0
点赞
收藏
分享

微信扫一扫

HTTPS 的加密过程 详解

ZMXQQ233 2024-07-24 阅读 32

1、背景:

2、开发elasticsearch集群,无认证模式:

1. 开发yaml文件内容如下:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: es7-cluster
  namespace: sit
spec:
  serviceName: elasticsearch
  replicas: 3
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3
        resources:
            limits:
              cpu: 1000m
            requests:
              cpu: 100m
        ports:
        - containerPort: 9200
          name: rest
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        env:
          - name: cluster.name
            value: k8s-logs
          - name: node.name
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: discovery.zen.minimum_master_nodes
            value: "2"
          - name: discovery.seed_hosts
            value: "es7-cluster-0.elasticsearch,es7-cluster-1.elasticsearch,es7-cluster-2.elasticsearch"
          - name: cluster.initial_master_nodes
            value: "es7-cluster-0,es7-cluster-1,es7-cluster-2"
          - name: ES_JAVA_OPTS
            value: "-Xms1g -Xmx1g"
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        command: ["sh", "-c", "ulimit -n 65536"]
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 1Gi
apiVersion: v1
kind: Service
metadata:
  name: elasticsearch
  namespace: sit
spec:
  selector:
    app: elasticsearch
  type: ClusterIP
  ports:
  - port: 9200
    name: es-9200
    targetPort: 9200
  - port: 9300
    name: es-9300
    targetPort: 9300

2. 创建elasticsearch集群: 

3. 查看运行情况:

 

3、开发elasticsearch集群,认证模式:

1. 开发yaml文件内容如下:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elastic-cluster
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  serviceName: elastic-svc
  replicas: 3
  selector:
    matchLabels:
      app: elastic-cluster
      kubernetes.io/cluster-service: "true"
  template:
    metadata:
      labels:
        app: elastic-cluster
        kubernetes.io/cluster-service: "true"
    spec:
      initContainers:
      - name: fix-permissions
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
        securityContext:
          privileged: true
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
      - name: increase-vm-max-map
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      - name: increase-fd-ulimit
        image: 192.20.67.250/public/busybox:latest
        imagePullPolicy: IfNotPresent
        command: ["sh", "-c", "ulimit -n 65536"]
      volumes:
      - name: localtime
        hostPath:
          path: /etc/localtime
          type: ''
      containers:
      - name: elasticsearch
        image: 192.20.67.250/public/elasticsearch:7.9.3-p12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9200
          name: rest-api
          protocol: TCP
        - containerPort: 9300
          name: inter-node
          protocol: TCP
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
        env:
        - name: node.name
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: discovery.zen.minimum_master_nodes
          value: "2"
        - name: discovery.seed_hosts
          value: "elastic-svc"
        - name: cluster.initial_master_nodes
          value: "elastic-cluster-0,elastic-cluster-1,elastic-cluster-2"
        - name: ES_JAVA_OPTS
          value: "-Xms1024m -Xmx1024m"
        - name: xpack.security.enabled
          value: "true"
        - name: xpack.security.transport.ssl.enabled
          value: "true"
        - name: xpack.security.transport.ssl.verification_mode
          value: "certificate"
        - name: xpack.security.transport.ssl.keystore.path
          value: "elastic-certificates.p12"
        - name: xpack.security.transport.ssl.truststore.path
          value: "elastic-certificates.p12"
  volumeClaimTemplates:   
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "huawei-san"
      resources:
        requests:
          storage: 2Gi
apiVersion: v1
kind: Service
metadata:
  name: elastic-svc
  namespace: sit
  labels:
    app: elastic-cluster
spec:
  selector:
    app: elastic-cluster
  type: ClusterIP
  ports:
  - name: rest-api
    port: 9200
    protocol: TCP
    targetPort: 9200
  - name: inter-node
    port: 9300
    protocol: TCP
    targetPort: 9300

2. 创建elasticsearch集群: 

3. 查看运行情况:

4.验证elasticsearch服务登入: 

 输入密码之后返回如下的内容:

 

举报

相关推荐

0 条评论