当我尝试使用环境变量作为根密码(MYSQL_ROOT_PASSWORD,docker-entrypoint.sh 中使用的变量)使用 K8S 进行部署时,例如
kind: Deployment
#omitted...
spec:
containers:
#omitted...
env:
- name: MYSQL_ROOT_PASSWORD
value: my-secret-passw
看来使用 kubectl apply -k 的部署正在运行。当然,这种部署是不安全的。 MySql 初始化工作正常,一切都按预期进行。
所以我尝试创建一个 secret 并从该 secret 中检索值,这样
kind: Deployment
#omitted...
spec:
containers:
#omitted...
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_ROOT_PASSWORD
name: mysql-root-password
mysql 初始化不起作用。我不知道到底出了什么问题。容器中的 kubectl 日志或 stdout 如下(请记住,使用文字根传递不会返回这样的结果):
[MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.
[Note] [Entrypoint]: /usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/sql-script.sql
mysql: [ERROR] unknown option '-- "'.
在检查docker镜像源代码时,似乎没有关于“未知选项”的字符串(see here the github,我使用的是mysql 8.0。看起来它来自mysql本身。
那么,为什么在 k8S 环境变量上使用文字值(这不安全!)时可以工作,但从 secret 读取时却不起作用?
最佳答案
似乎版本 8.0 已损坏或丢失某些内容,因为它无法看到密码。 我不是这个领域的专家,所以也许其他人可以添加更多细节。
2020-02-07T16:09:06.648827Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-02-07T16:09:06.649084Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.19) initializing of server in progress as process 44
2020-02-07T16:09:10.821145Z 5 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2020-02-07 16:09:14+00:00 [Note] [Entrypoint]: Database files initialized
2020-02-07 16:09:14+00:00 [Note] [Entrypoint]: Starting temporary server
2020-02-07T16:09:14.823453Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-02-07T16:09:14.823582Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 94
2020-02-07T16:09:15.631008Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2020-02-07T16:09:15.635649Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2020-02-07T16:09:15.655790Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19' socket: '/var/run/mysqld/mysqld.sock' port: 0 MySQL Community Server - GPL.
2020-02-07 16:09:15+00:00 [Note] [Entrypoint]: Temporary server started.
2020-02-07T16:09:15.740600Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.
2020-02-07 16:09:19+00:00 [Note] [Entrypoint]: Stopping temporary server
2020-02-07T16:09:19.476870Z 10 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.19).
我已经测试了 official mysql repository 中的图像 5.6而且它似乎工作得很好。
我已经跑完了MySQL + WordPress deployment使用我推荐的 kubernetes.io 教程。
我已经使用以下方法手动创建了 secret :
kubectl create secret generic mysql-pass --from-literal=password=test
似乎有一个与此类似的问题尚未解决 "Unable to start server" on Amazon Linux AMI (works with 5.7) #628 .
关于MySQL Docker 镜像 : initialized with env variable of K8S Secret,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60080057/