jenkins-pipeline/k8s_yaml/elasticsearch-9.2.2/高可用/es-sts.yaml

# es-sts.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: elasticsearch
  namespace: elastic-system
spec:
  serviceName: "elasticsearch"  # 必须与 Headless Service 名一致
  replicas: 3  # 生产环境至少3节点！
  selector:
    matchLabels:
      app: elasticsearch
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      # ⚠️ 关键：避免多个ES Pod调度到同一Node（防单点故障）
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values: ["elasticsearch"]
            topologyKey: kubernetes.io/hostname

      initContainers:
      # 必须：调整 OS 内核参数（ES 要求）
      - name: init-sysctl
        image: busybox:1.35
        securityContext:
          privileged: true
        command:
        - sysctl
        - -w
        - vm.max_map_count=262144
        - sysctl
        - -w
        - fs.file-max=65536

      containers:
      - name: elasticsearch
        image: docker.elastic.co/elasticsearch/elasticsearch:9.2.2
        env:
        - name: cluster.name
          value: "k8s-es-cluster"
        - name: node.name
          valueFrom:
            fieldRef:
              fieldPath: metadata.name  # → es-0, es-1, es-2
        - name: discovery.seed_hosts
          value: "elasticsearch-0.elasticsearch,elasticsearch-1.elasticsearch,elasticsearch-2.elasticsearch"
        - name: cluster.initial_master_nodes
          value: "elasticsearch-0,elasticsearch-1,elasticsearch-2"
        - name: ES_JAVA_OPTS
          value: "-Xms2g -Xmx2g"
        - name: network.host
          value: "0.0.0.0"
        ports:
        - containerPort: 9200
          name: http
        - containerPort: 9300
          name: transport
        volumeMounts:
        - name: data
          mountPath: /usr/share/elasticsearch/data
        readinessProbe:
          httpGet:
            path: /_cluster/health
            port: 9200
          initialDelaySeconds: 30
          periodSeconds: 10
        livenessProbe:
          httpGet:
            path: /_cluster/health
            port: 9200
          initialDelaySeconds: 60
          periodSeconds: 30

      # ⚠️ 必须设置 securityContext（ES 9+ 默认以非 root 启动）
      securityContext:
        fsGroup: 1000
        runAsUser: 1000
        runAsNonRoot: true

  # ⚠️ 关键：每个副本独享 PVC → 自动创建3个 PV（各绑定一块 CBS）
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]  # 腾讯云 CBS 支持 RWO
      storageClassName: cbs  # 或 cbs-premium（高性能 SSD）
      resources:
        requests:
          storage: 100Gi  # 按需调整