.png)
상태 저장 k8s PostgreSQL 클러스터를 채택하려고 합니다.이 기사를 바탕으로우리 회사의 지역 환경에.
편집하다
이것은 내가 직접 설정하지 않은 vmware tanzu 클러스터이므로 클러스터 자체의 본질에 대한 추가 세부 정보가 없습니다. 내가 참조하고 있는 StorageClass를 추가했습니다.
> kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.8", GitCommit:"5575935422cc1cf5169dfc8847cb587aa47bac5a", GitTreeState:"clean", BuildDate:"2021-06-16T13:00:45Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.8+vmware.1", GitCommit:"3e397df2f5dadadfa35958ec45c14b0e81abc25f", GitTreeState:"clean", BuildDate:"2021-06-21T16:59:40Z", GoVersion:"go1.15.13", Compiler:"gc", Platform:"linux/amd64"}
PostgreSQL은 루트가 아닌 postgres 사용자로 실행 중입니다. 이것은 내 문제의 일부일 수 있습니다.
끝 편집
3개의 볼륨을 다음과 같이 마운트하는 사용자 정의 PostgreSQL 이미지가 있습니다.
/opt/db/data/postgres/data/opt/db/backup/postgres/backups/opt/db/backup/postgres/archives
해당 파일(아래 나열된 순서대로)을 클러스터에 적용하면 postgres 포드가 회전하지 않고 로그에 액세스 권한 문제가 보고됩니다.
> kcl logs pod/postgres-stateful-0
starting up postgres docker image:
postgres -D /opt/db/data/postgres/data
+ echo 'starting up postgres docker image:'
+ echo postgres -D /opt/db/data/postgres/data
+ '[' '!' -d /opt/db/data/postgres/data ']'
+ '[' '!' -O /opt/db/data/postgres/data ']'
+ mkdir -p /opt/db/data/postgres/data
+ chmod 700 /opt/db/data/postgres/data
chmod: changing permissions of '/opt/db/data/postgres/data': Operation not permitted
이것은 다음에서 비롯됩니다.docker-entrypoint.sh컨테이너 생성을 실행 중입니다.
스크립트는 $PGDATA 디렉토리(/opt/db/data/postgres/data)가 존재하는지 그리고 그것이 postgres 사용자가 소유하고 있는지 여부를 확인합니다. 실제로는도커파일사용자 정의 이미지에서 이를 올바르게 생성하므로 mkdir및 chmod작업을 건너뛰고 컨테이너를 시작해야 합니다.
이는 해당 이미지를 기반으로 단일 Pod를 실행할 때 작동합니다.
owner따라서 컨테이너 내부에 Volums를 마운트하면 어떻게든 소유권이 뒤죽박죽이 될 것이라고 추측하고 있으며 이 문제를 해결하는 방법, 즉 생성될 컨테이너 내부의 마운트 경로에 대한 정의 및 액세스 권한을 정의하고 있는지 궁금합니다 .
누구든지 이 문제를 해결하는 방법에 대한 올바른 방향을 알려줄 수 있습니까? 조정이 필요한 것이 statefulset.yml인지, 아니면 Storage.yaml인지조차 알 수 없습니다.
이미지 생성
ARG REGISTRY=docker-dev-local.intern.net
ARG BASE_IMAGE_REPO=scm
ARG BASE_IMAGE_NAME=debian-bullseye
ARG BASE_IMAGE_TAG=latest
# Second stage - create runtime image
# -----------------------------------
#FROM debian:11 as base
#FROM docker-dev-local.intern.net/scm/debian-bullseye:build-74 as base
FROM $REGISTRY/$BASE_IMAGE_REPO/$BASE_IMAGE_NAME:$BASE_IMAGE_TAG
# Maintainer
# ----------
LABEL org.opencontainers.image.authors="<[email protected]>"
# Build Environment variables, change as needed
# -------------------------------------------------------------
ARG PG_MAJOR=14
ARG PG_VERSION=14.1
ARG DIST_VERSION=deb11
ARG DVZ_BUILD=dvz1
ENV DVZ_REPO_URL=http://dvzsn-rd1115.dbmon.rz-dvz.cn-mv.de/scb-repo
# Environment variables required for this build (do NOT change)
# -------------------------------------------------------------
ENV PG_MAJOR=${PG_MAJOR}
ENV PG_VERSION=${PG_VERSION}
ENV PGUSER=postgres
ENV PGDATABASE=postgres
ENV PGPORT=5432
ENV DBBASE=/opt/db
ENV PGBASE=$DBBASE/postgres
ENV PGBIN=$PGBASE/bin
ENV PGHOME=$PGBASE/postgresql
ENV PGDATA=$DBBASE/data/postgres/data
ENV PGLOG=$PGDATA/log
ENV PGBACK=$DBBASE/backup/postgres/backups
ENV PGARCH=$DBBASE/backup/postgres/archives
ENV PATH=$PGHOME/bin:$PATH
ENV LANG=de_DE.UTF-8
ENV LC_MESSAGES=en_US.UTF-8
ENV TZ=Europe/Berlin
RUN env | sort
# Install additional packages and dependencies
# --------------------------------------------
RUN set -ex; \
apt-get update && \
apt-get upgrade && \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
dirmngr \
gnupg \
iproute2 \
less \
libnss-wrapper \
libpam0g \
libreadline8 \
libselinux1 \
libsystemd0 \
libxml2 \
locales \
openssl \
procps \
vim-tiny \
wget \
xz-utils \
zlib1g \
&& \
apt-get clean
# create locales for en_US and de_DE
RUN localedef -i en_US -f UTF-8 en_US.UTF-8 && \
localedef -i de_DE -f UTF-8 de_DE.UTF-8 && \
locale -a
# Set up user and directories
# ---------------------------
RUN mkdir -p $PGBASE $PGBIN $PGDATA $PGBACK $PGARCH && \
useradd -d /home/postgres -m -s /bin/bash --no-log-init postgres && \
chown -R postgres:postgres $PGBASE $PGDATA $PGBACK $PGARCH $DBBASE/data && \
chmod a+xr $PGBASE
# set up user env
# ---------------
USER postgres
COPY --chown=postgres:postgres ["files/.alias", "files/.bashrc", "files/postgresql.conf.${PG_MAJOR}", "files/conf.d/00-ina-default.conf", "/hom
