我是在云中编码和部署基础设施的新手。我想在 AKS 群集中部署 GLPI。它与数据库 MariaDB 位于不同的命名空间中。我创建了一个 DNS 来连接到 GLPI,并使用 Let's Encrypt 配置了 TLS(我使用测试服务器进行练习)。
我的 AKS 集群服务和 Pod 正在运行且有效(我使用
kubectl describe pods [podName] -n [namespaceName]
检查并对服务执行了相同的操作)。 docker 镜像已正确且成功地拉入我的 pod 中。
当我使用
glpi-v1.projetpro.space
连接到 GLPI 时,我可以开始设置并尝试连接到我的数据库。但是我收到以下错误消息:Can't connect to the database The server answered: Connection refused
。
对于数据库设置,我提供了数据库主机:
db1-service.database1.svc.cluster.local
、用户:glpi1-user
和用户密码(我在部署中提供了环境变量,并使用 configMap 和以 base64 编码的 Kubernetes 密钥)。
我使用数据库主机的 FQDN,因为我的数据库和 GLPI 的部署和服务位于不同的命名空间中。如果我希望它们能够连接,我需要使用 FQDN(根据我找到的 Kubernetes 文档)。
这是我的代码:
# glpi-v1.yaml
# Deployment of Redis
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: glpi-one
spec:
replicas: 1
selector:
matchLabels:
app: redis-glpi
template:
metadata:
labels:
app: redis-glpi
spec:
volumes:
- name: redis-vol
persistentVolumeClaim:
claimName: redis-pvc
containers:
- name: redis
image: redis:latest
args: ["--requirepass", "$(REDIS_PWD)"]
volumeMounts:
- name: redis-vol
mountPath: /data
env:
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PWD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 6379
name: redis
---
# Service for Redis (Cluster IP)
apiVersion: v1
kind: Service
metadata:
name: redis-service
namespace: glpi-one
spec:
ports:
- port: 6379
selector:
app: redis-glpi
---
# ConfigMap for Environment Variables for Mariadb for GLPI v1
apiVersion: v1
kind: ConfigMap
metadata:
name: dbone-config
namespace: database1
data:
MARIADB_DATABASE: glpidb1
MARIADB_USER: glpi1_user
MARIADB_ROOT_HOST: db1-service.database1.svc.cluster.local # % per default
---
# Secret for Sensitive Data for Mariadb for GLPI v1
apiVersion: v1
kind: Secret
metadata:
name: dbone-secret
namespace: database1
type: Opaque
data:
MARIADB_ROOT_PASSWORD:
MARIADB_PASSWORD:
---
# Service for Maria database for GLPI v1
apiVersion: v1
kind: Service
metadata:
name: db1-service
namespace: database1
spec:
ports:
- protocol: TCP
port: 3306
targetPort: 3306
selector:
app: mariadb-one
---
# Deployment of MariaDB for GLPI v1
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb-one
namespace: database1
spec:
serviceName: db1-service
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
volumes:
- name: dbone-vol
persistentVolumeClaim:
claimName: dbone-pvc
containers:
- name: mariadb
image: dunvael/db_v10.0.9 # Spécifier ici le nom de l'image mariadb utilisée. Format : compteDocker/nomRepertoire:tagImage dunvael/db_v10.0.9:latest
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 3306
volumeMounts:
- name: dbone-vol
mountPath: /data # /var/lib/mysql
envFrom:
- configMapRef:
name: dbone-config
- secretRef:
name: dbone-secret
restartPolicy: Always
---
# PV Claim creation for Mariadb for GLPI v1
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dbone-pvc
namespace: database1
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
# ConfigMap for Environment Variables for GLPI v1
apiVersion: v1
kind: ConfigMap
metadata:
name: glpi-one-config
namespace: glpi-one
data:
MARIADB_DATABASE: glpidb1
MARIADB_USER: glpi1_user
DB_HOST: db1-service.database1.svc.cluster.local # Points to MariaDB service, default = localhost
DB_PORT: '3306'
DEFAULT_LANGUAGE: FR
---
# Secret for Sensitive Data for GLPI v1
apiVersion: v1
kind: Secret
metadata:
name: dbone-secret
namespace: glpi-one
type: Opaque
data:
MARIADB_ROOT_PASSWORD:
MARIADB_PASSWORD:
---
# Deployment of GLPI v1
apiVersion: apps/v1
kind: Deployment
metadata:
name: glpi-one
