diff --git a/busybox-deployment.yaml b/busybox-deployment.yaml
new file mode 100644
index 0000000..7b5fa5e
--- /dev/null
+++ b/busybox-deployment.yaml
@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: busybox
+ namespace: efk
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: busybox
+ template:
+ metadata:
+ labels:
+ app: busybox
+ spec:
+ containers:
+ - name: busybox
+ image: busybox:1.35
+ command: ["sh", "-c", "while true; do sleep 3600; done"]
+ resources:
+ requests:
+ memory: "10Mi"
+ cpu: "10m"
+ limits:
+ memory: "50Mi"
+ cpu: "50m"
+ restartPolicy: Always
diff --git a/elasticsearch-ingress.yaml b/elasticsearch-ingress.yaml
index 4b36deb..8744bd1 100644
--- a/elasticsearch-ingress.yaml
+++ b/elasticsearch-ingress.yaml
@@ -59,3 +59,20 @@ spec:
path: /
pathType: Prefix
+---
+
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: elasticsearch-ingress
+ namespace: efk
+spec:
+ entryPoints:
+ - web # 使用 HTTP 入口点(如果需要 HTTPS,请改为 "websecure")
+ routes:
+ - match: Host(`elastic.k8s.xunlang.home`) && PathPrefix(`/`)
+ kind: Rule
+ services:
+ - name: elasticsearch-lb
+ port: 9200
diff --git a/elasticsearch-service-0.yaml b/elasticsearch-service-0.yaml
deleted file mode 100644
index 754b871..0000000
--- a/elasticsearch-service-0.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: elasticsearch-0
- namespace: efk
-spec:
- ports:
- - port: 9200
- targetPort: 9200
- name: http
- selector:
- statefulset.kubernetes.io/pod-name: elasticsearch-0-0
- type: LoadBalancer
diff --git a/elasticsearch-service-1.yaml b/elasticsearch-service-1.yaml
deleted file mode 100644
index 274c512..0000000
--- a/elasticsearch-service-1.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: elasticsearch-1
- namespace: efk
-spec:
- ports:
- - port: 9200
- targetPort: 9200
- name: http
- selector:
- statefulset.kubernetes.io/pod-name: elasticsearch-1-0
- type: LoadBalancer
diff --git a/elasticsearch-service-2.yaml b/elasticsearch-service-2.yaml
deleted file mode 100644
index fa4f0fe..0000000
--- a/elasticsearch-service-2.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: elasticsearch-2
- namespace: efk
-spec:
- ports:
- - port: 9200
- targetPort: 9200
- name: http
- selector:
- statefulset.kubernetes.io/pod-name: elasticsearch-2-0
- type: LoadBalancer
diff --git a/elasticsearch-service.yaml b/elasticsearch-service.yaml
index e12ccee..aa356bc 100644
--- a/elasticsearch-service.yaml
+++ b/elasticsearch-service.yaml
@@ -1,13 +1,64 @@
apiVersion: v1
kind: Service
metadata:
- name: elasticsearch-public # 新服务名,避免与现有 headless 服务冲突
+ name: elasticsearch-0
namespace: efk
spec:
ports:
- port: 9200
targetPort: 9200
name: http
+ - port: 9300
+ targetPort: 9300
+ name: transport
selector:
- statefulset.kubernetes.io/pod-name: elasticsearch-0-0 # 精确匹配 master 节点
+ statefulset.kubernetes.io/pod-name: elasticsearch-0-0
type: LoadBalancer
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: elasticsearch-1
+ namespace: efk
+spec:
+ ports:
+ - port: 9200
+ targetPort: 9200
+ name: http
+ - port: 9300
+ targetPort: 9300
+ name: transport
+ selector:
+ statefulset.kubernetes.io/pod-name: elasticsearch-1-0
+ type: LoadBalancer
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: elasticsearch-2
+ namespace: efk
