我正在Google Kubernetes Engine的kubernetes集群中托管mariadb。我正在使用dockerhub(mariadb:10.5
)的官方mariadb镜像。
这是我针对服务和部署的yml
apiVersion: v1
kind: Service
metadata:
name: mariadb
spec:
ports:
- port: 3306
selector:
app: mariadb
clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
spec:
selector:
matchLabels:
app: mariadb
strategy:
type: Recreate
template:
metadata:
labels:
app: mariadb
spec:
containers:
- image: mariadb:10.5
name: mariadb
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mariadb-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: password
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: rootpassword
- name: MYSQL_DATABASE
value: test
ports:
- containerPort: 3306
name: mariadb-port
volumeMounts:
- name: mariadb-volume
mountPath: /var/lib/mysql
volumes:
- name: mariadb-volume
persistentVolumeClaim:
claimName: mariadb-pvc
如您所见,我正在使用一个 secret 来配置环境。 secret 的yml看起来像这样:apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
type: Opaque
data:
rootpassword: dGVzdHJvb3RwYXNzCg==
username: dGVzdHVzZXIK
password: dGVzdHBhc3MK
应用此配置后,一切似乎都很好,除了我无法与用户连接并且将其密码输入数据库。不是来自本地主机,也不是来自远程:# mysql -u testuser -ptestpass
ERROR 1045 (28000): Access denied for user 'testuser'@'localhost' (using password: YES)
我只能使用root
和它的密码(相同的连接字符串)进行连接。当我查看mariadb中的用户时,他们看起来像这样:+-----------+-------------+-------------------------------------------+
| Host | User | Password |
+-----------+-------------+-------------------------------------------+
| localhost | mariadb.sys | |
| localhost | root | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| % | root | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| % | testuser | *B07683D91842E0B3FEE182C5182AB7E4F8B3972D |
+-----------+-------------+-------------------------------------------+
如果我将Secret更改为使用stringData
而不是data
并使用未编码的字符串,那么一切都会按预期进行:apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
type: Opaque
stringData:
rootpassword: testrootpass
username: testuser
password: testpass
我使用以下命令(在Mac OS上)生成base64编码的字符串:echo testuser | base64
echo testpass | base64
echo testrootpass | base64
我在这里做错了什么?我想使用base64编码的字符串,而不是普通的字符串。
最佳答案
您使用以下命令创建了所有值:
$ echo "value" | base64
$ echo -n "value" | base64
以下是
echo
的官方手册页:Description
Echo the STRING(s) to standard output.
-n = do not output the trailing newline
TL; DR :您需要使用新值编辑
Secret.yaml
定义:$ echo -n "testuser" | base64
$ echo -n "testpass" | base64
$ echo -n "testrootpass" | base64
按照上述说明,您的
Secret.yaml
应该如下所示:apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
type: Opaque
data:
rootpassword: dGVzdHJvb3RwYXNz
username: dGVzdHVzZXI=
password: dGVzdHBhc3M=
之后,您应该可以连接到mariadb
,如下所示:$ mysql -u testuser -ptestpass
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<---->
MariaDB [(none)]>
$ mysql -u root -ptestrootpass
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<---->
MariaDB [(none)]>
其他资源:
关于mysql - 使用密码时无法连接到Kubernetes上的mariadb,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64212147/