Kubernetes云原生数据库部署方案构建高可用数据库集群一、云原生数据库概述云原生数据库是为云环境设计的数据库系统具备弹性伸缩、高可用性和自动化运维能力。在Kubernetes上部署数据库需要考虑持久化存储、高可用、备份恢复等关键因素。1.1 数据库类型选择数据库类型场景推荐方案关系型数据库事务处理、复杂查询PostgreSQL、MySQLNoSQL文档数据库灵活数据模型MongoDB键值存储缓存、会话存储Redis时序数据库时间序列数据、监控指标InfluxDB图数据库关系分析、社交网络Neo4j1.2 云原生数据库架构┌─────────────────────────┐ │ 应用层 │ │ (Pod/Deployment) │ └───────────┬─────────────┘ │ ┌───────────▼─────────────┐ │ Service │ │ (负载均衡/服务发现) │ └───────────┬─────────────┘ │ ┌───────────────────────┼───────────────────────┐ │ │ │ ▼ ▼ ▼ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ 主节点 │ │ 副本节点A │ │ 副本节点B │ │ (Primary) │ │ (Replica) │ │ (Replica) │ └───────┬───────┘ └───────┬───────┘ └───────┬───────┘ │ │ │ └─────────────────────────┼─────────────────────────┘ │ ┌─────────────▼─────────────┐ │ 持久化存储 │ │ (PV/PVC/StorageClass) │ └───────────────────────────┘二、PostgreSQL部署2.1 PostgreSQL StatefulSet配置apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres namespace: database spec: serviceName: postgres replicas: 3 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres:latest ports: - containerPort: 5432 env: - name: POSTGRES_DB value: appdb - name: POSTGRES_USER valueFrom: secretKeyRef: name: postgres-creds key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-creds key: password - name: POSTGRES_REPLICATION_MODE value: master volumeMounts: - name: data mountPath: /var/lib/postgresql/data resources: requests: cpu: 2 memory: 4Gi limits: cpu: 4 memory: 8Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 100Gi storageClassName: fast-storage2.2 PostgreSQL服务配置apiVersion: v1 kind: Service metadata: name: postgres namespace: database spec: type: ClusterIP selector: app: postgres ports: - port: 5432 targetPort: 5432 name: postgres --- apiVersion: v1 kind: Service metadata: name: postgres-primary namespace: database spec: type: ClusterIP selector: app: postgres role: primary ports: - port: 5432 targetPort: 54322.3 主从复制配置-- 在主节点创建复制用户 CREATE ROLE replicator WITH REPLICATION LOGIN PASSWORD replication_password; -- 配置pg_hba.conf host replication replicator 10.0.0.0/8 md5 -- 配置postgresql.conf listen_addresses * wal_level replica max_wal_senders 10 max_replication_slots 10 hot_standby on三、MongoDB部署3.1 MongoDB StatefulSet配置apiVersion: apps/v1 kind: StatefulSet metadata: name: mongodb namespace: database spec: serviceName: mongodb replicas: 3 selector: matchLabels: app: mongodb template: metadata: labels: app: mongodb spec: containers: - name: mongodb image: mongo:latest ports: - containerPort: 27017 command: - mongod - --replSet - rs0 - --bind_ip_all env: - name: MONGO_INITDB_ROOT_USERNAME valueFrom: secretKeyRef: name: mongodb-creds key: username - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: name: mongodb-creds key: password volumeMounts: - name: data mountPath: /data/db resources: requests: cpu: 2 memory: 4Gi limits: cpu: 4 memory: 8Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 100Gi3.2 MongoDB副本集初始化// 初始化副本集 rs.initiate({ _id: rs0, members: [ { _id: 0, host: mongodb-0.mongodb.database.svc.cluster.local:27017 }, { _id: 1, host: mongodb-1.mongodb.database.svc.cluster.local:27017 }, { _id: 2, host: mongodb-2.mongodb.database.svc.cluster.local:27017 } ] }); // 查看副本集状态 rs.status();四、Redis部署4.1 Redis StatefulSet配置apiVersion: apps/v1 kind: StatefulSet metadata: name: redis namespace: database spec: serviceName: redis replicas: 3 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: containers: - name: redis image: redis:latest ports: - containerPort: 6379 command: - redis-server - --appendonly - yes - --replica-read-only - yes volumeMounts: - name: data mountPath: /data resources: requests: cpu: 1 memory: 2Gi limits: cpu: 2 memory: 4Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 50Gi4.2 