7

Can please somebody help me? This is my first post here, and I am really exited to start posting here and helping people but I need help first.

I am deploying my own Postgres database on Minikube. For db, password and username I am using secrets.

Data is encoded with base64

  1. POSTGRES_USER = website_user
  2. POSTGRES_DB = website
  3. POSTGRES_PASSWORD = pass

I also exec into container to see if I could see these envs and they were there.

The problem is when I try to enter into postgres with psql. I checked minikube ip and typed correct password(pass) after this command:

pqsl -h 192.168.99.100 -U website_user -p 31315 website

Error

Password for user website_user:
psql: FATAL: password authentication failed for user "website_user"

Also if I exec into my pod: 

kubectl exec -it postgres-deployment-744fcdd5f5-7f7vx bash

And try to enter into postgres I get:

psql -h $(hostname -i) -U website_user -p 5432 website

Error:

Password for user website_user:
psql: FATAL: password authentication failed for user "website_user"

I am lacking something here.I tried also ps aux in container, and everything seems to be find postgres processes are running

kubectl get all

Output:

NAME                                       READY   STATUS    RESTARTS   AGE
pod/postgres-deployment-744fcdd5f5-7f7vx   1/1     Running   0          18m

NAME                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
service/kubernetes         ClusterIP   10.96.0.1        <none>        443/TCP          19m
service/postgres-service   NodePort    10.109.235.114   <none>        5432:31315/TCP   18m

NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/postgres-deployment   1/1     1            1           18m

NAME                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/postgres-deployment-744fcdd5f5   1         1         1       18m

# Secret store
apiVersion: v1
kind: Secret
metadata:
  name: postgres-credentials
type: Opaque
data:
  POSTGRES_USER: d2Vic2l0ZV91c2VyCg==
  POSTGRES_PASSWORD: cGFzcwo=
  POSTGRES_DB: d2Vic2l0ZQo=


---
# Persistent Volume
apiVersion: v1
kind: PersistentVolume
metadata:
  name: postgres-pv
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: /data/postgres-pv


---
# Persistent Volume Claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: postgres-pvc
  labels:
    type: local
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  volumeName: postgres-pv

---
# Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres-deployment
spec:
  selector:
    matchLabels:
      app: postgres-container
  template:
    metadata:
      labels:
        app: postgres-container
    spec:
      containers:
        - name: postgres-container
          image: postgres:9.6.6
          env:
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials
                  key: POSTGRES_USER

            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials
                  key: POSTGRES_DB

            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-credentials
                  key: POSTGRES_PASSWORD

          ports:
            - containerPort: 5432
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: postgres-volume-mount
      volumes:
        - name: postgres-volume-mount
          persistentVolumeClaim:
            claimName: postgres-pvc

---
apiVersion: v1
kind: Service
metadata:
  name: postgres-service
spec:
  selector:
    app: postgres-container
  ports:
    - port: 5432
      protocol: TCP
      targetPort: 5432
  type: NodePort
Improve this question

1 Answer 1

Reset to default
5

You created all your values with:

  • $ echo "value" | base64
  • which instead you should use: $ echo -n "value" | base64

Following official man page of echo:

Description

Echo the STRING(s) to standard output.

-n = do not output the trailing newline

TL;DR: You need to edit your Secret definition with new values:

  • $ echo -n "website_user" | base64
  • $ echo -n "website" | base64
  • $ echo -n "pass" | base64

You created your Secret with a trailing newline. Please take a look at below example:

  • POSTGRES_USER:
    • $ echo "website_user" | base64
      • output: d2Vic2l0ZV91c2VyCg== which is the same as yours
    • $ echo -n "website_user" | base64
      • output: d2Vic2l0ZV91c2Vy which is the correct value
  • POSTGRES_PASSWORD:
    • $ echo "pass" | base64
      • output: cGFzcwo= which is the same as yours
    • $ echo -n "pass" | base64
      • output: cGFzcw== which is the correct value
  • POSTGRES_DB:
    • $ echo "website" | base64
      • output: d2Vic2l0ZQo= which is the same as yours
    • $ echo -n "website" | base64
      • output: d2Vic2l0ZQ== which is the correct value

Your Secret should look like that: 

apiVersion: v1
kind: Secret
metadata:
  name: postgres-credentials
type: Opaque
data:
  POSTGRES_USER: d2Vic2l0ZV91c2Vy
  POSTGRES_PASSWORD: cGFzcw==
  POSTGRES_DB: d2Vic2l0ZQ==

If you create it with a new Secret you should be able to connect to the database: 

root@postgres-deployment-64d697868c-njl7q:/# psql -h $(hostname -i) -U website_user -p 5432 website
Password for user website_user: 
psql (9.6.6)
Type "help" for help.

website=#

Please take a look on additional links:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.