elasticsearch
原创大约 8 分钟
问题
下载镜像慢
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 26s default-scheduler 0/4 nodes are available: pod has unbound immediate PersistentVolumeClaims. preemption: 0/4 nodes are available: 4 No preemption victims found for incoming pod..
Normal Scheduled 25s default-scheduler Successfully assigned es/quickstart-es-default-0 to 10.0.1.203
Normal Pulling 24s kubelet Pulling image "docker.elastic.co/elasticsearch/elasticsearch:8.11.3"本地仓库
http://easzlab.io.local:5000
curl http://localhost:5000/v2/_catalog
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8aa9c03e8c75 easzlab/kubeasz:3.6.2 "tail -f /dev/null" 20 hours ago Up 22 minutes kubeasz
412fcf6dfb51 registry:2 "/entrypoint.sh /etc…" 20 hours ago Up 22 minutes local_registry
# curl http://localhost:5000/v2/_catalog
{"repositories":["calico/cni","calico/kube-controllers","calico/node","coredns/coredns","easzlab/k8s-dns-node-cache","easzlab/metrics-server","easzlab/pause","kubernetesui/dashboard","kubernetesui/metrics-scraper"]}
# curl http://easzlab.io.local:5000/v2/_catalog
{"repositories":["calico/cni","calico/kube-controllers","calico/node","coredns/coredns","easzlab/k8s-dns-node-cache","easzlab/metrics-server","easzlab/pause","kubernetesui/dashboard","kubernetesui/metrics-scraper"]}
# cat /etc/hosts
127.0.0.1 localhost
127.0.0.1 hong
127.0.1.1 hong
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.1.201 easzlab.io.local
### BEGIN KUBEASZ MANAGED BLOCK
### END KUBEASZ MANAGED BLOCK
# docker exec -it local_registry /bin/sh
/ # cat /etc/docker/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
/var/lib/registry/docker/registry/v2/repositories # ls -lh
total 16K
drwxr-xr-x 5 root root 4.0K Jun 13 15:54 calico
drwxr-xr-x 3 root root 4.0K Jun 13 15:54 coredns
drwxr-xr-x 5 root root 4.0K Jun 13 15:54 easzlab
drwxr-xr-x 4 root root 4.0K Jun 13 15:54 kubernetesui初始化错误
# kubectl -n es get pod
NAME READY STATUS RESTARTS AGE
quickstart-es-default-0 1/2 CrashLoopBackOff 5 (2m49s ago) 5m51s# kubectl -n es logs quickstart-es-default-0
Defaulted container "elasticsearc" out of: elasticsearc, elasticsearch, elastic-internal-init-filesystem (init), elastic-internal-suspend (init), sysctl (init)
/usr/local/bin/docker-entrypoint.sh: line 84: cannot create temp file for here-document: Read-only file system容器elasticsearc没有/usr/share/elasticsearch/bin/elasticsearch目录权限?
name: elasticsearc
kubectl -n es exec -it quickstart-es-default-0 -c elasticsearc - bash
kubectl -n es exec -it quickstart-es-default-0 -c elasticsearch -- bash# kubectl -n es get pod quickstart-es-default-0 -o jsonpath='{.spec.containers[*].name}'
elasticsearc elasticsearch#!/bin/bash
set -e
# Files created by Elasticsearch should always be group writable too
umask 0002
# Allow user specify custom CMD, maybe bin/elasticsearch itself
# for example to directly specify `-E` style parameters for elasticsearch on k8s
# or simply to run /bin/bash to check the image
if [[ "$1" == "eswrapper" || $(basename "$1") == "elasticsearch" ]]; then
# Rewrite CMD args to remove the explicit command,
# so that we are backwards compatible with the docs
# from the previous Elasticsearch versions < 6
# and configuration option:
# https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html#_d_override_the_image_8217_s_default_ulink_url_https_docs_docker_com_engine_reference_run_cmd_default_command_or_options_cmd_ulink
# Without this, user could specify `elasticsearch -E x.y=z` but
# `bin/elasticsearch -E x.y=z` would not work. In any case,
# we want to continue through this script, and not exec early.
set -- "${@:2}"
else
# Run whatever command the user wanted
exec "$@"
