我想要達到的目標
我正在建立一個由 postgres 資料庫和一個與資料庫通信的 elixir 應用程式組成的 microk8s 集群。
我遇到的問題
嘗試連接時,我總是從資料庫 pod 中收到錯誤訊息:
2022-01-05 18:54:05.179 UTC [216] DETAIL: Password does not match for user "phoenix_db_username
".
Connection matched pg_hba.conf line 99: "host all all all md5"
由于資料庫記錄了錯誤,資料庫和應用程式之間的連接顯然正常作業。
我試過的
其他有問題的人建議洗掉 PV 和 PVC。請參閱此 github 問題:https : //github.com/helm/charts/issues/16251#issuecomment-577560984
- 我試過洗掉 pvc 和 pv,我可以確認 pv 已被洗掉,因為我
/var/snap/microk8s/common/default-storage在洗掉它之前和之后檢查過它。 - 我嘗試通過運行
microk8s.disable storage并再次啟用存盤來永久洗掉存盤microk8s.enable storage。
輸出microk8s.disable storage:
Disabling default storage
[...]
Storage removed
Remove PVC storage at /var/snap/microk8s/common/default-storage ? (Y/N): y
Storage space reclaimed
- 我用 printenv 檢查了資料庫 pod 的環境,我看到了 POSTGRES_USER 和 POSTGRES_PASSWORD 的正確值(phoenix_db_username,phoenix_db_password)
- 我用 printenv 檢查了應用程式 pod 的環境,我看到了 DB_USERNAME 和 DB_PASSWORD 的正確值(phoenix_db_username,phoenix_db_password)
- 我檢查了 pq_hba.conf 檔案,它不包含任何用戶
根據 postgres docker 檔案,這應該創建一個用戶,但我不認為它正在創建一個用戶。https://hub.docker.com/_/postgres
Elixir 應用 yml 資源
Elixir 應用的 configMap
apiVersion: v1
kind: ConfigMap
metadata:
name: phoenix-app-config
labels:
app: phoenix-app
data:
APP_NAME: "phoenix-app"
APP_HOST: "0.0.0.0"
APP_PORT: "4000"
DB_NAME: "prod_db"
DB_HOSTNAME: "phoenix-app-database"
NAMESPACE: "production"
長生不老藥應用程式的秘密
apiVersion: v1
kind: Secret
metadata:
name: phoenix-app-secrets
labels:
app: phoenix-app
data:
SECRET_KEY_BASE: KtpxCV3OY8KnRiC5yVo7Be GRVeND NxAsyk FASDFasdfadffhNS804MLk
DB_PASSWORD: cGhvZW5peC1kYi1wYXNzd29yZAo= # phoenix_db_username
DB_USERNAME: cGhvZW5peC1kYi11c2VybmFtZQo= # phoenix_db_password
Elixir 應用程式的部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: phoenix-app
labels:
app: phoenix-app
spec:
replicas: 2
selector:
matchLabels:
app: phoenix-app
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: phoenix-app
spec:
containers:
- name: phoenix-app
image: REDACTED
imagePullPolicy: Always
command: ["./bin/hello", "start"]
lifecycle:
preStop:
exec:
command: ["./bin/hello", "stop"]
ports:
- containerPort: 4000
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
envFrom:
- configMapRef:
name: phoenix-app-config
- secretRef:
name: phoenix-app-secrets
imagePullSecrets:
- name: gitlab-pull-secret
資料庫 yml 資源
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: phoenix-app-database
labels:
app: phoenix-app-database
spec:
serviceName: phoenix-app-database
replicas: 1
selector:
matchLabels:
app: phoenix-app-database
template:
metadata:
labels:
app: phoenix-app-database
spec:
containers:
- name: phoenix-app-database
image: postgres:12-alpine
envFrom:
- configMapRef:
name: phoenix-app-database-config
- secretRef:
name: phoenix-app-database-secrets
ports:
- containerPort: 5432
name: postgresdb
volumeMounts:
- name: phoenix-app-database
mountPath: /var/lib/postgresql/data
volumes:
- name: phoenix-app-database
persistentVolumeClaim:
claimName: phoenix-app-db-pvc
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: phoenix-app-db-pvc
spec:
storageClassName: microk8s-hostpath
capacity:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: phoenix-app-database-config
labels:
app: phoenix-app-database
data:
POSTGRES_DB: "prod_db"
---
apiVersion: v1
