ECK
Elastic Cloud on Kubernetes簡稱ECK糠惫,其擴展了Kubernetes的基本編排功能铝穷,以支持Kubernetes上Elasticsearch林说,Kibana和APM Server的設置和管理蓖扑。借助ECK可以簡化所有關鍵操作:
1.管理監(jiān)控多個集群
2.擴展縮小集群
3.變更集群配置
4.調度備份
5.使用TLS證書保護集群
6.采用區(qū)域感知實現hot-warm-cold架構
在Kubernetes集群中部署ECK
安裝自定義資源定義和操作符及其 RBAC 規(guī)則:
kubectl create -f https://download.elastic.co/downloads/eck/1.8.0/crds.yaml
kubectl apply -f https://download.elastic.co/downloads/eck/1.8.0/operator.yaml
部署Elasticsearch
配置StorageClass 使用Ceph作為存儲,詳細可看Kubernetes集成Ceph rbd文章
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elastic-cluster #Cluster name
namespace: elastic-system
spec:
version: 7.2.0
nodeSets:
- name: master-nodes #node name
count: 1
config:
node.master: true
node.data: false
podTemplate:
spec:
initContainers:
- name: sysctl
securityContext:
privileged: true
command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
- name: plugins
command:
- sh
- -c
- |
bin/elasticsearch-plugin install --batch http://10.20.20.140/elasticsearch-analysis-ik-7.2.0.zip # 使用initcontainer安裝Elasticsearch插件
containers:
- name: elasticsearch
env:
- name: ES_JAVA_OPTS
value: -Xms1g -Xmx1g
resources:
requests:
memory: 2Gi
limits:
memory: 2Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
storageClassName: rbd
- name: data-nodes #node name
count: 2
config:
node.master: false
node.data: true
podTemplate:
spec:
initContainers:
- name: sysctl
securityContext:
privileged: true
command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
- name: plugins
command:
- sh
- -c
- |
bin/elasticsearch-plugin install --batch http://10.20.20.140/elasticsearch-analysis-ik-7.2.0.zip # 使用initcontainer安裝Elasticsearch插件
containers:
- name: elasticsearch
env:
- name: ES_JAVA_OPTS
value: -Xms1g -Xmx1g
resources:
requests:
memory: 2Gi
limits:
memory: 2Gi
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
storageClassName: rbd
http:
service:
spec:
type: NodePort
部署Kibana
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: elastic-kibana
namespace: elastic-system
spec:
version: 7.2.0
http:
tls:
selfSignedCertificate:
disabled: true
count: 1
elasticsearchRef:
name: elastic-cluster
podTemplate:
spec:
containers:
- name: kibana
resources:
limits:
cpu: 1000m
requests:
cpu: 100m
http:
service:
spec:
type: NodePort
獲取Elastic 用戶密碼
kubectl get secret elastic-cluster-es-elastic-user -n elastic-system -o=jsonpath='{.data.elastic}' | base64 --decode; echo
測試訪問:
curl https://10.240.104.43:9200 -u 'elastic:password' -k