创建网站目录权限,网站的维护,行政单位网站信息建设政策,查注册公司什么网站其实一般es要跑3个节点的#xff0c;这样才能做高可用#xff0c;处理并发大#xff0c;但是我这里只是一个pod
mkdir -p /stroe/data/es
es搭建#xff1a; #【拉取镜像】 #docker pull elasticsearch:6.8.7 #docker pull busybox:1.28 【导入镜像】 docker load -i es.…其实一般es要跑3个节点的这样才能做高可用处理并发大但是我这里只是一个pod
mkdir -p /stroe/data/es
es搭建 #【拉取镜像】 #docker pull elasticsearch:6.8.7 #docker pull busybox:1.28 【导入镜像】 docker load -i es.tar 【创建命名空间】 kubectl create ns middle-ware 【创建es的资源】
vim test-es.yaml
---
# ConfigMap for Elasticsearch configuration
apiVersion: v1
kind: ConfigMap
metadata:name: es-confignamespace: middle-ware
data:elasticsearch.yml: |cluster.name: my-es-clusternode.name: ${HOSTNAME}network.host: 0.0.0.0discovery.type: single-nodepath.data: /usr/share/elasticsearch/datapath.logs: /usr/share/elasticsearch/logsbootstrap.memory_lock: falsehttp.port: 9200transport.port: 9300jvm.options: |-Xms512m-Xmx512m-XX:UseG1GC-XX:G1HeapRegionSize4m-XX:MaxGCPauseMillis50-XX:PrintGCDetails-XX:HeapDumpOnOutOfMemoryError-Xlog:gc*:file/usr/share/elasticsearch/logs/gc.log:utctime,pid,tags:filecount32,filesize64m---
# PersistentVolume (使用 hostPath 本地存储)
apiVersion: v1
kind: PersistentVolume
metadata:name: es-pv
spec:capacity:storage: 1GivolumeMode: FilesystemaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: manualhostPath:path: /data/elasticsearchtype: DirectoryOrCreate---
# PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: es-pvcnamespace: middle-ware
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 1Gi---
# StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:name: elasticsearchnamespace: middle-ware
spec:serviceName: elasticsearchreplicas: 1selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:tolerations: #放在主节点上需要配置污点容忍- key: node-role.kubernetes.io/control-planeoperator: Existseffect: NoScheduleinitContainers:- name: volume-permissionsimage: busybox:1.28command: [sh, -c, chown -R 1000:0 /usr/share/elasticsearch/data /usr/share/elasticsearch/logs]volumeMounts:- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logscontainers:- name: elasticsearchimage: elasticsearch:6.8.7imagePullPolicy: IfNotPresentenv:- name: ES_JAVA_OPTSvalue: -Xms512m -Xmx512m- name: discovery.typevalue: single-node- name: TAKE_FILE_OWNERSHIPvalue: trueports:- containerPort: 9200name: http- containerPort: 9300name: transportvolumeMounts:- name: es-configmountPath: /usr/share/elasticsearch/config/elasticsearch.ymlsubPath: elasticsearch.yml- name: es-configmountPath: /usr/share/elasticsearch/config/jvm.optionssubPath: jvm.options- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logs- name: es-storagemountPath: /usr/share/elasticsearch/pluginssubPath: pluginsvolumes:- name: es-configconfigMap:name: es-configdefaultMode: 0644- name: es-storagepersistentVolumeClaim:claimName: es-pvc---
# Service
apiVersion: v1
kind: Service
metadata:name: elasticsearchnamespace: middle-ware
spec:selector:app: elasticsearchports:- port: 9200name: httptargetPort: 9200- port: 9300name: transporttargetPort: 9300type: NodePort vim es.yml 【这个是无https的先跑起来生成证书放到宿主机】
---
# ConfigMap for Elasticsearch configuration
apiVersion: v1
kind: ConfigMap
metadata:name: es-confignamespace: middle-ware-rp
