在我的 K8 集群中,我在同一个命名空间中有两个部署。一个部署用于 Database-Postgres,另一个部署用于 Tomcat。 Tomcat 应该可以从外部访问,因此我配置了“NodePort”服务,对于内部通信,我通过公开 Postgres 的端口(即 5432)创建了一个“ClusterIP”服务。部署完所有内容后,我希望 Tomcat pod 与 Postgres pod 进行通信。但是当我从 Tomcat pod“curl postgres-service:5432”时,我收到“连接被拒绝”消息。有没有配置错误?
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
namespace: application
labels:
app: application-tomcat
spec:
type: NodePort
ports:
- name: tomcat-port
targetPort: 80
port: 80
selector:
app: application-tomcat
---
apiVersion: v1
kind: Service
metadata:
name: postgres-service
namespace: application
labels:
app: application-postgres
spec:
ports:
- port: 5432
name: postgres-port
selector:
app: application-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: application-tomcat-deployment
namespace: application
labels:
app: application-tomcat
spec:
replicas: 1
selector:
matchLabels:
app: application-tomcat
template:
metadata:
labels:
app: application-tomcat
spec:
containers:
- name: application-container
image: tomcat
command:
- sleep
- "infinity"
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: application
name: application-postgres-deployment
labels:
app: application-postgres
spec:
replicas: 1
selector:
matchLabels:
app: application-postgres
template:
metadata:
labels:
app: application-postgres
spec:
containers:
- name: postgres
image: postgres
command:
- sleep
- "infinity"
ports:
- containerPort: 5432
name: postgredb
Postgres pod 正在侦听端口“5432”并且数据库正在运行。
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
命名空间中的资源
$ kubectl get all -n application
NAME READY STATUS RESTARTS AGE
pod/application-postgres-deployment-694869cd5d-wrhzr 1/1 Running 0 9m9s
pod/application-tomcat-deployment-6db75ffb6d-ds8fr 1/1 Running 0 9m9s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/postgres-service ClusterIP 10.32.0.207 <none> 5432/TCP 9m9s
service/tomcat-service NodePort 10.32.0.59 <none> 80:31216/TCP 9m9s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/application-postgres-deployment 1/1 1 1 9m9s
deployment.apps/application-tomcat-deployment 1/1 1 1 9m9s
NAME DESIRED CURRENT READY AGE
replicaset.apps/application-postgres-deployment-694869cd5d 1 1 1 9m9s
replicaset.apps/application-tomcat-deployment-6db75ffb6d 1 1 1 9m9s
答案 0 :(得分:1)
您已通过指定 ENTRYPOINT 覆盖了 postgresql 映像中的默认 deployment.spec.template.containers[0].command。因此,现在在部署 nginx-statefulset 的 pod 内运行的唯一进程是 sleep infinity 并且 postgres 没有运行。删除命令字段并添加 POSTGRES_PASSWORD 或 POSTGRES_HOST_AUTH_METHOD=trust 环境变量应该可以解决问题。将以下清单用于 nginx-statefulset
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-statefulset
namespace: nginx
spec:
replicas: 1
selector:
matchLabels:
BIZID: nginx
template:
metadata:
labels:
BIZID: nginx
spec:
containers:
- name: postgres
image: postgres
env:
- name: POSTGRES_PASSWORD
value: admin
ports:
- containerPort: 5432
name: postgredb
您必须设置环境变量 POSTGRES_PASSWORD 或 POSTGRES_HOST_AUTH_METHOD=trust。如果没有这个,pod 将崩溃循环并显示以下错误消息:
Error: Database is uninitialized and superuser password is not specified.
You must specify POSTGRES_PASSWORD to a non-empty value for the
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
connections without a password. This is *not* recommended.
See PostgreSQL documentation about "trust":
https://www.postgresql.org/docs/current/auth-trust.html
答案 1 :(得分:0)
查看您的 yaml,您的 tomcat 部署似乎位于名为“test”的命名空间中,而您的 postgres 部署位于“default”命名空间中。
因此,为了进行跨命名空间通信,您必须将命名空间附加到服务域。这个 - 如果从 tomcat Pod 执行 - 应该可以工作:
curl http://postgres-service.default:5432
或者,只需将您的 tomcat 部署到“默认”命名空间。