侧边栏壁纸
博主头像
WinJay博主等级

博观而约取 厚积而薄发

  • 累计撰写 333 篇文章
  • 累计创建 168 个标签
  • 累计收到 2 条评论

目 录CONTENT

文章目录

Elastic Cloud On K8S ECK

WinJay
2022-11-18 / 0 评论 / 0 点赞 / 20 阅读 / 1,965 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2022-11-18,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

Elastic Cloud On K8S ECK

K8S 部署安装Elastic Cloud 服务

image-20221118174010946

文件信息

image-20220815105323623

安装crds

  • 文件参考官方

安装operator

  • 文件参考官方
kubectl apply -f 002.operator.yaml

image-20220808145815952

image-20220808145740213

查看operator日志

kubectl -n elastic-system logs -f statefulset.apps/elastic-operator

image-20220808145716338

image-20220808145643365

image-20220808145508684

使用ECK部署ES

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: lit
  namespace: elastic-system
spec:
  version: 8.3.3
  image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3 #指定镜像
  auth:
    fileRealm:
    - secretName: kubesphere-elasticsearch-realm-secret # 通过Kubernetes secret添加自定义用户和密码
  http:
    tls:
      selfSignedCertificate:
        disabled: true # 关闭tls
  nodeSets:
  - name: lit 
    count: 3 # 部署集群节点数
    config:
      node.store.allow_mmap: false
    volumeClaimTemplates: # 存储配置
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: alicloud-nas

  • 番外示例

[root@Master 002.ElasticCloud]# cat 003.ElasticSearch-Cluster.sh 
cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: lit-eck
spec:
  version: 8.3.3
  nodeSets:
  - name: default
    count: 3
    config:
      node.store.allow_mmap: false
EOF




[root@Master 002.ElasticCloud]# cat es1.yaml 
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: lit
  namespace: elastic-system
spec:
  version: 8.3.3
  image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3 #指定镜像
  auth:
    fileRealm:
    - secretName: kubesphere-elasticsearch-realm-secret # 通过Kubernetes secret添加自定义用户和密码
  http:
    tls:
      selfSignedCertificate:
        disabled: true # 关闭tls
  nodeSets:
  - name: lit 
    count: 3 # 部署集群节点数
    config:
      node.store.allow_mmap: false
    volumeClaimTemplates: # 存储配置
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
        storageClassName: alicloud-nas

