Я пытаюсь развернуть службу Go, которая использует Postgres соединение в GKE.
Манифест развертывания выглядит следующим образом:
apiVersion: apps/v1
kind: Deployment
metadata:
name: storage-service
labels:
app: storage-service
spec:
selector:
matchLabels:
app: storage-service
template:
metadata:
labels:
app: storage-service
spec:
containers:
- name: app
image: my-image
ports:
- containerPort: 80
# The following environment variables will contain the database host,
# user and password to connect to the PostgreSQL instance.
env:
- name: SERVICE_DATABASE_NAME
value: db_storage
- name: DATABASE_MIGRATIONS_DIR
value: ./migrations
- name: MAX_FILE_SIZE
value: "20000000"
- name: SERVICE_BASE_PATH
value: storage
- name: SERVICE_VERSION
value: v1
- name: SERVICE_DESCRIPTION
value: "A service to store and retrieve files"
- name: SERVICE_NAME
value: storage-service
- name: DATABASE_HOST
value: 127.0.0.1:3306
# [START cloudsql_secrets]
- name: ENV
valueFrom:
secretKeyRef:
name: environment
key: ENV
- name: PORT
valueFrom:
secretKeyRef:
name: environment
key: DEFAULT_APPLICATION_PORT
# - name: DATABASE_HOST
# valueFrom:
# secretKeyRef:
# name: sql-proxy
# key: DB_HOST
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: sql-proxy
key: DB_USER
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: sql-proxy
key: DB_PASS
- name: DATABASE_SSL_MODE
valueFrom:
secretKeyRef:
name: sql-proxy
key: DB_SSL_MODE
- name: GCLOUD_PUBLIC_STORAGE_BUCKET
valueFrom:
secretKeyRef:
name: storage-buckets
key: STORAGE_PUBLIC_BUCKET_NAME
- name: GCLOUD_PRIVATE_STORAGE_BUCKET
valueFrom:
secretKeyRef:
name: storage-buckets
key: STORAGE_PRIVATE_BUCKET_NAME
# [END cloudsql_secrets]
volumeMounts:
- name: firebase-credentials-volume
mountPath: /storage_service
readOnly: true
# Change <INSTANCE_CONNECTION_NAME> here to include your GCP
# project, the region of your Cloud SQL instance and the name
# of your Cloud SQL instance. The format is
# $PROJECT:$REGION:$INSTANCE
# [START proxy_container]
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.14
command: ["/cloud_sql_proxy",
"-instances=${DB_INSTANCE_CONNECTION_NAME}=tcp:3306",
# If running on a VPC, the Cloud SQL proxy can connect via Private IP. See:
# https://cloud.google.com/sql/docs/mysql/private-ip for more info.
# "-ip_address_types=PRIVATE",
"-credential_file=/secrets/cloudsql/credentials.json"]
# [START cloudsql_security_context]
securityContext:
runAsUser: 2 # non-root user
allowPrivilegeEscalation: false
# [END cloudsql_security_context]
env:
- name: DB_INSTANCE_CONNECTION_NAME
valueFrom:
secretKeyRef:
name: sql-instance
key: DB_INSTANCE_CONNECTION_NAME
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
# [END proxy_container]
# [START volumes]
volumes:
- name: cloudsql-instance-credentials
secret:
secretName: sql-instance
- name: firebase-credentials-volume
secret:
secretName: firebase
items:
- key: firebase_reader.json
path: firebase.json
# [END volumes]
При развертывании в мой GKE, у нас есть эти журналы:
- Из sql -прокси-контейнер:
> current FDs rlimit set to 1048576, wanted limit is 8500. Nothing to do here.
> using credential file for authentication; email=cloudsql-proxy-reader@corp.iam.gserviceaccount.com
> Listening on 127.0.0.1:3306 for mycorp:europe-west4:ds-db-dev-test05
> Ready for new connections
> Dial tcp: lookup 127.0.0.1:3306: no such host
Я также поместил журнал, чтобы увидеть мою postgres строку подключения:
user=postgres password=PaSS sslmode=disable host=127.0.0.1:3306
И дело в том, что моя служба не может соединиться с sql -прокси. Кто-нибудь может мне помочь?