爱喝兽奶帝天荒

这个屌丝很懒，什么也没留下！

热门标签

Kubernetes1.23搭建Elasticsearch7集群（集群加密）_kubernetes部署单机elasticsearch7.16.2

作者：爱喝兽奶帝天荒 | 2024-07-01 08:59:53

踩

kubernetes部署单机elasticsearch7.16.2

一、环境版本

Kubernetes1.23.1
Elasticsearch7.16.2
Kuboard3.3.0
Kibana7.16.2
Harbor2.4.2

1.知识点分析：
Kubernetes是Google开源的一个容器编排引擎，它支持自动化部署、大规模可伸缩、应用容器化管理。在生产环境中部署一个应用程序时，通常要部署该应用的多个实例以便对应用请求进行负载均衡。
Elasticsearch 是一个分布式、高扩展、高实时的搜索与数据分析引擎。它能很方便的使大量数据具有搜索、分析和探索的能力。充分利用Elasticsearch的水平伸缩性，能使数据在生产环境变得更有价值。
Kuboard，是一款免费的 Kubernetes 图形化管理工具，Kuboard 力图帮助用户快速在 Kubernetes 上落地微服务。
Kibana 是一款开源的数据分析和可视化平台，设计用于和 Elasticsearch 协作。可以使用 Kibana 对 Elasticsearch 索引中的数据进行搜索、查看、交互操作。您可以很方便的利用图表、表格及地图对数据进行多元化的分析和呈现。
Harbor是一个企业级私有 Registry 服务器，Harbor 提供了更好的性能和安全。提升用户使用 Registry 构建和运行环境传输镜像的效率。Harbor 支持安装在多个 Registry 节点的镜像资源复制，镜像全部保存在私有 Registry 中，确保数据和知识产权在公司内部网络中管控。另外，Harbor 也提供了高级的安全特性，诸如用户管理，访问控制和活动审计等。

2.服务分布：

IP	角色	主机名	pod
10.111.13.2	master	master-1	es-master、es-data、es-client
10.111.13.4	master	master-2	es-master、es-data、es-client
10.111.13.14	master	master-3	es-master、es-data、es-client、kibana
10.111.13.5	node	node-1	es-data、
10.111.13.41	node	node-5	es-data、

(主机节点选择无要求，随意挑选5个节点给大家演示的)

二、部署kuboard

文章没写部署的参考之前文章即可：
【Kubernetes+Harbor部署参考】

1.部署kuboard 添加k8s集群
（没有镜像的小伙伴直接拉取docker pull swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3）

docker load --input kuboard-v3.tar    //因离线部署所以需要导入
#启动kuboard容器
docker run -d \
  --restart=unless-stopped \
  --name=kuboard \
  -p 8081:80/tcp \
  -p 30081:10081/tcp \
  -e KUBOARD_ENDPOINT="http://10.111.13.2:8081" \
  -e KUBOARD_AGENT_SERVER_TCP_PORT="30081" \
  -v /srv/docker/kuboard:/data \
  swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3
1
2
3
4
5
6
7
8
9
10
11

访问地址：http://主机ip:8081/
用户：admin
密码：Kuboard123

2.添加k8s集群：
在这里插入图片描述

之后按照提示操作添加即可！

三、部署Elasticsearch7.16.2集群

1.创建StorageClass
（采用本地持久化存储部署）

[root@master-1 es]# cat 00-sc.yaml 
kind: StorageClass				#类别
apiVersion: storage.k8s.io/v1
metadata:
  name: local-storage			#存储类名字
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
[root@master-1 es]# kubectl apply -f  00-sc.yaml 
1
2
3
4
5
6
7
8

在kuboard上查看：
在这里插入图片描述
2.创建Namespace

[root@master-1 es]# cat 00-ns.yaml 
apiVersion: v1
kind: Namespace			#类别
metadata:
  name: elasticsearch	#名称空间名字
  labels:
    app: elasticsearch
[root@master-1 es]# kubectl apply -f 00-ns.yaml 
1
2
3
4
5
6
7
8

