【发布时间】:2021-08-26 05:56:01
【问题描述】:
我已经在 EKS 集群上部署了 Logstash 和 elasticsearch pod。当我检查 logstash pod 的日志时,它显示无法访问 elasticserach 服务器。虽然我的弹性搜索已经启动并正在运行。请在下面找到 yaml 文件并记录错误。
configMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: "logstash-configmap-development"
namespace: "development"
labels:
app: "logstash-development"
data:
logstash.conf: |-
input {
http {
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["https://my-server.com/elasticsearch-development/"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
deployment.yaml
---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "logstash-development"
namespace: "development"
spec:
selector:
matchLabels:
app: "logstash-development"
replicas: 1
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: "logstash-development"
spec:
containers:
-
name: "logstash-development"
image: "logstash:7.10.2"
imagePullPolicy: "Always"
env:
-
name: "XPACK_MONITORING_ELASTICSEARCH_HOSTS"
value: "https://my-server.com/elasticsearch-development/"
-
name: "XPACK_MONITORING_ELASTICSEARCH_URL"
value: "https://my-server.com/elasticsearch-development/"
-
name: "SERVER_BASEPATH"
value: "logstash-development"
securityContext:
privileged: true
ports:
-
containerPort: 8080
protocol: TCP
volumeMounts:
-
name: "logstash-conf-volume"
mountPath: "/usr/share/logstash/pipeline/"
volumes:
-
name: "logstash-conf-volume"
configMap:
name: "logstash-configmap-development"
items:
- key: "logstash.conf"
path: "logstash.conf"
imagePullSecrets:
-
name: "logstash"
service.yaml
---
apiVersion: "v1"
kind: "Service"
metadata:
name: "logstash-development"
namespace: "development"
labels:
app: "logstash-development"
spec:
ports:
-
port: 55770
targetPort: 8080
selector:
app: "logstash-development"
Logstash pod 日志错误
[2021-06-09T08:22:38,708][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://my-server.com/elasticsearch-development/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://my-server.com/elasticsearch-development/][Manticore::ConnectTimeout] connect timed out"}
注意:- Elasticsearch 已启动并正在运行。当我点击logstash url时,它的状态为ok。
我检查了elasticsearch cluster-ip,他们的logstash能够连接到Elasticsearch,但是当我提供入口路径url时,它无法连接到elasticsearch。
另外,从日志中,我注意到 elasticsearch 的 url 不正确。
我的 elasticsearch 网址是这样的:- https://my-server.com/elasticserach
但 logstash 正在寻找 https://my-server.com:9200/elasticsearch
使用此 url (https://my-server.com:9200/elasticsearch) 无法访问弹性搜索,因此导致连接超时。
有人能说出为什么它会占用 (https://my-server.com:9200/elasticsearch) 而不是 (https://my-server.com/elasticsearch)
【问题讨论】:
-
elasticsearch 是在 kubernetes 中运行还是在外部运行?
-
@whites11,elastisearch 仅在 kubernetes 中运行
-
所以你可以分享你在logstash中设置的实际URL而不是你设置的占位符吗?它应该是一个私有 URL,因此不会导致任何安全问题。
-
@whites11,很抱歉我无法分享,但它是一个 https url,后跟入口路径 url
-
我的意思是,如果logstash和elasticsearch在同一个kubernetes集群中运行,你应该使用内部服务名从LS访问ES
标签: elasticsearch kubernetes connection logstash