您现在的位置是:首页 > 文章详情

k8s部署elasticsearch集群

日期:2020-06-10点击:941

环境准备

我们使用的k8s和ceph环境见:
https://blog.51cto.com/leejia/2495558
https://blog.51cto.com/leejia/2499684

ECK简介

Elastic Cloud on Kubernetes,这是一款基于 Kubernetes Operator 模式的新型编排产品,用户可使用该产品在 Kubernetes 上配置、管理和运行 Elasticsearch 集群。ECK 的愿景是为 Kubernetes 上的 Elastic 产品和解决方案提供 SaaS 般的体验。

ECK使用 Kubernetes Operator模式构建而成,需要安装在Kubernetes集群内,ECK用于部署,且更专注于简化所有后期运行工作:

  • 管理和监测多个集群
  • 轻松升级至新版本
  • 扩大或缩小集群容量
  • 更改集群配置
  • 动态调整本地存储的规模
  • 备份

Kubernetes目前是容器编排领域的领头羊,而Elastic社区发布ECK,使Elasticsearch更容易的跑在云上,也是为云原生技术增砖添瓦,紧跟时代潮流。

部署ECK

部署ECK并查看日志是否正常:

# kubectl apply -f https://download.elastic.co/downloads/eck/1.1.2/all-in-one.yaml # kubectl -n elastic-system logs -f statefulset.apps/elastic-operator 

过几分钟查看elastic-operator是否运行正常,ECK中只有一个elastic-operator pod:

# kubectl get pods -n elastic-system NAME READY STATUS RESTARTS AGE elastic-operator-0 1/1 Running 1 2m55s

使用ECK部署使用ceph持久化存储的elasticsearch集群

我们测试情况使用1台master节点和1台data节点来部署集群,生产环境建议使用3+台master节点。如下的manifest中,对实例的heap大小,容器的可使用内存,容器的虚拟机内存都进行了配置,可以根据集群需要做调整:

# vim es.yaml apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: quickstart spec: version: 7.7.1 nodeSets: - name: master-nodes count: 1 config: node.master: true node.data: false podTemplate: spec: initContainers: - name: sysctl securityContext: privileged: true command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] containers: - name: elasticsearch env: - name: ES_JAVA_OPTS value: -Xms1g -Xmx1g resources: requests: memory: 2Gi limits: memory: 2Gi volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: rook-ceph-block - name: data-nodes count: 1 config: node.master: false node.data: true podTemplate: spec: initContainers: - name: sysctl securityContext: privileged: true command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] containers: - name: elasticsearch env: - name: ES_JAVA_OPTS value: -Xms1g -Xmx1g resources: requests: memory: 2Gi limits: memory: 2Gi volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: rook-ceph-block # kubectl apply -f es.yaml

过段时间,查看elasticsearch集群的状态

# kubectl get pods quickstart-es-data-nodes-0 1/1 Running 0 54s quickstart-es-master-nodes-0 1/1 Running 0 54s # kubectl get elasticsearch NAME HEALTH NODES VERSION PHASE AGE quickstart green 2 7.7.1 Ready 73s

查看pv的状态,我们可以看到申请的pv已经创建和绑定成功:

# kubectl get pv pvc-512cc739-3654-41f4-8339-49a44a093ecf 10Gi RWO Retain Bound default/elasticsearch-data-quickstart-es-data-nodes-0 rook-ceph-block 9m5s pvc-eff8e0fd-f669-448a-8b9f-05b2d7e06220 5Gi RWO Retain Bound default/elasticsearch-data-quickstart-es-master-nodes-0 rook-ceph-block 9m5s

默认集群开启了basic认证,用户名为elastic,密码可以通过secret获取。默认集群也开启了自签名证书https访问。我们可以通过service资源来访问elasticsearch:

# kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE quickstart-es-data-nodes ClusterIP None <none> <none> 4m10s quickstart-es-http ClusterIP 10.107.201.126 <none> 9200/TCP 4m11s quickstart-es-master-nodes ClusterIP None <none> <none> 4m10s quickstart-es-transport ClusterIP None <none> 9300/TCP 4m11s # kubectl get secret quickstart-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode; echo # curl https://10.107.201.126:9200 -u 'elastic:J1fO9bu88j8pYK8rIu91a73o' -k { "name" : "quickstart-es-data-nodes-0", "cluster_name" : "quickstart", "cluster_uuid" : "AQxFX8NiTNa40mOPapzNXQ", "version" : { "number" : "7.7.1", "build_flavor" : "default", "build_type" : "docker", "build_hash" : "ad56dce891c901a492bb1ee393f12dfff473a423", "build_date" : "2020-05-28T16:30:01.040088Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }

不停服,扩容一台data节点:修改es.yaml中data-nodes中count的value为2,然后apply下es.yaml即可。

# kubectl apply -f es.yaml # kubectl get pods quickstart-es-data-nodes-0 1/1 Running 0 24m quickstart-es-data-nodes-1 1/1 Running 0 8m22s quickstart-es-master-nodes-0 1/1 Running 0 24m # kubectl get elasticsearch NAME HEALTH NODES VERSION PHASE AGE quickstart green 3 7.7.1 Ready 25m

不停服,缩容一台data节点,会自动进行数据同步:修改es.yaml中data-nodes中count的value为1,然后apply下es.yaml即可。

对接kibana

由于默认kibana也开启了自签名证书的https访问,我们可以选择关闭,我们来使用ECK部署kibana:

