如何在Kubernetes里給PostgreSQL創(chuàng)建secret

創(chuàng)建一個(gè)initdb.sql文件，輸入如下內(nèi)容：

– This is a postgres initialization script for the postgres container.

– Will be executed during container initialization ($> psql postgres -f initdb.sql)

CREATE ROLE adsuser WITH LOGIN PASSWORD ‘initial’ INHERIT CREATEDB;

CREATE DATABASE ads WITH ENCODING ‘UNICODE’ LC_COLLATE ‘C’ LC_CTYPE ‘C’ TEMPLATE template0;

GRANT ALL PRIVILEGES ON DATABASE ads TO adsuser;

CREATE SCHEMA ads AUTHORIZATION adsuser;

– ALTER DATABASE ads SET search_path TO ‘a(chǎn)ds’;

ALTER DATABASE ads OWNER TO adsuser;

執(zhí)行如下命令下，將輸出重定向到一個(gè)名為ads-db-secret的yaml文件里。

kubectl create secret generic ads-db-secret --from-file initdb.sql --dry-run -o yaml > ads-db-secret.yaml

這個(gè)secret文件如下：

將自動(dòng)生成的creationTimestamp刪除，再添加postgres_password_value。

最后使用kubectl app生成secret。

Stateful Set是Kubernetes 1.9版本新引入的一個(gè)概念，用于管理有狀態(tài)的應(yīng)用。

Kubernetes官方文檔：

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

StatefulSet由以下幾個(gè)部分組成：

1. 用于定義網(wǎng)絡(luò)標(biāo)志（DNS domain）的Headless Service

2. 用于創(chuàng)建PersistentVolumes的volumeClaimTemplates

3. 定義具體應(yīng)用的StatefulSet

下面我給出了一個(gè)實(shí)際應(yīng)用中的StatefulSet的yaml文件：

--- apiVersion: apps/v1 kind: StatefulSet metadata: name: ads-db-statefulset labels: component: ads module: db spec: serviceName: ads-db-service replicas: 1 selector: matchLabels: component: ads module: db template: metadata: labels: component: ads module: db spec: volumes: - name: init secret: secretName: ads-db-secret items: - key: initdb.sql path: initdb.sql containers: - name: ads-db-pod image: postgres:9.6 ports: - containerPort: 5432 name: ads-db-port volumeMounts: - name: ads-db-volume mountPath: /var/lib/postgresql/data/ - name: init mountPath: /docker-entrypoint-initdb.d/ env: - name: PGDATA valueFrom: configMapKeyRef: name: ads-db-configmap key: pgdata_value - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ads-db-secret key: postgres_password_value volumeClaimTemplates: - metadata: name: ads-db-volume labels: component: ads module: db spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi

使用kubectl get statefulset查看生成的statefulset:

生成的headless service：

生成的pod：

當(dāng)我把statefulset yaml文件里的replicas從1改成3之后，果然觀察到有兩個(gè)新的pod正在啟動(dòng)，并且名稱滿足命名規(guī)范-X。

使用kubectl describe查看創(chuàng)建的statefulset明細(xì)：

statefulSet自動(dòng)創(chuàng)建的persistentVolumeClaim：

The files belonging to this database system will be owned by user “postgres”.

This user must also own the server process.

The database cluster will be initialized with locale “en_US.utf8”.

The default database encoding has accordingly been set to “UTF8”.

The default text search configuration will be set to “english”.

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data/pgdata … ok

creating subdirectories … ok

selecting default max_connections … 100

selecting default shared_buffers … 128MB

selecting dynamic shared memory implementation … posix

creating configuration files … ok

running bootstrap script … ok

performing post-bootstrap initialization … ok

syncing data to disk … ok

Success. You can now start the database server using:

pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start

使用下面的命令登錄到statefulset提供的postgreSQL服務(wù)器上：

1. kubectl run tester -it --rm --image=postgres:9.6 --env=“PGCONNECT_TIMEOUT=5” --command – bash

看到root$之后，說明我們已經(jīng)連接上pod了。

使用如下命令行連接postgreSQL服務(wù)器：

psql -h ads-db-statefulset-0.ads-db-service -p 5432 -U adsuser -W ads

當(dāng)然如果不用命令行，也可以使用pgadmin，以圖形化界面連接statefulSet里的postgreSQL服務(wù)器：

sudo apt install pgadmin3

進(jìn)行端口轉(zhuǎn)發(fā)，這樣我們可以使用localhost：5432進(jìn)行連接：

kubectl port-forward ads-db-statefulset-0 5432:5432

也能成功連接：

要獲取更多Jerry的原創(chuàng)文章，請(qǐng)關(guān)注公眾號(hào)"汪子熙"。

Kubernetes PostgreSQL

版權(quán)聲明：本文內(nèi)容由網(wǎng)絡(luò)用戶投稿，版權(quán)歸原作者所有，本站不擁有其著作權(quán)，亦不承擔(dān)相應(yīng)法律責(zé)任。如果您發(fā)現(xiàn)本站中有涉嫌抄襲或描述失實(shí)的內(nèi)容，請(qǐng)聯(lián)系我們jiasou666@gmail.com 處理，核實(shí)后本網(wǎng)站將在24小時(shí)內(nèi)刪除侵權(quán)內(nèi)容。

版權(quán)聲明：本文內(nèi)容由網(wǎng)絡(luò)用戶投稿，版權(quán)歸原作者所有，本站不擁有其著作權(quán)，亦不承擔(dān)相應(yīng)法律責(zé)任。如果您發(fā)現(xiàn)本站中有涉嫌抄襲或描述失實(shí)的內(nèi)容，請(qǐng)聯(lián)系我們jiasou666@gmail.com 處理，核實(shí)后本網(wǎng)站將在24小時(shí)內(nèi)刪除侵權(quán)內(nèi)容。