部署 elasticsearch 和 kibana
备注:单点 es,没有做集群
数据存储使用 hostPath
elasticsearch
ES 镜像
https://hub.docker.com/_/elasticsearch
https://github.com/docker-library/elasticsearch/blob/ffa0104f45677975eb6fcb0a52829618143bdad7/8/Dockerfile
https://github.com/elastic/dockerfiles/blob/v8.7.0/elasticsearch/Dockerfile
拉取镜像
docker pull elasticsearch:8.7.0
创建目录
依据 Dockerfile 默认端口 9200 9300
gid: 1000
uid: 1000
mkdir -p /data/pod-data/devops/elasticsearch-data/
mkdir -p /data/pod-data/devops/elasticsearch-logs/
mkdir -p /data/pod-data/devops/elasticsearch-plugins
chown 1000:1000 -R /data/pod-data/devops/elasticsearch-plugins
chown 1000:1000 -R /data/pod-data/devops/elasticsearch-data/
chown 1000:1000 -R /data/pod-data/devops/elasticsearch-logs/
# 挂载目录
/usr/share/elasticsearch/logs
/usr/share/elasticsearch/data
/usr/share/elasticsearch/plugins
elasticsearch-config.yaml
# elasticsearch-config.yaml
---
apiVersion: v1
data:
elasticsearch.yml: >
cluster.name: ${CLUSTER_NAME}
node.name: ${NODE_NAME}
discovery.seed_hosts: ${NODE_LIST}
cluster.initial_master_nodes: ${MASTER_NODES}
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: false
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path:
/usr/share/elasticsearch/data/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path:
/usr/share/elasticsearch/data/certs/elastic-certificates.p12
kind: ConfigMap
metadata:
labels:
app: elasticsearch
name: elasticsearch-config
namespace: devops
elasticsearch.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: elasticsearch
name: elasticsearch
namespace: devops
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- env:
- name: TZ
value: Asia/Shanghai
- name: xpack.security.enrollment.enabled
value: 'true'
- name: CLUSTER_NAME
value: elasticsearch
- name: NODE_NAME
value: elasticsearch
- name: NODE_LIST
value: elasticsearch
- name: MASTER_NODES
value: elasticsearch
- name: ELASTIC_USERNAME
value: elastic
- name: ELASTIC_PASSWORD
value: AA3pRIVkphOXpwWdw7Df
image: 'elasticsearch:8.7.0'
imagePullPolicy: IfNotPresent
name: elasticsearch
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
volumeMounts:
- mountPath: /usr/share/elasticsearch/logs
name: elasticsearch-logs
- mountPath: /usr/share/elasticsearch/data
name: elasticsearch-data
- mountPath: /usr/share/elasticsearch/plugins
name: elasticsearch-plugins
- mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
name: elasticsearch-config
readOnly: true
subPath: elasticsearch.yml
nodeName: 172.16.111.158
volumes:
- hostPath:
path: /data/pod-data/devops/elasticsearch-data/
type: DirectoryOrCreate
name: elasticsearch-data
- hostPath:
path: /data/pod-data/devops/elasticsearch-logs
type: DirectoryOrCreate
name: elasticsearch-logs
- hostPath:
path: /data/pod-data/devops/elasticsearch-plugins
type: DirectoryOrCreate
name: elasticsearch-plugins
- configMap:
defaultMode: 420
name: elasticsearch-config
name: elasticsearch-config
---
apiVersion: v1
kind: Service
metadata:
labels:
app: elasticsearch
name: elasticsearch
namespace: devops
spec:
ports:
- name: http
nodePort: 39200
port: 9200
protocol: TCP
targetPort: 9200
selector:
app: elasticsearch
type: NodePort
部署 elasticsearch
kubectl create ns devops
kubectl apply -f elasticsearch.yaml -f elasticsearch-config.yaml
1.2 生成Xpack认证证书文件
ElasticSearch提供了生成证书的工具elasticsearch-certutil,我们可以在docker实例中先生成它,然后复制出来,后面统一使用。
# 进入到容器内执行
docker run -it -d --name elastic-cret elasticsearch:8.7.0 /bin/bash
# 进入容器生成密钥文件
docker exec -it elastic-cret /bin/bash
# 注:所有选项无需填写,直接回车即可
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
$ ls *.p12
elastic-certificates.p12 elastic-stack-ca.p12
# 回到主机执行
mkdir -p /data/pod-data/devops/elasticsearch-data/certs
cd /data/pod-data/devops/elasticsearch-data/certs
docker cp elastic-cret:/usr/share/elasticsearch/elastic-certificates.p12 .
