minikube에 ElasticSearch 설치
2024. 2. 4. 00:07ㆍEFK
https://choco-life.tistory.com/54
Kubernetes에 ELK(Elasticsearch) 구축하기 #1
엘라스틱서치(Elasticsearch)는 분산형 RESTful 검색 및 분석 엔진으로 엘라스틱 스택(Elastic Stack)의 중심에 위치하고 있으며, 엘라스틱 스택은 차세대 데이터 플랫폼으로 자리 잡고 있습니다. Elastic Sta
choco-life.tistory.com
# elastic.yaml
--------------------------------------
apiVersion: v1
kind: Namespace
metadata:
name: {namespace}
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {namespace}
name: {app명}
data:
elasticsearch.yml: |
cluster.name: {app명}
network.host: 0.0.0.0
---
apiVersion: v1
kind: PersistentVolume
metadata:
namespace: {namespace}
name: {app명}
labels:
name: {app명}
spec:
storageClassName: standard
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
claimRef:
namespace: {namespace}
# node마다 시퀀셜하게 생성해야 함
name: elastic-persistent-storage-{app명}-0
persistentVolumeReclaimPolicy: Delete
hostPath:
path: /data/es
type: DirectoryOrCreate
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: {namespace}
name: elastic
labels:
app: elastic
spec:
serviceName: {app명}
selector:
matchLabels:
app: {app명}
replicas: 1
template:
metadata:
labels:
app: {app명}
spec:
containers:
- name: {app명}
# elasticsearch-oss:6.8.23 --> elasticsearch:7.17.17로 업그레이드해도 문제 없음
# elasticsearch:7.17.17 -- elasticsearch:8.12.1로 업그레이드해도 문제 없음
image: docker.elastic.co/elasticsearch/elasticsearch:8.12.1
imagePullPolicy: IfNotPresent
env:
- name: CLUSTER_NAME
value: efk-cluster
- name: discovery.type
value: single-node
- name: ES_JAVA_OPTS
value: "-Xms300m -Xmx300m"
ports:
- name: rest
containerPort: 9200
- name: transport
containerPort: 9300
volumeMounts:
- name: config
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
readOnly: true
subPath: elasticsearch.yml
- name: elastic-persistent-storage
mountPath: /usr/share/elasticsearch/data
- name: tz-seoul
mountPath: /etc/localtime
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: {app명}-persistent-storage
mountPath: /usr/share/elasticsearch/data
volumes:
- name: config
configMap:
name: {app명}
- name: tz-seoul
hostPath:
path: /usr/share/zoneinfo/Asia/Seoul
volumeClaimTemplates:
- metadata:
name: {app명}-persistent-storage
annotations:
volume.beta.kubernetes.io/storage-class: "gp2"
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: standard
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
namespace: {namespace}
name: {app명}
labels:
app: {app명}
spec:
# node간 통신을 위해서 headless service 생성
clusterIP: None
ports:
- name: rest
port: 9200
- name: transport
port: 9300
selector:
app: {app명}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {app명}
namespace: {namespace}
annotations:
spec:
rules:
- host: {app명}.test.co.kr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {app명}
port:
number: 9200
--------------------------------------
# DNS 또는 hosts 파일에 도메인 등록
{minikube IP} {app명}.test.co.kr
# 확인
curl http://{app명}.test.co.kr보안 설정 추가
xpack.security.enabled: true (default: false)
해당 설정을 추가하면, kibana 설정에서 계정/비밀번호를 설정해야 접속이 가능함
# ConfigMap 설정 변경
------------------------------
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {namespace}
name: {app명}
data:
elasticsearch.yml: |
cluster.name: {app명}
network.host: 0.0.0.0
# 없으면 계정 비밀번호 변경 안됨
xpack.security.enabled: true
------------------------------
# 브라우져에서 kibana로 접속시, 에러 발생
{"statusCode":503,"error":"Service Unavailable","message":"License is not available."}
# kibana 에러 로그
---------------------------------
{"type":"log","@timestamp":"2024-02-08T13:48:58+00:00","tags":["error","plugins","security","authentication"],"pid":6,"message":"License is not available, authentication is not possible."}
{"type":"log","@timestamp":"2024-02-08T13:48:58+00:00","tags":["warning","plugins","licensing"],"pid":6,"message":"License information could not be obtained from Elasticsearch due to {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack?accept_enterprise=true]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/_xpack?accept_enterprise=true]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401} error"}