Redis主从配置# 在从节点执行 redis-cli SLAVEOF redis-0.redis.database.svc.cluster.local 6379 # 查看复制状态 redis-cli INFO replication五、数据库备份与恢复5.1 PostgreSQL备份apiVersion: batch/v1 kind: CronJob metadata: name: postgres-backup namespace: database spec: schedule: 0 2 * * * jobTemplate: spec: template: spec: containers: - name: backup image: postgres:latest command: - /bin/sh - -c - pg_dump -h postgres-primary -U admin -d appdb | gzip /backup/postgres-backup-$(date %Y%m%d).sql.gz env: - name: PGPASSWORD valueFrom: secretKeyRef: name: postgres-creds key: password volumeMounts: - name: backup mountPath: /backup volumes: - name: backup persistentVolumeClaim: claimName: backup-pvc restartPolicy: OnFailure5.2 MongoDB备份apiVersion: batch/v1 kind: CronJob metadata: name: mongodb-backup namespace: database spec: schedule: 0 3 * * * jobTemplate: spec: template: spec: containers: - name: backup image: mongo:latest command: - /bin/sh - -c - mongodump --urimongodb://admin:passwordmongodb:27017 --out/backup/mongodb-backup-$(date %Y%m%d) volumeMounts: - name: backup mountPath: /backup volumes: - name: backup persistentVolumeClaim: claimName: backup-pvc restartPolicy: OnFailure六、数据库监控6.1 PostgreSQL监控配置apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: postgres-monitor namespace: monitoring spec: selector: matchLabels: app: postgres endpoints: - port: metrics interval: 30s scrapeTimeout: 10s6.2 监控指标配置apiVersion: v1 kind: ConfigMap metadata: name: postgres-metrics-config namespace: monitoring data: prometheus.rules: | groups: - name: postgres.rules rules: - record: postgres_connections_total expr: sum(pg_stat_activity_count) - record: postgres_queries_per_second expr: sum(rate(pg_stat_statements_calls[5m]))七、数据库安全配置7.1 网络隔离apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: database-network-policy namespace: database spec: podSelector: matchLabels: app: postgres policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: app: backend ports: - protocol: TCP port: 54327.2 TLS配置apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: postgres-tls namespace: database spec: secretName: postgres-tls issuerRef: name: database-issuer kind: ClusterIssuer dnsNames: - postgres.database.svc.cluster.local - postgres-primary.database.svc.cluster.local八、数据库扩展方案8.1 PostgreSQL水平扩展apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres-replica namespace: database spec: serviceName: postgres-replica replicas: 5 selector: matchLabels: app: postgres-replica template: metadata: labels: app: postgres-replica spec: containers: - name: postgres image: postgres:latest ports: - containerPort: 5432 env: - name: POSTGRES_DB value: appdb - name: POSTGRES_USER valueFrom: secretKeyRef: name: postgres-creds key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-creds key: password - name: POSTGRES_REPLICATION_MODE value: slave - name: POSTGRES_MASTER_HOST value: postgres-primary volumeMounts: - name: data mountPath: /var/lib/postgresql/data8.2 Redis集群配置apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-cluster namespace: database spec: serviceName: redis-cluster replicas: 6 selector: matchLabels: app: redis-cluster template: metadata: labels: app: redis-cluster spec: containers: - name: redis image: redis:latest ports: - containerPort: 6379 - containerPort: 16379 command: - redis-server - --cluster-enabled - yes - --cluster-config-file - /data/nodes.conf - --port - 6379 - --cluster-port - 16379 - --appendonly - yes volumeMounts: - name: data mountPath: /data九、总结Kubernetes云原生数据库部署需要考虑数据库选择根据业务需求选择合适的数据库类型高可用性配置主从复制、副本集持久化存储配置合适的StorageClass和PV/PVC备份恢复定期备份和恢复策略监控告警建立数据库指标监控安全配置网络隔离和TLS加密扩展方案根据业务增长进行水平扩展建议根据业务规模和需求选择合适的数据库部署方案确保数据安全和高可用性。参考资料PostgreSQL Kubernetes部署指南MongoDB Kubernetes OperatorRedis集群部署
Kubernetes云原生数据库部署方案:构建高可用数据库集群
