kubedb ~ installation ~
Operatorのデプロイ
Operatorのデプロイは以下を打つだけです!
# curl -fsSL https://raw.githubusercontent.com/kubedb/cli/0.12.0/hack/deploy/kubedb.sh | bash
出力
checking kubeconfig context
SampleCluster
checking whether extended apiserver feature is enabled
KUBEDB_BYPASS_VALIDATING_WEBHOOK_XRAY=false
KUBEDB_CATALOG=all
KUBEDB_DOCKER_REGISTRY=kubedb
KUBEDB_ENABLE_ANALYTICS=true
KUBEDB_ENABLE_APISERVER=true
KUBEDB_ENABLE_MUTATING_WEBHOOK=true
KUBEDB_ENABLE_RBAC=true
KUBEDB_ENABLE_STATUS_SUBRESOURCE=true
KUBEDB_ENABLE_VALIDATING_WEBHOOK=true
KUBEDB_IMAGE_PULL_POLICY=IfNotPresent
KUBEDB_IMAGE_PULL_SECRET=
KUBEDB_NAMESPACE=kube-system
KUBEDB_OPERATOR_NAME=operator
KUBEDB_OPERATOR_TAG=0.12.0
KUBEDB_PRIORITY_CLASS=system-cluster-critical
KUBEDB_PURGE=0
KUBEDB_RUN_ON_MASTER=0
KUBEDB_SERVICE_ACCOUNT=kubedb-operator
KUBEDB_UNINSTALL=0
KUBEDB_USE_KUBEAPISERVER_FQDN_FOR_AKS=true
KUBEDB_WEBHOOK_SIDE_EFFECTS=sideEffects: None
Wrote ca certificates in /home/uwatsr/falco/falco/integrations/k8s-using-daemonset
Wrote server certificates in /home/uwatsr/falco/falco/integrations/k8s-using-daemonset
deployment.apps/kubedb-operator created
secret/kubedb-operator-apiserver-cert created
service/kubedb-operator created
apiservice.apiregistration.k8s.io/v1alpha1.validators.kubedb.com configured
apiservice.apiregistration.k8s.io/v1alpha1.mutators.kubedb.com configured
serviceaccount/kubedb-operator created
clusterrole.rbac.authorization.k8s.io/kubedb-operator reconciled
clusterrolebinding.rbac.authorization.k8s.io/kubedb-operator reconciled
reconciliation required update
missing subjects added:
{Kind:ServiceAccount APIGroup: Name:kubedb-operator Namespace:kube-system}
rolebinding.rbac.authorization.k8s.io/kubedb-server-extension-server-authentication-reader reconciled
reconciliation required update
missing subjects added:
{Kind:ServiceAccount APIGroup: Name:kubedb-operator Namespace:kube-system}
clusterrolebinding.rbac.authorization.k8s.io/kubedb-server-auth-delegator reconciled
reconciliation required update
missing subjects added:
{Kind:ServiceAccount APIGroup: Name:kubedb-operator Namespace:kube-system}
clusterrole.rbac.authorization.k8s.io/kubedb:core:admin reconciled
clusterrole.rbac.authorization.k8s.io/kubedb:core:edit reconciled
clusterrole.rbac.authorization.k8s.io/kubedb:core:view reconciled
clusterrole.rbac.authorization.k8s.io/appscode:appcatalog:admin reconciled
clusterrole.rbac.authorization.k8s.io/appscode:appcatalog:view reconciled
Applying Pod Sucurity Policies
podsecuritypolicy.policy/kubedb-operator configured
podsecuritypolicy.policy/elasticsearch-db configured
podsecuritypolicy.policy/elasticsearch-snapshot configured
podsecuritypolicy.policy/memcached-db configured
podsecuritypolicy.policy/mongodb-db configured
podsecuritypolicy.policy/mongodb-snapshot configured
podsecuritypolicy.policy/mysql-db configured
podsecuritypolicy.policy/mysql-snapshot configured
podsecuritypolicy.policy/postgres-db configured
podsecuritypolicy.policy/postgres-snapshot configured
podsecuritypolicy.policy/redis-db configured
validatingwebhookconfiguration.admissionregistration.k8s.io/validators.kubedb.com configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/mutators.kubedb.com configured
waiting until kubedb operator deployment is ready
waiting until kubedb apiservice is available
waiting until kubedb crds are ready
installing KubeDB Elasticsearch catalog
elasticsearchversion.catalog.kubedb.com/5.6 created
elasticsearchversion.catalog.kubedb.com/5.6-v1 created
elasticsearchversion.catalog.kubedb.com/5.6.4 created
elasticsearchversion.catalog.kubedb.com/5.6.4-v1 created
elasticsearchversion.catalog.kubedb.com/6.2 created
elasticsearchversion.catalog.kubedb.com/6.2-v1 created
elasticsearchversion.catalog.kubedb.com/6.2.4 created
elasticsearchversion.catalog.kubedb.com/6.2.4-v1 created
elasticsearchversion.catalog.kubedb.com/6.3 created
