我设置了一个Minikube并在其中运行了一个mongo实例。我使用Consul + Consul Connect来划分我的服务。只有我无法使用Sidecar上游从其他服务连接到mongo,正在发生一些奇怪的事情...
我的mongo实例是使用bitnami舵图安装的,我只是设置服务名称,设置用户名并更改存储类以匹配我的需要,并在pod注释部分中为服务网格放置领事注释:
image:
registry: docker.io
repository: bitnami/mongodb
tag: 4.2.5-debian-10-r3
pullPolicy: IfNotPresent
debug: false
serviceAccount:
create: true
name: "svc-identity-data"
usePassword: true
mongodbRootPassword: rootpassword
mongodbUsername: identity
mongodbPassword: identity
mongodbDatabase: company
service:
name: svc-identity-data
annotations: {}
type: ClusterIP
port: 27017
useStatefulSet: true
replicaSet:
enabled: false
useHostnames: true
name: rs0
replicas:
secondary: 1
arbiter: 1
pdb:
enabled: true
minAvailable:
primary: 1
secondary: 1
arbiter: 1
annotations: {}
labels: {}
podAnnotations:
"consul.hashicorp.com/connect-inject": "true"
"consul.hashicorp.com/connect-service": "svc-identity-data"
"consul.hashicorp.com/connect-service-protocol": "tcp"
persistence:
enabled: true
mountPath: /bitnami/mongodb
subPath: ""
storageClass: "standard"
accessModes:
- ReadWriteOnce
size: 8Gi
annotations: {}
configmap:
storage:
dbPath: /bitnami/mongodb/data/db
journal:
enabled: true
directoryPerDB: false
systemLog:
destination: file
quiet: false
logAppend: true
logRotate: reopen
path: /opt/bitnami/mongodb/logs/mongodb.log
verbosity: 0
net:
port: 27017
unixDomainSocket:
enabled: true
pathPrefix: /opt/bitnami/mongodb/tmp
ipv6: false
bindIp: 0.0.0.0
processManagement:
fork: false
pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid
setParameter:
enableLocalhostAuthBypass: true
security:
authorization: enabled
接着,我启动了一个独立的mongodb pod来使用mongo客户端,并使用注释与领事连接进行了网格划分
apiVersion: v1
kind: Pod
metadata:
name: mongo-client
labels:
name: mongo-client
annotations:
"consul.hashicorp.com/connect-inject": "true"
"consul.hashicorp.com/connect-service-upstreams": "svc-identity-data:28017"
"consul.hashicorp.com/connect-service-protocol": "tcp"
spec:
containers:
- name: mongo-client
image: mongo:4.2.5
imagePullPolicy: IfNotPresent
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 27017
我现在有一个mongodb服务和一个mongo客户吊舱,其上游绑定到mongodb服务绑定在127.0.0.1:28017上
当我尝试使用上游连接到mongodb服务时,出现了我不了解的行为
> kubectl exec -it mongo-client mongo --host 127.0.0.1 --port 28017 -u root -p rootpassword
MongoDB shell version v4.2.5
connecting to: mongodb://127.0.0.1:28017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("8c46012d-8083-4029-8495-167bbe8bf063") }
MongoDB server version: 4.2.5
Server has startup warnings:
2020-04-22T12:20:14.777+0000 I STORAGE [initandlisten]
2020-04-22T12:20:14.777+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2020-04-22T12:20:14.777+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
>
bye
这里没有问题,一切对我来说都很好,但是,如果我使用带有连接字符串而不是单独参数的mongo,则会拒绝连接]]
> kubectl exec -it mongo-client mongo mongodb://root:[email protected]:28017/?authSource=admin MongoDB shell version v4.2.5 connecting to: mongodb://127.0.0.1:28017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb 2020-04-22T15:04:07.955+0000 I NETWORK [js] DBClientConnection failed to receive message from 127.0.0.1:28017 - HostUnreachable: Connection closed by peer 2020-04-22T15:04:07.968+0000 E QUERY [js] Error: network error while attempting to run command 'isMaster' on host '127.0.0.1:28017' : connect@src/mongo/shell/mongo.js:341:17 @(connect):2:6 2020-04-22T15:04:07.973+0000 F - [main] exception: connect failed 2020-04-22T15:04:07.973+0000 E - [main] exiting with code 1
我完全不了解使用连接字符串和单独的参数之间的区别,如果您有任何线索或解决方案,请告诉我。
PS:我没有设置任何安全通信(tls),我在minikube上(因为我是微服务架构和Kubernetes n00b),并且它是在试验服务网格(我们需要生活在当前时代) ),不涉及不使用sidecar来连接服务的解决方案就不是重点,通过使用连接字符串直接连接到服务可以很好地工作。
> kubectl exec -it mongo-client mongo -mongodb://root:roopassword@svc-identity-data:28017/?authSource=admin MongoDB shell version v4.2.5 connecting to: mongodb://svc-identity-data:27017/?compressors=disabled&gssapiServiceName=mongodb Implicit session: session { "id" : UUID("713febaf-2000-4ca6-8b1f-963c76986e72") } MongoDB server version: 4.2.5 Server has startup warnings: 2020-04-22T12:20:14.777+0000 I STORAGE [initandlisten] 2020-04-22T12:20:14.777+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2020-04-22T12:20:14.777+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem --- Enable MongoDB's free cloud-based monitoring service, which will then receive and display metrics about your deployment (disk utilization, CPU, operation statistics, etc). The monitoring data will be available on a MongoDB website with a unique URL accessible to you and anyone you share the URL with. MongoDB may use this information to make product improvements and to suggest MongoDB products and deployment options to you. To enable free monitoring, run the following command: db.enableFreeMonitoring() To permanently disable this reminder, run the following command: db.disableFreeMonitoring() --- > bye
编辑:重新启动minikube使所有事情按预期工作。我将对此事进行更多调查,以了解原因。也许其他人也会遇到同样的问题。
我设置了一个Minikube并在其中运行了一个mongo实例。我使用Consul + Consul Connect来划分我的服务。只有我无法使用Sidecar上游从其他服务连接到mongo,有些奇怪...
问题可能是证书的CN与MongoDB
的配置文件中的主机名值不匹配。它与运行它的MongoDB规范和参数有关。