ELK学习笔记(二)——使用K8S部署Kibana8.15.0

王一横不要停止努力吖2024-09-07 11:32

上篇文章我们完成了,ES的集群部署,如果还没有看过上篇文章的兄弟,可以去看看。
ELK学习笔记(一)------使用K8S部署ElasticSearch8.15.0集群

话不多说,接下来直接进入kibana的搭建

一、下载镜像

bash 复制代码 
#1、下载官方镜像
docker pull kibana:8.15.0
#2、打新tag
docker tag kibana:8.15.0 192.168.9.41:8088/new-erp-common/kibana:8.15.0
#3、推送到私有仓库harbor
docker push 192.168.9.41:8088/new-erp-common/kibana:8.15.0

二、创建工作目录

bash 复制代码 
mkdir -p /home/ec2-user/k8s/elk/kibana

kibana的yaml文件目录:/home/ec2-user/k8s/elk/kibana

kibana的安全证书文件目录:/home/ec2-user/k8s/elk/kibana/certs

三、准备yaml配置文件

3.1重置密码(密码忘记时可选)

当es集群搭建好之后,用kubectl exec -it 进去到任一es容器内部,运行下方命令重置elastic账号 与 kibana-system(kibana专用)账号的密码

bash 复制代码 
$ kubectl get pod -n renpho-erp-common|grep elastic
elasticsearch-0                       1/1     Running   0          3d21h
elasticsearch-1                       1/1     Running   0          3d21h
elasticsearch-2                       1/1     Running   0          3d21h

# ec2-user @ k8s-master in ~/k8s/elk/kibana [4:14:42] 
$ kubectl exec -it elasticsearch-0 -n renpho-erp-common -- /bin/sh
sh-5.0$ pwd
/usr/share/elasticsearch
#重置elasticsearch密码
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y


Password for the [elastic] user successfully reset.
New value: sJdEWgos4+O3Ay*lgt
#重置kibana密码
sh-5.0$ ./bin/elasticsearch-reset-password -u kibana_system
This tool will reset the password of the [kibana] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y


Password for the [kibana_system] user successfully reset.
New value: fo*6-ggA59Fk*CYQG4Df

记住此密码,下面kibana.yml中需要用到。或者使用./bin/elasticsearch-reset-password -u kibana_system -i自定义密码

修改密码时可能会遇到权限问题,比如执行./bin/elasticsearch-reset-password -u elastic时,出现

sh-5.0$ ./bin/elasticsearch-reset-password -u elastic

WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]

WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]

This tool will reset the password of the [elastic] user to an autogenerated value.

The password will be printed in the console.

Please confirm that you would like to continue [y/N]

ERROR: User cancelled operation, with exit code 0

3.2准备ConfigMap配置

创建ConfigMap配置,里面主要配置了kibana.yml需要的配置

  • server.publicBaseUrl、server.host
    可以根据自己的需要填写,我习惯都是挂个域名然后通过内网配个hosts来访问
  • elasticsearch.hosts 配置kibana访问ES集群的地址,这里用的就是ES service的访问地址
  • elasticsearch.password 是我们之前设定的kibana_system账号的密码
yaml 复制代码 
$ cat config-map-kibana.yaml 
apiVersion: v1
kind: ConfigMap #配置信息
metadata:
  name: config-map-kibana #kibana配置
  namespace: renpho-erp-common
data:
  kibana.yml: |
    #服务器端口
    #server.publicBaseUrl:
    server.port: 5601
    server.host: "0.0.0.0"
    server.shutdownTimeout: "5s"
    
    monitoring.ui.container.elasticsearch.enabled: true
    elasticsearch.hosts: [ "https://elasticsearch.renpho-erp-common.svc.cluster.local:9200" ]
    
    #让 Kibana 连接到 Elasticsearch 时不验证 SSL 证书的有效性
    elasticsearch.ssl.verificationMode: none
    elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/local-certs/elasticsearch-ca.pem" ]
    
    server.ssl.enabled: true
    server.ssl.certificate: /usr/share/kibana/config/local-certs/kibana.crt
    server.ssl.key: /usr/share/kibana/config/local-certs/kibana.key

    
    #访问es服务器账号密码,可以进到es pod中执行./bin/elasticsearch-reset-password -u kibana_system重置密码
    elasticsearch.username: "kibana_system"
    elasticsearch.password: "fo*6-ggA59Fk*CYQG4Df"
    
    # =================== System: Logging ===================

    logging.root.level: info

    # Example with size based log rotation
    logging.appenders.default:
      type: rolling-file
      fileName: /usr/share/kibana/logs/kibana.log
      policy:
        type: time-interval
      strategy:
        type: numeric
        pattern: '-%i'
        max: 10
      layout:
        type: json

