[英]How to setup Kibana (EFK stack) on Azure Kubernetes cluster using reverse proxy ingress?
首先要感謝您上面的精彩文章。
我有一個需要幫助的場景,所以我在 AKS 集群上安裝了 Elastic search、Filebeat 和 Kibana。 現在,由於我使用 Nginx Ingress 控制器在反向代理負載均衡器上公開應用程序,該負載均衡器與主機名掛鈎,例如http://example.com
我無法將 kibana 暴露在外面。 我收到 404 錯誤。 我嘗試在 kibana 部署等中添加 serverbasepath 變量,但仍然出現 404 錯誤。
以下是我的設置:1.Ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-dev
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: frontend-ui-service
servicePort: 80
path: /(.*)
- backend:
serviceName: home-micro-service
servicePort: 3333
path: /api-dev(/|$)(.*)
- backend:
serviceName: kibana-kibana
servicePort: 5601
path: /kibana(/|$)(.*)
2.Kibana - values.yaml
---
elasticsearchHosts: "http://elasticsearch-master:9200"
replicas: 1
# Extra environment variables to append to this nodeGroup
# This will be appended to the current 'env:' key. You can use any of the kubernetes env
# syntax here
extraEnvs:
# - name: "NODE_OPTIONS"
# value: "--max-old-space-size=1800"
# - name: MY_ENVIRONMENT_VAR
# value: the_value_goes_here
# Allows you to load environment variables from kubernetes secret or config map
envFrom: []
# - secretRef:
# name: env-secret
# - configMapRef:
# name: config-map
# A list of secrets and their paths to mount inside the pod
# This is useful for mounting certificates for security and for mounting
# the X-Pack license
secretMounts: []
# - name: kibana-keystore
# secretName: kibana-keystore
# path: /usr/share/kibana/data/kibana.keystore
# subPath: kibana.keystore # optional
image: "dockerRepo/docker.elastic.co/kibana/kibana"
imageTag: "7.9.1"
imagePullPolicy: "IfNotPresent"
# additionals labels
labels: {}
podAnnotations: {}
# iam.amazonaws.com/role: es-cluster
resources:
requests:
cpu: "1000m"
memory: "2Gi"
limits:
cpu: "1000m"
memory: "2Gi"
protocol: http
serverHost: "0.0.0.0"
healthCheckPath: "/app/kibana"
# Allows you to add any config files in /usr/share/kibana/config/
# such as kibana.yml
kibanaConfig: {}
# kibana.yml: |
# key:
# nestedkey: value
# If Pod Security Policy in use it may be required to specify security context as well as service account
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
# readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
serviceAccount: ""
# This is the PriorityClass settings as defined in
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
httpPort: 5601
extraContainers: ""
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
extraInitContainers: ""
# - name: dummy-init
# image: busybox
# command: ['echo', 'hey']
updateStrategy:
type: "Recreate"
service:
type: ClusterIP
loadBalancerIP: ""
port: 5601
nodePort: ""
labels: {}
annotations: {}
# cloud.google.com/load-balancer-type: "Internal"
# service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
# service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
# service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true"
loadBalancerSourceRanges: []
# 0.0.0.0/0
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 3
timeoutSeconds: 5
imagePullSecrets: []
nodeSelector: {}
tolerations: []
affinity: {}
nameOverride: ""
fullnameOverride: ""
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# Deprecated - use only with versions < 6.6
elasticsearchURL: "" # "http://elasticsearch-master:9200"
您的圖片版本是7.9.1,提到這里
server.rewriteBasePath:
指定 Kibana 是應該重寫以 server.basePath 為前綴的請求,還是要求它們由您的反向代理重寫。 在 Kibana 6.3 及更早版本中,默認值為 false。 在 Kibana 7.x 中,該設置已棄用。 在 Kibana 8.0 及更高版本中,默認值為 true。 默認值:不推薦使用
據我所知,如果你想使用server.basePath那么你還必須設置server.rewriteBasePath: true
嘗試將以下內容添加到 Kibana 配置中:
server.basePath: "/kibana"
server.rewriteBasePath: true
此外,正如@anyasabo 在這里提到的
您需要在 kibana 資源的 podtemplate 中覆蓋就緒探針的路徑。 目前它被硬編碼到 /login
如果這不起作用,我建議檢查入口是否正確配置。
例如,僅使用 kibana 的/路徑創建簡單的入口並檢查它是否有效。
其他資源:
如何使用 EFK 堆棧獲取 kubernetes 集群中的審計、文件節拍和指標節拍日志?
[英]How to get the audit, file beat and metric beat logs in kubernetes cluster using EFK stack?
無法在 kubernetes 上部署 EFK 堆棧(使用 kubespray)
[英]unable to deploy EFK stack on kubernetes (using kubespray)
使用 kubernetes nginx-ingress 反向代理具有 SNI 支持的站點
[英]Reverse proxy a site with SNI support using kubernetes nginx-ingress
使用 Kuberenetes 入口控制器作為集群中其他服務的反向代理
[英]Using Kuberenetes ingress controller as reverse proxy to other services in the cluster
如何創建將流量轉發到 kube.netes ingress controller 的反向代理,例如 haproxy ingress 或 nginx ingress
[英]How to create reverse proxy that forward traffic to kubernetes ingress controller such as haproxy ingress or nginx ingress
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.