mysql 的部署未采用秘密设置的 root 密码
deployment of mysql not intaking root password set in secret
我用谷歌搜索了又搜索,但不确定自己做错了什么。看来我尝试为 mysql 设置 root 密码的方式似乎不起作用。我目前正在测试以下内容(我已经在互联网上看到过),但这也行不通。我没有收到任何错误,日志也没有显示任何错误,老实说,此时我有点迷茫,希望能得到一些帮助。
secrets.yaml 文件:
apiVersion: v1
kind: Secret
metadata:
name: mysqlpass
namespace: gitea
type: Opaque
data:
password: "cGFzc3dvcmQxMjM="
并且我的部署文件具有以下设置:
spec:
containers:
- image: mysql/mysql-server:latest
imagePullPolicy: IfNotPresent
name: gitea-mysql
env:
# Use secret in real usage
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysqlpass
key: password
我当前的 pod 日志:
[Entrypoint] MySQL Docker Image 8.0.26-1.2.4-server
[Entrypoint] Starting MySQL 8.0.26-1.2.4-server
2021-10-15T18:28:06.975937Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.26) starting as process 1
2021-10-15T18:28:07.005554Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2021-10-15T18:28:08.608453Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2021-10-15T18:28:09.158261Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1 is enabled for channel mysql_main
2021-10-15T18:28:09.158974Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1.1 is enabled for channel mysql_main
2021-10-15T18:28:09.163684Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2021-10-15T18:28:09.164583Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2021-10-15T18:28:09.245312Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock
2021-10-15T18:28:09.245708Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.26' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server - GPL.
最后是对 pod 的描述,然后是对秘密的描述:
kubectl describe pods gitea-mysql-54d544489b-6dp52 -n gitea
Name: gitea-mysql-54d544489b-6dp52
Namespace: gitea
Priority: 0
Node: node02.iad/10.15.15.202
Start Time: Fri, 15 Oct 2021 18:28:04 +0000
Labels: app=gitea-mysql
pod-template-hash=54d544489b
Annotations: kubectl.kubernetes.io/restartedAt: 2021-10-15T18:27:54Z
Status: Running
IP: 10.42.1.57
IPs:
IP: 10.42.1.57
Controlled By: ReplicaSet/gitea-mysql-54d544489b
Containers:
gitea-mysql:
Container ID: containerd://01419c4eb94b0fc787ee8160f42ec16a7d8299daef07a1d591230b731a5c8cac
Image: mysql/mysql-server:latest
Image ID: docker.io/mysql/mysql-server@sha256:5241f7de0483a70f5856da995fea98904cfce8f1c51734b7f3836c1663eead17
Port: 3306/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 15 Oct 2021 18:28:06 +0000
Ready: True
Restart Count: 0
Environment:
MYSQL_ROOT_PASSWORD: <set to the key 'password' in secret 'mysqlpass'> Optional: false
Mounts:
/var/lib/mysql from mysql-persistent-storage (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-r7k5x (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
mysql-persistent-storage:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: mysql-pvc
ReadOnly: false
kube-api-access-r7k5x:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7m36s default-scheduler Successfully assigned gitea/gitea-mysql-54d544489b-6dp52 to node02.iad
Normal Pulled 7m36s kubelet Container image "mysql/mysql-server:latest" already present on machine
Normal Created 7m36s kubelet Created container gitea-mysql
Normal Started 7m35s kubelet Started container gitea-mysql
描述的秘密:
kubectl describe secrets mysqlpass -n gitea
Name: mysqlpass
Namespace: gitea
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 11 bytes
真诚地感谢您提供的所有帮助。
谢谢!
