PostgreSQL + Kubernetes：角色不存在

Question

PostgreSQL + Kubernetes：角色不存在

Nis*_*tal 3 postgresql docker kubernetes

我使用以下 yaml 在我的 kubernetes 集群中创建 postgres 部署。

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: database-secret
  namespace: todo-app
data:
  # todoappdb
  db_name: dG9kb2FwcGRiCg==
  # todo_db_user
  username: dG9kb19kYl91c2VyCg==
  # password
  password: cGFzc3dvcmQK
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: database
  namespace: todo-app
  labels:
    app: database
spec:
  replicas: 1
  selector:
    matchLabels:
      app: database
  template:
    metadata:
      labels:
        app: database
    spec:
      containers:
        - name: database
          image: postgres:11
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: database-secret
                  key: password
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: database-secret
                  key: username
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: database-secret
                  key: db_name
---
apiVersion: v1
kind: Service
metadata:
  name: database
  namespace: todo-app
  labels:
    app: database
spec:
  type: NodePort
  selector:
    app: database
  ports:
    - port: 5432

Run Code Online (Sandbox Code Playgroud)

当我尝试使用以下命令在 pod 本身中运行 psql 时。

kubectl exec -it database-5764d75d58-msf7h  -n todo-app -- psql -U todo_db_user -d todoappdb

Run Code Online (Sandbox Code Playgroud)

我收到以下错误。

psql: FATAL:  role "todo_db_user" does not exist

Run Code Online (Sandbox Code Playgroud)

这是 Pod 的日志。

The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data/pgdata ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default timezone ... Etc/UTC
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data/pgdata -l logfile start


WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
waiting for server to start....2022-01-15 12:46:26.009 UTC [49] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-01-15 12:46:26.015 UTC [50] LOG:  database system was shut down at 2022-01-15 12:46:25 UTC
2022-01-15 12:46:26.017 UTC [49] LOG:  database system is ready to accept connections
 done
server started
CREATE DATABASE


/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*

waiting for server to shut down...2022-01-15 12:46:26.369 UTC [49] LOG:  received fast shutdown request
.2022-01-15 12:46:26.369 UTC [49] LOG:  aborting any active transactions
2022-01-15 12:46:26.370 UTC [49] LOG:  background worker "logical replication launcher" (PID 56) exited with exit code 1
2022-01-15 12:46:26.371 UTC [51] LOG:  shutting down
2022-01-15 12:46:26.376 UTC [49] LOG:  database system is shut down
 done
server stopped

PostgreSQL init process complete; ready for start up.

2022-01-15 12:46:26.482 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2022-01-15 12:46:26.482 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2022-01-15 12:46:26.483 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-01-15 12:46:26.489 UTC [77] LOG:  database system was shut down at 2022-01-15 12:46:26 UTC
2022-01-15 12:46:26.492 UTC [1] LOG:  database system is ready to accept connections

Run Code Online (Sandbox Code Playgroud)

配置有问题吗？

当我不使用 POSTGRES_USER env var 时，它可以使用 role postgres。另外，在当前配置中，我尝试将 psql 与该postgres角色一起使用，但这也不起作用。

Answer 1

lar*_*sks 8

你的Secret. 如果您对这些值进行 Base64 解码：

data:
  # todoappdb
  db_name: dG9kb2FwcGRiCg==
  # todo_db_user
  username: dG9kb19kYl91c2VyCg==
  # password
  password: cGFzc3dvcmQK

Run Code Online (Sandbox Code Playgroud)

你会发现它们都包含一个终止\n符：

$ kubectl get secret database-secret -o json > secret.json
$ jq '.data.username|@base64d' secret.json
"todo_db_user\n"
$ jq '.data.password|@base64d' secret.json
"password\n"
$ jq '.data.db_name|@base64d' secret.json
"todoappdb\n"

Run Code Online (Sandbox Code Playgroud)

我怀疑这是因为您通过运行以下命令来生成值：

$ echo password | base64

Run Code Online (Sandbox Code Playgroud)

当然，该echo命令会发出尾随换行符 ( \n)。

有两种方法可以解决这个问题：

在你的中使用stringData而不是你可以只写未编码的值：dataSecret

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: database-secret
stringData:
  db_name: todoappdb
  username: todo_db_user
  password: password

Run Code Online (Sandbox Code Playgroud)

指示echo不要发出尾随换行符：
```
$ echo -n todo_db_user | base64
```
Run Code Online (Sandbox Code Playgroud)
printf（或者使用默认情况下不发出换行符的东西）。

我会选择第一个选项（使用stringData），因为它更简单。

归档时间：	4 年，1 月前
查看次数：	1445 次
最近记录：	4 年，1 月前