如何在Kubernetes里给PostgreSQL创建secret

网友投稿 611 2022-05-30

创建一个initdb.sql文件,输入如下内容:

– This is a postgres initialization script for the postgres container.

– Will be executed during container initialization ($> psql postgres -f initdb.sql)

CREATE ROLE adsuser WITH LOGIN PASSWORD ‘initial’ INHERIT CREATEDB;

CREATE DATABASE ads WITH ENCODING ‘UNICODE’ LC_COLLATE ‘C’ LC_CTYPE ‘C’ TEMPLATE template0;

GRANT ALL PRIVILEGES ON DATABASE ads TO adsuser;

CREATE SCHEMA ads AUTHORIZATION adsuser;

– ALTER DATABASE ads SET search_path TO ‘ads’;

ALTER DATABASE ads OWNER TO adsuser;

执行如下命令下,将输出重定向到一个名为ads-db-secret的yaml文件里。

kubectl create secret generic ads-db-secret --from-file initdb.sql --dry-run -o yaml > ads-db-secret.yaml

这个secret文件如下:

将自动生成的creationTimestamp删除,再添加postgres_password_value。

最后使用kubectl app生成secret。

Stateful Set是Kubernetes 1.9版本新引入的一个概念,用于管理有状态的应用。

Kubernetes官方文档:

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

StatefulSet由以下几个部分组成:

1. 用于定义网络标志(DNS domain)的Headless Service

2. 用于创建PersistentVolumes的volumeClaimTemplates

3. 定义具体应用的StatefulSet

下面我给出了一个实际应用中的StatefulSet的yaml文件:

--- apiVersion: apps/v1 kind: StatefulSet metadata: name: ads-db-statefulset labels: component: ads module: db spec: serviceName: ads-db-service replicas: 1 selector: matchLabels: component: ads module: db template: metadata: labels: component: ads module: db spec: volumes: - name: init secret: secretName: ads-db-secret items: - key: initdb.sql path: initdb.sql containers: - name: ads-db-pod image: postgres:9.6 ports: - containerPort: 5432 name: ads-db-port volumeMounts: - name: ads-db-volume mountPath: /var/lib/postgresql/data/ - name: init mountPath: /docker-entrypoint-initdb.d/ env: - name: PGDATA valueFrom: configMapKeyRef: name: ads-db-configmap key: pgdata_value - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ads-db-secret key: postgres_password_value volumeClaimTemplates: - metadata: name: ads-db-volume labels: component: ads module: db spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi

使用kubectl get statefulset查看生成的statefulset:

生成的headless service:

生成的pod:

当我把statefulset yaml文件里的replicas从1改成3之后,果然观察到有两个新的pod正在启动,并且名称满足命名规范-X。

使用kubectl describe查看创建的statefulset明细:

statefulSet自动创建的persistentVolumeClaim:

The files belonging to this database system will be owned by user “postgres”.

This user must also own the server process.

The database cluster will be initialized with locale “en_US.utf8”.

如何在Kubernetes里给PostgreSQL创建secret

The default database encoding has accordingly been set to “UTF8”.

The default text search configuration will be set to “english”.

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data/pgdata … ok

creating subdirectories … ok

selecting default max_connections … 100

selecting default shared_buffers … 128MB

selecting dynamic shared memory implementation … posix

creating configuration files … ok

running bootstrap script … ok

performing post-bootstrap initialization … ok

syncing data to disk … ok

Success. You can now start the database server using:

pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start

使用下面的命令登录到statefulset提供的postgreSQL服务器上:

1. kubectl run tester -it --rm --image=postgres:9.6 --env=“PGCONNECT_TIMEOUT=5” --command – bash

看到root$之后,说明我们已经连接上pod了。

使用如下命令行连接postgreSQL服务器:

psql -h ads-db-statefulset-0.ads-db-service -p 5432 -U adsuser -W ads

当然如果不用命令行,也可以使用pgadmin,以图形化界面连接statefulSet里的postgreSQL服务器:

sudo apt install pgadmin3

进行端口转发,这样我们可以使用localhost:5432进行连接:

kubectl port-forward ads-db-statefulset-0 5432:5432

也能成功连接:

要获取更多Jerry的原创文章,请关注公众号"汪子熙"。

Kubernetes PostgreSQL

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:OBS中配置子账号权限实践
下一篇:我与HCIA职业认证训练营的第一次亲密接触
相关文章