在这里插入图片描述
3.创建证书
（没有镜像的小伙伴直接拉取 docker pull docker.elastic.co/elasticsearch/elasticsearch:7.16.2)

#利用docker容器创建证书并拷贝到当前目录
[root@master-1 es]# docker run --name es-certutil -i -w /tmp docker.elastic.co/elasticsearch/elasticsearch:7.16.2 /bin/sh -c  \
    "elasticsearch-certutil ca --out /tmp/es-ca.p12 --pass '' && \
    elasticsearch-certutil cert --name security-master --dns \
    security-master --ca /tmp/es-ca.p12 --pass '' --ca-pass '' --out /tmp/elastic-certificates.p12"
[root@master-1 es]# docker cp es-certutil:/tmp/elastic-certificates.p12 ./
1
2
3
4
5
6

在这里插入图片描述
将证书创建到k8s集群里：

[root@master-1 es]# kubectl -n elasticsearch create secret generic elastic-certificates --from-file=./elastic-certificates.p12
1

查看证书：
在这里插入图片描述
4.创建3个Master节点的PV卷

[root@master-1 es]# cat 00-pv-master.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-pv-0     # pv名称
  namespace: elasticsearch      # 空间名称
  labels:
    name: local-storage-pv-0    # 标签名
spec:
  capacity:
    storage: 100Gi              # 容量
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain    # 回收策略
  storageClassName: local-storage          # 关联的存储类
  local:
    path: /srv/esdata          # 宿主机路径。要手动在主机创建访目录
  nodeAffinity:
    required:
      nodeSelectorTerms:        # 节点选择
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-1            # 根据自己节点名称
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-pv-1
  namespace: elasticsearch
  labels:
    name: local-storage-pv-1
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esdata 
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-2
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-pv-2
  namespace: elasticsearch
  labels:
    name: local-storage-pv-2
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esdata 
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-3
[root@master-1 es]# kubectl apply -f 00-pv-master.yaml 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

5.部署Master节点

[root@master-1 es]# cat 01-es-master.yaml 
apiVersion: apps/v1
kind: StatefulSet		#适用于持久化存储集群
metadata:
  namespace: elasticsearch
  name: elasticsearch-master
  labels:
    app: elasticsearch
    role: master	#承担的角色
spec:
  serviceName: elasticsearch-master
  replicas: 3		#负载3
  selector:
    matchLabels:
      app: elasticsearch
      role: master
  template:
    metadata:
      labels:
        app: elasticsearch
        role: master
    spec:
      containers:
        - name: elasticsearch
          image: 10.111.13.4:8080/jsjb/docker.elastic.co/elasticsearch/elasticsearch:7.16.2	 #私有镜像地址
          command: ["bash", "-c", "ulimit -l unlimited && sysctl -w vm.max_map_count=262144 && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data && exec su elasticsearch docker-entrypoint.sh"]
          ports:
            - containerPort: 9200
              name: http
            - containerPort: 9300
              name: transport
          env:
            #- name: discovery.seed_hosts
            #  value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master"
            - name: discovery.seed_hosts	#es集群host（k8s独有的集群命名规则）
              value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master,elasticsearch-data-0.elasticsearch-data,elasticsearch-data-1.elasticsearch-data,elasticsearch-data-2.elasticsearch-data,elasticsearch-data-3.elasticsearch-data,elasticsearch-data-4.elasticsearch-data,elasticsearch-client-0.elasticsearch-client,elasticsearch-client-1.elasticsearch-client,elasticsearch-client-2.elasticsearch-client"
            - name: cluster.initial_master_nodes
              value: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2"
            - name: ES_JAVA_OPTS
              value: -Xms1G -Xmx1G			#限制jvm运行内存
            - name: node.master				#主负责调度
              value: "true"					#特别注意打开对应的角色关闭其他角色
            - name: node.ingest				#负责客户端访问
              value: "false"
            - name: node.data				#负责数据存储
              value: "false"
            - name: cluster.name
              value: "elasticsearch"
            - name: node.name
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: xpack.security.enabled
              value: "true"
            - name: xpack.security.transport.ssl.enabled
              value: "true"
            - name: xpack.monitoring.collection.enabled
              value: "true"
            - name: xpack.security.transport.ssl.verification_mode
              value: "certificate"
            - name: xpack.security.transport.ssl.keystore.path
              value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
            - name: xpack.security.transport.ssl.truststore.path
              value: "/usr/share/elasticsearch/config/elastic-certificates.p12"

