当前位置: 首页 > news >正文

es+kibana---集群部署

news 来源:原创 2025/4/29 5:42:23

其实一般es要跑3个节点的,这样才能做高可用,处理并发大,但是我这里只是一个pod

mkdir -p /stroe/data/es

es搭建:
#【拉取镜像】
#docker pull elasticsearch:6.8.7
#docker pull busybox:1.28
【导入镜像】
docker load -i es.tar
【创建命名空间】
kubectl create ns middle-ware
【创建es的资源】

vim test-es.yaml

---
# ConfigMap for Elasticsearch configuration
apiVersion: v1
kind: ConfigMap
metadata:name: es-confignamespace: middle-ware
data:elasticsearch.yml: |cluster.name: my-es-clusternode.name: ${HOSTNAME}network.host: 0.0.0.0discovery.type: single-nodepath.data: /usr/share/elasticsearch/datapath.logs: /usr/share/elasticsearch/logsbootstrap.memory_lock: falsehttp.port: 9200transport.port: 9300jvm.options: |-Xms512m-Xmx512m-XX:+UseG1GC-XX:G1HeapRegionSize=4m-XX:MaxGCPauseMillis=50-XX:+PrintGCDetails-XX:+HeapDumpOnOutOfMemoryError-Xlog:gc*:file=/usr/share/elasticsearch/logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m---
# PersistentVolume (使用 hostPath 本地存储)
apiVersion: v1
kind: PersistentVolume
metadata:name: es-pv
spec:capacity:storage: 1GivolumeMode: FilesystemaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: manualhostPath:path: /data/elasticsearchtype: DirectoryOrCreate---
# PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: es-pvcnamespace: middle-ware
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 1Gi---
# StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:name: elasticsearchnamespace: middle-ware
spec:serviceName: elasticsearchreplicas: 1selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:tolerations:  #放在主节点上,需要配置污点容忍- key: "node-role.kubernetes.io/control-plane"operator: "Exists"effect: "NoSchedule"initContainers:- name: volume-permissionsimage: busybox:1.28command: ["sh", "-c", "chown -R 1000:0 /usr/share/elasticsearch/data /usr/share/elasticsearch/logs"]volumeMounts:- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logscontainers:- name: elasticsearchimage: elasticsearch:6.8.7imagePullPolicy: IfNotPresentenv:- name: ES_JAVA_OPTSvalue: "-Xms512m -Xmx512m"- name: discovery.typevalue: single-node- name: TAKE_FILE_OWNERSHIPvalue: "true"ports:- containerPort: 9200name: http- containerPort: 9300name: transportvolumeMounts:- name: es-configmountPath: /usr/share/elasticsearch/config/elasticsearch.ymlsubPath: elasticsearch.yml- name: es-configmountPath: /usr/share/elasticsearch/config/jvm.optionssubPath: jvm.options- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logs- name: es-storagemountPath: /usr/share/elasticsearch/pluginssubPath: pluginsvolumes:- name: es-configconfigMap:name: es-configdefaultMode: 0644- name: es-storagepersistentVolumeClaim:claimName: es-pvc---
# Service
apiVersion: v1
kind: Service
metadata:name: elasticsearchnamespace: middle-ware
spec:selector:app: elasticsearchports:- port: 9200name: httptargetPort: 9200- port: 9300name: transporttargetPort: 9300type: NodePort


vim es.yml   【这个是无https的,先跑起来生成证书放到宿主机】

 

