gpt4 book ai didi

elasticsearch - 无法使用Elastic ECK设置Ingress

转载 作者:行者123 更新时间:2023-12-03 02:36:07 32 4
gpt4 key购买 nike

我在Kubernetes上为ElasticSearch设置工作入口时遇到问题。我正在使用自己的CustomResourceDefinitionx.k8s.elastic.co/v1beta1

我的elastic.yaml看起来像这样:( ingress.yaml包含在底部)

apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
name: elasticsearch-test
namespace: elastic-system
spec:
version: 7.4.0
#http:
# tls:
# certificate:
# secretName: tls-secret-test
http:
service:
spec:
type: ClusterIP
tls:
selfSignedCertificate:
disabled: true
nodeSets:
- name: master
count: 1
nodeSelector:
component: elasticsearch
volumeClaimTemplates:
- metadata:
name: elasticsearch-master
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: multik8s-nfs-storage
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: multik8s-nfs-storage
config:
node.master: true
node.data: true
node.ingest: true
node.store.allow_mmap: false
'''
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: elasticsearch
namespace: elastic-system
spec:
tls:
- hosts:
- elasticsearch.foo.bar
secretName: tls-secret
rules:
- host: elasticsearch.foo.bar
http:
paths:
- path: /
backend:
serviceName: elasticsearch-test-es-http
servicePort: 9200

我的 kibana.yaml看起来像这样:
apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
name: kibana-test
namespace: elastic-system
spec:
version: 7.4.0
#http:
# tls:
# certificate:
# secretName: tls-secret-test
http:
service:
spec:
type: ClusterIP
tls:
selfSignedCertificate:
disabled: true
count: 1
elasticsearchRef:
name: elasticsearch-test
'''
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: kibana
namespace: elastic-system
spec:
tls:
- hosts:
- kibana.foo.bar
secretName: tls-secret
rules:
- host: kibana.foo.bar
http:
paths:
- path: /
backend:
serviceName: kibana-test-kb-http
servicePort: 5601

首先,我确实要在入口中使用自己的签名tls证书。
奇怪的是,kibana的入口可以直接使用,没有任何问题。当我与k8s群集位于同一网络上时,elasticsearch的入 Eloquent 有效。不在外面。

curl -u "elastic:$PASSWORD" -k "https://elasticsearch.foo.bar"
curl: (7) Failed to connect to elasticsearch.foo.bar port 443: Connection refused

在同一网络上

curl -u "elastic:$PASSWORD" -k "https://elasticsearch.foo.bar"
{
"name" : "elasticsearch-test-es-master-0",
"cluster_name" : "elasticsearch-test",
"cluster_uuid" : "ulfFb-tjT8KplEBPSglo6w",
"version" : ...
}

我已经通过设置进行了一些实验
tls:
selfSignedCertificate:
subjectAltNames:
- dns: elasticsearch.foo.bar


tls:
certificate:
secretName: tls-secret-test

没有成功...但是我猜那是用于内部流量的,也就是在kibana和elasticsearch之间?

我真的不确定我在做什么错,因为它可以与Kibana一起使用,但不能与ElasticSearch一起使用...

P.s的kibana和松紧带均采用绿色:


NAME                         HEALTH   NODES   VERSION   PHASE   AGE
elasticsearch-test green 1 7.4.0 Ready 1d
NAME HEALTH NODES VERSION AGE
kibana-test green 1 7.4.0 1d

最佳答案

如果禁用了tls,请尝试在不使用https的情况下进行请求

 http:
service:
spec:
type: ClusterIP
tls:
selfSignedCertificate:
disabled: true

使用此命令
curl -u "elastic:$PASSWORD" -k "http://elasticsearch.foo.bar"

这是我的入口(无需tls即可正常工作)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
# remove comment if tls is activated
# annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/secure-backends: "true"
name: elastic-ingress
spec:
rules:
- host: elasticsearch.foo.bar
http:
paths:
- backend:
serviceName:
servicePort: 9200
path: /
tls:
- hosts:
- elasticsearch.foo.bar
secretName: tls

关于elasticsearch - 无法使用Elastic ECK设置Ingress,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58859012/

32 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com