COPY ["files/docker-entrypoint.sh", "/"]
ADD ["files/pg-docker-env.tar.gz", "$PGBASE/"]
# install postgres
# --------------------
# copy postgres package from builder stage
#RUN mkdir -p $PGBASE/postgresql-$PG_VERSION-$DIST_VERSION-$DVZ_BUILD
#COPY --from=build --chown=postgres:postgres ["$PGBASE/postgresql-$PG_VERSION-$DIST_VERSION-$DVZ_BUILD", "$PGBASE/postgresql-$PG_VERSION-$DIST_
# download build of postgres
WORKDIR $PGBASE
RUN curl -sSL $DVZ_REPO_URL/postgres/Linux/$DIST_VERSION/postgresql-$PG_VERSION-$DIST_VERSION-dvz1.tar.gz | tar xzf - -C $PGBASE
RUN ln -s $PGBASE/postgresql-$PG_VERSION-$DIST_VERSION-$DVZ_BUILD postgresql
# bindings
# --------
VOLUME ["$PGDATA", "$PGBACK", "$PGARCH"]
STOPSIGNAL SIGINT
EXPOSE 5432
HEALTHCHECK --interval=1m --start-period=5m \
CMD pg_ctl status >/dev/null || exit 1
# Define default command to start Database.
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["postgres", "-D", "/opt/db/data/postgres/data"]
#!/bin/bash
set -xeEuo pipefail
echo "starting up postgres docker image:"
echo "$@"
# check PGDATA directory and create if necessary
if [ \! -d $PGDATA ] || [ \! -O $PGDATA ]
then
mkdir -p $PGDATA
chmod 700 $PGDATA
fi
# check database cluster in PGDATA directory and create new db cluster if necessary
if [ \! -s $PGDATA/PG_VERSION ] || ! pg_controldata
then
POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-"Start1234"}
initdb -D $PGDATA --locale=de_DE.UTF-8 --lc-messages=en_US.UTF-8 --auth-local=trust --auth-host=md5 --pwfile=<(echo "$POSTGRES_PASSWORD")
mv $PGDATA/postgresql.conf $PGDATA/postgresql.conf.orig
cp ~/postgresql.conf.${PG_MAJOR} $PGDATA/postgresql.conf
mkdir -p $PGDATA/conf.d
cp ~/00-ina-default.conf $PGDATA/conf.d/
{
echo "# allow connections via docker gateway or bridge"
echo "host all all 172.16.0.0/14 md5"
} >> "$PGDATA/pg_hba.conf"
fi
# show PGDATA version and controldata
echo "PGDATA/PGVERSION=`cat $PGDATA/PG_VERSION`"
# start postgres rdbms now
exec "$@"
쿠버네티스 선언
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pgdata33
labels:
app: postgres
type: local
spec:
storageClassName: ina01
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/var/data"
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pgbackup33
labels:
app: postgres
type: local
spec:
storageClassName: ina01
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath: path: "/var/data"
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pgarch33
labels:
app: postgres
type: local
spec:
storageClassName: ina01
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/var/data"
# #####################################################################################
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pgdata33-pvc
labels:
app: postgres
spec:
storageClassName: ina01
capacity:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pgbackup33-pvc
labels:
app: postgres
spec:
storageClassName: ina01
capacity:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pgarch33-pvc
labels:
app: postgres
spec:
storageClassName: ina01
capacity:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-configuration
labels:
app: postgres
data:
POSTGRES_DB: awesomedb
POSTGRES_USER: amazinguser
POSTGRES_PASSWORD: perfectpassword
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres-stateful
labels:
app: postgres
spec:
serviceName: "postgres"
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: docker-dev-local.intern.net/ina/postgresql:14.1-scm-debian-bullseye-build-74-4
envFrom:
- configMapRef:
name: postgres-configuration
ports:
- containerPort: 5432
name: postgresdb
volumeMounts:
- name: pv-data
mountPath: /opt/db/data/postgres/data # /var/lib/postgresql/data
- name: pv-backup
mountPath: /opt/db/backup/postgres
- name: pv-arch
mountPath: /opt/db/backup/postgres/arch
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
volumes:
- name: pv-data
persistentVolumeClaim:
claimName: pgdata33-pvc
- name: pv-backup
persistentVolumeClaim:
claimName: pgbackup33-pvc
- name: pv-arch
persistentVolumeClaim:
claimName: pgarch33-pvc
apiVersion: v1
kind: Service
metadata:
name: postgres-service
labels:
app: postgres
spec:
ports:
- port: 5432
name: postgres
type: NodePort
selector:
app: postgres