apiVersion: extensions/v1beta1 kind: Ingress metadata: name: elasticsearch namespace: log spec: rules: - host: elasticsearch.lzxlinux.cn http: paths: - path: / backend: serviceName: elasticsearch servicePort: 9200 --- apiVersion: v1 kind: Service metadata: name: elasticsearch namespace: log labels: app: elasticsearch spec: selector: app: elasticsearch ports: - name: api port: 9200 - name: discovery port: 9300 clusterIP: None --- apiVersion: apps/v1 kind: StatefulSet metadata: name: elasticsearch namespace: log spec: serviceName: elasticsearch replicas: 3 selector: matchLabels: app: elasticsearch template: metadata: labels: app: elasticsearch spec: initContainers: - name: fix-permissions image: busybox command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"] securityContext: privileged: true volumeMounts: - name: data mountPath: /usr/share/elasticsearch/data - name: increase-vm-max-map image: busybox command: ["sysctl", "-w", "vm.max_map_count=262144"] securityContext: privileged: true - name: increase-fd-ulimit image: busybox command: ["sh", "-c", "ulimit -n 65536"] securityContext: privileged: true containers: - name: elasticsearch image: elasticsearch:7.10.1 env: - name: "cluster.name" value: "elk" - name: "node.master" value: "true" - name: "node.data" value: "true" - name: "http.host" value: "0.0.0.0" - name: "network.host" value: "_eth0_" - name: node.name valueFrom: fieldRef: fieldPath: metadata.name - name: "bootstrap.memory_lock" value: "false" - name: "http.port" value: "9200" - name: "transport.tcp.port" value: "9300" - name: "discovery.seed_hosts" value: "elasticsearch" - name: "cluster.initial_master_nodes" value: "elasticsearch-0,elasticsearch-1,elasticsearch-2" - name: "discovery.seed_resolver.timeout" value: "10s" - name: "discovery.zen.minimum_master_nodes" value: "2" - name: "gateway.recover_after_nodes" value: "3" - name: "http.cors.enabled" value: "true" - name: "http.cors.allow-origin" value: "*" - name: "http.cors.allow-headers" value: "Authorization,X-Requested-With,Content-Length,Content-Type" - name: "xpack.security.enabled" value: "true" - name: "xpack.security.transport.ssl.enabled" value: "true" - name: "xpack.security.transport.ssl.verification_mode" value: "certificate" - name: "xpack.security.transport.ssl.keystore.path" value: "elastic-certificates.p12" - name: "xpack.security.transport.ssl.truststore.path" value: "elastic-certificates.p12" - name: "ES_JAVA_OPTS" value: "-Xms512m -Xmx512m" ports: - containerPort: 9200 name: api protocol: TCP - containerPort: 9300 name: discovery protocol: TCP resources: limits: cpu: 1000m requests: cpu: 500m volumeMounts: - name: cert mountPath: /usr/share/elasticsearch/config/elastic-certificates.p12 subPath: elastic-certificates.p12 readOnly: true - name: data mountPath: /usr/share/elasticsearch/data terminationGracePeriodSeconds: 30 volumes: - name: cert configMap: name: elastic-certificates volumeClaimTemplates: - metadata: name: data namespace: log spec: selector: matchLabels: alicloud-pvname: alicloud-nas-elfk-pv accessModes: [ "ReadWriteMany" ] resources: requests: storage: 500Gi