mysql - Kubernetes 内部的通信 Wordpress 和外部 MySQL 服务器。 - MySQL 连接错误 : (2002)

Question

在 Azure 云中，我有以下基础架构:

一个包含两个子网的 Vnet。

网络:10.0.0.0/8

aks-子网:10.240.0.0/16

持久性子网:10.241.0.0/27

一个 Azure Kubernetes 集群 已安装并关联到 aks-subnet .

在 persistence-subnet托管 MySQL 的 Azure 数据库 paas，已部署并与之关联。
persistence-subnet有两个服务端点: Microsoft.Sql和 Microsoft.Storage aks-subnet有 Microsoft.Sql服务端点

Azure Kubernetes 集群是使用 Azure CNI 网络配置文件部署的，因此，每个 pod 都会获得一个属于 aks-subnet 的 IP 地址。 .另外我决定选择 Azure CNI，因为我需要与 aks-subnet 内部的 pod 进行通信使用 MySQL 托管服务。

在托管 MySQL 的 Azure 数据库 paas 服务 我已将 aks-subnet 列入白名单ip地址范围，为了允许到 aks-subnet里面的pods访问 MySQL 服务。

"StartIpAddress": "10.240.0.0",
"EndIpAddress": "10.240.255.255"

在 AKS 集群中，我使用 helm3 部署 Wordpress helm 图表，使用此命令

helm3 install wordpress-site-1 stable/wordpress --set image.registry=myregistry.azurecr.io,image.repository=wordpress,image.tag=5.2.4,image.pullPolicy=Always,wordpressUsername=site1,wordpressPassword=my-password,wordpressEmail=my@gmail.com,mariadb.enabled=false,externalDatabase.host=database-db.mysql.database.azure.com,externalDatabase.user=user@wdatabase-db,externalDatabase.password=my-password,externalDatabase.database=wordpress-site-1,externalDatabase.port=3306
NAME: wordpress-site-1
LAST DEPLOYED: Tue Oct 29 13:24:03 2019
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
1. Get the WordPress URL:

  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
        Watch the status with: 'kubectl get svc --namespace default -w wordpress-site-1'
  export SERVICE_IP=$(kubectl get svc --namespace default wordpress-site-1 --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
  echo "WordPress URL: http://$SERVICE_IP/"
  echo "WordPress Admin URL: http://$SERVICE_IP/admin"

2. Login with the following credentials to see your blog

  echo Username: site1
  echo Password: $(kubectl get secret --namespace default wordpress-site-1 -o jsonpath="{.data.wordpress-password}" | base64 --decode)

部署正在运行，但是当我检查 wordpress pod 日志时，我收到了以下错误消息:

MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known
[29-Oct-2019 13:01:13 UTC] PHP Warning:  mysqli::__construct(): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22
[29-Oct-2019 13:01:13 UTC] PHP Warning:  mysqli::__construct(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: Name or service not known in Standard input code on line 22

MySQL Connection Error: (2002) php_network_getaddresses: getaddrinfo failed: Name or service not known

WARNING: unable to establish a database connection to 'mysql'
  continuing anyways (which might have unexpected results)

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.36. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 29 13:01:14.027023 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 13:01:14.027099 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:13:01:22 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:32 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:13:01:42 +0000] "GET /wp-login.php HTTP/1.1" 500 3003 "-" "kube-probe/1.14"

看起来像 wordpress pod，位于 aks-subnet 内部无法访问 MySQL 服务，位于 persistence-subnet ，尽管我是通过 helm install command 提供的正确的参数。

奇怪的是， pod 可以访问互联网，而且我一直在仔细检查允许这种通信的规则和权限。

有什么我不知道的吗？

如何从部署在 Aks 集群内的 Wordpress 服务访问 MySQL 数据库？

更新:

在使用 helm install 部署 Wordpress 之前命令，我以手动方式创建了指向 Azure 容器注册表数据的 docker 注册表 secret :

kubectl create secret docker-registry regcred --docker-server=my-registry.azurecr.io --docker-username=my-username --docker-password=my-password --docker-email=my-email@outlook.com