          volumeMounts:
           - mountPath: /usr/share/elasticsearch/data
             name: pv-storage-elastic-master	#名字要和volumeClaimTemplates的一致
           - name: elastic-certificates			#刚才创建的证书挂载到pod里
             readOnly: true
             mountPath: "/usr/share/elasticsearch/config/elastic-certificates.p12"
             subPath: elastic-certificates.p12
           - mountPath: /etc/localtime
             name: localtime
          securityContext:
            privileged: true
      volumes:
      - name: elastic-certificates
        secret:
          secretName: elastic-certificates
      - hostPath:
          path: /etc/localtime
        name: localtime

  volumeClaimTemplates:
  - metadata:
      name: pv-storage-elastic-master		#volumeMounts会用到
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "local-storage"		#之前创建的存储类名字
      resources:
        requests:
          storage: 100Gi
[root@master-1 es]# kubectl apply -f 01-es-master.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

回到kuboard查看
在这里插入图片描述

在这里插入图片描述
6.创建Data节点的PV卷

[root@master-1 es]# cat 00-pv-data.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-data-0     # pv名称
  namespace: elasticsearch      # 空间名称
  labels:
    name: local-storage-data-0    # 标签名
spec:
  capacity:
    storage: 100Gi              # 容量
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain    # 回收策略
  storageClassName: local-storage          # 关联的存储类
  local:
    path: /srv/esnode-data         # 宿主机路径。要手动在主机创建访目录
  nodeAffinity:
    required:
      nodeSelectorTerms:        # 节点选择
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-1            # 根据自己节点名称
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-data-1
  namespace: elasticsearch
  labels:
    name: local-storage-data-1
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esnode-data
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-2
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-data-2
  namespace: elasticsearch
  labels:
    name: local-storage-data-2
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esnode-data
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-3
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-data-3
  namespace: elasticsearch
  labels:
    name: local-storage-data-3
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esnode-data
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - node-1
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-data-4
  namespace: elasticsearch
  labels:
    name: local-storage-data-4
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esnode-data
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - node-5
[root@master-1 es]# kubectl apply -f 00-pv-data.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

