ES集群效果
检查集群状况
集群搭建步骤
FROM 192.168.30.113/library/java:latest ENV TZ=Asia/Shanghai RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo '$TZ' > /etc/timezone COPY elasticsearch /elasticsearch RUN adduser elasticsearch RUN chown -R elasticsearch:elasticsearch /elasticsearch ENTRYPOINT ["/bin/bash","/elasticsearch/bin/start-escluster.sh"]Dockerfile
#!/bin/bash #change es config ordinal=`env | grep podname | cut -d"=" -f2 | cut -d"-" -f2` hostip=`env | grep hostip | cut -d"=" -f2` seed_hosts=`env | grep seed_hosts | cut -d"=" -f2` let severid=$ordinal+1 let hport=9700+$ordinal let tport=9800+$ordinal #sed -i "s/network.publish_host:.*/network.publish_host: $hostip/g" /elasticsearch/config/elasticsearch.yml sed -i "s/discovery.seed_hosts:.*/discovery.seed_hosts: $seed_hosts/g" /elasticsearch/config/elasticsearch.yml if [ $ordinal -eq 0 ]; then sed -i "s/node.data:.*/node.data: false/g" /elasticsearch/config/elasticsearch.yml else sed -i "s/node.name:.*/node.name: node$severid/g" /elasticsearch/config/elasticsearch.yml #sed -i "s/http.port:.*/http.port: $hport/g" /elasticsearch/config/elasticsearch.yml #sed -i "s/transport.tcp.port:.*/transport.tcp.port: $tport/g" /elasticsearch/config/elasticsearch.yml sed -i "s/node.data:.*/node.data: true/g" /elasticsearch/config/elasticsearch.yml fi # start es cluster echo "start es cluster........" su - elasticsearch -c /elasticsearch/bin/elasticsearchstart-escluster.sh
启动pod的时候传递根据需要创建pod的数量传递对应的环境变量参数
把master的pod映射到主机进行访问
1.创建一个DNS记录
2.通过主机浏览器访问ES集群
ES集群证书生成
1.添加卷映射
2.生成证书和密码
./elasticsearch-certutil cert --ip 192.168.30.106 --out /elasticsearch/config/certs/elastic-stack-ca.zip --pem
./elasticsearch-setup-passwords interactive --batch --url https://192.168.30.106:39200
3.修改elastic的配置yml文件,添加certs证书认证
cluster.name: "taishi-escluster" node.name: node1 network.host: 0.0.0.0 http.port: 9200 transport.tcp.port: 9300 bootstrap.memory_lock: false cluster.initial_master_nodes: [ "node1" ] http.cors.enabled: true http.cors.allow-origin: "*" node.master: true node.data: false discovery.seed_hosts: ["127.0.0.1:9300"] xpack.license.self_generated.type: basic xpack.security.enabled: true xpack.security.http.ssl.enabled: true xpack.security.http.ssl.key: /elasticsearch/config/certs/instance/instance.key xpack.security.http.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt xpack.security.http.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crt xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: /elasticsearch/config/certs/instance/instance.key xpack.security.transport.ssl.certificate: /elasticsearch/config/certs/instance/instance.crt xpack.security.transport.ssl.certificate_authorities: /elasticsearch/config/certs/ca/ca.crtelasticsearch.yml
4.验证https登录es
5.集群https访问成功