k8s install es / ECK
2023-10-18 08:15 qgbo 阅读(145) 评论(0) 编辑 收藏 举报# Source: elasticsearch/templates/test/test-elasticsearch-health.yaml apiVersion: v1 kind: Pod metadata: name: "elasticsearch2-csamz-test" annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": hook-succeeded spec: securityContext: fsGroup: 1000 runAsUser: 1000 containers: - name: "elasticsearch2-tfkxl-test" env: - name: ELASTIC_PASSWORD valueFrom: secretKeyRef: name: elasticsearch-master-credentials key: password image: "docker.elastic.co/elasticsearch/elasticsearch:8.5.1" imagePullPolicy: "IfNotPresent" command: - "sh" - "-c" - | #!/usr/bin/env bash -e curl -XGET --fail --cacert /usr/share/elasticsearch/config/certs/tls.crt -u "elastic:${ELASTIC_PASSWORD}" https://'elasticsearch-master:9200/_cluster/health?wait_for_status=green&timeout=1s' volumeMounts: - name: elasticsearch-certs mountPath: /usr/share/elasticsearch/config/certs readOnly: true restartPolicy: Never volumes: - name: elasticsearch-certs secret: secretName: elasticsearch-master-certs --- # Source: elasticsearch/templates/poddisruptionbudget.yaml apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: "elasticsearch-master-pdb" spec: maxUnavailable: 1 selector: matchLabels: app: "elasticsearch-master" --- # Source: elasticsearch/templates/secret-cert.yaml apiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: name: elasticsearch-master-certs labels: app: elasticsearch-master chart: "elasticsearch" heritage: Helm release: elasticsearch2 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoekNDQW0rZ0F3SUJBZ0lRS21yYStRNkNVZDVoalg1ODQyKy81ekFOQmdrcWhraUc5dzBCQVFzRkFEQWIKTVJrd0Z3WURWUVFERXhCbGJHRnpkR2xqYzJWaGNtTm9MV05oTUI0WERUSXpNVEF4TnpJek5UYzBPRm9YRFRJMApNVEF4TmpJek5UYzBPRm93SHpFZE1Cc0dBMVVFQXhNVVpXeGhjM1JwWTNObFlYSmphQzF0WVhOMFpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREkyRFJ1WStzU2FQS25nanJuRHFaZE91KzcKK0s4WEVhbjdnNGx6cHY1SmF5elBOTmljWkFyR05WYjBZSHlSaEJ4ODl2VXNaV1hYbU0wZU5jMkJMWEh4Q2tESApBUmhQQUVhTXFYUmQ0RFgxR2pUTGJkYldkN1NKU1lmRTFGTFRzSjFWRkVzWDhKSVBRUEpwd2UvZTJOalFKNGtnClR1eU5CeTBNUGk2MXkrRFdRQkt3UFQxRUd5dGlVWmErNWJDcDlWV1QzbU5qS2QrR3hRREVMNngvS05WRVFGVHgKWVlMR3JTUlIzendnencybVgvNFZKcmc3Vnd6cVpSUGFzaU85dmttWlAyT2ZLbVAyUTRIY2V0bjBaSlJNTldIeApPZ2wzeTdpMkdWS1lFNy9JcUlteUttUHg2aW8xTVIvYVVBRElKRjZVWTF1RkREYi9QTE5qelo2WHdDeHZBZ01CCkFBR2pnY0l3Z2I4d0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3IKQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGSW94WXZEZzZpbDBWaEFVMzR1OAptR2hQM1VJSU1GOEdBMVVkRVFSWU1GYUNGR1ZzWVhOMGFXTnpaV0Z5WTJndGJXRnpkR1Z5Z2h4bGJHRnpkR2xqCmMyVmhjbU5vTFcxaGMzUmxjaTVrWldaaGRXeDBnaUJsYkdGemRHbGpjMlZoY21Ob0xXMWhjM1JsY2k1a1pXWmgKZFd4MExuTjJZekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWDF3UjE1OVNUUWZHMmkxNDkxZEdxZ0xvbTB5NQovL0QrbzBwc2hoVzljT29OQktqd3VoTEQ2N3hYYUlxM3pzaGpia1ROcENMM21UYjVRSG5vbkUyNjJwSGI3WEtMCmZiRGpSYUtxbFhTalJ3M1lBb3FtdHNDamN4a2ZGRnA5TXpjdzBaanE5WG4vWktnTzFLUG5hOVl1WGl2R3hjOUgKUzJ2b2tyOHc3SmNtc3dUNHlodDdXT3hOWnVBUFM3dDI2QlRMd3BLUXgwWHlicDVURnBicUxRVkwzQnRHUTdzNwp2dEJaRHFmM2toQ3AzQ3ptRFlpdHNjUTloT3I5eGl6ZWFQc2dJUkRvTXdVcUsrR3hGRklEamF5ZnVETXpueklmCkI0dmRJc2l2Uk4vMFd0R2JoUFhZTlhOTVFSMS90ZTBiZ0IrMEIyVjFmbVd5bXV1MlJFYXdqNkpMT1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeU5nMGJtUHJFbWp5cDRJNjV3Nm1YVHJ2dS9pdkZ4R3ArNE9KYzZiK1NXc3N6elRZCm5HUUt4alZXOUdCOGtZUWNmUGIxTEdWbDE1ak5IalhOZ1MxeDhRcEF4d0VZVHdCR2pLbDBYZUExOVJvMHkyM1cKMW5lMGlVbUh4TlJTMDdDZFZSUkxGL0NTRDBEeWFjSHYzdGpZMENlSklFN3NqUWN0REQ0dXRjdmcxa0FTc0QwOQpSQnNyWWxHV3Z1V3dxZlZWazk1all5bmZoc1VBeEMrc2Z5alZSRUJVOFdHQ3hxMGtVZDg4SU04TnBsLytGU2E0Ck8xY002bVVUMnJJanZiNUptVDlqbnlwajlrT0IzSHJaOUdTVVREVmg4VG9KZDh1NHRobFNtQk8veUtpSnNpcGoKOGVvcU5URWYybEFBeUNSZWxHTmJoUXcyL3p5elk4MmVsOEFzYndJREFRQUJBb0lCQUEwUzFjYmh4aWw2bjJENwoveTJQTEpFaEJ2M3JZQ3BXUWdSWE9abEhvNEhQOGlqQ3ZkN2dQRHRPdVl4S3c1RU5VblZuOWVtZjZCTXlwUmQwClZSNDFnUmM1bmFIV2xtaCtFaG1SNWpzK0h3VUhZYXhrUi9uSjdQeUt4c1d2TkgwSElCYXJyWCt2YnpLQy9jU1kKbFM2aVd1cWh5REZNTWVXME0rQjZJN3c5dXpMMjl6YXhMWHVmNlVzdEZOUjlXbXN2VmwrSENKTTBleXJNNEhRZQpUWS94OFZtRTNSSUY2UmQ2aVRURSs4NXd3WjcxaURIN3NLYVdhRFlibFNhMTN2b2hYMzNiZlkvaXcyc2dBd3QxCmIrdXZFeTVxSVRieHdXTGRNWnBkMkJ3TWx4K0FXczRjazc1a1lPZkJ3WlZPZFlHZW5ZbkNHS1VHdEMwV2RCdEUKQTVtZjVZRUNnWUVBNnNZTFNmeTdnUEZpb1pyakNkZlFqbkhIMHN4UzNPM2pXVkc0NlVwbi9ZdmNwRktqZ1ZMegpWaDkwMnk4OWhINk1OQUJKcjh6MENlbURnK20yZzFMZXZLMFVnQS9iaWEyZnJ6K29hWkN4YjJ3ckViYktMazNZCjBnR3dleXRGVTc0SHZzRWZaaXhJdHgwM0JpTTVEc2kvMEF2ZDhBb1NWSWg0c0tQcGZXL1piU0VDZ1lFQTJ3RGEKN1J3VlVhNlp2bkFYWEVIR2x2UW9GTlhvQjgwV1JGODNLL2V4aGNlZWRyZkVhM2NiMGRiVWNOSVcvakRoS1lhSApMblhpYkhnU2RGSEcxazVKcTNRWEFDbGtmMit1SWxZNDJpM0FhZ2xlT285NDFuSXFVbU5QWG5QWWJ1cWRTemF3CjNhczRIWU1kTDM2dG85eFhDNUlHUzdwaWxyNmVma1FHU0d4MlY0OENnWUVBaFpXT1V0ajFMNWNwa2Q1NWxONHgKa3Z0MndhRDAvVFIyaWhvUDV0NHBjWUVsV0hLVkNqN1Nxb3hYaDJmSHp4M2FWTFJkT1NTYkx4Q3BmbU43TUJuMQpGdEk4dWVsTDkzak5SWUFwS1hmbEhnc2tMbjRkYUY5dklYOUlsYXkzVThEcTAwVTd3bjBzR3RVS3UvbEt1L2pKCisyemxLWEh4b0J2TzRHTkR0ZFh3bDBFQ2dZRUFsdXhqOHZ0amhjTDVtTS9PaVhtYXpmUzhtbjgvUkFFRjAyQjYKdVFZZGhNQW9hRkFFUUxyNHBRZVRwNXhnMUJRRFY0YXFLazU3RjUwM3VvbVFxYWVTQldJZlo3RWUzT090OFdQUwpFaWx0YktYQUZrTkJWeWVlR3VEdGxYM29MYWZwZGlmZWd5UzNxejdzSWdyK3h1blY0dGRqRjFUL0ZEdVJKaHJpCjZZNDFqK2tDZ1lFQTFiTFlZRVpEQzBqKzlWM0xKbXpId056a1pKbVhzZjNNVlZuK1ViNXJUNUwzanhyNlB5aXAKakdSNFYzVXprYlhDOGlDOEJ6SWRYMUtIajhQaFNCb2MvcS94V3ZnUjY5VkpTN0RCRnZFR3pacUcxbEFpRVE1cwpKd2FhRG4wNkx1MlNHZVhlUmtFc3lpaUM3Q1RCRmhTajJFUlRZcGxyOGRKYzlCbFpwdWVEdHdvPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJakNDQWdxZ0F3SUJBZ0lSQU5oOTl5aU5WUmJ1Yk13dy9UajIzTmd3RFFZSktvWklodmNOQVFFTEJRQXcKR3pFWk1CY0dBMVVFQXhNUVpXeGhjM1JwWTNObFlYSmphQzFqWVRBZUZ3MHlNekV3TVRjeU16VTNORGRhRncweQpOREV3TVRZeU16VTNORGRhTUJzeEdUQVhCZ05WQkFNVEVHVnNZWE4wYVdOelpXRnlZMmd0WTJFd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDd0pKSVVaWm5ScWcrTkpyZmx4QmIxUDZqdFBvUkUKTThaQ1JhUG0vcDE1YWJISGZ0aFk2ZWl6Q3Q3dkR5Mnc5bnpHbGhUWDlKRWk2YzN6UjhBWDNtazZ2a09qMUxtUQpmMzlpZzZqRmJlOVF0bWRGN1gxT3RVUldESHprMEhkUE9QVS9jd0g3aWxPTVlEVHRIbjdkREZYYzZ0V0FDTXozCjZacHFBajJGczdPbTNHNGRFUkg5eEhPMzlsT0xSbGpBRUhXbTg0RTBjWFhLSXlEOHVIQ0hGU0lzWmlYZXJ2YXEKY3RCc3NVcjlEVndoQVF0QzgveTNaVHVnU3Y0VXdjM2NEZktGZjdzQmZPQ1B5Z0oyZ3ZMTXliN09JQ0VkOXdwbQpIamh5OVpvTmlrUmM3YnMvcjROTnU3Wm5NWkJiRFNsZHNPLzRia2tzUzRDOW9JZndtMEYwSnFqSEFnTUJBQUdqCllUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWlqRmk4T0RxS1hSV0VCVGZpN3lZYUUvZApRZ2d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUFERUFFZW1UaUo3QmJoL3VHVFY5YkJ1MTFKZmFyWS9ReGR2CkRxOTJ0UnlKa2x5alBSQnNuWi9xK2xZdjZnUmt4b2UxcUd0LzdDUzkxWlJPbTRiUGoxVTVWQkxYQzRTUWs4d2IKTDFWY0ZtUitrdXdBNmpjeEZDVndXcFl0V0NWUUJUYk00SGdkTFd3NmJvRTA5T1VaWklqL2pkM0V6c0FLdHljZApmZ3FLR2poT2t3eW9odFFabE5oRUxLTjhjd0FQdzFQeFQ3SVlsOHoxbFRvdlYyVGczMkM3ZzBuN3hjMGNCS2sxCmZ5MGkzby9HSm9pbmdzZ3RXL2NvUHRvRmdPNmxCZHJjdC9rS1JiTWQ1U1pPTEVFZTlHdnZVcHBPZjVvempRRjkKaDV0cVNUY0U4bVdTWFJFeFpzY3ZocWlnOUtwL2xhWWpRdHpDS3IrZ1hiV3d1RVpmYlhnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== --- # Source: elasticsearch/templates/secret.yaml apiVersion: v1 kind: Secret metadata: name: elasticsearch-master-credentials labels: heritage: "Helm" release: "elasticsearch2" chart: "elasticsearch" app: "elasticsearch-master" type: Opaque data: username: ZWxhc3RpYw== password: "UEVtVk0xRjQyVFZyRHZoNA==" --- # Source: elasticsearch/templates/service.yaml kind: Service apiVersion: v1 metadata: name: elasticsearch-master labels: heritage: "Helm" release: "elasticsearch2" chart: "elasticsearch" app: "elasticsearch-master" annotations: {} spec: type: ClusterIP selector: release: "elasticsearch2" chart: "elasticsearch" app: "elasticsearch-master" publishNotReadyAddresses: false ports: - name: http protocol: TCP port: 9200 - name: transport protocol: TCP port: 9300 --- # Source: elasticsearch/templates/service.yaml kind: Service apiVersion: v1 metadata: name: elasticsearch-master-headless labels: heritage: "Helm" release: "elasticsearch2" chart: "elasticsearch" app: "elasticsearch-master" annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve # Create endpoints also if the related pod isn't ready