{"type":"response","@timestamp":"2024-02-08T13:48:58+00:00","tags":[],"pid":6,"method":"get","statusCode":503,"req":{"url":"/","method":"get","headers":{"host":"kibana.xxxxxx.co.kr","x-request-id":"0ac1bfa5563a4c6c231602185ec0c7e1","x-real-ip":"192.168.49.1","x-forwarded-for":"192.168.49.1","x-forwarded-host":"kibana.xxxxxxx.co.kr","x-forwarded-port":"80","x-forwarded-proto":"http","x-forwarded-scheme":"http","x-scheme":"http","x-original-forwarded-for":"192.168.0.xx","x-forwarded-for-proto":"http","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7","accept-encoding":"gzip, deflate","accept-language":"ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7"},"remoteAddress":"10.244.0.59","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"},"res":{"statusCode":503,"responseTime":7,"contentLength":86},"message":"GET / 503 7ms - 86.0B"}
---------------------------------
# elasticsearch의 계정 비밀번호 설정
# elasticsearch pod에 접속
kubectl exec -it pod/{pod명} -n {namespace} -- /bin/bash
cd bin
elasticsearch-setup-passwords interactive
# kibana에 계정/비밀번호 설정 추가
-------------------------------
elasticsearch.username: "{계정}"
elasticsearch.password: "{비밀번호}"
-------------------------------Trouble Shooting
- Pod가 pending이고, 상태가 ContainerCreating인 경우
https://barisein.tistory.com/375
pod의 상태가 ContainerCreating일 때 조치
# 대상 확인 kubectl get pods -A # 현재 상태 확인 kubectl describe pods {pod이름} -n {namespace}
barisein.tistory.com
- Pod가 상태가 CrashLoopBackOff이고, 재기동을 반복하는 경우
오타나 보이지 않는 문자 체크 필요
# pod 내역 출력
kebectl get pod -A
kubectl describe pod {pod명} -n {namespace}
--------------------
Error: failed to start container "elastic": Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/var/lib/kubelet/pods/0a350e1a-c0f5-4e9f-bbc0-1000fcd87dd7/volume-subpaths/config/elastic/0" to rootfs at "/usr/share/elasticsearch/config/elasticsearch.yml": mount /var/lib/kubelet/pods/0a350e1a-c0f5-4e9f-bbc0-1000fcd87dd7/volume-subpaths/config/elastic/0:/usr/share/elasticsearch/config/elasticsearch.yml (via /proc/self/fd/6), flags: 0x5001: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
--------------------
# 조치
# 아래 내용에서 오타가 없는지 확인하고, 없으면 파일명을 지우고 다시 씀
# 눈에는 안보이지만, 이상한 문자나 공백이 들어가서 몇 시간 낭비함
--------------------------
volumeMounts:
- name: config
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
readOnly: true
subPath: elasticsearch.yml
--------------------------참고
# 아래와 같이 subPath를 제거하면, 디렉토리 자체를 새로 만들기 때문에 다른 파일이 존재하지 않게 됨
--------------------------
volumeMounts:
- name: config
mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
readOnly: true
--------------------------
# pod 내역 출력
kubectl describe pod {pod명} -n {namespace}
--------------------------
Back-off restarting failed container elastic in pod elastic-0_efk(160373c7-3339-4713-b944-17f9ce1d317b)
--------------------------
# 로그 확인하면 아래와 같이 에러 발생
kubectl logs -f pod/{pod명} -n {namespace}
--------------------------
Exception in thread "main" java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config/jvm.options
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
at java.base/java.nio.file.Files.newByteChannel(Files.java:426)
at java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)
at java.base/java.nio.file.Files.newInputStream(Files.java:160)
at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:60)
--------------------------- elasticsearch-setup-passwords 실행시 오류 발생
# 실행
kubectl exec -it pod/{pod명} -n {namespace} -- /bin/bash
cd bin
elasticsearch-setup-passwords interactive
# 오류
# elasticsearch heap memory 설정이 잘못된 경우 발생
Error occurred during initialization of VM
Initial heap size set to a larger value than the maximum heap size
# 수정: 오타수정(-Xms300m -Xms300m --> -Xms300m -Xmx300m)
-------------------
env:
- name: CLUSTER_NAME
value: efk-cluster
- name: discovery.type
value: single-node
- name: ES_JAVA_OPTS
value: "-Xms300m -Xmx300m"
-------------------
# 오류
# xpack.security.enabled: true 추가하고 재기동해야 함
Unexpected response code [500] from calling GET http://10.244.0.69:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is enabled on this Elasticsearch node.
Please check if you have enabled X-Pack security in your elasticsearch.yml configuration file.'EFK' 카테고리의 다른 글
| Kibana Discover 윈도우 모니터링 설정 (0) | 2024.02.10 |
|---|---|
| Kibana UI에서 설정 변경 (0) | 2024.02.10 |
| Kibana Dashboard에서 Discover로 바로 이동하기 (0) | 2024.02.09 |
| Sysmon 설치 (0) | 2024.02.09 |
| Winlogbeat 설치 (0) | 2024.02.09 |