elasticsearchversion.catalog.kubedb.com/6.3-v1 created
elasticsearchversion.catalog.kubedb.com/6.3.0 created
elasticsearchversion.catalog.kubedb.com/6.3.0-v1 created
elasticsearchversion.catalog.kubedb.com/6.4 created
elasticsearchversion.catalog.kubedb.com/6.4.0 created
elasticsearchversion.catalog.kubedb.com/6.5.3 created
elasticsearchversion.catalog.kubedb.com/6.5 created
installing KubeDB Etcd catalog
etcdversion.catalog.kubedb.com/3.2.13 created
installing KubeDB Memcached catalog
memcachedversion.catalog.kubedb.com/1.5 created
memcachedversion.catalog.kubedb.com/1.5-v1 created
memcachedversion.catalog.kubedb.com/1.5.4 created
memcachedversion.catalog.kubedb.com/1.5.4-v1 created
installing KubeDB MongoDB catalog
mongodbversion.catalog.kubedb.com/3.4 created
mongodbversion.catalog.kubedb.com/3.4-v1 created
mongodbversion.catalog.kubedb.com/3.6 created
mongodbversion.catalog.kubedb.com/3.6-v1 created
mongodbversion.catalog.kubedb.com/3.4-v2 created
mongodbversion.catalog.kubedb.com/3.6-v2 created
mongodbversion.catalog.kubedb.com/4.0.5 created
mongodbversion.catalog.kubedb.com/4.0 created
mongodbversion.catalog.kubedb.com/4.1.7 created
mongodbversion.catalog.kubedb.com/3.4-v3 created
mongodbversion.catalog.kubedb.com/3.6-v3 created
mongodbversion.catalog.kubedb.com/4.0.5-v1 created
mongodbversion.catalog.kubedb.com/4.0-v1 created
mongodbversion.catalog.kubedb.com/4.1.7-v1 created
installing KubeDB MySQL catalog
mysqlversion.catalog.kubedb.com/5 created
mysqlversion.catalog.kubedb.com/5-v1 created
mysqlversion.catalog.kubedb.com/5.7 created
mysqlversion.catalog.kubedb.com/5.7-v1 created
mysqlversion.catalog.kubedb.com/8 created
mysqlversion.catalog.kubedb.com/8-v1 created
mysqlversion.catalog.kubedb.com/8.0 created
mysqlversion.catalog.kubedb.com/8.0-v1 created
mysqlversion.catalog.kubedb.com/8.0-v2 created
mysqlversion.catalog.kubedb.com/8.0.3 created
mysqlversion.catalog.kubedb.com/8.0.14 created
mysqlversion.catalog.kubedb.com/5.7-v2 created
mysqlversion.catalog.kubedb.com/5.7.25 created
installing KubeDB Postgres catalog
postgresversion.catalog.kubedb.com/9.6 created
postgresversion.catalog.kubedb.com/9.6-v1 created
postgresversion.catalog.kubedb.com/9.6.7 created
postgresversion.catalog.kubedb.com/9.6.7-v1 created
postgresversion.catalog.kubedb.com/10.2 created
postgresversion.catalog.kubedb.com/10.2-v1 created
postgresversion.catalog.kubedb.com/9.6-v2 created
postgresversion.catalog.kubedb.com/9.6.7-v2 created
postgresversion.catalog.kubedb.com/10.2-v2 created
postgresversion.catalog.kubedb.com/10.6 created
postgresversion.catalog.kubedb.com/11.1 created
postgresversion.catalog.kubedb.com/9.6-v3 created
postgresversion.catalog.kubedb.com/9.6.7-v3 created
postgresversion.catalog.kubedb.com/10.2-v3 created
postgresversion.catalog.kubedb.com/10.6-v1 created
postgresversion.catalog.kubedb.com/11.1-v1 created
postgresversion.catalog.kubedb.com/9.6-v4 created
postgresversion.catalog.kubedb.com/9.6.7-v4 created
postgresversion.catalog.kubedb.com/10.2-v4 created
postgresversion.catalog.kubedb.com/10.6-v2 created
postgresversion.catalog.kubedb.com/11.1-v2 created
postgresversion.catalog.kubedb.com/11.2 created
installing KubeDB Redis catalog
redisversion.catalog.kubedb.com/4 created
redisversion.catalog.kubedb.com/4-v1 created
redisversion.catalog.kubedb.com/4.0 created
redisversion.catalog.kubedb.com/4.0-v1 created
redisversion.catalog.kubedb.com/4.0.6 created
redisversion.catalog.kubedb.com/4.0.6-v1 created
redisversion.catalog.kubedb.com/4.0-v2 created
redisversion.catalog.kubedb.com/4.0.6-v2 created
redisversion.catalog.kubedb.com/4.0.11 created
redisversion.catalog.kubedb.com/5.0 created
redisversion.catalog.kubedb.com/5.0.3 created
redisversion.catalog.kubedb.com/5.0-v1 created
redisversion.catalog.kubedb.com/5.0.3-v1 created
checking whether admission webhook(s) are activated or not
Successfully installed KubeDB operator in kube-system namespace!
