我在Azure中部署了启用SSL的MariaDB,并创建了一个服务类型"外部";命名为";mysql";在我的k8s集群中。
然后我创造了一个秘密:
kubectl create secret generic ca-cert --from-file=ca-cert=./BaltimoreCyberTrustRoot.crt.pem -n app
PS:我从哪里得到BaltimoreCyberTrustRoot.crt.pem
:
wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem
然后我部署了Wordpress:
helm template wp azure-marketplace/wordpress -n app --create-namespace -f values.yml
其中values.yml看起来像:
##############################PART1########################
#pvc wordpress
persistence:
enabled: false
#pvc mariadb
mariadb:
enabled: false
externalDatabase:
host: mysql
port: 3306
user: benighil@benighil
password: "SomePassword"
database: bitnami_wordpress
##############################PART2########################
extraEnvVars:
- name: "WORDPRESS_DATABASE_SSL_CA_FILE"
value: /tmp/ca-cert
## Additional volume mounts
## Example: Mount CA file
extraVolumeMounts:
- name: ca-cert
mountPath: /tmp
## Additional volumes
## Example: Add secret volume
extraVolumes:
- name: ca-cert
secret:
secretName: ca-cert
但吊舱日志显示:
wordpress 22:08:07.00 ERROR ==> Could not connect to the database
注意1:当我执行pod时,do:env | grep WORDPRESS_DATABASE_SSL_CA_FILE
会给出:WORDPRESS_DATABASE_SSL_CA_FILE=/tmp/ca-cert
,当我执行cat /tmp/ca-cert
时,它会正常给出内容。
注意2:凭据是正确的,因为当我从MariaDB中删除SSL,并从values.yml
中删除整个PART2时,它就可以正常工作了!
请帮忙吗?
因此,请确保数据库存在于Azure MariaDB服务器上,第二件事是该路径被守护进程tmp
进一步使用,因此证书不应安装在这里,守护进程可以读取的地方。
wordpress 04:19:09.91 INFO ==> Persisting WordPress installation
/opt/bitnami/scripts/libpersistence.sh: line 51: /tmp/perms.acl: Read-only file system
所以进行以下更改,它应该可以
extraEnvVars:
- name: "WORDPRESS_DATABASE_SSL_CA_FILE"
value: /opt/bitnami/wordpress/tmp/ca-cert
- name: WORDPRESS_ENABLE_DATABASE_SSL
value: "yes"
## Additional volume mounts
## Example: Mount CA file
extraVolumeMounts:
- name: ca-cert
mountPath: /opt/bitnami/wordpress/tmp
否则您将不得不为同一路径设置额外的参数
containerSecurityContext:
enabled: true
privileged: false
allowPrivilegeEscalation: false
## Requires mounting an `extraVolume` of type `emptyDir` into /tmp
##
readOnlyRootFilesystem: false
capabilities:
drop:
- ALL