kind: Secret
metadata:
name: phoenix-app-database-secrets
labels:
app: phoenix-app-database
data:
POSTGRES_USER: cGhvZW5peF9kYl91c2VybmFtZQo= # phoenix_db_username
POSTGRES_PASSWORD: cGhvZW5peF9kYl9wYXNzd29yZAo= # phoenix_db_password
---
apiVersion: v1
kind: Service
metadata:
name: phoenix-app-database
labels:
app: phoenix-app-database
spec:
ports:
- port: 5432
name: phoenix-app-database
type: NodePort
selector:
app: phoenix-app-database
---
來自資料庫 pod 創建的日志
me@me:~/Documents/kubernetes-test$ kubectl logs phoenix-app-database-0 -n production
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... UTC
creating configuration files ... ok
running bootstrap script ... ok
sh: locale: not found
2022-01-05 20:47:02.013 UTC [30] WARNING: no usable system locales were found
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgresql/data -l logfile start
initdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
waiting for server to start....2022-01-05 20:47:02.621 UTC [36] LOG: starting PostgreSQL 12.9 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027, 64-bit
2022-01-05 20:47:02.623 UTC [36] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-01-05 20:47:02.641 UTC [37] LOG: database system was shut down at 2022-01-05 20:47:02 UTC
2022-01-05 20:47:02.645 UTC [36] LOG: database system is ready to accept connections
done
server started
CREATE DATABASE
/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
waiting for server to shut down....2022-01-05 20:47:02.794 UTC [36] LOG: received fast shutdown request
2022-01-05 20:47:02.795 UTC [36] LOG: aborting any active transactions
2022-01-05 20:47:02.797 UTC [36] LOG: background worker "logical replication launcher" (PID 43) exited with exit code 1
2022-01-05 20:47:02.797 UTC [38] LOG: shutting down
2022-01-05 20:47:02.808 UTC [36] LOG: database system is shut down
done
server stopped
PostgreSQL init process complete; ready for start up.
2022-01-05 20:47:02.904 UTC [1] LOG: starting PostgreSQL 12.9 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027, 64-bit
2022-01-05 20:47:02.904 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2022-01-05 20:47:02.905 UTC [1] LOG: listening on IPv6 address "::", port 5432
2022-01-05 20:47:02.909 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-01-05 20:47:02.925 UTC [50] LOG: database system was shut down at 2022-01-05 20:47:02 UTC
2022-01-05 20:47:02.929 UTC [1] LOG: database system is ready to accept connections
uj5u.com熱心網友回復:
好的,我已經解決了這個問題,修復起來相當簡單,但很難注意到。
我正在通過模板創建 yml 檔案,例如:
apiVersion: v1
kind: Secret
metadata:
name: {{APP_NAME}}-database-secrets
labels:
app: {{APP_NAME}}-database
data:
POSTGRES_USER: {{DB_USERNAME_B64}}
POSTGRES_PASSWORD: {{DB_PASSWORD_B64}}
然后我將這些模板合并在一起,并將所有{{ }}包含的宣告替換為來自特定環境的值。以 _B64 結尾的我在插入之前將其編碼為 base64 格式。
我這樣做似乎作業正常:
if [[ "${variable_key}" == *_B64 ]]; then
variable_value="$(echo "${variable_value}" | base64)"
fi
但是,這是不行的,因為當我echo在這里的變數時,我在變數中附加了一個換行符,這使得資料庫名稱和用戶名對于 postgres 來說是非法的。我在檢查 base64decode.org 上的解碼值時意識到了這一點,發現有兩行。
我通過將 bash 腳本更改為不列印換行符 ( -n)來修復它:
if [[ "${variable_key}" == *_B64 ]]; then
variable_value="$(echo -n "${variable_value}" | base64 -w 0 )"
fi
我希望這可以幫助將來有人除錯這個問題!
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/406333.html
標籤: