又回来了。我已经启动并运行了kube集群,还附加了一个mysql pod、一个postgres pod和相关的卷/服务映射。除了应用程序名称、端口和容器元素中的信息之外,这些配置几乎是相同的。我提到这一点,因为这似乎是我的问题所在。
我可以连接到我的mysql实例在'mysql'没有问题,从我的本地机器使用转发,从任何pod。但是我的postgres pod…我的其他舱似乎都无法访问它。我可以连接到'postgres'使用我的DB控制台本地使用转发,但pod得到'Connection Refused'每当他们试图连接。
这里有一个例子。我加载了一个简单的alpine镜像,安装了postgres客户端,连接到mysql,然后尝试连接到我的postgres实例。
$ cat utils.yaml
apiVersion: v1
kind: Pod
metadata:
name: utils
namespace: default
spec:
restartPolicy: Always
serviceAccountName: default
containers:
- name: utils
image: alpine:latest
command:
- sleep
- "14400"
imagePullPolicy: IfNotPresent
$ kubectl apply -f utils.yaml
kupod/utils created
$ kubectl exec -it utils -- /bin/ash
# apk add mysql-client
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
(1/7) Installing mariadb-common (10.5.12-r0)
(2/7) Installing libgcc (10.3.1_git20210424-r2)
(3/7) Installing ncurses-terminfo-base (6.2_p20210612-r0)
(4/7) Installing ncurses-libs (6.2_p20210612-r0)
(5/7) Installing libstdc++ (10.3.1_git20210424-r2)
(6/7) Installing mariadb-client (10.5.12-r0)
(7/7) Installing mysql-client (10.5.12-r0)
Executing busybox-1.33.1-r3.trigger
OK: 39 MiB in 21 packages
# apk add postgresql-client
(1/6) Installing gdbm (1.19-r0)
(2/6) Installing libsasl (2.1.27-r12)
(3/6) Installing libldap (2.4.58-r0)
(4/6) Installing libpq (13.4-r0)
(5/6) Installing readline (8.1.0-r0)
(6/6) Installing postgresql-client (13.4-r0)
Executing busybox-1.33.1-r3.trigger
OK: 42 MiB in 27 packages
# mysql -h mysql -utestuser -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MySQL connection id is 155
Server version: 5.6.51 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MySQL [(none)]> Ctrl-C -- exit!
Aborted
# psql -h postgres -U testuser
psql: error: could not connect to server: Connection refused
Is the server running on host "postgres" (192.168.152.97) and accepting
TCP/IP connections on port 5432?
这是我对postgres的yamls:
---
#create secrets and maps using:
#kubectl create configmap postgres --from-file=postgres-config/
#kubectl create secret generic postgres --from-file=postgres-ecrets/
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: default
labels:
app: postgres
spec:
ports:
- name: postgres
port: 5432
selector:
app: postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: default
spec:
selector:
matchLabels:
app: postgres
strategy:
type: Recreate
template:
metadata:
labels:
app: postgres
spec:
securityContext:
runAsUser: 70
fsGroup: 70
containers:
- name: postgres
image: postgres:alpine
imagePullPolicy: IfNotPresent
args:
- -c
- hba_file=/etc/postgres-config/pg_hba.conf
- -c
- config_file=/etc/postgres-config/postgresql.conf
env:
- name: PGDATA
value: /var/lib/postgres-data
- name: POSTGRES_PASSWORD_FILE
value: /etc/postgres-secrets/postgres-pwd.txt
ports:
- name: postgres
containerPort: 5432
hostPort: 5432
protocol: TCP
volumeMounts:
- name: postgres-config
mountPath: /etc/postgres-config
- name: postgres-storage
mountPath: /var/lib/postgres-data
subPath: postgres
- name: postgres-secrets
mountPath: /etc/postgres-secrets
volumes:
- name: postgres-config
configMap:
name: postgres
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-claim
- name: postgres-secrets
secret:
secretName: postgres
defaultMode: 384
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-gluster-pv
namespace: default
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
glusterfs:
endpoints: gluster-cluster
path: /gv0
readOnly: false
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-claim
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
最后,我的postgresql .conf和pg_hba.conf:
$ cat postgres.conf
ssl = on
ssl_ca_file = '/etc/postgres-secrets/root.crt'
ssl_cert_file = '/etc/postgres-secrets/server.crt'
ssl_key_file = '/etc/postgres-secrets/server.key'
$ cat pg_hba.conf
# Trust local connection - no password required.
local all all trust
hostssl all all all md5
再一次…想通了。@Sami的评论让我走上了正确的道路。我将listen-address设置为"localhost",它需要设置为"*">