namespace: glpi-one
spec:
selector:
matchLabels:
app: glpi-one
replicas: 1
template:
metadata:
labels:
app: glpi-one
spec:
initContainers:
- name: init-chown-data
image: busybox
command: ["sh", "-c", "chown -R www-data:www-data /var/www/glpi /var/log/glpi /var/lib/glpi"]
volumeMounts:
- name: glpi-data
mountPath: /var/www/glpi
- name: glpi-logs
mountPath: /var/log/glpi
- name: glpi-var
mountPath: /var/lib/glpi
containers:
- name: glpi
image: dunvael/glpi_v10.0.9 # Spécifier ici le nom de l'image GLPI utilisée
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
envFrom:
- configMapRef:
name: glpi-one-config
- secretRef:
name: dbone-secret
ports:
- containerPort: 80
- containerPort: 443
volumeMounts:
- name: glpi-data
mountPath: /var/www/glpi
- name: glpi-logs
mountPath: /var/log/glpi
- name: glpi-var
mountPath: /var/lib/glpi
env:
- name: REDIS
value: "redis-service"
- name: REDIS_PWD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
volumes:
- name: glpi-data
emptyDir: {}
- name: glpi-logs
emptyDir: {}
- name: glpi-var
emptyDir: {}
restartPolicy: Always
---
# Service for GLPI v1 (Cluster IP)
apiVersion: v1
kind: Service
metadata:
name: glpi-service
namespace : glpi-one
spec:
ports:
- name: http
port: 80 # Port accessible inside cluster
targetPort: 80 # Port to forward to inside the pod
- name: https
port: 443 # Expose the additional port
targetPort: 443 # Set the target port for the additional port
selector:
app: glpi-one
---
# PV Claim creation for GLPI v1
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-pvc
namespace: glpi-one
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
# Autoscale for GLPI v1
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: scale-glpi-one
namespace: glpi-one
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: glpi-one
minReplicas: 1
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: AverageValue
averageValue: 200Mi
我查了很多出版物,似乎找不到答案。你能给我建议吗?如果这是由于我的经验不足或误解造成的,我提前道歉。非常感谢。
我检查了所有服务和 pod,并描述了它们(使用 kubectl 命令)。
我尝试使用 mariadb 部署中的 initcontainer 中的命令向我的用户授予权限,但是 initcontainer 不断崩溃,我的 pod 无法启动。
# Deployment of MariaDB for GLPI v1
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb-one
namespace: database1
spec:
serviceName: db1-service
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
volumes:
- name: dbone-vol
persistentVolumeClaim:
claimName: dbone-pvc
initContainers:
- name: init-database
image: mariadb:latest # Use an image with MySQL/MariaDB client tools
command: ["sh", "-c", "mysql -h db1-service -u root -p$MARIADB_ROOT_PASSWORD -e 'GRANT ALL PRIVILEGES ON glpidb1.* TO ''glpi1_user''@''%'';'"]
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: dbone-secret
key: MARIADB_ROOT_PASSWORD # Use the root password stored in your secret
envFrom:
- configMapRef:
name: dbone-config
volumeMounts:
- name: dbone-vol
mountPath: /data
containers:
- name: mariadb
image: dunvael/db_v10.0.9
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 3306
volumeMounts:
- name: dbone-vol
mountPath: /data
envFrom:
- configMapRef:
name: dbone-config
- secretRef:
name: dbone-secret
restartPolicy: Always
我尝试使用 localhost 而不是 FQDN,但收到错误消息:找不到数据库。
我尝试直接从我的 pod 连接到数据库,但一直失败 (
kubectl exc -it [podName] -n [namespaceName]
)。我检查了几个有关如何连接的视频,但似乎无法理解我遗漏或误解的内容。
首先,不需要
initContainers
容器,因为默认情况下 GRANT ALL ON database.* TO user
由入口点完成。
连接被拒绝很可能是在容器准备好之前尝试连接。使用 healthcheck.sh 作为 readiness 探针
command
将允许您的 init 容器在准备就绪时进行连接。
其他事项:
mysql
在容器中不是必需的,从 11.0+ 开始,mariadb
可执行文件将发挥其作用(这从 10.4+ 开始就存在)。