k8s 搭建单节点elasticsearch

1. 持久化存储卷准备

先创建持久化存储卷：

{ "kind": "PersistentVolume", "apiVersion": "v1", "metadata": { "name": "pvc-es-signle-pv-claim", "annotations": { "pv.kubernetes.io/provisioned-by": "ceph.rook.io/block" }, "finalizers": [ "kubernetes.io/pv-protection" ] }, "spec": { "capacity": { "storage": "10Gi" }, "flexVolume": { "driver": "ceph.rook.io/kube-public", "fsType": "ext4", "options": { "clusterNamespace": "kube-public", "dataBlockPool": "", "image": "pvc-1d8ac660-1d58-11ea-8ded-3c78436262a0", "pool": "replicapool", "storageClass": "rook-ceph-block" } }, "accessModes": [ "ReadWriteOnce" ], "persistentVolumeReclaimPolicy": "Retain", "storageClassName": "rook-ceph-block" }}

2.创建持久化存储卷声明

{ "kind": "PersistentVolumeClaim", "apiVersion": "v1", "metadata": { "name": "es-signle-pv-claim1", "annotations": { "pv.kubernetes.io/bind-completed": "yes", "pv.kubernetes.io/bound-by-controller": "yes", "volume.beta.kubernetes.io/storage-provisioner": "ceph.rook.io/block" }, "finalizers": [ "kubernetes.io/pvc-protection" ] }, "spec": { "accessModes": [ "ReadWriteOnce" ], "resources": { "requests": { "storage": "10Gi" } }, "volumeName": "pvc-es-signle-pv-claim", "storageClassName": "rook-ceph-block" }}

3.创建configmap

apiVersion: v1kind: ConfigMapmetadata: name: es-single-node namespace: dxjsdata: elasticsearch.yml: | network.host: 0.0.0.0 discovery.type: single-node bootstrap.memory_lock: false bootstrap.system_call_filter: false

说明：

network.host 设置为0.0.0.0 放置绑定到内部ip

bootstrap.memory_lock: false

bootstrap.system_call_filter: false

以上者两项用来跳过es 启动检查。

4.创建有状态副本集

# es-statefulset.ymlapiVersion: apps/v1kind: StatefulSetmetadata: name: es-single1 namespace: dxjs labels: k8s-app: es-singlespec: replicas: 1 serviceName: es-single selector: matchLabels: k8s-app: es-single template: metadata: labels: k8s-app: es-single spec: initContainers: - name: fix-permissions image: registry.ispacesys.cn/public/busybox:latest command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"] volumeMounts: - name: es-data mountPath: /usr/share/elasticsearch/data - name: init-ulimit image: registry.ispacesys.cn/public/busybox:latest command: ["sh", "-c", "ulimit -n 655350"] securityContext: privileged: true - name: init-sysctl image: registry.ispacesys.cn/public/busybox:latest command: ["sysctl", "-w", "vm.max_map_count=262144"] securityContext: privileged: true containers: - name: es-single image: registry.ispacesys.cn/public/elasticsearch:7.5.0 imagePullPolicy: IfNotPresent env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: TZ value: Asia/Shanghai - name: ES_JAVA_OPTS value: -Xms1000m -Xmx1000m resources: limits: cpu: '1' memory: 2Gi requests: cpu: '1' memory: 1Gi ports: - containerPort: 9200 - containerPort: 9300 volumeMounts: - name: es-config mountPath: /usr/share/elasticsearch/config/elasticsearch.yml subPath: elasticsearch.yml - name: es-data mountPath: /usr/share/elasticsearch/data - name: es-log mountPath: /usr/share/elasticsearch/log volumes: - name: es-config configMap: name: es-single - name: es-data persistentVolumeClaim: claimName: es-signle-pv-claim - name: es-log persistentVolumeClaim: claimName: es-signle-log-pv-claim

说明：

securityContextprivileged: true 用类设置容器获得root权限，便于修改镜像内部参数。

5.创建service

apiVersion: v1kind: Servicemetadata: name: es-single-out namespace: dxjs labels: k8s-app: es-singlespec: selector: k8s-app: es-single ports: - name: out port: 9200 protocol: TCP