Rancher 部署带有密码认证 Elasticsearch 服务
1. 工作负载部署
-
镜像地址
172.22.149.31:18888/library/elasticsearch:7.6.2 -
端口映射 NodePort
9200 -> 31627(随机) -
环境变量
node.name=es1 network.host=0.0.0.0 discovery.type=single-node -
配置映射
新建配置映射,内容如下:
xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true
在数据卷中添加配置映射,如下图:
-
持久化数据目录
创建 pvc 用于映射 data 目录和 logs 目录,否则数据无法持久化
-
解决挂载目录权限问题
通过 pvc 挂载的 data 和 logs 目录的所有者是 root, 但是启动容器服务是 elasticsearch 用户,没有写入日志的权限,所以需要修改属主。
-
修改入口命令为
/bin/bash
-
进入容器命令行
修改 data 和 log 文件夹属主为 elasticsearch
chown -R elasticsearch /usr/share/elasticsearch/data chown -R elasticsearch /usr/share/elasticsearch/logs退出容器,将入口命令清空,重启容器
-
-
保存启动
其他配置保持默认即可,启动工作负载,查看日志是否正常。
2. 用户密码配置
工作负载启动没有问题后,进入容器命令行,输入下面命令配置密码:
./bin/elasticsearch-setup-passwords interactive
共 6 个用户,每个用户都需要配置密码,配置完成即可
[5f68784b4-h57lw elasticsearch]# ./bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
[root@elasticsearch-55f68784b4-h57lw elasticsearch]#