確認していきます。 (最新から、defaultではkube-systemにデプロイされます。)
# kubectl get all -n kubedb NAME READY STATUS RESTARTS AGE pod/kubedb-operator-5565fbdb8-sxvl4 1/1 Running 0 39d NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubedb-operator ClusterIP 10.100.200.90 <none> 443/TCP 39d NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/kubedb-operator 1/1 1 1 39d NAME DESIRED CURRENT READY AGE replicaset.apps/kubedb-operator-5565fbdb8 1 1 1 39d
CRDは以下の通りです。
# kubectl get crd -l app=kubedb NAME CREATED AT dormantdatabases.kubedb.com 2020-03-18T09:59:15Z elasticsearches.kubedb.com 2020-03-18T09:59:12Z elasticsearchversions.catalog.kubedb.com 2020-03-18T09:59:16Z etcds.kubedb.com 2020-03-18T09:59:12Z etcdversions.catalog.kubedb.com 2020-03-18T09:59:16Z memcacheds.kubedb.com 2020-03-18T09:59:15Z memcachedversions.catalog.kubedb.com 2020-03-18T09:59:17Z mongodbs.kubedb.com 2020-03-18T09:59:13Z mongodbversions.catalog.kubedb.com 2020-03-18T09:59:17Z mysqls.kubedb.com 2020-03-18T09:59:13Z mysqlversions.catalog.kubedb.com 2020-03-18T09:59:17Z postgreses.kubedb.com 2020-03-18T09:59:12Z postgresversions.catalog.kubedb.com 2020-03-18T09:59:16Z redises.kubedb.com 2020-03-18T09:59:14Z redisversions.catalog.kubedb.com 2020-03-18T09:59:17Z snapshots.kubedb.com 2020-03-18T09:59:15Z
Kubedb cliのインストール
下記サイトからbinaryを持ってきます。
# mv kubedb-linux-amd64 kubedb # chmod +x kubedb # mv kubedb /usr/local/bin/
PostgreSQLのデプロイ
早速、PostgreSQLをデプロイしていきます。
コマンドから、デプロイ可能なVersionを見ます。
DEPRECATEDとなっているものは避けて使いましょう。
# kubectl get postgresversions NAME VERSION DB_IMAGE DEPRECATED AGE 10.2 10.2 kubedb/postgres:10.2 true 67m 10.2-v1 10.2 kubedb/postgres:10.2-v2 true 67m 10.2-v2 10.2 kubedb/postgres:10.2-v3 67m 10.2-v3 10.2 kubedb/postgres:10.2-v4 67m 10.2-v4 10.2 kubedb/postgres:10.2-v5 67m 10.6 10.6 kubedb/postgres:10.6 67m 10.6-v1 10.6 kubedb/postgres:10.6-v1 67m 10.6-v2 10.6 kubedb/postgres:10.6-v2 67m 11.1 11.1 kubedb/postgres:11.1 67m 11.1-v1 11.1 kubedb/postgres:11.1-v1 67m 11.1-v2 11.1 kubedb/postgres:11.1-v2 67m 11.2 11.2 kubedb/postgres:11.2 67m 9.6 9.6 kubedb/postgres:9.6 true 67m 9.6-v1 9.6 kubedb/postgres:9.6-v2 true 67m 9.6-v2 9.6 kubedb/postgres:9.6-v3 67m 9.6-v3 9.6 kubedb/postgres:9.6-v4 67m 9.6-v4 9.6 kubedb/postgres:9.6-v5 67m 9.6.7 9.6.7 kubedb/postgres:9.6.7 true 67m 9.6.7-v1 9.6.7 kubedb/postgres:9.6.7-v2 true 67m 9.6.7-v2 9.6.7 kubedb/postgres:9.6.7-v3 67m 9.6.7-v3 9.6.7 kubedb/postgres:9.6.7-v4 67m 9.6.7-v4 9.6.7 kubedb/postgres:9.6.7-v5 67m
ではmanifestを作成していきます。 defaultのStorage Classがないので、OpenEBSというものを用いています。
# vi pg.yaml
apiVersion: kubedb.com/v1alpha1
kind: Postgres
metadata:
name: quick-postgres
namespace: demo
spec:
version: "10.2-v2"
storageType: Durable
storage:
storageClassName: "openebs-hostpath"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
terminationPolicy: DoNotTerminate
applyしていきます。
# kubectl apply -f pg.yaml postgres.kubedb.com/quick-postgres created
確認していきます。
