Kubernetes1.23搭建Elasticsearch7集群(集群加密)

2024-01-06 23:10
文章标签 集群 加密 搭建 elasticsearch7 kubernetes1.23

本文主要是介绍Kubernetes1.23搭建Elasticsearch7集群(集群加密),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

一、环境版本

  • Kubernetes1.23.1
  • Elasticsearch7.16.2
  • Kuboard3.3.0
  • Kibana7.16.2
  • Harbor2.4.2

1.知识点分析:
  Kubernetes是Google开源的一个容器编排引擎,它支持自动化部署、大规模可伸缩、应用容器化管理。在生产环境中部署一个应用程序时,通常要部署该应用的多个实例以便对应用请求进行负载均衡。
  Elasticsearch 是一个分布式、高扩展、高实时的搜索与数据分析引擎。它能很方便的使大量数据具有搜索、分析和探索的能力。充分利用Elasticsearch的水平伸缩性,能使数据在生产环境变得更有价值。
  Kuboard,是一款免费的 Kubernetes 图形化管理工具,Kuboard 力图帮助用户快速在 Kubernetes 上落地微服务。
  Kibana 是一款开源的数据分析和可视化平台,设计用于和 Elasticsearch 协作。可以使用 Kibana 对 Elasticsearch 索引中的数据进行搜索、查看、交互操作。您可以很方便的利用图表、表格及地图对数据进行多元化的分析和呈现。
  Harbor是一个企业级私有 Registry 服务器,Harbor 提供了更好的性能和安全。提升用户使用 Registry 构建和运行环境传输镜像的效率。Harbor 支持安装在多个 Registry 节点的镜像资源复制,镜像全部保存在私有 Registry 中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor 也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。

2.服务分布:

IP角色主机名pod
10.111.13.2mastermaster-1es-master、es-data、es-client
10.111.13.4mastermaster-2es-master、es-data、es-client
10.111.13.14mastermaster-3es-master、es-data、es-client、kibana
10.111.13.5nodenode-1es-data、
10.111.13.41nodenode-5es-data、

(主机节点选择无要求,随意挑选5个节点给大家演示的)

二、部署kuboard

文章没写部署的参考之前文章即可:
【Kubernetes+Harbor部署参考】

1.部署kuboard 添加k8s集群
(没有镜像的小伙伴直接拉取docker pull swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3)

docker load --input kuboard-v3.tar    //因离线部署所以需要导入
#启动kuboard容器
docker run -d \--restart=unless-stopped \--name=kuboard \-p 8081:80/tcp \-p 30081:10081/tcp \-e KUBOARD_ENDPOINT="http://10.111.13.2:8081" \-e KUBOARD_AGENT_SERVER_TCP_PORT="30081" \-v /srv/docker/kuboard:/data \swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3

访问地址:http://主机ip:8081/
用户:admin
密码:Kuboard123

2.添加k8s集群:
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
之后按照提示操作添加即可!

三、部署Elasticsearch7.16.2集群

1.创建StorageClass
(采用本地持久化存储部署)

[root@master-1 es]# cat 00-sc.yaml 
kind: StorageClass				#类别
apiVersion: storage.k8s.io/v1
metadata:name: local-storage			#存储类名字
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
[root@master-1 es]# kubectl apply -f  00-sc.yaml

在kuboard上查看:
在这里插入图片描述
2.创建Namespace

[root@master-1 es]# cat 00-ns.yaml 
apiVersion: v1
kind: Namespace			#类别
metadata:name: elasticsearch	#名称空间名字labels:app: elasticsearch
[root@master-1 es]# kubectl apply -f 00-ns.yaml

在这里插入图片描述
3.创建证书
(没有镜像的小伙伴直接拉取 docker pull docker.elastic.co/elasticsearch/elasticsearch:7.16.2)

