如何在Kubernetes里给PostgreSQL创建secret
创建一个initdb.sql文件,输入如下内容:
– This is a postgres initialization script for the postgres container.
– Will be executed during container initialization ($> psql postgres -f initdb.sql)
CREATE ROLE adsuser WITH LOGIN PASSWORD ‘initial’ INHERIT CREATEDB;
CREATE DATABASE ads WITH ENCODING ‘UNICODE’ LC_COLLATE ‘C’ LC_CTYPE ‘C’ TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE ads TO adsuser;
CREATE SCHEMA ads AUTHORIZATION adsuser;
– ALTER DATABASE ads SET search_path TO ‘ads’;
ALTER DATABASE ads OWNER TO adsuser;
执行如下命令下,将输出重定向到一个名为ads-db-secret的yaml文件里。
kubectl create secret generic ads-db-secret --from-file initdb.sql --dry-run -o yaml > ads-db-secret.yaml
这个secret文件如下:
将自动生成的creationTimestamp删除,再添加postgres_password_value。
最后使用kubectl app生成secret。
Stateful Set是Kubernetes 1.9版本新引入的一个概念,用于管理有状态的应用。
Kubernetes官方文档:
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.
Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.
StatefulSet由以下几个部分组成:
1. 用于定义网络标志(DNS domain)的Headless Service
2. 用于创建PersistentVolumes的volumeClaimTemplates
3. 定义具体应用的StatefulSet
下面我给出了一个实际应用中的StatefulSet的yaml文件:
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ads-db-statefulset
labels:
component: ads
module: db
spec:
serviceName: ads-db-service
replicas: 1
selector:
matchLabels:
component: ads
module: db
template:
metadata:
labels:
component: ads
module: db
spec:
volumes:
- name: init
secret:
secretName: ads-db-secret
items:
- key: initdb.sql
path: initdb.sql
containers:
- name: ads-db-pod
image: postgres:9.6
ports:
- containerPort: 5432
name: ads-db-port
volumeMounts:
- name: ads-db-volume
mountPath: /var/lib/postgresql/data/
- name: init
mountPath: /docker-entrypoint-initdb.d/
env:
- name: PGDATA
valueFrom:
configMapKeyRef:
name: ads-db-configmap
key: pgdata_value
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ads-db-secret
key: postgres_password_value
volumeClaimTemplates:
- metadata:
name: ads-db-volume
labels:
component: ads
module: db
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
使用kubectl get statefulset查看生成的statefulset:
生成的headless service:
生成的pod:
当我把statefulset yaml文件里的replicas从1改成3之后,果然观察到有两个新的pod正在启动,并且名称满足命名规范<stateful set name >-X。
使用kubectl describe查看创建的statefulset明细:
statefulSet自动创建的persistentVolumeClaim:
The files belonging to this database system will be owned by user “postgres”.
This user must also own the server process.
The database cluster will be initialized with locale “en_US.utf8”.
The default database encoding has accordingly been set to “UTF8”.
The default text search configuration will be set to “english”.
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data/pgdata … ok
creating subdirectories … ok
selecting default max_connections … 100
selecting default shared_buffers … 128MB
selecting dynamic shared memory implementation … posix
creating configuration files … ok
running bootstrap script … ok
performing post-bootstrap initialization … ok
syncing data to disk … ok
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start
使用下面的命令登录到statefulset提供的postgreSQL服务器上:
1. kubectl run tester -it --rm --image=postgres:9.6 --env=“PGCONNECT_TIMEOUT=5” --command – bash
看到root$之后,说明我们已经连接上pod了。
使用如下命令行连接postgreSQL服务器:
psql -h ads-db-statefulset-0.ads-db-service -p 5432 -U adsuser -W ads
当然如果不用命令行,也可以使用pgadmin,以图形化界面连接statefulSet里的postgreSQL服务器:
sudo apt install pgadmin3
进行端口转发,这样我们可以使用localhost:5432进行连接:
kubectl port-forward ads-db-statefulset-0 5432:5432
也能成功连接:
要获取更多Jerry的原创文章,请关注公众号"汪子熙"。
- 点赞
- 收藏
- 关注作者
评论(0)