使用Secrets输入密码时无法连接到Kubernetes中的mysql pod(拒绝访问) [英] Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)

问题描述

我尝试在Kubernetes中设置mysql数据库.我配置了一个ConfigMap来存储数据库名称和一个Secret，其中包含根密码，用户和用户密码.

I try to setup a mysql database in Kubernetes. I configured a ConfigMap to store the Database name and a Secret that contains the root password, the user and the password for the user.

之后，当我尝试连接到数据库时(使用mysql cli在容器内部，以及使用IntelliJ Database工具从外部)，我得到一个错误1045(28000):用户'testadm'@'localhost'的访问被拒绝(使用密码:是)"错误.

When I try to connect to the DB afterwards (Inside the container with mysql cli and from outside with IntelliJ Database tool) I get an "ERROR 1045 (28000): Access denied for user 'testadm'@'localhost' (using password: YES)" error.

我的kubernetes.yaml文件:

My kubernetes.yaml file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: db
data:
  mysql-database: database

---
apiVersion: v1
kind: Secret
metadata:
   name: db-credentials
type: Opaque
data:
  mysql-root-password: VGVzdDEyMzQK # Test1234
  mysql-user: dGVzdGFkbQo= # testadm
  mysql-password: VGVzdDEyMzQK # Test1234

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: mysql
spec:
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - name: mysql
          image: mysql:5.7
          ports:
            - containerPort: 3306
          env:
            - name: MYSQL_DATABASE
              valueFrom:
                configMapKeyRef:
                  name: db
                  key: mysql-database
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: db-credentials
                  key: mysql-root-password
            - name: MYSQL_USER
              valueFrom:
                secretKeyRef:
                  name: db-credentials
                  key: mysql-user
            - name: MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: db-credentials
                  key: mysql-password

如果我直接像在下面那样设置密码，则连接成功在容器内部和外部！

env:
  - name: MYSQL_ROOT_PASSWORD
    value: Test1234

如果我检查容器内的env变量，我将无法发现这两种方法之间的差异.

If I inspect the env variables inside the container I can't spot a difference between the two approaches.

使用秘密中存储的密码是否需要其他格式?我还尝试将值放在数据字典中，如下所示:

Is there any additional formatting required to use the passwords stored in the secret? I also tried to place the values in the data-dictionary in quotes like this:

data:
  mysql-root-password: "VGVzdDEyMzQK"

版本信息

Docker 17.06.0-ce
Minikube 0.21.0
Kubectl Server 1.7.0
Kubectl Client 1.7.3

推荐答案

您可以使用此yaml文件.

you can use this yaml file.

apiVersion: v1
kind: Secret
metadata:
   name: db-credentials
type: Opaque
data:
  mysql-password: VGVzdDEyMzQ=
  mysql-root-password: VGVzdDEyMzQ=
  mysql-user: dGVzdGFkbQ==

这篇关于使用Secrets输入密码时无法连接到Kubernetes中的mysql pod(拒绝访问)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！