获取yaml文件

#   由已经启动的StatefulSet获取出的yaml文件:
# kubectl get statefulsets.apps -n elastic-system lit-es-lit -o yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  creationTimestamp: "2022-08-10T02:34:08Z"
  generation: 1
  labels:
    common.k8s.elastic.co/template-hash: "2038917924"
    common.k8s.elastic.co/type: elasticsearch
    elasticsearch.k8s.elastic.co/cluster-name: lit
    elasticsearch.k8s.elastic.co/statefulset-name: lit-es-lit
  name: lit-es-lit
  namespace: elastic-system
  ownerReferences:
  - apiVersion: elasticsearch.k8s.elastic.co/v1
    blockOwnerDeletion: true
    controller: true
    kind: Elasticsearch
    name: lit
    uid: 47379a1b-ddcb-4552-9909-0e4253441691
  resourceVersion: "41911788"
  uid: e166e637-d67a-4a97-9aed-02dd0754da38
spec:
  podManagementPolicy: Parallel
  replicas: 3
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      common.k8s.elastic.co/type: elasticsearch
      elasticsearch.k8s.elastic.co/cluster-name: lit
      elasticsearch.k8s.elastic.co/statefulset-name: lit-es-lit
  serviceName: lit-es-lit
  template:
    metadata:
      annotations:
        co.elastic.logs/module: elasticsearch
        elasticsearch.k8s.elastic.co/config-hash: "3117001397"
      creationTimestamp: null
      labels:
        common.k8s.elastic.co/type: elasticsearch
        elasticsearch.k8s.elastic.co/cluster-name: lit
        elasticsearch.k8s.elastic.co/http-scheme: http
        elasticsearch.k8s.elastic.co/node-data: "true"
        elasticsearch.k8s.elastic.co/node-data_cold: "true"
        elasticsearch.k8s.elastic.co/node-data_content: "true"
        elasticsearch.k8s.elastic.co/node-data_frozen: "true"
        elasticsearch.k8s.elastic.co/node-data_hot: "true"
        elasticsearch.k8s.elastic.co/node-data_warm: "true"
        elasticsearch.k8s.elastic.co/node-ingest: "true"
        elasticsearch.k8s.elastic.co/node-master: "true"
        elasticsearch.k8s.elastic.co/node-ml: "true"
        elasticsearch.k8s.elastic.co/node-remote_cluster_client: "true"
        elasticsearch.k8s.elastic.co/node-transform: "true"
        elasticsearch.k8s.elastic.co/node-voting_only: "false"
        elasticsearch.k8s.elastic.co/statefulset-name: lit-es-lit
        elasticsearch.k8s.elastic.co/version: 8.3.3
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchLabels:
                  elasticsearch.k8s.elastic.co/cluster-name: lit
              topologyKey: kubernetes.io/hostname
            weight: 100
      automountServiceAccountToken: false
      containers:
      - env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.podIP
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: PROBE_PASSWORD_PATH
          value: /mnt/elastic-internal/probe-user/elastic-internal-probe
        - name: PROBE_USERNAME
          value: elastic-internal-probe
        - name: READINESS_PROBE_PROTOCOL
          value: http
        - name: HEADLESS_SERVICE_NAME
          value: lit-es-lit
        - name: NSS_SDB_USE_CACHE
          value: "no"
        image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - bash
              - -c
              - /mnt/elastic-internal/scripts/pre-stop-hook-script.sh
        name: elasticsearch
        ports:
        - containerPort: 9200
          name: http
          protocol: TCP
        - containerPort: 9300
          name: transport
          protocol: TCP
        readinessProbe:
          exec:
            command:
            - bash
            - -c
            - /mnt/elastic-internal/scripts/readiness-probe-script.sh
          failureThreshold: 3
          initialDelaySeconds: 10
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          limits:
            memory: 2Gi
          requests:
            memory: 2Gi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /mnt/elastic-internal/downward-api
          name: downward-api
          readOnly: true
        - mountPath: /usr/share/elasticsearch/bin
          name: elastic-internal-elasticsearch-bin-local
        - mountPath: /mnt/elastic-internal/elasticsearch-config
          name: elastic-internal-elasticsearch-config
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config
          name: elastic-internal-elasticsearch-config-local
        - mountPath: /usr/share/elasticsearch/plugins
          name: elastic-internal-elasticsearch-plugins-local
        - mountPath: /usr/share/elasticsearch/config/http-certs
          name: elastic-internal-http-certificates
          readOnly: true
        - mountPath: /mnt/elastic-internal/probe-user
          name: elastic-internal-probe-user
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config/transport-remote-certs/
          name: elastic-internal-remote-certificate-authorities
          readOnly: true
        - mountPath: /mnt/elastic-internal/scripts
          name: elastic-internal-scripts
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config/transport-certs
          name: elastic-internal-transport-certificates
          readOnly: true
        - mountPath: /mnt/elastic-internal/unicast-hosts
          name: elastic-internal-unicast-hosts
          readOnly: true
        - mountPath: /mnt/elastic-internal/xpack-file-realm
          name: elastic-internal-xpack-file-realm
          readOnly: true
        - mountPath: /usr/share/elasticsearch/data
          name: elasticsearch-data
        - mountPath: /usr/share/elasticsearch/logs
          name: elasticsearch-logs
      dnsPolicy: ClusterFirst
      initContainers:
      - command:
        - bash
        - -c
        - /mnt/elastic-internal/scripts/prepare-fs.sh
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.podIP
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: HEADLESS_SERVICE_NAME
          value: lit-es-lit
        image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
        imagePullPolicy: IfNotPresent
        name: elastic-internal-init-filesystem
        resources:
          limits:
            cpu: 100m
            memory: 50Mi
          requests:
            cpu: 100m
            memory: 50Mi
        securityContext:
          privileged: false
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /mnt/elastic-internal/downward-api
          name: downward-api
          readOnly: true
        - mountPath: /mnt/elastic-internal/elasticsearch-bin-local
          name: elastic-internal-elasticsearch-bin-local
        - mountPath: /mnt/elastic-internal/elasticsearch-config
          name: elastic-internal-elasticsearch-config
          readOnly: true
        - mountPath: /mnt/elastic-internal/elasticsearch-config-local
          name: elastic-internal-elasticsearch-config-local
        - mountPath: /mnt/elastic-internal/elasticsearch-plugins-local
          name: elastic-internal-elasticsearch-plugins-local
        - mountPath: /usr/share/elasticsearch/config/http-certs
          name: elastic-internal-http-certificates
          readOnly: true
        - mountPath: /mnt/elastic-internal/probe-user
          name: elastic-internal-probe-user
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config/transport-remote-certs/
          name: elastic-internal-remote-certificate-authorities
          readOnly: true
        - mountPath: /mnt/elastic-internal/scripts
          name: elastic-internal-scripts
          readOnly: true
        - mountPath: /mnt/elastic-internal/transport-certificates
          name: elastic-internal-transport-certificates
          readOnly: true
        - mountPath: /mnt/elastic-internal/unicast-hosts
          name: elastic-internal-unicast-hosts
          readOnly: true
        - mountPath: /mnt/elastic-internal/xpack-file-realm
          name: elastic-internal-xpack-file-realm
          readOnly: true
        - mountPath: /usr/share/elasticsearch/data
          name: elasticsearch-data
        - mountPath: /usr/share/elasticsearch/logs
          name: elasticsearch-logs
      - command:
        - bash
        - -c
        - /mnt/elastic-internal/scripts/suspend.sh
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.podIP
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: HEADLESS_SERVICE_NAME
          value: lit-es-lit
        image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
        imagePullPolicy: IfNotPresent
        name: elastic-internal-suspend
        resources:
          limits:
            memory: 2Gi
          requests:
            memory: 2Gi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /mnt/elastic-internal/downward-api
          name: downward-api
          readOnly: true
        - mountPath: /usr/share/elasticsearch/bin
          name: elastic-internal-elasticsearch-bin-local
        - mountPath: /mnt/elastic-internal/elasticsearch-config
          name: elastic-internal-elasticsearch-config
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config
          name: elastic-internal-elasticsearch-config-local
        - mountPath: /usr/share/elasticsearch/plugins
          name: elastic-internal-elasticsearch-plugins-local
        - mountPath: /usr/share/elasticsearch/config/http-certs
          name: elastic-internal-http-certificates
          readOnly: true
        - mountPath: /mnt/elastic-internal/probe-user
          name: elastic-internal-probe-user
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config/transport-remote-certs/
          name: elastic-internal-remote-certificate-authorities
          readOnly: true
        - mountPath: /mnt/elastic-internal/scripts
          name: elastic-internal-scripts
          readOnly: true
        - mountPath: /usr/share/elasticsearch/config/transport-certs
          name: elastic-internal-transport-certificates
          readOnly: true
        - mountPath: /mnt/elastic-internal/unicast-hosts
          name: elastic-internal-unicast-hosts
          readOnly: true
        - mountPath: /mnt/elastic-internal/xpack-file-realm
          name: elastic-internal-xpack-file-realm
          readOnly: true
        - mountPath: /usr/share/elasticsearch/data
          name: elasticsearch-data
        - mountPath: /usr/share/elasticsearch/logs
          name: elasticsearch-logs
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext:
        fsGroup: 1000
      terminationGracePeriodSeconds: 180
      volumes:
      - downwardAPI:
          defaultMode: 420
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.labels
            path: labels
        name: downward-api
      - emptyDir: {}
        name: elastic-internal-elasticsearch-bin-local
      - name: elastic-internal-elasticsearch-config
        secret:
          defaultMode: 420
          optional: false
          secretName: lit-es-lit-es-config
      - emptyDir: {}
        name: elastic-internal-elasticsearch-config-local
      - emptyDir: {}
        name: elastic-internal-elasticsearch-plugins-local
      - name: elastic-internal-http-certificates
        secret:
          defaultMode: 420
          optional: false
          secretName: lit-es-http-certs-internal
      - name: elastic-internal-probe-user
        secret:
          defaultMode: 420
          items:
          - key: elastic-internal-probe
            path: elastic-internal-probe
          optional: false
          secretName: lit-es-internal-users
      - name: elastic-internal-remote-certificate-authorities
        secret:
          defaultMode: 420
          optional: false
          secretName: lit-es-remote-ca
      - configMap:
          defaultMode: 493
          name: lit-es-scripts
          optional: false
        name: elastic-internal-scripts
      - name: elastic-internal-transport-certificates
        secret:
          defaultMode: 420
          optional: false
          secretName: lit-es-lit-es-transport-certs
      - configMap:
          defaultMode: 420
          name: lit-es-unicast-hosts
          optional: false
        name: elastic-internal-unicast-hosts
      - name: elastic-internal-xpack-file-realm
        secret:
          defaultMode: 420
          optional: false
          secretName: lit-es-xpack-file-realm
      - name: elasticsearch-data
        persistentVolumeClaim:
          claimName: claim-name-placeholder
      - emptyDir: {}
        name: elasticsearch-logs
  updateStrategy:
    type: OnDelete
  volumeClaimTemplates:
  - apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      creationTimestamp: null
      name: elasticsearch-data
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 10Gi
      storageClassName: alicloud-nas
      volumeMode: Filesystem
    status:
      phase: Pending
status:
  availableReplicas: 3
  collisionCount: 0
  currentReplicas: 3
  currentRevision: lit-es-lit-6cb8c57d56
  observedGeneration: 1
  readyReplicas: 3
  replicas: 3
  updateRevision: lit-es-lit-6cb8c57d56
  updatedReplicas: 3

查看集群密码

#集群默认用户名:elastic
# 查看集群密码:

[root@Master 002.ElasticCloud]# kubectl get secret lit-es-elastic-user -o go-template='{{.data.elastic | base64decode}}' -n elastic-system
Vh***M2***qL5****0o******WK2*****3

测试访问失败

curl -u “elastic:VhM2qL5YN0J0o4sWWK21B443” -k “http://lit-es-internal-http.elastic-system.svc:9200”

image-20220810104342785

查看部署信息

kubectl get elasticsearches.elasticsearch.k8s.elastic.co -n elastic-system

image-20220810104358897

查看当前 NS下所有资源

kubectl get all -n elastic-system

image-20220810104440338

创建Ingress

# 创建Ingress
[root@Master 002.ElasticCloud]# cat ingress-es.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: elastic-system
  name: es-ingress
spec:
  defaultBackend:
    service:
      name: es
      port:
        number: 80
  ingressClassName: nginx
  rules:
  - host: es.litsoft.com.cn
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: lit-es-http
            port:
              number: 9200

image-20220810104613043

创建PVC

# 新建PVC

[root@Master 002.ElasticCloud]# cat pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  creationTimestamp: null
  name: elasticsearch-data
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: alicloud-nas

0

评论区