我无法在kubernetes上为ElasticSearch设置工作入口。我使用的是自己的CustomResourceDefinition,即x.k8s.elastic.co/v1beta1。
我的elastic.yaml看起来像这样:(ingress.yaml位于底部)
apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: elasticsearch-test
namespace: elastic-system
spec:
version: 7.4.0
#http:
# tls:
# certificate:
# secretName: tls-secret-test
http:
service:
spec:
type: ClusterIP
tls:
selfSignedCertificate:
disabled: true
nodeSets:
- name: master
count: 1
nodeSelector:
component: elasticsearch
volumeClaimTemplates:
- metadata:
name: elasticsearch-master
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: multik8s-nfs-storage
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: multik8s-nfs-storage
config:
node.master: true
node.data: true
node.ingest: true
node.store.allow_mmap: false
'''
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: elasticsearch
namespace: elastic-system
spec:
tls:
- hosts:
- elasticsearch.foo.bar
secretName: tls-secret
rules:
- host: elasticsearch.foo.bar
http:
paths:
- path: /
backend:
serviceName: elasticsearch-test-es-http
servicePort: 9200
我的kibana.yaml看起来像这样:
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: kibana-test
namespace: elastic-system
spec:
version: 7.4.0
#http:
# tls:
# certificate:
# secretName: tls-secret-test
http:
service:
spec:
type: ClusterIP
tls:
selfSignedCertificate:
disabled: true
count: 1
elasticsearchRef:
name: elasticsearch-test
'''
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: kibana
namespace: elastic-system
spec:
tls:
- hosts:
- kibana.foo.bar
secretName: tls-secret
rules:
- host: kibana.foo.bar
http:
paths:
- path: /
backend:
serviceName: kibana-test-kb-http
servicePort: 5601
首先,我确实要在入口中使用自己的签名tls证书。 奇怪的是, kibana 的入口可以直接使用,没有任何问题。当我与k8s群集位于同一网络上时,elasticsearch的入口仅起作用。不在外面。
curl -u "elastic:$PASSWORD" -k "https://elasticsearch.foo.bar"
curl: (7) Failed to connect to elasticsearch.foo.bar port 443: Connection refused
在同一个网络上
curl -u "elastic:$PASSWORD" -k "https://elasticsearch.foo.bar"
{
"name" : "elasticsearch-test-es-master-0",
"cluster_name" : "elasticsearch-test",
"cluster_uuid" : "ulfFb-tjT8KplEBPSglo6w",
"version" : ...
}
我通过设置
进行了一些实验tls:
selfSignedCertificate:
subjectAltNames:
- dns: elasticsearch.foo.bar
和
tls:
certificate:
secretName: tls-secret-test
没有成功...但是我猜那是用于内部流量的,即在 kibana 和 elasticsearch 之间?
我不太确定自己在做什么错,因为它可以与Kibana一起使用,但不适用于ElasticSearch ...
P.s的kibana和松紧带均是绿色的: 即
NAME HEALTH NODES VERSION PHASE AGE
elasticsearch-test green 1 7.4.0 Ready 1d
NAME HEALTH NODES VERSION AGE
kibana-test green 1 7.4.0 1d
答案 0 :(得分:0)
如果停用了tls,请尝试在不使用https的情况下请求
$_country = "IN:India,UK:United Kingdom,AU:Australia";
$tmp=explode(',', $_country);
$pairs=[];
foreach($tmp as $pair){
list($param,$value)=explode(':',$pair);
$pairs[$param]=$value;
}
使用此命令
http:
service:
spec:
type: ClusterIP
tls:
selfSignedCertificate:
disabled: true
这里是我的入口(无需tls即可正常运行)
curl -u "elastic:$PASSWORD" -k "http://elasticsearch.foo.bar"