使用Secrets输入密码时无法连接到Kubernetes中的mysql pod(拒绝访问) [英] Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)
问题描述
我尝试在Kubernetes中设置mysql数据库.我配置了一个ConfigMap来存储数据库名称和一个Secret,其中包含根密码,用户和用户密码.
I try to setup a mysql database in Kubernetes. I configured a ConfigMap to store the Database name and a Secret that contains the root password, the user and the password for the user.
之后,当我尝试连接到数据库时(使用mysql cli在容器内部,以及使用IntelliJ Database工具从外部),我得到一个错误1045(28000):用户'testadm'@'localhost'的访问被拒绝(使用密码:是)"错误.
When I try to connect to the DB afterwards (Inside the container with mysql cli and from outside with IntelliJ Database tool) I get an "ERROR 1045 (28000): Access denied for user 'testadm'@'localhost' (using password: YES)" error.
我的kubernetes.yaml文件:
My kubernetes.yaml file:
apiVersion: v1
kind: ConfigMap
metadata:
name: db
data:
mysql-database: database
---
apiVersion: v1
kind: Secret
metadata:
name: db-credentials
type: Opaque
data:
mysql-root-password: VGVzdDEyMzQK # Test1234
mysql-user: dGVzdGFkbQo= # testadm
mysql-password: VGVzdDEyMzQK # Test1234
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7
ports:
- containerPort: 3306
env:
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: db
key: mysql-database
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: mysql-root-password
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-credentials
key: mysql-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: mysql-password
如果我直接像在下面那样设置密码,则连接成功在容器内部和外部!
env:
- name: MYSQL_ROOT_PASSWORD
value: Test1234
如果我检查容器内的env变量,我将无法发现这两种方法之间的差异.
If I inspect the env variables inside the container I can't spot a difference between the two approaches.
使用秘密中存储的密码是否需要其他格式?我还尝试将值放在数据字典中,如下所示:
Is there any additional formatting required to use the passwords stored in the secret? I also tried to place the values in the data-dictionary in quotes like this:
data:
mysql-root-password: "VGVzdDEyMzQK"
版本信息
Docker 17.06.0-ce
Minikube 0.21.0
Kubectl Server 1.7.0
Kubectl Client 1.7.3
推荐答案
您可以使用此yaml文件.
you can use this yaml file.
apiVersion: v1
kind: Secret
metadata:
name: db-credentials
type: Opaque
data:
mysql-password: VGVzdDEyMzQ=
mysql-root-password: VGVzdDEyMzQ=
mysql-user: dGVzdGFkbQ==
这篇关于使用Secrets输入密码时无法连接到Kubernetes中的mysql pod(拒绝访问)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!