我引用了 regcred在 deployment.yaml 的本地 Helm 图中我使用 helm install 部署了 Wordpress命令并且看起来它可以工作，或者至少 MySQL 没有引起问题。

只需 ServerName Apache 指令，因为我的 deploymnet 过程中还没有任何主机名，还没有。

⟩ kubectl logs pod/wordpress-site-1-7f44b567d6-2949w -f

WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html

### APACHE SERVERNAME WARNING
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.240.0.103. Set the 'ServerName' directive globally to suppress this message

##### 


[Tue Oct 29 16:13:16.327549 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.11 configured -- resuming normal operations
[Tue Oct 29 16:13:16.327630 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:18 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:28 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:40 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:38 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:48 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET / HTTP/1.1" 302 255 "-" "kube-probe/1.14"
10.240.0.4 - - [29/Oct/2019:16:13:50 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4289 "http://10.240.0.103:80/" "kube-probe/1.14"

我知道此时数据库不会发生任何事情，因为我们需要通过 Web 访问 Wordpress 站点并部署该站点，那么在那个时候创建​​数据库表对吗？

所以我做了一个 port-forward来自 Kubernetes 的操作:

⟩ kubectl port-forward pod/wordpress-site-1-7f44b567d6-2949w 8002:80
Forwarding from 127.0.0.1:8002 -> 80
Forwarding from [::1]:8002 -> 80
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002
Handling connection for 8002

当我去 http://localhost:8002/ ，浏览器重定向到我
http://localhost:8002/wp-admin/setup-config.php我可以看到 wordpress 向导。

所以我用我之前在数据库服务器中创建的数据库名称填充数据



当我在向导 UI 中提交数据时，我得到以下信息:



数据连接的消息引用问题

This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at wordpresssentiaassessment-db.mysql.database.azure.com. This could mean your host’s database server is down.

Are you sure you have the correct username and password?
Are you sure that you have typed the correct hostname?
Are you sure that the database server is running?

但也许是因为从端口转发操作我们无法从我的本地机器联系到数据库？

我的意思是，进程是不是能够做一个反向端口转发来联系数据库？

我是否需要将 Wordpress 服务应用程序公开给某个域和 IP 公共(public)地址才能联系数据库并安装 Wordpresss？

所以，我进入 pod wordpress 容器查看 wp-config.php

⟩ kubectl exec -it pod/wordpress-site-1-7f44b567d6-2949w /bin/sh

但是 wp-config.php文件不存在，

# ls
index.php    wp-activate.php     wp-comments-post.php  wp-cron.php    wp-load.php   wp-settings.php   xmlrpc.php
license.txt  wp-admin        wp-config-sample.php  wp-includes    wp-login.php  wp-signup.php
readme.html  wp-blog-header.php  wp-content        wp-links-opml.php  wp-mail.php   wp-trackback.php
# cat wp-config.php
cat: wp-config.php: No such file or directory

我有一个 wp-config-sample.php这是他们的内容，但我看不到任何关于 FQDN 的信息。

或者也许我需要在 wp-config.php 中做一些事情，也许重命名 wp-config-sample.php至 wp-config.php并在该文件中添加注入(inject) pod 的变量？

# nano wp-config-sample.php
<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );

/** MySQL database username */
define( 'DB_USER', 'username_here' );

/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define( 'WP_DEBUG', false );

/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
    define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}

/** Sets up WordPress vars and included files. */
require_once( ABSPATH . 'wp-settings.php' );

Answer 1

看起来应用程序正在尝试对您指定的 IP 地址执行反向查找，可能是因为它打算使用 SSL 来验证远程服务器。用于帮助反向查找的 PTR 记录在内部 IP 地址的标准配置中将不可用。

尝试为您的 MySQL 实例使用 FQDN 而不是 IP 地址。

它应该看起来像这样:
{yourservername}.mysql.database.azure.com
这样，您的应用程序将不需要执行反向查找，Azure 将适本地满足路由需求。

编辑:

以下行表明您的应用程序正在尝试连接到主机“mysql”:

WARNING: unable to establish a database connection to 'mysql'

检查 FQDN 是否已在 wp-config.php 中正确填充