在k8s上搭建elasticsearch 服务
k8s搭建高可用elasticsearch集群:eck
Deploy ECK in your Kubernetes cluster
Deploy ECK in your Kubernetes cluster | Elastic Cloud on Kubernetes [2.1] | Elastic
部署 Elastic Stack
1. 安装ElasticSearch
1.Install custom resource definitions and the operator with its RBAC rules:
kubectl create -f https://download.elastic.co/downloads/eck/1.9.1/crds.yaml kubectl apply -f https://download.elastic.co/downloads/eck/1.9.1/operator.yaml
2. Monitor the operator logs:
kubectl -n elastic-system logs -f statefulset.apps/elastic-operator
3. 创建eck 集群
cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
spec:
version: 7.17.0
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
EOF
kubectl -n es get elasticsearch kubectl logs -f quickstart-es-default-0
5. 获取es 集群访问权限
PASSWORD=$(kubectl -n es get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
echo "$PASSWORD"
# 在k8s集群同命名空间下的pod内
curl -u "elastic:IQ2DEORp61tfd70Goy76710g" -k "https://quickstart-es-http:9200"
2. 安装kibana
cat <<EOF | kubectl apply -f -
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: quickstart
spec:
version: 7.9.2
count: 1
elasticsearchRef:
name: quickstart
EOF
2. Monitor Kibana health and creation progress.
Similar to Elasticsearch, you can retrieve details about Kibana instances:
kubectl get kibana
3. 配置 ingress 来访问 es 集群
安装 ingress
https://yuque.antfin.com/ke5an3/rgf45y/myuxgq
禁用 TLS
TLS certificates | Elastic Cloud on Kubernetes [master] | Elastic
You can explicitly disable TLS for Kibana, APM Server, Enterprise Search and the HTTP layer of Elasticsearch.
修改 elasticsearch 的yaml 文件,禁用自签名证书
spec:
http:
tls:
selfSignedCertificate:
disabled: true
es-ingress.yaml 文件
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
generation: 1
name: es-ingress
namespace: es
spec:
ingressClassName: nginx
rules:
- host: es.suoyi.com
http:
paths:
- backend:
service:
name: quickstart-es-http
port:
number: 9200
path: /
pathType: Prefix
创建并验证请求
# 创建 ingress kubectl -n es apply -f es-ingress.yaml # 在节点外进行请求 curl -u "elastic:IQ2DEORp61tfd70Goy76710g" -k "http://es.suoyi.com:31201"
ECK会自动创建一个默认用户elastic,密码存储于k8s secret中:
kibana的用户名和密码同es集群:
4. 通过 自定义镜像 安装ik中文分词器
下载 es版本 对应 ik 分词器和拼音 插件
wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.0.0/elasticsearch-analysis-ik-8.0.0.zip wget https://github.com/medcl/elasticsearch-analysis-pinyin/releases/download/v8.0.0/elasticsearch-analysis-pinyin-8.0.0.zip
编写Dockerfile
FROM docker.elastic.co/elasticsearch/elasticsearch:8.0.0 COPY ./elasticsearch-analysis-ik-8.0.0.zip /home/ COPY ./elasticsearch-analysis-pinyin-8.0.0.zip /home/ RUN bin/elasticsearch-plugin install --batch file:/home/elasticsearch-analysis-ik-8.0.0.zip RUN bin/elasticsearch-plugin install --batch file:/home/elasticsearch-analysis-pinyin-8.0.0.zip
构建定制es镜像
docker build --tag elasticsearch-ik:8.0.0 .
在yaml 文件 指定es镜像
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
spec:
image: elasticsearch-ik:8.0.0
auth: {}
http:
service:
metadata: {}
spec: {}
tls:
certificate: {}
selfSignedCertificate:
disabled: true
nodeSets:
- config:
node.store.allow_mmap: false
count: 1
name: default
podTemplate:
spec:
containers: null
version: 8.0.0
4. ES 集群监控【TODO】
参考文档
参考资料
Ingress
how to configure ingress to direct traffic to an https backend using https
Elastic Cloud Kubernetes(ECK)安装Elasticsearch、Kibana实战教程
Elastic Cloud Kubernetes(ECK)安装Elasticsearch、Kibana实战教程-阿里云开发者社区
elasticsearch create custom images
Create custom images | Elastic Cloud on Kubernetes [2.1] | Elastic
k8s无脑系列(十一) helm安装ElasticSearch到集群并设置中文分词
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献29条内容
所有评论(0)