kubernetes集群部署elasticsearch集群，包含无认证和有认证模式

1、背景：

因公司业务需要，需要在测试、生产kubernetes集群中部署elasticsearch集群，因不同环境要求，需要部署不同模式的elasticsearch集群，

1、测试环境因安全性要求不高，是部署一套默认配置；

2、生产环境因安全性要求，是部署一套带认证配置；

2、开发elasticsearch集群，无认证模式：

在kubernetes集群中部署elasticsearch集群，采用的是，有状态服务组件，就是StatefulSet组件。

1. 开发yaml文件内容如下：

# vim elasticsearch.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:name: es7-clusternamespace: sit
spec:serviceName: elasticsearchreplicas: 3selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:containers:- name: elasticsearchimage: 192.20.67.250/public/elasticsearch:7.9.3resources:limits:cpu: 1000mrequests:cpu: 100mports:- containerPort: 9200name: restprotocol: TCP- containerPort: 9300name: inter-nodeprotocol: TCPvolumeMounts:- name: datamountPath: /usr/share/elasticsearch/dataenv:- name: cluster.namevalue: k8s-logs- name: node.namevalueFrom:fieldRef:fieldPath: metadata.name- name: discovery.zen.minimum_master_nodesvalue: "2"- name: discovery.seed_hostsvalue: "es7-cluster-0.elasticsearch,es7-cluster-1.elasticsearch,es7-cluster-2.elasticsearch"- name: cluster.initial_master_nodesvalue: "es7-cluster-0,es7-cluster-1,es7-cluster-2"- name: ES_JAVA_OPTSvalue: "-Xms1g -Xmx1g"initContainers:- name: fix-permissionsimage: 192.20.67.250/public/busybox:latestcommand: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]securityContext:privileged: truevolumeMounts:- name: datamountPath: /usr/share/elasticsearch/data- name: increase-vm-max-mapimage: 192.20.67.250/public/busybox:latestcommand: ["sysctl", "-w", "vm.max_map_count=262144"]securityContext:privileged: true- name: increase-fd-ulimitimage: 192.20.67.250/public/busybox:latestcommand: ["sh", "-c", "ulimit -n 65536"]volumeClaimTemplates:- metadata:name: dataspec:accessModes: [ "ReadWriteOnce" ]storageClassName: "huawei-san"resources:requests:storage: 1Gi

注：

1、这里使用pvc存储，因kubernetes集群有部署了storageclaas组件，所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容，需要根据实际情况修改镜像地址和sc组件的名称。

这里还需要部署一个service组件，用于访问elasticsearch集群。

# vim elasticsearch-svc.yaml

apiVersion: v1
kind: Service
metadata:name: elasticsearchnamespace: sit
spec:selector:app: elasticsearchtype: ClusterIPports:- port: 9200name: es-9200targetPort: 9200- port: 9300name: es-9300targetPort: 9300

2. 创建elasticsearch集群： 

执行生效yaml文件

# kubectl apply -f elasticsearch.yaml

statefulset.apps/elastic-cluster created

# kubectl apply -f elasticsearch-svc.yaml

service/elasticsearch-svc created

3. 查看运行情况：

查看sts组件运行情况：

# kubectl get sts
NAME          READY   AGE
es7-cluster   3/3     5m6s

查看pod运行情况：

# kubectl get pods | grep es7
es7-cluster-0                    1/1     Running   0          5m54s
es7-cluster-1                    1/1     Running   0          4m23s
es7-cluster-2                    1/1     Running   0          3m30s

查看svc情况：

# kubectl get svc | grep ela
elasticsearch   ClusterIP   172.32.151.215   <none>        9200/TCP,9300/TCP   22s

4. 访问elasticsearch服务：

 

