Kubernetes Deployment unable to connect to MySQL server

Coolfeather2 · July 13, 2018, 8:04am

Passbolt can’t connect to MySQL server, unable to resolve dns?

Tried setting DATASOURCES_DEFAULT_HOST to mysql-service
ERROR 2003 (HY000): Can't connect to MySQL server on 'mysql-service' (111 "Connection refused")
Tried setting DATASOURCES_DEFAULT_HOST to mysql-service.passbolt
ERROR 2003 (HY000): Can't connect to MySQL server on 'mysql-service.passbolt' (111 "Connection refused")

Tried both as root and as passbolt user

image: passbolt/passbolt:2.0.7-debian
image: mysql:5.7

“mysql-service” ClusterIP on port 3306

Happy to post the deployment/services/config/secret yamls if needed

nslookup within container (had to install dnsutils):

root@passbolt-app-64c9584984-65htv:/var/www/passbolt# nslookup mysql-service
Server:         10.96.0.10
Address:        10.96.0.10#53

Name:   mysql-service.passbolt.svc.cluster.local
Address: 10.99.186.94

Passbolt Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: passbolt-app
  labels:
    app: passbolt-app
  namespace: passbolt
spec:
  replicas: 1
  selector:
    matchLabels:
      app: passbolt-app
  template:
    metadata:
      labels:
        app: passbolt-app
    spec:
      containers:
      - name: passbolt
        image: passbolt/passbolt:2.0.7-debian
        env:
        - name: DATASOURCES_DEFAULT_HOST
          value: mysql-service
        - name: DATASOURCES_DEFAULT_DATABASE
          value: passbolt
        - name: DATASOURCES_DEFAULT_USERNAME
          value: passbolt
        - name: DATASOURCES_DEFAULT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-password
              key: password
        - name: APP_FULL_BASE_URL
          value: https://passbolt.kubernetes
        ports:
        - containerPort: 443

Mysql Service:

kind: Service
apiVersion: v1
metadata:
  name: mysql-service
  labels:
    app: mysql
  namespace: passbolt
spec:
  ports:
    - name: mysql
      port: 3306
  selector:
    app: mysql
  type: ClusterIP

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

diego · July 18, 2018, 1:20pm

Hi @Coolfeather2

Could it be related to a incorrect setting on the mysql service targetPort? It would be nice if you post your service definitions and give some more context.

diego · July 19, 2018, 7:56am

It looks fine, a long as your mysql deployment uses the same service port and there is no port mapping needed using targetPort.
I’m also assuming you are not using any network policy that is blocking any incoming traffic to the mysql service. Are you able to connect from a different container to your mysql service using the mysql client?

mysql -u passbolt -h mysql-service -p

Coolfeather2 · August 2, 2018, 9:15am

Had my service incorrectly configured

now I’m just getting a Internal Server Error when going to the url:
(modified the above deployment full app url)
https://passbolt.kubernetes/setup/install/string-of-numbers-and-letters/string-of-numbers-and-letters
New ticket for this issue?

Log:

/usr/lib/python2.7/dist-packages/supervisor/options.py:298: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
  'Supervisord is running as root and it is searching '
2018-08-02 09:12:24,411 CRIT Supervisor running as root (no user in config file)
2018-08-02 09:12:24,427 INFO RPC interface 'supervisor' initialized
2018-08-02 09:12:24,427 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2018-08-02 09:12:24,427 INFO supervisord started with pid 66
2018-08-02 09:12:25,430 INFO spawned: 'php-fpm' with pid 69
2018-08-02 09:12:25,432 INFO spawned: 'nginx' with pid 70
2018-08-02 09:12:25,434 INFO spawned: 'cron' with pid 71
[02-Aug-2018 09:12:25] NOTICE: fpm is running, pid 69
[02-Aug-2018 09:12:25] NOTICE: ready to handle connections
2018-08-02 09:12:26,524 INFO success: php-fpm entered RUNNING state, process has stayed up for &gt; than 1 seconds (startsecs)
2018-08-02 09:12:26,525 INFO success: nginx entered RUNNING state, process has stayed up for &gt; than 1 seconds (startsecs)
2018-08-02 09:12:26,525 INFO success: cron entered RUNNING state, process has stayed up for &gt; than 1 seconds (startsecs)

diego · August 2, 2018, 9:23am

Hi @Coolfeather2

Glad to see you solved the issue. If you could share what was the problem with your service would be nice for the community.

As per the logs you are posting passbolt container is up and running. Do you see any errors in /var/www/passbolt/logs/error.log ?

Coolfeather2 · August 2, 2018, 9:47am

My service was looking for the selector label app: mysql instead of app: passbolt-mysql

var/www/passbolt/logs/error.log does not exist, only cli-debug.log exists

diego · August 2, 2018, 9:50am

Then there are no errors or your passbolt instance is not receiving any requests.

Could you confirm you are getting the expected requests checking /var/log/nginx/access.log (also /var/log/nginx/error.log could help to debug the problem)

Coolfeather2 · August 2, 2018, 9:58am

both those files are empty
Service:

Name:                     passbolt-service
Namespace:                passbolt
Labels:                   app=passbolt-app
Selector:                 app=passbolt-app
Type:                     NodePort
IP:                       10.103.54.232
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  32662/TCP
Endpoints:                10.244.0.90:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Ingress:

Name:             passbolt-ingress
Namespace:        passbolt
Address:
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host                   Path  Backends
  ----                   ----  --------
  passbolt.kubernetes
                            passbolt-service:443 (<none>)
Annotations:
Events:  <none>

Coolfeather2 · August 3, 2018, 1:50am

Similar issue here: https://github.com/passbolt/passbolt_docker/issues/95
Just set the ingress to point to 80 and exposed 80 in the service and container deployment

Works