当前位置：首页 > news >正文

在Kubernetes中部署一个单节点Elasticsearch

news 2025/8/23 5:26:26

Elasticsearch 有自己的高可用集群机制，不建议再用 k8s 管理
适用于临时使用一下、或者测试使用

数据存储问题

为了测试使用，我也没有用 pvc 来管理数据，而是选择了 hostpath，那么为了重启也可以正常访问数据，需要将 es 固定在一个节点上。

apiVersion: apps/v1
kind: Deployment
metadata:name: elasticsearchlabels:app: elasticsearch
spec:replicas: 1selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:nodeSelector:kubernetes.io/hostname: iuxtcontainers:- name: elasticsearchimage: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/elasticsearch:7.17.26env:- name: discovery.typevalue: single-node- name: ELASTIC_USERNAMEvalue: elastic- name: ELASTIC_PASSWORDvalue: "jjxkjkdgkdjgkkdjgk"- name: ES_JAVA_OPTSvalue: "-Xms1G -Xmx1G"- name: xpack.security.enabledvalue: "true"ports:- containerPort: 9200name: http- containerPort: 9300name: transportvolumeMounts:- name: datamountPath: /usr/share/elasticsearch/datavolumes:- name: datahostPath:path: /data/elasticsearchtype: DirectoryOrCreate

这里我使用 nodeSelector 指定了一个标签来选择节点。

问题

日志停留在：Created elasticsearch keystore in /usr/share/elasticsearch/config/elasticsearch.keystore
然后自动重启

到主机的 /data/elasticsearch 目录查看，是空的

这种情况是没有权限写入，用 pvc 没有这个问题，直接挂载 hostpath 就会有权限问题，因为 es 这个容器不是使用 root 运行的进程，而是用的 uid:1000 这个用户来运行的。

解决方法是：使用 init container 来修复目录权限，init container 太适合来做这个事情了

apiVersion: apps/v1
kind: Deployment
metadata:name: elasticsearchlabels:app: elasticsearch
spec:replicas: 1selector:matchLabels:app: elasticsearchtemplate:metadata:labels:app: elasticsearchspec:nodeSelector:kubernetes.io/hostname: iuxtinitContainers:- name: fix-permissionsimage: busyboxcommand: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]volumeMounts:- name: datamountPath: /usr/share/elasticsearch/datacontainers:- name: elasticsearchimage: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/elasticsearch:7.17.26env:- name: discovery.typevalue: single-node- name: ELASTIC_USERNAMEvalue: elastic- name: ELASTIC_PASSWORDvalue: "jjxkjkdgkdjgkkdjgk"- name: ES_JAVA_OPTSvalue: "-Xms1G -Xmx1G"- name: xpack.security.enabledvalue: "true"ports:- containerPort: 9200name: http- containerPort: 9300name: transportvolumeMounts:- name: datamountPath: /usr/share/elasticsearch/datavolumes:- name: datahostPath:path: /data/elasticsearchtype: DirectoryOrCreate

这样就解决了权限问题：

部署 kibana

---
kind: Deployment
apiVersion: apps/v1
metadata:namespace: defaultlabels:app: kibananame: kibana
spec:replicas: 1selector:matchLabels:app: kibanatemplate:metadata:labels:app: kibanaspec:containers:- name: kibanaimage: sls-registry.cn-hangzhou.cr.aliyuncs.com/kproxy/kibana:7.17.26ports:- containerPort: 5601protocol: TCPvolumeMounts:- name: kibana-configmountPath: /usr/share/kibana/configresources:limits:memory: "4Gi"cpu: "2"requests: memory: "2Gi"cpu: "2"volumes:- name: kibana-configconfigMap:name: kibana-configitems:- key: kibana.ymlpath: kibana.yml
---
apiVersion: v1
kind: ConfigMap
metadata:namespace: defaultname: kibana-config
data:kibana.yml: |server.port: 5601server.host: "0.0.0.0"elasticsearch.hosts: ["http://elasticsearch:9200"]elasticsearch.requestTimeout: 3600000elasticsearch.shardTimeout: 3600000i18n.locale: "zh-CN"elasticsearch.username: "elastic"elasticsearch.password: "jjxkjkdgkdjgkkdjgk"
---
kind: Service
apiVersion: v1
metadata:labels:app: kibananame: kibana-servicenamespace: default
spec:ports:- port: 5601targetPort: 5601selector:app: kibanatype: ClusterIP---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:namespace: defaultname: kibanaannotations:kubernetes.io/ingress.class: "nginx"nginx.ingress.kubernetes.io/ssl-redirect: "false" #关闭SSL跳转spec:tls:- hosts:- kibana.xxxx.comsecretName: xxxx-comrules:- host: kibana.xxxx.comhttp:paths:- backend:serviceName: kibana-serviceservicePort: 5601path: /

查看全文

http://www.dtcms.com/a/343660.html