问题描述
可以请人帮我吗?这是我在这里的第一篇文章,我真的很退出,开始在这里发表文章并帮助人们,但我首先需要帮助.
Can please somebody help me? This is my first post here, and I am really exited to start posting here and helping people but I need help first.
我正在Minikube上部署自己的Postgres数据库.对于数据库,密码和用户名,我正在使用机密.
I am deploying my own Postgres database on Minikube. For db, password and username I am using secrets.
数据使用base64编码
Data is encoded with base64
- POSTGRES_USER =网站用户
- POSTGRES_DB =网站
- POSTGRES_PASSWORD =通过
我还执行了进入容器的操作,以查看是否可以看到这些env,并且它们在那里.
I also exec into container to see if I could see these envs and they were there.
问题是当我尝试使用psql进入postgres时.我检查了minikube ip,并在此命令后输入了正确的密码(通过):
The problem is when I try to enter into postgres with psql. I checked minikube ip and typed correct password(pass) after this command:
pqsl -h 192.168.99.100 -U website_user -p 31315 website
错误
另外,如果我执行我的Pod:
Also if I exec into my pod:
kubectl exec -it postgres-deployment-744fcdd5f5-7f7vx bash
并尝试输入我得到的postgres:
And try to enter into postgres I get:
psql -h $(hostname -i) -U website_user -p 5432 website
错误:
我这里缺少东西.我也在容器中尝试了ps aux,一切似乎都发现postgres进程正在运行
I am lacking something here.I tried also ps aux in container, and everything seems to be find postgres processes are running
kubectl get all
输出:
NAME READY STATUS RESTARTS AGE
pod/postgres-deployment-744fcdd5f5-7f7vx 1/1 Running 0 18m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19m
service/postgres-service NodePort 10.109.235.114 <none> 5432:31315/TCP 18m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/postgres-deployment 1/1 1 1 18m
NAME DESIRED CURRENT READY AGE
replicaset.apps/postgres-deployment-744fcdd5f5 1 1 1 18m
# Secret store
apiVersion: v1
kind: Secret
metadata:
name: postgres-credentials
type: Opaque
data:
POSTGRES_USER: d2Vic2l0ZV91c2VyCg==
POSTGRES_PASSWORD: cGFzcwo=
POSTGRES_DB: d2Vic2l0ZQo=
---
# Persistent Volume
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-pv
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/postgres-pv
---
# Persistent Volume Claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
labels:
type: local
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
volumeName: postgres-pv
---
# Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-deployment
spec:
selector:
matchLabels:
app: postgres-container
template:
metadata:
labels:
app: postgres-container
spec:
containers:
- name: postgres-container
image: postgres:9.6.6
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-credentials
key: POSTGRES_USER
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: postgres-credentials
key: POSTGRES_DB
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-credentials
key: POSTGRES_PASSWORD
ports:
- containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-volume-mount
volumes:
- name: postgres-volume-mount
persistentVolumeClaim:
claimName: postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres-service
spec:
selector:
app: postgres-container
ports:
- port: 5432
protocol: TCP
targetPort: 5432
type: NodePort
推荐答案
您使用以下方法创建了所有值:
-
$ echo "value" | base64 - 您应该使用:
$ echo -n "value" | base64
以下echo的官方手册页:
-n =不输出尾随换行符
-n = do not output the trailing newline
TL; DR :您需要使用新值编辑Secret定义:
TL;DR: You need to edit your Secret definition with new values:
-
$ echo -n "website_user" | base64 -
$ echo -n "website" | base64 -
$ echo -n "pass" | base64
$ echo -n "website_user" | base64$ echo -n "website" | base64$ echo -n "pass" | base64
您使用尾随换行符创建了Secret.请看下面的例子:
You created your Secret with a trailing newline. Please take a look at below example:
-
POSTGRES_USER:-
$ echo "website_user" | base64- 输出:
d2Vic2l0ZV91c2VyCg==与您的相同
POSTGRES_USER:$ echo "website_user" | base64- output:
d2Vic2l0ZV91c2VyCg==which is the same as yours
- 输出:
d2Vic2l0ZV91c2Vy这是正确值
-
$ echo "pass" | base64- 输出:
cGFzcwo=与您的相同
$ echo "pass" | base64- output:
cGFzcwo=which is the same as yours
- 输出:
cGFzcw==这是正确值
-
$ echo "website" | base64- 输出:
d2Vic2l0ZQo=与您的相同
$ echo "website" | base64- output:
d2Vic2l0ZQo=which is the same as yours
- 输出:
d2Vic2l0ZQ==这是正确值
您的
Secret应该看起来像这样:Your
Secretshould look like that:apiVersion: v1 kind: Secret metadata: name: postgres-credentials type: Opaque data: POSTGRES_USER: d2Vic2l0ZV91c2Vy POSTGRES_PASSWORD: cGFzcw== POSTGRES_DB: d2Vic2l0ZQ==如果使用新的
Secret创建它,则应该能够连接到数据库:If you create it with a new
Secretyou should be able to connect to the database:root@postgres-deployment-64d697868c-njl7q:/# psql -h $(hostname -i) -U website_user -p 5432 website Password for user website_user: psql (9.6.6) Type "help" for help. website=#请查看其他链接:
- Github.com: Kubernetes: issues: Config map vs secret to store credentials for Postgres deployment
- Kubernetes.io: Secrets
这篇关于如何使用本地开发者minikube进入Kubernetes中的Postgres的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!
- output:
- 输出:
- output:
- 输出:
- output:
- 输出:
-