Elastic Cloud on Kubernetes (ECK) ---ECK是这个说法哈。
基本于k8s operator的官方实现。
URL:
https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html
https://github.com/elastic/cloud-on-k8s
帖个yaml,了解一下资源的创建。
apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: apmservers.apm.k8s.elastic.co spec: additionalPrinterColumns: - JSONPath: .status.health name: health type: string - JSONPath: .status.availableNodes description: Available nodes name: nodes type: integer - JSONPath: .spec.version description: APM version name: version type: string - JSONPath: .metadata.creationTimestamp name: age type: date group: apm.k8s.elastic.co names: categories: - elastic kind: ApmServer plural: apmservers scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: featureFlags: description: FeatureFlags are apm-specific flags that enable or disable specific experimental features type: object http: description: HTTP contains settings for HTTP. properties: service: description: Service is a template for the Kubernetes Service properties: metadata: description: Metadata is metadata for the HTTP Service. properties: annotations: description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object type: object spec: description: Spec contains user-provided settings for the HTTP Service. properties: type: description: 'Type determines which service type to use for this workload. The options are: `ClusterIP|LoadBalancer|NodePort`. Defaults to ClusterIP.' enum: - ClusterIP - LoadBalancer - NodePort type: string type: object type: object tls: description: TLS describe additional options to consider when generating nodes TLS certificates. properties: selfSignedCertificate: description: SelfSignedCertificate define options to apply to self-signed certificate managed by the operator. properties: subjectAltNames: description: 'SubjectAlternativeNames is a list of SANs to include in the nodes certificates. For example: a wildcard DNS to expose the cluster.' items: properties: dns: type: string ip: type: string type: object type: array type: object type: object type: object image: description: Image represents the docker image that will be used. type: string nodeCount: description: NodeCount defines how many nodes the Apm Server deployment must have. format: int32 type: integer output: properties: elasticsearch: description: Elasticsearch configures the Elasticsearch output properties: auth: description: Auth configures authentication for APM Server to use. properties: inline: description: Inline is auth provided as plaintext inline credentials. properties: password: description: Password is the password to use. type: string username: description: User is the username to use. type: string type: object secret: description: SecretKeyRef is a secret that contains the credentials to use. type: object type: object hosts: description: Hosts are the URLs of the output Elasticsearch nodes. items: type: string type: array ref: description: ElasticsearchRef allows users to reference a Elasticsearch cluster inside k8s to automatically derive the other fields. properties: name: type: string namespace: type: string required: - name type: object ssl: description: SSL configures TLS-related configuration for Elasticsearch properties: certificateAuthoritiesSecret: description: CertificateAuthoritiesSecret names a secret that contains a CA file entry to use. type: string type: object type: object type: object podTemplate: description: PodTemplate can be used to propagate configuration to APM pods. So far, only labels, Affinity and `Containers["apm"].Resources.Limits` are applied. type: object version: description: Version represents the version of the APM Server type: string type: object status: properties: health: type: string secretTokenSecret: description: SecretTokenSecretName is the name of the Secret that contains the secret token type: string service: description: ExternalService is the name of the service the agents should connect to. type: string type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: clusterlicenses.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co names: kind: ClusterLicense plural: clusterlicenses shortNames: - cl scope: Namespaced validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: expiryDateInMillis: format: int64 type: integer issueDateInMillis: format: int64 type: integer issuedTo: type: string issuer: type: string maxNodes: format: int64 type: integer signatureRef: type: object startDateInMillis: format: int64 type: integer type: type: string uid: description: UID is the license UID not the k8s API UID (!) type: string required: - maxNodes - type - signatureRef type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: elasticsearches.elasticsearch.k8s.elastic.co spec: additionalPrinterColumns: - JSONPath: .status.health name: health type: string - JSONPath: .status.availableNodes description: Available nodes name: nodes type: integer - JSONPath: .spec.version description: Elasticsearch version name: version type: string - JSONPath: .status.phase name: phase type: string - JSONPath: .metadata.creationTimestamp name: age type: date group: elasticsearch.k8s.elastic.co names: categories: - elastic kind: Elasticsearch plural: elasticsearches shortNames: - es scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: featureFlags: description: FeatureFlags are instance-specific flags that enable or disable specific experimental features type: object http: description: HTTP contains settings for HTTP. properties: service: description: Service is a template for the Kubernetes Service properties: metadata: description: Metadata is metadata for the HTTP Service. properties: annotations: description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object type: object spec: description: Spec contains user-provided settings for the HTTP Service. properties: type: description: 'Type determines which service type to use for this workload. The options are: `ClusterIP|LoadBalancer|NodePort`. Defaults to ClusterIP.' enum: - ClusterIP - LoadBalancer - NodePort type: string type: object type: object tls: description: TLS describe additional options to consider when generating nodes TLS certificates. properties: selfSignedCertificate: description: SelfSignedCertificate define options to apply to self-signed certificate managed by the operator. properties: subjectAltNames: description: 'SubjectAlternativeNames is a list of SANs to include in the nodes certificates. For example: a wildcard DNS to expose the cluster.' items: properties: dns: type: string ip: type: string type: object type: array type: object type: object type: object image: description: Image represents the docker image that will be used. type: string nodes: description: Nodes represents a list of groups of nodes with the same configuration to be part of the cluster items: properties: config: description: Config represents Elasticsearch configuration. type: object nodeCount: description: NodeCount defines how many nodes have this topology format: int32 type: integer podTemplate: description: PodTemplate can be used to propagate configuration to Elasticsearch pods. So far, only labels, Affinity and `Containers["elasticsearch"].Resources.Limits` are applied. type: object volumeClaimTemplates: description: 'VolumeClaimTemplates is a list of claims that pods are allowed to reference. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. TODO: Define the behavior if a claim already exists with the same name. TODO: define special behavior based on claim metadata.name. (e.g data / logs volumes)' items: type: object type: array type: object type: array secureSettings: description: SecureSettings reference a secret containing secure settings, to be injected into Elasticsearch keystore on each node. Each individual key/value entry in the referenced secret is considered as an individual secure setting to be injected. The secret must exist in the same namespace as the Elasticsearch resource. properties: secretName: type: string required: - secretName type: object setVmMaxMapCount: description: SetVMMaxMapCount indicates whether an init container should be used to ensure that the `vm.max_map_count` is set according to https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html. Setting this to true requires the kubelet to allow running privileged containers. Defaults to true if not specified. To be disabled, it must be explicitly set to false. type: boolean updateStrategy: description: UpdateStrategy specifies how updates to the cluster should be performed. properties: changeBudget: description: ChangeBudget is the change budget that should be used when performing mutations to the cluster. properties: maxSurge: description: 'MaxSurge is the maximum number of pods that can be scheduled above the original number of pods. By default, a fixed value of 1 is used. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). This can not be 0 if MaxUnavailable is 0 if you want automatic rolling updates to be applied. Absolute number is calculated from percentage by rounding up. Example: when this is set to 30%, the new group can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new group can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of the target number of pods.' format: int64 type: integer maxUnavailable: description: 'MaxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0 if you want automatic rolling changes to be applied. By default, a fixed value of 0 is used. Example: when this is set to 30%, the group can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, the group can be scaled down further, followed by scaling up the group, ensuring that at least 70% of the target number of pods are available at all times during the update.' format: int64 type: integer required: - maxUnavailable - maxSurge type: object groups: description: Groups is a list of groups that should have their cluster mutations considered in a fair manner with a strict change budget (not allowing any surge or unavailability) before