[英]Kubernetes postgres replication with pgpool
Trying to deploy postgres in kubernetes ( https://github.com/paunin/PostDock/tree/master/k8s/example2-single-statefulset ),尝试在 kubernetes ( https://github.com/paunin/PostDock/tree/master/k8s/example2-single-statefulset ) 中部署 postgres,
kubectl get pods -n postgres
NAME READY STATUS RESTARTS AGE
psql-db-pgpool-8****c-7**k 1/1 Running 0 35d
psql-db-pgpool-8****c-m**5 1/1 Running 0 35d
psql-db-node-0 1/1 Running 0 35d
psql-db-node-1 1/1 Running 0 35d
psql-db-node-2 1/1 Running 0 20h
root@postgres-db-node-0:/# psql -h localhost postgres -U test
psql (11.4 (Debian 11.4-1.pgdg90+1))
Type "help" for help.
postgres=> \l
psql -h NODE_IP -U test -d postgres --port NODE_PORT
psql: FATAL: md5 authentication failed
DETAIL: pool_passwd file does not contain an entry for "test"
root@psql-db-pgpool-8****c-7**k:/# cat /usr/local/etc/pool_passwd
user1:md5****422f
replica_user:md5****3
The new user "test" created at the database is not reflected at the pgpool.在数据库中创建的新用户“test”不会反映在 pgpool 中。 Does it work this way, to create & update pgpool everytime a new user is created?它是否以这种方式工作,每次创建新用户时创建和更新 pgpool? Or am I missing something for this user update.还是我错过了此用户更新的某些内容。
The postgres example You deployed uses secret object to store user and password credentials.您部署的 postgres 示例使用秘密 object 来存储用户和密码凭据。 And this is the recommended way of managing sensitive data in kubernetes deployments.这是在 kubernetes 部署中管理敏感数据的推荐方法。
There are following instructions in this example:此示例中有以下说明:
kubectl create -f./namespace/
通过kubectl create -f./namespace/
创建命名空间kubectl create -f./configs/
创建配置: kubectl create -f./configs/
kubectl create -f./volumes/
创建卷kubectl create -f./volumes/
kubectl create -f./services/
创建服务kubectl create -f./services/
kubectl create -f./nodes/
创建节点kubectl create -f./nodes/
kubectl create -f./pgpool/
创建 pgpool kubectl create -f./pgpool/
If You followed them in correct order, the mysystem-secret
secret object is created when kubectl create -f./configs/
is called from configs/secret.yml
.如果您按照正确的顺序进行操作,则在从configs/secret.yml
调用kubectl create -f./configs/
时会创建mysystem-secret
secret object。
apiVersion: v1
kind: Secret
metadata:
namespace: mysystem
name: mysystem-secret
type: Opaque
data:
app.db.user: d2lkZQ== #wide
app.db.password: cGFzcw== #pass
app.db.cluster.replication.user: cmVwbGljYV91c2Vy #replica_user
app.db.cluster.replication.password: cmVwbGljYV9wYXNz #replica_pass
app.db.pool.users: d2lkZTpwYXNz #wide:pass
app.db.pool.pcp.user: cGNwX3VzZXI= #pcp_user
app.db.pool.pcp.password: cGNwX3Bhc3M= #pcp_pass
Note that the comments next to each encoded password is decoded password so in production setting it should be avoided.请注意,每个编码密码旁边的注释都是解码密码,因此在生产设置中应避免使用。
Then the user and password credentials from mysystem-secret
are used in kubectl create -f./nodes/
and kubectl create -f./pgpool/
as environmental values that are in all replicas and can be used to connect to Database.然后来自mysystem-secret
的用户和密码凭证在kubectl create -f./nodes/
和kubectl create -f./pgpool/
中用作所有副本中的环境值,可用于连接到数据库。
...
- name: "POSTGRES_USER"
valueFrom:
secretKeyRef:
name: mysystem-secret
key: app.db.user
- name: "POSTGRES_PASSWORD"
valueFrom:
secretKeyRef:
name: mysystem-secret
key: app.db.password
...
If You want to use Your own user and password You need to modify the configs/secret.yml
file and replace passwords you wish to modify with base64 encoded passwords.如果您想使用您自己的用户名和密码您需要修改configs/secret.yml
文件并将您希望修改的密码替换为 base64 编码的密码。
You can easily encode any password to base64 with following command:您可以使用以下命令轻松地将任何密码编码为 base64:
echo -n 'admin' | base64
YWRtaW4=
echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm
Update:更新:
To add additional users that would work with pgpool after cluster deployment you can use tool postgres-operator .要在集群部署后添加可以使用 pgpool 的其他用户,您可以使用工具postgres-operator 。 Users added manually via exec to pod and then created locally would not be propagated to other nodes.通过 exec 手动添加到 pod 并在本地创建的用户不会传播到其他节点。
Follow these instructions to install Postgres Operator (pgo client) and configure it to work with kubernetes.按照这些说明安装 Postgres Operator(pgo 客户端)并将其配置为与 kubernetes 一起使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.