+spec:
+ ports:
+ - port: 9200
+ targetPort: 9200
+ name: http
+ - port: 9300
+ targetPort: 9300
+ name: transport
+ selector:
+ statefulset.kubernetes.io/pod-name: elasticsearch-2-0
+ type: LoadBalancer
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: elasticsearch-lb
+ namespace: efk
+spec:
+ type: LoadBalancer # 使用 LoadBalancer 类型
+ selector:
+ app: elasticsearch
+ ports:
+ - port: 9200 # 客户端访问的端口
+ targetPort: 9200 # Elasticsearch 容器中实际监听的端口
+ name: http
diff --git a/elasticsearch-statefulSet.yaml b/elasticsearch-statefulSet.yaml
index 5d1805e..ced10c7 100644
--- a/elasticsearch-statefulSet.yaml
+++ b/elasticsearch-statefulSet.yaml
@@ -1,4 +1,3 @@
-# elasticsearch-0
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -35,31 +34,22 @@ spec:
- name: node.name
value: "elasticsearch-0"
- name: discovery.seed_hosts
- value: "elasticsearch-0.elasticsearch-service.efk.svc.cluster.local,elasticsearch-1.elasticsearch-service.efk.svc.cluster.local,elasticsearch-2.elasticsearch-service.efk.svc.cluster.local"
+ value: "elasticsearch-0.efk.svc.cluster.local,elasticsearch-1.efk.svc.cluster.local,elasticsearch-2.efk.svc.cluster.local"
- name: cluster.initial_master_nodes
value: "elasticsearch-0"
- name: xpack.security.enabled
value: "false"
- - name: xpack.security.transport.ssl.enabled
- value: "false"
- - name: ELASTIC_PASSWORD
- valueFrom:
- secretKeyRef:
- name: elasticsearch-secret
- key: elastic_password
- name: ES_JAVA_OPTS
- value: "-Xms4g -Xmx4g"
+ value: "-Xms6g -Xmx6g"
- name: node.roles
value: "[master, data_hot]"
- - name: node.attr.data-tier
- value: "hot"
resources:
requests:
- memory: "4Gi"
- cpu: "1"
- limits:
memory: "6Gi"
cpu: "2"
+ limits:
+ memory: "8Gi"
+ cpu: "4"
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
@@ -81,8 +71,9 @@ spec:
- name: config-volume
persistentVolumeClaim:
claimName: "elasticsearch-config-pvc-elasticsearch-0"
+
---
-# elasticsearch-1
+
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -119,22 +110,15 @@ spec:
- name: node.name
value: "elasticsearch-1"
- name: discovery.seed_hosts
- value: "elasticsearch-0.elasticsearch-service.efk.svc.cluster.local,elasticsearch-1.elasticsearch-service.efk.svc.cluster.local,elasticsearch-2.elasticsearch-service.efk.svc.cluster.local"
+ value: "elasticsearch-0.efk.svc.cluster.local,elasticsearch-1.efk.svc.cluster.local,elasticsearch-2.efk.svc.cluster.local"
- name: cluster.initial_master_nodes
value: "elasticsearch-0"
- name: xpack.security.enabled
value: "false"
- - name: ELASTIC_PASSWORD
- valueFrom:
- secretKeyRef:
- name: elasticsearch-secret
- key: elastic_password
- name: ES_JAVA_OPTS
value: "-Xms4g -Xmx4g"
- name: node.roles
value: "[data_warm]"
- - name: node.attr.data-tier
- value: "warm"
resources:
requests:
memory: "4Gi"
@@ -162,9 +146,10 @@ spec:
claimName: "elasticsearch-data-pvc-elasticsearch-1"
- name: config-volume
persistentVolumeClaim:
- claimName: "elasticsearch-config-pvc-elasticsearch-0"
+ claimName: "elasticsearch-config-pvc-elasticsearch-1"
+
---
-# elasticsearch-2
+
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -201,22 +186,15 @@ spec:
- name: node.name
value: "elasticsearch-2"
- name: discovery.seed_hosts
