K
Q

Mysql access denied when it runs in Kubernetes pod

11/19/2019

I'm setting up a K8s cluster and I started with the database. I used Kustomize for that purpose. I use Kubernetes that comes in with Docker Desktop for Windows 10.

When I run kubectl apply -k ./, the mysql pods are running. Then I use kubectl exec -it mysql -- bash to get inside the container. Once in there, I try to connect to MySQL service with mysql -u root -p and all I get is

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

It doesn't matter if I use secretGenerator in kustomization.yaml or put the root password directly in the deployment definition, I can't log in to mysql. I'm using mysql image from docker hub, so nothing fancy.

I also did a test with running the container directly by docker, e.g.

docker run -d --env MYSQL_ROOT_PASSWORD=dummy --name mysql-test -p 3306:3306 mysql:5.6

Having container set up like this I can log in to the MySQL database without a problem.

I don't understand why the same image ran in docker behaves differently when ran in Kubernetes. Maybe you have any ideas?

My yaml files look like this:

storage.yaml

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

mysql-persistent-volume.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mysql-pv
spec:
  storageClassName: local-storage
  persistentVolumeReclaimPolicy: Retain
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteOnce
  local:
    path: "/c/kubernetes/mysql-storage/"
  nodeAffinity:
    required:
      nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values:
            - docker-desktop
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-pv-claim
spec:
  storageClassName: local-storage
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

mysql-deployment.yaml

apiVersion: v1
kind: Service
metadata:
  name: mysql
  labels:
    app: mysql
spec:
  type: NodePort
  ports:
    - port: 3306
      protocol: TCP
      name: mysql-backend
  selector:
    app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - image: mysql:5.6
          name: mysql
          imagePullPolicy: IfNotPresent
#          envFrom:
#          - secretRef:
#              name: mysql-credentials
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: dummy
          ports:
            - containerPort: 3306
              name: mysql
          volumeMounts:
            - name: mysql-persistent-storage
              mountPath: /var/lib/mysql
      volumes:
        - name: mysql-persistent-storage
          persistentVolumeClaim:
            claimName: mysql-pv-claim

kustomization.yaml

resources:
  - storage.yaml
  - mysql-persistent-volume.yaml
  - mysql-deployment.yaml
generatorOptions:
  disableNameSuffixHash: true
secretGenerator:
  - name: mysql-credentials
    literals:
      - MYSQL_ROOT_PASSWORD=dummy
#      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
-- Ventus
kubernetes
mysql

Similar Questions

How to trace traffic to GCP kubernetes Services
Openshift: How to access the file that is in the external file system?
Manual workflow triggers in Github Actions
Does Kubernetes support green-blue deployment?
Order in Array of K8s entity
Custom prometheus query with k8s for HPA
Monitoring Azure AKS pod logs with SignalFX w/out Log Observer

0 Answers