堆栈内存溢出
  简体   繁体   English

如何从 CircleCI 连接到 DigitalOcean 上的 PostgreSQL 集群?

[英]How to connect to PostgreSQL cluster on DigitalOcean from CircleCI?

 原文  2020-11-26 00:38:22       postgresql/ digital-ocean/ circleci/ circleci-workflows

问题描述

I have a Kubernetes cluster setup on DigitalOcean and a separate database Postgres instance there.我在 DigitalOcean 上有一个 Kubernetes 集群设置和一个单独的数据库 Postgres 实例。 In database cluster settings there is a list of limited IP addresses that have an access to that database cluster (looks like a great idea).在数据库集群设置中有一个有限的 IP 地址列表,这些地址可以访问该数据库集群(看起来是个好主意)。

I have a build and deploy proccess setup with CircleCI and at the end of that process, after deploying a container to K8s cluster, I need to run database migration.我有一个使用 CircleCI 的构建和部署过程设置,在该过程结束时,将容器部署到 K8s 集群后,我需要运行数据库迁移。 The problem is that I don't know CircleCI agent IP address and can not allow it in DO settings.问题是我不知道 CircleCI 代理 IP 地址并且不能在 DO 设置中允许它。 Does anybody know how we can access DigitalOcean Postgres cluster from within CircleCI steps?有人知道我们如何从 CircleCI 步骤中访问 DigitalOcean Postgres 集群吗?

1 个解决方案

解决方案1
 0  2020-11-28 06:06:46

Unfortunately when you use a distributed service like that that you don't manage, I would be very cautious about using the restricted IP approach.不幸的是,当您使用您无法管理的分布式服务时,我会非常谨慎地使用受限的 IP 方法。 (Really you have three services you don't manage - Postgres, Kubernetes, and CircleCI.) I feel as if DigitalOcean has provided a really excellent security option for internal networking, since it can track changes in droplet IP, etc. (真的,你有三个你不管理的服务——Postgres、Kubernetes 和 CircleCI。)我觉得 DigitalOcean 为内部网络提供了一个非常好的安全选项,因为它可以跟踪 droplet IP 等的变化。

But when you are deploying on another service, especially if this is for production, and even if the part of your solution you're deploying is deployed (partially) on DigitalOcean infrastructure, I'd be very concerned that CircleCI will change IP dynamically.但是当您在另一个服务上部署时,特别是如果这是用于生产,并且即使您正在部署的解决方案的一部分(部分)部署在 DigitalOcean 基础设施上,我也会非常担心 CircleCI 会动态更改 IP。 DO has no way of knowing when this happens, as unlike Postgres and Kubernetes, they don't manage it even if they do host part of it DO 无法知道何时发生这种情况,与 Postgres 和 Kubernetes 不同,即使他们托管了其中的一部分,他们也不会管理它

Essentially I have to advise you to either get an assurance of a static IP from your CircleCI vendor/provider, or disable the IP limitation on Postgres.本质上,我必须建议您从您的 CircleCI 供应商/提供商那里获得 static IP 的保证,或者禁用 Postgres 上的 IP 限制。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 kubernetes 集群内部连接到 Postgresql - Connect to Postgresql from inside kubernetes cluster 从CircleCi中的Spring Boot访问PostgreSQL 9.6 - Accessing PostgreSQL 9.6 from Spring Boot in CircleCi 如何在digitalOcean上设置PostgreSQL用户名和密码 - how to setup PostgreSQL username and password on digitalOcean 无法将 postgresql db 连接到我的 netcore Web 项目(DigitalOcean Cloud) - Cannot connect postgresql db to my netcore web project (DigitalOcean Cloud) 如何从文件连接到postgresql? - How to connect to postgresql from files? 如何从NodeJS连接到PostgreSQL - How to connect to PostgreSQL from NodeJS 如何从 ASP.NET 核心 web Z8A5DA52ED125772A8AAZE 调用存储在 DigitalOcean 中的 postgresql db? - How can I call a postgresql db stored in DigitalOcean from ASP.NET Core web api? PostgreSQL SSL 设置 DigitalOcean - PostgreSQL SSL setup DigitalOcean 无法连接到 Kubernetes 集群上的远程 postgreSQL 数据库 - Cannot connect to remote postgreSQL database on Kubernetes cluster 通过复制用户无法连接PostgreSQL集群 - Cannot connect PostgreSQL cluster though replication user
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM