Kibana kubernetes服务拒绝连接

Question

我已经使用自己修改后的Helm图表部署了Open Distro

Kibana kubernetes服务看起来像

apiVersion: v1
kind: Service
metadata:
  annotations:
  creationTimestamp: "2019-09-05T15:29:04Z"
  labels:
    app: opendistro-es
    chart: opendistro-es-1.0.0
    heritage: Tiller
    release: opendistro-es
  name: opendistro-es-kibana
  namespace: elasticsearch
  resourceVersion: "48313341"
  selfLink: /api/v1/namespaces/elasticsearch/services/opendistro-es-kibana
  uid: e5066171-cff1-11e9-bb87-42010a8401d0
spec:
  clusterIP: 10.15.246.245
  ports:
  - name: opendistro-es-kibana
    port: 443
    protocol: TCP
    targetPort: 5601
  selector:
    app: opendistro-es-kibana
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

豆荚看起来像

apiVersion: v1
kind: Pod
metadata:
  annotations:
    checksum/config: a4af5a55572dd6587cb86b0e6b3758f682c23745ad114448ce93c19e9612b6a
  creationTimestamp: "2019-09-05T15:29:04Z"
  generateName: opendistro-es-kibana-5f78f46bb-
  labels:
    app: opendistro-es-kibana
    chart: opendistro-es-1.0.0
    heritage: Tiller
    pod-template-hash: 5f78f46bb
    release: opendistro-es
  name: opendistro-es-kibana-5f78f46bb-8pqfs
  namespace: elasticsearch
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: opendistro-es-kibana-5f78f46bb
    uid: e4a7a0fe-cff1-11e9-bb87-42010a8401d0
  resourceVersion: "48313352"
  selfLink: /api/v1/namespaces/elasticsearch/pods/opendistro-es-kibana-5f78f46bb-8pqfs
  uid: e4acd8b3-cff1-11e9-bb87-42010a8401d0
spec:
  containers:
  - env:
    - name: CLUSTER_NAME
      value: elasticsearch
    image: amazon/opendistro-for-elasticsearch-kibana:1.0.2
    imagePullPolicy: IfNotPresent
    name: opendistro-es-kibana
    ports:
    - containerPort: 5601
      protocol: TCP
    resources:
      limits:
        cpu: 2500m
        memory: 2Gi
      requests:
        cpu: 500m
        memory: 512Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /usr/share/kibana/config/kibana.yml
      name: config
      subPath: kibana.yml
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: opendistro-es-kibana-token-9g8mq
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: gke-ehealth-africa-d-concourse-ci-poo-98690882-h3lj
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: opendistro-es-kibana
  serviceAccountName: opendistro-es-kibana
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - configMap:
      defaultMode: 420
      name: opendistro-es-security-config
    name: security-config
  - name: config
    secret:
      defaultMode: 420
      secretName: opendistro-es-kibana-config
  - name: opendistro-es-kibana-token-9g8mq
    secret:
      defaultMode: 420
      secretName: opendistro-es-kibana-token-9g8mq

不幸的是，当我尝试卷曲Kibana服务名称时，连接被拒绝

curl: (7) Failed connect to opendistro-es-kibana:443; Connection refused

当我使用

kubectl port-forward svc/opendistro-es-kibana 5601:443

我可以访问Kibana

非常感谢我所缺少的任何指针！

Answer 1

您的服务属于clusterIP类型，因此无法在群集外部访问。将类型更改为NodePort，以使其可以通过<your_node_ip>:<your_service_port>

访问

一个更好的解决方案是使用k8s ingress接受外部流量

Answer 2

好吧，我设法修复它，默认情况下，Kibana服务仅在回送接口上侦听。将其切换为使用server.host: "0.0.0.0"后，效果很好。

感谢您的建议