前言
根据网络上的文章进行部署elasticsearch的时候发现了很多问题,现整理部署步骤,供大家学习.
一. 规划
由于涉及到很多内容,不进行规划,边做边规划,会导致混乱.
![在这里插入图片描述](https://img-blog.csdnimg.cn/20200411095039523.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzM1NDk1OQ==,size_16,color_FFFFFF,t_70)
规划说明:
1.es的master节点至少需要三个,形成选举集群,防止脑裂.
2.master在配置中需要固定其主机名,所以需要使用StatefulSet.
3.node节点需要固定的主机名和固定的物理节点以及物理节点上的本地PV,所以需要使用StatefulSet,配合StorageClass来固定.
4.kibana为无状态服务,使用deployment.
二.镜像准备
2.1 拉取镜像
docker pull elasticsearch:7.4.2
docker pull kibana:7.4.2
注:需要配置阿里docker加速器(略),直接拉取镜像.
2.2 修改elasticsearch镜像
为什么要修改elasticsearch镜像,因为在部署elasticsearch的时候,建议配置memlock:true,这个要求系统必须配置ulimit.
经测试kubernetes并不支持配置系统的ulimit,通过 podStart 和 initContainer 都是无法生效。所以需要修改镜像,然其在容器内自动执行.
操作步骤如下.最终生成一个新的镜像elasticsearch:7.4.2-ulimit
[root@k8s-master dockerfile]# pwd
/root/dockerfile
[root@k8s-master dockerfile]# ll
-rw-r--r--. 1 root root 156 3月 5 16:28 Dockerfile
-rw-r--r--. 1 root root 98 3月 2 15:26 run.sh
### Dockerfile文件内容 ###
[root@k8s-master dockerfile]# vi Dockerfile
FROM elasticsearch:7.4.2
MAINTAINER dingyangzhuang dingyangzhuang@139.com
COPY run.sh /
RUN chmod 775 /run.sh
CMD ["/run.sh"]
### 启动脚本内容 ###
[root@k8s-master dockerfile]# vi run.sh
#!/bin/bash
# 设置memlock无限制
ulimit -l unlimited
exec su elasticsearch /usr/local/bin/docker-entrypoint.sh
### 构建镜像 ###
[root@k8s-master dockerfile]# docker build --tag elasticsearch:7.4.2-ulimit
2.3 推送镜像到私有库–可选
由于K8S节点不能访问公网,需要经镜像推送到私有库,通过私有库获取镜像.
docker tag elasticsearch:7.4.2-ulimit 10.46.235.225:5000/elasticsearch:7.4.2-ulimit
docker tag kibana:7.4.2 10.46.235.225:5000/kibana:7.4.2
docker push 10.46.235.225:5000/elasticsearch:7.4.2-ulimit
docker push 10.46.235.225:5000/kibana:7.4.2
三.创建名字空间/服务账号
[root@node-1 elasticsearch]# cat namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ns-elasticsearch
labels:
name: ns-elasticsearch
[root@node-1 elasticsearch]# cat serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
elastic-app: elasticsearch
name: elasticsearch-admin
namespace: ns-elasticsearch
[root@node-1 elasticsearch]# cat clusterrole.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: elasticsearch-admin
labels:
elastic-app: elasticsearch
rules: #根据需要配置相应的api/资源/权限
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: elasticsearch-admin
labels:
elastic-app: elasticsearch
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: elasticsearch-admin
namespace: ns-elasticsearch
结果略
四.部署elasticsearch主节点
4.1 部署elasticsearch-master
[root@node-1 elasticsearch]# cat master-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
elastic-app: elasticsearch
role: master
name: elasticsearch-master
namespace: ns-elasticsearch
spec:
replicas: 3
serviceName: elasticsearch-discovery #用于给每一个pod提供一个podname.serviceName的域名进行访问.
selector:
matchLabels:
elastic-app: elasticsearch
role: master
template:
metadata:
labels:
elastic-app: elasticsearch
role: master
spec:
serviceAccountName: elasticsearch-admin
restartPolicy: Always
containers:
- name: elasticsearch-master
image: 10.46.235.225:5000/elasticsearch:7.4.2-ulimit #根据需要修改镜像
imagePullPolicy: IfNotPresent
securityContext:
privileged: true