由于需要通过自动化脚本在k8s上面部署eck和es。由于部署es的时候会对elastic用户随机生成密码,无法提前知道密码。因此,通过bin/elasticsearch-setup-passwords更改密码,在k8s pod显然不太适用,我们需要提前内置自己的用户和密码。

部署ECK

下载elastic-operator


wget -c https://download.elastic.co/downloads/eck/1.5.0/all-in-one.yaml


安装elastic-operator


kubectl apply -f all-in-one.yaml


监控elastic-operator日志


kubectl -n elastic-system logs -f statefulset.apps/elastic-operator


部署elasticsearch

创建Kubernetes secret用于添加自定义用户和角色

创建一个文件夹和两个文件,用户存储用户和角色


mkdir filerealm

touch filerealm/users filerealm/users_roles


创建用户’kubesphere’的角色为’superuser’


docker run
-v $(pwd)/filerealm:/usr/share/elasticsearch/config
docker.elastic.co/elasticsearch/elasticsearch:7.10.2
bin/elasticsearch-users useradd kubesphere -p kubesphere -r superuser


创建Kubernetes secret


kubectl create secret generic kubesphere-elasticsearch-realm-secret --from-file filerealm -n kubesphere-logging-system


部署elasticsearch

eck-elasticsearch.yaml

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: logging
  namespace: elastic-system
spec:
  version: 7.10.2
  image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 #指定镜像
  auth:
    fileRealm:
    - secretName: kubesphere-elasticsearch-realm-secret # 通过Kubernetes secret添加自定义用户和密码
  http:
    tls:
      selfSignedCertificate:
        disabled: true # 关闭tls
  nodeSets:
  - name: default 
    count: 3 # 部署集群节点数
    config:
      node.store.allow_mmap: false
    volumeClaimTemplates: # 存储配置
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 30Gi
        storageClassName: default-nfs-storage


kubectl apply -f eck-elasticsearch.yaml


查看集群监控状态、集群版本及节点数


kubectl get elasticsearch


查看es pod


kubectl get pods --selector=‘elasticsearch.k8s.elastic.co/cluster-name=logging’


查看es pod 日志


kubectl logs -f logging-es-default-0


一个ClusterIP Service被自动创建出来


kubectl get service logging-es-http


部署es时,es默认已经随机生成了elastic用户的密码,并存储在secret中,可通过如下方式获取


kubectl get secret logging-es-elastic-user -o go-template=’{{.data.elastic | base64decode}}’ -n elastic-system)


通过自定义创建的用户名密码在k8s集群内访问es


curl -u “kubesphere:kubesphere” -k “http://logging-es-http.elastic-system.svc:9200”


通过自定义创建的用户名密码在k8s集群外访问es


kubectl port-forward service/logging-es-http 9200 -n elastic-system
curl -u “kubesphere:kubesphere” “http://localhost:9200”