前言

环境:k8s、centos7.9

创建了一个mysql的deployment文件

[root@matser mysql]# vim deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  labels:
    app: mysql
spec:
  selector:
    matchLabels:
      app: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mysql
    spec:
      nodeSelector:
        kubernetes.io/hostname: node1
      containers:
      - image: mysql:8.0.31
        name: mysql
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: myql-secret
              key: MYSQL_ROOT_PASSWORD
        ports:
        - containerPort: 3306
          name: mysql
        securityContext:
          privileged: true

运行之后发现pod日志一直报错:

[root@matser mysql]# kubectl  logs mysql-59c5c64ff5-gw2q5 
2022-12-11 07:08:43+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.31-1.el8 started.
2022-12-11 07:08:43+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-12-11 07:08:43+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.31-1.el8 started.
2022-12-11 07:08:43+00:00 [Note] [Entrypoint]: Initializing database files
2022-12-11T07:08:43.378696Z 0 [Warning] [MY-011068] [Server] The syntax '--skip-host-cache' is deprecated and will be removed in a future release. Please use SET GLOBAL host_cache_size=0 instead.
2022-12-11T07:08:43.378759Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.31) initializing of server in progress as process 80
2022-12-11T07:08:43.382332Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-12-11T07:08:43.623727Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2022-12-11T07:08:44.223350Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2022-12-11 07:08:46+00:00 [Note] [Entrypoint]: Database files initialized
2022-12-11 07:08:46+00:00 [Note] [Entrypoint]: Starting temporary server
2022-12-11T07:08:46.798760Z 0 [Warning] [MY-011068] [Server] The syntax '--skip-host-cache' is deprecated and will be removed in a future release. Please use SET GLOBAL host_cache_size=0 instead.
2022-12-11T07:08:46.801381Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.31) starting as process 131
2022-12-11T07:08:46.810709Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-12-11T07:08:47.299450Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2022-12-11T07:08:47.533405Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
2022-12-11T07:08:47.533435Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
2022-12-11T07:08:47.534510Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2022-12-11T07:08:47.558040Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Socket: /var/run/mysqld/mysqlx.sock
2022-12-11T07:08:47.558184Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.31'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  MySQL Community Server - GPL.
2022-12-11 07:08:47+00:00 [Note] [Entrypoint]: Temporary server started.
'/var/lib/mysql/mysql.sock' -> '/var/run/mysqld/mysqld.sock'
Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/zone1970.tab' as time zone. Skipping it.

2022-12-11 07:08:49+00:00 [Note] [Entrypoint]: Stopping temporary server
mysqladmin: [ERROR] unknown option '--"'.
2022-12-11 07:08:49+00:00 [ERROR] [Entrypoint]: Unable to shut down server.

经排查发现是secret存在问题,因为secret是使用yaml 创建的,

[root@matser mysql]# cat mysql-secret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: myql-secret
type: Opaque
data:
  MYSQL_ROOT_PASSWORD: aHVhZnUxMjM0NTYK
[root@matser mysql]# 

而正式这个密码存在问题,记得当时是直接在命令行页面使用如下命令生成了加密后的密码填写的yaml文件:

如下:这看似没有没有什么问题,但是却存在很大的问题,最致命的是存在回车符了
[root@matser mysql]# echo  "123456" | base64
MTIzNDU2Cg==
[root@matser mysql]# 

我们来看一下使用kubectl create secret命令来创建secret看看加密的secret是什么样子的:

[root@matser mysql]# kubectl create secret generic myql-secret1 --from-literal=MYSQL_ROOT_PASSWORD=123456 --dry-run=client -oyaml
apiVersion: v1
data:
  MYSQL_ROOT_PASSWORD: MTIzNDU2
kind: Secret
metadata:
  creationTimestamp: null
  name: myql-secret1
[root@matser mysql]# echo "MTIzNDU2" | base64 -d	#解码出来是没有回车符的
123456[root@matser mysql]# 

以上,我们建议生成secret 使用 kubectl create secret generic myql-secret1 --from-literal=MYSQL_ROOT_PASSWORD=123456 --dry-run=client -oyaml >> mysql-secret.yaml的形式来避免出现这种问题。

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