MYSQL where to set password for mysqladmin?

Question

i have mysql in container and its fully works, also i changed root password by

`ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'My_Password';`

but service mysql status or mysqladmin proc executes same with next error

mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'

btw service mysql stop , service mysql start works fine

i tryed to do next:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost';
FLUSH PRIVILEGES;

after it i cant connect to mysql using just mysql

root@MYPC:/APP# mysql                  
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 25
Server version: 8.0.35-0ubuntu0.23.04.1 (Ubuntu)

but

root@MYPC:/APP# service mysql status
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'
 *

how i can wix it to make command service mysql status works?

UPDATE: im running it in docker container based on ubuntu, also i need to change the /var/lib/mysql folder to /app-data/mysql

so here is my:

my.cnf

[mysqld]
bind-address = 0.0.0.0
secure-file-priv = ""
max_connections  = 500

!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/

Dockerfile

FROM ubuntu:23.04
RUN apt-get update && \
    apt-get  install -y mysql-server mysql-client 
COPY . /APP
RUN cp /APP/settings/my.cnf /etc/mysql/my.cnf
ENTRYPOINT [ "/APP/entrypoint.sh" ]

entrypoint.sh

#!/bin/bash 
GREEN='\033[0;32m'
NC='\033[0m' 


#MYSQL part
if [ ! -d /app-data/mysql ]; then
        echo -e "\n${GREEN}Create app-data volume folder${NC}\n"
        #if first run, createating app-data volume
        mkdir -pv /app-data/mysql
        mkdir -pv /app-data/vault
        #and fix permission
        usermod -d /app-data/mysql mysql
        chown -R mysql:mysql /app-data/mysql /var/run/mysqld
        chmod 1777 /app-data/mysql /var/run/mysqld
        sed -i 's/127.0.0.1/0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
        sed -i '/# datadir/s/.*/datadir    =    \/app-data\/mysql/' /etc/mysql/mysql.conf.d/mysqld.cnf
        mysqld --initialize-insecure  
        #start mysql
        echo -e "\n\n\n${GREEN}Running MYSQL ${NC}\n"
        service mysql start
        #apply basic schemas
        mysql < /APP/schemas/schema_service.sql                  
        mysql < /APP/schemas/schema_product_data.sql             
        mysql < /APP/schemas/schema_data_lineage.sql             
        mysql -e 'create schema if not exists schema_analytics;' 
        mysql -e 'create database cloudbeaver;'                  
        mysql < /APP/schemas/permission.sql                      
else
        echo -e "\n${GREEN}app-data folder exist ${NC}\n"
        # runs when container was removed and created again and attached to exist app-data volume
        # or when container was just restarted
        
        #tune mysql config and fix permission
        usermod -d /app-data/mysql mysql
        chown -R mysql:mysql /app-data/mysql /var/run/mysqld
        chmod 1777 /app-data/mysql /var/run/mysqld
        sed -i 's/127.0.0.1/0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
        sed -i '/# datadir/s/.*/datadir    =    \/app-data\/mysql/' /etc/mysql/mysql.conf.d/mysqld.cnf
        echo -e "\n\n\n${GREEN}Running MYSQL ${NC}\n"
        #start mysql
        service mysql start
fi

#wait till mssql will be avaliable on 3306 port
while ! nc -zv4 localhost 3306; do sleep 5; done 
 

#start HashiCorp Vault,
#   config file is /etc/vault/config.hcl
echo -e "\n\n\n${GREEN}Running HashiCorp Vault ${NC}\n"
vault server -config=/etc/vault/config.hcl &
while ! nc -zv4 localhost 8200; do sleep 5; done

#crete Vault storage
if [ -f /app-data/vault/vault-init.json ]; then
    echo -e "\n\n\n${GREEN}Vault storage exists ${NC}\n"
else
    echo -e "\n\n\n${GREEN}creating Vault storage ${NC}\n"
    vault operator init -key-shares=1 -key-threshold=1 -format=json > /app-data/vault/vault-init.json
fi


#unseal Vault
UNSEAL_TOKEN=`jq -r '.unseal_keys_hex[0]' /app-data/vault/vault-init.json`
vault operator unseal $UNSEAL_TOKEN 

#Vault cli login 
ROOT_TOKEN=`jq -r '.root_token' /app-data/vault/vault-init.json`
echo $ROOT_TOKEN > /root/.vault-token
vault login $ROOT_TOKEN > /dev/null

#set basic credentials
vault secrets enable -path=migvisor_analytics -version=1 kv
/APP/settings/secrets.sh

wait

yes, here is also Vault server and I don't add all vault related parts, because this question is about MySQL

and yes, i need to have both /app-data/mysql/ and /app-data/vault/vault-init.json

in this path, because I'm using volume for /app-data and this folder will be clean on first start and will have data when I run new container with old volume