3、开发elasticsearch集群，认证模式：

在kubernetes集群中部署elasticsearch集群，采用的是有状态服务组件，就是StatefulSet组件。

1. 开发yaml文件内容如下：

# vim elasticsearch.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:name: elastic-clusternamespace: sitlabels:app: elastic-cluster
spec:serviceName: elastic-svcreplicas: 3selector:matchLabels:app: elastic-clusterkubernetes.io/cluster-service: "true"template:metadata:labels:app: elastic-clusterkubernetes.io/cluster-service: "true"spec:initContainers:- name: fix-permissionsimage: 192.20.67.250/public/busybox:latestimagePullPolicy: IfNotPresentcommand: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]securityContext:privileged: truevolumeMounts:- name: datamountPath: /usr/share/elasticsearch/data- name: localtimereadOnly: truemountPath: /etc/localtime- name: increase-vm-max-mapimage: 192.20.67.250/public/busybox:latestimagePullPolicy: IfNotPresentcommand: ["sysctl", "-w", "vm.max_map_count=262144"]securityContext:privileged: true- name: increase-fd-ulimitimage: 192.20.67.250/public/busybox:latestimagePullPolicy: IfNotPresentcommand: ["sh", "-c", "ulimit -n 65536"]volumes:- name: localtimehostPath:path: /etc/localtimetype: ''containers:- name: elasticsearchimage: 192.20.67.250/public/elasticsearch:7.9.3-p12imagePullPolicy: IfNotPresentports:- containerPort: 9200name: rest-apiprotocol: TCP- containerPort: 9300name: inter-nodeprotocol: TCPvolumeMounts:- name: datamountPath: /usr/share/elasticsearch/data- name: localtimereadOnly: truemountPath: /etc/localtimeenv:- name: node.namevalueFrom:fieldRef:apiVersion: v1fieldPath: metadata.name- name: discovery.zen.minimum_master_nodesvalue: "2"- name: discovery.seed_hostsvalue: "elastic-svc"- name: cluster.initial_master_nodesvalue: "elastic-cluster-0,elastic-cluster-1,elastic-cluster-2"- name: ES_JAVA_OPTSvalue: "-Xms1024m -Xmx1024m"- name: xpack.security.enabledvalue: "true"- name: xpack.security.transport.ssl.enabledvalue: "true"- name: xpack.security.transport.ssl.verification_modevalue: "certificate"- name: xpack.security.transport.ssl.keystore.pathvalue: "elastic-certificates.p12"- name: xpack.security.transport.ssl.truststore.pathvalue: "elastic-certificates.p12"volumeClaimTemplates:   - metadata:name: dataspec:accessModes: [ "ReadWriteOnce" ]storageClassName: "huawei-san"resources:requests:storage: 2Gi

注：

1、这里使用pvc存储，因kubernetes集群有部署了storageclaas组件，所以这里是直接通过storageclass组件的方式创建pvc存储。

2、如果需要引起yaml文件里的内容，需要根据实际情况修改镜像地址和sc组件的名称。

这里还需要部署一个service组件，用于访问elasticsearch集群。

# vim elasticsearch-svc.yaml

apiVersion: v1
kind: Service
metadata:name: elastic-svcnamespace: sitlabels:app: elastic-cluster
spec:selector:app: elastic-clustertype: ClusterIPports:- name: rest-apiport: 9200protocol: TCPtargetPort: 9200- name: inter-nodeport: 9300protocol: TCPtargetPort: 9300

2. 创建elasticsearch集群： 

# kubectl apply -f elasticsearch-svc-p12.yaml 
service/elastic-svc created

# kubectl apply -f elasticsearch-p12.yaml 
statefulset.apps/elastic-cluster created

3. 查看运行情况：

查看sts组件运行情况：

# kubectl get sts
NAME              READY   AGE
elastic-cluster   3/3     4m42s
 

查看pod运行情况：

# kubectl get pods | grep ela
elastic-cluster-0                1/1     Running   0          5m21s
elastic-cluster-1                1/1     Running   0          4m57s
elastic-cluster-2                1/1     Running   0          4m23s

查看svc情况：

# kubectl get svc | grep ela
elastic-svc   ClusterIP   172.45.199.17    <none>        9200/TCP,9300/TCP   5m46s

4.验证elasticsearch服务登入： 

注：这里就提示需要密码登入了。 

密码需要到 elastic-cluster-0容器中执行如下的命令：

注：这是自动生成密码

./bin/elasticsearch-setup-passwords auto

注：这里就能获取到密码了。 

 输入密码之后返回如下的内容：

注：到此kubernetes集群中部署elasticsearch集群的过程就结束了，希望可以帮助到大家。