在 Azure 云中,我有以下基础架构:
一个包含两个子网的 Vnet。
- 网络:10.0.0.0/8
- aks-子网:10.240.0.0/16
- 持久性子网:10.241.0.0/27
已安装Azure Kubernetes 群集并将其关联到aks-subnet.
在persistence-subnet托管的Azure Database for MySQL paas 中,部署并关联到它。
有persistence-subnet两个服务端点:Microsoft.Sql和Microsoft.Storage
具有服务aks-subnet端点Microsoft.Sql
Azure Kubernetes 集群是使用 Azure CNI 网络配置文件部署的,因此,每个 pod 都会获得一个属于aks-subnet. 此外,我决定选择 Azure CNI,因为我需要将内部的 podaks-subnet与 MySQL 托管服务进行通信。
在托管的Azure Database for MySQL paas 服务中,我已将aks-subnetip 地址范围列入白名单,以允许内部的 podaks-subnet访问 MySQL 服务。
"StartIpAddress": "10.240.0.0",
"EndIpAddress": "10.240.255.255"
在 AKS 集群中,我使用 helm3 部署 Wordpress helm 图表,使用此命令
helm3 install wordpress-site-1 stable/wordpress --set image.registry=myregistry.azurecr.io,image.repository=wordpress,image.tag=5.2.4,image.pullPolicy=Always,wordpressUsername=site1,wordpressPassword=my-password,wordpressEmail=my@gmail.com,mariadb.enabled=false,externalDatabase.host=database-db.mysql.database.azure.com,externalDatabase.user=user@wdatabase-db,externalDatabase.password=my-password,externalDatabase.database=wordpress-site-1,externalDatabase.port=3306
NAME: wordpress-site-1
LAST DEPLOYED: Tue Oct 29 13:24:03 2019
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the WordPress URL:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w wordpress-site-1'
export SERVICE_IP=$(kubectl get svc --namespace default wordpress-site-1 --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
echo "WordPress URL: http://$SERVICE_IP/"
echo "WordPress Admin URL: http://$SERVICE_IP/admin"
2. Login with the following credentials to see your blog
echo Username: site1
echo Password: $(kubectl get secret --namespace default wordpress-site-1 -o jsonpath="{.data.wordpress-password}" | base64 --decode)
部署正在运行,但是当我检查 wordpress pod 日志时,我收到了以下错误消息:
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
[29-Oct-2019 13:01:13 UTC] PHP Warning: mysqli::__construct(): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
[29-Oct-2019 13:01:13 UTC] PHP Warning: mysqli::__construct(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
WARNING: unable to establish a database connection to 'mysql'
continuing anyways (which might have unexpected results)
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 29 13:01:14.027023 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 13:01:14.027099 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:13:01:22 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:32 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:42 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
看起来位于内部的 wordpress podaks-subnet无法访问位于 中的 MySQL 服务,persistence-subnet尽管我通过helm install command正确的参数提供它。
奇怪的是,豆荚可以访问互联网,而且我一直在仔细检查允许这种通信的规则和权限。
有什么我不知道的吗?
如何从部署在 Aks 集群内的 Wordpress 服务访问 MySQL 数据库?
更新:
在使用helm install命令部署 Wordpress 之前,我以手动方式创建了指向 Azure 容器注册表数据的 docker 注册表秘密:
kubectl create secret docker-registry regcred --docker-server=my-registry.azurecr.io --docker-username=my-username --docker-password=my-password --docker-email=my-email@outlook.com
regcred我在本地 helm 图表中引用了这一点,deployment.yaml并使用该命令部署了 Wordpress helm install,看起来它可以工作,或者至少 MySQL 没有引起问题。
只是ServerNameApache 指令,因为我的 deploymnet 过程中还没有任何主机名,还没有。
⟩ kubectl logs pod/wordpress-site-1-7f44b567d6-2949w -f
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
### APACHE SERVERNAME WARNING
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
#####
[Tue Oct 29 16:13:16.327549 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 16:13:16.327630 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:48 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
我知道此时数据库不会发生任何事情,因为我们需要通过 Web 访问 Wordpress 站点并部署该站点,那么在那个时候创建数据库表对吗?
所以我port-forward从 kubernetes 做了一个操作:
⟩ kubectl port-forward pod/wordpress-site-1-7f44b567d6-2949w 8002:80
Forwarding from 127.0.0.1:8002 -> 80
Forwarding from [::1]:8002 -> 80
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
当我去http://localhost:8002/时,浏览器会重定向到我 http://localhost:8002/wp-admin/setup-config.php我可以看到 wordpress 向导。
所以我用我之前在数据库服务器中创建的数据库名称填充数据
当我在向导 UI 中提交数据时,我得到以下信息:
数据连接的消息引用问题
This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at wordpresssentiaassessment-db.mysql.database.azure.com. This could mean your host’s database server is down.
Are you sure you have the correct username and password?
Are you sure that you have typed the correct hostname?
Are you sure that the database server is running?
但也许是因为从端口转发操作我们无法从我的本地机器联系到数据库?
我的意思是,进程是不是能够做一个反向端口转发来联系数据库?
我是否需要将 Wordpress 服务应用程序公开给某个域和 IP 公共地址才能联系数据库并安装 Wordpresss?
所以,我进入 pod wordpress 容器进行检查wp-config.php
⟩ kubectl exec -it pod/wordpress-site-1-7f44b567d6-2949w /bin/sh
但是wp-config.php文件不存在,
# ls
index.php wp-activate.php wp-comments-post.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php
license.txt wp-admin wp-config-sample.php wp-includes wp-login.php wp-signup.php
readme.html wp-blog-header.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php
# cat wp-config.php
cat: wp-config.php: No such file or directory
我有一个wp-config-sample.php,这是他们的内容,但我看不到任何关于 FQDN 的信息。
或者也许我需要在 wp-config.php 中做一些事情,也许重命名 wp-config-sample.php为wp-config.php并在该文件中添加注入到 pod 中的变量?
# nano wp-config-sample.php
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://codex.wordpress.org/Editing_wp-config.php
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define( 'WP_DEBUG', false );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}
/** Sets up WordPress vars and included files. */
require_once( ABSPATH . 'wp-settings.php' );