publishNotReadyAddresses: true selector: app: "elasticsearch-master" ports: - name: http port: 9200 - name: transport port: 9300 --- # Source: elasticsearch/templates/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: elasticsearch-master labels: heritage: "Helm" release: "elasticsearch2" chart: "elasticsearch" app: "elasticsearch-master" annotations: esMajorVersion: "8" spec: serviceName: elasticsearch-master-headless selector: matchLabels: app: "elasticsearch-master" replicas: 3 podManagementPolicy: Parallel updateStrategy: type: RollingUpdate volumeClaimTemplates: - metadata: name: elasticsearch-master spec: accessModes: - ReadWriteOnce resources: requests: storage: 30Gi template: metadata: name: "elasticsearch-master" labels: release: "elasticsearch2" chart: "elasticsearch" app: "elasticsearch-master" annotations: spec: securityContext: fsGroup: 1000 runAsUser: 1000 automountServiceAccountToken: true affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - "elasticsearch-master" topologyKey: kubernetes.io/hostname terminationGracePeriodSeconds: 120 volumes: - name: elasticsearch-certs secret: secretName: elasticsearch-master-certs enableServiceLinks: true initContainers: - name: configure-sysctl securityContext: runAsUser: 0 privileged: true image: "docker.elastic.co/elasticsearch/elasticsearch:8.5.1" imagePullPolicy: "IfNotPresent" command: ["sysctl", "-w", "vm.max_map_count=262144"] resources: {} containers: - name: "elasticsearch" securityContext: capabilities: drop: - ALL runAsNonRoot: true runAsUser: 1000 image: "docker.elastic.co/elasticsearch/elasticsearch:8.5.1" imagePullPolicy: "IfNotPresent" readinessProbe: exec: command: - bash - -c - | set -e # Exit if ELASTIC_PASSWORD in unset if [ -z "${ELASTIC_PASSWORD}" ]; then echo "ELASTIC_PASSWORD variable is missing, exiting" exit 1 fi # If the node is starting up wait for the cluster to be ready (request params: "wait_for_status=green&timeout=1s" ) # Once it has started only check that the node itself is responding START_FILE=/tmp/.es_start_file # Disable nss cache to avoid filling dentry cache when calling curl # This is required with Elasticsearch Docker using nss < 3.52 export NSS_SDB_USE_CACHE=no http () { local path="${1}" local args="${2}" set -- -XGET -s if [ "$args" != "" ]; then set -- "$@" $args fi set -- "$@" -u "elastic:${ELASTIC_PASSWORD}" curl --output /dev/null -k "$@" "https://127.0.0.1:9200${path}" } if [ -f "${START_FILE}" ]; then echo 'Elasticsearch is already running, lets check the node is healthy' HTTP_CODE=$(http "/" "-w %{http_code}") RC=$? if [[ ${RC} -ne 0 ]]; then echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} https://127.0.0.1:9200/ failed with RC ${RC}" exit ${RC} fi # ready if HTTP code 200, 503 is tolerable if ES version is 6.x if [[ ${HTTP_CODE} == "200" ]]; then exit 0 elif [[ ${HTTP_CODE} == "503" && "8" == "6" ]]; then exit 0 else echo "curl --output /dev/null -k -XGET -s -w '%{http_code}' \${BASIC_AUTH} https://127.0.0.1:9200/ failed with HTTP code ${HTTP_CODE}" exit 1 fi else echo 'Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" )' if http "/_cluster/health?wait_for_status=green&timeout=1s" "--fail" ; then touch ${START_FILE} exit 0 else echo 'Cluster is not yet ready (request params: "wait_for_status=green&timeout=1s" )' exit 1 fi fi failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 3 timeoutSeconds: 5 ports: - name: http containerPort: 9200 - name: transport containerPort: 9300 resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 1000m memory: 2Gi env: - name: node.name valueFrom: fieldRef: fieldPath: metadata.name - name: cluster.initial_master_nodes value: "elasticsearch-master-0,elasticsearch-master-1,elasticsearch-master-2," - name: node.roles value: "master,data,data_content,data_hot,data_warm,data_cold,ingest,ml,remote_cluster_client,transform," - name: discovery.seed_hosts value: "elasticsearch-master-headless" - name: cluster.name value: "elasticsearch" - name: network.host value: "0.0.0.0" - name: ELASTIC_PASSWORD valueFrom: secretKeyRef: name: elasticsearch-master-credentials key: password - name: xpack.security.enabled value: "true" - name: xpack.security.transport.ssl.enabled value: "true" - name: xpack.security.http.ssl.enabled value: "true" - name: xpack.security.transport.ssl.verification_mode value: "certificate" - name: xpack.security.transport.ssl.key value: "/usr/share/elasticsearch/config/certs/tls.key" - name: xpack.security.transport.ssl.certificate value: "/usr/share/elasticsearch/config/certs/tls.crt" - name: xpack.security.transport.ssl.certificate_authorities value: "/usr/share/elasticsearch/config/certs/ca.crt" - name: xpack.security.http.ssl.key value: "/usr/share/elasticsearch/config/certs/tls.key" - name: xpack.security.http.ssl.certificate value: "/usr/share/elasticsearch/config/certs/tls.crt" - name: xpack.security.http.ssl.certificate_authorities value: "/usr/share/elasticsearch/config/certs/ca.crt" volumeMounts: - name: "elasticsearch-master" mountPath: /usr/share/elasticsearch/data - name: elasticsearch-certs mountPath: /usr/share/elasticsearch/config/certs readOnly: true
下面是ECK 的部署
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet-configuration-examples.html
https://artifacthub.io/packages/helm/elastic/eck-operator
下面是ECK 的代码,包含了 agent,
启用了2个 kibana.
apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana spec: version: 8.11.3 count: 1 elasticsearchRef: name: elasticsearch podTemplate: spec: containers: - name: kibana readinessProbe: httpGet: path: /kibana/api/status port: 5601 initialDelaySeconds: 10 periodSeconds: 5 http: tls: selfSignedCertificate: disabled: true config: server: basePath: /kibana rewriteBasePath: true xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.default.svc:9200"] xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.default.svc:8220"] xpack.fleet.packages: - name: system version: latest - name: elastic_agent version: latest - name: fleet_server version: latest - name: kubernetes version: latest - name: apm version: latest xpack.fleet.agentPolicies: - name: Fleet Server on ECK policy id: eck-fleet-server namespace: default monitoring_enabled: - logs - metrics unenroll_timeout: 900 package_policies: - name: fleet_server-1 id: fleet_server-1 package: name: fleet_server - name: Elastic Agent on ECK policy id: eck-agent namespace: default monitoring_enabled: - logs - metrics unenroll_timeout: 900 package_policies: - package: name: system name: system-1 - package: name: kubernetes name: kubernetes-1 --- apiVersion: kibana.k8s.elastic.co/v1 kind: Kibana metadata: name: kibana-agent spec: version: 8.11.3 count: 1 elasticsearchRef: name: elasticsearch podTemplate: spec: containers: - name: kibana readinessProbe: httpGet: path: /api/status port: 5601 initialDelaySeconds: 10 periodSeconds: 5 http: tls: selfSignedCertificate: disabled: true config: xpack.fleet.agents.elasticsearch.hosts: ["https://elasticsearch-es-http.default.svc:9200"] xpack.fleet.agents.fleet_server.hosts: ["https://fleet-server-agent-http.default.svc:8220"] xpack.fleet.packages: - name: system version: latest - name: elastic_agent version: latest - name: fleet_server version: latest - name: kubernetes version: latest xpack.fleet.agentPolicies: - name: Fleet Server on ECK policy id: eck-fleet-server namespace: default monitoring_enabled: - logs - metrics unenroll_timeout: 900 package_policies: - name: fleet_server-1 id: fleet_server-1 package: name: fleet_server - name: Elastic Agent on ECK policy id: eck-agent namespace: default monitoring_enabled: - logs - metrics unenroll_timeout: 900 package_policies: - package: name: system name: system-1 - package: name: kubernetes name: kubernetes-1 --- apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: elasticsearch spec: version: 8.11.3 nodeSets: - name: default count: 3 config: node.store.allow_mmap: false volumeClaimTemplates: - metadata: name: elasticsearch-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi limits: storage: 30Gi storageClassName: nfs-client --- apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: fleet-server spec: version: 8.11.3 kibanaRef: name: kibana-agent elasticsearchRefs: - name: elasticsearch mode: fleet fleetServerEnabled: true policyID: eck-fleet-server deployment: replicas: 1 podTemplate: spec: serviceAccountName: fleet-server automountServiceAccountToken: true securityContext: runAsUser: 0 --- apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: elastic-agent spec: version: 8.11.3 kibanaRef: name: kibana-agent fleetServerRef: name: fleet-server mode: fleet policyID: eck-agent daemonSet: podTemplate: spec: serviceAccountName: elastic-agent hostNetwork: true dnsPolicy: ClusterFirstWithHostNet automountServiceAccountToken: true securityContext: runAsUser: 0 --- apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: apm-server spec: version: 8.11.3 count: 1 elasticsearchRef: name: elasticsearch kibanaRef: name: kibana http: tls: selfSignedCertificate: disabled: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fleet-server rules: - apiGroups: [""] resources: - pods - namespaces - nodes verbs: - get - watch - list - apiGroups: ["apps"] resources: - replicasets verbs: - get - watch - list - apiGroups: ["batch"] resources: - jobs verbs: - get - watch - list - apiGroups: ["coordination.k8s.io"] resources: - leases verbs: - get - create - update --- apiVersion: v1 kind: ServiceAccount metadata: name: fleet-server namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fleet-server subjects: - kind: ServiceAccount name: fleet-server namespace: default roleRef: kind: ClusterRole name: fleet-server apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elastic-agent rules: - apiGroups: [""] resources: - pods - nodes - namespaces - events - services - configmaps verbs: - get - watch - list - apiGroups: ["coordination.k8s.io"] resources: - leases verbs: - get - create - update - nonResourceURLs: - "/metrics" verbs: - get - apiGroups: ["extensions"] resources: - replicasets verbs: - "get" - "list" - "watch" - apiGroups: - "apps" resources: - statefulsets - deployments - replicasets verbs: - "get" - "list" - "watch" - apiGroups: - "" resources: - nodes/stats verbs: - get - apiGroups: - "batch" resources: - jobs verbs: - "get" - "list" - "watch" --- apiVersion: v1 kind: ServiceAccount metadata: name: elastic-agent namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elastic-agent subjects: - kind: ServiceAccount name: elastic-agent namespace: default roleRef: kind: ClusterRole name: elastic-agent apiGroup: rbac.authorization.k8s.io
[qqq ~]$ k get all NAME READY STATUS RESTARTS AGE pod/bb 1/1 Running 0 105m pod/elastic-agent-agent-2thpk 1/1 Running 2 (18m ago) 18m pod/elastic-agent-agent-jdll9 1/1 Running 1 (18m ago) 18m pod/elastic-agent-agent-l8jkv 1/1 Running 1 (18m ago) 18m pod/elasticsearch-es-default-0 1/1 Running 0 58m pod/elasticsearch-es-default-1 1/1 Running 0 56m pod/elasticsearch-es-default-2 1/1 Running 0 56m pod/fleet-server-agent-6b8449bddc-2gn8n 1/1 Running 0 18m pod/kibana-agent-kb-94864d8b8-mhqnl 1/1 Running 0 20m pod/kibana-kb-6f97665584-7mbft 1/1 Running 0 58m pod/ng 1/1 Running 0 117m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/elasticsearch-es-default ClusterIP None <none> 9200/TCP 58m service/elasticsearch-es-http ClusterIP 10.96.57.43 <none> 9200/TCP 58m service/elasticsearch-es-internal-http ClusterIP 10.101.22.112 <none> 9200/TCP 58m service/elasticsearch-es-transport ClusterIP None <none> 9300/TCP 58m service/fleet-server-agent-http ClusterIP 10.109.4.181 <none> 8220/TCP 52m service/kibana-agent-kb-http ClusterIP 10.105.205.21 <none> 5601/TCP 20m service/kibana-kb-http ClusterIP 10.108.148.242 <none> 5601/TCP 58m service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 34d NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/elastic-agent-agent 3 3 3 3 3 <none> 18m NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/fleet-server-agent 1/1 1 1 18m deployment.apps/kibana-agent-kb 1/1 1 1 20m deployment.apps/kibana-kb 1/1 1 1 58m NAME DESIRED CURRENT READY AGE replicaset.apps/fleet-server-agent-6b8449bddc 1 1 1 18m replicaset.apps/kibana-agent-kb-94864d8b8 1 1 1 20m replicaset.apps/kibana-kb-6f97665584 1 1 1 58m NAME READY AGE statefulset.apps/elasticsearch-es-default 3/3 58m
气功波(18037675651)