# kubectl get all -n demo NAME READY STATUS RESTARTS AGE pod/pgadmin-6c8c5fd47d-gvzwr 0/1 CrashLoopBackOff 14 56m pod/quick-postgres-0 1/1 Running 0 66s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubedb ClusterIP None <none> <none> 2m8s service/pgadmin LoadBalancer 10.100.200.231 <pending> 80:30731/TCP 56m service/quick-postgres ClusterIP 10.100.200.127 <none> 5432/TCP 2m8s service/quick-postgres-replicas ClusterIP 10.100.200.102 <none> 5432/TCP 2m8s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/pgadmin 0/1 1 0 56m NAME DESIRED CURRENT READY AGE replicaset.apps/pgadmin-6c8c5fd47d 1 1 0 56m NAME READY AGE statefulset.apps/quick-postgres 1/1 2m8s NAME AGE appbinding.appcatalog.appscode.com/quick-postgres 101s NAME VERSION STATUS AGE postgres.kubedb.com/quick-postgres 10.2-v2 Running 2m8s
PostgreSQLのユーザとパスワードはSecretの中に格納されています。
# kubectl get secret -n demo quick-postgres-auth -o yaml
apiVersion: v1
data:
POSTGRES_PASSWORD: cDY4NjFlRzBTTzIxYURzVA==
POSTGRES_USER: cG9zdGdyZXM=
kind: Secret
metadata:
creationTimestamp: "2020-04-27T05:40:28Z"
labels:
kubedb.com/kind: Postgres
kubedb.com/name: quick-postgres
name: quick-postgres-auth
namespace: demo
resourceVersion: "15485204"
selfLink: /api/v1/namespaces/demo/secrets/quick-postgres-auth
uid: 5237774b-1847-4657-a018-85322ce3143b
type: Opaque
それでは、デコードしていきます。
# kubectl get secrets -n demo quick-postgres-auth -o jsonpath='{.data.\POSTGRES_USER}' | base64 -d
postgres
# kubectl get secrets -n demo quick-postgres-auth -o jsonpath='{.data.\POSTGRES_PASSWORD}' | base64 -d
p6861eG0SO21aDsT
違うpodから今回作成したPostgreSQLに対して接続を確認したいと思います。
今回は、nginxのpodにpsqlを入れてあります。
# kyubectl exec -it pod/nginx-0 bash root@nginx-0:/# root@nginx-0:/# psql -U postgres -h quick-postgres.demo -p 5432 Password for user postgres: psql (11.7 (Debian 11.7-0+deb10u1), server 10.2) Type "help" for help. postgres=#
接続ができました。
HA 構成
Kubedbが提供するHA構成は2つです。
- Warm Standby
- Hot Standby
Warm Standby
マスターサーバーに昇格するまで接続できないスタンバイサーバーは、ウォームスタンバイサーバーと呼ばれます。
manifestは以下になります。 設定箇所としては、
spec下でstandbyMode: Warmを入れています。
# vi pg-warm.yaml
apiVersion: kubedb.com/v1alpha1
kind: Postgres
metadata:
name: warm-postgres
namespace: demo
spec:
version: "9.6-v2"
replicas: 3
standbyMode: Warm
storageType: Ephemeral
storage:
storageClassName: "openebs-hostpath"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
terminationPolicy: DoNotTerminate
Replicaへの接続を見て行きます。
root@nginx-0:/# psql -U postgres -h warm-postgres-replicas.demo -p 5432 psql: FATAL: the database system is starting up
このように、Replicaには接続不可です。
Hot Standby
接続を受け入れ、読み取り専用クエリを実行できるスタンバイサーバーは、ホットスタンバイサーバーと呼ばれます。
manifestは以下になります。 設定箇所としては、
spec下でstandbyMode: Hotを入れています。
apiVersion: kubedb.com/v1alpha1
kind: Postgres
metadata:
name: hot-postgres
namespace: demo
spec:
version: "9.6-v2"
replicas: 3
standbyMode: Hot
storageType: Ephemeral
storage:
storageClassName: "openebs-hostpath"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
terminationPolicy: DoNotTerminate
Replicaに接続してみます。
# psql -U postgres -h hot-postgres-replicas.demo -p 5432 Password for user postgres: psql (11.7 (Debian 11.7-0+deb10u1), server 9.6.7) Type "help" for help. postgres=#
しっかりアクセスできました。
