ElasticSearch 8(1)，字节跳动Linux运维内部学习资料泄露

        mountPath: /config
      - name: host-time  #挂载本地时区
        mountPath: /etc/localtime
        readOnly: true
  volumes: 
  - name: es-volume  #使用pvc
    persistentVolumeClaim:
      claimName: es-010-pvc
  - name: es-010-config  #使用pvc
    configMap:    #使用configMap
      name:  es-010-config
      defaultMode: 420 #420-644 493-755
  - name: es-010-cert-file
    hostPath: #挂载主机的目录
      path: /data/deploy/k8s/elasticsearch/certs
      type: ""
  - name: host-time
    hostPath: #挂载本地时区
      path: /etc/localtime
      type: ""

---

**configmap配置**  
 要点

---

apiVersion: v1
kind: ConfigMap #配置信息
metadata:
name: es-010-config #es-010配置
namespace: es
data:
elasticsearch.yml: |
#首次启动会失败，需要重新生成证书并复制到所有节点上（xpack.security配置中的证书位置）
cluster.name: “es-01”
node:
name: “es-010”
#指定节点角色
#roles: [ data, master]

# 为HTTP 和传输流量设置此节点的地址。 elastic将监听该地址的所有请求，0.0.0.0 代表监听本机所有网络地址的请求，指定地址则仅监听该地址的请求（接受IP、主机名或特殊值）。
network.host: 10.244.220.10

# 默认不开启
# 开启是为了能够在内网与其他节点通讯，使得新节点可以加入集群，0.0.0.0 代表监听本机所有网络地址的请求，指定地址则仅监听该地址的请求（接受IP、主机名或特殊值）。
transport.host: 10.244.220.10

# 用于节点发现
# 首次启动时不开启
#discovery.seed\_hosts: ["10.244.220.10:9300","10.244.220.11:9300"]

# 初始主节点配置，集群形成后，从每个节点的配置中删除此设置。
# 单点首次启动
cluster.initial_master_nodes: ["10.244.220.10"]

# 初始集群配置至少3台，集群形成后，从每个节点的配置中删除此设置，需要按顺序启动
#cluster.initial\_master\_nodes: ["10.244.220.10","10.244.220.11","10.244.220.12"]

#配置存储路径
path.data:  /elasticsearch/data
path.logs:  /elasticsearch/logs

# 开启es跨域与head插件
http.cors.allow-origin: "\*"
http.cors.enabled: true
http.cors.allow-headers: Authorization
http.max_content_length: 200mb

#linux在使用内存锁时仍会交换堆外内存。要防止堆外内存交换，请禁用所有交换文件。
bootstrap.memory_lock: true

#限制高成本查询
search.default_search_timeout: "50s"
#必须set为true，否则kibana报错
search.allow_expensive_queries: true

#禁用通配符模糊匹配删除索引
action.destructive_requires_name: true
  
# 设置自动创建索引(可选)
# 一些商业功能会自动在 Elasticsearch 中创建索引。 默认情况下，Elasticsearch 配置为允许自动创建索引，不需要额外的步骤
#action.auto\_create\_index: .monitoring\*,.watches,.triggered\_watches,.watcher-history\*,.ml\*

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically 
# generated to configure Elasticsearch security features on 07-02-2024 12:57:00
#
# --------------------------------------------------------------------------------

# Enable security features


xpack.security: 
  enabled: true
  autoconfiguration: 
    enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  # pem证书配置方式
  #key: local-certs/elastic-http.key
  #certificate: local-certs/elastic-http.crt
  #certificate\_authorities: [ "local-certs/elastic-http.crt" ]
  keystore.path: local-certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  # pem证书配置方式
  #key: local-certs/ca.key 
  #certificate: local-certs/ca.crt 
  #certificate\_authorities: [ "local-certs/ca.crt" ]
  
  # pks12证书配置方式
  keystore.path: local-certs/elastic-certificates.p12
  truststore.path: local-certs/elastic-certificates.p12


#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

jvm.options: |
-Xms4g
-Xmx4g
-XX:+UseG1GC

## JVM temporary directory
-Djava.io.tmpdir=${ES\_TMPDIR}

# Leverages accelerated vector hardware instructions; removing this may
# result in less optimal vector performance
20-:--add-modules=jdk.incubator.vector

# REMOVE once bumped to a JDK greater than 21.0.1, https://github.com/elastic/elasticsearch/issues/103004
19-21:-XX:CompileCommand=exclude,org.apache.lucene.util.MSBRadixSorter::computeCommonPrefixLengthAndBuildHistogram
19-21:-XX:CompileCommand=exclude,org.apache.lucene.util.RadixSelector::computeCommonPrefixLengthAndBu