fi
# Allow environment variables to be set by creating a file with the
# contents, and setting an environment variable with the suffix _FILE to
# point to it. This can be used to provide secrets to a container, without
# the values being specified explicitly when running the container.
#
# This is also sourced in elasticsearch-env, and is only needed here
# as well because we use ELASTIC_PASSWORD below. Sourcing this script
# is idempotent.
source /usr/share/elasticsearch/bin/elasticsearch-env-from-file
if [[ -f bin/elasticsearch-users ]]; then
# Check for the ELASTIC_PASSWORD environment variable to set the
# bootstrap password for Security.
#
# This is only required for the first node in a cluster with Security
# enabled, but we have no way of knowing which node we are yet. We'll just
# honor the variable if it's present.
if [[ -n "$ELASTIC_PASSWORD" ]]; then
[[ -f /usr/share/elasticsearch/config/elasticsearch.keystore ]] || (elasticsearch-keystore create)
if ! (elasticsearch-keystore has-passwd --silent) ; then
# keystore is unencrypted
if ! (elasticsearch-keystore list | grep -q '^bootstrap.password$'); then
(echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x 'bootstrap.password')
fi
else
# keystore requires password
if ! (echo "$KEYSTORE_PASSWORD" \
| elasticsearch-keystore list | grep -q '^bootstrap.password$') ; then
COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$ELASTIC_PASSWORD")"
(echo "$COMMANDS" | elasticsearch-keystore add -x 'bootstrap.password')
fi
fi
fi
fi
if [[ -n "$ES_LOG_STYLE" ]]; then
case "$ES_LOG_STYLE" in
console)
# This is the default. Nothing to do.
;;
file)
# Overwrite the default config with the stack config. Do this as a
# copy, not a move, in case the container is restarted.
cp -f /usr/share/elasticsearch/config/log4j2.file.properties /usr/share/elasticsearch/config/log4j2.properties
;;
*)
echo "ERROR: ES_LOG_STYLE set to [$ES_LOG_STYLE]. Expected [console] or [file]" >&2
exit 1 ;;
esac
fi
if [[ -n "$ENROLLMENT_TOKEN" ]]; then
POSITIONAL_PARAMETERS="--enrollment-token $ENROLLMENT_TOKEN"
else
POSITIONAL_PARAMETERS=""
fi
# Signal forwarding and child reaping is handled by `tini`, which is the
# actual entrypoint of the container
exec /usr/share/elasticsearch/bin/elasticsearch "$@" $POSITIONAL_PARAMETERS <<<"$KEYSTORE_PASSWORD"推
docker save docker.elastic.co/eck/eck-operator:2.10.0 > eck-operator-2.10.0.tareaszlab.io.local:5000
# 拉取镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.11.3
# 给镜像打标签
docker tag docker.elastic.co/elasticsearch/elasticsearch:8.11.3 easzlab.io.local:5000/elasticsearch/elasticsearch:8.11.3
# 推送镜像到本地仓库
docker push easzlab.io.local:5000/elasticsearch/elasticsearch:8.11.3# 拉取镜像
docker pull docker.elastic.co/eck/eck-operator:2.10.0
# 给镜像打标签
docker tag docker.elastic.co/eck/eck-operator:2.10.0 easzlab.io.local:5000/eck/eck-operator:2.10.0
# 推送镜像到本地仓库
docker push easzlab.io.local:5000/eck/eck-operator:2.10.0curl http://easzlab.io.local:5000/v2/_catalogelasticsearch-8.11.3.tar
# docker load -i elasticsearch-8.11.3.tar
d3fa9d362c05: Loading layer [==================================================>] 75.18MB/75.18MB
