ci4sManagement-cloud/k8s/helm-1mysql

⚠️ Repo Archive Notice

As of Nov 13, 2020, charts in this repo will no longer be updated. For more information, see the Helm Charts Deprecation and Archive Notice, and Update.

MySQL

MySQL is one of the most popular database servers in the world. Notable users include Wikipedia, Facebook and Google.

DEPRECATION NOTICE

This chart is deprecated and no longer supported.

Introduction

This chart bootstraps a single node MySQL deployment on a Kubernetes cluster using the Helm package manager.

Prerequisites

• Kubernetes 1.10+ with Beta APIs enabled
• PV provisioner support in the underlying infrastructure

Installing the Chart

To install the chart with the release name my-release:

$ helm install --name my-release stable/mysql

The command deploys MySQL on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

By default a random password will be generated for the root user. If you'd like to set your own password change the mysqlRootPassword in the values.yaml.

You can retrieve your root password by running the following command. Make sure to replace [YOUR_RELEASE_NAME]:

printf $(printf '\%o' `kubectl get secret [YOUR_RELEASE_NAME]-mysql -o jsonpath="{.data.mysql-root-password[*]}"`)

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete --purge my-release

The command removes all the Kubernetes components associated with the chart and deletes the release completely.

Configuration

The following table lists the configurable parameters of the MySQL chart and their default values.

Parameter	Description	Default
args	Additional arguments to pass to the MySQL container.	[]
initContainer.resources	initContainer resource requests/limits	Memory: 10Mi, CPU: 10m
image	mysql image repository.	mysql
imageTag	mysql image tag.	5.7.30
busybox.image	busybox image repository.	busybox
busybox.tag	busybox image tag.	1.32
testFramework.enabled	test-framework switch.	true
testFramework.image	test-framework image repository.	bats/bats
testFramework.tag	test-framework image tag.	1.2.1
testFramework.imagePullPolicy	test-framework image pull policy.	IfNotPresent
testFramework.securityContext	test-framework securityContext	{}
imagePullPolicy	Image pull policy	IfNotPresent
existingSecret	Use Existing secret for Password details	nil
extraVolumes	Additional volumes as a string to be passed to the tpl function
extraVolumeMounts	Additional volumeMounts as a string to be passed to the tpl function
extraInitContainers	Additional init containers as a string to be passed to the tpl function
extraEnvVars	Additional environment variables as a string to be passed to the tpl function
mysqlRootPassword	Password for the root user. Ignored if existing secret is provided	Random 10 characters
mysqlUser	Username of new user to create.	nil
mysqlPassword	Password for the new user. Ignored if existing secret is provided	Random 10 characters
mysqlDatabase	Name for new database to create.	nil
livenessProbe.initialDelaySeconds	Delay before liveness probe is initiated	30
livenessProbe.periodSeconds	How often to perform the probe	10
livenessProbe.timeoutSeconds	When the probe times out	5
livenessProbe.successThreshold	Minimum consecutive successes for the probe to be considered successful after having failed.	1
livenessProbe.failureThreshold	Minimum consecutive failures for the probe to be considered failed after having succeeded.	3
readinessProbe.initialDelaySeconds	Delay before readiness probe is initiated	5
readinessProbe.periodSeconds	How often to perform the probe	10
readinessProbe.timeoutSeconds	When the probe times out	1
readinessProbe.successThreshold	Minimum consecutive successes for the probe to be considered successful after having failed.	1
readinessProbe.failureThreshold	Minimum consecutive failures for the probe to be considered failed after having succeeded.	3
schedulerName	Name of the k8s scheduler (other than default)	nil
mysqlx.port.enabled	Boolean to toggle a port for mysqlx 33060 protocol.	false
persistence.enabled	Create a volume to store data	true
persistence.size	Size of persistent volume claim	8Gi RW
persistence.storageClass	Type of persistent volume claim	nil
persistence.accessMode	ReadWriteOnce or ReadOnly	ReadWriteOnce
persistence.existingClaim	Name of existing persistent volume	nil
persistence.subPath	Subdirectory of the volume to mount	nil
persistence.annotations	Persistent Volume annotations	{}
nodeSelector	Node labels for pod assignment	{}
affinity	Affinity rules for pod assignment	{}
tolerations	Pod taint tolerations for deployment	{}
metrics.enabled	Start a side-car prometheus exporter	false
metrics.image	Exporter image	prom/mysqld-exporter
metrics.imageTag	Exporter image	v0.10.0
metrics.imagePullPolicy	Exporter image pull policy	IfNotPresent
metrics.resources	Exporter resource requests/limit	nil
metrics.livenessProbe.initialDelaySeconds	Delay before metrics liveness probe is initiated	15
metrics.livenessProbe.timeoutSeconds	When the probe times out	5
metrics.readinessProbe.initialDelaySeconds	Delay before metrics readiness probe is initiated	5
metrics.readinessProbe.timeoutSeconds	When the probe times out	1
metrics.flags	Additional flags for the mysql exporter to use	[]
metrics.serviceMonitor.enabled	Set this to true to create ServiceMonitor for Prometheus operator	false
metrics.serviceMonitor.additionalLabels	Additional labels that can be used so ServiceMonitor will be discovered by Prometheus	{}
resources	CPU/Memory resource requests/limits	Memory: 256Mi, CPU: 100m
configurationFiles	List of mysql configuration files	nil
configurationFilesPath	Path of mysql configuration files	/etc/mysql/conf.d/
securityContext.enabled	Enable security context (mysql pod)	false
securityContext.fsGroup	Group ID for the container (mysql pod)	999
securityContext.runAsUser	User ID for the container (mysql pod)	999
service.annotations	Kubernetes annotations for mysql	{}
service.type	Kubernetes service type	ClusterIP
service.loadBalancerIP	LoadBalancer service IP	""
serviceAccount.create	Specifies whether a ServiceAccount should be created	false
serviceAccount.name	The name of the ServiceAccount to create	Generated using the mysql.fullname template
ssl.enabled	Setup and use SSL for MySQL connections	false
ssl.secret	Name of the secret containing the SSL certificates	mysql-ssl-certs
ssl.certificates[0].name	Name of the secret containing the SSL certificates	nil
ssl.certificates[0].ca	CA certificate	nil
ssl.certificates[0].cert	Server certificate (public key)	nil
ssl.certificates[0].key	Server key (private key)	nil
imagePullSecrets	Name of Secret resource containing private registry credentials	nil
initializationFiles	List of SQL files which are run after the container started	nil
timezone	Container and mysqld timezone (TZ env)	nil (UTC depending on image)
podAnnotations	Map of annotations to add to the pods	{}
podLabels	Map of labels to add to the pods	{}
priorityClassName	Set pod priorityClassName	{}
deploymentAnnotations	Map of annotations for deployment	{}
strategy	Update strategy policy	{type: "Recreate"}

