0


k8s部署带用户名和密码的elasticsearch

elasticsearch本来可以不加用户名和密码,基于我们目前接触越来越多的客户,为了数据的安全性,也需要遗憾的加上用户名和密码
下面是k8s部署的yaml
文件名称:k8s-elasticsearch.yaml

apiVersion: apps/v1
kind: Deployment
metadata:labels:app: elasticsearch-u #为该Deployment设置key为app,value为elasticsearch-u的标签name: elasticsearch-u-dm
  namespace: lyb
spec:replicas:1#副本数量selector:#标签选择器,与上面的标签共同作用matchLabels:#选择包含标签app:elasticsearch的资源app: elasticsearch-u
  template:#这是选择或创建的Pod的模板metadata:#Pod的元数据labels:#Pod的标签,上面的selector即选择包含标签app:elasticsearch-u的Podapp: elasticsearch-u
    spec:#期望Pod实现的功能(即在pod中部署)containers:#生成container,与docker中的container是同一种-name: elasticsearch-u-container
        image: elasticsearch:7.12.1 #使用镜像elasticsearch-u: 创建container,该container默认9200端口可访问#imagePullPolicy: Never #使用本地镜像ports:-containerPort:9200# 开启本容器的9200端口可访问-containerPort:9300env:-name: ES_JAVA_OPTS
          value:-Xms512m -Xmx512m
        -name: bootstrap.memory_lock
          value:"true"-name: discovery.type
          value: single-node
        -name: node.name
          value: node-1-name: TAKE_FILE_OWNERSHIP #此环境变量是防止没有宿主机的777权限,value随便写,在nfs可以忽略,普通docker或者docker-swarm单机启动需要加value:"1111"# 下面是开启es验证的相关配置-name: http.cors.allow-headers
          value: Authorization
        -name: xpack.security.enabled
          value:"true"-name: xpack.security.transport.ssl.enabled
          value:"true"-name: network.host
          value:"0.0.0.0"volumeMounts:-mountPath: /usr/share/elasticsearch/data
          name: elasticsearch-data
      volumes:-name: elasticsearch-data
          nfs:server: nfs ip地址,需要自己改
            path: nfs共享文件夹,需要自己改
---apiVersion: v1
kind: Service
metadata:labels:app: elasticsearch-u
  name: svc-elasticsearch-u # 服务名称namespace: lyb
spec:ports:-port:9200#写mysql本身端口name: elasticsearch-u92
    protocol: TCP
    targetPort:9200# 容器elasticsearch-u对外开放的端口 上面的dm已经指定了nodePort:30192#外网访问的端口-port:9300protocol: TCP
    targetPort:9300name: elasticsearch-u93
    nodePort:30193selector:app: elasticsearch-u    #选择包含标签app:elasticsearch-u的资源type: NodePort

执行kubectl apply -f k8s-elasticsearch.yaml
然后进入到es的pod中
命令:

kubectl get pod -n lyb
#获取到es的pod名称
kubectl exec -it esPodName -n lyb

进入容器后

主要说明es如何设置密码
进入容器后,进入到bin目录,执行命令:elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana_system]: 
Reenter password for [kibana_system]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
以上就是设置密码的过程,下面是翻译:
启动为保留用户elastic、apm_system、kibana、kibana_system、logstash_system、beats_system、remote_monitoring_user设置密码。
随着过程的进行,系统将提示您输入密码。
请确认您想继续[y/N]y
输入[elastic]的密码:
重新输入[elastic]的密码:
输入[apm_system]密码:
Reenter password for [apm_system]:
输入[kibana_system]密码:
Reenter password for [kibana_system]:
输入[logstash_system]的密码:
Reenter password for [logstash_system]:
输入[beats_system]的密码:
Reenter password for [beats_system]
输入[remote_monitoring_user]的密码:
Reenter password for [remote_monitoring_user]:
更改用户[apm_system]的密码
修改用户[kibana_system]的密码
更改用户[kibana]的密码
修改用户logstash_system的密码
修改用户[beats_system]的密码
修改用户[remote_monitoring_user]密码
修改弹性用户密码

然后浏览器访问 ip:30192
页面自动弹窗,输出刚才设置的密码即可访问
在这里插入图片描述


本文转载自: https://blog.csdn.net/qq_45502554/article/details/129099466
版权归原作者 日行一善,写一算法 所有, 如有侵权,请联系我们删除。

“k8s部署带用户名和密码的elasticsearch”的评论:

还没有评论