官方helm
#证书生成参考官方文档https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#node-certificates
kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 -n elasticsearch
apiVersion: v1
kind: Secret
metadata:
labels:
cattle.io/creator: norman
name: elastic-credentials
namespace: elasticsearch
type: Opaque
data:
password: ******
username: *****
---
clusterName: "elasticsearch"
nodeGroup: "master"
roles:
master: "true"
ingest: "false"
data: "false"
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
#storageClassName: "cloud-ssd"
resources:
requests:
storage: 20Gi
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
---
clusterName: "elasticsearch"
nodeGroup: "data"
esJavaOpts: "-Xmx16g -Xms16g"
resources:
requests:
cpu: "4000m"
memory: "16Gi"
limits:
cpu: "8000m"
memory: "20Gi"
roles:
master: "false"
ingest: "true"
data: "true"
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
#storageClassName: "cloud-ssd"
resources:
requests:
storage: 5Ti
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
最后修改:2020-07-27 16:01:58
© 著作权归作者所有
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付
