Ale*_*llo 1 heartbeat elasticsearch kubernetes
我在 Kubernetes 集群中使用 Elastic Heartbeat。
我正在尝试将谷歌云平台模块设置为 Heartbeat,文档说:
metricbeat.modules:
- module: googlecloud
metricsets:
- compute
region: "us-"
project_id: "your project id"
credentials_file_path: "your JSON credentials file path"
exclude_labels: false
period: 1m
我有凭据.json 文件来访问 GCP,但是,我无法使用 Heartbeat 将此凭据放入 kubernetes pod 中。
我尝试使用 kubernetes 秘密,但模块配置不允许这样做。只需允许放置一条路径即可。
如何将此凭据放入我的心跳 Pod 中?
谢谢!
解决了!
我使用credentials.json 文件创建了一个秘密,并将该秘密作为volumen 安装在pod 中。
配置:
秘密.yaml:
apiVersion: v1
kind: Secret
metadata:
name: credentials-secret
type: Opaque
stringData:
sa_json: |
{
"type": "service_account",
"project_id": "erased",
"private_key_id": "erased",
"private_key": "-----BEGIN PRIVATE KEY-----erased-----END PRIVATE KEY-----\n",
"client_email": "erased",
"client_id": "erased",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxx.iam.gserviceaccount.com"
}
部署.yaml:
---
volumeMounts:
- mountPath: /etc/gcp
name: service-account-credentials-volume
readOnly: true
---
---
---
volumes:
- name: service-account-credentials-volume
secret:
secretName: credentials-secret
items:
- key: sa_json
path: credentials.json
| 归档时间: |
|
| 查看次数: |
1998 次 |
| 最近记录: |