# vim kibana.yaml apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: quickstart spec: version: 7.7.1 count: 1 elasticsearchRef: name: quickstart http: tls: selfSignedCertificate: disabled: true # kubectl apply -f kibana.yaml # kubectl get pods NAME READY STATUS RESTARTS AGE quickstart-es-data-nodes-0 1/1 Running 0 31m quickstart-es-data-nodes-1 1/1 Running 1 15m quickstart-es-master-nodes-0 1/1 Running 0 31m quickstart-kb-6558457759-2rd7l 1/1 Running 1 4m3s # kubectl get kibana NAME HEALTH NODES VERSION AGE quickstart green 1 7.7.1 4m27s

为kibana在ingress中添加一个四层代理,提供对外访问服务:

# vim tsp-kibana.yaml apiVersion: k8s.nginx.org/v1alpha1 kind: GlobalConfiguration metadata: name: nginx-configuration namespace: nginx-ingress spec: listeners: - name: kibana-tcp port: 5601 protocol: TCP --- apiVersion: k8s.nginx.org/v1alpha1 kind: TransportServer metadata: name: kibana-tcp spec: listener: name: kibana-tcp protocol: TCP upstreams: - name: kibana-app service: quickstart-kb-http port: 5601 action: pass: kibana-app # kubectl apply -f tsp-kibana.yaml

默认kibana访问elasticsearch的用户名为elastic,密码获取方式如下

# kubectl get secret quickstart-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode; echo

通过浏览器访问kibana:
k8s部署elasticsearch集群

删除ECK相关资源

删除elasticsearch和kibana以及ECK

# kubectl get namespaces --no-headers -o custom-columns=:metadata.name \ | xargs -n1 kubectl delete elastic --all -n # kubectl delete -f https://download.elastic.co/downloads/eck/1.1.2/all-in-one.yaml

对接cerebro

先安装Kubernetes应用的包管理工具helm。Helm是用来封装 Kubernetes原生应用程序的YAML文件,可以在你部署应用的时候自定义应用程序的一些metadata,helm依赖chart实现了应用程序的在k8s上的分发。helm和chart主要实现了如下功能:

  • 应用程序封装
  • 版本管理
  • 依赖检查
  • 应用程序分发
    # wget https://get.helm.sh/helm-v3.2.3-linux-amd64.tar.gz # tar -zxvf helm-v3.0.0-linux-amd64.tar.gz # mv linux-amd64/helm /usr/local/bin/helm # helm repo add stable https://kubernetes-charts.storage.googleapis.com

    通过helm安装cerebro:

    # helm install stable/cerebro --version 1.1.4 --generate-name

    查看cerebro的状态:

    # kubectl get pods|grep cerebro cerebro-1591777586-7fd87f7d48-hmlp7 1/1 Running 0 11m

    由于默认ECK部署的elasticsearch开启了自签名证书的https服务,故可以在cerebro配置忽略https证书认证(也可以在cerebro中添加自签名证书的ca证书来识别自签名证书),并重启cerebro:
    1,导出cerebro的configmap:

    # kubectl get configmap cerebro-1591777586 -o yaml > cerebro.yaml

    2,替换configmap中cerebro的hosts相关配置为如下(其中quickstart-es-http为elasticsarch的service资源名字):

    play.ws.ssl.loose.acceptAnyCertificate = true hosts = [ { host = "https://quickstart-es-http.default.svc:9200" name = "k8s elasticsearch" } ]

    3,应用cerebro的configmap并重启cerebro pod:

# kubectl apply -f cerebro.yaml # kubectl get pods|grep cerebro cerebro-1591777586-7fd87f7d48-hmlp7 1/1 Running 0 11m # kubectl get pod cerebro-1591777586-7fd87f7d48-hmlp7 -o yaml | kubectl replace --force -f -

先确认cerebro的service资源,然后配置ingress为cerebro添加7层代理:

# kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE cerebro-1591777586 ClusterIP 10.111.107.171 <none> 80/TCP 19m # vim cerebro-ingress.yaml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: cerebro-ingress spec: rules: - host: cerebro.myk8s.com http: paths: - path: / backend: serviceName: cerebro-1591777586 servicePort: 80 # kubectl apply -f cerebro-ingress.yaml

在本地pc的/etc/hosts文件添加host绑定"172.18.2.175 cerebro.myk8s.com",然后通过览器访问:
k8s部署elasticsearch集群

删除cerebro

# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cerebro-1591777586 default 1 2020-06-10 16:26:30.419723417 +0800 CST deployed cerebro-1.1.4 0.8.4 # heml delete name cerebro-1591777586

参考

https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-deploy-kibana.html
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-kibana-http-configuration.html
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html
https://hub.helm.sh/charts/stable/cerebro
https://www.elastic.co/cn/blog/introducing-elastic-cloud-on-kubernetes-the-elasticsearch-operator-and-beyond
https://helm.sh/docs/intro/install/

原文链接:https://blog.51cto.com/leejia/2503406
关注公众号

低调大师中文资讯倾力打造互联网数据资讯、行业资源、电子商务、移动互联网、网络营销平台。

持续更新报道IT业界、互联网、市场资讯、驱动更新,是最及时权威的产业资讯及硬件资讯报道平台。

转载内容版权归作者及来源网站所有,本站原创内容转载请注明来源。

文章评论

共有0条评论来说两句吧...

文章二维码

扫描即可查看该文章

点击排行

推荐阅读

最新文章