我记得 Docker 也有类似的问题。我结束了删除(小心)在创建前一个 mysql docker 容器期间创建的任何文件夹。其中一个文件夹有 root 用户的密码,除非删除或更改它,否则它将继续使用任何其他 mysql 容器来替换旧的。
已修复!事实证明这是我设置持久卷的方式的问题。我的集群设置方式是所有 pods 在 nfs 驱动器上都有一个 pv。我忘了指定要安装 nfs 驱动器的服务器。进行修复后,我看到文件填充了 pv,并且设置的密码起作用了。
在我的辩护中,我怪我没有将空 pv 目录的点与我的睡眠剥夺联系起来。
对于遇到此类似问题的任何其他人,请检查以确保其他所有设置均正确无误。即使您的 PV 可能不会出错,它仍然可能设置不正确。
我用谷歌搜索了又搜索,但不确定自己做错了什么。看来我尝试为 mysql 设置 root 密码的方式似乎不起作用。我目前正在测试以下内容(我已经在互联网上看到过),但这也行不通。我没有收到任何错误,日志也没有显示任何错误,老实说,此时我有点迷茫,希望能得到一些帮助。
secrets.yaml 文件:
apiVersion: v1
kind: Secret
metadata:
name: mysqlpass
namespace: gitea
type: Opaque
data:
password: "cGFzc3dvcmQxMjM="
并且我的部署文件具有以下设置:
spec:
containers:
- image: mysql/mysql-server:latest
imagePullPolicy: IfNotPresent
name: gitea-mysql
env:
# Use secret in real usage
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysqlpass
key: password
我当前的 pod 日志:
[Entrypoint] MySQL Docker Image 8.0.26-1.2.4-server
[Entrypoint] Starting MySQL 8.0.26-1.2.4-server
2021-10-15T18:28:06.975937Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.26) starting as process 1
2021-10-15T18:28:07.005554Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2021-10-15T18:28:08.608453Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2021-10-15T18:28:09.158261Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1 is enabled for channel mysql_main
2021-10-15T18:28:09.158974Z 0 [Warning] [MY-013746] [Server] A deprecated TLS version TLSv1.1 is enabled for channel mysql_main
2021-10-15T18:28:09.163684Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2021-10-15T18:28:09.164583Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2021-10-15T18:28:09.245312Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock
2021-10-15T18:28:09.245708Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.26' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server - GPL.
最后是对 pod 的描述,然后是对秘密的描述:
kubectl describe pods gitea-mysql-54d544489b-6dp52 -n gitea
Name: gitea-mysql-54d544489b-6dp52
Namespace: gitea
Priority: 0
Node: node02.iad/10.15.15.202
Start Time: Fri, 15 Oct 2021 18:28:04 +0000
Labels: app=gitea-mysql
pod-template-hash=54d544489b
Annotations: kubectl.kubernetes.io/restartedAt: 2021-10-15T18:27:54Z
Status: Running
IP: 10.42.1.57
IPs:
IP: 10.42.1.57
Controlled By: ReplicaSet/gitea-mysql-54d544489b
Containers:
gitea-mysql:
Container ID: containerd://01419c4eb94b0fc787ee8160f42ec16a7d8299daef07a1d591230b731a5c8cac
Image: mysql/mysql-server:latest
Image ID: docker.io/mysql/mysql-server@sha256:5241f7de0483a70f5856da995fea98904cfce8f1c51734b7f3836c1663eead17
Port: 3306/TCP
Host Port: 0/TCP
State: Running
Started: Fri, 15 Oct 2021 18:28:06 +0000
Ready: True
Restart Count: 0
Environment:
MYSQL_ROOT_PASSWORD: <set to the key 'password' in secret 'mysqlpass'> Optional: false
Mounts:
/var/lib/mysql from mysql-persistent-storage (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-r7k5x (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
mysql-persistent-storage:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: mysql-pvc
ReadOnly: false
kube-api-access-r7k5x:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7m36s default-scheduler Successfully assigned gitea/gitea-mysql-54d544489b-6dp52 to node02.iad
Normal Pulled 7m36s kubelet Container image "mysql/mysql-server:latest" already present on machine
Normal Created 7m36s kubelet Created container gitea-mysql
Normal Started 7m35s kubelet Started container gitea-mysql
描述的秘密:
kubectl describe secrets mysqlpass -n gitea
Name: mysqlpass
Namespace: gitea
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 11 bytes
真诚地感谢您提供的所有帮助。 谢谢!
我记得 Docker 也有类似的问题。我结束了删除(小心)在创建前一个 mysql docker 容器期间创建的任何文件夹。其中一个文件夹有 root 用户的密码,除非删除或更改它,否则它将继续使用任何其他 mysql 容器来替换旧的。
已修复!事实证明这是我设置持久卷的方式的问题。我的集群设置方式是所有 pods 在 nfs 驱动器上都有一个 pv。我忘了指定要安装 nfs 驱动器的服务器。进行修复后,我看到文件填充了 pv,并且设置的密码起作用了。
在我的辩护中,我怪我没有将空 pv 目录的点与我的睡眠剥夺联系起来。
对于遇到此类似问题的任何其他人,请检查以确保其他所有设置均正确无误。即使您的 PV 可能不会出错,它仍然可能设置不正确。