Try   HackMD

這份筆記後續沒有維護,yaml 應該有錯誤,參考此份文件作業之前請注意此問題

elastic cloud kubernetes install

https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-install-helm.html
https://github.com/elastic/cloud-on-k8s (這邊可以找參考)

ECK Operator 預設安裝後取得的是基本授權 (免費),但是內部 ECK 相關的 Helm 安裝設定全部都是企業版限定 (github issue)
未來是否可以使用 value yaml 控制還不得而知,所以現階段需要在安裝好 eck operator 之後自行撰寫各服務的安裝 yaml 檔案來進行安裝

安裝後預設 kibana 帳號密碼

參考資料

user = elastic
pasw = secrets: elasticsearch-es-elastic-user

參考資料

額外記錄用於未來參考

yaml

以下內容有參考 ECK-Helm 中,eck-stack 所產出的基礎設定來調整

elastic-operator argocd application yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  labels:
    type: cluster-infra
  namespace: argocd
  name: elastic-eck-operator
spec:
  destination:
    name: 'in-cluster'
    namespace: elastic-system
  source:
    repoURL: 'https://helm.elastic.co'
    targetRevision: 2.6.1
    chart: eck-operator
    helm:
      # 由於 helm value 內預設有 override full name,所以這個設定應該是不需要的
      # releaseName: elastic-eck-operator
      valueFiles:
        - values.yaml
  project: default
  syncPolicy:
    syncOptions:
      - PruneLast=true
      - RespectIgnoreDifferences=true
      - ApplyOutOfSyncOnly=true
      - CreateNamespace=true
  ignoreDifferences:
    - group: apps
      kind: Deployment
      jsonPointers:
        - /spec/replicas
  revisionHistoryLimit: 3

elasticsearch Manifests

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elasticsearch
  namespace: elastic-system
spec:
  http:
    tls:
      selfSignedCertificate:
        disabled: true
  version: 8.6.2
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false
    podTemplate:
      metadata:
        annotations:
          traffic.sidecar.istio.io/includeInboundPorts: "*"
          traffic.sidecar.istio.io/excludeOutboundPorts: "9300"
          traffic.sidecar.istio.io/excludeInboundPorts: "9300"
      spec:
        automountServiceAccountToken: true
        containers:
        - name: elasticsearch
          resources:
            limits:
              cpu: 2
              memory: 2Gi
            requests:
              cpu: 1
              memory: 1Gi
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 5Gi
        storageClassName: longhorn

kibana Manifests

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: kibana
  namespace: elastic-system
spec:
  count: 1
  elasticsearchRef:
    name: elasticsearch
    # namespace: elastic-system
  version: 8.6.2
  podTemplate:
    spec:
      automountServiceAccountToken: true
      containers:
      - name: kibana
        env:
          - name: NODE_OPTIONS
            value: "--max-old-space-size=2048"
        resources:
          requests:
            memory: 1Gi
            cpu: 0.5
          limits:
            memory: 2Gi
            cpu: 2
  http:
    tls:
      selfSignedCertificate:
        disabled: true

elastic-agent Manifests

apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
  name: elastic-agent
  namespace: elastic-system
spec:
  daemonSet:
    podTemplate:
      spec:
        containers:
          - name: agent
            securityContext:
              runAsUser: 0
  elasticsearchRefs:
    - name: elasticsearch
  version: 8.6.2

fleet-server Manifests

apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
  name: fleet-server
  namespace: elastic-system
spec:
  deployment:
    podTemplate:
      spec:
        automountServiceAccountToken: true
        securityContext:
          runAsUser: 0
        serviceAccountName: fleet-server
    replicas: 1
  elasticsearchRefs:
    - name: elasticsearch
  fleetServerEnabled: true
  kibanaRef:
    name: kibana
  mode: fleet
  version: 8.6.2

kibana istio ingressgateway

Gateway

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: elastic-kibana-gateway
  namespace: elastic-system
spec:
  selector:
    istio: ingressgateway
    #istio: kibana-ingressgateway
  servers:
    - hosts:
        - *
      port:
        name: http
        number: 8080
        protocol: HTTP

VirtualService

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: elastic-system-vs
  namespace: elastic-system
spec:
  gateways:
    - elastic-kibana-gateway
  hosts:
    - *
  http:
    # - headers:
    #     request:
    #       set:
    #         x-forwarded-proto: https
    - route:
        - destination:
            host: kibana-kb-http.elastic-system.svc.cluster.local
            port:
              number: 5601
Last changed by 
YuChia
這邊是我自己的簡短筆記,有些內容可能不完整或是有疏漏,歡迎大家指正與提供意見。
0
79

Read more

Observability Architecture Slide

可觀測性 (Observability) 三本柱

May 21, 2025
commands

winget install Rustlang.Rustup

Feb 18, 2025
font install

:::

Feb 8, 2025
run argocd in k3d (with istio)

k3d 的命令說明可以參考 https://hackmd.io/@YuChia/create-k3s-cluster-use-k3d

Oct 22, 2024
Read more from YuChia
Published on HackMD