49fd4697745c: Loading layer [==================================================>] 35.86MB/35.86MB
6d0c87a32adc: Loading layer [==================================================>] 350.2kB/350.2kB
5f70bf18a086: Loading layer [==================================================>] 1.024kB/1.024kB
6fc2509bc37e: Loading layer [==================================================>] 1.319GB/1.319GB
df0df328b401: Loading layer [==================================================>] 26.62kB/26.62kB
b74a12947f7f: Loading layer [==================================================>] 6.656kB/6.656kB
84dac01a31e5: Loading layer [==================================================>] 521.7kB/521.7kB
c1f04257341f: Loading layer [==================================================>] 3.584kB/3.584kB
bae08472c887: Loading layer [==================================================>] 159.7kB/159.7kB
Loaded image: docker.elastic.co/elasticsearch/elasticsearch:8.11.3
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.elastic.co/elasticsearch/elasticsearch 8.11.3 792fab0c0bd8 6 months ago 1.43GB
# docker image tag docker.elastic.co/elasticsearch/elasticsearch:8.11.3 easzlab.io.local:5000/elasticsearch/elasticsearch:8.11.3
# docker push easzlab.io.local:5000/elasticsearch/elasticsearch:8.11.3
The push refers to repository [easzlab.io.local:5000/elasticsearch/elasticsearch]
bae08472c887: Pushed
c1f04257341f: Pushed
84dac01a31e5: Pushed
b74a12947f7f: Pushed
df0df328b401: Pushed
6fc2509bc37e: Pushed
5f70bf18a086: Mounted from calico/cni
6d0c87a32adc: Pushed
49fd4697745c: Pushed
d3fa9d362c05: Pushed
8.11.3: digest: sha256:437a5fa6f6c66d65f26915d7cd55959c3848b0313f71a784dbadfd3853ac5d6a size: 2411
# docker rmi docker.elastic.co/elasticsearch/elasticsearch:8.11.3
Untagged: docker.elastic.co/elasticsearch/elasticsearch:8.11.3elasticsearch-8.11.3.tar
# docker load -i eck-operator-2.10.0.tar
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.elastic.co/eck/eck-operator 2.10.0 bd9bc5fa9eed 7 months ago 73.1MB
# docker image tag docker.elastic.co/eck/eck-operator:2.10.0 easzlab.io.local:5000/eck/eck-operator:2.10.0
# docker push easzlab.io.local:5000/eck/eck-operator:2.10.0
# docker rmi docker.elastic.co/eck/eck-operator:2.10.0配置
# 测试的话记得把下面相关参数值调低
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
namespace: es
spec:
version: 8.11.3
nodeSets:
- name: default # sts名称就是quickstart-es-default
count: 1 # es集群数量,因为测试环境资源较少,生产可以部署2-3个
config:
node.store.allow_mmap: false
podTemplate:
spec:
containers:
- name: elasticsearc
image: docker.elastic.co/elasticsearch/elasticsearch:8.11.3
imagePullPolicy: IfNotPresent # 或者 Neverh
env:
- name: ES_JAVA_OPTS # es用java开发的
value: -Xms1g -Xmx1g # 资源是分配的1/2,生产需要2G-4G
resources:
requests:
memory: 1.8Gi
cpu: 0.5
limits:
memory: 1.8Gi
cpu: 0.5
initContainers:
- name: sysctl
securityContext:
privileged: true
# 初始化容器,配置内核参数
command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi # 50G可以自己适当分配
storageClassName: nfs-boge
http:
tls:
selfSignedCertificate:
disabled: true配置2
# 测试的话记得把下面相关参数值调低
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