the entire cluster is reconciled with the full change budget. items: properties: selector: description: Selector is the selector used to match pods. type: object type: object type: array type: object version: description: Version represents the version of the stack type: string type: object status: properties: clusterUUID: type: string health: type: string masterNode: type: string phase: type: string remoteClusters: type: object service: type: string zenDiscovery: properties: minimumMasterNodes: format: int64 type: integer type: object type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: enterpriselicenses.elasticsearch.k8s.elastic.co spec: additionalPrinterColumns: - JSONPath: .status name: status type: string group: elasticsearch.k8s.elastic.co names: kind: EnterpriseLicense plural: enterpriselicenses shortNames: - el scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: clusterLicenses: items: properties: expiryDateInMillis: format: int64 type: integer issueDateInMillis: format: int64 type: integer issuedTo: type: string issuer: type: string maxNodes: format: int64 type: integer signatureRef: type: object startDateInMillis: format: int64 type: integer type: type: string uid: description: UID is the license UID not the k8s API UID (!) type: string required: - maxNodes - type - signatureRef type: object type: array eula: properties: accepted: type: boolean required: - accepted type: object expiryDateInMillis: format: int64 type: integer issueDateInMillis: format: int64 type: integer issuedTo: type: string issuer: type: string maxInstances: format: int64 type: integer signatureRef: type: object startDateInMillis: format: int64 type: integer type: type: string uid: description: UID is the license UID not the k8s API UID (!) type: string required: - type - eula type: object status: type: string version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: remoteclusters.elasticsearch.k8s.elastic.co spec: additionalPrinterColumns: - JSONPath: .status.phase name: status type: string group: elasticsearch.k8s.elastic.co names: kind: RemoteCluster plural: remoteclusters scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: remote: type: object required: - remote type: object status: properties: clusterName: type: string localTrustRelationship: type: string phase: type: string seedHosts: items: type: string type: array type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: trustrelationships.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co names: kind: TrustRelationship plural: trustrelationships scope: Namespaced validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: caCert: description: CaCert contains the PEM-encoded CA certificate for the remote cluster. type: string trustRestrictions: description: TrustRestrictions contains configuration for the trust restrictions feature of Elasticsearch for this relationship properties: trust: description: Trust contains configuration for the Elasticsearch trust restrictions. properties: subjectName: description: SubjectName is a list of patterns that incoming TLS client certificates must match. items: type: string type: array type: object type: object type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: users.elasticsearch.k8s.elastic.co spec: additionalPrinterColumns: - JSONPath: .spec.name name: username type: string - JSONPath: .status.phase name: status type: string group: elasticsearch.k8s.elastic.co names: categories: - elastic kind: User plural: users scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: name: type: string passwordHash: type: string userRoles: items: type: string type: array required: - name - passwordHash - userRoles type: object status: properties: phase: type: string reason: type: string type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: kibanas.kibana.k8s.elastic.co spec: additionalPrinterColumns: - JSONPath: .status.health name: health type: string - JSONPath: .status.availableNodes description: Available nodes name: nodes type: integer - JSONPath: .spec.version description: Kibana version name: version type: string - JSONPath: .metadata.creationTimestamp name: age type: date group: kibana.k8s.elastic.co names: categories: - elastic kind: Kibana plural: kibanas shortNames: - kb scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: elasticsearch: description: Elasticsearch configures how Kibana connects to Elasticsearch properties: auth: description: Auth configures authentication for Kibana to use. properties: inline: description: Inline is auth provided as plaintext inline credentials. properties: password: description: Password is the password to use. type: string username: description: User is the username to use. type: string required: - username - password type: object secret: type: object type: object caCertSecret: description: CaCertSecret names a secret that contains a CA file entry to use. type: string url: description: ElasticsearchURL is the URL to the target Elasticsearch type: string required: - url