docker cp elastic-cret:/usr/share/elasticsearch/elastic-stack-ca.p12 .
chown 1000:1000 -R /data/pod-data/devops/elasticsearch-data
docker rm -f elastic-cret
安装 ik 分词器
cd /data/pod-data/devops/elasticsearch-data
wget -c https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.7.0/elasticsearch-analysis-ik-8.7.0.zip
# 进入到容器内执行
elasticsearch-plugin install file:///usr/share/elasticsearch/data/elasticsearch-analysis-ik-8.7.0.zip
ls plugins/
---
analysis-ik
ES 重置密码
https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html
# 进到容器内执行
bin/elasticsearch-reset-password -u elastic
elastic
AA3pRIVkphOXpwWdw7Df
elasticsearch-reset-password --interactive -b -u elastic
---
WARNING: Owner of file [/usr/share/elasticsearch/config/users] used to be [root], but now is [elasticsearch]
WARNING: Owner of file [/usr/share/elasticsearch/config/users_roles] used to be [root], but now is [elasticsearch]
Enter password for [elastic]:
Re-enter password for [elastic]:
Password for the [elastic] user successfully reset.
重置 kibana_system 密码
- 后面部署 kibana 需要用
# 参考
https://blog.csdn.net/weixin_39169535/article/details/125652909
elasticsearch@elasticsearch-7fb6c748dd-ms8bt:~$ elasticsearch-reset-password -u kibana_system
This tool will reset the password of the [kibana_system] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [kibana_system] user successfully reset.
New value: 4xCHRIL+V1Lak-VEEm3G
ES 访问地址
curl "http://elastic:AA3pRIVkphOXpwWdw7Df@172.16.111.158:39200/_cat/nodes?&pretty"
curl http://elastic:AA3pRIVkphOXpwWdw7Df@elasticsearch.devops.svc.cluster.local:9200/_cat/nodes
创建Kibana应用
ElasticSearch集群安装完后,需要安装Kibana用于ElasticSearch数据的可视化工具。
拉取镜像
docker pull kibana:8.7.0
创建 Kibana 的 ConfigMap 编排文件
# kibana-config.yaml
---
apiVersion: v1
data:
kibana.yml: >
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: ["http://elasticsearch.devops.svc.cluster.local:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "4xCHRIL+V1Lak-VEEm3G"
kind: ConfigMap
metadata:
labels:
app: kibana
name: kibana-config
namespace: devops
创建 Kibana 的 Deployment 编排文件
# kibana-deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kibana
name: kibana
namespace: devops
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
containers:
- env:
- name: ELASTICSEARCH_HOSTS
value: 'http://elasticsearch.devops.svc.cluster.local:9200'
- name: ELASTICSEARCH_USER
value: kibana_system
- name: ELASTICSEARCH_PASSWORD
value: 4xCHRIL+V1Lak-VEEm3G
image: 'kibana:8.7.0'
imagePullPolicy: IfNotPresent
name: kibana
ports:
- containerPort: 5601
name: webinterface
protocol: TCP
volumeMounts:
- mountPath: /usr/share/kibana/config/kibana.yml
name: config
readOnly: true
subPath: kibana.yml
nodeName: 172.16.111.158
volumes:
- configMap:
defaultMode: 420
name: kibana-config
name: config
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kibana
name: kibana
namespace: devops
spec:
ports:
- name: webinterface
nodePort: 35601
port: 5601
protocol: TCP
targetPort: 5601
selector:
app: kibana
type: NodePort
kubectl -f kibana-deployment.yaml -f kibana-config.yaml
访问 Kibana
http://172.16.111.158:35601/app/dev_tools#/console
elastic
AA3pRIVkphOXpwWdw7Df
# monitoring
http://172.16.111.158:35601/app/monitoring
