[英]MySQL Docker Image: initialized with env variable of K8S Secret
當我嘗試使用 Root 密碼的 env 變量(MYSQL_ROOT_PASSWORD,docker-entrypoint.sh 中使用的變量)使用 K8S 進行部署時,例如
kind: Deployment
#omitted...
spec:
containers:
#omitted...
env:
- name: MYSQL_ROOT_PASSWORD
value: my-secret-passw
似乎使用kubectl apply -k
的部署正在運行。 當然,這種不安全的部署。 MySql 初始化工作正常,一切都按預期進行。 所以我試圖創建一個secret
並從那個secret
檢索價值,這樣
kind: Deployment
#omitted...
spec:
containers:
#omitted...
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_ROOT_PASSWORD
name: mysql-root-password
mysql 初始化不起作用。 我不知道到底出了什么問題。 容器中的kubectl logs
或標准輸出如下(請記住,使用字面根傳遞不會返回這樣的結果):
[MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.
[Note] [Entrypoint]: /usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/sql-script.sql
mysql: [ERROR] unknown option '-- "'.
檢查 docker 圖像源代碼時,似乎沒有關於“未知選項”的字符串(請參閱此處的 github ,我使用的是 mysql 8.0。它似乎來自 mysql 本身。
那么為什么在 k8S env 變量上使用文字值(這不安全!)工作但不能從secret
讀取?
似乎8.0版已損壞或丟失了某些東西,因為它看不到密碼。 我不是這個領域的專家,所以也許其他人可以添加更多細節。
2020-02-07T16:09:06.648827Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-02-07T16:09:06.649084Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.19) initializing of server in progress as process 44
2020-02-07T16:09:10.821145Z 5 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2020-02-07 16:09:14+00:00 [Note] [Entrypoint]: Database files initialized
2020-02-07 16:09:14+00:00 [Note] [Entrypoint]: Starting temporary server
2020-02-07T16:09:14.823453Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2020-02-07T16:09:14.823582Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.19) starting as process 94
2020-02-07T16:09:15.631008Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2020-02-07T16:09:15.635649Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2020-02-07T16:09:15.655790Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.19' socket: '/var/run/mysqld/mysqld.sock' port: 0 MySQL Community Server - GPL.
2020-02-07 16:09:15+00:00 [Note] [Entrypoint]: Temporary server started.
2020-02-07T16:09:15.740600Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: '/var/run/mysqld/mysqlx.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.
2020-02-07 16:09:19+00:00 [Note] [Entrypoint]: Stopping temporary server
2020-02-07T16:09:19.476870Z 10 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.19).
我已經測試了來自官方 mysql 存儲庫的圖像5.6 ,它似乎工作得很好。
我已經使用我推薦的 kubernetes.io 上的教程運行了整個MySQL + WordPress 部署。
我已經手動創建了秘密,使用: kubectl create secret generic mysql-pass --from-literal=password=test
看起來在 Amazon Linux AMI (works with 5.7) #628 上有一個類似於“無法啟動服務器”的問題。
過了一段時間,我意識到問題不在於K8S的秘密。 我不小心把我的密碼改成了沒有特殊字符的字符串,然后就解決了! 從帖子中,您可以看到字符 -- 被讀取為下一個過程的輸入(該死,我正在放棄我的通行證!不,已經更改了)。 因此,任何有同樣問題(使用 mysql)的人,請考慮選擇一個沒有特殊字符密碼的秘密。 數字/區分大小寫組合的長密碼可能足夠強大,尤其是如果你用紙和鉛筆!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.