Deploy Lamp Stack on Kubernetes Cluster not accepting secrets from manifest

r.saulitis · October 16, 2023, 8:24am

Hello,

I’m curious about task deploy lamp stack on kubernetes cluster. I writed all prerequisites in yaml manifest definition. Pods all was working fine but php could not connect to MYSQL_HOST and the error in logs was "unknown MYSQL host ‘value_from_env’ ". I checked all 10 times and all env variables was good, but still it was not working. Then I found that people were creating secret with command line and in that way php was working fine. Any ideas why creating secrets from manifest not working?

Command from which secrets worked:

kubectl create secret generic mysecret --from-literal=mysql-root-password=somepass --from-literal=mysql-database=kodekloud --from-literal=mysql-user=user --from-literal=mysql-password=megapssword --from-literal=mysql-host=mysql-service

Secrets was created with this definitions:

---
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  mysql-root-password: bXlzcWwtcm9vdA==
  mysql-user: dXNlcg==
  mysql-password: bWVnYXBhc3N3b3Jk
  mysql-host: ZGJob3N0
  mysql-database: bGFtcC1kYg==

Also checked that type of secrets was identical when creating from manifest or command line.

bhard · October 16, 2023, 8:56am

Please, post complete definitions for your task solution.
…
And you can use stringData directly in secret definitions.
Example:

---
apiVersion: v1
kind: Secret
metadata:
  name: mysql-user-pass
stringData:
  username: kodekloud_joy
  password: ksH85UJjhb

It will create opaque secret after you apply it.

r.saulitis · October 16, 2023, 9:02am

Here will be complete definitions. I don’t think that at this case there is difference what type of “data” I use if at the end I got the same value of environment variable.

---
apiVersion: v1
kind: Service
metadata:
  name: lamp-service
spec:
  type: NodePort
  selector:
    app: lampinieks
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30008
---
apiVersion: v1
kind: Service
metadata:
  name: mysql-service
spec:
  selector:
    app: lampinieks
  ports:
    - protocol: TCP
      port: 3306
      targetPort: 3306
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: php-config
data:
  php.ini: |
    variables_order="EGPCS"
---
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  mysql-root-password: bXlzcWwtcm9vdA==
  mysql-user: dXNlcg==
  mysql-password: bWVnYXBhc3N3b3Jk
  mysql-host: ZGJob3N0
  mysql-database: bGFtcC1kYg==
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: lamp-wp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: lampinieks
  template:
    metadata:
      labels:
        app: lampinieks
    spec:
      containers:
      - image: webdevops/php-apache:alpine-3-php7
        name: httpd-php-container
        volumeMounts:
        - name: php-config
          mountPath: "/opt/docker/etc/php/php.ini"
          subPath: php.ini
        ports:
          - name: httpport
            containerPort: 80
        env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-root-password
          - name: MYSQL_DATABASE
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-database
          - name: MYSQL_USER
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-user
          - name: MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-password
          - name: MYSQL_HOST
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-host
      - image: mysql:5.6
        name: mysql-container
        env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-root-password
          - name: MYSQL_DATABASE
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-database
          - name: MYSQL_USER
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-user
          - name: MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-password
          - name: MYSQL_HOST
            valueFrom:
              secretKeyRef:
                name: mysecret
                key: mysql-host
        ports:
          - name: sqlport
            containerPort: 3306
      volumes:
      - name: php-config
        configMap:
          name: php-config

bhard · October 16, 2023, 9:16am

I see.
Try to add .spec.template.spec.hostname:mysql-container definition to your deployment.

r.saulitis · October 16, 2023, 9:21am

Question was not about to add something more to definitions. If I cut out secret definition and manually add secret with command with the same values it’s working, without adding extra configuration to containers. So I cannot understood where is difference. Adding secrets with command or adding secrets with definiton if the values are same at the end, but working only when performed from command.

jetchko.jekov · October 16, 2023, 10:32am

you are setting MYSQL_HOST=dbhost
Where should be the connection made in your opinion?
your service name for mysql is mysql-service

r.saulitis · October 16, 2023, 10:48am

At first it was mysql-service (didn’t worked also if secret was from definition), but for testing I tried many things to check if all working with variables normally. Copied here wrong version of base64 encoding of secrets.

jetchko.jekov · October 16, 2023, 11:03am

OK, The point is that your YAML is correct as it is.
Baring any wrong values in your secrets most probably the problem is how do you use these variables in your PHP code.

r.saulitis · October 16, 2023, 11:23am

Short story

I created all definitions with correct values and so on. Deployed LAMP and PHP couldn’t connect to database. Started to investigate and playing with variables, no success. Then I found in internet that all who was completing this task, was using command line to add secrets, tried also and whola worked.
So I was confused, where the difference. As per task PHP must read variables from environment variables and with this also all is good.

Alistair_KodeKloud · October 16, 2023, 12:00pm

If you are still stuck, there is a solution to this problem (by me) in this post

r.saulitis · October 16, 2023, 12:12pm

Thank you it’s okey I’m not stuck. I’m trying to find difference how task could be completed.
But it could be that on first try I messed something up and both solutions are working just fine.