stackoom
  简体   繁体   中英

Cannot connect to mariadb on kubernetes when using secret

 原文  2020-10-05 15:58:39       mysql/ docker/ google-cloud-platform/ mariadb/ google-kubernetes-engine

Question

I'm hosting a mariadb in a kubernetes cluster on Google Kubernetes Engine. I'm using the official mariadb image from dockerhub ( mariadb:10.5 ).

This is my yml for the service and deployment

apiVersion: v1
kind: Service
metadata:
  name: mariadb
spec:
  ports:
  - port: 3306
  selector:
    app: mariadb
  clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mariadb
spec:
  selector:
    matchLabels:
      app: mariadb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mariadb
    spec:
      containers:
      - image: mariadb:10.5
        name: mariadb
        env:
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: mariadb-secret
              key: username
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mariadb-secret
              key: password
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mariadb-secret
              key: rootpassword
        - name: MYSQL_DATABASE
          value: test
        ports:
        - containerPort: 3306
          name: mariadb-port
        volumeMounts:
        - name: mariadb-volume
          mountPath: /var/lib/mysql
      volumes:
      - name: mariadb-volume
        persistentVolumeClaim:
          claimName: mariadb-pvc

As you can see, I'm using a secret to configure the environment. The yml for the secret looks like this:

apiVersion: v1
kind: Secret
metadata:
  name: mariadb-secret
type: Opaque
 data:
   rootpassword: dGVzdHJvb3RwYXNzCg==
   username: dGVzdHVzZXIK
   password: dGVzdHBhc3MK

After apply this configuration everything seems fine, except that I cannot connect with the user and it's password to the DB. Not from localhost and also not from remote:

# mysql -u testuser -ptestpass

ERROR 1045 (28000): Access denied for user 'testuser'@'localhost' (using password: YES)

I can only connect using root and it's password (same connection string). When I take a look at my users in mariadb they look like this:

+-----------+-------------+-------------------------------------------+
| Host      | User        | Password                                  |
+-----------+-------------+-------------------------------------------+
| localhost | mariadb.sys |                                           |
| localhost | root        | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| %         | root        | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| %         | testuser    | *B07683D91842E0B3FEE182C5182AB7E4F8B3972D |
+-----------+-------------+-------------------------------------------+

If I change my Secret to use stringData instead of data and use non-encoded strings everything works as expected:

apiVersion: v1
kind: Secret
metadata:
  name: mariadb-secret
type: Opaque
stringData:
  rootpassword: testrootpass
  username: testuser
  password: testpass

I use the following commands (on Mac OS) to generate the base64 encoded strings:

echo testuser | base64
echo testpass | base64
echo testrootpass | base64

What am I doing wrong here? I would like to use the base64-encoded strings instead of the normal strings.

1 answers

solution1
 3 ACCPTED  2020-10-06 10:11:21

You created all your values with:

  • $ echo "value" | base64
  • which instead you should use: $ echo -n "value" | base64 $ echo -n "value" | base64

Following official man page of echo :

Description

Echo the STRING (s) to standard output.

-n = do not output the trailing newline

TL;DR : You need to edit your Secret.yaml definition with new values:

  • $ echo -n "testuser" | base64
  • $ echo -n "testpass" | base64
  • $ echo -n "testrootpass" | base64

Following above explanation, your Secret.yaml should look like:

apiVersion: v1
kind: Secret
metadata:
  name: mariadb-secret
type: Opaque
data:
  rootpassword: dGVzdHJvb3RwYXNz
  username: dGVzdHVzZXI=
  password: dGVzdHBhc3M=

After that you should be able to connect to your mariadb like below:

  • $ mysql -u testuser -ptestpass
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<----> 
MariaDB [(none)]>
  • $ mysql -u root -ptestrootpass
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<---->
MariaDB [(none)]>

Additional resources:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MariaDB - Cannot connect to MariaDB instance from Dbeaver using correct password Cannot connect remotelly to a mariadb server Access denied when trying to connect to MariaDB using PHP script Unable to connect to MariaDB using DBeaver MariaDB connector in Python cannot connect to remote server Can't connect to MariaDB by hostname within a Kubernetes cluster how to connect to mariadb when both mysql and mariadb exist in the remote server How to resolve error when connect Hawkbit with MariaDB? Can't connect to MariaDB on localhost using DBeaver can not connect to mariadb server using dbeaver
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM