search

kubesphere / ks-installer

Install KubeSphere on existing Kubernetes cluster
https://kubesphere.io
Apache License 2.0
532 stars 747 forks source link

日志使用外部es。我该怎么设置密码。 #2262

Closed poo0054 closed 1 year ago

poo0054 commented 1 year ago

如何将日志存储改为外部 Elasticsearch 并关闭内部

我该怎么写帐号和密码,现在报错

[401 Unauthorized] type: security_exception, reason: unable to authenticate user [admin] for REST request [/]

我的配置

es:
  basicAuth:
    enabled: true
    password: wacWX469zEm77N0Xb59o53Hx
    username: elastic
  elkPrefix: logstash
  enabled: true
  externalElasticsearchHost: elastic-es-http.theangel
  externalElasticsearchPort: '9200'
  logMaxAge: 7

secrets的fluent-bit配置解析后

[Service]
    Parsers_File    parsers.conf
[Input]
    Name    systemd
    Path    /var/log/journal
    DB    /fluent-bit/tail/docker.db
    DB.Sync    Normal
    Tag    service.containerd
    Systemd_Filter    _SYSTEMD_UNIT=containerd.service
[Input]
    Name    systemd
    Path    /var/log/journal
    DB    /fluent-bit/tail/kubelet.db
    DB.Sync    Normal
    Tag    service.kubelet
    Systemd_Filter    _SYSTEMD_UNIT=kubelet.service
[Input]
    Name    tail
    Path    /var/log/containers/*.log
    Exclude_Path    /var/log/containers/*_kubesphere-logging-system_events-exporter*.log,/var/log/containers/kube-auditing-webhook*_kubesphere-logging-system_kube-auditing-webhook*.log
    Refresh_Interval    10
    Skip_Long_Lines    true
    DB    /fluent-bit/tail/pos.db
    DB.Sync    Normal
    Mem_Buf_Limit    5MB
    Parser    cri
    Tag    kube.*
[Filter]
    Name    lua
    Match    kube.*
    script    /fluent-bit/config/containerd.lua
    call    containerd
    time_as_table    true
[Filter]
    Name    kubernetes
    Match    kube.*
    Kube_URL    https://kubernetes.default.svc:443
    Kube_CA_File    /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    Kube_Token_File    /var/run/secrets/kubernetes.io/serviceaccount/token
    Labels    false
    Annotations    false
[Filter]
    Name    nest
    Match    kube.*
    Operation    lift
    Nested_under    kubernetes
    Add_prefix    kubernetes_
[Filter]
    Name    modify
    Match    kube.*
    Remove    stream
    Remove    kubernetes_pod_id
    Remove    kubernetes_host
    Remove    kubernetes_container_hash
[Filter]
    Name    nest
    Match    kube.*
    Operation    nest
    Wildcard    kubernetes_*
    Nest_under    kubernetes
    Remove_prefix    kubernetes_
[Filter]
    Name    lua
    Match    service.*
    script    /fluent-bit/config/systemd.lua
    call    add_time
    time_as_table    true
[Output]
    Name    es
    Match_Regex    (?:kube|service)\.(.*)
    Host    elasticsearch.theangel
    Port    9200
    Logstash_Format    true
    Logstash_Prefix    ks-logstash-log
    Time_Key    @timestamp
    Generate_ID    true
[Output]
    Name    opensearch
    Match_Regex    (?:kube|service)\.(.*)
    Host    opensearch-cluster-data.kubesphere-logging-system.svc
    Port    9200
    HTTP_User    admin
    HTTP_Passwd    admin
    Logstash_Format    true
    Logstash_Prefix    ks-whizard-logging
    Time_Key    @timestamp
    Suppress_Type_Name    true
    tls    On
    tls.verify    false

没有密码。我该怎么设置这个密码elasticsearch.theangel。 HTTP_User 和 HTTP_Passwd 在 ks-installer 中如何设置

参考文档:

Elasticsearchhttps://www.kubesphere.io/zh/docs/v3.4/faq/observability/logging/#%e5%a6%82%e4%bd%95%e5%b0%86%e6%97%a5%e5%bf%97%e5%ad%98%e5%82%a8%e6%94%b9%e4%b8%ba%e5%a4%96%e9%83%a8-elasticsearch-%e5%b9%b6%e5%85%b3%e9%97%ad%e5%86%85%e9%83%a8-elasticsearch

poo0054 commented 1 year ago

有谁能帮帮我吗