7.部署Data节点
（配置文件就不解释了，同上pv）

[root@master-1 es]# cat 02-es-data.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  namespace: elasticsearch
  name: elasticsearch-data
  labels:
    app: elasticsearch
    role: data
spec:
  serviceName: elasticsearch-data
  replicas: 5
  selector:
    matchLabels:
      app: elasticsearch
      role: data
  template:
    metadata:
      labels:
        app: elasticsearch
        role: data
    spec:
      containers:
        - name: elasticsearch
          image: 10.111.13.4:8080/jsjb/docker.elastic.co/elasticsearch/elasticsearch:7.16.2
          command: ["bash", "-c", "ulimit -l unlimited && sysctl -w vm.max_map_count=262144 && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data && exec su elasticsearch docker-entrypoint.sh"]
          ports:
            - containerPort: 9200
              name: http
            - containerPort: 9300
              name: transport
          env:
            #- name: discovery.seed_hosts
            #  value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master"
            - name: discovery.seed_hosts
              value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master,elasticsearch-data-0.elasticsearch-data,elasticsearch-data-1.elasticsearch-data,elasticsearch-data-2.elasticsearch-data,elasticsearch-data-3.elasticsearch-data,elasticsearch-data-4.elasticsearch-data,elasticsearch-client-0.elasticsearch-client,elasticsearch-client-1.elasticsearch-client,elasticsearch-client-2.elasticsearch-client"
            - name: cluster.initial_master_nodes
              value: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2"
            - name: ES_JAVA_OPTS
              value: -Xms1G -Xmx1G
            - name: node.master
              value: "false"
            - name: node.ingest
              value: "false"
            - name: node.data
              value: "true"
            - name: cluster.name
              value: "elasticsearch"
            - name: node.name
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: xpack.security.enabled
              value: "true"
            - name: xpack.security.transport.ssl.enabled
              value: "true"
            - name: xpack.monitoring.collection.enabled
              value: "true"
            - name: xpack.security.transport.ssl.verification_mode
              value: "certificate"
            - name: xpack.security.transport.ssl.keystore.path
              value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
            - name: xpack.security.transport.ssl.truststore.path
              value: "/usr/share/elasticsearch/config/elastic-certificates.p12"

          volumeMounts:
           - mountPath: /usr/share/elasticsearch/data
             name: pv-storage-elastic-data
           - name: elastic-certificates
             readOnly: true
             mountPath: "/usr/share/elasticsearch/config/elastic-certificates.p12"
             subPath: elastic-certificates.p12
           - mountPath: /etc/localtime
             name: localtime
          securityContext:
            privileged: true
      volumes:
      - name: elastic-certificates
        secret:
          secretName: elastic-certificates
      - hostPath:
          path: /etc/localtime
        name: localtime

  volumeClaimTemplates:
  - metadata:
      name: pv-storage-elastic-data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "local-storage"
      resources:
        requests:
          storage: 100Gi
[root@master-1 es]# kubectl apply -f 02-es-data.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

在这里插入图片描述

8.创建Client节点的PV卷

[root@master-1 es]# cat 00-pv-client.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-client-0     # pv名称
  namespace: elasticsearch      # 空间名称
  labels:
    name: local-storage-client-0    # 标签名
spec:
  capacity:
    storage: 100Gi              # 容量
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain    # 回收策略
  storageClassName: local-storage          # 关联的存储类
  local:
    path: /srv/esclient-data          # 宿主机路径。要手动在主机创建访目录
  nodeAffinity:
    required:
      nodeSelectorTerms:        # 节点选择
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-1            # 根据自己节点名称
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-client-1
  namespace: elasticsearch
  labels:
    name: local-storage-client-1
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esclient-data 
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-2
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-storage-client-2
  namespace: elasticsearch
  labels:
    name: local-storage-client-2
spec:
  capacity:
    storage: 100Gi
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /srv/esclient-data 
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - master-3
[root@master-1 es]# kubectl apply -f 00-pv-client.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

