当我尝试执行以下命令时
["/bin/sh", "-c", "cqlsh cassandra.my-namespace.svc.cluster.local -f /path/to/schema.cql"]
从我的工作中,我收到以下错误:
Traceback (most recent call last):
File "/usr/bin/cqlsh.py", line 2443, in <module>
main(*read_options(sys.argv[1:], os.environ))
File "/usr/bin/cqlsh.py", line 2421, in main
encoding=options.encoding)
File "/usr/bin/cqlsh.py", line 485, in __init__
load_balancing_policy=WhiteListRoundRobinPolicy([self.hostname]),
File "/usr/share/cassandra/lib/cassandra-driver-internal-only-3.11.0-bb96859b.zip/cassandra-driver-3.11.0-bb96859b/cassandra/policies.py", line 417, in __init__
socket.gaierror: [Errno -2] Name or service not known
“我的工作”定义为带有post-install批注的Helm Hook。我的Cassandra Pod是使用StatefulSet定义的。
kind: StatefulSet
metadata:
name: cassandra
spec:
serviceName: cassandra
replicas: 1
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra
image: cassandra:3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
env:
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.default.svc.cluster.local
- name: MAX_HEAP_SIZE
value: 256M
- name: HEAP_NEWSIZE
value: 100M
- name: CASSANDRA_CLUSTER_NAME
value: "Cassandra"
- name: CASSANDRA_DC
value: "DC1"
- name: CASSANDRA_RACK
value: "Rack1"
- name: CASSANDRA_ENDPOINT_SNITCH
value: GossipingPropertyFileSnitch
volumeMounts:
- name: cassandra-data
mountPath: /var/lib/cassandra/data
volumeClaimTemplates:
- metadata:
name: cassandra-data
annotations: # comment line if you want to use a StorageClass
# or specify which StorageClass
volume.beta.kubernetes.io/storage-class: "" # comment line if you
# want to use a StorageClass or specify which StorageClass
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
这是我的服务
kind: Service
metadata:
labels:
app: cassandra
name: cassandra
spec:
clusterIP: None
ports:
- port: 9042
selector
app: cassandra
当我从容器中手动运行cqlsh命令时,一切正常。不幸的是,自动化解决方案抛出了上述错误。
我在服务配置中缺少什么吗?自从从Job创建的Pod连接到服务以来,我一直在想,它应该可以工作。
编辑: 作业看起来像这样:
apiVersion: batch/v1
kind: Job
metadata:
name: init-db
spec:
template:
metadata:
name: init-db
annotations:
"helm.sh/hooks": postn-install
spec:
containers:
- name: cqlsh
image: <cassandra-image>
command: ["/bin/sh", "-c", "cqlsh cassandra.my-namespace.svc.cluster.local -f /path/to/schema.cql"]
volumeMounts:
- name: cass-init
mountPath: /etc/config
volumes:
...
这是etc/resolv.conf的输出:
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndtos:5
答案 0 :(得分:2)
您发布的错误表明,无论您在哪里运行cqlsh命令,都无法解析服务名称。
根据k8s集群的配置方式以及作业的运行位置(在同一k8s集群内部或外部),您需要使用Ingress或NodePort公开对pod的访问权限。 / p>
AlešNosek很好地解释了如何访问his blog post here中的Pod。干杯!
答案 1 :(得分:1)
由于您是作为服务网格运行的,因此设置可能存在一些问题。
首先,我建议为两个Pod启用特使日志记录:
kubectl exec -it <pod-name> -c istio-proxy -- curl -X POST http://localhost:15000/logging?level=trace
否,请遵循istio sidecar日志
kubectl logs <pod-name> -c isiot-proxy -f
这可能已经为您提供了一些信息,说明了连接失败的原因。
一些想法可能是什么问题:
如果cassandra pod没有Sidecar,而您正在执行mTLS,它将接收加密的流量,但无法对其解密。这与文档相矛盾,并且似乎是一个错误。您可以使用DestinationRule禁用用于访问cassandra服务的流量的mTLS:
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: cassandra-disable-mtls
spec:
host: "cassandra-host" #insert correct cassandra name here
trafficPolicy:
tls:
mode: DISABLE
如果cassandra pod带有sidecar,但作业的pod没有,并且您强制执行mTLS,则cassandras sidecar将拒绝访问,因为流量未加密。您可以将Sidecar注入到作业的容器中(推荐),也可以为Cassandra启用PERMISSIVE模式,这样Sidecar既可以接受ssl加密的访问,也可以接受纯文本流量。
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: cassandra-allow-plain-traffic
spec:
selector:
matchLabels:
app: cassandra
mtls:
mode: PERMISSIVE
如果您需要进一步的帮助,请告诉我。
答案 2 :(得分:0)
有状态集没有选择器,因此有问题的YAML不起作用。如果您使用下面的YAML,它也可以工作并连接到作业。一切都将部署在默认名称空间中。您需要使用适当的存储类(以下示例使用标准) 您可以从here
进行cassandra部署apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cassandra
spec:
serviceName: cassandra
replicas: 1
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra
image: cassandra:3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
env:
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.default.svc.cluster.local
- name: MAX_HEAP_SIZE
value: 256M
- name: HEAP_NEWSIZE
value: 100M
- name: CASSANDRA_CLUSTER_NAME
value: "Cassandra"
- name: CASSANDRA_DC
value: "DC1"
- name: CASSANDRA_RACK
value: "Rack1"
- name: CASSANDRA_ENDPOINT_SNITCH
value: GossipingPropertyFileSnitch
volumeMounts:
- name: cassandra-data
mountPath: /var/lib/cassandra/data
volumeClaimTemplates:
- metadata:
name: cassandra-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: standard
resources:
requests:
storage: 1Gi
YAML服务
apiVersion: v1
kind: Service
metadata:
labels:
app: cassandra
name: cassandra
spec:
clusterIP: None
ports:
- port: 9042
selector:
app: cassandra
Job YAML,该命令已被修改以描述群集,因为它连接并打印所需的群集信息。
apiVersion: batch/v1
kind: Job
metadata:
name: init-db
spec:
template:
metadata:
name: init-db
annotations:
"helm.sh/hooks": postn-install
spec:
restartPolicy: Never
containers:
- name: cqlsh
image: cassandra:3
command: ["/bin/sh", "-c", "cqlsh cassandra.default.svc.cluster.local 9042 -e 'describe cluster'"]