Some of the parameters above map to the env variables defined in the MySQL DockerHub image.

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install --name my-release \
  --set mysqlRootPassword=secretpassword,mysqlUser=my-user,mysqlPassword=my-password,mysqlDatabase=my-database \
    stable/mysql

The above command sets the MySQL root account password to secretpassword. Additionally it creates a standard database user named my-user, with the password my-password, who has access to a database named my-database.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

$ helm install --name my-release -f values.yaml stable/mysql

Tip: You can use the default values.yaml

Persistence

The MySQL image stores the MySQL data and configurations at the /var/lib/mysql path of the container.

By default a PersistentVolumeClaim is created and mounted into that directory. In order to disable this functionality you can change the values.yaml to disable persistence and use an emptyDir instead.

"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."

Notice: You may need to increase the value of livenessProbe.initialDelaySeconds when enabling persistence by using PersistentVolumeClaim from PersistentVolume with varying properties. Since its IO performance has impact on the database initialization performance. The default limit for database initialization is 60 seconds (livenessProbe.initialDelaySeconds + livenessProbe.periodSeconds * livenessProbe.failureThreshold). Once such initialization process takes more time than this limit, kubelet will restart the database container, which will interrupt database initialization then causing persisent data in an unusable state.

Custom MySQL configuration files

The MySQL image accepts custom configuration files at the path /etc/mysql/conf.d. If you want to use a customized MySQL configuration, you can create your alternative configuration files by passing the file contents on the configurationFiles attribute. Note that according to the MySQL documentation only files ending with .cnf are loaded.

configurationFiles:
  mysql.cnf: |-
    [mysqld]
    skip-host-cache
    skip-name-resolve
    sql-mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION    
  mysql_custom.cnf: |-
    [mysqld]    

MySQL initialization files

The MySQL image accepts *.sh, *.sql and *.sql.gz files at the path /docker-entrypoint-initdb.d. These files are being run exactly once for container initialization and ignored on following container restarts. If you want to use initialization scripts, you can create initialization files by passing the file contents on the initializationFiles attribute.

initializationFiles:
  first-db.sql: |-
    CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;    
  second-db.sql: |-
    CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;    

SSL

This chart supports configuring MySQL to use encrypted connections with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases:

• Manage certificate secrets with helm
• Manage certificate secrets outside of helm

Manage certificate secrets with helm

Include your certificate data in the ssl.certificates section. For example:

ssl:
  enabled: false
  secret: mysql-ssl-certs
  certificates:
  - name: mysql-ssl-certs
    ca: |-
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
    cert: |-
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
    key: |-
      -----BEGIN RSA PRIVATE KEY-----
      ...
      -----END RSA PRIVATE KEY-----

Note: Make sure your certificate data has the correct formatting in the values file.

Manage certificate secrets outside of helm

1. Ensure the certificate secret exist before installation of this chart.
2. Set the name of the certificate secret in ssl.secret.
3. Make sure there are no entries underneath ssl.certificates.

To manually create the certificate secret from local files you can execute:

kubectl create secret generic mysql-ssl-certs \
  --from-file=ca.pem=./ssl/certificate-authority.pem \
  --from-file=server-cert.pem=./ssl/server-public-key.pem \
  --from-file=server-key.pem=./ssl/server-private-key.pem

Note: ca.pem, server-cert.pem, and server-key.pem must be used as the key names in this generic secret.

If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld]

[mysqld]
    ssl-ca=/ssl/ca.pem
    ssl-cert=/ssl/server-cert.pem
    ssl-key=/ssl/server-key.pem