Kubernetes - 从作业连接到 cassandra 到不同的吊舱
[英]Kubernetes - connect to cassandra from job to different pod
问题描述
When I'm trying to execute the following command
当我尝试执行以下命令时
["/bin/sh", "-c", "cqlsh cassandra.my-namespace.svc.cluster.local -f /path/to/schema.cql"]
from my Job, I am receiving the following error:从我的工作中,我收到以下错误:
Traceback (most recent call last):
File "/usr/bin/cqlsh.py", line 2443, in <module>
main(*read_options(sys.argv[1:], os.environ))
File "/usr/bin/cqlsh.py", line 2421, in main
encoding=options.encoding)
File "/usr/bin/cqlsh.py", line 485, in __init__
load_balancing_policy=WhiteListRoundRobinPolicy([self.hostname]),
File "/usr/share/cassandra/lib/cassandra-driver-internal-only-3.11.0-bb96859b.zip/cassandra-driver-3.11.0-bb96859b/cassandra/policies.py", line 417, in __init__
socket.gaierror: [Errno -2] Name or service not known
My Job is defined as Helm Hook with post-install annotation.我的作业被定义为带有post-install注释的 Helm Hook。 My Cassandra Pod is defined using StatefulSet.我的 Cassandra Pod 是使用 StatefulSet 定义的。
kind: StatefulSet
metadata:
name: cassandra
spec:
serviceName: cassandra
replicas: 1
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra
image: cassandra:3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
env:
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.default.svc.cluster.local
- name: MAX_HEAP_SIZE
value: 256M
- name: HEAP_NEWSIZE
value: 100M
- name: CASSANDRA_CLUSTER_NAME
value: "Cassandra"
- name: CASSANDRA_DC
value: "DC1"
- name: CASSANDRA_RACK
value: "Rack1"
- name: CASSANDRA_ENDPOINT_SNITCH
value: GossipingPropertyFileSnitch
volumeMounts:
- name: cassandra-data
mountPath: /var/lib/cassandra/data
volumeClaimTemplates:
- metadata:
name: cassandra-data
annotations: # comment line if you want to use a StorageClass
# or specify which StorageClass
volume.beta.kubernetes.io/storage-class: "" # comment line if you
# want to use a StorageClass or specify which StorageClass
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
And this is my Service:这是我的服务:
kind: Service
metadata:
labels:
app: cassandra
name: cassandra
spec:
clusterIP: None
ports:
- port: 9042
selector
app: cassandra
When I run the cqlsh command manually from the container, everything works.当我从容器手动运行cqlsh命令时,一切正常。 Unfortunately, the automated solution throws the mentioned error.不幸的是,自动化解决方案引发了上述错误。
Am I missing something in the Service configuration?我在服务配置中遗漏了什么吗? I have thought since I am connecting to service from the Pod created by Job, it should work.我认为自从我从 Job 创建的 Pod 连接到服务后,它应该可以工作。
EDIT: Job looks like this:编辑:工作看起来像这样:
apiVersion: batch/v1
kind: Job
metadata:
name: init-db
spec:
template:
metadata:
name: init-db
annotations:
"helm.sh/hooks": postn-install
spec:
containers:
- name: cqlsh
image: <cassandra-image>
command: ["/bin/sh", "-c", "cqlsh cassandra.my-namespace.svc.cluster.local -f /path/to/schema.cql"]
volumeMounts:
- name: cass-init
mountPath: /etc/config
volumes:
...
And here is the output of etc/resolv.conf :这是etc/resolv.conf的 output :
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndtos:5
3 个解决方案
解决方案1
2 2020-07-30 10:02:44
The error you posted indicates that wherever you're running the cqlsh command, it cannot resolve the service name.您发布的错误表明无论您在何处运行 cqlsh 命令,它都无法解析服务名称。
Depending on how your k8s cluster is configured and where the job runs (inside the same k8s cluster or external), you'll need to expose access to the pods with Ingress or NodePort .根据您的 k8s 集群的配置方式和作业的运行位置(在同一个 k8s 集群内或外部),您需要使用Ingress或NodePort公开对 pod 的访问权限。
Aleš Nosek has a good explanation of how to access pods in his blog post here . Aleš Nosek 在他的博客文章中对如何访问 pod 进行了很好的解释。 Cheers!干杯!
