上篇文章我们完成了,ES的集群部署,如果还没有看过上篇文章的兄弟,可以去看看。
ELK学习笔记(一)------使用K8S部署ElasticSearch8.15.0集群
话不多说,接下来直接进入kibana的搭建
一、下载镜像
bash
#1、下载官方镜像
docker pull kibana:8.15.0
#2、打新tag
docker tag kibana:8.15.0 192.168.9.41:8088/new-erp-common/kibana:8.15.0
#3、推送到私有仓库harbor
docker push 192.168.9.41:8088/new-erp-common/kibana:8.15.0二、创建工作目录
bash
mkdir -p /home/ec2-user/k8s/elk/kibanakibana的yaml文件目录:/home/ec2-user/k8s/elk/kibana
kibana的安全证书文件目录:/home/ec2-user/k8s/elk/kibana/certs
三、准备yaml配置文件
3.1重置密码(密码忘记时可选)
当es集群搭建好之后,用kubectl exec -it 进去到任一es容器内部,运行下方命令重置elastic账号 与 kibana-system(kibana专用)账号的密码
bash
$ kubectl get pod -n renpho-erp-common|grep elastic
elasticsearch-0 1/1 Running 0 3d21h
elasticsearch-1 1/1 Running 0 3d21h
elasticsearch-2 1/1 Running 0 3d21h
# ec2-user @ k8s-master in ~/k8s/elk/kibana [4:14:42]
$ kubectl exec -it elasticsearch-0 -n renpho-erp-common -- /bin/sh
sh-5.0$ pwd
/usr/share/elasticsearch
#重置elasticsearch密码
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: sJdEWgos4+O3Ay*lgt
#重置kibana密码
sh-5.0$ ./bin/elasticsearch-reset-password -u kibana_system
This tool will reset the password of the [kibana] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [kibana_system] user successfully reset.
New value: fo*6-ggA59Fk*CYQG4Df记住此密码,下面kibana.yml中需要用到。或者使用./bin/elasticsearch-reset-password -u kibana_system -i自定义密码
修改密码时可能会遇到权限问题,比如执行./bin/elasticsearch-reset-password -u elastic时,出现
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
WARNING: Owner of file /usr/share/elasticsearch/config/users used to be root, but now is elasticsearch
WARNING: Owner of file /usr/share/elasticsearch/config/users_roles used to be root, but now is elasticsearch
This tool will reset the password of the elastic user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue y/N
ERROR: User cancelled operation, with exit code 0
3.2准备ConfigMap配置
创建ConfigMap配置,里面主要配置了kibana.yml需要的配置
- server.publicBaseUrl、server.host
可以根据自己的需要填写,我习惯都是挂个域名然后通过内网配个hosts来访问 - elasticsearch.hosts 配置kibana访问ES集群的地址,这里用的就是ES service的访问地址
- elasticsearch.password 是我们之前设定的kibana_system账号的密码
yaml
$ cat config-map-kibana.yaml
apiVersion: v1
kind: ConfigMap #配置信息
metadata:
name: config-map-kibana #kibana配置
namespace: renpho-erp-common
data:
kibana.yml: |
#服务器端口
#server.publicBaseUrl:
server.port: 5601
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.hosts: [ "https://elasticsearch.renpho-erp-common.svc.cluster.local:9200" ]
#让 Kibana 连接到 Elasticsearch 时不验证 SSL 证书的有效性
elasticsearch.ssl.verificationMode: none
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/local-certs/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /usr/share/kibana/config/local-certs/kibana.crt
server.ssl.key: /usr/share/kibana/config/local-certs/kibana.key
#访问es服务器账号密码,可以进到es pod中执行./bin/elasticsearch-reset-password -u kibana_system重置密码
elasticsearch.username: "kibana_system"
elasticsearch.password: "fo*6-ggA59Fk*CYQG4Df"
# =================== System: Logging ===================
logging.root.level: info
# Example with size based log rotation
logging.appenders.default:
type: rolling-file
fileName: /usr/share/kibana/logs/kibana.log
policy:
type: time-interval
strategy:
type: numeric
pattern: '-%i'
max: 10
layout:
type: json
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
i18n.locale: "zh-CN"3.3准备Service及StatefulSet文件
yaml
$ cat deploy-kibana2.yaml
apiVersion: v1
kind: Service
metadata:
name: kibana
namespace: renpho-erp-common
spec:
ports:
- port: 5601
protocol: TCP
targetPort: 5601
nodePort: 30091
type: NodePort
selector:
app: kibana
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: kibana
namespace: renpho-erp-common
labels:
app: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
containers:
- name: kibana
image: renpho.harbor.com/new-erp-common/kibana:8.15.0
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 0.5
memory: 500Mi
ports:
- containerPort: 5601
protocol: TCP
volumeMounts:
- name: kibana-volume
mountPath: /usr/share/kibana/data
subPath: kibana-data
- name: kibana-volume
mountPath: /usr/share/kibana/logs
subPath: kibana-logs
- name: kibana-cert-file #挂载ssl证书目录
mountPath: /usr/share/kibana/config/local-certs
- name: kibana-config #挂载配置文件
mountPath: /usr/share/kibana/config/kibana.yml
subPath: kibana.yml
- name: host-time #挂载本地时区
mountPath: /etc/localtime
readOnly: true
volumes:
- name: kibana-config
configMap:
name: config-map-kibana
defaultMode: 493 #文件权限为-rwxr-xr-x
- name: kibana-cert-file
secret:
secretName: kibana-certificates
- name: host-time
hostPath: #挂载本地时区
path: /etc/localtime
type: ""
volumeClaimTemplates:
- metadata:
name: kibana-volume
spec:
storageClassName: ssd-nfs-storage
accessModes: [ "ReadWriteMany" ]
resources:
requests:
storage: 20Gi四、开始用K8S部署Kibana
首先,看下kibana目录下的文件
4.1将安全证书添加到Secret中
bash
kubectl create secret generic kibana-certificates --from-file=/home/ec2-user/k8s/elk/kibana/certs/elasticsearch-ca.pem --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.crt --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.csr --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.key -n renpho-erp-common
4.2运行Kibana
依次执行下列命令
bash
#ES配置文件创建
kubectl apply -f config-map-kibana.yaml
#ES Service,StatefulSet创建
kubectl apply -f delpoy-kibana2.yaml
#查看运行状态
kubectl get pod -n renpho-erp-common|grep kibana
浏览器访问下面地址:https://renpho.master.com:30091/login,这时候需要输入elastic的账号登录进去
你也可以使用ip访问,例如https://192.168.6.220:30091/login。我这里是将192.168.6.220做了个伪域名renpho.master.com
登录进去后,通过kibana dev-tool一样可以查看ES集群状态
到此,使用K8s部署Kibana成功!