Kubernetes云原生数据库部署方案构建高可用数据库集群一、云原生数据库概述云原生数据库是为云环境设计的数据库系统具备弹性伸缩、高可用性和自动化运维能力。在Kubernetes上部署数据库需要考虑持久化存储、高可用、备份恢复等关键因素。1.1 数据库类型选择数据库类型场景推荐方案关系型数据库事务处理、复杂查询PostgreSQL、MySQLNoSQL文档数据库灵活数据模型MongoDB键值存储缓存、会话存储Redis时序数据库时间序列数据、监控指标InfluxDB图数据库关系分析、社交网络Neo4j1.2 云原生数据库架构┌─────────────────────────┐ │ 应用层 │ │ (Pod/Deployment) │ └───────────┬─────────────┘ │ ┌───────────▼─────────────┐ │ Service │ │ (负载均衡/服务发现) │ └───────────┬─────────────┘ │ ┌───────────────────────┼───────────────────────┐ │ │ │ ▼ ▼ ▼ ┌───────────────┐ ┌───────────────┐ ┌───────────────┐ │ 主节点 │ │ 副本节点A │ │ 副本节点B │ │ (Primary) │ │ (Replica) │ │ (Replica) │ └───────┬───────┘ └───────┬───────┘ └───────┬───────┘ │ │ │ └─────────────────────────┼─────────────────────────┘ │ ┌─────────────▼─────────────┐ │ 持久化存储 │ │ (PV/PVC/StorageClass) │ └───────────────────────────┘二、PostgreSQL部署2.1 PostgreSQL StatefulSet配置apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres namespace: database spec: serviceName: postgres replicas: 3 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres:latest ports: - containerPort: 5432 env: - name: POSTGRES_DB value: appdb - name: POSTGRES_USER valueFrom: secretKeyRef: name: postgres-creds key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-creds key: password - name: POSTGRES_REPLICATION_MODE value: master volumeMounts: - name: data mountPath: /var/lib/postgresql/data resources: requests: cpu: 2 memory: 4Gi limits: cpu: 4 memory: 8Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 100Gi storageClassName: fast-storage2.2 PostgreSQL服务配置apiVersion: v1 kind: Service metadata: name: postgres namespace: database spec: type: ClusterIP selector: app: postgres ports: - port: 5432 targetPort: 5432 name: postgres --- apiVersion: v1 kind: Service metadata: name: postgres-primary namespace: database spec: type: ClusterIP selector: app: postgres role: primary ports: - port: 5432 targetPort: 54322.3 主从复制配置-- 在主节点创建复制用户 CREATE ROLE replicator WITH REPLICATION LOGIN PASSWORD replication_password; -- 配置pg_hba.conf host replication replicator 10.0.0.0/8 md5 -- 配置postgresql.conf listen_addresses * wal_level replica max_wal_senders 10 max_replication_slots 10 hot_standby on三、MongoDB部署3.1 MongoDB StatefulSet配置apiVersion: apps/v1 kind: StatefulSet metadata: name: mongodb namespace: database spec: serviceName: mongodb replicas: 3 selector: matchLabels: app: mongodb template: metadata: labels: app: mongodb spec: containers: - name: mongodb image: mongo:latest ports: - containerPort: 27017 command: - mongod - --replSet - rs0 - --bind_ip_all env: - name: MONGO_INITDB_ROOT_USERNAME valueFrom: secretKeyRef: name: mongodb-creds key: username - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: name: mongodb-creds key: password volumeMounts: - name: data mountPath: /data/db resources: requests: cpu: 2 memory: 4Gi limits: cpu: 4 memory: 8Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 100Gi3.2 MongoDB副本集初始化// 初始化副本集 rs.initiate({ _id: rs0, members: [ { _id: 0, host: mongodb-0.mongodb.database.svc.cluster.local:27017 }, { _id: 1, host: mongodb-1.mongodb.database.svc.cluster.local:27017 }, { _id: 2, host: mongodb-2.mongodb.database.svc.cluster.local:27017 } ] }); // 查看副本集状态 rs.status();四、Redis部署4.1 Redis StatefulSet配置apiVersion: apps/v1 kind: StatefulSet metadata: name: redis namespace: database spec: serviceName: redis replicas: 3 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: containers: - name: redis image: redis:latest ports: - containerPort: 6379 command: - redis-server - --appendonly - yes - --replica-read-only - yes volumeMounts: - name: data mountPath: /data resources: requests: cpu: 1 memory: 2Gi limits: cpu: 2 memory: 4Gi volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 