在k8s上搭建elasticsearch 服务

k8s搭建高可用elasticsearch集群：eck

cbmljs

3699人浏览 · 2022-04-11 14:18:11

cbmljs · 2022-04-11 14:18:11 发布

Deploy ECK in your Kubernetes cluster

Deploy ECK in your Kubernetes cluster | Elastic Cloud on Kubernetes [2.1] | Elastic

部署 Elastic Stack

部署 Elastic Stack | 凤凰架构

1. 安装ElasticSearch

1.Install custom resource definitions and the operator with its RBAC rules:

kubectl create -f https://download.elastic.co/downloads/eck/1.9.1/crds.yaml
kubectl apply -f https://download.elastic.co/downloads/eck/1.9.1/operator.yaml

2. Monitor the operator logs:

kubectl -n elastic-system logs -f statefulset.apps/elastic-operator

3. 创建eck 集群

cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: quickstart
spec:
  version: 7.17.0
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false
EOF

kubectl -n es get elasticsearch

kubectl logs -f quickstart-es-default-0

5. 获取es 集群访问权限

PASSWORD=$(kubectl -n es get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
echo "$PASSWORD"


# 在k8s集群同命名空间下的pod内
curl -u "elastic:IQ2DEORp61tfd70Goy76710g" -k "https://quickstart-es-http:9200"

2. 安装kibana

cat <<EOF | kubectl apply -f -
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: quickstart
spec:
  version: 7.9.2
  count: 1
  elasticsearchRef:
    name: quickstart
EOF

2. Monitor Kibana health and creation progress.

Similar to Elasticsearch, you can retrieve details about Kibana instances:

kubectl get kibana

3. 配置 ingress 来访问 es 集群

安装 ingress

https://yuque.antfin.com/ke5an3/rgf45y/myuxgq

禁用 TLS

TLS certificates | Elastic Cloud on Kubernetes [master] | Elastic

You can explicitly disable TLS for Kibana, APM Server, Enterprise Search and the HTTP layer of Elasticsearch.

修改 elasticsearch 的yaml 文件，禁用自签名证书

spec:
  http:
    tls:
      selfSignedCertificate:
        disabled: true

es-ingress.yaml 文件

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  generation: 1
  name: es-ingress
  namespace: es
spec:
  ingressClassName: nginx
  rules:
  - host: es.suoyi.com
    http:
      paths:
      - backend:
          service:
            name: quickstart-es-http
            port:
              number: 9200
        path: /
        pathType: Prefix

创建并验证请求

# 创建 ingress 
kubectl -n es apply -f es-ingress.yaml

# 在节点外进行请求
curl -u "elastic:IQ2DEORp61tfd70Goy76710g" -k "http://es.suoyi.com:31201"

ECK会自动创建一个默认用户elastic，密码存储于k8s secret中：

kibana的用户名和密码同es集群：

4. 通过自定义镜像安装ik中文分词器

下载 es版本对应 ik 分词器和拼音插件

wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.0.0/elasticsearch-analysis-ik-8.0.0.zip
wget https://github.com/medcl/elasticsearch-analysis-pinyin/releases/download/v8.0.0/elasticsearch-analysis-pinyin-8.0.0.zip

编写Dockerfile

FROM docker.elastic.co/elasticsearch/elasticsearch:8.0.0
COPY ./elasticsearch-analysis-ik-8.0.0.zip /home/
COPY ./elasticsearch-analysis-pinyin-8.0.0.zip /home/
RUN bin/elasticsearch-plugin install --batch file:/home/elasticsearch-analysis-ik-8.0.0.zip
RUN bin/elasticsearch-plugin install --batch file:/home/elasticsearch-analysis-pinyin-8.0.0.zip

构建定制es镜像

docker build --tag elasticsearch-ik:8.0.0 .

在yaml 文件指定es镜像

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: quickstart
spec:
  image: elasticsearch-ik:8.0.0
  auth: {}
  http:
    service:
      metadata: {}
      spec: {}
    tls:
      certificate: {}
      selfSignedCertificate:
        disabled: true
  nodeSets:
  - config:
      node.store.allow_mmap: false
    count: 1
    name: default
    podTemplate:
      spec:
        containers: null
  version: 8.0.0