我使用以下 yaml 在我的 kubernetes 集群中創建了一個 postgres 部署。
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: database-secret
namespace: todo-app
data:
# todoappdb
db_name: dG9kb2FwcGRiCg==
# todo_db_user
username: dG9kb19kYl91c2VyCg==
# password
password: cGFzc3dvcmQK
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: database
namespace: todo-app
labels:
app: database
spec:
replicas: 1
selector:
matchLabels:
app: database
template:
metadata:
labels:
app: database
spec:
containers:
- name: database
image: postgres:11
ports:
- containerPort: 5432
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: database-secret
key: password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: database-secret
key: username
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: database-secret
key: db_name
---
apiVersion: v1
kind: Service
metadata:
name: database
namespace: todo-app
labels:
app: database
spec:
type: NodePort
selector:
app: database
ports:
- port: 5432
當我嘗試使用以下命令在 pod 本身中運行 psql 時。
kubectl exec -it database-5764d75d58-msf7h -n todo-app -- psql -U todo_db_user -d todoappdb
我收到以下錯誤。
psql: FATAL: role "todo_db_user" does not exist
這是 pod 的日志。
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data/pgdata ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default timezone ... Etc/UTC
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
waiting for server to start....2022-01-15 12:46:26.009 UTC [49] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-01-15 12:46:26.015 UTC [50] LOG: database system was shut down at 2022-01-15 12:46:25 UTC
2022-01-15 12:46:26.017 UTC [49] LOG: database system is ready to accept connections
done
server started
CREATE DATABASE
/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
waiting for server to shut down...2022-01-15 12:46:26.369 UTC [49] LOG: received fast shutdown request
.2022-01-15 12:46:26.369 UTC [49] LOG: aborting any active transactions
2022-01-15 12:46:26.370 UTC [49] LOG: background worker "logical replication launcher" (PID 56) exited with exit code 1
2022-01-15 12:46:26.371 UTC [51] LOG: shutting down
2022-01-15 12:46:26.376 UTC [49] LOG: database system is shut down
done
server stopped
PostgreSQL init process complete; ready for start up.
2022-01-15 12:46:26.482 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2022-01-15 12:46:26.482 UTC [1] LOG: listening on IPv6 address "::", port 5432
2022-01-15 12:46:26.483 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-01-15 12:46:26.489 UTC [77] LOG: database system was shut down at 2022-01-15 12:46:26 UTC
2022-01-15 12:46:26.492 UTC [1] LOG: database system is ready to accept connections
是不是配置有問題?
當我不使用 POSTGRES_USER 環境變數時,它使用 role 作業postgres。此外,在當前配置下,我嘗試將 psql 與postgres角色一起使用,但這也不起作用。
uj5u.com熱心網友回復:
您的Secret. 如果您對這些值進行 base64 解碼:
data:
# todoappdb
db_name: dG9kb2FwcGRiCg==
# todo_db_user
username: dG9kb19kYl91c2VyCg==
# password
password: cGFzc3dvcmQK
你會發現它們都包含一個終結\n符:
$ kubectl get secret database-secret -o json > secret.json
$ jq '.data.username|@base64d' secret.json
"todo_db_user\n"
$ jq '.data.password|@base64d' secret.json
"password\n"
$ jq '.data.db_name|@base64d' secret.json
"todoappdb\n"
我懷疑這是因為您通過運行以下內容生成值:
$ echo password | base64
但當然,該echo命令會發出一個尾隨換行符 ( \n)。
有兩種方法可以解決這個問題:
使用
stringData而不是data在你的Secret,所以你可以只寫未編碼的值:apiVersion: v1 kind: Secret type: Opaque metadata: name: database-secret stringData: db_name: todoappdb username: todo_db_user password: password指示
echo不發出尾隨換行符:$ echo -n todo_db_user | base64(或者使用
printf默認情況下不發出換行符的東西)。
我會選擇第一個選項(使用stringData),因為它更簡單。
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/411516.html
標籤: