2.3、部署es client节点配置清单如下（es-client.yaml）：
---apiVersion: v1kind: ConfigMapmetadata:namespace: elasticname: elasticsearch-client-configlabels:app: elasticsearchrole: clientdata:elasticsearch.yml: |-cluster.name: ${CLUSTER_NAME}node.name: ${NODE_NAME}discovery.seed_hosts: ${NODE_LIST}cluster.initial_master_nodes: ${MASTER_NODES}network.host: 0.0.0.0node:master: falsedata: falseingest: truexpack.security.enabled: truexpack.monitoring.collection.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12xpack.ml.enabled: truexpack.license.self_generated.type: basicxpack.monitoring.exporters.my_local:type: localuse_ingest: false---apiVersion: v1kind: Servicemetadata:namespace: elasticname: elasticsearch-clientlabels:app: elasticsearchrole: clientspec:ports:- port: 9200name: client- port: 9300name: transportselector:app: elasticsearchrole: client---apiVersion: apps/v1kind: Deploymentmetadata:namespace: elasticname: elasticsearch-clientlabels:app: elasticsearchrole: clientspec:selector:matchLabels:app: elasticsearchrole: clienttemplate:metadata:labels:app: elasticsearchrole: clientspec:initContainers:- name: init-sysctlimage: busybox:1.27.2command:- sysctl- -w- vm.max_map_count=262144securityContext:privileged: truecontainers:- name: elasticsearch-clientimage: docker.elastic.co/elasticsearch/elasticsearch:7.8.0env:- name: CLUSTER_NAMEvalue: elasticsearch- name: NODE_NAMEvalue: elasticsearch-client- name: NODE_LISTvalue: elasticsearch-master,elasticsearch-data,elasticsearch-client- name: MASTER_NODESvalue: elasticsearch-master- name: "ES_JAVA_OPTS"value: "-Xms256m -Xmx256m"ports:- containerPort: 9200name: client- containerPort: 9300name: transportvolumeMounts:- name: configmountPath: /usr/share/elasticsearch/config/elasticsearch.ymlreadOnly: truesubPath: elasticsearch.yml- name: storagemountPath: /data- name: keystoremountPath: /usr/share/elasticsearch/config/certs/elastic-certificates.p12readOnly: truesubPath: elastic-certificates.p12volumes:- name: configconfigMap:name: elasticsearch-client-config- name: "storage"emptyDir:medium: ""- name: keystoresecret:secretName: elastic-certificatesdefaultMode: 044执行kubectl apply -f es-client.yaml创建配置清单 ， 其状态变为running即为部署成功 。
# kubectl get pod -n elasticNAMEREADYSTATUSRESTARTSAGEelasticsearch-client-f79cf4f7b-pbz9d1/1Running05selasticsearch-data-01/1Running03m11selasticsearch-master-77d5d6c9db-gklgd1/1Running05m42selasticsearch-master-77d5d6c9db-gvhcb1/1Running05m42selasticsearch-master-77d5d6c9db-pflz61/1Running05m42s2.4、生成密码我们启用了 xpack 安全模块来保护我们的集群 ， 所以我们需要一个初始化的密码 。 我们可以执行如下所示的命令 ， 在客户端节点容器内运行 bin/elasticsearch-setup-passwords 命令来生成默认的用户名和密码：
# kubectl exec $(kubectl get pods -n elastic | grep elasticsearch-client | sed -n 1p | awk '{print $1}') \-n elastic \-- bin/elasticsearch-setup-passwords auto -bChanged password for user apm_systemPASSWORD apm_system = hvlXFW1lIn04Us99MgewChanged password for user kibana_systemPASSWORD kibana_system = 7Zwfbd250QfV6VcqfY9zChanged password for user kibanaPASSWORD kibana = 7Zwfbd250QfV6VcqfY9zChanged password for user logstash_systemPASSWORD logstash_system = tuUsRXDYMOtBEbpTIJgXChanged password for user beats_systemPASSWORD beats_system = 36HrrpwqOdd7VFAzh8EWChanged password for user remote_monitoring_userPASSWORD remote_monitoring_user = bD1vsqJJZoLxGgVciXYRChanged password for user elasticPASSWORD elastic = BA72sAEEY1Bphgruxlcw