9.部署Client节点

[root@master-1 es]# cat  02-es-client.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  namespace: elasticsearch
  name: elasticsearch-client
  labels:
    app: elasticsearch
    role: client
spec:
  serviceName: elasticsearch-client
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
      role: client
  template:
    metadata:
      labels:
        app: elasticsearch
        role: client
    spec:
      containers:
        - name: elasticsearch
          image: 10.111.13.4:8080/jsjb/docker.elastic.co/elasticsearch/elasticsearch:7.16.2
          command: ["bash", "-c", "ulimit -l unlimited && sysctl -w vm.max_map_count=262144 && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data && exec su elasticsearch docker-entrypoint.sh"]
          ports:
            - containerPort: 9200
              name: http
            - containerPort: 9300
              name: transport
          env:
            #- name: discovery.seed_hosts
            #  value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master"
            - name: discovery.seed_hosts
              value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master,elasticsearch-data-0.elasticsearch-data,elasticsearch-data-1.elasticsearch-data,elasticsearch-data-2.elasticsearch-data,elasticsearch-data-3.elasticsearch-data,elasticsearch-data-4.elasticsearch-data,elasticsearch-client-0.elasticsearch-client,elasticsearch-client-1.elasticsearch-client,elasticsearch-client-2.elasticsearch-client"
            - name: cluster.initial_master_nodes
              value: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2"
            - name: ES_JAVA_OPTS
              value: -Xms1G -Xmx1G
            - name: node.master
              value: "false"
            - name: node.ingest
              value: "true"
            - name: node.data
              value: "false"
            - name: cluster.name
              value: "elasticsearch"
            - name: node.name
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: xpack.security.enabled
              value: "true"
            - name: xpack.security.transport.ssl.enabled
              value: "true"
            - name: xpack.monitoring.collection.enabled
              value: "true"
            - name: xpack.security.transport.ssl.verification_mode
              value: "certificate"
            - name: xpack.security.transport.ssl.keystore.path
              value: "/usr/share/elasticsearch/config/elastic-certificates.p12"
            - name: xpack.security.transport.ssl.truststore.path
              value: "/usr/share/elasticsearch/config/elastic-certificates.p12"

          volumeMounts:
           - mountPath: /usr/share/elasticsearch/data
             name: pv-storage-elastic-client
           - name: elastic-certificates
             readOnly: true
             mountPath: "/usr/share/elasticsearch/config/elastic-certificates.p12"
             subPath: elastic-certificates.p12
           - mountPath: /etc/localtime
             name: localtime
          securityContext:
            privileged: true
      volumes:
      - name: elastic-certificates
        secret:
          secretName: elastic-certificates
      - hostPath:
          path: /etc/localtime
        name: localtime

  volumeClaimTemplates:
  - metadata:
      name: pv-storage-elastic-client
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "local-storage"
      resources:
        requests:
          storage: 100Gi
[root@master-1 es]# kubectl apply -f 02-es-client.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

在这里插入图片描述

10.创建Service
(用于服务发现使外部服务可以访问使用、固定clusterIP防止重启ip改变无法访问)

[root@master-1 es]# cat 04-es-service.yaml
apiVersion: v1
kind: Service
metadata:
  namespace: elasticsearch
  name: elasticsearch-master
  labels:
    app: elasticsearch
    role: master
spec:
  selector:
    app: elasticsearch
    role: master
  type: NodePort
  ports:
  - port: 9200
    nodePort: 30001
    targetPort: 9200
---
apiVersion: v1
kind: Service
metadata:
  namespace: elasticsearch
  name: elasticsearch-data
  labels:
    app: elasticsearch
    role: data
spec:
  selector:
    app: elasticsearch
    role: data
  type: NodePort
  ports:
  - port: 9200
    nodePort: 30002
    targetPort: 9200
---
apiVersion: v1
kind: Service
metadata:
  namespace: elasticsearch
  name: elasticsearch-client
  labels:
    app: elasticsearch
    role: client
spec:
  selector:
    app: elasticsearch
    role: client
  type: NodePort
  ports:
  - port: 9200
    nodePort: 30003
    targetPort: 9200
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

在这里插入图片描述
11.设置ES集群密码
方法1：随机密码

#设置ES集群密码(如果用的auto自动获取就类似于下面随机)
[root@master-1 es]# kubectl -n elasticsearch exec -it $(kubectl -n elasticsearch get pods | grep elasticsearch-master | sed -n 1p | awk '{print $1}') -- bin/elasticsearch-setup-passwords auto -b

Changed password for user apm_system
PASSWORD apm_system = vxko4ZwcjZm6U6PbxsGW

Changed password for user kibana_system
PASSWORD kibana_system = D0XzzEUsicgAWCqK0xZQ

