ELK设置密码
系统环境
- ELK 版本:7.6.2
- Kubernetes 版本:v1.20.0
从elastic 6.8和7.1开始将xpack里的安全功能免费开放,本文介绍了如何利用X-pack给ElasticSearch设置用户名和密码,本文利用k8s的secret来分发密钥,ELK搭建可参考之前文档
生成私钥和证书
创建一个docker容器用于执行命令,执行密钥生成以后,通过docker cp把密钥取出来
[root@k8s01 elk]# docker run -d --name es elasticsearch:7.6.2 sleep 3600
006ec16645a53d9ec59e611f832850b568ef8da49096cfe215af767e7d65d9ec
[root@k8s01 elk]# docker exec es /usr/share/elasticsearch/bin/elasticsearch-certutil cert -out /elastic-certificates.p12 -pass ""
[root@k8s01 elk]# docker cp es:/elastic-certificates.p12 ./
#验证
[root@k8s01 elk]# openssl pkcs12 -nocerts -nodes -in ./elastic-certificates.p12 -info
Enter Import Password:
MAC Iteration 100000
MAC verified OK
PKCS7 Data
...
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000
Certificate bag
Certificate bag
#清理
[root@k8s01 elk]# docker stop es
[root@k8s01 elk]# docker rm -f es
ES节点配置
创建secret
将生成的密钥存成k8s的secret
[root@k8s01 elk]# kubectl create secret generic es-keystore --from-file=./elastic-certificates.p12 -n tools-env
secret/es-keystore created
挂载secret
将密钥挂载到pod中,并修改es配置开启tls,以下为添加内容
[root@k8s01 elk]# vim es.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es
namespace: tools-env
...
mountPath: /usr/share/elasticsearch/config/elastic-certificates.p12
readOnly: true
subPath: elastic-certificates.p12
env:
...
- name: "xpack.security.enabled"
value: "false"
value: "true"
- name: xpack.security.transport.ssl.enabled
value: "true"
- name: xpack.security.transport.ssl.verification_mode
value: "certificate"
- name: xpack.security.transport.ssl.keystore.path
value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
- name: xpack.security.transport.ssl.truststore.path
value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
volumes:
- name: keystore
secret:
secretName: es-keystore
defaultMode: 0444
...
[root@k8s01 elk]# kubectl apply -f es.yaml
statefulset.apps/es configured
service/elasticsearch unchanged
service/elasticsearch-client unchanged
[root@k8s01 elk]# kubectl get -n tools-env po|grep es
es-0 1/1 Running 0 15s
es-1 1/1 Running 0 55s
es-2 1/1 Running 0 63s
注意:就是pkcs的密钥位置必须放在usr/share/elasticsearch/config/ ,否则会报permission denied,改owner、mode都没用
配置ES应用密码
使用以下命令初始化密码
[root@k8s01 elk]# kubectl exec -it -n tools-env es-0 bin/elasticsearch-setup-passwords interactive
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
Kibana配置ES密码
[root@k8s01 elk]# vim kibana-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: kibana-config
namespace: tools-env
labels:
app: kibana
data:
kibana.yml: |-
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
elasticsearch.username: "elastic"
elasticsearch.password: "xxxxxx"
xpack.monitoring.ui.container.elasticsearch.enabled: true
[root@k8s01 elk]# kubectl apply -f kibana-config.yaml
configmap/kibana-config configured
[root@k8s01 elk]# kubectl delete -n tools-env po kibana-78d5554c4-2xh2g
pod "kibana-78d5554c4-2xh2g" deleted
Logstash配置ES密码
[root@k8s01 elk]# vim logstash-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-config
namespace: tools-env
labels:
app: logstash
data:
logstash.conf: |-
input { #输入组件
...
output {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "logstash-%{[fields][source]}-%{+YYYY-MM-dd}"
user => "elastic"
password => "xxx"
}
}
[root@k8s01 elk]# kubectl apply -f logstash-config.yaml
configmap/logstash-config configured
[root@k8s01 elk]# kubectl delete -n tools-env po logstash-5977879964-zvmms
pod "logstash-5977879964-zvmms" deleted
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
爱吃可爱多!
喜欢就支持一下吧
打赏
微信
支付宝