Docker容器(Kubernetes):拒绝MySQL用户访问 [英] Docker container (Kubernetes): Mysql user access denied
问题描述
我已经按照k8s的一些教程进行了设置本地db + WordPress安装的操作,但是用户无法连接到集群中的mysql. (一切似乎都可以-在Kubernetes Dashboard Web UI中)
Hi I have followed some k8s tutorials on how to get going with setting up a local db + WordPress installation, but user can't connect to mysql within my cluster. (everything else seems ok - in Kubernetes Dashboard Web UI)
错误:[15:40:55] [〜] #kubectl日志-f网站-56677747c7-c7lb6 [2019年11月21日 11:07:17 UTC] PHP警告:mysqli :: __ construct(): php_network_getaddresses:getaddrinfo失败:名称或服务不正确 在第22行的标准输入代码中已知的[21-Nov-2019 11:07:17 UTC] PHP 警告:mysqli :: __ construct():(HY000/2002): php_network_getaddresses:getaddrinfo失败:名称或服务不正确 在第22行的标准输入代码中已知
Error: [15:40:55][~]#kubectl logs -f website-56677747c7-c7lb6 [21-Nov-2019 11:07:17 UTC] PHP Warning: mysqli::__construct(): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22 [21-Nov-2019 11:07:17 UTC] PHP Warning: mysqli::__construct(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
MySQL连接错误:(2002年)php_network_getaddresses:getaddrinfo 失败:名称或服务未知[21-Nov-2019 11:07:20 UTC] PHP 警告:mysqli :: __ construct():(HY000/1045):拒绝用户访问 标准输入代码中的"websiteu5er" @"10.1.0.35"(使用密码:是) 在第22行
MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known [21-Nov-2019 11:07:20 UTC] PHP Warning: mysqli::__construct(): (HY000/1045): Access denied for user 'websiteu5er'@'10.1.0.35' (using password: YES) in Standard input code on line 22
MySQL连接错误:(1045)用户被拒绝访问 'websiteu5er'@'10.1.0.35'(使用密码:是)
MySQL Connection Error: (1045) Access denied for user 'websiteu5er'@'10.1.0.35' (using password: YES)
MySQL连接错误:(1045)用户被拒绝访问 'websiteu5er'@'10.1.0.35'(使用密码:是)
MySQL Connection Error: (1045) Access denied for user 'websiteu5er'@'10.1.0.35' (using password: YES)
MySQL连接错误:(1045)用户被拒绝访问 'websiteu5er'@'10.1.0.35'(使用密码:是)
MySQL Connection Error: (1045) Access denied for user 'websiteu5er'@'10.1.0.35' (using password: YES)
我的Dockerfile(我用来创建将映像推送到docker hub,然后放入k8s服务+部署中的映像):
My Dockerfile (which I used to create the image pushed to docker hub then pulled into k8s service + deployment):
FROM mysql:5.7
# This should create the following default root + user?
ENV MYSQL_ROOT_PASSWORD=hello123
ENV MYSQL_DATABASE=website
ENV MYSQL_USER=websiteu5er
ENV MYSQL_PASSWORD=hello123
RUN /etc/init.d/mysql start \
&& mysql -u root --password='hello123' -e "GRANT ALL PRIVILEGES ON *.* TO 'websiteu5er'@'%' IDENTIFIED BY 'hello123';"
FROM wordpress:5.2.4-php7.3-apache
# Copy wp-config file over
COPY configs/wp-config.php .
RUN chown -R www-data:www-data *
COPY ./src/wp-content/themes/bam /var/www/html/wp-content/themes/bam
推荐答案
标准Docker Hub mysql 图像仅在数据库第一次启动时就可以运行任意SQL脚本.同样,它也可以仅在首次启动时使用已知的密码设置初始数据库用户.详细信息在链接的Docker Hub页面中.
The standard Docker Hub mysql image has the ability to run arbitrary SQL scripts on the very first startup of the database only. It can also set up an initial database user with a known password, again on the first startup only. Details are in the linked Docker Hub page.
在Kubernetes上下文中,我只使用环境变量,然后在我的pod规范中指定它们.
In a Kubernetes context I’d use just the environment variables, and specify them in my pod spec.
containers:
- name: mysql
image: mysql:5.7 # not a custom image
env:
- name: MYSQL_USER
value: websiteu5er
- name: MYSQL_PASSWORD
value: hello123
如果您确实需要更多的设置,我将创建一个包含SQL脚本的ConfigMap,然后将其安装到/docker-entrypoint-initdb.d中的容器中.
If you did need more involved setup, I’d create a ConfigMap that contained SQL scripts, and then mount that into the container in /docker-entrypoint-initdb.d.
Dockerfile中发生了两件事.一种是,当您有多条FROM行时,实际上是在执行多阶段构建;您最后得到的图像只是Wordpress图像,而MySQL之前的部分已被跳过.第二个问题是您实际上无法创建包含任何数据库级配置或内容的映像FROM mysql,因此从第一阶段出来的映像已设置了环境变量,但实际上并未执行您的
There’s two things going on in your Dockerfile. One is that, when you have multiple FROM lines, you’re actually executing a multi-stage build; the image you get out at the end is only the Wordpress image, and the MySQL parts before it get skipped. The second is that you can’t actually create an image FROM mysql that contains any database-level configuration or content, so the image that comes out of the first stage has the environment variables set but won’t actually have executed your GRANT PRIVILEGES statement.
我只删除最后一行FROM之前的所有内容,而不尝试构建派生的MySQL映像;在启动时使用/docker-entrypoint-initdb.d机制.
I’d just delete everything before the last FROM line and not try to build a derived MySQL image; use the /docker-entrypoint-initdb.d mechanism at startup time instead.
这篇关于Docker容器(Kubernetes):拒绝MySQL用户访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