#利用docker容器创建证书并拷贝到当前目录
[root@master-1 es]# docker run --name es-certutil -i -w /tmp docker.elastic.co/elasticsearch/elasticsearch:7.16.2 /bin/sh -c  \"elasticsearch-certutil ca --out /tmp/es-ca.p12 --pass '' && \elasticsearch-certutil cert --name security-master --dns \security-master --ca /tmp/es-ca.p12 --pass '' --ca-pass '' --out /tmp/elastic-certificates.p12"
[root@master-1 es]# docker cp es-certutil:/tmp/elastic-certificates.p12 ./

在这里插入图片描述
将证书创建到k8s集群里:

[root@master-1 es]# kubectl -n elasticsearch create secret generic elastic-certificates --from-file=./elastic-certificates.p12

查看证书:
在这里插入图片描述
4.创建3个Master节点的PV卷

[root@master-1 es]# cat 00-pv-master.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-pv-0     # pv名称namespace: elasticsearch      # 空间名称labels:name: local-storage-pv-0    # 标签名
spec:capacity:storage: 100Gi              # 容量accessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: Retain    # 回收策略storageClassName: local-storage          # 关联的存储类local:path: /srv/esdata          # 宿主机路径。要手动在主机创建访目录nodeAffinity:required:nodeSelectorTerms:        # 节点选择- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-1            # 根据自己节点名称
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-pv-1namespace: elasticsearchlabels:name: local-storage-pv-1
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esdata nodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-2
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-pv-2namespace: elasticsearchlabels:name: local-storage-pv-2
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esdata nodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-3
[root@master-1 es]# kubectl apply -f 00-pv-master.yaml

5.部署Master节点

[root@master-1 es]# cat 01-es-master.yaml 
apiVersion: apps/v1
kind: StatefulSet		#适用于持久化存储集群
metadata:namespace: elasticsearchname: elasticsearch-masterlabels:app: elasticsearchrole: master	#承担的角色
spec:serviceName: elasticsearch-masterreplicas: 3		#负载3selector:matchLabels:app: elasticsearchrole: mastertemplate:metadata:labels:app: elasticsearchrole: masterspec:containers:- name: elasticsearchimage: 10.111.13.4:8080/jsjb/docker.elastic.co/elasticsearch/elasticsearch:7.16.2	 #私有镜像地址command: ["bash", "-c", "ulimit -l unlimited && sysctl -w vm.max_map_count=262144 && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data && exec su elasticsearch docker-entrypoint.sh"]ports:- containerPort: 9200name: http- containerPort: 9300name: transportenv:#- name: discovery.seed_hosts#  value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master"- name: discovery.seed_hosts	#es集群host(k8s独有的集群命名规则)value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master,elasticsearch-data-0.elasticsearch-data,elasticsearch-data-1.elasticsearch-data,elasticsearch-data-2.elasticsearch-data,elasticsearch-data-3.elasticsearch-data,elasticsearch-data-4.elasticsearch-data,elasticsearch-client-0.elasticsearch-client,elasticsearch-client-1.elasticsearch-client,elasticsearch-client-2.elasticsearch-client"- name: cluster.initial_master_nodesvalue: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2"- name: ES_JAVA_OPTSvalue: -Xms1G -Xmx1G			#限制jvm运行内存- name: node.master				#主负责调度value: "true"					#特别注意打开对应的角色关闭其他角色- name: node.ingest				#负责客户端访问value: "false"- name: node.data				#负责数据存储value: "false"- name: cluster.namevalue: "elasticsearch"- name: node.namevalueFrom:fieldRef:fieldPath: metadata.name- name: xpack.security.enabledvalue: "true"- name: xpack.security.transport.ssl.enabledvalue: "true"- name: xpack.monitoring.collection.enabledvalue: "true"- name: xpack.security.transport.ssl.verification_modevalue: "certificate"- name: xpack.security.transport.ssl.keystore.pathvalue: "/usr/share/elasticsearch/config/elastic-certificates.p12"- name: xpack.security.transport.ssl.truststore.pathvalue: "/usr/share/elasticsearch/config/elastic-certificates.p12"volumeMounts:- mountPath: /usr/share/elasticsearch/dataname: pv-storage-elastic-master	#名字要和volumeClaimTemplates的一致- name: elastic-certificates			#刚才创建的证书挂载到pod里readOnly: truemountPath: "/usr/share/elasticsearch/config/elastic-certificates.p12"subPath: elastic-certificates.p12- mountPath: /etc/localtimename: localtimesecurityContext:privileged: truevolumes:- name: elastic-certificatessecret:secretName: elastic-certificates- hostPath:path: /etc/localtimename: localtimevolumeClaimTemplates:- metadata:name: pv-storage-elastic-master		#volumeMounts会用到spec:accessModes: [ "ReadWriteOnce" ]storageClassName: "local-storage"		#之前创建的存储类名字resources:requests:storage: 100Gi
[root@master-1 es]# kubectl apply -f 01-es-master.yaml

