#kubernetes (2024-08)
Archive: https://archive.sweetops.com/kubernetes/
2024-08-01
2024-08-02
2024-08-11
Hey guys, I am running a StatefulSet PostgresDB in AWS EKS, because it’s stateless I am using NodePort which doesn’t expose the service to the public, but my colleagues would like access to it for ease of development, any suggestions for me (config in the reply)?
Should I simply switch to ELB?
---
apiVersion: v1
kind: Service
metadata:
name: user-postgres-svc
labels:
app: user-postgres-app
namespace: postgres
spec:
clusterIP: None
ports:
- name: '9092'
port: 9092
protocol: TCP
targetPort: 9092
selector:
app: user-postgres-app
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: user-postgres
labels:
app: user-postgres-app
namespace: postgres
spec:
serviceName: user-postgres-svc
replicas: 1
selector:
matchLabels:
app: user-postgres-app
template:
metadata:
labels:
app: user-postgres-app
spec:
containers:
- name: user-postgres-container
image: postgres:16.2-bullseye
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: r52_user_db
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: user-postgres-secret
key: postgres-password
volumeMounts:
- name: data
mountPath: /mnt/user-postgres-data
imagePullSecrets:
- name: docker-reg-cred
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "5Gi"
How about exposing the service as TCP so AWS can allocate a NLB for you?
The behaviour is still NodePort where statefulset can accurately connect with them to create a replica?
Actually, there will no relation between the new TCP service definition(type=loadbalancer) with the existing STS. You will expose the STS via a TCP service and your colleagues will connect via AWS provided NLB DNS.
Hey dumb question, what does STS mean?
“Security Token Service”?
statefulset?
Ooowkie so I’ll create another service (NLB since this is not https?) and that is what I’ll share to my colleagues?
2024-08-12
2024-08-13
2024-08-21
Anyone know of someone who is available for some freelance work with EKS & Bitnami’s Sealed Secrets? I’m having difficulty pulling images from my GitLab Container Registry because I can’t seem to get the correct value into the secret for containerd. Will gladly pay for the assistance.
This might be something @Hao Wang could assist with.
You may also want to post in #jobs a simple note like the one you shared here is probably more than a enough. People will blow up your DM’s within a day or two.
I actually got it figured out, but that’s 2 recommendations for @Hao Wang, Thanks!
great to know, and thanks @venkata.mutyala for reference, sorry, got quite busy these days