Changed password for user kibana
PASSWORD kibana = D0XzzEUsicgAWCqK0xZQ

Changed password for user logstash_system
PASSWORD logstash_system = 4fmoXf2lofEqQtcq5wt5

Changed password for user beats_system
PASSWORD beats_system = fhndHgNnbgqtNRSIFbHV

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = vRkXsT9VooPz6tYOAriq

Changed password for user elastic
PASSWORD elastic = H8QfDUlp290CHX8L3U2Q
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

方法2：自定义
通过kuboard进入master-0容器设置自定义密码：
在这里插入图片描述

./bin/elasticsearch-setup-passwords interactive
1

在这里插入图片描述
（回车输入自己自定义密码即可）

集群验证：

curl --user elastic:xxxxx http://10.254.162.248:9200/_cluster/health?pretty
1

在这里插入图片描述

curl --user elastic:xxxx http://10.254.162.248:9200/_cat/nodes?v
1

在这里插入图片描述

四、部署Kibana7.16.2

1.创建Secret

#密码写elastic用户的密码（跟上面创建的要相同）
kubectl -n elasticsearch create secret generic elasticsearch-password --from-literal password=xxxxx
1
2

在这里插入图片描述
2.部署Kibana
部署前打个标签，通过标签将pod部署到指定节点

kubectl label node master-3 node=master-3
1

[root@master-1 es]# cat 05-kibana.yaml
apiVersion: v1
kind: ConfigMap			#配置映射
metadata:
  namespace: elasticsearch
  name: kibana-config	#映射配置名字
  labels:
    app: kibana
data:
  kibana.yml: |-
    server.host: 0.0.0.0
    i18n.locale: zh-CN	#中文支持
    elasticsearch:		#es密码设置
      hosts: ${ELASTICSEARCH_HOSTS}
      username: ${ELASTICSEARCH_USER}
      password: ${ELASTICSEARCH_PASSWORD}
---
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    app: kibana
  name: kibana
  namespace: elasticsearch
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      nodeSelector:				#通过刚才标签下发到指定节点
        node: master-3
      containers:
        - name: kibana
          image: 10.111.13.4:8080/jsjb/kibana/kibana:7.16.2
          ports:
            - containerPort: 5601
              protocol: TCP
          env:
            - name: SERVER_PUBLICBASEURL
              value: "http://0.0.0.0:5601"
            - name: I18N.LOCALE
              value: zh-CN
            - name: ELASTICSEARCH_HOSTS
              value: "http://10.254.162.248:9200"
            - name: ELASTICSEARCH_USER
              value: "elastic"
            - name: ELASTICSEARCH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: elasticsearch-password
                  key: password
            - name: xpack.encryptedSavedObjects.encryptionKey
              value: "min-32-byte-long-strong-encryption-key"

          volumeMounts:
          - name: kibana-config
            mountPath: /usr/share/kibana/config/kibana.yml
            readOnly: true
            subPath: kibana.yml
          - mountPath: /etc/localtime
            name: localtime
      volumes:
      - name: kibana-config	#挂在映射配置
        configMap:
          name: kibana-config	#映射配置的名字
      - hostPath:
          path: /etc/localtime
        name: localtime
---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: kibana
  name: kibana-service
  namespace: elasticsearch
spec:
  ports:
  - port: 5601
    targetPort: 5601
    nodePort: 30004
  type: NodePort
  selector:
    app: kibana
[root@master-1 es]# kubectl apply -f 05-kibana.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

在这里插入图片描述

Kibana上检测集群

五、结束语

到此Kubernetes1.23.1+Elasticsearch7.16.2+Kibana7.16.2部署完毕，部署过程中有疑问的欢迎留言提问，感谢大家一直以来的支持，点点关注收藏吧！后期推出k8s上es集群安装ik分词器教程，欢迎大家来采文呀！

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/爱喝兽奶帝天荒/article/detail/775767