Elastic Cloud On K8S ECK
K8S 部署安装Elastic Cloud 服务
文件信息
安装crds
- 文件参考官方
安装operator
- 文件参考官方
kubectl apply -f 002.operator.yaml
查看operator日志
kubectl -n elastic-system logs -f statefulset.apps/elastic-operator
使用ECK部署ES
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: lit
namespace: elastic-system
spec:
version: 8.3.3
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3 #指定镜像
auth:
fileRealm:
- secretName: kubesphere-elasticsearch-realm-secret # 通过Kubernetes secret添加自定义用户和密码
http:
tls:
selfSignedCertificate:
disabled: true # 关闭tls
nodeSets:
- name: lit
count: 3 # 部署集群节点数
config:
node.store.allow_mmap: false
volumeClaimTemplates: # 存储配置
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: alicloud-nas
- 番外示例
[root@Master 002.ElasticCloud]# cat 003.ElasticSearch-Cluster.sh
cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: lit-eck
spec:
version: 8.3.3
nodeSets:
- name: default
count: 3
config:
node.store.allow_mmap: false
EOF
[root@Master 002.ElasticCloud]# cat es1.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: lit
namespace: elastic-system
spec:
version: 8.3.3
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3 #指定镜像
auth:
fileRealm:
- secretName: kubesphere-elasticsearch-realm-secret # 通过Kubernetes secret添加自定义用户和密码
http:
tls:
selfSignedCertificate:
disabled: true # 关闭tls
nodeSets:
- name: lit
count: 3 # 部署集群节点数
config:
node.store.allow_mmap: false
volumeClaimTemplates: # 存储配置
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: alicloud-nas
获取yaml文件
# 由已经启动的StatefulSet获取出的yaml文件:
# kubectl get statefulsets.apps -n elastic-system lit-es-lit -o yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
creationTimestamp: "2022-08-10T02:34:08Z"
generation: 1
labels:
common.k8s.elastic.co/template-hash: "2038917924"
common.k8s.elastic.co/type: elasticsearch
elasticsearch.k8s.elastic.co/cluster-name: lit
elasticsearch.k8s.elastic.co/statefulset-name: lit-es-lit
name: lit-es-lit
namespace: elastic-system
ownerReferences:
- apiVersion: elasticsearch.k8s.elastic.co/v1
blockOwnerDeletion: true
controller: true
kind: Elasticsearch
name: lit
uid: 47379a1b-ddcb-4552-9909-0e4253441691
resourceVersion: "41911788"
uid: e166e637-d67a-4a97-9aed-02dd0754da38
spec:
podManagementPolicy: Parallel
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
common.k8s.elastic.co/type: elasticsearch
elasticsearch.k8s.elastic.co/cluster-name: lit
elasticsearch.k8s.elastic.co/statefulset-name: lit-es-lit
serviceName: lit-es-lit
template:
metadata:
annotations:
co.elastic.logs/module: elasticsearch
elasticsearch.k8s.elastic.co/config-hash: "3117001397"
creationTimestamp: null
labels:
common.k8s.elastic.co/type: elasticsearch
elasticsearch.k8s.elastic.co/cluster-name: lit
elasticsearch.k8s.elastic.co/http-scheme: http
elasticsearch.k8s.elastic.co/node-data: "true"
elasticsearch.k8s.elastic.co/node-data_cold: "true"
elasticsearch.k8s.elastic.co/node-data_content: "true"
elasticsearch.k8s.elastic.co/node-data_frozen: "true"
elasticsearch.k8s.elastic.co/node-data_hot: "true"
elasticsearch.k8s.elastic.co/node-data_warm: "true"
elasticsearch.k8s.elastic.co/node-ingest: "true"
elasticsearch.k8s.elastic.co/node-master: "true"
elasticsearch.k8s.elastic.co/node-ml: "true"
elasticsearch.k8s.elastic.co/node-remote_cluster_client: "true"
elasticsearch.k8s.elastic.co/node-transform: "true"
elasticsearch.k8s.elastic.co/node-voting_only: "false"
elasticsearch.k8s.elastic.co/statefulset-name: lit-es-lit
elasticsearch.k8s.elastic.co/version: 8.3.3
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
elasticsearch.k8s.elastic.co/cluster-name: lit
topologyKey: kubernetes.io/hostname
weight: 100
automountServiceAccountToken: false
containers:
- env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: PROBE_PASSWORD_PATH
value: /mnt/elastic-internal/probe-user/elastic-internal-probe
- name: PROBE_USERNAME
value: elastic-internal-probe
- name: READINESS_PROBE_PROTOCOL
value: http
- name: HEADLESS_SERVICE_NAME
value: lit-es-lit
- name: NSS_SDB_USE_CACHE
value: "no"
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- bash
- -c