解决方案2
1 2020-08-19 10:18:15
Since you are running insto as service mesh, there might be some problems with your setup.由于您是作为服务网格运行的,因此您的设置可能存在一些问题。
First I would recommend enabling envoy logging for both pods:首先,我建议为两个 pod 启用特使日志记录:
kubectl exec -it <pod-name> -c istio-proxy -- curl -X POST http://localhost:15000/logging?level=trace
No, follow the istio sidecar logs by不,请按照 istio sidecar 日志
kubectl logs <pod-name> -c isiot-proxy -f
This might already give you some information, why the connection is failing.这可能已经为您提供了一些信息,说明连接失败的原因。
Some ideas what might be the problem:一些想法可能是什么问题:
- The cassandra's pod doesn't have a sidecar cassandra 的吊舱没有边车
If the cassandra pod doesn't have a sidecar and you are enforcing mTLS, it will receive encrypted traffic, but is unable to decrypt it.如果 cassandra pod 没有边车并且您正在执行 mTLS,它将接收加密流量,但无法解密。 This contradicts the documentation and seems to be a bug.这与文档相矛盾,似乎是一个错误。 You can disable mTLS for traffic to the cassandra service with a DestinationRule:您可以使用 DestinationRule 为流向 cassandra 服务的流量禁用 mTLS:
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: cassandra-disable-mtls
spec:
host: "cassandra-host" #insert correct cassandra name here
trafficPolicy:
tls:
mode: DISABLE
- The job's pod doesn't have a sidecar作业的 pod 没有边车
If the cassandra pod has a sidecar, but the job's pod doesn't and you enforce mTLS, the cassandras sidecar will deny access, since traffic isn't encrypted.如果 cassandra pod 有 sidecar,但作业的 pod 没有并且您强制执行 mTLS,则 cassandras sidecar 将拒绝访问,因为流量未加密。 You can either inject a sidecar into the job's pod (recommended) or enable PERMISSIVE mode for cassandra, so the sidecar will accept both ssl encrypted and plain text traffic.您可以将 sidecar 注入作业的 pod(推荐)或为 cassandra 启用PERMISSIVE模式,因此 sidecar 将接受 ssl 加密和纯文本流量。
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: cassandra-allow-plain-traffic
spec:
selector:
matchLabels:
app: cassandra
mtls:
mode: PERMISSIVE
Please let me know if you need further assistance.如果您需要进一步的帮助,请告诉我。
解决方案3
0 2020-08-18 11:21:33
The statefulset doesn't have a selector so the YAML in question doesn't work. statefulset 没有选择器,因此有问题的 YAML 不起作用。 If you use the below YAML s it works and connects to the job as well.如果您使用下面的 YAML ,它也可以工作并连接到作业。 Everything will be deployed in default namespace.一切都将部署在默认命名空间中。 You need to use appropriate storage class (below example uses standard) You can follow cassandra deployment from here您需要使用适当的存储 class(以下示例使用标准)您可以从此处遵循 cassandra 部署
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cassandra
spec:
serviceName: cassandra
replicas: 1
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra
image: cassandra:3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: cql
env:
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.default.svc.cluster.local
- name: MAX_HEAP_SIZE
value: 256M
- name: HEAP_NEWSIZE
value: 100M
- name: CASSANDRA_CLUSTER_NAME
value: "Cassandra"
- name: CASSANDRA_DC
value: "DC1"
- name: CASSANDRA_RACK
value: "Rack1"
- name: CASSANDRA_ENDPOINT_SNITCH
value: GossipingPropertyFileSnitch
volumeMounts:
- name: cassandra-data
mountPath: /var/lib/cassandra/data
volumeClaimTemplates:
- metadata:
name: cassandra-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: standard
resources:
requests:
storage: 1Gi
The service YAML服务 YAML
apiVersion: v1
kind: Service
metadata:
labels:
app: cassandra
name: cassandra
spec:
clusterIP: None
ports:
- port: 9042
selector:
app: cassandra
The Job YAML, The command has been modified to describe cluster as it connects and prints the required cluster info.作业 YAML,该命令已修改为在连接并打印所需的集群信息时描述集群。
apiVersion: batch/v1
kind: Job
metadata:
name: init-db
spec:
template:
metadata:
name: init-db
annotations:
"helm.sh/hooks": postn-install
spec:
restartPolicy: Never
containers:
- name: cqlsh
image: cassandra:3
command: ["/bin/sh", "-c", "cqlsh cassandra.default.svc.cluster.local 9042 -e 'describe cluster'"]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.