namespace: es
spec:
version: 8.11.3
nodeSets:
- name: default # sts名称就是quickstart-es-default
count: 1 # es集群数量,因为测试环境资源较少,生产可以部署2-3个
config:
node.store.allow_mmap: false
podTemplate:
spec:
containers:
- name: elasticsearc
env:
- name: ES_JAVA_OPTS # es用java开发的
value: -Xms1g -Xmx1g # 资源是分配的1/2,生产需要2G-4G
resources:
requests:
memory: 2Gi
cpu: 0.5
limits:
memory: 2Gi
cpu: 0.5
initContainers:
- name: sysctl
securityContext:
privileged: true
# 初始化容器,配置内核参数
command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi # 50G可以自己适当分配
storageClassName: nfs-boge
http:
tls:
selfSignedCertificate:
disabled: true删除
root@node-1:~/boge/0614/1520# kubectl -n es delete -f elasticsearch-statefulset.yaml
elasticsearch.elasticsearch.k8s.elastic.co "quickstart" deleted
# kubectl -n es delete pod quickstart-es-default-0 --grace-period=0 --force
pvc没了
# kubectl -n es delete pv pvc-56489e19-2075-49bc-8005-fc0d73d7245c
kubectl delete ns es部署
kubectl create -f crds.yaml
kubectl apply -f operator.yaml
kubectl -n elastic-system get podkubectl create ns es2
# kubectl -n es2 apply -f elasticsearch-statefulset-es2.yaml
kubectl -n es2 get pod
kubectl -n es2 describe pod quickstart-es-default-0
kubectl -n es2 logs quickstart-es-default-0
依旧是
docker.elastic.co/elasticsearch/elasticsearch:8.11.3kubectl create ns es
# kubectl -n es apply -f elasticsearch-statefulset.yaml
kubectl -n es get pod
kubectl -n es describe pod quickstart-es-default-0
kubectl -n es logs quickstart-es-default-0
依旧是
docker.elastic.co/elasticsearch/elasticsearch:8.11.3kubectl -n es edit pod quickstart-es-default-0Readiness: exec [bash -c /mnt/elastic-internal/scripts/readiness-probe-script.sh] delay=10s timeout=5s period=5s #success=1 #failure=3docker运行
docker run --rm easzlab.io.local:5000/elasticsearch/elasticsearch:8.11.3securityContext:
fsGroup: 0
runAsUser: 1000
runAsGroup: 0资料
从 curl http://easzlab.io.local:5000/v2/_catalog 的输出可以看出,你的本地 Docker registry 正常运行,并且包含了一些镜像仓库,且你通过 easzlab.io.local 这个域名来访问它。以下是如何进一步使用这些镜像的详细步骤:
如何使用这些镜像
1. 拉取镜像
假设你想拉取 calico/node 镜像,可以使用以下命令:
docker pull easzlab.io.local:5000/calico/node这是从本地 registry 拉取 calico/node 镜像的方式。
2. 推送新镜像
假设你有一个新的镜像 myapp:latest,你想将它推送到本地 registry 中:
给镜像打标签
首先,你需要给镜像打上本地 registry 的标签:
docker tag myapp:latest easzlab.io.local:5000/myapp:latest推送镜像
然后,将镜像推送到本地 registry:
docker push easzlab.io.local:5000/myapp:latest
3. 验证推送的镜像
你可以再次使用 curl 命令来验证新镜像是否成功推送到 registry:
curl http://easzlab.io.local:5000/v2/_catalog这样会列出所有存储在本地 registry 中的镜像,myapp 应该出现在列表中。
此外,你可以查看特定镜像的标签:
curl http://easzlab.io.local:5000/v2/myapp/tags/list这会列出 myapp 镜像的所有标签。
摧毁集群
重新配置
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
namespace: es
spec:
version: 8.11.3
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
podTemplate:
spec:
containers:
- name: elasticsearch
env:
- name: ES_JAVA_OPTS
value: -Xms1g -Xmx1g
resources:
requests:
memory: 2Gi
cpu: 0.5
limits:
memory: 2Gi
cpu: 0.5
initContainers:
- name: sysctl
securityContext:
privileged: true
command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 15Gi
storageClassName: nfs-boge
http:
tls:
selfSignedCertificate:
disabled: true