从 kubernetes 集群内部连接到 Postgresql

Question

I setup a series of VM 192.168.2.(100,105,101,104) where kubernetes master is on 100 and two workers on 101,104 .我设置了一系列 VM 192.168.2.(100,105,101,104)其中 kubernetes master 在100 ，两个 worker 在101,104 。 Also setup the postgres on 192.168.2.105 , followed this tutorial but it is still unreachable from within.还在192.168.2.105上设置 postgres，遵循本教程，但它仍然无法从内部访问。 Tried it in minikube inside a test VM where minikube and postgres were installed in the same VM, worked just fine.在 minikube 和 postgres 安装在同一个 VM 中的测试 VM 中的 minikube 中进行了尝试，效果很好。

Changed the postgers config file from localhost to * , changed listen at pg_hba.conf to 0.0.0.0/0将 postgers 配置文件从localhost更改为* ，将 pg_hba.conf 的监听更改为0.0.0.0/0

Installed postgesql-12 and postgresql-client-12 in the VM 192.168.2.105:5432 , now i added headless service to kubernetes which is as follows在 VM 192.168.2.105:5432安装了 postgesql-12 和 postgresql-client-12 ，现在我向 kubernetes 添加了 headless 服务，如下所示

apiVersion: v1
kind: Service
metadata:
    name: my-service
spec:
    ports:
        - protocol: TCP
          port: 5432
          targetPort: 5432
------
apiVersion: v1
kind: Endpoints
metadata:
    name: my-service
subsets:
    - addresses:
        - ip: 192.168.2.105
      ports:
        - port: 5432

in my deployment I am defining this to access database在我的部署中，我将其定义为访问数据库

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
  selector:
    app: keycloak
  type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:11.0.0
        env:
        - name: KEYCLOAK_USER
          value: "admin"
        - name: KEYCLOAK_PASSWORD
          value: "admin"
        - name: PROXY_ADDRESS_FORWARDING
          value: "true"
        - name: DB_ADDR
          value: 'my-service:5432'
        - name: DB_DATABASE
          value: postgres
        - name: DB_PASSWORD
          value: admin
        - name: DB_SCHEMA
          value: public
        - name: DB_USER
          value: postgres
        - name: DB_VENDOR
          value: POSTGRES
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8443
        readinessProbe:
          httpGet:
            path: /auth/realms/master
            port: 8080

Also the VMs are bridged, not on NAT.此外，VM 是桥接的，而不是在 NAT 上。

What i am doing wrong here ?我在这里做错了什么？

Answer 1

The first thing we have to do is create the headless service with custom endpoint.我们要做的第一件事是使用自定义端点创建无头服务。 The IP in my solution is only specific for my machine.我的解决方案中的IP仅特定于我的机器。

Endpoint with service:具有服务的端点：

apiVersion: v1
kind: Service
metadata:
  name: postgres-service
spec:
  ports:
    - protocol: TCP
      port: 5432
      targetPort: 5432
---
apiVersion: v1
kind: Endpoints
metadata:
  name: postgres-service
subsets:
  - addresses:
      - ip: 192.168.2.105
    ports:
      - port: 5432

As for my particular specs, I haven't defined any ingress or loadbalancer so i'll change the selector type from LoadBalancer to NodePort in the service after its deployed.至于我的特定规范，我还没有定义任何入口或负载均衡器，因此我将在部署后将服务中的选择器类型从LoadBalancer更改为NodePort 。

Now i deployed the keycloak with the the mentioned .yaml file现在我使用提到的 .yaml 文件部署了 keycloak

apiVersion: v1
kind: Service
metadata:
  name: keycloak
  labels:
    app: keycloak
spec:
  ports:
    - name: http
      port: 8080
      targetPort: 8080
    - name: https
      port: 8443
      targetPort: 8443
  selector:
    app: keycloak
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: keycloak
  namespace: default
  labels:
    app: keycloak
spec:
  replicas: 1
  selector:
    matchLabels:
      app: keycloak
  template:
    metadata:
      labels:
        app: keycloak
    spec:
      containers:
        - name: keycloak
          image: quay.io/keycloak/keycloak:11.0.0
          env:
            - name: KEYCLOAK_USER
              value: "admin" # TODO give username for master realm
            - name: KEYCLOAK_PASSWORD
              value: "admin" # TODO give password for master realm
            - name: PROXY_ADDRESS_FORWARDING
              value: "true"
            - name: DB_ADDR
              value: # <Node-IP>:<LoadBalancer-Port/ NodePort>
            - name: DB_DATABASE
              value: "keycloak" # Database to use
            - name: DB_PASSWORD
              value: "admin" # Database password
            - name: DB_SCHEMA
              value: public
            - name: DB_USER
              value: "postgres" # Database user
            - name: DB_VENDOR
              value: POSTGRES
          ports:
            - name: http
              containerPort: 8080
            - name: https
              containerPort: 8443
          readinessProbe:
            httpGet:
              path: /auth/realms/master
              port: 8080

After mentioning all the possible values, it connects successfully to the postgres server that is hosted on another server away from kubernetes master and workers node !在提到所有可能的值后，它成功连接到托管在另一台服务器上的 postgres 服务器，远离 kubernetes 主节点和工作节点！

从 kubernetes 集群内部连接到 Postgresql

问题描述

1 个解决方案

解决方案1
1 已采纳 2020-09-09 14:43:47

从 kubernetes 集群内部连接到 Postgresql

问题描述

1 个解决方案

解决方案1 1 已采纳 2020-09-09 14:43:47

解决方案1
1 已采纳 2020-09-09 14:43:47