# es-sts.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: elasticsearch namespace: elastic-system spec: serviceName: "elasticsearch" # 必须与 Headless Service 名一致 replicas: 3 # 生产环境至少3节点! selector: matchLabels: app: elasticsearch template: metadata: labels: app: elasticsearch spec: # ⚠️ 关键:避免多个ES Pod调度到同一Node(防单点故障) affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: ["elasticsearch"] topologyKey: kubernetes.io/hostname initContainers: # 必须:调整 OS 内核参数(ES 要求) - name: init-sysctl image: busybox:1.35 securityContext: privileged: true command: - sysctl - -w - vm.max_map_count=262144 - sysctl - -w - fs.file-max=65536 containers: - name: elasticsearch image: docker.elastic.co/elasticsearch/elasticsearch:9.2.2 env: - name: cluster.name value: "k8s-es-cluster" - name: node.name valueFrom: fieldRef: fieldPath: metadata.name # → es-0, es-1, es-2 - name: discovery.seed_hosts value: "elasticsearch-0.elasticsearch,elasticsearch-1.elasticsearch,elasticsearch-2.elasticsearch" - name: cluster.initial_master_nodes value: "elasticsearch-0,elasticsearch-1,elasticsearch-2" - name: ES_JAVA_OPTS value: "-Xms2g -Xmx2g" - name: network.host value: "0.0.0.0" ports: - containerPort: 9200 name: http - containerPort: 9300 name: transport volumeMounts: - name: data mountPath: /usr/share/elasticsearch/data readinessProbe: httpGet: path: /_cluster/health port: 9200 initialDelaySeconds: 30 periodSeconds: 10 livenessProbe: httpGet: path: /_cluster/health port: 9200 initialDelaySeconds: 60 periodSeconds: 30 # ⚠️ 必须设置 securityContext(ES 9+ 默认以非 root 启动) securityContext: fsGroup: 1000 runAsUser: 1000 runAsNonRoot: true # ⚠️ 关键:每个副本独享 PVC → 自动创建3个 PV(各绑定一块 CBS) volumeClaimTemplates: - metadata: name: data spec: accessModes: [ "ReadWriteOnce" ] # 腾讯云 CBS 支持 RWO storageClassName: cbs # 或 cbs-premium(高性能 SSD) resources: requests: storage: 100Gi # 按需调整