- /mnt/elastic-internal/scripts/pre-stop-hook-script.sh
name: elasticsearch
ports:
- containerPort: 9200
name: http
protocol: TCP
- containerPort: 9300
name: transport
protocol: TCP
readinessProbe:
exec:
command:
- bash
- -c
- /mnt/elastic-internal/scripts/readiness-probe-script.sh
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
memory: 2Gi
requests:
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mnt/elastic-internal/downward-api
name: downward-api
readOnly: true
- mountPath: /usr/share/elasticsearch/bin
name: elastic-internal-elasticsearch-bin-local
- mountPath: /mnt/elastic-internal/elasticsearch-config
name: elastic-internal-elasticsearch-config
readOnly: true
- mountPath: /usr/share/elasticsearch/config
name: elastic-internal-elasticsearch-config-local
- mountPath: /usr/share/elasticsearch/plugins
name: elastic-internal-elasticsearch-plugins-local
- mountPath: /usr/share/elasticsearch/config/http-certs
name: elastic-internal-http-certificates
readOnly: true
- mountPath: /mnt/elastic-internal/probe-user
name: elastic-internal-probe-user
readOnly: true
- mountPath: /usr/share/elasticsearch/config/transport-remote-certs/
name: elastic-internal-remote-certificate-authorities
readOnly: true
- mountPath: /mnt/elastic-internal/scripts
name: elastic-internal-scripts
readOnly: true
- mountPath: /usr/share/elasticsearch/config/transport-certs
name: elastic-internal-transport-certificates
readOnly: true
- mountPath: /mnt/elastic-internal/unicast-hosts
name: elastic-internal-unicast-hosts
readOnly: true
- mountPath: /mnt/elastic-internal/xpack-file-realm
name: elastic-internal-xpack-file-realm
readOnly: true
- mountPath: /usr/share/elasticsearch/data
name: elasticsearch-data
- mountPath: /usr/share/elasticsearch/logs
name: elasticsearch-logs
dnsPolicy: ClusterFirst
initContainers:
- command:
- bash
- -c
- /mnt/elastic-internal/scripts/prepare-fs.sh
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: HEADLESS_SERVICE_NAME
value: lit-es-lit
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
imagePullPolicy: IfNotPresent
name: elastic-internal-init-filesystem
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
securityContext:
privileged: false
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mnt/elastic-internal/downward-api
name: downward-api
readOnly: true
- mountPath: /mnt/elastic-internal/elasticsearch-bin-local
name: elastic-internal-elasticsearch-bin-local
- mountPath: /mnt/elastic-internal/elasticsearch-config
name: elastic-internal-elasticsearch-config
readOnly: true
- mountPath: /mnt/elastic-internal/elasticsearch-config-local
name: elastic-internal-elasticsearch-config-local
- mountPath: /mnt/elastic-internal/elasticsearch-plugins-local
name: elastic-internal-elasticsearch-plugins-local
- mountPath: /usr/share/elasticsearch/config/http-certs
name: elastic-internal-http-certificates
readOnly: true
- mountPath: /mnt/elastic-internal/probe-user
name: elastic-internal-probe-user
readOnly: true
- mountPath: /usr/share/elasticsearch/config/transport-remote-certs/
name: elastic-internal-remote-certificate-authorities
readOnly: true
- mountPath: /mnt/elastic-internal/scripts
name: elastic-internal-scripts
readOnly: true
- mountPath: /mnt/elastic-internal/transport-certificates
name: elastic-internal-transport-certificates
readOnly: true
- mountPath: /mnt/elastic-internal/unicast-hosts
name: elastic-internal-unicast-hosts
readOnly: true
- mountPath: /mnt/elastic-internal/xpack-file-realm
name: elastic-internal-xpack-file-realm
readOnly: true
- mountPath: /usr/share/elasticsearch/data
name: elasticsearch-data
- mountPath: /usr/share/elasticsearch/logs
name: elasticsearch-logs
- command:
- bash
- -c
- /mnt/elastic-internal/scripts/suspend.sh
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: HEADLESS_SERVICE_NAME
value: lit-es-lit
image: docker.elastic.co/elasticsearch/elasticsearch:8.3.3
imagePullPolicy: IfNotPresent
name: elastic-internal-suspend
resources:
limits:
memory: 2Gi
requests:
memory: 2Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mnt/elastic-internal/downward-api
name: downward-api
readOnly: true
