我对在云中编码和部署基础设施是个新手。我想在AKS群集中部署GLPI。它位于与数据库MariaDB不同的命名空间中。我创建了一个DNS来连接到GLPI,并使用Let's Encrypt配置了TLS(我使用测试服务器进行练习)。
我的AKS集群服务和pod正在运行并且有效(我使用kubectl describe pods [podName] -n [namespaceName]进行了检查,并对服务进行了相同的检查)。Docker镜像被正确并成功地拉入我的pod中。
当我用glpi-v1.projetpro.space连接到我的GLPI时,我可以开始安装并尝试连接到我的数据库。但我得到以下错误消息:Can't connect to the database The server answered: Connection refused。
Connection_Refused
对于数据库设置,我提供了数据库主机:db1-service.database1.svc.cluster.local,用户:glpi1-user和用户的密码(我在部署中提供了环境变量,并使用base64编码的Kubernetes secrets)。
我使用数据库主机的服务器,因为我的数据库和GLPI的部署和服务在不同的名称空间中。如果我想让它们能够连接,我需要使用Kubernetes(根据我找到的Kubernetes文档)。
这是我的代码:
# glpi-v1.yaml
# Deployment of Redis
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: glpi-one
spec:
replicas: 1
selector:
matchLabels:
app: redis-glpi
template:
metadata:
labels:
app: redis-glpi
spec:
volumes:
- name: redis-vol
persistentVolumeClaim:
claimName: redis-pvc
containers:
- name: redis
image: redis:latest
args: ["--requirepass", "$(REDIS_PWD)"]
volumeMounts:
- name: redis-vol
mountPath: /data
env:
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PWD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 6379
name: redis
---
# Service for Redis (Cluster IP)
apiVersion: v1
kind: Service
metadata:
name: redis-service
namespace: glpi-one
spec:
ports:
- port: 6379
selector:
app: redis-glpi
---
# ConfigMap for Environment Variables for Mariadb for GLPI v1
apiVersion: v1
kind: ConfigMap
metadata:
name: dbone-config
namespace: database1
data:
MARIADB_DATABASE: glpidb1
MARIADB_USER: glpi1_user
MARIADB_ROOT_HOST: db1-service.database1.svc.cluster.local # % per default
---
# Secret for Sensitive Data for Mariadb for GLPI v1
apiVersion: v1
kind: Secret
metadata:
name: dbone-secret
namespace: database1
type: Opaque
data:
MARIADB_ROOT_PASSWORD:
MARIADB_PASSWORD:
---
# Service for Maria database for GLPI v1
apiVersion: v1
kind: Service
metadata:
name: db1-service
namespace: database1
spec:
ports:
- protocol: TCP
port: 3306
targetPort: 3306
selector:
app: mariadb-one
---
# Deployment of MariaDB for GLPI v1
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb-one
namespace: database1
spec:
serviceName: db1-service
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
volumes:
- name: dbone-vol
persistentVolumeClaim:
claimName: dbone-pvc
containers:
- name: mariadb
image: dunvael/db_v10.0.9 # Spécifier ici le nom de l'image mariadb utilisée. Format : compteDocker/nomRepertoire:tagImage dunvael/db_v10.0.9:latest
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 3306
volumeMounts:
- name: dbone-vol
mountPath: /data # /var/lib/mysql
envFrom:
- configMapRef:
name: dbone-config
- secretRef:
name: dbone-secret
restartPolicy: Always
---
# PV Claim creation for Mariadb for GLPI v1
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dbone-pvc
namespace: database1
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
# ConfigMap for Environment Variables for GLPI v1
apiVersion: v1
kind: ConfigMap
metadata:
name: glpi-one-config
namespace: glpi-one
data:
MARIADB_DATABASE: glpidb1
MARIADB_USER: glpi1_user
DB_HOST: db1-service.database1.svc.cluster.local # Points to MariaDB service, default = localhost
DB_PORT: '3306'
DEFAULT_LANGUAGE: FR
---
# Secret for Sensitive Data for GLPI v1
apiVersion: v1
kind: Secret
metadata:
name: dbone-secret
namespace: glpi-one
type: Opaque
data:
MARIADB_ROOT_PASSWORD:
MARIADB_PASSWORD:
---
# Deployment of GLPI v1
apiVersion: apps/v1
kind: Deployment
metadata:
name: glpi-one
