k8s部署带用户名和密码的elasticsearch
k8s部署带用户名和密码的elasticsearch
·
elasticsearch本来可以不加用户名和密码,基于我们目前接触越来越多的客户,为了数据的安全性,也需要遗憾的加上用户名和密码
下面是k8s部署的yaml
文件名称:k8s-elasticsearch.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: elasticsearch-u #为该Deployment设置key为app,value为elasticsearch-u的标签
name: elasticsearch-u-dm
namespace: lyb
spec:
replicas: 1 #副本数量
selector: #标签选择器,与上面的标签共同作用
matchLabels: #选择包含标签app:elasticsearch的资源
app: elasticsearch-u
template: #这是选择或创建的Pod的模板
metadata: #Pod的元数据
labels: #Pod的标签,上面的selector即选择包含标签app:elasticsearch-u的Pod
app: elasticsearch-u
spec: #期望Pod实现的功能(即在pod中部署)
containers: #生成container,与docker中的container是同一种
- name: elasticsearch-u-container
image: elasticsearch:7.12.1 #使用镜像elasticsearch-u: 创建container,该container默认9200端口可访问
#imagePullPolicy: Never #使用本地镜像
ports:
- containerPort: 9200 # 开启本容器的9200端口可访问
- containerPort: 9300
env:
- name: ES_JAVA_OPTS
value: -Xms512m -Xmx512m
- name: bootstrap.memory_lock
value: "true"
- name: discovery.type
value: single-node
- name: node.name
value: node-1
- name: TAKE_FILE_OWNERSHIP #此环境变量是防止没有宿主机的777权限,value随便写,在nfs可以忽略,普通docker或者docker-swarm单机启动需要加
value: "1111"
# 下面是开启es验证的相关配置
- name: http.cors.allow-headers
value: Authorization
- name: xpack.security.enabled
value: "true"
- name: xpack.security.transport.ssl.enabled
value: "true"
- name: network.host
value: "0.0.0.0"
volumeMounts:
- mountPath: /usr/share/elasticsearch/data
name: elasticsearch-data
volumes:
- name: elasticsearch-data
nfs:
server: nfs ip地址,需要自己改
path: nfs共享文件夹,需要自己改
---
apiVersion: v1
kind: Service
metadata:
labels:
app: elasticsearch-u
name: svc-elasticsearch-u # 服务名称
namespace: lyb
spec:
ports:
- port: 9200 #写mysql本身端口
name: elasticsearch-u92
protocol: TCP
targetPort: 9200 # 容器elasticsearch-u对外开放的端口 上面的dm已经指定了
nodePort: 30192 #外网访问的端口
- port: 9300
protocol: TCP
targetPort: 9300
name: elasticsearch-u93
nodePort: 30193
selector:
app: elasticsearch-u #选择包含标签app:elasticsearch-u的资源
type: NodePort
执行kubectl apply -f k8s-elasticsearch.yaml
然后进入到es的pod中
命令:
kubectl get pod -n lyb
#获取到es的pod名称
kubectl exec -it esPodName -n lyb
进入容器后
主要说明es如何设置密码
进入容器后,进入到bin目录,执行命令:elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
以上就是设置密码的过程,下面是翻译:
启动为保留用户elastic、apm_system、kibana、kibana_system、logstash_system、beats_system、remote_monitoring_user设置密码。
随着过程的进行,系统将提示您输入密码。
请确认您想继续[y/N]y
输入[elastic]的密码:
重新输入[elastic]的密码:
输入[apm_system]密码:
Reenter password for [apm_system]:
输入[kibana_system]密码:
Reenter password for [kibana_system]:
输入[logstash_system]的密码:
Reenter password for [logstash_system]:
输入[beats_system]的密码:
Reenter password for [beats_system]
输入[remote_monitoring_user]的密码:
Reenter password for [remote_monitoring_user]:
更改用户[apm_system]的密码
修改用户[kibana_system]的密码
更改用户[kibana]的密码
修改用户logstash_system的密码
修改用户[beats_system]的密码
修改用户[remote_monitoring_user]密码
修改弹性用户密码
然后浏览器访问 ip:30192
页面自动弹窗,输出刚才设置的密码即可访问
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
3
0- 0
已为社区贡献2条内容
所有评论(0)