    # Specifies locale to be used for all localizable strings, dates and number formats.
    # Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
    i18n.locale: "zh-CN"

3.3准备Service及StatefulSet文件

yaml 复制代码 
$ cat deploy-kibana2.yaml 
apiVersion: v1
kind: Service
metadata:
  name: kibana
  namespace: renpho-erp-common
spec:
  ports:
  - port: 5601
    protocol: TCP
    targetPort: 5601
    nodePort: 30091
  type: NodePort
  selector:
    app: kibana
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: kibana
  namespace: renpho-erp-common
  labels:
    app: kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
      - name: kibana
        image: renpho.harbor.com/new-erp-common/kibana:8.15.0
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1
            memory: 2G
          requests:
            cpu: 0.5
            memory: 500Mi
        ports:
        - containerPort: 5601
          protocol: TCP
        volumeMounts:
        - name: kibana-volume
          mountPath: /usr/share/kibana/data
          subPath: kibana-data
        - name: kibana-volume
          mountPath: /usr/share/kibana/logs
          subPath: kibana-logs
        - name: kibana-cert-file  #挂载ssl证书目录
          mountPath: /usr/share/kibana/config/local-certs
        - name: kibana-config  #挂载配置文件
          mountPath: /usr/share/kibana/config/kibana.yml
          subPath: kibana.yml
        - name: host-time  #挂载本地时区
          mountPath: /etc/localtime
          readOnly: true
      volumes:
      - name: kibana-config
        configMap:
          name: config-map-kibana
          defaultMode: 493 #文件权限为-rwxr-xr-x
      - name: kibana-cert-file
        secret:
          secretName: kibana-certificates
      - name: host-time
        hostPath: #挂载本地时区
          path: /etc/localtime
          type: ""
  volumeClaimTemplates:
  - metadata:
      name: kibana-volume
    spec:
      storageClassName: ssd-nfs-storage
      accessModes: [ "ReadWriteMany" ]
      resources:
        requests:
          storage: 20Gi

四、开始用K8S部署Kibana

首先,看下kibana目录下的文件

4.1将安全证书添加到Secret中

bash 复制代码 
kubectl create secret generic kibana-certificates  --from-file=/home/ec2-user/k8s/elk/kibana/certs/elasticsearch-ca.pem  --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.crt  --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.csr --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.key -n renpho-erp-common

4.2运行Kibana

依次执行下列命令

bash 复制代码 
#ES配置文件创建
kubectl apply -f config-map-kibana.yaml
#ES Service,StatefulSet创建
kubectl apply -f delpoy-kibana2.yaml
#查看运行状态
kubectl get pod -n renpho-erp-common|grep kibana

浏览器访问下面地址:https://renpho.master.com:30091/login,这时候需要输入elastic的账号登录进去

你也可以使用ip访问,例如https://192.168.6.220:30091/login我这里是将192.168.6.220做了个伪域名renpho.master.com

登录进去后,通过kibana dev-tool一样可以查看ES集群状态

到此,使用K8s部署Kibana成功!

相关推荐
viperrrrrrrrrr72 小时前
大数据学习(105)-Hbase
大数据·学习·hbase
IT _oA2 小时前
Active Directory 域服务
运维·服务器·网络·windows·笔记
袖清暮雨2 小时前
Python刷题笔记
笔记·python·算法
六bring个六3 小时前
QT上位机笔记
开发语言·笔记·qt
熬夜造bug3 小时前
LeetCode Hot100 刷题笔记(1)—— 哈希、双指针、滑动窗口
笔记·leetcode·hot100
行思理4 小时前
go语言应该如何学习
开发语言·学习·golang
oceanweave5 小时前
【k8s学习之CSI】理解 LVM 存储概念和相关操作
学习·容器·kubernetes
花之亡灵6 小时前
.net6 中实现邮件发送
笔记·c#·.net·代码规范
LuoYaFu6 小时前
文件上传做题记录
笔记
吴梓穆7 小时前
UE5学习笔记 FPS游戏制作43 UI材质
笔记·学习·ue5
热门推荐
01我决定放弃搞 Java 了02RAG 实践- Ollama+RagFlow 部署本地知识库03DeepSeek各版本说明与优缺点分析04从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑05汽车上的各种质量:整备质量、总质量、装载质量、簧上质量、簧下质量06如何在WPS和Word/Excel中直接使用DeepSeek功能07DeepSeek RAGFlow构建本地知识库系统08生活电子常识--删除谷歌浏览器搜索记录09本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程10Vue环境搭建:vue+idea