mysql - 使用密码时无法连接到Kubernetes上的mariadb

Question

我正在Google Kubernetes Engine的kubernetes集群中托管mariadb。我正在使用dockerhub(mariadb:10.5)的官方mariadb镜像。
这是我针对服务和部署的yml

apiVersion: v1
kind: Service
metadata:
  name: mariadb
spec:
  ports:
  - port: 3306
  selector:
    app: mariadb
  clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mariadb
spec:
  selector:
    matchLabels:
      app: mariadb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mariadb
    spec:
      containers:
      - image: mariadb:10.5
        name: mariadb
        env:
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: mariadb-secret
              key: username
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mariadb-secret
              key: password
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mariadb-secret
              key: rootpassword
        - name: MYSQL_DATABASE
          value: test
        ports:
        - containerPort: 3306
          name: mariadb-port
        volumeMounts:
        - name: mariadb-volume
          mountPath: /var/lib/mysql
      volumes:
      - name: mariadb-volume
        persistentVolumeClaim:
          claimName: mariadb-pvc

如您所见，我正在使用一个 secret 来配置环境。 secret 的yml看起来像这样:

apiVersion: v1
kind: Secret
metadata:
  name: mariadb-secret
type: Opaque
 data:
   rootpassword: dGVzdHJvb3RwYXNzCg==
   username: dGVzdHVzZXIK
   password: dGVzdHBhc3MK

应用此配置后，一切似乎都很好，除了我无法与用户连接并且将其密码输入数据库。不是来自本地主机，也不是来自远程:

# mysql -u testuser -ptestpass

ERROR 1045 (28000): Access denied for user 'testuser'@'localhost' (using password: YES)

我只能使用root和它的密码(相同的连接字符串)进行连接。当我查看mariadb中的用户时，他们看起来像这样:

+-----------+-------------+-------------------------------------------+
| Host      | User        | Password                                  |
+-----------+-------------+-------------------------------------------+
| localhost | mariadb.sys |                                           |
| localhost | root        | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| %         | root        | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| %         | testuser    | *B07683D91842E0B3FEE182C5182AB7E4F8B3972D |
+-----------+-------------+-------------------------------------------+

如果我将Secret更改为使用stringData而不是data并使用未编码的字符串，那么一切都会按预期进行:

apiVersion: v1
kind: Secret
metadata:
  name: mariadb-secret
type: Opaque
stringData:
  rootpassword: testrootpass
  username: testuser
  password: testpass

我使用以下命令(在Mac OS上)生成base64编码的字符串:

echo testuser | base64
echo testpass | base64
echo testrootpass | base64

我在这里做错了什么？我想使用base64编码的字符串，而不是普通的字符串。

Answer 1

您使用以下命令创建了所有值:

$ echo "value" | base64

，您应该使用:$ echo -n "value" | base64

以下是echo的官方手册页:

Description

Echo the STRING(s) to standard output.

-n = do not output the trailing newline

TL; DR :您需要使用新值编辑Secret.yaml定义:

$ echo -n "testuser" | base64

$ echo -n "testpass" | base64

$ echo -n "testrootpass" | base64

按照上述说明，您的Secret.yaml应该如下所示:

apiVersion: v1
kind: Secret
metadata:
  name: mariadb-secret
type: Opaque
data:
  rootpassword: dGVzdHJvb3RwYXNz
  username: dGVzdHVzZXI=
  password: dGVzdHBhc3M=

之后，您应该可以连接到mariadb，如下所示:

$ mysql -u testuser -ptestpass

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<----> 
MariaDB [(none)]> 

$ mysql -u root -ptestrootpass

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<---->
MariaDB [(none)]> 

其他资源:

Stackoverflow.com: How to get into postgres in kubernetes with local dev minikube