1、背景:
因公司业务需要,需要在测试、生产kubernetes集群中部署elasticsearch集群,因不同环境要求,需要部署不同模式的elasticsearch集群,
1、测试环境因安全性要求不高,是部署一套默认配置;
2、生产环境因安全性要求,是部署一套带认证配置;
2、开发elasticsearch集群,无认证模式:
在kubernetes集群中部署elasticsearch集群,采用的是,有状态服务组件,就是StatefulSet组件。
1. 开发yaml文件内容如下:
# vim elasticsearch.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es7-cluster
namespace: sit
spec:
serviceName: elasticsearch
replicas: 3
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: 192.20.67.250/public/elasticsearch:7.9.3
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: rest
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: k8s-logs
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.zen.minimum_master_nodes
value: "2"
- name: discovery.seed_hosts
value: "es7-cluster-0.elasticsearch,es7-cluster-1.elasticsearch,es7-cluster-2.elasticsearch"
- name: cluster.initial_master_nodes
value: "es7-cluster-0,es7-cluster-1,es7-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms1g -Xmx1g"
initContainers:
- name: fix-permissions
image: 192.20.67.250/public/busybox:latest
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: increase-vm-max-map
image: 192.20.67.250/public/busybox:latest
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: 192.20.67.250/public/busybox:latest
command: ["sh", "-c", "ulimit -n 65536"]
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "huawei-san"
resources:
requests:
storage: 1Gi
注:
1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。
2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。
# vim elasticsearch-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
namespace: sit
spec:
selector:
app: elasticsearch
type: ClusterIP
ports:
- port: 9200
name: es-9200
targetPort: 9200
- port: 9300
name: es-9300
targetPort: 9300
2. 创建elasticsearch集群:
执行生效yaml文件
# kubectl apply -f elasticsearch.yaml
statefulset.apps/elastic-cluster created
# kubectl apply -f elasticsearch-svc.yaml
service/elasticsearch-svc created
3. 查看运行情况:
查看sts组件运行情况:
# kubectl get sts
NAME READY AGE
es7-cluster 3/3 5m6s查看pod运行情况:
# kubectl get pods | grep es7
es7-cluster-0 1/1 Running 0 5m54s
es7-cluster-1 1/1 Running 0 4m23s
es7-cluster-2 1/1 Running 0 3m30s查看svc情况:
# kubectl get svc | grep ela
elasticsearch ClusterIP 172.32.151.215 <none> 9200/TCP,9300/TCP 22s
4. 访问elasticsearch服务:
3、开发elasticsearch集群,认证模式:
在kubernetes集群中部署elasticsearch集群,采用的是有状态服务组件,就是StatefulSet组件。
1. 开发yaml文件内容如下:
# vim elasticsearch.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elastic-cluster
namespace: sit
labels:
app: elastic-cluster
spec:
serviceName: elastic-svc
replicas: 3
selector:
matchLabels:
app: elastic-cluster
kubernetes.io/cluster-service: "true"
template:
metadata:
labels:
app: elastic-cluster
kubernetes.io/cluster-service: "true"
spec:
initContainers:
- name: fix-permissions
image: 192.20.67.250/public/busybox:latest
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: localtime
readOnly: true
mountPath: /etc/localtime
- name: increase-vm-max-map
image: 192.20.67.250/public/busybox:latest
imagePullPolicy: IfNotPresent
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
- name: increase-fd-ulimit
image: 192.20.67.250/public/busybox:latest
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "ulimit -n 65536"]
volumes:
- name: localtime
hostPath:
path: /etc/localtime
type: ''
containers:
- name: elasticsearch
image: 192.20.67.250/public/elasticsearch:7.9.3-p12
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9200
name: rest-api
protocol: TCP
- containerPort: 9300
name: inter-node
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
- name: localtime
readOnly: true
mountPath: /etc/localtime
env:
- name: node.name
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: discovery.zen.minimum_master_nodes
value: "2"
- name: discovery.seed_hosts
value: "elastic-svc"
- name: cluster.initial_master_nodes
value: "elastic-cluster-0,elastic-cluster-1,elastic-cluster-2"
- name: ES_JAVA_OPTS
value: "-Xms1024m -Xmx1024m"
- name: xpack.security.enabled
value: "true"
- name: xpack.security.transport.ssl.enabled
value: "true"
- name: xpack.security.transport.ssl.verification_mode
value: "certificate"
- name: xpack.security.transport.ssl.keystore.path
value: "elastic-certificates.p12"
- name: xpack.security.transport.ssl.truststore.path
value: "elastic-certificates.p12"
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "huawei-san"
resources:
requests:
storage: 2Gi
注:
1、这里使用pvc存储,因kubernetes集群有部署了storageclaas组件,所以这里是直接通过storageclass组件的方式创建pvc存储。
2、如果需要引起yaml文件里的内容,需要根据实际情况修改镜像地址和sc组件的名称。
这里还需要部署一个service组件,用于访问elasticsearch集群。
# vim elasticsearch-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: elastic-svc
namespace: sit
labels:
app: elastic-cluster
spec:
selector:
app: elastic-cluster
type: ClusterIP
ports:
- name: rest-api
port: 9200
protocol: TCP
targetPort: 9200
- name: inter-node
port: 9300
protocol: TCP
targetPort: 9300
2. 创建elasticsearch集群:
# kubectl apply -f elasticsearch-svc-p12.yaml
service/elastic-svc created# kubectl apply -f elasticsearch-p12.yaml
statefulset.apps/elastic-cluster created
3. 查看运行情况:
查看sts组件运行情况:
# kubectl get sts
NAME READY AGE
elastic-cluster 3/3 4m42s
查看pod运行情况:
# kubectl get pods | grep ela
elastic-cluster-0 1/1 Running 0 5m21s
elastic-cluster-1 1/1 Running 0 4m57s
elastic-cluster-2 1/1 Running 0 4m23s查看svc情况:
# kubectl get svc | grep ela
elastic-svc ClusterIP 172.45.199.17 <none> 9200/TCP,9300/TCP 5m46s
4.验证elasticsearch服务登入:
注:这里就提示需要密码登入了。
密码需要到 elastic-cluster-0容器中执行如下的命令:
注:这是自动生成密码
./bin/elasticsearch-setup-passwords auto
注:这里就能获取到密码了。
输入密码之后返回如下的内容:
注:到此kubernetes集群中部署elasticsearch集群的过程就结束了,希望可以帮助到大家。