ELK Stack-Elasticsearch入门之安装部署

系列文章目录

ELK Stack-Elasticsearch入门之安装部署

---

前言

Elasticsearch 是位于 Elastic Stack 核心的分布式搜索和分析引擎，Logstash 和 Beats 有助于收集、聚合和丰富您的数据并将其存储在 Elasticsearch中，Kibana 使您能够以交互方式探索、可视化数据，并管理和监控堆栈。本系列文章将逐个讲解ELK 框架各个框架的核心架构以及使用。

---

一、Elasticsearch是什么？

1. Elasticsearch 主要提供了索引、搜索和分析的功能
2. Elasticsearch 为所有类型的数据提供近乎实时的搜索和分析
3. Elasticsearch 支持快速搜索的方式高效地存储数据和索引数据
4. Elasticsearch 支持分布式部署

二、Elasticsearch 用途

1. 为应用提供数据检索功能
2. 存储和分析日志、指标和安全事件数据
3. 使用机器学习实时自动建模数据行为
4. 使用 Elasticsearch 作为存储引擎自动化业务工作流程
5. 使用 Elasticsearch 作为地理信息系统 (GIS) 管理、集成和分析空间信息（Elasticsearch 支持GIS位置搜索）

三、Elasticsearch 安装

安装方式可参考官网

docker-compose 方式安装

定义DockerCompose配置文件
docker-compose.yml

version: '3'
services:
  elasticsearch:
    image: elasticsearch:7.6.2
    container_name: elasticsearch
    environment:
      - "cluster.name=elasticsearch" #集群名称为elasticsearch
      - "discovery.type=single-node" #单节点启动
      - "ES_JAVA_OPTS=-Xms4g -Xmx4g" #jvm内存分配为a4g
    volumes:
      - ./elasticsearch/plugins:/usr/share/elasticsearch/plugins ##挂载插件目录
      - ./elasticsearch/data:/usr/share/elasticsearch/data ## 挂载数据目录
    ports:
      - 9200:9200
  kibana:
    image: kibana:7.6.2
    container_name: kibana
    links:
      - elasticsearch:es #配置elasticsearch域名为es
    depends_on:
      - elasticsearch
    environment:
      - "elasticsearch.hosts=http://es:9200" #因为上面配置了域名，所以这里可以简写为http://es:9200
    ports:
      - 5601:5601
  logstash:
    image: logstash:7.6.2
    container_name: logstash
    volumes:
      - ./logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch
    links:
      - elasticsearch:es
    ports:
      - 4560:4560

启动容器

docker-compose -f docker-compose.yml up

k8s 方式部署

vim elasticsearch.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: es-master01
  namespace: aiops
spec:
  externalIPs:
  - xx.xx.xx.xx ## 填写IP地址
  ports:
  - name: http
    port: 9200
    targetPort: 9200
  - name: tcp
    port: 9300
    targetPort: 9300
  selector:
    name: es-master01
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: es-master01
  namespace: elk # 填写命名空间
  labels:
    name: es-master01
spec:
  replicas: 1
  selector:
    matchLabels:
      name: es-master01
  template:
    metadata:
      labels:
        name: es-master01
    spec:
      nodeSelector:
        node-role.kubernetes.io/es-master01: ""   
      containers:
        - image: elasticsearch:7.16.3
          imagePullPolicy: IfNotPresent
          name: es-master01
          volumeMounts:
            - name: localtime
              mountPath: /etc/localtime
            - name: elasticsearch-data
              mountPath: /usr/share/elasticsearch/data
            - name: elasticsearch-logs
              mountPath: /usr/share/elasticsearch/logs       
          env:
          - name: TZ
            value: Asia/Shanghai         
          - name: node.name
            value: "es-master01"
          - name: cluster.name
            value: "es-cluster"
          - name: network.host
            value: 0.0.0.0 
          - name: cluster.initial_master_nodes
            value: "es-master01"
          - name: bootstrap.memory_lock
            value: "false"
          - name: ES_JAVA_OPTS
            value: "-Xms6g -Xmx6g"
          - name: http.port
            value: "9200"
          - name: transport.port
            value: "9300"
      volumes:
        - name: localtime
          hostPath:
            path: /etc/localtime
        - name: elasticsearch-data
          hostPath:
            path: /home/elasticsearch/master01/data
        - name: elasticsearch-logs
          hostPath:
            path: /home/elasticsearch/master01/logs      

创建资源对象

 kubectl apply -f elasticsearch.yaml

---