data:elasticsearch.yml: |cluster.name: my-es-clusternode.name: ${HOSTNAME}network.host: 0.0.0.0discovery.type: single-nodepath.data: /usr/share/elasticsearch/datapath.logs: /usr/share/elasticsearch/logsbootstrap.memory_lock: falsehttp.port: 9200transport.port: 9300xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.http.ssl.enabled: false # 先禁用 HTTP SSL 简化配置jvm.options: |-Xms1G-Xmx2G-XX:UseG1GC-XX:G1HeapRegionSize4m-XX:MaxGCPauseMillis50-XX:PrintGCDetails-XX:HeapDumpOnOutOfMemoryError-Xlog:gc*:file/usr/share/elasticsearch/logs/gc.log:utctime,pid,tags:filecount32,filesize64m---
# PersistentVolume (使用 hostPath 本地存储)
apiVersion: v1
kind: PersistentVolume
metadata:name: es-pv
spec:capacity:storage: 5GivolumeMode: FilesystemaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: manualhostPath:path: /store/data/estype: DirectoryOrCreate---
# PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: es-pvcnamespace: middle-ware-rp
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 5Gi---
# StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:name: elasticsearchnamespace: middle-ware-rp
spec:serviceName: elasticsearchreplicas: 1selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:tolerations: #放在主节点上需要配置污点容忍- key: node-role.kubernetes.io/control-planeoperator: Existseffect: NoSchedulenodeName: node2initContainers:- name: volume-permissionsimage: busybox:1.28command: [sh, -c, chown -R 1000:0 /usr/share/elasticsearch/data /usr/share/elasticsearch/logs]volumeMounts:- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logscontainers:- name: elasticsearchimage: elasticsearch:6.8.7imagePullPolicy: IfNotPresentenv:- name: ES_JAVA_OPTSvalue: -Xms1G -Xmx2G- name: discovery.typevalue: single-node- name: TAKE_FILE_OWNERSHIPvalue: trueports:- containerPort: 9200name: http- containerPort: 9300name: transportvolumeMounts:- name: es-configmountPath: /usr/share/elasticsearch/config/elasticsearch.ymlsubPath: elasticsearch.yml- name: es-configmountPath: /usr/share/elasticsearch/config/jvm.optionssubPath: jvm.options- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logs- name: es-storagemountPath: /usr/share/elasticsearch/pluginssubPath: pluginsvolumes:- name: es-configconfigMap:name: es-configdefaultMode: 0644- name: es-storagepersistentVolumeClaim:claimName: es-pvc---
# Service
apiVersion: v1
kind: Service
metadata:name: elasticsearchnamespace: middle-ware-rp
spec:selector:app: elasticsearchports:- port: 9200name: httptargetPort: 9200nodePort: 30001- port: 9300name: transporttargetPort: 9300nodePort: 30002type: NodePort【es1.yamlhttps的url优化】 证书生成的方式 kubectl exec -it elasticsearch-0 -n middle-ware -- /bin/bash ./bin/elasticsearch-certutil ca #回车回车生成证书 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 #回车回车生成证书
#拷贝到宿主机这个ca证书就是开启es的https用来连接 证书认证首先让你的es跑起来然后在配置中应用es1.yaml优化配置文件elasticsearch.yml: |cluster.name: my-es-clusternode.name: ${HOSTNAME}network.host: 0.0.0.0discovery.type: single-nodepath.data: /usr/share/elasticsearch/datapath.logs: /usr/share/elasticsearch/logsbootstrap.memory_lock: falsehttp.port: 9200transport.port: 9300xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.http.ssl.enabled: false # false先禁用 HTTP SSL 简化配置无证书有证书再更改为true再加入下面配置#有了证书之后加入一下配置并且开启httpssl认证xpack.security.transport.ssl.keystore.type: PKCS12xpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.type: PKCS12xpack.security.audit.enabled: truexpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12#证书生成后应用ess1.yaml文件并且先生成secret资源
