我无法在kubernetes上部署postgres(单节点,官方映像),并且不允许服务通过ClusterIP服务访问postgres。
配置非常简单-命名空间,部署,服务:
---
apiVersion: v1
kind: Namespace
metadata:
name: database
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
namespace: database
name: postgres
spec:
replicas: 1
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:11.1
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
---
apiVersion: v1
kind: Service
metadata:
name: pg
namespace: database
labels:
app: postgres
spec:
selector:
app: postgres
ports:
- protocol: TCP
name: postgres
port: 5432
targetPort: 5432
要进行测试,将“ / bin / bash”执行到pod中,并运行一个简单的psql命令来测试连接。在本地一切正常:
kubectl --kubeconfig $k8sconf -n database exec -it $(kubectl --kubeconfig $k8sconf -n database get pods -o jsonpath='{.items[*].metadata.name}') -- psql -U admin postgresdb -c "\t"
Tuples only is on.
但是,一旦我尝试通过服务访问postgres,命令就会失败:
kubectl --kubeconfig $k8sconf -n database exec -it $(kubectl --kubeconfig $k8sconf -n database get pods -o jsonpath='{.items[*].metadata.name}') -- psql -h pg -U admin postgresdb -c "\t"
psql: could not connect to server: Connection timed out
Is the server running on host "pg" (10.245.102.15) and accepting
TCP/IP connections on port 5432?
这是在DigitalOcean单节点群集(1.12.3)上进行的测试。
Postgres在正确的端口上通过*
进行了监听,pg_hba.conf
的默认外观如下:
...
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
host all all all md5
要复制,请参见this gist
执行通过(请使用新的集群并直通):
export k8sconf=/path/to/your/k8s/confic/file
kubectl --kubeconfig $k8sconf apply -f https://gist.githubusercontent.com/sontags/c364751e7f0d8ba1a02a9805efc68db6/raw/01b1808348541d743d6a861402cfba224bee8971/database.yaml
kubectl --kubeconfig $k8sconf -n database exec -it $(kubectl --kubeconfig $k8sconf -n database get pods -o jsonpath='{.items[*].metadata.name}') -- /bin/bash /reproducer/runtest.sh
任何提示为何该服务不允许连接或执行其他测试?
答案 0 :(得分:2)
很难告知您是否无法访问您的集群。在我的AWS集群上可以正常工作。一些要看的东西:
pg
已解析为10.245.102.15
,因此DNS似乎很好5432
上的任何来源的流量?请注意,PodCidr和K8s服务IP范围与(您的Droplet的)hostCidr不同。