回到kuboard查看
在这里插入图片描述

在这里插入图片描述
6.创建Data节点的PV卷

[root@master-1 es]# cat 00-pv-data.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-data-0     # pv名称namespace: elasticsearch      # 空间名称labels:name: local-storage-data-0    # 标签名
spec:capacity:storage: 100Gi              # 容量accessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: Retain    # 回收策略storageClassName: local-storage          # 关联的存储类local:path: /srv/esnode-data         # 宿主机路径。要手动在主机创建访目录nodeAffinity:required:nodeSelectorTerms:        # 节点选择- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-1            # 根据自己节点名称
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-data-1namespace: elasticsearchlabels:name: local-storage-data-1
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esnode-datanodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-2
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-data-2namespace: elasticsearchlabels:name: local-storage-data-2
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esnode-datanodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-3
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-data-3namespace: elasticsearchlabels:name: local-storage-data-3
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esnode-datanodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- node-1
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-data-4namespace: elasticsearchlabels:name: local-storage-data-4
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esnode-datanodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- node-5
[root@master-1 es]# kubectl apply -f 00-pv-data.yaml

7.部署Data节点
(配置文件就不解释了,同上pv)

[root@master-1 es]# cat 02-es-data.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:namespace: elasticsearchname: elasticsearch-datalabels:app: elasticsearchrole: data
spec:serviceName: elasticsearch-datareplicas: 5selector:matchLabels:app: elasticsearchrole: datatemplate:metadata:labels:app: elasticsearchrole: dataspec:containers:- name: elasticsearchimage: 10.111.13.4:8080/jsjb/docker.elastic.co/elasticsearch/elasticsearch:7.16.2command: ["bash", "-c", "ulimit -l unlimited && sysctl -w vm.max_map_count=262144 && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data && exec su elasticsearch docker-entrypoint.sh"]ports:- containerPort: 9200name: http- containerPort: 9300name: transportenv:#- name: discovery.seed_hosts#  value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master"- name: discovery.seed_hostsvalue: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master,elasticsearch-data-0.elasticsearch-data,elasticsearch-data-1.elasticsearch-data,elasticsearch-data-2.elasticsearch-data,elasticsearch-data-3.elasticsearch-data,elasticsearch-data-4.elasticsearch-data,elasticsearch-client-0.elasticsearch-client,elasticsearch-client-1.elasticsearch-client,elasticsearch-client-2.elasticsearch-client"- name: cluster.initial_master_nodesvalue: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2"- name: ES_JAVA_OPTSvalue: -Xms1G -Xmx1G- name: node.mastervalue: "false"- name: node.ingestvalue: "false"- name: node.datavalue: "true"- name: cluster.namevalue: "elasticsearch"- name: node.namevalueFrom:fieldRef:fieldPath: metadata.name- name: xpack.security.enabledvalue: "true"- name: xpack.security.transport.ssl.enabledvalue: "true"- name: xpack.monitoring.collection.enabledvalue: "true"- name: xpack.security.transport.ssl.verification_modevalue: "certificate"- name: xpack.security.transport.ssl.keystore.pathvalue: "/usr/share/elasticsearch/config/elastic-certificates.p12"- name: xpack.security.transport.ssl.truststore.pathvalue: "/usr/share/elasticsearch/config/elastic-certificates.p12"volumeMounts:- mountPath: /usr/share/elasticsearch/dataname: pv-storage-elastic-data- name: elastic-certificatesreadOnly: truemountPath: "/usr/share/elasticsearch/config/elastic-certificates.p12"subPath: elastic-certificates.p12- mountPath: /etc/localtimename: localtimesecurityContext:privileged: truevolumes:- name: elastic-certificatessecret:secretName: elastic-certificates- hostPath:path: /etc/localtimename: localtimevolumeClaimTemplates:- metadata:name: pv-storage-elastic-dataspec:accessModes: [ "ReadWriteOnce" ]storageClassName: "local-storage"resources:requests:storage: 100Gi
[root@master-1 es]# kubectl apply -f 02-es-data.yaml

