystore
# secretName: kibana-keystore
# path: /usr/share/kibana/data/kibana.keystore
# subPath: kibana.keystore # optional
image: "dockerRepo/docker.elastic.co/kibana/kibana"
imageTag: "7.9.1"
imagePullPolicy: "IfNotPresent"
# additionals labels
labels: {}
podAnnotations: {}
# iam.amazonaws.com/role: es-cluster
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "1000m"
memory: "2Gi"
protocol: http
serverHost: "0.0.0.0"
healthCheckPath: "/app/kibana"
# Allows you to add any config files in /usr/share/kibana/config/
# such as kibana.yml
kibanaConfig: {}
# kibana.yml: |
# key:
# nestedkey: value
# If Pod Security Policy in use it may be required to specify security context as well as service account
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
serviceAccount: ""
# This is the PriorityClass settings as defined in
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
httpPort: 5601
extraContainers: ""
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
extraInitContainers: ""
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
updateStrategy:
type: "Recreate"
service:
type: ClusterIP
loadBalancerIP: ""
port: 5601
nodePort: ""
labels: {}
annotations: {}
# cloud.google.com/load-balancer-type: "Internal"
# service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
# service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true"
loadBalancerSourceRanges: []
# 0.0.0.0/0
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 3
timeoutSeconds: 5
imagePullSecrets: []
nodeSelector: {}
tolerations: []
affinity: {}
nameOverride: ""
fullnameOverride: ""
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# Deprecated - use only with versions < 6.6
elasticsearchURL: "" # "http://elasticsearch-master:9200"
---
弹性搜索主机:http://elasticsearch-master:9200"
副本:1份
#附加到此节点组的额外环境变量
#这将附加到当前的“env:”键。您可以使用任何kubernetes环境
#这里的语法
外部环境:
#-名称:“节点_选项”
#值:“--最大旧空间大小=1800”
#-名称:MY_ENVIRONMENT_VAR
#值:值在这里
#允许您从kubernetes机密或配置映射加载环境变量
envFrom:[]
#-secretRef:
#姓名:env secret
#-configMapRef:
#名称:配置映射
#一份秘密清单和它们在吊舱内的安装路径
#这对于装载安全证书和装载证书非常有用
#X-Pack许可证
秘籍:[]
#-名称:kibana密钥库
#机密名称:kibana密钥库
#路径:/usr/share/kibana/data/kibana.keystore
#子路径:kibana.keystore#可选
图片:“dockerepo/docker.elastic.co/kibana/kibana”
图像标签:“7.9.1”
imagePullPolicy:“如果不存在”
#附加标签
标签:{}
POD注释:{}
#iam.amazonaws.com/role:es cluster
资源:
请求:
cpu:“1000m”
内存:“2Gi”
限制:
cpu:“1000m”
内存:“2Gi”
协议:http
服务器主机:“0.0.0.0”
healthCheckPath:“/app/kibana”
#允许您在/usr/share/kibana/config中添加任何配置文件/
#例如kibana.yml
kibanaConfig:{}
#kibana.yml:|
#关键:
#nestedkey:值
#如果正在使用Pod安全策略,则可能需要指定安全上下文以及服务帐户
podSecurityContext:
组别:1000
securityContext:
能力:
删除:
-全部
#readOnlyRootFilesystem:true
runAsNonRoot:true
runAsUser:1000
服务帐户:“
#这是中定义的PriorityClass设置
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName:“
httport:5601
外部容器:“
#-名称:虚拟初始化
#图片:busybox
#命令:['echo','hey']
外部容器:“
#-名称:虚拟初始化
#图片:busybox
#命令:['echo','hey']
更新策略:
类型:“重新创建”
服务:
类型:集群
负载均衡器IP:“
港口:5601
节点端口:“
标签:{}
注释:{}
#cloud.google.com/load-balancer-type:“内部”
#service.beta.kubernetes.io/aws-load-balancer-internal:0.0.0/0
#service.beta.kubernetes.io/azure-load-balancer-internal:“true”
#service.beta.kubernetes.io/openstack-internal-load-balancer:“true”
#service.beta.kubernetes.io/cce-load-balancer-internal-vpc:“true”
loadBalancerSourceRanges:[]
# 0.0.0.0/0
进入:
已启用:false
注释:{}
#kubernetes.io/ingres.class:nginx
#kubernetes.io/tls-acme:“正确”
路径:/
主持人:
-chart-example.local
tls:[]
#-secretName:图表示例tls
#主持人:
#-chart-example.local
readinessProbe:
故障保持:3
初始延迟秒数:10
秒:10
成功门槛:3
timeoutSeconds:5
imagePullSecrets:[]
节点选择器:{}
容忍:[]
关联:{}
名称覆盖:“
全名覆盖:“
生命周期:{}
#预停止:
#执行官:
#命令:[“/bin/sh”、“-c”、“从postStart处理程序回显Hello>/usr/share/message”]
#启动后:
#执行官:
#命令:[“/bin/sh”、“-c”、“从postStart处理程序回显Hello>/usr/share/message”]
#不推荐使用-仅适用于<6.6的版本
elasticsearchURL:#http://elasticsearch-master:9200"
如前所述,您的图像版本是7.9.1
server.basepath:
指定Kibana是应重写以server.basePath为前缀的请求,还是要求由反向代理重写这些请求。在Kibana 6.3及更早版本中,默认值为false在Kibana 7.x中,该设置不推荐使用。在Kibana8.0及更高版本中,默认值为true。默认值:不推荐
据我所知,如果您想使用server.basePath
,那么您还必须设置server.rewriteBasePath:true
尝试将以下内容添加到Kibana配置中:
server.basePath: "/kibana"
server.rewriteBasePath: true
此外,正如@anyasabo所提到的
您需要覆盖kibana资源的podtemplate中准备就绪探测器的路径。目前,它已硬编码为/login
如果这不起作用,我建议检查入口是否配置正确 例如,创建简单的入口,只需使用kibana的路径
/
,并检查它是否有效
额外资源:
server.basePath
,那么您还必须设置server.rewriteBasePath:true
尝试将以下内容添加到Kibana配置中:
server.basePath: "/kibana"
server.rewriteBasePath: true
此外,正如@anyasabo所提到的
您需要覆盖kibana资源的podtemplate中准备就绪探测器的路径。目前,它已硬编码为/login