k8s部署elasticsearch及kibana

elastic官方提供了efk相关charts以供我们使用k8s部署efk。

此版本为7.16分支。如需开启SSL功能，可移步这里=>Helm部署ES及Kibana（默认开启SSL），且步骤精简了一些。

elastic charts：https://github.com/elastic/helm-charts.git

切换至7.16分支

git checkout 7.16

目录结构如下：

$ cd helm-charts && tree -L 1
.
├── apm-server
├── elasticsearch
├── filebeat
├── helpers
├── kibana
├── LICENSE
├── logstash
├── Makefile
├── metricbeat
├── README.md
└── requirements.txt

Elasticsearch

生成密码相关secret

在elasticsearch/examples/security目录下可以执行make secrets命令来创建elastic密码相关的secret。执行前可以通过定义环境变量ELASTIC_PASSWORD来指定自己的密码。

$ cd helm-charts/elasticsearch/examples/security
$ export ELASTIC_PASSWORD=[your password]
$ make secret

value.yaml

es开启密码功能需要指定xpack.security.enabled 为 true ，同时也要开启 xpack.security.transport.ssl.enabled 为 true。如果不开启此功能，在启动es时会报如下错误：

value.yaml修改如下：

esConfig:
  elasticsearch.yml: |
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: certificate
    xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
    
    
extraEnvs:
  - name: ELASTIC_PASSWORD
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password
        
secretMounts:
  - name: elastic-certificates
    secretName: elastic-certificates
    path: /usr/share/elasticsearch/config/certs
    
antiAffinity: "soft" 

因为我的k8s是单节点的，所以将antiAffinity设置为soft，不然三节点的es集群无法启动成功。

部署es

$ cd helm-charts/elasticsearch/
$ helm install elasticsearch -f value.yaml . 

Kibana

部署kibana时需要指定es的用户名和密码。

value.yaml:

elasticsearchHosts: "http://elasticsearch-master-headless.default.svc.cluster.local:9200"

extraEnvs:
  - name: "ELASTICSEARCH_USERNAME"
    value: "elastic"
  - name: "ELASTICSEARCH_PASSWORD"
    valueFrom:
      secretKeyRef:
        name: elastic-credentials
        key: password
        
service:
  type: NodePort
  port: 5601
  nodePort: "30601"

部署kibana

$ cd helm-charts/kibana
$ helm install kibana -f value.yaml .

部署结果

POD运行情况：

$ kubectl get pod
NAME                      READY   STATUS    RESTARTS   AGE
elasticsearch-master-0    1/1     Running   0          1h
elasticsearch-master-1    1/1     Running   0          1h
elasticsearch-master-2    1/1     Running   0          1h
kibana-74c748ddc4-khtvt   1/1     Running   0          1h

kibana页面：