如何在Kubernetes里给PostgreSQL创建secret

网友投稿 591 2022-05-30

创建一个initdb.sql文件,输入如下内容:

– This is a postgres initialization script for the postgres container.

– Will be executed during container initialization ($> psql postgres -f initdb.sql)

CREATE ROLE adsuser WITH LOGIN PASSWORD ‘initial’ INHERIT CREATEDB;

CREATE DATABASE ads WITH ENCODING ‘UNICODE’ LC_COLLATE ‘C’ LC_CTYPE ‘C’ TEMPLATE template0;

GRANT ALL PRIVILEGES ON DATABASE ads TO adsuser;

CREATE SCHEMA ads AUTHORIZATION adsuser;

– ALTER DATABASE ads SET search_path TO ‘ads’;

ALTER DATABASE ads OWNER TO adsuser;

执行如下命令下,将输出重定向到一个名为ads-db-secret的yaml文件里。

kubectl create secret generic ads-db-secret --from-file initdb.sql --dry-run -o yaml > ads-db-secret.yaml

这个secret文件如下:

将自动生成的creationTimestamp删除,再添加postgres_password_value。

最后使用kubectl app生成secret。

Stateful Set是Kubernetes 1.9版本新引入的一个概念,用于管理有状态的应用。

Kubernetes官方文档:

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

StatefulSet由以下几个部分组成:

1. 用于定义网络标志(DNS domain)的Headless Service

2. 用于创建PersistentVolumes的volumeClaimTemplates

3. 定义具体应用的StatefulSet

下面我给出了一个实际应用中的StatefulSet的yaml文件:

--- apiVersion: apps/v1 kind: StatefulSet metadata: name: ads-db-statefulset labels: component: ads module: db spec: serviceName: ads-db-service replicas: 1 selector: matchLabels: component: ads module: db template: metadata: labels: component: ads module: db spec: volumes: - name: init secret: secretName: ads-db-secret items: - key: initdb.sql path: initdb.sql containers: - name: ads-db-pod image: postgres:9.6 ports: - containerPort: 5432 name: ads-db-port volumeMounts: - name: ads-db-volume mountPath: /var/lib/postgresql/data/ - name: init mountPath: /docker-entrypoint-initdb.d/ env: - name: PGDATA valueFrom: configMapKeyRef: name: ads-db-configmap key: pgdata_value - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ads-db-secret key: postgres_password_value volumeClaimTemplates: - metadata: name: ads-db-volume labels: component: ads module: db spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi

使用kubectl get statefulset查看生成的statefulset:

生成的headless service:

生成的pod:

当我把statefulset yaml文件里的replicas从1改成3之后,果然观察到有两个新的pod正在启动,并且名称满足命名规范-X。

使用kubectl describe查看创建的statefulset明细:

statefulSet自动创建的persistentVolumeClaim:

The files belonging to this database system will be owned by user “postgres”.

This user must also own the server process.

The database cluster will be initialized with locale “en_US.utf8”.

The default database encoding has accordingly been set to “UTF8”.

The default text search configuration will be set to “english”.

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data/pgdata … ok

creating subdirectories … ok

selecting default max_connections … 100

selecting default shared_buffers … 128MB

selecting dynamic shared memory implementation … posix

creating configuration files … ok

running bootstrap script … ok

performing post-bootstrap initialization … ok

syncing data to disk … ok

Success. You can now start the database server using:

pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start

使用下面的命令登录到statefulset提供的postgreSQL服务器上:

1. kubectl run tester -it --rm --image=postgres:9.6 --env=“PGCONNECT_TIMEOUT=5” --command – bash

看到root$之后,说明我们已经连接上pod了。

使用如下命令行连接postgreSQL服务器:

psql -h ads-db-statefulset-0.ads-db-service -p 5432 -U adsuser -W ads

当然如果不用命令行,也可以使用pgadmin,以图形化界面连接statefulSet里的postgreSQL服务器:

sudo apt install pgadmin3

进行端口转发,这样我们可以使用localhost:5432进行连接:

如何在Kubernetes里给PostgreSQL创建secret

kubectl port-forward ads-db-statefulset-0 5432:5432

也能成功连接:

要获取更多Jerry的原创文章,请关注公众号"汪子熙"。

Kubernetes PostgreSQL

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:OBS中配置子账号权限实践
下一篇:我与HCIA职业认证训练营的第一次亲密接触
相关文章