无法从外部登录Kubernetes集群内部的Postgres [英] Unable to login to Postgres inside Kubernetes cluster from the outside

问题描述

我只想从K8集群外部登录到postgres数据库。我创建了以下配置：

  apiVersion：apps / v1 
类型：部署
元数据：
名称：postgres 
规范：
副本：1 
选择器：
 matchLabels：
应用程序：postgres 
模板：
元数据：
标签：
应用程序：postgres 
规范：
卷：
-名称：postgres-storage 
persistentVolumeClaim：
 ClaimName ：数据库持久卷声明
容器：
-名称：postgres 
图片：postgres 
 volume安装：
-名称：postgres-storage 
 mountPath ：/ var / lib / postgresql / data 
子路径：postgres 
 env：
-名称：POSTGRES_USER 
v别名：postgres 
-名称：POSTGRES_PORT 
值：'5432'
-名称：POSTGRES_DB 
值：postgres 
-名称：POSTGRES_PASSWORD 
值：密码
-名称：POSTGRES_HOST_AUTH_METHOD 
值：信任
-
 api版本：v1 
类型：服务
元数据：
名称：postgres- srv 
规格：
选择器：
应用程序：postgres 
类型：NodePort 
端口：
-名称：postgres 
协议：TCP 
端口：5432 
目标端口：5432 
  

配置映射：

  apiVersion：v1 
类型：ConfigMap 
元数据：
名称：tcp-services 
命名空间：ingress- nginx 
数据：
 5432： default / postgres-srv：5432 
  

我已经检查了 kubectl get services 并尝试使用端点和cluster-ip。

psql postgresql：// postgres：password @ [ip]：5432 / postgres p>

吊舱正在运行，日志显示一切就绪。我在这里想念什么吗？我正在数字海洋中运行群集。

编辑：

我希望能够从主机访问数据库。 （sub.domain.com）我已经撤消了部署，但仍然无法进入。我针对的唯一配置是上面显示的配置。我的网域确实有A记录，并且可以通过我的Ingress Nginx服务访问其他暴露的Pod。

解决方案

您可以

注意：我在

I want to simply login to a postgres db from outside my K8 cluster. I'm created the following config:

apiVersion: apps/v1
kind: Deployment
metadata:
    name: postgres 
spec:
    replicas: 1
    selector: 
        matchLabels:
            app: postgres 
    template:
        metadata:
            labels:
                app: postgres 
        spec:
            volumes:
                - name: postgres-storage
                  persistentVolumeClaim: 
                    claimName: database-persistent-volume-claim
            containers:
                - name: postgres 
                  image: postgres
                  volumeMounts:
                    - name: postgres-storage
                      mountPath: /var/lib/postgresql/data
                      subPath: postgres
                  env:
                    - name: POSTGRES_USER
                      value: postgres
                    - name: POSTGRES_PORT
                      value: '5432'
                    - name: POSTGRES_DB
                      value: postgres
                    - name: POSTGRES_PASSWORD
                      value: password
                    - name: POSTGRES_HOST_AUTH_METHOD
                      value: trust
---
apiVersion: v1
kind: Service
metadata:
    name: postgres-srv
spec:
    selector:
        app: postgres
    type: NodePort
    ports:
        - name: postgres
          protocol: TCP
          port: 5432
          targetPort: 5432

Config Map:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  5432: "default/postgres-srv:5432"

I've checked kubectl get services and attempted to use the endpoint and the cluster-ip. Neith of these worked.

psql "postgresql://postgres:password@[ip]:5432/postgres"

The pod is running and the logs say everything is ready. Anything I'm missing here? I'm running the cluster in digital ocean.

edit:

I want to be able to access the DB from my host. (sub.domain.com) I've bounced the deployments and still can't get in. The only config I've targeted is what is shown above. I do have an A record for my domain and can access my other exposed pods via my ingress nginx service

解决方案

You can expose TCP and UDP services with ingress-nginx configuration.

For example using GKE with ingress-nginx, nfs-server-provisioner and the bitnami/postgresql helm charts:

kubectl create secret generic -n default postgresql \
    --from-literal=postgresql-password=$(openssl rand -base64 32) \
    --from-literal=postgresql-replication-password=$(openssl rand -base64 32)
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install -n default postgres bitnami/postgresql \
    --set global.storageClass=nfs-client \
    --set existingSecret=postgresql

Patch the ingress-nginx tcp-services ConfigMap:

kubectl patch cm -n ingress-nginx tcp-services -p '{"data": {"5432": "default/postgres-postgresql:5432"}}'

Update the controllers Service for the proxied port (i.e. kubectl edit svc -n ingress-nginx ingress-nginx):

  - name: postgres
    port: 5432
    protocol: TCP
    targetPort: 5432

Note: you may have to update the existing ingress-nginx controller deployments args (i.e. kubectl edit deployments.apps -n ingress-nginx nginx-ingress-controller) to include --tcp-services-configmap=ingress-nginx/tcp-services and bounce the ingress-nginx controller if you edit the deployment spec (i.e. kubectl scale deployment -n ingress-nginx --replicas=0 && kubectl scale deployment -n ingress-nginx --replicas=3).

Test the connection:

export PGPASSWORD=$(kubectl get secrets -n default postgresql -o jsonpath={.data.postgresql-password} |base64 -d)
docker run --rm -it \
    -e PGPASSWORD=${PGPASSWORD} \
    --entrypoint psql \
    --network host \
    postgres:13-alpine -U postgres -d postgres -h example.com

Note: I manually created an A record in Google Cloud DNS to resolve the hostname to the clusters external IP.

Update: in addition to creating the ingress-nginx config, installing the bitnami/postgresql chart etc. it was necessary to Disable "Proxy Protocol" on the Load Balancer to get the connections working for a deployment in DigitalOcean (postgres will LOG: invalid length of startup packet otherwise):

这篇关于无法从外部登录Kubernetes集群内部的Postgres的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！