kubernetes集群部署elasticsearch集群,包含无认证和有认证模式

1、背景:

因公司业务需要,需要在测试、生产kubernetes集群中部署elasticsearch集群,因不同环境要求,需要部署不同模式的elasticsearch集群,

1、测试环境因安全性要求不高,是部署一套默认配置;

2、生产环境因安全性要求,是部署一套带认证配置;

2、开发elasticsearch集群,无认证模式:

在kubernetes集群中部署elasticsearch集群,采用的是,有状态服务组件,就是StatefulSet组件。

1. 开发yaml文件内容如下:

vim elasticsearch.yaml

cpp 复制代码
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es7-cluster
  namespace: sit
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3
        resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: k8s-logs
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.zen.minimum_master_nodes
            value: "2"
          - name: discovery.seed_hosts
            value: "es7-cluster-0.elasticsearch,es7-cluster-1.elasticsearch,es7-cluster-2.elasticsearch"
          - name: cluster.initial_master_nodes
            value: "es7-cluster-0,es7-cluster-1,es7-cluster-2"
          - name: ES_JAVA_OPTS
            value: "-Xms1g -Xmx1g"
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "ulimit -n 65536"]
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 1Gi

注:

1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。

vim elasticsearch-svc.yaml

cpp 复制代码
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: sit
spec:
  selector:
    app: elasticsearch
  type: ClusterIP
  ports:
  - port: 9200
    name: es-9200
    targetPort: 9200
  - port: 9300
    name: es-9300
    targetPort: 9300

2. 创建elasticsearch集群:

执行生效yaml文件

kubectl apply -f elasticsearch.yaml

statefulset.apps/elastic-cluster created

kubectl apply -f elasticsearch-svc.yaml

service/elasticsearch-svc created

3. 查看运行情况:

查看sts组件运行情况:

kubectl get sts

NAME READY AGE

es7-cluster 3/3 5m6s

查看pod运行情况:

kubectl get pods | grep es7

es7-cluster-0 1/1 Running 0 5m54s

es7-cluster-1 1/1 Running 0 4m23s

es7-cluster-2 1/1 Running 0 3m30s

查看svc情况:

kubectl get svc | grep ela

elasticsearch ClusterIP 172.32.151.215 <none> 9200/TCP,9300/TCP 22s

4. 访问elasticsearch服务:

3、开发elasticsearch集群,认证模式:

在kubernetes集群中部署elasticsearch集群,采用的是有状态服务组件,就是StatefulSet组件。

1. 开发yaml文件内容如下:

vim elasticsearch.yaml

cpp 复制代码
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elastic-cluster
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  serviceName: elastic-svc
  replicas: 3
  selector:
    matchLabels:
      app: elastic-cluster
      kubernetes.io/cluster-service: "true"
  template:
    metadata:
      labels:
        app: elastic-cluster
        kubernetes.io/cluster-service: "true"
    spec:
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "ulimit -n 65536"]
      volumes:
      - name: localtime
        hostPath:
          path: /etc/localtime
          type: ''
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3-p12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9200
          name: rest-api
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
        env:
        - name: node.name
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: discovery.zen.minimum_master_nodes
          value: "2"
        - name: discovery.seed_hosts
          value: "elastic-svc"
        - name: cluster.initial_master_nodes
          value: "elastic-cluster-0,elastic-cluster-1,elastic-cluster-2"
        - name: ES_JAVA_OPTS
          value: "-Xms1024m -Xmx1024m"
        - name: xpack.security.enabled
          value: "true"
        - name: xpack.security.transport.ssl.enabled
          value: "true"
        - name: xpack.security.transport.ssl.verification_mode
          value: "certificate"
        - name: xpack.security.transport.ssl.keystore.path
          value: "elastic-certificates.p12"
        - name: xpack.security.transport.ssl.truststore.path
          value: "elastic-certificates.p12"
  volumeClaimTemplates:   
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 2Gi

注:

1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。

vim elasticsearch-svc.yaml

cpp 复制代码
apiVersion: v1
kind: Service
metadata:
  name: elastic-svc
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  selector:
    app: elastic-cluster
  type: ClusterIP
  ports:
  - name: rest-api
    port: 9200
    protocol: TCP
    targetPort: 9200
  - name: inter-node
    port: 9300
    protocol: TCP
    targetPort: 9300

2. 创建elasticsearch集群:

kubectl apply -f elasticsearch-svc-p12.yaml

service/elastic-svc created

kubectl apply -f elasticsearch-p12.yaml

statefulset.apps/elastic-cluster created

3. 查看运行情况:

查看sts组件运行情况:

kubectl get sts

NAME READY AGE

elastic-cluster 3/3 4m42s

查看pod运行情况:

kubectl get pods | grep ela

elastic-cluster-0 1/1 Running 0 5m21s

elastic-cluster-1 1/1 Running 0 4m57s

elastic-cluster-2 1/1 Running 0 4m23s

查看svc情况:

kubectl get svc | grep ela

elastic-svc ClusterIP 172.45.199.17 <none> 9200/TCP,9300/TCP 5m46s

4.验证elasticsearch服务登入:

注:这里就提示需要密码登入了。
密码需要到 elastic-cluster-0容器中执行如下的命令:
注:这是自动生成密码

./bin/elasticsearch-setup-passwords auto

注:这里就能获取到密码了。

输入密码之后返回如下的内容:

注:到此kubernetes集群中部署elasticsearch集群的过程就结束了,希望可以帮助到大家。

相关推荐
java1234_小锋7 小时前
Elasticsearch是如何实现Master选举的?
大数据·elasticsearch·搜索引擎
wuxingge8 小时前
k8s1.30.0高可用集群部署
云原生·容器·kubernetes
志凌海纳SmartX9 小时前
趋势洞察|AI 能否带动裸金属 K8s 强势崛起?
云原生·容器·kubernetes
锅总9 小时前
nacos与k8s service健康检查详解
云原生·容器·kubernetes
BUG弄潮儿9 小时前
k8s 集群安装
云原生·容器·kubernetes
Code_Artist10 小时前
Docker镜像加速解决方案:配置HTTP代理,让Docker学会科学上网!
docker·云原生·容器
颜淡慕潇11 小时前
【K8S系列】kubectl describe pod显示ImagePullBackOff,如何进一步排查?
后端·云原生·容器·kubernetes
Linux运维日记11 小时前
k8s1.31版本最新版本集群使用容器镜像仓库Harbor
linux·docker·云原生·容器·kubernetes
梦幻通灵13 小时前
ES分词环境实战
大数据·elasticsearch·搜索引擎
Elastic 中国社区官方博客13 小时前
Elasticsearch 中的热点以及如何使用 AutoOps 解决它们
大数据·运维·elasticsearch·搜索引擎·全文检索