namespace: glpi-one
spec:
selector:
matchLabels:
app: glpi-one
replicas: 1
template:
metadata:
labels:
app: glpi-one
spec:
initContainers:
- name: init-chown-data
image: busybox
command: ["sh", "-c", "chown -R www-data:www-data /var/www/glpi /var/log/glpi /var/lib/glpi"]
volumeMounts:
- name: glpi-data
mountPath: /var/www/glpi
- name: glpi-logs
mountPath: /var/log/glpi
- name: glpi-var
mountPath: /var/lib/glpi
containers:
- name: glpi
image: dunvael/glpi_v10.0.9 # Spécifier ici le nom de l'image GLPI utilisée
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
envFrom:
- configMapRef:
name: glpi-one-config
- secretRef:
name: dbone-secret
ports:
- containerPort: 80
- containerPort: 443
volumeMounts:
- name: glpi-data
mountPath: /var/www/glpi
- name: glpi-logs
mountPath: /var/log/glpi
- name: glpi-var
mountPath: /var/lib/glpi
env:
- name: REDIS
value: "redis-service"
- name: REDIS_PWD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
volumes:
- name: glpi-data
emptyDir: {}
- name: glpi-logs
emptyDir: {}
- name: glpi-var
emptyDir: {}
restartPolicy: Always
---
# Service for GLPI v1 (Cluster IP)
apiVersion: v1
kind: Service
metadata:
name: glpi-service
namespace : glpi-one
spec:
ports:
- name: http
port: 80 # Port accessible inside cluster
targetPort: 80 # Port to forward to inside the pod
- name: https
port: 443 # Expose the additional port
targetPort: 443 # Set the target port for the additional port
selector:
app: glpi-one
---
# PV Claim creation for GLPI v1
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-pvc
namespace: glpi-one
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
# Autoscale for GLPI v1
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: scale-glpi-one
namespace: glpi-one
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: glpi-one
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: AverageValue
averageValue: 200Mi我查了很多出版物,似乎找不到答案。你能给我点建议吗?如果这是由于我的经验不足或误解,我提前道歉。非常感谢
我所尝试的:我检查了我所有的服务和pod,描述了它们(使用kubectl命令)。
我试图在我的mariadb部署中的initcontainer中使用命令授予我的用户权限,但是initcontainer一直崩溃,我的pod无法启动。
# Deployment of MariaDB for GLPI v1
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb-one
namespace: database1
spec:
serviceName: db1-service
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
volumes:
- name: dbone-vol
persistentVolumeClaim:
claimName: dbone-pvc
initContainers:
- name: init-database
image: mariadb:latest # Use an image with MySQL/MariaDB client tools
command: ["sh", "-c", "mysql -h db1-service -u root -p$MARIADB_ROOT_PASSWORD -e 'GRANT ALL PRIVILEGES ON glpidb1.* TO ''glpi1_user''@''%'';'"]
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: dbone-secret
key: MARIADB_ROOT_PASSWORD # Use the root password stored in your secret
envFrom:
- configMapRef:
name: dbone-config
volumeMounts:
- name: dbone-vol
mountPath: /data
containers:
- name: mariadb
image: dunvael/db_v10.0.9
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 3306
volumeMounts:
- name: dbone-vol
mountPath: /data
envFrom:
- configMapRef:
name: dbone-config
- secretRef:
name: dbone-secret
restartPolicy: Always我尝试使用localhost而不是MySQL,但我得到的错误消息是找不到数据库。
我试图从我的pod直接连接到数据库,但它一直失败(kubectl exc -it [podName] -n [namespaceName])。我检查了几个关于如何连接的视频,似乎不明白我错过了什么或误解了什么。
1条答案
按热度按时间8ulbf1ek1#
首先,不需要
initContainers容器,因为默认情况下GRANT ALL ON database.* TO user是由入口点完成的。拒绝连接很可能是在容器准备好之前尝试连接。使用healthcheck.sh作为readiness probe
command将允许您的init容器在准备就绪时连接。其他事项:
mysql在容器中是不必要的,从11.0+开始,mariadb可执行文件将服务于它的位置(这是从10.4+开始存在的)。