在这里插入图片描述
在这里插入图片描述
8.创建Client节点的PV卷

[root@master-1 es]# cat 00-pv-client.yaml
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-client-0     # pv名称namespace: elasticsearch      # 空间名称labels:name: local-storage-client-0    # 标签名
spec:capacity:storage: 100Gi              # 容量accessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: Retain    # 回收策略storageClassName: local-storage          # 关联的存储类local:path: /srv/esclient-data          # 宿主机路径。要手动在主机创建访目录nodeAffinity:required:nodeSelectorTerms:        # 节点选择- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-1            # 根据自己节点名称
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-client-1namespace: elasticsearchlabels:name: local-storage-client-1
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esclient-data nodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-2
---
apiVersion: v1
kind: PersistentVolume
metadata:name: local-storage-client-2namespace: elasticsearchlabels:name: local-storage-client-2
spec:capacity:storage: 100GiaccessModes:- ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: local-storagelocal:path: /srv/esclient-data nodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- master-3
[root@master-1 es]# kubectl apply -f 00-pv-client.yaml

9.部署Client节点

[root@master-1 es]# cat  02-es-client.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:namespace: elasticsearchname: elasticsearch-clientlabels:app: elasticsearchrole: client
spec:serviceName: elasticsearch-clientreplicas: 3selector:matchLabels:app: elasticsearchrole: clienttemplate:metadata:labels:app: elasticsearchrole: clientspec:containers:- name: elasticsearchimage: 10.111.13.4:8080/jsjb/docker.elastic.co/elasticsearch/elasticsearch:7.16.2command: ["bash", "-c", "ulimit -l unlimited && sysctl -w vm.max_map_count=262144 && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data && exec su elasticsearch docker-entrypoint.sh"]ports:- containerPort: 9200name: http- containerPort: 9300name: transportenv:#- name: discovery.seed_hosts#  value: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master"- name: discovery.seed_hostsvalue: "elasticsearch-master-0.elasticsearch-master,elasticsearch-master-1.elasticsearch-master,elasticsearch-master-2.elasticsearch-master,elasticsearch-data-0.elasticsearch-data,elasticsearch-data-1.elasticsearch-data,elasticsearch-data-2.elasticsearch-data,elasticsearch-data-3.elasticsearch-data,elasticsearch-data-4.elasticsearch-data,elasticsearch-client-0.elasticsearch-client,elasticsearch-client-1.elasticsearch-client,elasticsearch-client-2.elasticsearch-client"- name: cluster.initial_master_nodesvalue: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2"- name: ES_JAVA_OPTSvalue: -Xms1G -Xmx1G- name: node.mastervalue: "false"- name: node.ingestvalue: "true"- name: node.datavalue: "false"- name: cluster.namevalue: "elasticsearch"- name: node.namevalueFrom:fieldRef:fieldPath: metadata.name- name: xpack.security.enabledvalue: "true"- name: xpack.security.transport.ssl.enabledvalue: "true"- name: xpack.monitoring.collection.enabledvalue: "true"- name: xpack.security.transport.ssl.verification_modevalue: "certificate"- name: xpack.security.transport.ssl.keystore.pathvalue: "/usr/share/elasticsearch/config/elastic-certificates.p12"- name: xpack.security.transport.ssl.truststore.pathvalue: "/usr/share/elasticsearch/config/elastic-certificates.p12"volumeMounts:- mountPath: /usr/share/elasticsearch/dataname: pv-storage-elastic-client- name: elastic-certificatesreadOnly: truemountPath: "/usr/share/elasticsearch/config/elastic-certificates.p12"subPath: elastic-certificates.p12- mountPath: /etc/localtimename: localtimesecurityContext:privileged: truevolumes:- name: elastic-certificatessecret:secretName: elastic-certificates- hostPath:path: /etc/localtimename: localtimevolumeClaimTemplates:- metadata:name: pv-storage-elastic-clientspec:accessModes: [ "ReadWriteOnce" ]storageClassName: "local-storage"resources:requests:storage: 100Gi
[root@master-1 es]# kubectl apply -f 02-es-client.yaml

