<aside> 👨💻 실행 명령어 모음
</aside>
# 엘라스틱 서치 추가
kubectl apply -f elasticsearch-service.yaml
kubectl apply -f elasticsearch-statefulset.yaml
kubectl apply -f elasticsearch-ingress.yaml
# 키바나 추가
kubectl apply -f kibana-service.yaml
kubectl apply -f kibana-statefulset.yaml
# 로그스태시 추가
kubectl apply -f logstash-configMap.yaml
kubectl apply -f logstash-service.yaml
kubectl apply -f logstash-statefulset.yaml
===========================================
# 엘라스틱 서치 삭제
kubectl delete -f elasticsearch-service.yaml
kubectl delete -f elasticsearch-statefulset.yaml
kubectl delete -f elasticsearch-ingress.yaml
# 키바나 삭제
kubectl delete -f kibana-service.yaml
kubectl delete -f kibana-statefulset.yaml
# 로그스태시 삭제
kubectl delete -f logstash-configMap.yaml
kubectl delete -f logstash-service.yaml
kubectl delete -f logstash-statefulset.yaml
elasticsearch-statefulset.yamlapiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
namespace: devops-tools
labels:
app: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: elastic/elasticsearch:8.13.3
env:
- name: discovery.type
value: "single-node"
- name: ELASTIC_PASSWORD
value: "elk"
- name: ES_JAVA_OPTS
value: "-Xms500m -Xmx1000m"
- name: xpack.security.http.ssl.enabled
value: "true"
- name: xpack.security.http.ssl.keystore.path
value: "/usr/share/elasticsearch/config/certs/elasticsearch.keystore.p12"
- name: xpack.security.transport.ssl.enabled
value: "true"
- name: xpack.security.transport.ssl.keystore.path
value: "/usr/share/elasticsearch/config/certs/elasticsearch.keystore.p12"
- name: xpack.security.enrollment.enabled
value: "true"
- name: xpack.security.http.ssl.certificate_authorities
value: "/usr/share/elasticsearch/config/elastic-logstash-pem/logstash.pem"
ports:
- containerPort: 9200
volumeMounts:
- name: elastic-data
mountPath: /usr/share/elasticsearch/data
- name: elasticsearch-ssl
mountPath: /usr/share/elasticsearch/config/certs
- name: elastic-logstash-pem
mountPath: /usr/share/elasticsearch/config/elastic-logstash-pem
volumes:
- name: elastic-data
emptyDir:
sizeLimit: 5Gi
- name: elasticsearch-ssl
secret:
secretName: elasticsearch-ssl
- name: elastic-logstash-pem
secret:
secretName: elastic-logstash-pem
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
namespace: devops-tools
labels:
app: elasticsearch
spec:
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
containers:
- name: elasticsearch
image: elastic/elasticsearch:8.13.3
env:
- name: discovery.type
value: "single-node"
- name: ELASTIC_PASSWORD
value: "elk"
- name: ES_JAVA_OPTS
value: "-Xms500m -Xmx1000m"
- name: xpack.security.http.ssl.enabled
value: "true"
- name: xpack.security.http.ssl.keystore.path
value: "/usr/share/elasticsearch/config/certs/elasticsearch.keystore.p12"
- name: xpack.security.transport.ssl.enabled
value: "true"
- name: xpack.security.transport.ssl.keystore.path
value: "/usr/share/elasticsearch/config/certs/elasticsearch.keystore.p12"
- name: xpack.security.enrollment.enabled
value: "true"
- name: xpack.security.http.ssl.certificate_authorities
value: "/usr/share/elasticsearch/config/elastic-logstash-pem/logstash.pem"
ports:
- containerPort: 9200
volumeMounts:
- name: elastic-data
mountPath: /usr/share/elasticsearch/data
- name: elasticsearch-ssl
mountPath: /usr/share/elasticsearch/config/certs
- name: elastic-logstash-pem
mountPath: /usr/share/elasticsearch/config/elastic-logstash-pem
volumes:
- name: elastic-data
emptyDir:
sizeLimit: 5Gi
- name: elasticsearch-ssl
secret:
secretName: elasticsearch-ssl
- name: elastic-logstash-pem
secret:
secretName: elastic-logstash-pem
elasticsearch-service.yamlapiVersion: v1
kind: Service
metadata:
labels:
app: elasticsearch
name: elasticsearch-master # 서비스의 이름
namespace: devops-tools # 네임스페이스 지정
spec:
ports:
- name: elasticsearch
port: 9200 # http 서비스가 노출하는 포트
nodePort: 30005
protocol: TCP
targetPort: 9200 # 서비스가 대상으로 하는 컨테이너 포트
selector:
app: elasticsearch # 서비스가 선택하는 Pod를 식별하는 라벨
type: NodePort # 서비스 유형
백업
문제점은 이 설정대로라면, Elasticsearch는 Kubernetes 클러스터 내에서만 접근할 수 있는 ClusterIP 서비스로 구성되어 있어. ClusterIP 서비스는 클러스터 내부 통신용으로 설계되어 있어서, 클러스터 외부에서는 직접 접근할 수 없다. (postman 요청이 안된다.)
(확인 필수) 외부에서 엘라스틱 접근하기 - 인그레스 적용
kibana-statefulset.yamlapiVersion: apps/v1
kind: StatefulSet
metadata:
name: kibana # StatefulSet의 이름
namespace: devops-tools # 네임스페이스 설정
labels:
app: kibana # 라벨 설정
spec:
replicas: 1 # 복제본 수
selector:
matchLabels:
app: kibana # Pod를 선택할 라벨
template:
metadata:
labels:
app: kibana # Pod 템플릿의 라벨
spec:
containers:
- name: kibana # 컨테이너 이름
image: elastic/kibana:8.13.3 # 사용할 이미지 및 버전
ports:
- containerPort: 5601 # 컨테이너에서 노출할 포트
kibana-service.yaml