ls
[root150m01 ~/kind]# ll
-rw-r--r-- 1 root root 3443 4月 25 09:32 elastic-certificates.p12
-rw-r--r-- 1 root root 2527 4月 25 09:33 elastic-stack-ca.p12
#生成secret资源
kubectl -n middle-ware create secret generic es-cert --from-fileelastic-certificates.p12#引用secret资源主要增加
sts.es.spec.template.spec.containers.volumeMounts- name: es-certmountPath: /usr/share/elasticsearch/config/elastic-certificates.p12subPath: elastic-certificates.p12sts.es.spec.template.spec.volumes- name: es-certsecret:secretName: es-certitems:- key: elastic-certificates.p12path: elastic-certificates.p12#证书与ess.yaml文件同级
[root150m01 ~/kind]# ll
-rw-r--r-- 1 root root 3443 4月 25 09:32 elastic-certificates.p12
-rw-r--r-- 1 root root 2527 4月 25 09:33 elastic-stack-ca.p12
-rw-r--r-- 1 root root 4751 4月 25 09:35 ess.yaml
-rw-r--r-- 1 root root 4348 4月 24 18:07 ess.yaml.0#上传ess1.yaml文件然后应用
kubectl apply -f es1.yaml 【设置密码】 【创建多个账户】 kubectl exec -it elasticsearch-0 -n middle-ware -- bin/elasticsearch-setup-passwords interactive Y 均为---密码esx1x.8A Enter password for [elastic用户名首次密码]: Reenter password for [elastic用户名确认密码]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]:
【仅创建一个admin用户】 kubectl exec -it elasticsearch-0 -n middle-ware-sy -- /bin/bash bin/elasticsearch-users useradd admin -p qqq -r superuser
【测试】 curl -u admin:qqq -X GET http://10.10.10.150:32071/_cluster/health?pretty
【部署报错】
有可能是因为你之前部署过espv和pvc可能没删除干净有残留需要删除干净pv和pvc kibana
无状态服务展示数据注意修改secret的账密即可kibana的登陆页面账密也是es的账密
cat kibana.yml
---
apiVersion: v1
kind: Secret
metadata:name: kibana-secretnamespace: middle-ware-rp
type: Opaque
data:username: YWRtaW4password: VllyTWs5b0Y
---
apiVersion: v1
kind: PersistentVolume
metadata:name: kibana-pv
spec:capacity:storage: 5GivolumeMode: FilesystemaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: manualhostPath:path: /store/data/kibanatype: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: kibana-pvcnamespace: middle-ware-rp
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 5Gi
---
apiVersion: v1
kind: ConfigMap
metadata:name: kibana-confignamespace: middle-ware-rp
data:kibana.yml: |server.host: 0.0.0.0elasticsearch.hosts: [http://10.10.10.133:30001]xpack.security.enabled: true
---
apiVersion: apps/v1
kind: Deployment
metadata:name: kibananamespace: middle-ware-rp
spec:replicas: 1selector:matchLabels:app: kibanatemplate:metadata:labels:app: kibanaspec:containers:- name: kibanaimage: docker.elastic.co/kibana/kibana:6.8.7ports:- containerPort: 5601name: httpenv:#- name: ELASTICSEARCH_URL# value: http://elasticsearch:9200- name: ELASTICSEARCH_USERNAMEvalueFrom:secretKeyRef:name: kibana-secretkey: username- name: ELASTICSEARCH_PASSWORDvalueFrom:secretKeyRef:name: kibana-secretkey: passwordvolumeMounts:- name: kibana-configmountPath: /usr/share/kibana/config/kibana.ymlsubPath: kibana.ymlvolumes:- name: kibana-configconfigMap:name: kibana-configdefaultMode: 0644
---
apiVersion: v1
kind: Service
metadata:name: kibananamespace: middle-ware-rp
spec:selector:app: kibanaports:- port: 5601targetPort: 5601name: httpnodePort: 30003type: NodePort