---
# ConfigMap for Elasticsearch configuration
apiVersion: v1
kind: ConfigMap
metadata:name: es-confignamespace: middle-ware-rp
data:elasticsearch.yml: |cluster.name: my-es-clusternode.name: ${HOSTNAME}network.host: 0.0.0.0discovery.type: single-nodepath.data: /usr/share/elasticsearch/datapath.logs: /usr/share/elasticsearch/logsbootstrap.memory_lock: falsehttp.port: 9200transport.port: 9300xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.http.ssl.enabled: false  # 先禁用 HTTP SSL 简化配置jvm.options: |-Xms1G-Xmx2G-XX:+UseG1GC-XX:G1HeapRegionSize=4m-XX:MaxGCPauseMillis=50-XX:+PrintGCDetails-XX:+HeapDumpOnOutOfMemoryError-Xlog:gc*:file=/usr/share/elasticsearch/logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m---
# PersistentVolume (使用 hostPath 本地存储)
apiVersion: v1
kind: PersistentVolume
metadata:name: es-pv
spec:capacity:storage: 5GivolumeMode: FilesystemaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: manualhostPath:path: /store/data/estype: DirectoryOrCreate---
# PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: es-pvcnamespace: middle-ware-rp
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 5Gi---
# StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:name: elasticsearchnamespace: middle-ware-rp
spec:serviceName: elasticsearchreplicas: 1selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:tolerations:  #放在主节点上,需要配置污点容忍- key: "node-role.kubernetes.io/control-plane"operator: "Exists"effect: "NoSchedule"nodeName: node2initContainers:- name: volume-permissionsimage: busybox:1.28command: ["sh", "-c", "chown -R 1000:0 /usr/share/elasticsearch/data /usr/share/elasticsearch/logs"]volumeMounts:- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logscontainers:- name: elasticsearchimage: elasticsearch:6.8.7imagePullPolicy: IfNotPresentenv:- name: ES_JAVA_OPTSvalue: "-Xms1G -Xmx2G"- name: discovery.typevalue: single-node- name: TAKE_FILE_OWNERSHIPvalue: "true"ports:- containerPort: 9200name: http- containerPort: 9300name: transportvolumeMounts:- name: es-configmountPath: /usr/share/elasticsearch/config/elasticsearch.ymlsubPath: elasticsearch.yml- name: es-configmountPath: /usr/share/elasticsearch/config/jvm.optionssubPath: jvm.options- name: es-storagemountPath: /usr/share/elasticsearch/datasubPath: data- name: es-storagemountPath: /usr/share/elasticsearch/logssubPath: logs- name: es-storagemountPath: /usr/share/elasticsearch/pluginssubPath: pluginsvolumes:- name: es-configconfigMap:name: es-configdefaultMode: 0644- name: es-storagepersistentVolumeClaim:claimName: es-pvc---
# Service
apiVersion: v1
kind: Service
metadata:name: elasticsearchnamespace: middle-ware-rp
spec:selector:app: elasticsearchports:- port: 9200name: httptargetPort: 9200nodePort: 30001- port: 9300name: transporttargetPort: 9300nodePort: 30002type: NodePort

=====================【es1.yaml+https的url优化】==============================
证书生成的方式:
kubectl exec -it elasticsearch-0 -n middle-ware -- /bin/bash
 ./bin/elasticsearch-certutil ca #回车回车生成证书
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12  #回车回车生成证书

#!!拷贝到宿主机!!,这个ca证书就是开启es的https用来连接

证书认证:首先让你的es跑起来,然后在配置中应用es1.yaml优化配置文件elasticsearch.yml: |cluster.name: my-es-clusternode.name: ${HOSTNAME}network.host: 0.0.0.0discovery.type: single-nodepath.data: /usr/share/elasticsearch/datapath.logs: /usr/share/elasticsearch/logsbootstrap.memory_lock: falsehttp.port: 9200transport.port: 9300xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.http.ssl.enabled: false  # false先禁用 HTTP SSL 简化配置,无证书,有证书再更改为true再加入下面配置#有了证书之后加入一下配置,并且开启httpssl认证xpack.security.transport.ssl.keystore.type: PKCS12xpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.path: elastic-certificates.p12xpack.security.transport.ssl.truststore.type: PKCS12xpack.security.audit.enabled: truexpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elastic-certificates.p12xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/elastic-certificates.p12#证书生成后,应用ess1.yaml文件,并且先生成secret资源
ls 
[root@150m01 ~/kind]# ll
-rw-r--r-- 1 root root        3443 4月  25 09:32 elastic-certificates.p12
-rw-r--r-- 1 root root        2527 4月  25 09:33 elastic-stack-ca.p12
#生成secret资源
kubectl -n middle-ware create secret generic es-cert --from-file=elastic-certificates.p12#引用secret资源主要增加:
sts.es.spec.template.spec.containers.volumeMounts- name: es-certmountPath: /usr/share/elasticsearch/config/elastic-certificates.p12subPath: elastic-certificates.p12sts.es.spec.template.spec.volumes- name: es-certsecret:secretName: es-certitems:- key: elastic-certificates.p12path: elastic-certificates.p12#证书与ess.yaml文件同级
[root@150m01 ~/kind]# ll
-rw-r--r-- 1 root root        3443 4月  25 09:32 elastic-certificates.p12
-rw-r--r-- 1 root root        2527 4月  25 09:33 elastic-stack-ca.p12
-rw-r--r-- 1 root root        4751 4月  25 09:35 ess.yaml
-rw-r--r-- 1 root root        4348 4月  24 18:07 ess.yaml.0#上传ess1.yaml文件,然后应用
kubectl apply -f es1.yaml


