代码语言:javascript复制
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: es-read
namespace: es
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: es-read
namespace: es
subjects:
- kind: ServiceAccount
name: default
namespace: es
roleRef:
kind: Role
name: es-read
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: es-view
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
#命名为default权限
name: default
namespace: es
---
kind: Service
apiVersion: v1
metadata:
name: es
namespace: es
labels:
app: es
spec:
selector:
app: es
clusterIP: None
ports:
- port: 9200
name: rest
- port: 9300
name: inter-node
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es
namespace: es
spec:
serviceName: es
replicas: 3
selector:
matchLabels:
app: es
template:
metadata:
labels:
app: es
spec:
terminationGracePeriodSeconds: 10
initContainers:
- name: chushihuashezhi
image: busybox
imagePullPolicy: IfNotPresent
command: ["sh","-c"," sysctl -w vm.max_map_count=262144 && ulimit -n 65536"]
#command: ["sh","-c","chown -R 1000:1000 /usr/share/elasticsearch/data && sysctl -w vm.max_map_count=262144 && ulimit -n 65536"]
securityContext:
privileged: true
containers:
- name: es
#image: cygnf2eh.mirror.aliyuncs.com/library/elasticsearch:7.13.2
image: docker.elastic.co/elasticsearch/elasticsearch:7.6.2
imagePullPolicy: IfNotPresent
ports:
- name: rest
containerPort: 9200
- name: inter
containerPort: 9300
resources:
limits:
cpu: 1000m
requests:
cpu: 1000m
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: cluster.name
value: yemaodiyi
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: cluster.initial_master_nodes
value: "es-0,es-1,es-2"
- name: discovery.zen.minimum_master_nodes
value: "2"
- name: discovery.seed_hosts
value: "es-0.es,es-1.es,es-2.es"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
- name: network.host
value: "0.0.0.0"
- name: http.port
value: "9200"
- name: transport.port
value: "9300"
- name: node.data
value: "true"
- name: node.master
value: "true"
- name: http.cors.enabled
value: "true"
- name: http.cors.allow-origin
value: "*"
volumeClaimTemplates:
- metadata:
name: data
labels:
app: elasticsearch
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: nfs-zhaohao
resources:
requests:
storage: 3Gi