在这里插入图片描述
在这里插入图片描述

10.创建Service
(用于服务发现使外部服务可以访问使用、固定clusterIP防止重启ip改变无法访问)

[root@master-1 es]# cat 04-es-service.yaml
apiVersion: v1
kind: Service
metadata:namespace: elasticsearchname: elasticsearch-masterlabels:app: elasticsearchrole: master
spec:selector:app: elasticsearchrole: mastertype: NodePortports:- port: 9200nodePort: 30001targetPort: 9200
---
apiVersion: v1
kind: Service
metadata:namespace: elasticsearchname: elasticsearch-datalabels:app: elasticsearchrole: data
spec:selector:app: elasticsearchrole: datatype: NodePortports:- port: 9200nodePort: 30002targetPort: 9200
---
apiVersion: v1
kind: Service
metadata:namespace: elasticsearchname: elasticsearch-clientlabels:app: elasticsearchrole: client
spec:selector:app: elasticsearchrole: clienttype: NodePortports:- port: 9200nodePort: 30003targetPort: 9200

在这里插入图片描述
11.设置ES集群密码
方法1:随机密码

#设置ES集群密码(如果用的auto自动获取就类似于下面随机)
[root@master-1 es]# kubectl -n elasticsearch exec -it $(kubectl -n elasticsearch get pods | grep elasticsearch-master | sed -n 1p | awk '{print $1}') -- bin/elasticsearch-setup-passwords auto -bChanged password for user apm_system
PASSWORD apm_system = vxko4ZwcjZm6U6PbxsGWChanged password for user kibana_system
PASSWORD kibana_system = D0XzzEUsicgAWCqK0xZQChanged password for user kibana
PASSWORD kibana = D0XzzEUsicgAWCqK0xZQChanged password for user logstash_system
PASSWORD logstash_system = 4fmoXf2lofEqQtcq5wt5Changed password for user beats_system
PASSWORD beats_system = fhndHgNnbgqtNRSIFbHVChanged password for user remote_monitoring_user
PASSWORD remote_monitoring_user = vRkXsT9VooPz6tYOAriqChanged password for user elastic
PASSWORD elastic = H8QfDUlp290CHX8L3U2Q

方法2:自定义
  通过kuboard进入master-0容器设置自定义密码:
在这里插入图片描述

./bin/elasticsearch-setup-passwords interactive

在这里插入图片描述
(回车输入自己自定义密码即可)

集群验证:

curl --user elastic:xxxxx http://10.254.162.248:9200/_cluster/health?pretty

在这里插入图片描述

curl --user elastic:xxxx http://10.254.162.248:9200/_cat/nodes?v

在这里插入图片描述

四、部署Kibana7.16.2

1.创建Secret

#密码写elastic用户的密码(跟上面创建的要相同)
kubectl -n elasticsearch create secret generic elasticsearch-password --from-literal password=xxxxx

在这里插入图片描述
2.部署Kibana
部署前打个标签,通过标签将pod部署到指定节点

kubectl label node master-3 node=master-3

[root@master-1 es]# cat 05-kibana.yaml
apiVersion: v1
kind: ConfigMap			#配置映射
metadata:namespace: elasticsearchname: kibana-config	#映射配置名字labels:app: kibana
data:kibana.yml: |-server.host: 0.0.0.0i18n.locale: zh-CN	#中文支持elasticsearch:		#es密码设置hosts: ${ELASTICSEARCH_HOSTS}username: ${ELASTICSEARCH_USER}password: ${ELASTICSEARCH_PASSWORD}
---
kind: Deployment
apiVersion: apps/v1
metadata:labels:app: kibananame: kibananamespace: elasticsearch
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:app: kibanatemplate:metadata:labels:app: kibanaspec:nodeSelector:				#通过刚才标签下发到指定节点node: master-3containers:- name: kibanaimage: 10.111.13.4:8080/jsjb/kibana/kibana:7.16.2ports:- containerPort: 5601protocol: TCPenv:- name: SERVER_PUBLICBASEURLvalue: "http://0.0.0.0:5601"- name: I18N.LOCALEvalue: zh-CN- name: ELASTICSEARCH_HOSTSvalue: "http://10.254.162.248:9200"- name: ELASTICSEARCH_USERvalue: "elastic"- name: ELASTICSEARCH_PASSWORDvalueFrom:secretKeyRef:name: elasticsearch-passwordkey: password- name: xpack.encryptedSavedObjects.encryptionKeyvalue: "min-32-byte-long-strong-encryption-key"volumeMounts:- name: kibana-configmountPath: /usr/share/kibana/config/kibana.ymlreadOnly: truesubPath: kibana.yml- mountPath: /etc/localtimename: localtimevolumes:- name: kibana-config	#挂在映射配置configMap:name: kibana-config	#映射配置的名字- hostPath:path: /etc/localtimename: localtime
---
kind: Service
apiVersion: v1
metadata:labels:app: kibananame: kibana-servicenamespace: elasticsearch
spec:ports:- port: 5601targetPort: 5601nodePort: 30004type: NodePortselector:app: kibana
[root@master-1 es]# kubectl apply -f 05-kibana.yaml

在这里插入图片描述
在这里插入图片描述
Kibana上检测集群
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

五、结束语

  到此Kubernetes1.23.1+Elasticsearch7.16.2+Kibana7.16.2部署完毕,部署过程中有疑问的欢迎留言提问,感谢大家一直以来的支持,点点关注收藏吧!后期推出k8s上es集群安装ik分词器教程,欢迎大家来采文呀!

这篇关于Kubernetes1.23搭建Elasticsearch7集群(集群加密)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/577924

相关文章

Python极速搭建局域网文件共享服务器完整指南

Python极速搭建局域网文件共享服务器完整指南

《Python极速搭建局域网文件共享服务器完整指南》在办公室或家庭局域网中快速共享文件时,许多人会选择第三方工具或云存储服务,但这些方案往往存在隐私泄露风险或需要复杂配置,下面我们就来看看如何使用Py... 目录一、android基础版:HTTP文件共享的魔法命令1. 一行代码启动HTTP服务器2. 关键参
阅读更多...
使用zip4j实现Java中的ZIP文件加密压缩的操作方法

