我想将我的 Kubernetes 集群连接到 Google Cloud SQL。
我至少有 10 个不同的已部署 pod,它们目前使用 JDBC url + 用户名/密码连接到 MySQL [部署到 k8s 的 docker 映像]。
是否可以使用 Google Cloud SQL 代理的单个实例并通过此代理将所有 pod 连接到 Cloud SQL 数据库?理想情况下,我想用代理替换容器中运行的 mysql。
我宁愿不必在每个部署中运行代理。我发现的唯一示例似乎表明代理需要在每个部署中声明。
问问题
2249 次
3 回答
15
我找到了解决方案。
使用下面的 yml 部署代理,并将部署公开为服务。最重要的是,让代理监听 0.0.0.0,而不是默认的 127.0.0.1。根据 Google Cloud sql 文档的所有秘密
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
template:
metadata:
name: mysql
labels:
name: mysql
spec:
containers:
- image: b.gcr.io/cloudsql-docker/gce-proxy:1.05
name: cloudsql-proxy
command: ["/cloud_sql_proxy", "--dir=/cloudsql",
"-instances=MYSQL:ZONE:DATABASE_INSTANCE=tcp:0.0.0.0:3306",
"-credential_file=/secrets/cloudsql/credentials.json"]
volumeMounts:
- name: cloudsql-oauth-credentials
mountPath: /secrets/cloudsql
readOnly: true
- name: ssl-certs
mountPath: /etc/ssl/certs
ports:
- containerPort: 3306
name: mysql
volumes:
- name: cloudsql-oauth-credentials
secret:
secretName: cloudsql-oauth-credentials
- name: ssl-certs
hostPath:
path: /etc/ssl/certs
该解决方案比在与客户端软件相同的部署中使用代理稍微贵一些,因为有一个额外的 TCP 连接。
不过有很多好处:
- 更简单,不需要修改现有的 K8S 部署文件
- 允许将实现切换到 MySQL Docker 容器或使用 Google Cloud SQL 代理,而无需对客户端配置进行任何修改。
于 2016-12-16T11:53:12.963 回答
2
You can create a deployment and a service to expose the cloudsql proxy to other pods like so:
apiVersion: v1
kind: Service
metadata:
name: cloudsqlproxy
spec:
ports:
- port: 3306
targetPort: database-port
selector:
app: cloudsqlproxy
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: cloudsqlproxy
spec:
template:
metadata:
labels:
app: cloudsqlproxy
spec:
volumes:
- name: service-account-token
secret:
secretName: service-account-token
containers:
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.11
imagePullPolicy: Always
command:
- /cloud_sql_proxy
- -instances=<project>:<cloudsqlinstance>=tcp:0.0.0.0:3306
- -credential_file=/secrets/cloudsql/credentials.json
ports:
- name: database-port
containerPort: 3306
volumeMounts:
- name: service-account-token
mountPath: /secrets/cloudsql
readOnly: true
So within any of your pods, the database your MYSQL_HOST:MYSQL_PORT will be cloudsqlproxy:3306
For multiple databases through the same proxy, you'd have the same deployment structure for the proxy, except that you will now expose 2 ports from the pod, like so:
apiVersion: extensions/v1beta1
...
spec:
template:
...
spec:
volumes:
...
containers:
- name: cloudsql-proxy
...
ports:
- name: database-port1
containerPort: 3306
- name: database-port2
containerPort: 3307
...
Then you'd create 2 services to for discovery on those ports like so:
apiVersion: v1
kind: Service
metadata:
name: cloudsqlproxy-db1
spec:
ports:
- port: 3306
targetPort: database-port1
selector:
app: cloudsqlproxy
---
apiVersion: v1
kind: Service
metadata:
name: cloudsqlproxy-db2
spec:
ports:
- port: 3306
targetPort: database-port2
selector:
app: cloudsqlproxy
So, with both services set to port 3306, you can connect to each database on that port:
mysql --host=cloudsqlproxy-db1 --port=3306 ...
mysql --host=cloudsqlproxy-db2 --port=3306 ...
Reference: https://github.com/GoogleCloudPlatform/cloudsql-proxy/blob/master/Kubernetes.md
于 2018-05-27T19:36:05.903 回答
0
有了谷歌“私有 IP”,云代理现在就无关紧要了!
于 2019-04-01T09:22:12.440 回答