我试图在GCE入口后面暴露Kibana,但入口将Kibana服务报告为UNHEALTHY,而它是healthy and ready。只需注意,Ingress创建的健康检查仍然使用根/和Port:ex:32021上的默认值HTTP。在/login和Port: 5601上将GCP控制台中的healthcheck更改为HTTPS不会更改任何内容,并且服务仍报告为Unhealthy。healthcheck端口也被覆盖为原始值,这很奇怪。我使用的是ECK 1.3.1,下面是我的配置。我是不是错过了什么?提前谢谢。
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: d3m0
spec:
version: 7.10.1
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
podTemplate:
metadata:
labels:
kibana: node
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: "/login"
port: 5601
http:
service:
spec:
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kibana-ingress
spec:
backend:
serviceName: d3m0-kb-http
servicePort: 5601
使用ECK时,ES和Kibana上的所有安全功能都已启用,这意味着它们的服务不接受默认GCP负载平衡器Healthcheck使用的HTTP流量。您必须将所需的注释添加到服务中,并覆盖下面代码中的健康检查路径。请在此处查找更多详细信息。
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: d3m0
spec:
version: 7.10.1
count: 1
elasticsearchRef:
name: d3m0
http:
service:
metadata:
labels:
app: kibana
annotations:
# Enable TLS between GCLB and the application
cloud.google.com/app-protocols: '{"https":"HTTPS"}'
service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
# Uncomment the following line to enable container-native load balancing.
cloud.google.com/neg: '{"ingress": true}'
podTemplate:
metadata:
labels:
name: kibana-fleet
spec:
containers:
- name: kibana
resources:
limits:
memory: 1Gi
cpu: 1
readinessProbe:
# Override the readiness probe as GCLB reuses it for its own healthchecks
httpGet:
scheme: HTTPS
path: "/login"
port: 5601