kubernetes集群部署elasticsearch集群,包含无认证和有认证模式

1、背景:

因公司业务需要,需要在测试、生产kubernetes集群中部署elasticsearch集群,因不同环境要求,需要部署不同模式的elasticsearch集群,

1、测试环境因安全性要求不高,是部署一套默认配置;

2、生产环境因安全性要求,是部署一套带认证配置;

2、开发elasticsearch集群,无认证模式:

在kubernetes集群中部署elasticsearch集群,采用的是,有状态服务组件,就是StatefulSet组件。

1. 开发yaml文件内容如下:

vim elasticsearch.yaml

cpp 复制代码
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es7-cluster
  namespace: sit
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3
        resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: k8s-logs
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.zen.minimum_master_nodes
            value: "2"
          - name: discovery.seed_hosts
            value: "es7-cluster-0.elasticsearch,es7-cluster-1.elasticsearch,es7-cluster-2.elasticsearch"
          - name: cluster.initial_master_nodes
            value: "es7-cluster-0,es7-cluster-1,es7-cluster-2"
          - name: ES_JAVA_OPTS
            value: "-Xms1g -Xmx1g"
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "ulimit -n 65536"]
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 1Gi

注:

1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。

vim elasticsearch-svc.yaml

cpp 复制代码
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: sit
spec:
  selector:
    app: elasticsearch
  type: ClusterIP
  ports:
  - port: 9200
    name: es-9200
    targetPort: 9200
  - port: 9300
    name: es-9300
    targetPort: 9300

2. 创建elasticsearch集群:

执行生效yaml文件

kubectl apply -f elasticsearch.yaml

statefulset.apps/elastic-cluster created

kubectl apply -f elasticsearch-svc.yaml

service/elasticsearch-svc created

3. 查看运行情况:

查看sts组件运行情况:

kubectl get sts

NAME READY AGE

es7-cluster 3/3 5m6s

查看pod运行情况:

kubectl get pods | grep es7

es7-cluster-0 1/1 Running 0 5m54s

es7-cluster-1 1/1 Running 0 4m23s

es7-cluster-2 1/1 Running 0 3m30s

查看svc情况:

kubectl get svc | grep ela

elasticsearch ClusterIP 172.32.151.215 <none> 9200/TCP,9300/TCP 22s

4. 访问elasticsearch服务:

3、开发elasticsearch集群,认证模式:

在kubernetes集群中部署elasticsearch集群,采用的是有状态服务组件,就是StatefulSet组件。

1. 开发yaml文件内容如下:

vim elasticsearch.yaml

cpp 复制代码
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elastic-cluster
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  serviceName: elastic-svc
  replicas: 3
  selector:
    matchLabels:
      app: elastic-cluster
      kubernetes.io/cluster-service: "true"
  template:
    metadata:
      labels:
        app: elastic-cluster
        kubernetes.io/cluster-service: "true"
    spec:
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "ulimit -n 65536"]
      volumes:
      - name: localtime
        hostPath:
          path: /etc/localtime
          type: ''
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3-p12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9200
          name: rest-api
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
        env:
        - name: node.name
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: discovery.zen.minimum_master_nodes
          value: "2"
        - name: discovery.seed_hosts
          value: "elastic-svc"
        - name: cluster.initial_master_nodes
          value: "elastic-cluster-0,elastic-cluster-1,elastic-cluster-2"
        - name: ES_JAVA_OPTS
          value: "-Xms1024m -Xmx1024m"
        - name: xpack.security.enabled
          value: "true"
        - name: xpack.security.transport.ssl.enabled
          value: "true"
        - name: xpack.security.transport.ssl.verification_mode
          value: "certificate"
        - name: xpack.security.transport.ssl.keystore.path
          value: "elastic-certificates.p12"
        - name: xpack.security.transport.ssl.truststore.path
          value: "elastic-certificates.p12"
  volumeClaimTemplates:   
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 2Gi

注:

1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。

vim elasticsearch-svc.yaml

cpp 复制代码
apiVersion: v1
kind: Service
metadata:
  name: elastic-svc
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  selector:
    app: elastic-cluster
  type: ClusterIP
  ports:
  - name: rest-api
    port: 9200
    protocol: TCP
    targetPort: 9200
  - name: inter-node
    port: 9300
    protocol: TCP
    targetPort: 9300

2. 创建elasticsearch集群:

kubectl apply -f elasticsearch-svc-p12.yaml

service/elastic-svc created

kubectl apply -f elasticsearch-p12.yaml

statefulset.apps/elastic-cluster created

3. 查看运行情况:

查看sts组件运行情况:

kubectl get sts

NAME READY AGE

elastic-cluster 3/3 4m42s

查看pod运行情况:

kubectl get pods | grep ela

elastic-cluster-0 1/1 Running 0 5m21s

elastic-cluster-1 1/1 Running 0 4m57s

elastic-cluster-2 1/1 Running 0 4m23s

查看svc情况:

kubectl get svc | grep ela

elastic-svc ClusterIP 172.45.199.17 <none> 9200/TCP,9300/TCP 5m46s

4.验证elasticsearch服务登入:

注:这里就提示需要密码登入了。
密码需要到 elastic-cluster-0容器中执行如下的命令:
注:这是自动生成密码

./bin/elasticsearch-setup-passwords auto

注:这里就能获取到密码了。

输入密码之后返回如下的内容:

注:到此kubernetes集群中部署elasticsearch集群的过程就结束了,希望可以帮助到大家。

相关推荐
赵孝正3 小时前
GitLab 分支管理与 Push 问题全解析
大数据·elasticsearch·gitlab
LuiChun3 小时前
docker desktop更新到【4.45.0 】后,旧容器镜像都丢失了
docker·容器·dubbo
ZLRRLZ3 小时前
【Docker】Docker安装
运维·docker·容器
一刀到底2114 小时前
springboot3.3.5 集成elasticsearch8.12.2 ssl 通过 SSL bundle name 来实现
网络·elasticsearch·ssl·springboot3
Elasticsearch4 小时前
Elasticsearch:智能搜索的 MCP
elasticsearch
Dxy12393102165 小时前
Docker常用命令详解
docker·容器·eureka
清寒敲代码5 小时前
k8s核心技术-Helm
运维·容器·kubernetes
魏 无羡5 小时前
k8s 获取真实ip地址
tcp/ip·容器·kubernetes
人工智能训练师5 小时前
在Ubuntu中如何使用PM2来运行一个编译好的Vue项目
linux·运维·服务器·vue.js·ubuntu·容器
阿小木的愤怒6 小时前
详细解读Docker
docker·容器·容器化·虚拟化技术