容器化應用: 從外部訪問Openshift集羣內的MySQL服務

咱們知道Openshift容器化平臺中, POD有本身的IP地址, 可是它只能在集羣的內部可用. 那若是我要從其餘物理計算機經過網絡訪問容器內的MySQL怎麼辦呢?

我想到了Router, 可是, Router 只支持HTTP協議的轉發, 咱們要使用TCP. 所以, NodePort出場了!

經過NodePort

這種方式適合長期使用, 對外提供

先看看有DC的名稱

➜ oc get dc
NAME                 REVISION   DESIRED   CURRENT   TRIGGERED BY
hello-microservice   1          1         1         config,image(hello-microservice:latest)
mysql-57-centos7     11         1         1         config,image(mysql-57-centos7:latest)
nodejs-ex            1          1         1         config,image(nodejs-ex:latest)

mysql-57-centos7 是咱們須要的

暴露指定DC, 暴露類型爲 LoadBalancer, 暴露的名稱爲

oc expose dc mysql-57-centos7 --type=LoadBalancer --name=mysql-ingress

導出

➜ oc export svc mysql-ingress
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: mysql-57-centos7
  name: mysql-ingress
spec:
  deprecatedPublicIPs:
  - 172.29.208.121
  externalIPs:
  - 172.29.208.121
  ports:
  - nodePort: 32621
    port: 3306
    protocol: TCP
    targetPort: 3306
  selector:
    app: mysql-57-centos7
    deploymentconfig: mysql-57-centos7
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer: {}

在導出的配置中, 咱們看到 spec.ports.nodePort 爲 32621, 這個端口就是咱們能夠從外部訪問MySQL的目標端口.

登陸MySQL測試連通性

➜ mysql --user=data --password=data --host=$(minishift ip) --port=32621
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.7.16 MySQL Community Server (GPL)

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

OK, 看起來沒有問題.

注意: 注意分配合適的登陸權限. 好比:
ERROR 1045 (28000): Access denied for user 'data'@'172.17.0.1' (using password: NO)

所以須要給登陸客戶端所在的IP地址分配權限:

CREATE USER 'data'@'172.17.0.1' IDENTIFIED BY 'data';
GRANT ALL PRIVILEGES ON *.* TO 'data'@'172.17.0.1';
FLUSH PRIVILEGES;

經過端口轉發

端口轉發能夠經過你的物理機器所在的網絡鏈接到POD,多用於開發測試環境

開啓端口轉發

➜ oc port-forward mysql-57-centos7-11-2wfs4 10001:3306
Forwarding from 127.0.0.1:10001 -> 3306
Forwarding from [::1]:10001 -> 3306
Handling connection for 10001

MySQL鏈接測試

➜ mysql -udata --password=data --host=127.0.0.1 --port=10001
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 5.7.16 MySQL Community Server (GPL)

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

上述方法不限於MySQL這樣的應用, 各類基於TCP的應用均可以使用這兩種方式, 在合適的環境中使用.