k8s部署elasticsearch及kibana

Elasticsearch

生成密码相关secretvalue.yaml部署es Kibana

value.yaml:部署kibana 部署结果
elastic官方提供了efk相关charts以供我们使用k8s部署efk。

elastic charts：https://github.com/elastic/helm-charts.git

目录结构如下：

$ cd helm-charts && tree -L 1
.
├── apm-server
├── elasticsearch
├── filebeat
├── helpers
├── kibana
├── LICENSE
├── logstash
├── Makefile
├── metricbeat
├── README.md
└── requirements.txt

在elasticsearch/examples/security目录下可以执行make secrets命令来创建elastic密码相关的secret。执行前可以通过定义环境变量ELASTIC_PASSWORD来指定自己的密码。

$ cd helm-charts/elasticsearch/examples/security
$ export ELASTIC_PASSWORD=[your password]
$ make secret

es开启密码功能需要指定xpack.security.enabled 为 true ，同时也要开启 xpack.security.transport.ssl.enabled 为 true。如果不开启此功能，在启动es时会报如下错误：

value.yaml修改如下：

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    
    
extraEnvs:
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password
        
secretMounts:
  - name: elastic-certificates
    secretName: elastic-certificates
    path: /usr/share/elasticsearch/config/certs
    
antiAffinity: "soft" 

因为我的k8s是单节点的，所以将antiAffinity设置为soft，不然三节点的es集群无法启动成功。

$ cd helm-charts/elasticsearch/
$ helm install elasticsearch -f value.yaml . 

部署kibana时需要指定es的用户名和密码。

elasticsearchHosts: "http://elasticsearch-master-headless.default.svc.cluster.local:9200"

extraEnvs:
  - name: "ELASTICSEARCH_USERNAME"
    value: "elastic"
  - name: "ELASTICSEARCH_PASSWORD"
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password
        
service:
  type: NodePort
  port: 5601
  nodePort: "30601"

$ cd helm-charts/kibana
$ helm install kibana -f value.yaml .

POD运行情况：

$ kubectl get pod
NAME                      READY   STATUS    RESTARTS   AGE
elasticsearch-master-0    1/1     Running   0          1h
elasticsearch-master-1    1/1     Running   0          1h
elasticsearch-master-2    1/1     Running   0          1h
kibana-74c748ddc4-khtvt   1/1     Running   0          1h

kibana页面：