【设置密码】  
【创建多个账户】
kubectl exec -it elasticsearch-0 -n middle-ware --   bin/elasticsearch-setup-passwords interactive 
Y
均为--->密码:esx@1x.8A
Enter password for [elastic用户名首次密码]: 
Reenter password for [elastic用户名确认密码]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 

【仅创建一个admin用户】
kubectl exec -it elasticsearch-0 -n middle-ware-sy -- /bin/bash
bin/elasticsearch-users useradd admin -p qqq -r superuser

【测试】
curl -u admin:qqq -X GET "http://10.10.10.150:32071/_cluster/health?pretty"

【部署报错】

有可能是因为你之前部署过es,pv和pvc可能没删除干净有残留,需要删除干净pv和pvc

=============================kibana===================================

无状态服务,展示数据,注意修改secret的账密即可,kibana的登陆页面账密也是es的账密

cat kibana.yml 
---
apiVersion: v1
kind: Secret
metadata:name: kibana-secretnamespace: middle-ware-rp
type: Opaque
data:username: YWRtaW4=password: VllyTWs5b0Y=
---
apiVersion: v1
kind: PersistentVolume
metadata:name: kibana-pv
spec:capacity:storage: 5GivolumeMode: FilesystemaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: manualhostPath:path: /store/data/kibanatype: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: kibana-pvcnamespace: middle-ware-rp
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 5Gi
---
apiVersion: v1
kind: ConfigMap
metadata:name: kibana-confignamespace: middle-ware-rp
data:kibana.yml: |server.host: "0.0.0.0"elasticsearch.hosts: ["http://10.10.10.133:30001"]xpack.security.enabled: true
---
apiVersion: apps/v1
kind: Deployment
metadata:name: kibananamespace: middle-ware-rp
spec:replicas: 1selector:matchLabels:app: kibanatemplate:metadata:labels:app: kibanaspec:containers:- name: kibanaimage: docker.elastic.co/kibana/kibana:6.8.7ports:- containerPort: 5601name: httpenv:#- name: ELASTICSEARCH_URL#  value: http://elasticsearch:9200- name: ELASTICSEARCH_USERNAMEvalueFrom:secretKeyRef:name: kibana-secretkey: username- name: ELASTICSEARCH_PASSWORDvalueFrom:secretKeyRef:name: kibana-secretkey: passwordvolumeMounts:- name: kibana-configmountPath: /usr/share/kibana/config/kibana.ymlsubPath: kibana.ymlvolumes:- name: kibana-configconfigMap:name: kibana-configdefaultMode: 0644
---
apiVersion: v1
kind: Service
metadata:name: kibananamespace: middle-ware-rp
spec:selector:app: kibanaports:- port: 5601targetPort: 5601name: httpnodePort: 30003type: NodePort



  

相关文章:

  • vscode 使用gitcode团队管理项目
  • 推荐一个微软官方开源浏览器自动化工具,可以用于UI自动化测试、爬虫等,具备.Net、Java、Python等多个版本!
  • Flutter介绍、Flutter Windows Android 环境搭建 真机调试
  • Python实现SSE流式推送
  • 【蒸馏(5)】DistillBEV代码分析
  • 关于华为云OneAccess登录认证过程介绍
  • 论文阅读_Search-R1_大模型+搜索引擎
  • Maven多模块工程版本管理:flatten-maven-plugin扁平化POM
  • 深入浅出限流算法(二):更平滑的滑动窗口
  • MATLAB小试牛刀系列(1)
  • 【前端】1h 搞定 TypeScript 教程_只说重点
  • 并发设计模式实战系列(8):Active Object
  • ArcPy 中的地理处理工具
  • 微信小程序开发笔记
  • C++学习:六个月从基础到就业——模板编程:SFINAE原则
  • 配置扩展ACL
  • 文号验证-同时对两个输入框验证
  • 编程日志4.23
  • 相机-IMU联合标定:相机-IMU外参标定
  • Molex莫仕连接器:增强高级驾驶辅助系统,打造更安全的汽车
  • 俄乌战火不熄,特朗普在梵蒂冈与泽连斯基会晤后口风突变
  • 人社部:将会同更多部门分行业、分领域制定专项培训计划
  • 伊朗最大港口爆炸:26公里外都能听到,超七百人受伤,原因指向化学品储存
  • 文化体验+商业消费+服务创新,上海搭建入境旅游新模式
  • 体育公益之约跨越山海,雪域高原果洛孕育足球梦
  • 中国太保一季度净赚96.27亿元降18.1%,营收同比下降1.8%