Kubernetes 使用 pgpool 进行 postgres 复制
[英]Kubernetes postgres replication with pgpool
问题描述
Trying to deploy postgres in kubernetes ( https://github.com/paunin/PostDock/tree/master/k8s/example2-single-statefulset ),
尝试在 kubernetes ( https://github.com/paunin/PostDock/tree/master/k8s/example2-single-statefulset ) 中部署 postgres,
- Used pgpool-II(2 replicas) along with 1 postgres-master pod & 2 slave pods.使用 pgpool-II(2 个副本)以及 1 个 postgres-master pod 和 2 个 slave pod。
kubectl get pods -n postgres
NAME READY STATUS RESTARTS AGE
psql-db-pgpool-8****c-7**k 1/1 Running 0 35d
psql-db-pgpool-8****c-m**5 1/1 Running 0 35d
psql-db-node-0 1/1 Running 0 35d
psql-db-node-1 1/1 Running 0 35d
psql-db-node-2 1/1 Running 0 20h
- Created a user "test" from the master postgres db with postgres user.使用 postgres 用户从主 postgres 数据库创建用户“测试”。
- When trying to connect from within the pods(node-0), the authentication is successful, with user "test".尝试从 pod(node-0)内部连接时,身份验证成功,用户为“test”。
root@postgres-db-node-0:/# psql -h localhost postgres -U test
psql (11.4 (Debian 11.4-1.pgdg90+1))
Type "help" for help.
postgres=> \l
- When trying to connect with NodePort IP & NodePort of the kubernetes cluster, the new user "test" fails authentication with pool_passwd file does not contain an entry for "test"尝试连接 NodePort IP 和 kubernetes 集群的 NodePort 时,新用户“test”身份验证失败, pool_passwd 文件不包含“test”条目
psql -h NODE_IP -U test -d postgres --port NODE_PORT
psql: FATAL: md5 authentication failed
DETAIL: pool_passwd file does not contain an entry for "test"
- Logged in to the pgpool-II pod to find out登录 pgpool-II pod 了解一下
root@psql-db-pgpool-8****c-7**k:/# cat /usr/local/etc/pool_passwd
user1:md5****422f
replica_user:md5****3
The new user "test" created at the database is not reflected at the pgpool.在数据库中创建的新用户“test”不会反映在 pgpool 中。 Does it work this way, to create & update pgpool everytime a new user is created?它是否以这种方式工作,每次创建新用户时创建和更新 pgpool? Or am I missing something for this user update.还是我错过了此用户更新的某些内容。
1 个解决方案
解决方案1
1 2019-11-20 11:25:46
The postgres example You deployed uses secret object to store user and password credentials.您部署的 postgres 示例使用秘密 object 来存储用户和密码凭据。 And this is the recommended way of managing sensitive data in kubernetes deployments.这是在 kubernetes 部署中管理敏感数据的推荐方法。
There are following instructions in this example:此示例中有以下说明:
- Create namespace by
kubectl create -f./namespace/通过kubectl create -f./namespace/创建命名空间 - Create configs:
kubectl create -f./configs/创建配置: kubectl create -f./configs/ - Create volumes
kubectl create -f./volumes/创建卷kubectl create -f./volumes/ - Create services
kubectl create -f./services/创建服务kubectl create -f./services/ - Create nodes
kubectl create -f./nodes/创建节点kubectl create -f./nodes/ - Create pgpool
kubectl create -f./pgpool/创建 pgpool kubectl create -f./pgpool/
If You followed them in correct order, the mysystem-secret secret object is created when kubectl create -f./configs/ is called from configs/secret.yml .如果您按照正确的顺序进行操作,则在从configs/secret.yml调用kubectl create -f./configs/时会创建mysystem-secret secret object。
apiVersion: v1
kind: Secret
metadata:
namespace: mysystem
name: mysystem-secret
type: Opaque
data:
app.db.user: d2lkZQ== #wide
app.db.password: cGFzcw== #pass
app.db.cluster.replication.user: cmVwbGljYV91c2Vy #replica_user
app.db.cluster.replication.password: cmVwbGljYV9wYXNz #replica_pass
app.db.pool.users: d2lkZTpwYXNz #wide:pass
app.db.pool.pcp.user: cGNwX3VzZXI= #pcp_user
app.db.pool.pcp.password: cGNwX3Bhc3M= #pcp_pass
Note that the comments next to each encoded password is decoded password so in production setting it should be avoided.请注意,每个编码密码旁边的注释都是解码密码,因此在生产设置中应避免使用。
Then the user and password credentials from mysystem-secret are used in kubectl create -f./nodes/ and kubectl create -f./pgpool/ as environmental values that are in all replicas and can be used to connect to Database.然后来自mysystem-secret的用户和密码凭证在kubectl create -f./nodes/和kubectl create -f./pgpool/中用作所有副本中的环境值,可用于连接到数据库。
...
- name: "POSTGRES_USER"
valueFrom:
secretKeyRef:
name: mysystem-secret
key: app.db.user
- name: "POSTGRES_PASSWORD"
valueFrom:
secretKeyRef:
name: mysystem-secret
key: app.db.password
...
If You want to use Your own user and password You need to modify the configs/secret.yml file and replace passwords you wish to modify with base64 encoded passwords.如果您想使用您自己的用户名和密码您需要修改configs/secret.yml文件并将您希望修改的密码替换为 base64 编码的密码。
You can easily encode any password to base64 with following command:您可以使用以下命令轻松地将任何密码编码为 base64:
echo -n 'admin' | base64
YWRtaW4=
echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm
Update:更新:
To add additional users that would work with pgpool after cluster deployment you can use tool postgres-operator .要在集群部署后添加可以使用 pgpool 的其他用户,您可以使用工具postgres-operator 。 Users added manually via exec to pod and then created locally would not be propagated to other nodes.通过 exec 手动添加到 pod 并在本地创建的用户不会传播到其他节点。
Follow these instructions to install Postgres Operator (pgo client) and configure it to work with kubernetes.按照这些说明安装 Postgres Operator(pgo 客户端)并将其配置为与 kubernetes 一起使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.