type: object elasticsearchRef: description: ElasticsearchRef references an Elasticsearch resource in the Kubernetes cluster. If the namespace is not specified, the current resource namespace will be used. properties: name: type: string namespace: type: string required: - name type: object featureFlags: description: FeatureFlags are instance-specific flags that enable or disable specific experimental features type: object http: description: HTTP contains settings for HTTP. properties: service: description: Service is a template for the Kubernetes Service properties: metadata: description: Metadata is metadata for the HTTP Service. properties: annotations: description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object type: object spec: description: Spec contains user-provided settings for the HTTP Service. properties: type: description: 'Type determines which service type to use for this workload. The options are: `ClusterIP|LoadBalancer|NodePort`. Defaults to ClusterIP.' enum: - ClusterIP - LoadBalancer - NodePort type: string type: object type: object tls: description: TLS describe additional options to consider when generating nodes TLS certificates. properties: selfSignedCertificate: description: SelfSignedCertificate define options to apply to self-signed certificate managed by the operator. properties: subjectAltNames: description: 'SubjectAlternativeNames is a list of SANs to include in the nodes certificates. For example: a wildcard DNS to expose the cluster.' items: properties: dns: type: string ip: type: string type: object type: array type: object type: object type: object image: description: Image represents the docker image that will be used. type: string nodeCount: description: NodeCount defines how many nodes the Kibana deployment must have. format: int32 type: integer podTemplate: description: PodTemplate can be used to propagate configuration to Kibana pods. So far, only labels, Affinity and `Containers["kibana"].Resources.Limits` are applied. type: object version: description: Version represents the version of Kibana type: string type: object status: properties: associationStatus: type: string health: type: string type: object version: v1alpha1 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: elastic-operator rules: - apiGroups: - "" resources: - pods - endpoints - events - persistentvolumeclaims - secrets - services - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - apps resources: - deployments verbs: - get - list - watch - create - update - patch - delete - apiGroups: - batch resources: - cronjobs verbs: - get - list - watch - create - update - patch - delete - apiGroups: - elasticsearch.k8s.elastic.co resources: - elasticsearches - elasticsearches/status - clusterlicenses - enterpriselicenses - enterpriselicenses/status - trustrelationships - users - users/status - remoteclusters - remoteclusters/status verbs: - get - list - watch - create - update - patch - delete - apiGroups: - kibana.k8s.elastic.co resources: - kibanas - kibanas/status verbs: - get - list - watch - create - update - patch - delete - apiGroups: - apm.k8s.elastic.co resources: - apmservers - apmservers/status verbs: - get - list - watch - create - update - patch - delete - apiGroups: - associations.k8s.elastic.co resources: - apmserverelasticsearchassociations - apmserverelasticsearchassociations/status verbs: - get - list - watch - create - update - patch - delete - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - get - list - watch - create - update - patch - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: elastic-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: elastic-operator subjects: - kind: ServiceAccount name: elastic-operator namespace: elastic-system --- apiVersion: v1 kind: Namespace metadata: name: elastic-system --- apiVersion: apps/v1 kind: StatefulSet metadata: name: elastic-operator namespace: elastic-system labels: control-plane: elastic-operator spec: selector: matchLabels: control-plane: elastic-operator serviceName: elastic-operator template: metadata: labels: control-plane: elastic-operator spec: serviceAccountName: elastic-operator containers: - image: docker.elastic.co/eck/eck-operator:0.8.1 name: manager args: ["manager", "--operator-roles", "all"] env: - name: OPERATOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WEBHOOK_SECRET value: webhook-server-secret - name: WEBHOOK_PODS_LABEL value: elastic-operator - name: OPERATOR_IMAGE value: docker.elastic.co/eck/eck-operator:0.8.1 resources: limits: cpu: 1 memory: 100Mi requests: cpu: 100m memory: 20Mi ports: - containerPort: 9876 name: webhook-server protocol: TCP volumeMounts: - mountPath: /tmp/cert name: cert readOnly: true terminationGracePeriodSeconds: 10 volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-secret --- apiVersion: v1 kind: Secret metadata: name: webhook-server-secret namespace: elastic-system --- apiVersion: v1 kind: ServiceAccount metadata: name: elastic-operator namespace: elastic-system ---