在Istio 0.8中的Mongo statefulset

时间:2018-06-12 18:06:51

标签: mongodb kubernetes google-kubernetes-engine istio kubernetes-statefulset

我遇到了尝试在运行istio 0.8时使用cvallance的sidecar部署有状态mongodb复制集的问题,如果我将istio从混合中移除一切正常,但是当启用istio时mongo-sidecars就可以了发现彼此和replicaset没有配置。以下是我的mongo部署和服务。

apiVersion: v1
kind: Service
metadata:
  labels:
    service: mongo-test
    environment: test
  name: mongo-test
  namespace: test
spec:
  ports:
  - name: mongo
    port: 27017
  clusterIP: None
  selector:
    service: mongo-test
    role: mongo-test
    environment: test
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mongo-test
  namespace: test
spec:
  serviceName: "mongo-test"
  replicas: 3
  selector:
    matchLabels:
      service: mongo-test
  template:
    metadata:
      labels:
        role: mongo-test
        environment: test
        service: mongo-test
    spec:
      serviceAccountName: mongo-test-serviceaccount
      terminationGracePeriodSeconds: 60
      containers:
        - name: mongo
          image: mongo:3.6.5
          resources:
            requests:
              cpu: "10m"
          command:
            - mongod
            - "--bind_ip_all"
            - "--replSet"
            - rs0
            - "--smallfiles"
            - "--noprealloc"
          ports:
            - containerPort: 27017
          volumeMounts:
            - name: mongo-persistent-storage
              mountPath: /data/db
        - name: mongo-sidecar
          image: cvallance/mongo-k8s-sidecar
          resources:
            requests:
              cpu: "10m"
          env:
            - name: MONGO_SIDECAR_POD_LABELS
              value: "role=mongo-test,environment=test"
  volumeClaimTemplates:
  - metadata:
      name: mongo-persistent-storage
      annotations:
        volumes.beta.kubernetes.io/storage-class: "mongo-ssd"
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 100Gi

2 个答案:

答案 0 :(得分:1)

istio至少在V.1.0.2之前不支持有状态集的双向TLS

答案 1 :(得分:0)

您是否看到此错误消息?

  

工作循环中的错误{错误:在以下位置连接ECONNREFUSED 10.x.x.x:443   TCPConnectWrap.afterConnect [oncomplete](net.js:x:x)错误号:   'ECONNREFUSED',代码:'ECONNREFUSED',系统调用:'connect',地址:   '10 .x.x.x',端口:443}工作循环中的错误{错误:读取ECONNRESET   在TLSWrap.onread(net.js:x:x)errno上:'ECONNRESET',代码:   'ECONNRESET',系统调用:'read'}

我已经复制了它。我已经在启用了Mutual TLS Auth的Istio名称空间上运行了MongoDB Statefulset。我遇到了上述错误消息。

我能够通过禁用双向TLS身份验证来修复它。

您是否在MongoDB StatefulSet中的边车之间使用双向TLS身份验证? 如果是,将显示上述错误消息。

一旦我禁用了双向TLS身份验证,mongo statefulset就会起作用。 如果您正在运行双向TLS身份验证,请禁用它,并且statefulset应该起作用。它对我有效。

相关问题
最新问题