The Kaese
Reputation: 488
Kubernetes + Postgresql: Can't connect from another pod
back with another head scratcher. I've got my kube cluster up and running, I've attached a mysql pod, a postgres pod, and associated volume/service mappings. These configurations are nearly identical with exception to the app name, port, and the information in the containers element. I mention this because this is seemingly where my issue is.
I can connect to my mysql instance at 'mysql' with no issues from my local machine using forwarding, and from any pod. But my postgres pod.. none of my other pods can seemingly access it. I can connect to 'postgres' using my DB console locally using forwarding, but the pods get 'Connection Refused' whenever they try to connect.
Here's an example. I loaded up a simple alpine image, installed the postgres client, connected to mysql, and then attempted to connect to my postgres instance.
$ cat utils.yaml
apiVersion: v1
kind: Pod
metadata:
name: utils
namespace: default
spec:
restartPolicy: Always
serviceAccountName: default
containers:
- name: utils
image: alpine:latest
command:
- sleep
- "14400"
imagePullPolicy: IfNotPresent
$ kubectl apply -f utils.yaml
kupod/utils created
$ kubectl exec -it utils -- /bin/ash
# apk add mysql-client
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
(1/7) Installing mariadb-common (10.5.12-r0)
(2/7) Installing libgcc (10.3.1_git20210424-r2)
(3/7) Installing ncurses-terminfo-base (6.2_p20210612-r0)
(4/7) Installing ncurses-libs (6.2_p20210612-r0)
(5/7) Installing libstdc++ (10.3.1_git20210424-r2)
(6/7) Installing mariadb-client (10.5.12-r0)
(7/7) Installing mysql-client (10.5.12-r0)
Executing busybox-1.33.1-r3.trigger
OK: 39 MiB in 21 packages
# apk add postgresql-client
(1/6) Installing gdbm (1.19-r0)
(2/6) Installing libsasl (2.1.27-r12)
(3/6) Installing libldap (2.4.58-r0)
(4/6) Installing libpq (13.4-r0)
(5/6) Installing readline (8.1.0-r0)
(6/6) Installing postgresql-client (13.4-r0)
Executing busybox-1.33.1-r3.trigger
OK: 42 MiB in 27 packages
# mysql -h mysql -utestuser -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 155
Server version: 5.6.51 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> Ctrl-C -- exit!
Aborted
# psql -h postgres -U testuser
psql: error: could not connect to server: Connection refused
Is the server running on host "postgres" (192.168.152.97) and accepting
TCP/IP connections on port 5432?
Here are my yamls for postgres:
---
#create secrets and maps using:
#kubectl create configmap postgres --from-file=postgres-config/
#kubectl create secret generic postgres --from-file=postgres-ecrets/
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: default
labels:
app: postgres
spec:
ports:
- name: postgres
port: 5432
selector:
app: postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: default
spec:
selector:
matchLabels:
app: postgres
strategy:
type: Recreate
template:
metadata:
labels:
app: postgres
spec:
securityContext:
runAsUser: 70
fsGroup: 70
containers:
- name: postgres
image: postgres:alpine
imagePullPolicy: IfNotPresent
args:
- -c
- hba_file=/etc/postgres-config/pg_hba.conf
- -c
- config_file=/etc/postgres-config/postgresql.conf
env:
- name: PGDATA
value: /var/lib/postgres-data
- name: POSTGRES_PASSWORD_FILE
value: /etc/postgres-secrets/postgres-pwd.txt
ports:
- name: postgres
containerPort: 5432
hostPort: 5432
protocol: TCP
volumeMounts:
- name: postgres-config
mountPath: /etc/postgres-config
- name: postgres-storage
mountPath: /var/lib/postgres-data
subPath: postgres
- name: postgres-secrets
mountPath: /etc/postgres-secrets
volumes:
- name: postgres-config
configMap:
name: postgres
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-claim
- name: postgres-secrets
secret:
secretName: postgres
defaultMode: 384
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-gluster-pv
namespace: default
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
glusterfs:
endpoints: gluster-cluster
path: /gv0
readOnly: false
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-claim
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
And finally, my postgress.conf and pg_hba.conf:
$ cat postgres.conf
ssl = on
ssl_ca_file = '/etc/postgres-secrets/root.crt'
ssl_cert_file = '/etc/postgres-secrets/server.crt'
ssl_key_file = '/etc/postgres-secrets/server.key'
$ cat pg_hba.conf
# Trust local connection - no password required.
local all all trust
hostssl all all all md5
Upvotes: 0
Views: 3337
Answers (1)
The Kaese
Reputation: 488
Once again...figured it out. @Sami's comment led me down the right path. I had listen-address set to "localhost", it needs to be set to "*"
Upvotes: 2
Related Questions
- Cannot connect to Postgres deployed to Kubernetes
- Kubernetes deployment works but can't connect to postgresql from pgAdmin4
- Trouble connecting to postgres from outside Kubernetes cluster
- Cannot connect to postgres pod in kubernetes
- how to connect to postgresql on Kubernetes cluster?
- Kubernetes pods cannot communicate internally
- Spring boot cannot connect to postgre database deployed on another kubernetes pod
- kubernetes unable to connect postgres from nodejs
- Rest Api application can't connect to postgres db in the same Kubernetes pod
- Can't ping postgres pod from another pod in kubernetes