- mountPath: /usr/share/elasticsearch/bin
name: elastic-internal-elasticsearch-bin-local
- mountPath: /mnt/elastic-internal/elasticsearch-config
name: elastic-internal-elasticsearch-config
readOnly: true
- mountPath: /usr/share/elasticsearch/config
name: elastic-internal-elasticsearch-config-local
- mountPath: /usr/share/elasticsearch/plugins
name: elastic-internal-elasticsearch-plugins-local
- mountPath: /usr/share/elasticsearch/config/http-certs
name: elastic-internal-http-certificates
readOnly: true
- mountPath: /mnt/elastic-internal/probe-user
name: elastic-internal-probe-user
readOnly: true
- mountPath: /usr/share/elasticsearch/config/transport-remote-certs/
name: elastic-internal-remote-certificate-authorities
readOnly: true
- mountPath: /mnt/elastic-internal/scripts
name: elastic-internal-scripts
readOnly: true
- mountPath: /usr/share/elasticsearch/config/transport-certs
name: elastic-internal-transport-certificates
readOnly: true
- mountPath: /mnt/elastic-internal/unicast-hosts
name: elastic-internal-unicast-hosts
readOnly: true
- mountPath: /mnt/elastic-internal/xpack-file-realm
name: elastic-internal-xpack-file-realm
readOnly: true
- mountPath: /usr/share/elasticsearch/data
name: elasticsearch-data
- mountPath: /usr/share/elasticsearch/logs
name: elasticsearch-logs
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1000
terminationGracePeriodSeconds: 180
volumes:
- downwardAPI:
defaultMode: 420
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.labels
path: labels
name: downward-api
- emptyDir: {}
name: elastic-internal-elasticsearch-bin-local
- name: elastic-internal-elasticsearch-config
secret:
defaultMode: 420
optional: false
secretName: lit-es-lit-es-config
- emptyDir: {}
name: elastic-internal-elasticsearch-config-local
- emptyDir: {}
name: elastic-internal-elasticsearch-plugins-local
- name: elastic-internal-http-certificates
secret:
defaultMode: 420
optional: false
secretName: lit-es-http-certs-internal
- name: elastic-internal-probe-user
secret:
defaultMode: 420
items:
- key: elastic-internal-probe
path: elastic-internal-probe
optional: false
secretName: lit-es-internal-users
- name: elastic-internal-remote-certificate-authorities
secret:
defaultMode: 420
optional: false
secretName: lit-es-remote-ca
- configMap:
defaultMode: 493
name: lit-es-scripts
optional: false
name: elastic-internal-scripts
- name: elastic-internal-transport-certificates
secret:
defaultMode: 420
optional: false
secretName: lit-es-lit-es-transport-certs
- configMap:
defaultMode: 420
name: lit-es-unicast-hosts
optional: false
name: elastic-internal-unicast-hosts
- name: elastic-internal-xpack-file-realm
secret:
defaultMode: 420
optional: false
secretName: lit-es-xpack-file-realm
- name: elasticsearch-data
persistentVolumeClaim:
claimName: claim-name-placeholder
- emptyDir: {}
name: elasticsearch-logs
updateStrategy:
type: OnDelete
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: alicloud-nas
volumeMode: Filesystem
status:
phase: Pending
status:
availableReplicas: 3
collisionCount: 0
currentReplicas: 3
currentRevision: lit-es-lit-6cb8c57d56
observedGeneration: 1
readyReplicas: 3
replicas: 3
updateRevision: lit-es-lit-6cb8c57d56
updatedReplicas: 3
查看集群密码
#集群默认用户名:elastic
# 查看集群密码:
[root@Master 002.ElasticCloud]# kubectl get secret lit-es-elastic-user -o go-template='{{.data.elastic | base64decode}}' -n elastic-system
Vh***M2***qL5****0o******WK2*****3
测试访问失败
curl -u “elastic:VhM2qL5YN0J0o4sWWK21B443” -k “http://lit-es-internal-http.elastic-system.svc:9200”
查看部署信息
kubectl get elasticsearches.elasticsearch.k8s.elastic.co -n elastic-system
查看当前 NS下所有资源
kubectl get all -n elastic-system
创建Ingress
# 创建Ingress
[root@Master 002.ElasticCloud]# cat ingress-es.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: elastic-system
name: es-ingress
spec:
defaultBackend:
service:
name: es
port:
number: 80
ingressClassName: nginx
rules:
- host: es.litsoft.com.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: lit-es-http
port:
number: 9200
创建PVC
# 新建PVC
[root@Master 002.ElasticCloud]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: alicloud-nas
评论区