EKS 简明教程
03-使用 RDS

01 创建一个 RDS 实例

创建 DB subnet group

如图在 RDS 控制台, 创建一个名为 eks-rds-subnetgroup 的位于 EKS Cluster 所在 VPC 中的两个私有子网的数据库子网组.

创建数据库实例

如图, 创建一个 RDS Mysql 数据库实例, 部分配置如下:

PARAMCONTENT
引擎版本MySQL 5.7.xx
模板免费套餐
数据库实例识别符eks-rds-instance
主用户admin
主密码cloudland1121
数据库子网组eks-rds-subnetgroup
VPC安全组eks-demo-sg

修改安全组

修改安全组入栈规则如下图:

tcp 3306 0.0.0.0/0

02 为 RDS 创建 ExternalName

创建资源

01-externalName.yml
apiVersion: v1
kind: Service
metadata:
  name: mysql
spec:
  type: ExternalName
  externalName: eks-rds-instance.cnrroqkiihyv.us-east-1.rds.amazonaws.com
Terminal
apply -f 01-externalName.yml
Output
service/mysql created

验证资源

Terminal
kubectl describe svc/mysql
Output
Name:              mysql
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          <none>
Type:              ExternalName
IP Families:       <none>
IP:
IPs:               <none>
External Name:     eks-rds-instance.cnrroqkiihyv.us-east-1.rds.amazonaws.com
Session Affinity:  None
Events:            <none>

验证在集群内部可以访问到 RDS 实例

Terminal
kubectl run -it --rm \
--image=mysql:5.7 --restart=Never mysql-client \
-- \
mysql -h eks-rds-instance.cnrroqkiihyv.us-east-1.rds.amazonaws.com \
-uadmin -pcloudland1121
Output
If you don't see a command prompt, try pressing enter.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| innodb             |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

mysql> exit
Bye

E0813 17:09:27.481453   66943 v2.go:105] EOF
pod "mysql-client" deleted

03 配置 ConfigMap 和 Secret 以供 Pod 使用

创建 Secret

将数据库密码和用户名进行 Base64 编码

Terminal
echo "admin" | base64
Output
YWRtaW4K
Terminal
echo "cloudland1121" | base64
Output
Y2xvdWRsYW5kMTEyMQo

创建 Secrets 对象

02-db-secrets.yml
apiVersion: v1
kind: Secret
metadata:
  name: rds-demo
type: Opaque
data:
  username: YWRtaW4K
  password: Y2xvdWRsYW5kMTEyMQo=
Terminal
kubectl apply -f 02-db-secrets.yml
Output
secret/rds-demo created
Terminal
kubectl describe secret/rds-demo
Output
Name:         rds-demo
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:  14 bytes
username:  6 bytes

创建 ConfigMap

03-db-configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
  name: rds-demo
data:
  host: "eks-rds-instance.cnrroqkiihyv.us-east-1.rds.amazonaws.com"
  port: "3306"
Terminal
kubectl apply -f 03-db-configmap.yml
Output
configmap/rds-demo created
Terminal
kubectl describe configmap/rds-demo
Output
Name:         rds-demo
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
host:
----
eks-rds-instance.cnrroqkiihyv.us-east-1.rds.amazonaws.com
port:
----
3306

BinaryData
====

Events:  <none>

04 配置 ServiceAccount 以供 Pod 使用

04-db-sa.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rds-demo-role
rules:
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["rds-demo"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["rds-demo"]
  verbs: ["get", "watch", "list"]
 
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rds-demo-sa
 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rds-demo-role-binding
subjects:
- kind: ServiceAccount
  name: rds-demo-sa
roleRef:
  kind: Role
  name: rds-demo-role
  apiGroup: rbac.authorization.k8s.io
Terminal
kubectl apply -f 04-db-sa.yml
Output
role.rbac.authorization.k8s.io/rds-demo-role created
serviceaccount/rds-demo-sa created
rolebinding.rbac.authorization.k8s.io/rds-demo-role-binding created

05 创建 Pod 连接 RDS

05-demo-pod.yml
apiVersion: v1
kind: Pod
metadata:
  name: mysql-client-pod
spec:
  serviceAccountName: rds-demo-sa
  containers:
    - name: mysql-client
      image: mysql:5.7
      command: ["sh", "-c", "while true; do sleep 100; done"]
      env:
        - name: DB_HOST
          valueFrom:
            configMapKeyRef:
              name: rds-demo
              key: host
        - name: DB_PORT
          valueFrom:
            configMapKeyRef:
              name: rds-demo
              key: port
        - name: DB_USERNAME
          valueFrom:
            secretKeyRef:
              name: rds-demo
              key: username
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: rds-demo
              key: password
Terminal
kubectl apply -f 05-demo-pod.yml
Output
pod/mysql-client-pod created

在 Pod 中验证环境变量

Terminal
kubectl exec -it pod/mysql-client-pod -- /bin/bash
Output
bash-4.2 # env | grep DB
DB_HOST=eks-rds-instance.cnrroqkiihyv.us-east-1.rds.amazonaws.com
DB_PORT=3306
DB_PASSWORD=cloudland1121
DB_USERNAME=admin

06 清除资源

删除 K8S 中的资源

Terminal
kubectl delete -f ./
Output
# kubectl delete -f ./
service "mysql" deleted
secret "rds-demo" deleted
configmap "rds-demo" deleted
role.rbac.authorization.k8s.io "rds-demo-role" deleted
serviceaccount "rds-demo-sa" deleted
rolebinding.rbac.authorization.k8s.io "rds-demo-role-binding" deleted
pod "mysql-client-pod" deleted

删除 RDS 实例

02-EBS 作为 Pod 存储04-使用 ELB 作为 LoadBalancer