如何在Kubernetes里给PostgreSQL创建secret
创建一个initdb.sql文件,输入如下内容:
– This is a postgres initialization script for the postgres container.
– Will be executed during container initialization ($> psql postgres -f initdb.sql)
CREATE ROLE adsuser WITH LOGIN PASSWORD ‘initial’ INHERIT CREATEDB;
CREATE DATABASE ads WITH ENCODING ‘UNICODE’ LC_COLLATE ‘C’ LC_CTYPE ‘C’ TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE ads TO adsuser;
CREATE SCHEMA ads AUTHORIZATION adsuser;
– ALTER DATABASE ads SET search_path TO ‘ads’;
ALTER DATABASE ads OWNER TO adsuser;
执行如下命令下,将输出重定向到一个名为ads-db-secret的yaml文件里。
kubectl create secret generic ads-db-secret --from-file initdb.sql --dry-run -o yaml > ads-db-secret.yaml
这个secret文件如下:
将自动生成的creationTimestamp删除,再添加postgres_password_value。
最后使用kubectl app生成secret。
Stateful Set是Kubernetes 1.9版本新引入的一个概念,用于管理有状态的应用。
Kubernetes官方文档:
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.
Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.
StatefulSet由以下几个部分组成:
1. 用于定义网络标志(DNS domain)的Headless Service
2. 用于创建PersistentVolumes的volumeClaimTemplates
3. 定义具体应用的StatefulSet
下面我给出了一个实际应用中的StatefulSet的yaml文件:
--- apiVersion: apps/v1 kind: StatefulSet metadata: name: ads-db-statefulset labels: component: ads module: db spec: serviceName: ads-db-service replicas: 1 selector: matchLabels: component: ads module: db template: metadata: labels: component: ads module: db spec: volumes: - name: init secret: secretName: ads-db-secret items: - key: initdb.sql path: initdb.sql containers: - name: ads-db-pod image: postgres:9.6 ports: - containerPort: 5432 name: ads-db-port volumeMounts: - name: ads-db-volume mountPath: /var/lib/postgresql/data/ - name: init mountPath: /docker-entrypoint-initdb.d/ env: - name: PGDATA valueFrom: configMapKeyRef: name: ads-db-configmap key: pgdata_value - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ads-db-secret key: postgres_password_value volumeClaimTemplates: - metadata: name: ads-db-volume labels: component: ads module: db spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi
使用kubectl get statefulset查看生成的statefulset:
生成的headless service:
生成的pod:
当我把statefulset yaml文件里的replicas从1改成3之后,果然观察到有两个新的pod正在启动,并且名称满足命名规范
使用kubectl describe查看创建的statefulset明细:
statefulSet自动创建的persistentVolumeClaim:
The files belonging to this database system will be owned by user “postgres”.
This user must also own the server process.
The database cluster will be initialized with locale “en_US.utf8”.
The default database encoding has accordingly been set to “UTF8”.
The default text search configuration will be set to “english”.
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data/pgdata … ok
creating subdirectories … ok
selecting default max_connections … 100
selecting default shared_buffers … 128MB
selecting dynamic shared memory implementation … posix
creating configuration files … ok
running bootstrap script … ok
performing post-bootstrap initialization … ok
syncing data to disk … ok
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start
使用下面的命令登录到statefulset提供的postgreSQL服务器上:
1. kubectl run tester -it --rm --image=postgres:9.6 --env=“PGCONNECT_TIMEOUT=5” --command – bash
看到root$之后,说明我们已经连接上pod了。
使用如下命令行连接postgreSQL服务器:
psql -h ads-db-statefulset-0.ads-db-service -p 5432 -U adsuser -W ads
当然如果不用命令行,也可以使用pgadmin,以图形化界面连接statefulSet里的postgreSQL服务器:
sudo apt install pgadmin3
进行端口转发,这样我们可以使用localhost:5432进行连接:
kubectl port-forward ads-db-statefulset-0 5432:5432
也能成功连接:
要获取更多Jerry的原创文章,请关注公众号"汪子熙"。
Kubernetes PostgreSQL
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。