发表新帖
发表新帖

Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)

后端 未结
关注
5 360
忘掉有多难
忘掉有多难 2021-01-13 11:03

I try to setup a mysql database in Kubernetes. I configured a ConfigMap to store the Database name and a Secret that contains the root password, the user and the password fo

相关标签:
5条回答
  • 鱼传尺愫
    2021-01-13 11:12

    you can use this yaml file.

    apiVersion: v1
kind: Secret
metadata:
   name: db-credentials
type: Opaque
data:
  mysql-password: VGVzdDEyMzQ=
  mysql-root-password: VGVzdDEyMzQ=
  mysql-user: dGVzdGFkbQ==
    0 讨论(0)
  • 萌比男神i
    2021-01-13 11:19

    For anyone having an issue not resolved by line breaks issue as was case with OP here, note that you can't change the mysql password once the database is created. The environment variable is only read when the db is created so if you are using a persistent volume claim you need log in with the old password and change it "manually": https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html

    0 讨论(0)
  • 情深已故
    2021-01-13 11:20

    Following worked me by having the db password as stringData.

    Secret:

    apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  db: bG8ryXYx1cw==
  db_username: cm9vdA==

stringData:
  app_port: '3000'
  db_host: 'db-sql.default.svc.cluster.local'
  db_port: '3306'
  db_password: ‘<redacted>!'

    In your Deployment yaml

     - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: lokalus-server-secret
                key: db_password
    0 讨论(0)
  • 离开以前
    2021-01-13 11:25

    Are you sure the data in your secret yaml is base64-encoded correctly? Using https://www.base64encode.org/, your data block is supposed to look like:

    data:
  mysql-root-password: VGVzdDEyMzQ= # Test1234
  mysql-user: dGVzdGFkbQ== # testadm
  mysql-password: VGVzdDEyMzQ= # Test1234
    0 讨论(0)
  • 隐瞒了意图╮
    2021-01-13 11:35

    You need to give the access to client machine to connect mysql database.

    replace the <ip> address with your desktop ip and run this command on mysql database. then test the connection.

    GRANT ALL PRIVILEGES ON *.* TO 'root'@'<ip>'   WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'   WITH GRANT OPTION;
FLUSH PRIVILEGES;

    The way you created secret is not correct. remove and create it like this. I tested in my cluster it worked.

    kubectl create secret generic db-credentials --from-literal=mysql-root-password=Test1234 --from-literal=mysql-user=testadm --from-literal=mysql-password=Test1234
    0 讨论(0)
 看不清?
提交回复
热议问题