来自 Kubernetes pod 的数据库访问问题
[英]Database access problems from Kubernetes pod
问题描述
I am trying to get my second project(prm) into the cloud.
我正在尝试将我的第二个项目 (prm) 放入云中。 Both the projects (pyp and prm) access the same database and with the same credentials.这两个项目(pyp 和 prm)使用相同的凭据访问相同的数据库。 The first project succeed, and the second gets Access denied for user root.第一个项目成功,第二个项目被 root 用户拒绝访问。
Some excerpts from my definitions:一些摘录自我的定义:
apiVersion: v1
kind: Secret
metadata:
name: pyp-secret
data:
mysql_password: "M1BKdnIrNjRyaDZ0aGJGR0gy"
apiVersion: v1
kind: Service
metadata:
name: pyp-db
spec:
type: ClusterIP
ports:
- port: 3306
targetPort: 3306
selector:
app: pyp
service: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pyp-db
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: pyp
service: mysql
template:
metadata:
labels:
app: pyp
service: mysql
spec:
containers:
- image: mysql:8
name: pyp-db
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: pyp-secret
key: mysql_password
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: prm
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: prm
service: cron
template:
metadata:
labels:
app: prm
service: cron
spec:
containers:
- image: prm-image-name
imagePullPolicy: Always
name: prm
env:
- name: MYSQL_HOST
value: pyp-db
- name: MYSQL_USER
value: root
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: pyp-secret
key: mysql_password
This is excerpts from the log where you can see the url for connecting the database, and the error I get:这是日志的摘录,您可以在其中看到连接数据库的 url,以及我得到的错误:
This is from my java-application:这是来自我的 java 应用程序:
static Connection init(String host,String user, String password){
Connection con = null;
try {
if (con == null) {
Class.forName("com.mysql.cj.jdbc.Driver").newInstance();
String url = "jdbc:mysql://" + host + ":3306/PP_Master?user=" + user + "&password=" + password;
logger.trace("DB url:" + url);
con = DriverManager.getConnection(url);
}
} catch (Exception ex) {
logger.error("init: " , ex);
}
return con;
}
My cloud is hosted on Minikube and the database is Mysql 8.0.27.我的云托管在 Minikube 上,数据库是 Mysql 8.0.27。 It is accessible from my localhost when I give the same credentials.当我提供相同的凭据时,它可以从我的本地主机访问。 My other project(pyp) is running in Tomcat, and connecting with credentials from a connection pool defined in context.xml.我的另一个项目(pyp)在 Tomcat 中运行,并使用 context.xml 中定义的连接池中的凭据进行连接。 They use the same driver to connect the database.它们使用相同的驱动程序连接数据库。 That project access the database just fine.该项目访问数据库就好了。
This is the users defined in the database:这是数据库中定义的用户:
I've also counted the number of characters in the url by url.length().我还通过 url.length() 计算了 url 中的字符数。 This gave 72 characters that match the actual size.这给出了与实际大小相匹配的 72 个字符。 So there are no extra invisible characters in the password.所以密码中没有多余的不可见字符。
About the project(pyp) that succeed in getting access to the database.关于成功访问数据库的项目(pyp)。 Some days ago, I got an SqlSyntaxError from the first statement against the database, even if it was only "USE PP_Master", and it had worked before.几天前,我从针对数据库的第一个语句中得到了一个 SqlSyntaxError,即使它只是“USE PP_Master”,而且它以前也工作过。 There were no errors on the logs.日志上没有错误。 I had to delete the Minikube container, and start a new one.我不得不删除 Minikube 容器,然后开始一个新容器。 That gave me access to the database from the pyp-project.这让我可以从 pyp-project 访问数据库。 I wonder if one project using a DataConnectionPool could reserve access to the database, so no other projects could access it ?我想知道使用 DataConnectionPool 的一个项目是否可以保留对数据库的访问权限,因此其他项目无法访问它? I've tried now to change from connection pool to only one connection at time in the pyp-project.我现在尝试在 pyp 项目中从连接池更改为一次只有一个连接。 But that didn't solve the problems with the prm-project.但这并没有解决 prm 项目的问题。 I also tried simply to remove the deployment and the pyp-pod, but that didn't help the prm-project eigther.我还尝试简单地删除部署和 pyp-pod,但这对 prm-project 也没有帮助。 So that hypotesis seem to be wrong.所以这个假设似乎是错误的。 I looked at the pyp-db log.我查看了 pyp-db 日志。 This pod is containing the database.这个 pod 包含数据库。 I don't know if some of this information could have an impact on my problem ?我不知道这些信息中的一些是否会对我的问题产生影响? I have also tried to delete the minikube again.
我也尝试再次删除 minikube。 This time I only deployed the pyp-db and the prm pods, to avoid a possible conflict with the pyp pod.这次我只部署了 pyp-db 和 prm pod,以避免与 pyp pod 可能发生冲突。 But to no avail.但无济于事。 The error-message connected to the prm pod persists.连接到 prm pod 的错误消息仍然存在。 So, it must be something wrong between the prm and the pyp-db, that has nothing to do with the pyp-pod.所以,肯定是prm和pyp-db之间有问题,与pyp-pod无关。 So I've testified that it is not due to a conflict with the pyp-pod.所以我已经证明这不是由于与 pyp-pod 的冲突。
I really hope someone is able to help me.我真的希望有人能够帮助我。 I've been stuck for several days with this problem.我已经被这个问题困了好几天了。 If there are more information that could help, just ask.如果有更多信息可以提供帮助,请询问。
1 个解决方案
解决方案1
0 2021-11-01 14:51:27
Eventually, I managed to get rid of the "access denied" problem.最终,我设法摆脱了“拒绝访问”问题。 I just changed the content in the java-code to this:我只是将java代码中的内容更改为:
String url = "jdbc:mysql://" + host + ":3306/PP_Master";
con = DriverManager.getConnection(url, user, password);
Before it was :之前是:
String url = "jdbc:mysql://" + host + ":3306/PP_Master?user=" + user + "&password=" + password;
con = DriverManager.getConnection(url);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.