如何在Kubernetes里给PostgreSQL创建secret

举报
汪子熙 发表于 2021/12/25 21:36:48 2021/12/25
【摘要】 创建一个initdb.sql文件,输入如下内容:– This is a postgres initialization script for the postgres container.– Will be executed during container initialization ($> psql postgres -f initdb.sql)CREATE ROLE adsuser ...

创建一个initdb.sql文件,输入如下内容:

– This is a postgres initialization script for the postgres container.
– Will be executed during container initialization ($> psql postgres -f initdb.sql)
CREATE ROLE adsuser WITH LOGIN PASSWORD ‘initial’ INHERIT CREATEDB;
CREATE DATABASE ads WITH ENCODING ‘UNICODE’ LC_COLLATE ‘C’ LC_CTYPE ‘C’ TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE ads TO adsuser;
CREATE SCHEMA ads AUTHORIZATION adsuser;
– ALTER DATABASE ads SET search_path TO ‘ads’;
ALTER DATABASE ads OWNER TO adsuser;

执行如下命令下,将输出重定向到一个名为ads-db-secret的yaml文件里。
kubectl create secret generic ads-db-secret --from-file initdb.sql --dry-run -o yaml > ads-db-secret.yaml

这个secret文件如下:在这里插入图片描述
将自动生成的creationTimestamp删除,再添加postgres_password_value。
在这里插入图片描述
最后使用kubectl app生成secret。
在这里插入图片描述

Stateful Set是Kubernetes 1.9版本新引入的一个概念,用于管理有状态的应用。

Kubernetes官方文档:

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

StatefulSet由以下几个部分组成:

1. 用于定义网络标志(DNS domain)的Headless Service

2. 用于创建PersistentVolumes的volumeClaimTemplates

3. 定义具体应用的StatefulSet

下面我给出了一个实际应用中的StatefulSet的yaml文件:

---

apiVersion: apps/v1

kind: StatefulSet

metadata:

name: ads-db-statefulset

labels:

component: ads

module: db

spec:

serviceName: ads-db-service

replicas: 1

selector:

matchLabels:

component: ads

module: db

template:

metadata:

labels:

component: ads

module: db

spec:

volumes:

- name: init

secret:

secretName: ads-db-secret

items:

- key: initdb.sql

path: initdb.sql

containers:

- name: ads-db-pod

image: postgres:9.6

ports:

- containerPort: 5432

name: ads-db-port

volumeMounts:

- name: ads-db-volume

mountPath: /var/lib/postgresql/data/

- name: init

mountPath: /docker-entrypoint-initdb.d/

env:

- name: PGDATA

valueFrom:

configMapKeyRef:

name: ads-db-configmap

key: pgdata_value

- name: POSTGRES_PASSWORD

valueFrom:

secretKeyRef:

name: ads-db-secret

key: postgres_password_value

volumeClaimTemplates:

- metadata:

name: ads-db-volume

labels:

component: ads

module: db

spec:

accessModes: [ "ReadWriteOnce" ]

resources:

requests:

storage: 1Gi

使用kubectl get statefulset查看生成的statefulset:

生成的headless service:

生成的pod:

当我把statefulset yaml文件里的replicas从1改成3之后,果然观察到有两个新的pod正在启动,并且名称满足命名规范<stateful set name >-X。

使用kubectl describe查看创建的statefulset明细:

statefulSet自动创建的persistentVolumeClaim:

The files belonging to this database system will be owned by user “postgres”.

This user must also own the server process.

The database cluster will be initialized with locale “en_US.utf8”.

The default database encoding has accordingly been set to “UTF8”.

The default text search configuration will be set to “english”.

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data/pgdata … ok

creating subdirectories … ok

selecting default max_connections … 100

selecting default shared_buffers … 128MB

selecting dynamic shared memory implementation … posix

creating configuration files … ok

running bootstrap script … ok

performing post-bootstrap initialization … ok

syncing data to disk … ok

Success. You can now start the database server using:

pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start

使用下面的命令登录到statefulset提供的postgreSQL服务器上:

1. kubectl run tester -it --rm --image=postgres:9.6 --env=“PGCONNECT_TIMEOUT=5” --command – bash

看到root$之后,说明我们已经连接上pod了。

使用如下命令行连接postgreSQL服务器:

psql -h ads-db-statefulset-0.ads-db-service -p 5432 -U adsuser -W ads

当然如果不用命令行,也可以使用pgadmin,以图形化界面连接statefulSet里的postgreSQL服务器:

sudo apt install pgadmin3

进行端口转发,这样我们可以使用localhost:5432进行连接:

kubectl port-forward ads-db-statefulset-0 5432:5432

也能成功连接:

要获取更多Jerry的原创文章,请关注公众号"汪子熙"。

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。