使用zip4j实现Java中的ZIP文件加密压缩的操作方法

《使用zip4j实现Java中的ZIP文件加密压缩的操作方法》本文介绍如何通过Maven集成zip4j1.3.2库创建带密码保护的ZIP文件,涵盖依赖配置、代码示例及加密原理,确保数据安全性,感兴趣的... 目录1. zip4j库介绍和版本1.1 zip4j库概述1.2 zip4j的版本演变1.3 zip4
阅读更多...
Jenkins分布式集群配置方式

Jenkins分布式集群配置方式

《Jenkins分布式集群配置方式》:本文主要介绍Jenkins分布式集群配置方式,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录1.安装jenkins2.配置集群总结Jenkins是一个开源项目,它提供了一个容易使用的持续集成系统,并且提供了大量的plugin满
阅读更多...
SpringBoot中SM2公钥加密、私钥解密的实现示例详解

SpringBoot中SM2公钥加密、私钥解密的实现示例详解

《SpringBoot中SM2公钥加密、私钥解密的实现示例详解》本文介绍了如何在SpringBoot项目中实现SM2公钥加密和私钥解密的功能,通过使用Hutool库和BouncyCastle依赖,简化... 目录一、前言1、加密信息(示例)2、加密结果(示例)二、实现代码1、yml文件配置2、创建SM2工具
阅读更多...
python实现对数据公钥加密与私钥解密

python实现对数据公钥加密与私钥解密

《python实现对数据公钥加密与私钥解密》这篇文章主要为大家详细介绍了如何使用python实现对数据公钥加密与私钥解密,文中的示例代码讲解详细,感兴趣的小伙伴可以跟随小编一起学习一下... 目录公钥私钥的生成使用公钥加密使用私钥解密公钥私钥的生成这一部分,使用python生成公钥与私钥,然后保存在两个文
阅读更多...
Redis分片集群、数据读写规则问题小结

Redis分片集群、数据读写规则问题小结

《Redis分片集群、数据读写规则问题小结》本文介绍了Redis分片集群的原理,通过数据分片和哈希槽机制解决单机内存限制与写瓶颈问题,实现分布式存储和高并发处理,但存在通信开销大、维护复杂及对事务支持... 目录一、分片集群解android决的问题二、分片集群图解 分片集群特征如何解决的上述问题?(与哨兵模
阅读更多...
如何使用Haporxy搭建Web群集

如何使用Haporxy搭建Web群集

《如何使用Haporxy搭建Web群集》Haproxy是目前比较流行的一种群集调度工具,同类群集调度工具有很多如LVS和Nginx,本案例介绍使用Haproxy及Nginx搭建一套Web群集,感兴趣的... 目录一、案例分析1.案例概述2.案例前置知识点2.1 HTTP请求2.2 负载均衡常用调度算法 2.
阅读更多...
SpringBoot连接Redis集群教程

SpringBoot连接Redis集群教程

《SpringBoot连接Redis集群教程》:本文主要介绍SpringBoot连接Redis集群教程,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录1. 依赖2. 修改配置文件3. 创建RedisClusterConfig4. 测试总结1. 依赖 <de
阅读更多...
一文详解如何在idea中快速搭建一个Spring Boot项目

一文详解如何在idea中快速搭建一个Spring Boot项目

《一文详解如何在idea中快速搭建一个SpringBoot项目》IntelliJIDEA作为Java开发者的‌首选IDE‌,深度集成SpringBoot支持,可一键生成项目骨架、智能配置依赖,这篇文... 目录前言1、创建项目名称2、勾选需要的依赖3、在setting中检查maven4、编写数据源5、开启热
阅读更多...
如何搭建并配置HTTPD文件服务及访问权限控制

如何搭建并配置HTTPD文件服务及访问权限控制

《如何搭建并配置HTTPD文件服务及访问权限控制》:本文主要介绍如何搭建并配置HTTPD文件服务及访问权限控制的问题,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录一、安装HTTPD服务二、HTTPD服务目录结构三、配置修改四、服务启动五、基于用户访问权限控制六、
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2