上篇文章我们完成了,ES的集群部署,如果还没有看过上篇文章的兄弟,可以去看看。
ELK学习笔记(一)------使用K8S部署ElasticSearch8.15.0集群
话不多说,接下来直接进入kibana的搭建
一、下载镜像
bash
#1、下载官方镜像
docker pull kibana:8.15.0
#2、打新tag
docker tag kibana:8.15.0 192.168.9.41:8088/new-erp-common/kibana:8.15.0
#3、推送到私有仓库harbor
docker push 192.168.9.41:8088/new-erp-common/kibana:8.15.0
二、创建工作目录
bash
mkdir -p /home/ec2-user/k8s/elk/kibana
kibana的yaml文件目录:/home/ec2-user/k8s/elk/kibana
kibana的安全证书文件目录:/home/ec2-user/k8s/elk/kibana/certs
三、准备yaml配置文件
3.1重置密码(密码忘记时可选)
当es集群搭建好之后,用kubectl exec -it 进去到任一es容器内部,运行下方命令重置elastic账号 与 kibana-system(kibana专用)账号的密码
bash
$ kubectl get pod -n renpho-erp-common|grep elastic
elasticsearch-0 1/1 Running 0 3d21h
elasticsearch-1 1/1 Running 0 3d21h
elasticsearch-2 1/1 Running 0 3d21h
# ec2-user @ k8s-master in ~/k8s/elk/kibana [4:14:42]
$ kubectl exec -it elasticsearch-0 -n renpho-erp-common -- /bin/sh
sh-5.0$ pwd
/usr/share/elasticsearch
#重置elasticsearch密码
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: sJdEWgos4+O3Ay*lgt
#重置kibana密码
sh-5.0$ ./bin/elasticsearch-reset-password -u kibana_system
This tool will reset the password of the [kibana] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [kibana_system] user successfully reset.
New value: fo*6-ggA59Fk*CYQG4Df
记住此密码,下面kibana.yml中需要用到。或者使用./bin/elasticsearch-reset-password -u kibana_system -i
自定义密码
修改密码时可能会遇到权限问题,比如执行./bin/elasticsearch-reset-password -u elastic
时,出现
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]
ERROR: User cancelled operation, with exit code 0
3.2准备ConfigMap配置
创建ConfigMap配置,里面主要配置了kibana.yml需要的配置
- server.publicBaseUrl、server.host
可以根据自己的需要填写,我习惯都是挂个域名然后通过内网配个hosts来访问 - elasticsearch.hosts 配置kibana访问ES集群的地址,这里用的就是ES service的访问地址
- elasticsearch.password 是我们之前设定的kibana_system账号的密码
yaml
$ cat config-map-kibana.yaml
apiVersion: v1
kind: ConfigMap #配置信息
metadata:
name: config-map-kibana #kibana配置
namespace: renpho-erp-common
data:
kibana.yml: |
#服务器端口
#server.publicBaseUrl:
server.port: 5601
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.hosts: [ "https://elasticsearch.renpho-erp-common.svc.cluster.local:9200" ]
#让 Kibana 连接到 Elasticsearch 时不验证 SSL 证书的有效性
elasticsearch.ssl.verificationMode: none
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/local-certs/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /usr/share/kibana/config/local-certs/kibana.crt
server.ssl.key: /usr/share/kibana/config/local-certs/kibana.key
#访问es服务器账号密码,可以进到es pod中执行./bin/elasticsearch-reset-password -u kibana_system重置密码
elasticsearch.username: "kibana_system"
elasticsearch.password: "fo*6-ggA59Fk*CYQG4Df"
# =================== System: Logging ===================
logging.root.level: info
# Example with size based log rotation
logging.appenders.default:
type: rolling-file
fileName: /usr/share/kibana/logs/kibana.log
policy:
type: time-interval
strategy:
type: numeric
pattern: '-%i'
max: 10
layout:
type: json
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
i18n.locale: "zh-CN"
3.3准备Service及StatefulSet文件
yaml
$ cat deploy-kibana2.yaml
apiVersion: v1
kind: Service
metadata:
name: kibana
namespace: renpho-erp-common
spec:
ports:
- port: 5601
protocol: TCP
targetPort: 5601
nodePort: 30091
type: NodePort
selector:
app: kibana
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: kibana
namespace: renpho-erp-common
labels:
app: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
containers:
- name: kibana
image: renpho.harbor.com/new-erp-common/kibana:8.15.0
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 0.5
memory: 500Mi
ports:
- containerPort: 5601
protocol: TCP
volumeMounts:
- name: kibana-volume
mountPath: /usr/share/kibana/data
subPath: kibana-data
- name: kibana-volume
mountPath: /usr/share/kibana/logs
subPath: kibana-logs
- name: kibana-cert-file #挂载ssl证书目录
mountPath: /usr/share/kibana/config/local-certs
- name: kibana-config #挂载配置文件
mountPath: /usr/share/kibana/config/kibana.yml
subPath: kibana.yml
- name: host-time #挂载本地时区
mountPath: /etc/localtime
readOnly: true
volumes:
- name: kibana-config
configMap:
name: config-map-kibana
defaultMode: 493 #文件权限为-rwxr-xr-x
- name: kibana-cert-file
secret:
secretName: kibana-certificates
- name: host-time
hostPath: #挂载本地时区
path: /etc/localtime
type: ""
volumeClaimTemplates:
- metadata:
name: kibana-volume
spec:
storageClassName: ssd-nfs-storage
accessModes: [ "ReadWriteMany" ]
resources:
requests:
storage: 20Gi
四、开始用K8S部署Kibana
首先,看下kibana目录下的文件
4.1将安全证书添加到Secret中
bash
kubectl create secret generic kibana-certificates --from-file=/home/ec2-user/k8s/elk/kibana/certs/elasticsearch-ca.pem --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.crt --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.csr --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.key -n renpho-erp-common
4.2运行Kibana
依次执行下列命令
bash
#ES配置文件创建
kubectl apply -f config-map-kibana.yaml
#ES Service,StatefulSet创建
kubectl apply -f delpoy-kibana2.yaml
#查看运行状态
kubectl get pod -n renpho-erp-common|grep kibana
浏览器访问下面地址:https://renpho.master.com:30091/login,这时候需要输入elastic的账号登录进去
你也可以使用ip访问,例如https://192.168.6.220:30091/login。我这里是将192.168.6.220做了个伪域名renpho.master.com
登录进去后,通过kibana dev-tool一样可以查看ES集群状态
到此,使用K8s部署Kibana成功!