AWS Elastic Kubernetes 服务:如何将容器/pod 公开到 AWS 内的 Elasticsearch 集群?
[英]AWS Elastic Kubernetes Service: how to expose a container/pod to an Elasticsearch cluster inside AWS?
问题描述
Setup: there is an EKS cluster running with 2 worker nodes and there is a separate Elasticsearch cluster as well in the same VPC as the worker nodes.
设置:有一个运行有 2 个工作节点的 EKS 集群,并且在与工作节点相同的 VPC 中还有一个单独的 Elasticsearch 集群。 How can I / shall I open a connection between a logstash container in a pod on a worker node to the Elasticsearch cluster?我如何/应该打开工作节点上 pod 中的 logstash 容器与 Elasticsearch 集群之间的连接? I guess a service is needed for logstash but what type and how to set it up?我想 logstash 需要一个服务,但是什么类型以及如何设置它? Thanks for answering!谢谢回答!
1 个解决方案
解决方案1
1 2020-09-28 20:38:21
As a comment alluded to, you can do this via standard AWS Security Group adjustments.正如评论中提到的,您可以通过标准的 AWS 安全组调整来做到这一点。 ie- Make sure that your worker nodes' security group allows Outbound connectivity to your Elasticsearch cluster on port 9200 or whatever port you're using, and make sure that your Elasticsearch Cluster Ec2 instances allow Inbound traffic from your Worker Nodes on port 9200. This assumes you're not using AWS's nifty new Security Group per Pod functionality, which allows you to get even more granular with your rules.即 - 确保您的工作节点的安全组允许在端口 9200 或您使用的任何端口上出站连接到您的 Elasticsearch 集群,并确保您的 Elasticsearch 集群 Ec2 实例允许来自您的工作节点在端口 9200 上的入站流量。这假设您没有使用 AWS 漂亮的新安全组每个 Pod功能,这使您可以更精细地处理规则。
And then to test, you can exec into your logstash pod and curl your elasticsearch cluster endpoint.然后进行测试,您可以执行到您的 logstash pod 并卷曲您的 elasticsearch 集群端点。 You can install curl if it's not already installed.如果尚未安装 curl,您可以安装它。
kubectl exec -it <logstash-pod> /bin/bash
curl -XGET <elasticsearch-url>/_cluster/health
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.