kubernetes连接到节点postgres

时间:2020-08-14 08:52:13

标签: postgresql ubuntu kubernetes

我在Ubuntu上有1个DPS,已在节点和kubernates上安装了postgres 现在我有一个Pod(或多个),需要连接到postgres 我已经编辑了postgres配置以接受任何入站连接,但是pod无法连接到数据库,我被拒绝连接(套接字异常)

作为连接字符串,我使用:

host=<nodeip>;database=<db>;username=<usr>;password=<pwd>;

有什么主意吗?

postgres身份

● postgresql.service - PostgreSQL RDBMS
   Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2020-08-10 16:49:15 CEST; 3 days ago
 Main PID: 31145 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/postgresql.service

Aug 10 16:49:15 puck466 systemd[1]: Starting PostgreSQL RDBMS...
Aug 10 16:49:15 puck466 systemd[1]: Started PostgreSQL RDBMS.

netstat输出:

unix  2      [ ACC ]     STREAM     LISTENING     84378715 /var/run/postgresql/.s.PGSQL.5433
unix  2      [ ACC ]     STREAM     LISTENING     84378719 /var/run/postgresql/.s.PGSQL.5432

iptables -L 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
KUBE-EXTERNAL-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes externally-visible service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             puck466.startdedicated.net  tcp spts:1024:65535 dpt:postgresql state NEW,ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination
KUBE-FORWARD  all  --  anywhere             anywhere             /* kubernetes forwarding rules */
KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  10.244.0.0/16        anywhere
ACCEPT     all  --  anywhere             10.244.0.0/16

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere

Chain DOCKER (1 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain KUBE-EXTERNAL-SERVICES (1 references)
target     prot opt source               destination

Chain KUBE-FIREWALL (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
DROP       all  -- !127.0.0.0/8          127.0.0.0/8          /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding rules */ mark match 0x4000/0x4000ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target     prot opt source               destination

Chain KUBE-PROXY-CANARY (0 references)
target     prot opt source               destination

Chain KUBE-SERVICES (3 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             10.100.159.214       /* default/portalapi-service-ext: has no endpoints */ tcp dpt:http-alt reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             10.97.176.106        /* default/portalapi-service: has no endpoints */ tcp dpt:http-alt reject-with icmp-port-unreachable

1 个答案:

答案 0 :(得分:0)

我的节点机器上有两个版本的postgres 步骤如下:

  • 卸载所有postgres
  • 安装postgresql-12
  • 编辑pg_hba.conf添加:托管所有所有信任
  • 编辑postgresql.conf并设置listen_addr ='*'
  • 重新启动postgresql

作品!

相关问题
最新问题