0

I am experimenting with the above mentioned tools right now and ran into some issues. I cannot forward my ports, because it seems like I am having some problems with the ip-tables of my pod.

"sudo iptables -P FORWARD ACCEPT" is supposed to get rid of my problems, but I wonder, how I can insert that command in my yaml-file so that it is going to be executed,

before my pod wants to get the database. Am I right with that?

Maybe you can help me sorting out where to place the code and how to implement the commad.

Best regards!!!!

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-mysql


  initContainers:
    - name: forward accept
      command: ["sudo iptables"]
      args: ["-P", "FORWARD ACCEPT"]
      
  template:
    metadata:
      labels:
        app: my-mysql
    spec:
      volumes:
          - name: data-volume
            emptyDir: {}
    

      initContainers:
        - name: init-container-data-downloader
          image: curlimages/curl
          args:
            - "-o"
            - "/tmp/data/init.sql"
            - "https://google.de"
          volumeMounts:
            - mountPath: /tmp/data/
              name: data-volume
      containers:
        - name: mysql
          image: mysql
          volumeMounts:
            - mountPath: /docker-entrypoint-initdb.d/
              name: data-volume
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "mysecretpw"
            - name: MYSQL_DATABASE
              value: "sportsdb"
          ports:
            - containerPort: 3306
            - containerPort: 33060
Calumeth
  • 1
  • 1
  • What's the actual problem you're trying to solve? You probably can't run `iptables` in Kubernetes at all; there are multiple layers of networking, plus Linux capability restrictions, and so an individual pod won't be able to change the host networking setup of its node. – David Maze Jan 15 '21 at 16:10

2 Answers2

1

curlimages/curl docker image does not contain iptables binary. I would recommend you create a custom docker image and add whichever binaries are required.

You can add multiple arguments in initContainer

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-mysql
  template:
    metadata:
      labels:
        app: my-mysql
    spec:
      volumes:
        - name: data-volume
          emptyDir: {}
      initContainers:
        - name: init-container-data-downloader
          image: alpine:3.12
          command: ["/bin/ash", "-c"]
          args:
            [
              "sudo iptables -P FORWARD ACCEPT; wget -q https://google.de -O /tmp/data/init.sql",
            ]
          volumeMounts:
            - mountPath: /tmp/data/
              name: data-volume
      containers:
        - name: mysql
          resources: {}
          image: mysql
          volumeMounts:
            - mountPath: /docker-entrypoint-initdb.d/
              name: data-volume
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "mysecretpw"
            - name: MYSQL_DATABASE
              value: "sportsdb"
          ports:
            - containerPort: 3306
hdhruna
  • 865
  • 6
  • 15
0

Run it in initContainers. You already have one so add another

Sekru
  • 515
  • 2
  • 11
  • thanks for your quick answer! do you mean like that? i updated my code above. – Calumeth Jan 15 '21 at 12:51
  • You need image. For example use busybox. Look here https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ – Sekru Jan 15 '21 at 15:49