Reputation: 367
Cannot connect to mariadb on kubernetes when using secret
I'm hosting a mariadb in a kubernetes cluster on Google Kubernetes Engine. I'm using the official mariadb image from dockerhub (mariadb:10.5).
This is my yml for the service and deployment
apiVersion: v1
kind: Service
metadata:
name: mariadb
spec:
ports:
- port: 3306
selector:
app: mariadb
clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
spec:
selector:
matchLabels:
app: mariadb
strategy:
type: Recreate
template:
metadata:
labels:
app: mariadb
spec:
containers:
- image: mariadb:10.5
name: mariadb
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mariadb-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: password
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: rootpassword
- name: MYSQL_DATABASE
value: test
ports:
- containerPort: 3306
name: mariadb-port
volumeMounts:
- name: mariadb-volume
mountPath: /var/lib/mysql
volumes:
- name: mariadb-volume
persistentVolumeClaim:
claimName: mariadb-pvc
As you can see, I'm using a secret to configure the environment. The yml for the secret looks like this:
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
type: Opaque
data:
rootpassword: dGVzdHJvb3RwYXNzCg==
username: dGVzdHVzZXIK
password: dGVzdHBhc3MK
After apply this configuration everything seems fine, except that I cannot connect with the user and it's password to the DB. Not from localhost and also not from remote:
# mysql -u testuser -ptestpass
ERROR 1045 (28000): Access denied for user 'testuser'@'localhost' (using password: YES)
I can only connect using root and it's password (same connection string). When I take a look at my users in mariadb they look like this:
+-----------+-------------+-------------------------------------------+
| Host | User | Password |
+-----------+-------------+-------------------------------------------+
| localhost | mariadb.sys | |
| localhost | root | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| % | root | *293286706D5322A73D8D9B087BE8D14C950AB0FA |
| % | testuser | *B07683D91842E0B3FEE182C5182AB7E4F8B3972D |
+-----------+-------------+-------------------------------------------+
If I change my Secret to use stringData instead of data and use non-encoded strings everything works as expected:
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
type: Opaque
stringData:
rootpassword: testrootpass
username: testuser
password: testpass
I use the following commands (on Mac OS) to generate the base64 encoded strings:
echo testuser | base64
echo testpass | base64
echo testrootpass | base64
What am I doing wrong here? I would like to use the base64-encoded strings instead of the normal strings.
Upvotes: 1
Views: 1297
Answers (2)
Reputation: 833
If you use persistentVolumeClaim, be aware that you must enter the password that was initially configured for the given database.
Upvotes: 1
Reputation: 9905
You created all your values with:
$ echo "value" | base64- which instead you should use:
$ echo -n "value" | base64
Following official man page of echo:
Description
Echo the STRING(s) to standard output.
-n = do not output the trailing newline
TL;DR: You need to edit your Secret.yaml definition with new values:
$ echo -n "testuser" | base64$ echo -n "testpass" | base64$ echo -n "testrootpass" | base64
Following above explanation, your Secret.yaml should look like:
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
type: Opaque
data:
rootpassword: dGVzdHJvb3RwYXNz
username: dGVzdHVzZXI=
password: dGVzdHBhc3M=
After that you should be able to connect to your mariadb like below:
$ mysql -u testuser -ptestpass
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<---->
MariaDB [(none)]>
$ mysql -u root -ptestrootpass
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 10.5.5-MariaDB-1:10.5.5+maria~focal mariadb.org binary distribution
<---->
MariaDB [(none)]>
Additional resources:
Upvotes: 6
Related Questions
- How to connect to MySQL running on Docker from the host machine
- Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)
- Can't connect to MariaDB by hostname within a Kubernetes cluster
- How to expose MariaDB in Kubernetes?
- ER_HOST_NOT_PRIVILEGED - docker container fails to connect to mariadb
- How to connect MySQL running on Kubernetes
- Can't connect to mariadb outside of docker container
- Can't connect to MariaDB Docker Container
- Connecting to MySQL 5.6 inside Docker For Desktop/Kubernetes: ERROR 1130 (HY000): Host 'xx.xx.xx.xx' is not allowed to connect to this MySQL server
- Can't connect to MySQL Docker hosted on GCP Kubernetes Engine