基于kubernetes（k8s）或云服务厂商的容器服务（如阿里云的ACK）搭建elasticsearch8.9（es）服务（单节点和集群）

考虑到云服务厂商提供的集成elasticsearch(以下简称es)服务成本，创业公司初期一般会自己搭建es服务。下面分别列出单节点的es8.9服务和es8.9集群服务的yaml文件，以下k8s yaml代码基于阿里云ACK容器服务。

一、单节点的es8.9服务

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elasticsearch
  namespace: es
  labels:
    app: elasticsearch
spec:
  replicas: 1
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      initContainers:
        - name: logs-add-permissions
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/logs"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-logs
              mountPath: /usr/share/elasticsearch/logs
        - name: data-add-permissions
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/elasticsearch-data"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-data
              mountPath: /usr/share/elasticsearch/elasticsearch-data
        - name: plugins-permissions
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/plugins"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-plugins
              mountPath: /usr/share/elasticsearch/plugins
      containers:
        - env:
            - name: TZ
              value: America/Los_Angeles
            - name: xpack.security.enrollment.enabled
              value: 'false'
            - name: xpack.security.enabled
              value: 'false'
            - name: xpack.monitoring.collection.enabled
              value: 'false'
            - name: xpack.security.transport.ssl.enabled
              value: 'false'
            - name: discovery.type
              value: single-node
            - name: ELASTIC_USERNAME
              value: admin
            - name: ELASTIC_PASSWORD
              value: admin123456
            - name: ES_JAVA_OPTS
              value: "-Xms512m -Xmx512m"
            - name: aliyun_logs_elasticsearchlog
              value: /usr/share/elasticsearch/logs/gc.log*
            - name: aliyun_logs_elasticsearchlog_logstore
              value: elasticsearchlog
            - name: aliyun_logs_elasticsearchlog_project
              value: es-project
          image: 'elasticsearch:8.9.0'
          imagePullPolicy: IfNotPresent
          name: elasticsearch
          volumeMounts:
            - mountPath: /usr/share/elasticsearch/logs
              name: elasticsearch-logs
            - mountPath: /usr/share/elasticsearch/data
              name: elasticsearch-data
            - mountPath: /usr/share/elasticsearch/plugins
              name: elasticsearch-plugins
      volumes:
        - hostPath:
            path: /data/pod-data/devops/elasticsearch-plugins
            type: DirectoryOrCreate
          name: elasticsearch-plugins
        - name: elasticsearch-logs
          emptyDir: {}
  volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        storageClassName: alicloud-disk-essd-entry
        accessModes:
          - ReadWriteMany
        resources:
          requests:
            storage: 40Gi
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: elasticsearch
  name: elasticsearch
  namespace: es
spec:
  ports:
    - name: rest
      port: 9200
      protocol: TCP
      targetPort: 9200
    - name: inter-node
      port: 9300
      protocol: TCP
      targetPort: 9300
  selector:
    app: elasticsearch
---
apiVersion: v1
kind: Service
metadata:
  name: kibana
  namespace: es
  labels:
    app: kibana
spec:
  ports:
    - port: 5601
      targetPort: 5601
  selector:
    app: kibana
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: es
  labels:
    app: kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      containers:
        - name: kibana
          image: kibana:8.9.0
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
          env:
            - name: ELASTICSEARCH_HOSTS
              value: http://elasticsearch:9200
          ports:
            - containerPort: 5601

其中：

1）/usr/share/elasticsearch/logs 被抽取到了阿里云sls中；

2）/usr/share/elasticsearch/data 被挂载到阿里云云盘上；

3）/usr/share/elasticsearch/plugins被挂载到宿主机的同目录下；

运行情况：

二、es8.9集群服务

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elasticsearch
  namespace: es-cluster
  labels:
    app: elasticsearch
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      initContainers:
        - name: logs-add-permissions
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/logs"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-logs
              mountPath: /usr/share/elasticsearch/logs
        - name: data-add-permissions
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/elasticsearch-data"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-data
              mountPath: /usr/share/elasticsearch/elasticsearch-data
        - name: plugins-permissions
          image: busybox
          imagePullPolicy: IfNotPresent
          command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/plugins"]
          securityContext:
            privileged: true
          volumeMounts:
            - name: elasticsearch-plugins
              mountPath: /usr/share/elasticsearch/plugins
      nodeSelector:
        nodeType: middleware
      containers:
        - env:
            - name: TZ
              value: America/Los_Angeles
            - name: xpack.security.enrollment.enabled
              value: 'false'
            - name: xpack.security.enabled
              value: 'false'
            - name: xpack.monitoring.collection.enabled
              value: 'false'
            - name: xpack.security.transport.ssl.enabled
              value: 'false'
            - name: cluster.name
              value: elasticsearch-cluster
            - name: node.name
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: discovery.seed_hosts
              value: "elasticsearch-0.elasticsearch, elasticsearch-1.elasticsearch, elasticsearch-2.elasticsearch"
            - name: cluster.initial_master_nodes
              value: "elasticsearch-0, elasticsearch-1, elasticsearch-2"
            - name: ELASTIC_USERNAME
              value: admin
            - name: ELASTIC_PASSWORD
              value: admin123456
            - name: ES_JAVA_OPTS
              value: "-Xms1024m -Xmx1024m"
            - name: aliyun_logs_elasticsearchlog
              value: /usr/share/elasticsearch/logs/gc.log*
            - name: aliyun_logs_elasticsearchlog_logstore
              value: elasticsearchlog
            - name: aliyun_logs_elasticsearchlog_project
              value: es-project
          image: 'elasticsearch:8.9.0'
          imagePullPolicy: IfNotPresent
          name: elasticsearch
          volumeMounts:
            - mountPath: /usr/share/elasticsearch/logs
              name: elasticsearch-logs
            - mountPath: /usr/share/elasticsearch/data
              name: elasticsearch-data
            - mountPath: /usr/share/elasticsearch/plugins
              name: elasticsearch-plugins
      volumes:
        - hostPath:
            path: /data/pod-data/devops/elasticsearch-plugins
            type: DirectoryOrCreate
          name: elasticsearch-plugins
        - name: elasticsearch-logs
          emptyDir: {}
  volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        storageClassName: alicloud-disk-essd-entry
        accessModes:
          - ReadWriteMany
        resources:
          requests:
            storage: 40Gi
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: elasticsearch
  name: elasticsearch
  namespace: es-cluster
spec:
  ports:
    - name: rest
      port: 9200
      protocol: TCP
      targetPort: 9200
    - name: inter-node
      port: 9300
      protocol: TCP
      targetPort: 9300
  selector:
    app: elasticsearch
---
apiVersion: v1
kind: Service
metadata:
  name: kibana
  namespace: es-cluster
  labels:
    app: kibana
spec:
  ports:
    - port: 5601
      targetPort: 5601
  selector:
    app: kibana
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kibana
  namespace: es-cluster
  labels:
    app: kibana
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kibana
  template:
    metadata:
      labels:
        app: kibana
    spec:
      nodeSelector:
        nodeType: middleware
      containers:
        - name: kibana
          image: kibana:8.9.0
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
          env:
            - name: ELASTICSEARCH_HOSTS
              value: http://elasticsearch:9200
          ports:
            - containerPort: 5601

和单节点的yaml差别在这几点：

1）副本上的差别，replicas=3；

2）环境变量上的差别；

其中挂载的云盘：

运行情况：

三、给kibana的访问增加一个账号密码

使用kubectl get secret es-auth -o yaml -n es-cluster查看一下生成的secret。

在kibana的ingress中，配置使用这个secret即可完成。