鲜花的主人
文章
224
分类
23
评论
25

ELK设置密码

| EFLK Tools
字数总计 5868 | 阅读时长 14分钟 | 阅读量 560

系统环境

  • ELK 版本:7.6.2
  • Kubernetes 版本:v1.20.0

从elastic 6.8和7.1开始将xpack里的安全功能免费开放,本文介绍了如何利用X-pack给ElasticSearch设置用户名和密码,本文利用k8s的secret来分发密钥,ELK搭建可参考之前文档

生成私钥和证书

创建一个docker容器用于执行命令,执行密钥生成以后,通过docker cp把密钥取出来

[root@k8s01 elk]# docker run -d --name es elasticsearch:7.6.2 sleep 3600
006ec16645a53d9ec59e611f832850b568ef8da49096cfe215af767e7d65d9ec

[root@k8s01 elk]# docker exec es /usr/share/elasticsearch/bin/elasticsearch-certutil cert -out /elastic-certificates.p12 -pass ""
[root@k8s01 elk]# docker cp es:/elastic-certificates.p12 ./

#验证
[root@k8s01 elk]# openssl pkcs12 -nocerts -nodes -in  ./elastic-certificates.p12 -info
Enter Import Password:
MAC Iteration 100000
MAC verified OK
PKCS7 Data
...
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000
Certificate bag
Certificate bag

#清理
[root@k8s01 elk]# docker stop es
[root@k8s01 elk]# docker rm -f es

ES节点配置

创建secret

将生成的密钥存成k8s的secret

[root@k8s01 elk]# kubectl create secret generic es-keystore --from-file=./elastic-certificates.p12 -n tools-env 
secret/es-keystore created

挂载secret

将密钥挂载到pod中,并修改es配置开启tls,以下为添加内容

[root@k8s01 elk]# vim es.yaml 
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es
  namespace: tools-env
...
          mountPath: /usr/share/elasticsearch/config/elastic-certificates.p12
          readOnly: true
          subPath: elastic-certificates.p12
        env:
...
        - name: "xpack.security.enabled"
          value: "false"
          value: "true"
        - name: xpack.security.transport.ssl.enabled
          value: "true"
        - name: xpack.security.transport.ssl.verification_mode
          value: "certificate"
        - name: xpack.security.transport.ssl.keystore.path
          value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
        - name: xpack.security.transport.ssl.truststore.path
          value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
      volumes:
      - name: keystore
        secret:
          secretName: es-keystore
          defaultMode: 0444
...

[root@k8s01 elk]# kubectl apply -f es.yaml 
statefulset.apps/es configured
service/elasticsearch unchanged
service/elasticsearch-client unchanged
[root@k8s01 elk]# kubectl get -n tools-env po|grep es
es-0                             1/1     Running   0          15s
es-1                             1/1     Running   0          55s
es-2                             1/1     Running   0          63s

注意:就是pkcs的密钥位置必须放在usr/share/elasticsearch/config/ ,否则会报permission denied,改owner、mode都没用

配置ES应用密码

使用以下命令初始化密码

[root@k8s01 elk]# kubectl exec -it -n tools-env es-0 bin/elasticsearch-setup-passwords interactive

Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

Kibana配置ES密码

[root@k8s01 elk]# vim kibana-config.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: kibana-config
  namespace: tools-env
  labels:
    app: kibana
data:
  kibana.yml: |-
    server.name: kibana
    server.host: "0"
    elasticsearch.hosts: [ "http://elasticsearch:9200" ]
    elasticsearch.username: "elastic"
    elasticsearch.password: "xxxxxx"
    xpack.monitoring.ui.container.elasticsearch.enabled: true
    
[root@k8s01 elk]# kubectl apply -f kibana-config.yaml 
configmap/kibana-config configured
[root@k8s01 elk]# kubectl delete -n tools-env po kibana-78d5554c4-2xh2g 
pod "kibana-78d5554c4-2xh2g" deleted

Logstash配置ES密码

[root@k8s01 elk]# vim logstash-config.yaml    
apiVersion: v1
kind: ConfigMap
metadata:
  name: logstash-config
  namespace: tools-env
  labels:
    app: logstash
data:
  logstash.conf: |-
    input {                                        #输入组件
 ...
    output {                           
        elasticsearch {
            hosts => ["elasticsearch:9200"]
            index => "logstash-%{[fields][source]}-%{+YYYY-MM-dd}"    
            user => "elastic"
            password => "xxx"
        }
    }

[root@k8s01 elk]# kubectl apply -f logstash-config.yaml 
configmap/logstash-config configured
[root@k8s01 elk]# kubectl delete -n tools-env po logstash-5977879964-zvmms 
pod "logstash-5977879964-zvmms" deleted
文章作者: 鲜花的主人
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 爱吃可爱多
EFLK Tools EFLK Tools
喜欢就支持一下吧
打赏
微信 微信
支付宝 支付宝