上篇文章我们完成了,ES的集群部署,如果还没有看过上篇文章的兄弟,可以去看看。
ELK学习笔记(一)——使用K8S部署ElasticSearch8.15.0集群
话不多说,接下来直接进入kibana的搭建
一、下载镜像
#1、下载官方镜像
docker pull kibana:8.15.0
#2、打新tag
docker tag kibana:8.15.0 192.168.9.41:8088/new-erp-common/kibana:8.15.0
#3、推送到私有仓库harbor
docker push 192.168.9.41:8088/new-erp-common/kibana:8.15.0
二、创建工作目录
mkdir -p /home/ec2-user/k8s/elk/kibana
kibana的yaml文件目录:/home/ec2-user/k8s/elk/kibana
kibana的安全证书文件目录:/home/ec2-user/k8s/elk/kibana/certs
三、准备yaml配置文件
3.1重置密码(密码忘记时可选)
当es集群搭建好之后,用kubectl exec -it 进去到任一es容器内部,运行下方命令重置elastic账号 与 kibana-system(kibana专用)账号的密码
$ kubectl get pod -n renpho-erp-common|grep elastic
elasticsearch-0 1/1 Running 0 3d21h
elasticsearch-1 1/1 Running 0 3d21h
elasticsearch-2 1/1 Running 0 3d21h# ec2-user @ k8s-master in ~/k8s/elk/kibana [4:14:42]
$ kubectl exec -it elasticsearch-0 -n renpho-erp-common -- /bin/sh
sh-5.0$ pwd
/usr/share/elasticsearch
#重置elasticsearch密码
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]yPassword for the [elastic] user successfully reset.
New value: sJdEWgos4+O3Ay*lgt
#重置kibana密码
sh-5.0$ ./bin/elasticsearch-reset-password -u kibana_system
This tool will reset the password of the [kibana] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]yPassword for the [kibana_system] user successfully reset.
New value: fo*6-ggA59Fk*CYQG4Df
记住此密码,下面kibana.yml中需要用到。或者使用./bin/elasticsearch-reset-password -u kibana_system -i自定义密码
修改密码时可能会遇到权限问题,比如执行./bin/elasticsearch-reset-password -u elastic时,出现
sh-5.0$ ./bin/elasticsearch-reset-password -u elastic
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]ERROR: User cancelled operation, with exit code 0
3.2准备ConfigMap配置
创建ConfigMap配置,里面主要配置了kibana.yml需要的配置
- server.publicBaseUrl、server.host
可以根据自己的需要填写,我习惯都是挂个域名然后通过内网配个hosts来访问 - elasticsearch.hosts 配置kibana访问ES集群的地址,这里用的就是ES service的访问地址
- elasticsearch.password 是我们之前设定的kibana_system账号的密码
$ cat config-map-kibana.yaml
apiVersion: v1
kind: ConfigMap #配置信息
metadata:name: config-map-kibana #kibana配置namespace: renpho-erp-common
data:kibana.yml: |#服务器端口#server.publicBaseUrl:server.port: 5601server.host: "0.0.0.0"server.shutdownTimeout: "5s"monitoring.ui.container.elasticsearch.enabled: trueelasticsearch.hosts: [ "https://elasticsearch.renpho-erp-common.svc.cluster.local:9200" ]#让 Kibana 连接到 Elasticsearch 时不验证 SSL 证书的有效性elasticsearch.ssl.verificationMode: noneelasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/config/local-certs/elasticsearch-ca.pem" ]server.ssl.enabled: trueserver.ssl.certificate: /usr/share/kibana/config/local-certs/kibana.crtserver.ssl.key: /usr/share/kibana/config/local-certs/kibana.key#访问es服务器账号密码,可以进到es pod中执行./bin/elasticsearch-reset-password -u kibana_system重置密码elasticsearch.username: "kibana_system"elasticsearch.password: "fo*6-ggA59Fk*CYQG4Df"# =================== System: Logging ===================logging.root.level: info# Example with size based log rotationlogging.appenders.default:type: rolling-filefileName: /usr/share/kibana/logs/kibana.logpolicy:type: time-intervalstrategy:type: numericpattern: '-%i'max: 10layout:type: json# Specifies locale to be used for all localizable strings, dates and number formats.# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".i18n.locale: "zh-CN"
3.3准备Service及StatefulSet文件
$ cat deploy-kibana2.yaml
apiVersion: v1
kind: Service
metadata:name: kibananamespace: renpho-erp-common
spec:ports:- port: 5601protocol: TCPtargetPort: 5601nodePort: 30091type: NodePortselector:app: kibana
---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: kibananamespace: renpho-erp-commonlabels:app: kibana
spec:replicas: 1selector:matchLabels:app: kibanatemplate:metadata:labels:app: kibanaspec:containers:- name: kibanaimage: renpho.harbor.com/new-erp-common/kibana:8.15.0imagePullPolicy: IfNotPresentresources:limits:cpu: 1memory: 2Grequests:cpu: 0.5memory: 500Miports:- containerPort: 5601protocol: TCPvolumeMounts:- name: kibana-volumemountPath: /usr/share/kibana/datasubPath: kibana-data- name: kibana-volumemountPath: /usr/share/kibana/logssubPath: kibana-logs- name: kibana-cert-file #挂载ssl证书目录mountPath: /usr/share/kibana/config/local-certs- name: kibana-config #挂载配置文件mountPath: /usr/share/kibana/config/kibana.ymlsubPath: kibana.yml- name: host-time #挂载本地时区mountPath: /etc/localtimereadOnly: truevolumes:- name: kibana-configconfigMap:name: config-map-kibanadefaultMode: 493 #文件权限为-rwxr-xr-x- name: kibana-cert-filesecret:secretName: kibana-certificates- name: host-timehostPath: #挂载本地时区path: /etc/localtimetype: ""volumeClaimTemplates:- metadata:name: kibana-volumespec:storageClassName: ssd-nfs-storageaccessModes: [ "ReadWriteMany" ]resources:requests:storage: 20Gi
四、开始用K8S部署Kibana
首先,看下kibana目录下的文件
4.1将安全证书添加到Secret中
kubectl create secret generic kibana-certificates --from-file=/home/ec2-user/k8s/elk/kibana/certs/elasticsearch-ca.pem --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.crt --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.csr --from-file=/home/ec2-user/k8s/elk/kibana/certs/kibana.key -n renpho-erp-common
4.2运行Kibana
依次执行下列命令
#ES配置文件创建
kubectl apply -f config-map-kibana.yaml
#ES Service,StatefulSet创建
kubectl apply -f delpoy-kibana2.yaml
#查看运行状态
kubectl get pod -n renpho-erp-common|grep kibana
浏览器访问下面地址:https://renpho.master.com:30091/login,这时候需要输入elastic的账号登录进去
你也可以使用ip访问,例如https://192.168.6.220:30091/login。我这里是将192.168.6.220做了个伪域名renpho.master.com
登录进去后,通过kibana dev-tool一样可以查看ES集群状态
到此,使用K8s部署Kibana成功!