- value: "elasticsearch-0.elasticsearch-service.efk.svc.cluster.local,elasticsearch-1.elasticsearch-service.efk.svc.cluster.local,elasticsearch-2.elasticsearch-service.efk.svc.cluster.local"
+ value: "elasticsearch-0.efk.svc.cluster.local,elasticsearch-1.efk.svc.cluster.local,elasticsearch-2.efk.svc.cluster.local"
- name: cluster.initial_master_nodes
value: "elasticsearch-0"
- name: xpack.security.enabled
value: "false"
- - name: ELASTIC_PASSWORD
- valueFrom:
- secretKeyRef:
- name: elasticsearch-secret
- key: elastic_password
- name: ES_JAVA_OPTS
value: "-Xms4g -Xmx4g"
- name: node.roles
value: "[data_cold]"
- - name: node.attr.data-tier
- value: "cold"
resources:
requests:
memory: "4Gi"
@@ -244,5 +222,4 @@ spec:
claimName: "elasticsearch-data-pvc-elasticsearch-2"
- name: config-volume
persistentVolumeClaim:
- claimName: "elasticsearch-config-pvc-elasticsearch-0"
-
+ claimName: "elasticsearch-config-pvc-elasticsearch-2"
diff --git a/kibana-deployment.yaml b/kibana-deployment.yaml
index 34583f3..22463bf 100644
--- a/kibana-deployment.yaml
+++ b/kibana-deployment.yaml
@@ -22,7 +22,7 @@ spec:
- containerPort: 5601
env:
- name: ELASTICSEARCH_HOSTS
- value: "http://elasticsearch-0.elasticsearch-service.efk.svc.cluster.local:9200" # 直接连接 master 节点
+ value: '["http://elasticsearch-0.elasticsearch-service.efk.svc.cluster.local:9200", "http://elasticsearch-1.elasticsearch-service.efk.svc.cluster.local:9200", "http://elasticsearch-2.elasticsearch-service.efk.svc.cluster.local:9200"]'
- name: XPACK_SECURITY_ENCRYPTIONKEY
value: "a_secure_random_string_of_32_characters"
- name: XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY
@@ -30,4 +30,4 @@ spec:
- name: XPACK_REPORTING_ENCRYPTIONKEY
value: "yet_another_secure_random_string_of_32_characters"
- name: ELASTICSEARCH_SERVICEACCOUNTTOKEN
- value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOkdVVktJMWVFU3dHVC1aZEZEUEFqbUE"
+ value: "AAEAAWVsYXN0aWMva2liYW5hL215LXRva2VuOlo1dC0xNDFQVHQyajdBeEVtQzZjZ2c"
diff --git a/kibana-deployment.yaml_tmp b/kibana-deployment.yaml_tmp
index e010632..50f75c8 100644
--- a/kibana-deployment.yaml_tmp
+++ b/kibana-deployment.yaml_tmp
@@ -22,7 +22,7 @@ spec:
- containerPort: 5601
env:
- name: ELASTICSEARCH_HOSTS
- value: "http://elasticsearch-0.elasticsearch-service.efk.svc.cluster.local:9200" # 直接连接 master 节点
+ value: '["http://elasticsearch-0.elasticsearch-service.efk.svc.cluster.local:9200", "http://elasticsearch-1.elasticsearch-service.efk.svc.cluster.local:9200", "http://elasticsearch-2.elasticsearch-service.efk.svc.cluster.local:9200"]'
- name: XPACK_SECURITY_ENCRYPTIONKEY
value: "a_secure_random_string_of_32_characters"
- name: XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY
diff --git a/networkPolicy.yaml b/networkPolicy.yaml
new file mode 100644
index 0000000..0380fca
--- /dev/null
+++ b/networkPolicy.yaml
@@ -0,0 +1,32 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-elasticsearch-communication
+ namespace: efk
+spec:
+ podSelector:
+ matchLabels:
+ app: elasticsearch
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ app: elasticsearch
+ ports:
+ - protocol: TCP
+ port: 9200
+ - protocol: TCP
+ port: 9300
+ egress:
+ - to:
+ - podSelector:
+ matchLabels:
+ app: elasticsearch
+ ports:
+ - protocol: TCP
+ port: 9200
+ - protocol: TCP
+ port: 9300