50Gi4.2 Redis主从配置# 在从节点执行 redis-cli SLAVEOF redis-0.redis.database.svc.cluster.local 6379 # 查看复制状态 redis-cli INFO replication五、数据库备份与恢复5.1 PostgreSQL备份apiVersion: batch/v1 kind: CronJob metadata: name: postgres-backup namespace: database spec: schedule: 0 2 * * * jobTemplate: spec: template: spec: containers: - name: backup image: postgres:latest command: - /bin/sh - -c - pg_dump -h postgres-primary -U admin -d appdb | gzip /backup/postgres-backup-$(date %Y%m%d).sql.gz env: - name: PGPASSWORD valueFrom: secretKeyRef: name: postgres-creds key: password volumeMounts: - name: backup mountPath: /backup volumes: - name: backup persistentVolumeClaim: claimName: backup-pvc restartPolicy: OnFailure5.2 MongoDB备份apiVersion: batch/v1 kind: CronJob metadata: name: mongodb-backup namespace: database spec: schedule: 0 3 * * * jobTemplate: spec: template: spec: containers: - name: backup image: mongo:latest command: - /bin/sh - -c - mongodump --urimongodb://admin:passwordmongodb:27017 --out/backup/mongodb-backup-$(date %Y%m%d) volumeMounts: - name: backup mountPath: /backup volumes: - name: backup persistentVolumeClaim: claimName: backup-pvc restartPolicy: OnFailure六、数据库监控6.1 PostgreSQL监控配置apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: postgres-monitor namespace: monitoring spec: selector: matchLabels: app: postgres endpoints: - port: metrics interval: 30s scrapeTimeout: 10s6.2 监控指标配置apiVersion: v1 kind: ConfigMap metadata: name: postgres-metrics-config namespace: monitoring data: prometheus.rules: | groups: - name: postgres.rules rules: - record: postgres_connections_total expr: sum(pg_stat_activity_count) - record: postgres_queries_per_second expr: sum(rate(pg_stat_statements_calls[5m]))七、数据库安全配置7.1 网络隔离apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: database-network-policy namespace: database spec: podSelector: matchLabels: app: postgres policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: app: backend ports: - protocol: TCP port: 54327.2 TLS配置apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: postgres-tls namespace: database spec: secretName: postgres-tls issuerRef: name: database-issuer kind: ClusterIssuer dnsNames: - postgres.database.svc.cluster.local - postgres-primary.database.svc.cluster.local八、数据库扩展方案8.1 PostgreSQL水平扩展apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres-replica namespace: database spec: serviceName: postgres-replica replicas: 5 selector: matchLabels: app: postgres-replica template: metadata: labels: app: postgres-replica spec: containers: - name: postgres image: postgres:latest ports: - containerPort: 5432 env: - name: POSTGRES_DB value: appdb - name: POSTGRES_USER valueFrom: secretKeyRef: name: postgres-creds key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-creds key: password - name: POSTGRES_REPLICATION_MODE value: slave - name: POSTGRES_MASTER_HOST value: postgres-primary volumeMounts: - name: data mountPath: /var/lib/postgresql/data8.2 Redis集群配置apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-cluster namespace: database spec: serviceName: redis-cluster replicas: 6 selector: matchLabels: app: redis-cluster template: metadata: labels: app: redis-cluster spec: containers: - name: redis image: redis:latest ports: - containerPort: 6379 - containerPort: 16379 command: - redis-server - --cluster-enabled - yes - --cluster-config-file - /data/nodes.conf - --port - 6379 - --cluster-port - 16379 - --appendonly - yes volumeMounts: - name: data mountPath: /data九、总结Kubernetes云原生数据库部署需要考虑数据库选择根据业务需求选择合适的数据库类型高可用性配置主从复制、副本集持久化存储配置合适的StorageClass和PV/PVC备份恢复定期备份和恢复策略监控告警建立数据库指标监控安全配置网络隔离和TLS加密扩展方案根据业务增长进行水平扩展建议根据业务规模和需求选择合适的数据库部署方案确保数据安全和高可用性。参考资料PostgreSQL Kubernetes部署指南MongoDB Kubernetes OperatorRedis集群部署
