从gke连接到aws数据库

xvw2m8pv  于 2021-06-18  发布在  Mysql
关注(0)|答案(1)|浏览(393)

我在连接google云平台kubernetes pod和运行在aws上的外部mysql时遇到了问题。
这是我的部署文件(一些敏感部分被替换为 *** ):

apiVersion: apps/v1
kind: Deployment
metadata:
  name: watches-v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: watches-v1
  template:
    metadata:
      labels:
        app: watches-v1
    spec:
      containers:
      - name: watches-v1
        image: silasberger/watches:1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 3000
        env:
        - name: MYSQL_HOST
          value: "***.eu-west-1.rds.amazonaws.com"
        - name: MYSQL_DB
          value: "***"
        - name: MYSQL_USER
          value: "***"
        - name: MYSQL_PASS
          value: "***"
        - name: API_USER
          value: "***"
        - name: API_PASS
          value: "***"

这是dockerfile,我构建并将其推送到dockerhub作为 watches:1.0 :

FROM node:8

WORKDIR /usr/src/app

COPY package*.json ./

RUN npm install

COPY . .

EXPOSE 3000

ENV MICROSERVICE="watches"
ENV WATCHES_API_VERSION="1"

CMD [ "npm", "start" ]

以下是有效的:
使用 mysql 命令
在本地容器中运行docker映像,没有错误,一切正常
但是,只要我在kubernetes集群中应用部署,pod就无法连接到awsdb。应用程序启动时,我可以访问swagger页面,但是当我运行 kubectl logs <pod-name> 命令,我总是得到这样的错误:

Unable to connect to the database: { SequelizeConnectionError: connect ETIMEDOUT
    at Utils.Promise.tap.then.catch.err (/usr/src/app/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:149:19)
    at tryCatcher (/usr/src/app/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/src/app/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/usr/src/app/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/usr/src/app/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/usr/src/app/node_modules/bluebird/js/release/promise.js:690:18)
    at _drainQueueStep (/usr/src/app/node_modules/bluebird/js/release/async.js:138:12)
    at _drainQueue (/usr/src/app/node_modules/bluebird/js/release/async.js:131:9)
    at Async._drainQueues (/usr/src/app/node_modules/bluebird/js/release/async.js:147:5)
    at Immediate.Async.drainQueues (/usr/src/app/node_modules/bluebird/js/release/async.js:17:14)
    at runCallback (timers.js:810:20)
    at tryOnImmediate (timers.js:768:5)
    at processImmediate [as _immediateCallback] (timers.js:745:5)
  name: 'SequelizeConnectionError',
  parent: 
   { Error: connect ETIMEDOUT
    at Connection._handleTimeoutError (/usr/src/app/node_modules/mysql2/lib/connection.js:192:13)
    at ontimeout (timers.js:498:11)
    at tryOnTimeout (timers.js:323:5)
    at Timer.listOnTimeout (timers.js:290:5)
     errorno: 'ETIMEDOUT',
     code: 'ETIMEDOUT',
     syscall: 'connect',
     fatal: true },
  original: 
   { Error: connect ETIMEDOUT
    at Connection._handleTimeoutError (/usr/src/app/node_modules/mysql2/lib/connection.js:192:13)
    at ontimeout (timers.js:498:11)
    at tryOnTimeout (timers.js:323:5)
    at Timer.listOnTimeout (timers.js:290:5)
     errorno: 'ETIMEDOUT',
     code: 'ETIMEDOUT',
     syscall: 'connect',
     fatal: true } }

它选择了正确的主机、db名称和凭据(如日志的前一部分所示,此处未显示),但显然无法连接到它。如您所见,应用程序是用node.js编写的,并使用sequelize。
到目前为止,我所做的所有研究都指向防火墙问题,因此我为该项目在谷歌云平台上设置了以下专有网络规则:

$ gcloud compute firewall-rules describe allow-all-outbound
allowed:
- IPProtocol: all
creationTimestamp: '2018-11-14T02:51:20.808-08:00'
description: Allow all inbound connections
destinationRanges:
- 0.0.0.0/0
direction: EGRESS
disabled: false
id: '7178441953737326791'
kind: compute#firewall
name: allow-mysql-outbound
network: https://www.googleapis.com/compute/v1/projects/adept-vine-222109/global/networks/default
priority: 1000
selfLink: https://www.googleapis.com/compute/v1/projects/adept-vine-222109/global/firewalls/allow-mysql-outbound

因为这并没有改变任何事情,我还尝试再次添加相同的规则 direction INGRESS ,但这也没有起作用(正如我所料)。
我对google云平台和kubernetes完全陌生,所以也许这只是一个愚蠢的错误,但我真的没有办法让它工作。

dpiehjr4

dpiehjr41#

事实证明,问题出在美国焊接学会方面。谢谢雅各布汤姆林森的建议。
虽然为aws mysql示例激活了公共可访问性,但它显然不允许从所有源进行访问。我不知道为什么它能在我的本地机器上工作,但不管怎样。
我可以通过在aws中添加一个安全组来解决这个问题,该安全组允许所有端口上的入站流量以及源0.0.0.0/0的所有协议。然后,我将这个安全组与mysql示例相关联(转到该示例,单击modify,转到network&security settings,选择新创建的组,保存更改)。我仍然需要从安全的Angular 调整这个规则,但至少现在一切正常。

相关问题