尝试连接 MongoDB Kubernetes 集群时 mongo-express 的身份验证问题使用 MongoDB Community Kubernetes Operator 创建

编程问答 2022-05-29

问题描述

我与 MongoDB Community Kubernetes Operator 建立了一个 Minikube-Cluster。 要查看内容,我想设置一个连接到 Mongo-Cluster/replicaset 的 mongo-express 实例。但是如果我应用部署容器总是失败:

mongo-express_1  | Waiting for localhost:27017...
mongo-express_1  | Welcome to mongo-express
mongo-express_1  | ------------------------
mongo-express_1  | 
mongo-express_1  | 
mongo-express_1  | Mongo Express server listening at http://0.0.0.0:8081
mongo-express_1  | Server is open to allow connections from anyone (0.0.0.0)
mongo-express_1  | basicAuth credentials are "admin:pass",it is recommended you change this in your config.js!
mongo-express_1  | Database connected
mongo-express_1  | Admin Database connected
mongo-express_1  | Error [MongoError]: Authentication Failed.
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at Socket.emit (events.js:314:20)
mongo-express_1  |     at addChunk (_stream_readable.js:297:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:272:9)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:213:10)
mongo-express_1  |     at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
mongo-express_1  |   operationTime: Timestamp { _bsontype: 'Timestamp',low_: 1,high_: 1611234788 },mongo-express_1  |   ok: 0,mongo-express_1  |   errmsg: 'Authentication Failed.',mongo-express_1  |   code: 18,mongo-express_1  |   codeName: 'AuthenticationFailed',mongo-express_1  |   '$clusterTime': {
mongo-express_1  |     clusterTime: Timestamp { _bsontype: 'Timestamp',mongo-express_1  |     signature: { hash: [Binary],keyId: [Long] }
mongo-express_1  |   }
mongo-express_1  | }
mongo-express_1  | unable to list databases
mongo-express_1  | Error [MongoError]: command listDatabases requires authentication
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at Socket.emit (events.js:314:20)
mongo-express_1  |     at addChunk (_stream_readable.js:297:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:272:9)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:213:10)
mongo-express_1  |     at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
mongo-express_1  |   operationTime: Timestamp { _bsontype: 'Timestamp',mongo-express_1  |   errmsg: 'command listDatabases requires authentication',mongo-express_1  |   code: 13,mongo-express_1  |   codeName: 'Unauthorized',keyId: [Long] }
mongo-express_1  |   }
mongo-express_1  | }

为了便于测试,我使用 docker-compose 启动 mango-express 并创建了一个端口转发来访问集群。

版本:

  • MongoDB 集群:尝试了 4.2.6 和 4.4.3
  • mongo-express:0.54.0

这里是我用于 MongoDB 集群创建的部署/服务:

---
apiVersion: mongodb.com/v1
kind: MongoDB
Metadata:
  name: example-mongodb
spec:
  members: 3
  type: replicaset
  version: "4.4.3"
  security:
    authentication:
      modes: ["SCRAM"]
  users:
    - name: mongoadmin
      db: admin
      passwordSecretRef: # a reference to the secret that will be used to generate the user's password
        name: mongoadmin-password
      roles:
        - name: root
          db: admin
      scramCredentialsSecretName: my-scram

# the user credentials will be generated from this secret
# once the credentials are generated,this secret is no longer required
---
apiVersion: v1
kind: Secret
Metadata:
  name: mongoadmin-password
type: Opaque
stringData:
  password: mongoadmin

这里是我用于 mongo-express 的撰写文件

version: '3.8'

services:
  mongo-express:
    image: mongo-express
    restart: on-failure
    ports:
      - 8081:8081
    network_mode: host
    environment:
      ME_CONfig_MONGODB_SERVER: localhost
      ME_CONfig_MONGODB_ADMINUSERNAME: mongoadmin
      ME_CONfig_MONGODB_ADMINPASSWORD: mongoadmin

问题是,如果我通过 docker-compose 使用 mongo-express 设置一个 mongo (4.4.3) 容器,一切正常...

有人知道这是怎么回事吗?

解决方法

我已经从 mongo-express 的 alpha 版本构建了 docker 镜像 https://github.com/mongo-express/mongo-express/tree/v1.0.0-alpha.1

这是图片uncl3mar1k/mongo-express:v1.0.0-alpha.1

它似乎适用于身份验证,但我注意到它在分页方面存在问题。 (如果你有很多集合并尝试浏览页面,你会发现关于集合的数据没有改变)

更新:有一个更新的版本 v1.0.0-alpha.3 看起来所有问题都在这里得到解决。请看一下新图片:staslb/mongo-express:v1.0.0-alpha.3