简体繁体 English

Kubernetes pod 应用程序与不在容器上的 Mysql 数据库的连接

[英]Kubernetes pod application connectivity with Mysql database which is not on container

原文 2020-06-12 12:19:46 8 1 docker/ kubernetes

can i connect k8's POD with non container application,where my kubernetes POD is running on 10.200.xx subnet and my mysql is running on simple linux server other than container how can i connect with the database?我可以将 k8 的 POD 与非容器应用程序连接起来吗？我的 kubernetes POD 运行在 10.200.xx 子网上，而我的 mysql 运行在简单的 ZE206A54E97690CCE50CC872DD70EE8 服务器上，而不是如何连接数据库？ As im working in a organization where there are so many network restrictions and i have to open ports and IPs to access do i have possibility to connect container application with non container database as subnet masks are different too由于我在一个网络限制如此多的组织中工作，并且我必须打开端口和 IP 才能访问，我是否有可能将容器应用程序与非容器数据库连接起来，因为子网掩码也不同

1 个解决方案

If you can reach mysql from worker node then you should also be able to reach it from pod running on this node.如果您可以从工作节点访问 mysql，那么您也应该能够从在该节点上运行的 pod 访问它。

Check you company firewall and make sure that packets from worker node can reach the instance with mysql running.检查您的公司防火墙并确保来自工作节点的数据包可以到达运行 mysql 的实例。 Also make sure that these networks are not separated in some other way.还要确保这些网络没有以其他方式分离。

Usually packets sent from your application pod to mysql instance will have source ip set to worker nodes ip (so you want to allow for traffic from k8s nodes to mysql instance). Usually packets sent from your application pod to mysql instance will have source ip set to worker nodes ip (so you want to allow for traffic from k8s nodes to mysql instance). This is due to fact that k8s network (with most CNIs) is sort of a virtual network that only k8s nodes aware of and for external traffic to by able to come back to the pod, routers in your network need to know where to route the traffic to.这是因为 k8s 网络（与大多数 CNI 一起）是一种虚拟网络，只有 k8s 节点知道并且外部流量能够返回到 pod，网络中的路由器需要知道路由到哪里交通到。 This is why pod traffic going outside of k8s network is NATed.这就是为什么 pod 流量超出 k8s 网络的原因是 NATed。

This is true for most CNIs that encapsulate internal traffic in k8s but remeber that there are also some CNIs that don't encapsulate traffic and it makes possible to access pods directly from anywhere inside of a private network and not only from k8s nodes (eg Azure CNI).对于大多数在 k8s 中封装内部流量的 CNI 来说都是如此，但请记住，也有一些 CNI 不封装流量，它可以直接从私有网络内的任何位置访问 pod，而不仅仅是从 k8s 节点（例如 Azure CNI)。

In first case with NATed network make sure that you enable access to mysql instance from all worker nodes, not just one because when this one specific node goes down and pod gets rescheduled to other node it wont be able to connect to the database.在第一种使用 NATed 网络的情况下，请确保您允许从所有工作节点访问 mysql 实例，而不仅仅是一个，因为当这个特定节点出现故障并且 pod 被重新安排到其他节点时，它将无法连接到数据库。

In second case where you are using CNI that is using direct netwoking (without NAT) its more complicated because when pod gets rescheduled it gets different ip every time and I can't help you with that as it all depends on specific CNI.在第二种情况下，您使用的是使用直接网络（没有 NAT）的 CNI，它更复杂，因为当 pod 重新安排时，它每次都会得到不同的 ip，我无法帮助您，因为这完全取决于特定的 CNI。