kubernetes集群部署elasticsearch集群,包含无认证和有认证模式

1、背景:

因公司业务需要,需要在测试、生产kubernetes集群中部署elasticsearch集群,因不同环境要求,需要部署不同模式的elasticsearch集群,

1、测试环境因安全性要求不高,是部署一套默认配置;

2、生产环境因安全性要求,是部署一套带认证配置;

2、开发elasticsearch集群,无认证模式:

在kubernetes集群中部署elasticsearch集群,采用的是,有状态服务组件,就是StatefulSet组件。

1. 开发yaml文件内容如下:

vim elasticsearch.yaml

cpp 复制代码
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es7-cluster
  namespace: sit
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3
        resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: k8s-logs
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.zen.minimum_master_nodes
            value: "2"
          - name: discovery.seed_hosts
            value: "es7-cluster-0.elasticsearch,es7-cluster-1.elasticsearch,es7-cluster-2.elasticsearch"
          - name: cluster.initial_master_nodes
            value: "es7-cluster-0,es7-cluster-1,es7-cluster-2"
          - name: ES_JAVA_OPTS
            value: "-Xms1g -Xmx1g"
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "ulimit -n 65536"]
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 1Gi

注:

1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。

vim elasticsearch-svc.yaml

cpp 复制代码
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: sit
spec:
  selector:
    app: elasticsearch
  type: ClusterIP
  ports:
  - port: 9200
    name: es-9200
    targetPort: 9200
  - port: 9300
    name: es-9300
    targetPort: 9300

2. 创建elasticsearch集群:

执行生效yaml文件

kubectl apply -f elasticsearch.yaml

statefulset.apps/elastic-cluster created

kubectl apply -f elasticsearch-svc.yaml

service/elasticsearch-svc created

3. 查看运行情况:

查看sts组件运行情况:

kubectl get sts

NAME READY AGE

es7-cluster 3/3 5m6s

查看pod运行情况:

kubectl get pods | grep es7

es7-cluster-0 1/1 Running 0 5m54s

es7-cluster-1 1/1 Running 0 4m23s

es7-cluster-2 1/1 Running 0 3m30s

查看svc情况:

kubectl get svc | grep ela

elasticsearch ClusterIP 172.32.151.215 <none> 9200/TCP,9300/TCP 22s

4. 访问elasticsearch服务:

3、开发elasticsearch集群,认证模式:

在kubernetes集群中部署elasticsearch集群,采用的是有状态服务组件,就是StatefulSet组件。

1. 开发yaml文件内容如下:

vim elasticsearch.yaml

cpp 复制代码
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elastic-cluster
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  serviceName: elastic-svc
  replicas: 3
  selector:
    matchLabels:
      app: elastic-cluster
      kubernetes.io/cluster-service: "true"
  template:
    metadata:
      labels:
        app: elastic-cluster
        kubernetes.io/cluster-service: "true"
    spec:
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "ulimit -n 65536"]
      volumes:
      - name: localtime
        hostPath:
          path: /etc/localtime
          type: ''
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3-p12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9200
          name: rest-api
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
        env:
        - name: node.name
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: discovery.zen.minimum_master_nodes
          value: "2"
        - name: discovery.seed_hosts
          value: "elastic-svc"
        - name: cluster.initial_master_nodes
          value: "elastic-cluster-0,elastic-cluster-1,elastic-cluster-2"
        - name: ES_JAVA_OPTS
          value: "-Xms1024m -Xmx1024m"
        - name: xpack.security.enabled
          value: "true"
        - name: xpack.security.transport.ssl.enabled
          value: "true"
        - name: xpack.security.transport.ssl.verification_mode
          value: "certificate"
        - name: xpack.security.transport.ssl.keystore.path
          value: "elastic-certificates.p12"
        - name: xpack.security.transport.ssl.truststore.path
          value: "elastic-certificates.p12"
  volumeClaimTemplates:   
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 2Gi

注:

1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。

vim elasticsearch-svc.yaml

cpp 复制代码
apiVersion: v1
kind: Service
metadata:
  name: elastic-svc
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  selector:
    app: elastic-cluster
  type: ClusterIP
  ports:
  - name: rest-api
    port: 9200
    protocol: TCP
    targetPort: 9200
  - name: inter-node
    port: 9300
    protocol: TCP
    targetPort: 9300

2. 创建elasticsearch集群:

kubectl apply -f elasticsearch-svc-p12.yaml

service/elastic-svc created

kubectl apply -f elasticsearch-p12.yaml

statefulset.apps/elastic-cluster created

3. 查看运行情况:

查看sts组件运行情况:

kubectl get sts

NAME READY AGE

elastic-cluster 3/3 4m42s

查看pod运行情况:

kubectl get pods | grep ela

elastic-cluster-0 1/1 Running 0 5m21s

elastic-cluster-1 1/1 Running 0 4m57s

elastic-cluster-2 1/1 Running 0 4m23s

查看svc情况:

kubectl get svc | grep ela

elastic-svc ClusterIP 172.45.199.17 <none> 9200/TCP,9300/TCP 5m46s

4.验证elasticsearch服务登入:

注:这里就提示需要密码登入了。
密码需要到 elastic-cluster-0容器中执行如下的命令:
注:这是自动生成密码

./bin/elasticsearch-setup-passwords auto

注:这里就能获取到密码了。

输入密码之后返回如下的内容:

注:到此kubernetes集群中部署elasticsearch集群的过程就结束了,希望可以帮助到大家。

相关推荐
Andy杨21 分钟前
20250712-1-Kubernetes 监控与日志管理-K8s日志管理与维护_笔记
笔记·容器·kubernetes
mit6.8241 小时前
[es自动化更新] Updatecli编排配置.yaml | dockerfilePath值文件.yml
大数据·elasticsearch·搜索引擎·自动化
Jinkxs1 小时前
Elasticsearch 简介
大数据·elasticsearch·搜索引擎
亮学长3 小时前
lodash不支持 Tree Shaking 而 lodash-es可以
大数据·前端·elasticsearch
risc1234563 小时前
Elasticsearch 线程池
java·大数据·elasticsearch
KKKingWei4 小时前
Kubernetes Dashboard UI 部署安装
云原生·容器·kubernetes
蓝天居士5 小时前
docker常用命令集(2)
docker·容器
panamera125 小时前
云端docker小知识
运维·docker·容器
jiuweiC8 小时前
spark3 streaming 读kafka写es
elasticsearch·kafka·linq
GeminiJM16 小时前
Elasticsearch混合搜索深度解析(上):问题发现与源码探索
大数据·elasticsearch·jenkins