elasticsearch+kibana 的配置参考 Elasticsearch 安全功能入门
参考上面的文章,由于我是在k8s环境下部署的,所以所有跟配置有关的都是设置成环境变量的形式。还有生成elastic-certificates.p12文件和设置密码都是进入到pod中操作的。p12文件是在里面生成,然后拿出来供给以后使用
kibana的user和password设置,用户我是设置成user为elastic,密码为设置密码阶段时设置的,使用kibana作为用户名不知道为什么无法正常工作,怀疑是权限不够。
logstash配置
# es作为输出时的配置-pipe文件
elasticsearch {
hosts => ["es-svc:9200"]
index => "web-%{+YYYY.MM.dd}"
user => "logstash_internal"
password => "changeme"
}
#配置相关环境变量-config配置文件
env:
- name: xpack.monitoring.enabled
value: "true"
- name: xpack.monitoring.elasticsearch.hosts
value: "es-svc:9200"
- name: xpack.monitoring.elasticsearch.username
value: "logstash_system"
- name: xpack.monitoring.elasticsearch.password
value: "changeme"
然后再kibana的控制台生成logstash_internal用户
POST _xpack/security/role/logstash_writer
{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "logstash-*"], #这里可以添加输出的index模式
"privileges": ["write","delete","create_index","index","create"] #可操作权限
}
]
}
POST _xpack/security/user/logstash_internal
{
"password" : "changeme",
"roles" : [ "logstash_writer"],
"full_name" : "Internal Logstash User"
}
参考
https://www.elastic.co/guide/en/logstash/7.2/configuring-logstash.html
https://www.elastic.co/guide/en/logstash/7.2/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-keystore_password
https://www.elastic.co/cn/blog/getting-started-with-elasticsearch-security
https://www.cnblogs.com/saneri/p/6912593.html
https://www.elastic.co/blog/how-to-setup-tls-for-elasticsearch-kibana-logstash-filebeat-with-offline-install-in-linux
