mountPath: /config
- name: host-time #挂载本地时区
mountPath: /etc/localtime
readOnly: true
volumes:
- name: es-volume #使用pvc
persistentVolumeClaim:
claimName: es-010-pvc
- name: es-010-config #使用pvc
configMap: #使用configMap
name: es-010-config
defaultMode: 420 #420-644 493-755
- name: es-010-cert-file
hostPath: #挂载主机的目录
path: /data/deploy/k8s/elasticsearch/certs
type: ""
- name: host-time
hostPath: #挂载本地时区
path: /etc/localtime
type: ""
**configmap配置**
要点
apiVersion: v1
kind: ConfigMap #配置信息
metadata:
name: es-010-config #es-010配置
namespace: es
data:
elasticsearch.yml: |
#首次启动会失败,需要重新生成证书并复制到所有节点上(xpack.security配置中的证书位置)
cluster.name: “es-01”
node:
name: “es-010”
#指定节点角色
#roles: [ data, master]
# 为HTTP 和传输流量设置此节点的地址。 elastic将监听该地址的所有请求,0.0.0.0 代表监听本机所有网络地址的请求,指定地址则仅监听该地址的请求(接受IP、主机名或特殊值)。
network.host: 10.244.220.10
# 默认不开启
# 开启是为了能够在内网与其他节点通讯,使得新节点可以加入集群,0.0.0.0 代表监听本机所有网络地址的请求,指定地址则仅监听该地址的请求(接受IP、主机名或特殊值)。
transport.host: 10.244.220.10
# 用于节点发现
# 首次启动时不开启
#discovery.seed\_hosts: ["10.244.220.10:9300","10.244.220.11:9300"]
# 初始主节点配置,集群形成后,从每个节点的配置中删除此设置。
# 单点首次启动
cluster.initial_master_nodes: ["10.244.220.10"]
# 初始集群配置至少3台,集群形成后,从每个节点的配置中删除此设置,需要按顺序启动
#cluster.initial\_master\_nodes: ["10.244.220.10","10.244.220.11","10.244.220.12"]
#配置存储路径
path.data: /elasticsearch/data
path.logs: /elasticsearch/logs
# 开启es跨域与head插件
http.cors.allow-origin: "\*"
http.cors.enabled: true
http.cors.allow-headers: Authorization
http.max_content_length: 200mb
#linux在使用内存锁时仍会交换堆外内存。要防止堆外内存交换,请禁用所有交换文件。
bootstrap.memory_lock: true
#限制高成本查询
search.default_search_timeout: "50s"
#必须set为true,否则kibana报错
search.allow_expensive_queries: true
#禁用通配符模糊匹配删除索引
action.destructive_requires_name: true
# 设置自动创建索引(可选)
# 一些商业功能会自动在 Elasticsearch 中创建索引。 默认情况下,Elasticsearch 配置为允许自动创建索引,不需要额外的步骤
#action.auto\_create\_index: .monitoring\*,.watches,.triggered\_watches,.watcher-history\*,.ml\*
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 07-02-2024 12:57:00
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security:
enabled: true
autoconfiguration:
enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
# pem证书配置方式
#key: local-certs/elastic-http.key
#certificate: local-certs/elastic-http.crt
#certificate\_authorities: [ "local-certs/elastic-http.crt" ]
keystore.path: local-certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
# pem证书配置方式
#key: local-certs/ca.key
#certificate: local-certs/ca.crt
#certificate\_authorities: [ "local-certs/ca.crt" ]
# pks12证书配置方式
keystore.path: local-certs/elastic-certificates.p12
truststore.path: local-certs/elastic-certificates.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
jvm.options: |
-Xms4g
-Xmx4g
-XX:+UseG1GC
## JVM temporary directory
-Djava.io.tmpdir=${ES\_TMPDIR}
# Leverages accelerated vector hardware instructions; removing this may
# result in less optimal vector performance
20-:--add-modules=jdk.incubator.vector
# REMOVE once bumped to a JDK greater than 21.0.1, https://github.com/elastic/elasticsearch/issues/103004
19-21:-XX:CompileCommand=exclude,org.apache.lucene.util.MSBRadixSorter::computeCommonPrefixLengthAndBuildHistogram
19-21:-XX:CompileCommand=exclude,org.apache.lucene.util.RadixSelector::computeCommonPrefixLengthAndB