postgresql - Kubernetes pod 内部无法通信
问题描述
在我的 K8 集群中,我在同一个命名空间中有两个部署。一个部署用于 Database-Postgres,另一个部署用于 Tomcat。Tomcat 应该可以从外部访问,因此我已经配置了“NodePort”服务,并且对于内部通信,我通过公开 Postgres 的端口(即 5432)创建了一个“ClusterIP”服务。部署完所有内容后,我希望 Tomcat pod 与 Postgres pod 进行通信。但是当我从 Tomcat pod 中“curl postgres-service:5432”时,我收到“Connection denied”消息。有没有配置错误?
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
namespace: application
labels:
app: application-tomcat
spec:
type: NodePort
ports:
- name: tomcat-port
targetPort: 80
port: 80
selector:
app: application-tomcat
---
apiVersion: v1
kind: Service
metadata:
name: postgres-service
namespace: application
labels:
app: application-postgres
spec:
ports:
- port: 5432
name: postgres-port
selector:
app: application-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: application-tomcat-deployment
namespace: application
labels:
app: application-tomcat
spec:
replicas: 1
selector:
matchLabels:
app: application-tomcat
template:
metadata:
labels:
app: application-tomcat
spec:
containers:
- name: application-container
image: tomcat
command:
- sleep
- "infinity"
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: application
name: application-postgres-deployment
labels:
app: application-postgres
spec:
replicas: 1
selector:
matchLabels:
app: application-postgres
template:
metadata:
labels:
app: application-postgres
spec:
containers:
- name: postgres
image: postgres
command:
- sleep
- "infinity"
ports:
- containerPort: 5432
name: postgredb
Postgres pod 正在侦听端口“5432”并且数据库正在运行。
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
命名空间中的资源
$ kubectl get all -n application
NAME READY STATUS RESTARTS AGE
pod/application-postgres-deployment-694869cd5d-wrhzr 1/1 Running 0 9m9s
pod/application-tomcat-deployment-6db75ffb6d-ds8fr 1/1 Running 0 9m9s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/postgres-service ClusterIP 10.32.0.207 <none> 5432/TCP 9m9s
service/tomcat-service NodePort 10.32.0.59 <none> 80:31216/TCP 9m9s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/application-postgres-deployment 1/1 1 1 9m9s
deployment.apps/application-tomcat-deployment 1/1 1 1 9m9s
NAME DESIRED CURRENT READY AGE
replicaset.apps/application-postgres-deployment-694869cd5d 1 1 1 9m9s
replicaset.apps/application-tomcat-deployment-6db75ffb6d 1 1 1 9m9s
解决方案
ENTRYPOINT
您已经通过指定覆盖了 postgresql 映像中的默认值deployment.spec.template.containers[0].command
。所以现在在部署的 pod 内运行的唯一进程nginx-statefulset
是sleep infinity
postgres 没有运行。删除命令字段并添加其中一个POSTGRES_PASSWORD
或POSTGRES_HOST_AUTH_METHOD=trust
环境变量应该可以解决问题。使用以下清单nginx-statefulset
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-statefulset
namespace: nginx
spec:
replicas: 1
selector:
matchLabels:
BIZID: nginx
template:
metadata:
labels:
BIZID: nginx
spec:
containers:
- name: postgres
image: postgres
env:
- name: POSTGRES_PASSWORD
value: admin
ports:
- containerPort: 5432
name: postgredb
您必须设置 env 变量POSTGRES_PASSWORD
或POSTGRES_HOST_AUTH_METHOD=trust
. 如果没有这个,pod 将崩溃循环并显示以下错误消息:
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
推荐阅读
- python-3.x - 为什么这个 Python3 聊天在几条消息后失败?
- protocol-buffers - Protobuf:将带有公共数据的输入流式传输到所有元素
- reactjs - htaccess:反应站点上的 301 重定向导致重复模式
- javascript - 在特定时间后自动保存表单数据
- php - 通过Android Studio将记录插入MYSQL数据库时更新多列
- c++ - MPI 点对点通信到集体通信
- .net-core - 在 Hangfire 项目中使用 Dapper 库时,如何解决 .NET Core 引用和 NuGet 包版本冲突?
- c++ - 为什么它是使用 GCC 的模棱两可的函数调用?模板扣除失败?
- django - 使用实例编辑 django 表单总是加载空表单字段
- wordpress - wordpress 网站上上传的图片未显示在移动设备上