3 [MySQL](https://MySQL.org) is one of the most popular database servers in the world. Notable users include Wikipedia, Facebook and Google.
7 This chart bootstraps a single node MySQL deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
11 - Kubernetes 1.10+ with Beta APIs enabled
12 - PV provisioner support in the underlying infrastructure
14 ## Installing the Chart
16 To install the chart with the release name `my-release`:
19 $ helm install --name my-release stable/mysql
22 The command deploys MySQL on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
24 By default a random password will be generated for the root user. If you'd like to set your own password change the mysqlRootPassword
27 You can retrieve your root password by running the following command. Make sure to replace [YOUR_RELEASE_NAME]:
29 printf $(printf '\%o' `kubectl get secret [YOUR_RELEASE_NAME]-mysql -o jsonpath="{.data.mysql-root-password[*]}"`)
31 > **Tip**: List all releases using `helm list`
33 ## Uninstalling the Chart
35 To uninstall/delete the `my-release` deployment:
38 $ helm delete --purge my-release
41 The command removes all the Kubernetes components associated with the chart and deletes the release completely.
45 The following table lists the configurable parameters of the MySQL chart and their default values.
47 | Parameter | Description | Default |
48 | -------------------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------- |
49 | `args` | Additional arguments to pass to the MySQL container. | `[]` |
50 | `initContainer.resources` | initContainer resource requests/limits | Memory: `10Mi`, CPU: `10m` |
51 | `image` | `mysql` image repository. | `mysql` |
52 | `imageTag` | `mysql` image tag. | `5.7.30` |
53 | `busybox.image` | `busybox` image repository. | `busybox` |
54 | `busybox.tag` | `busybox` image tag. | `1.32` |
55 | `testFramework.enabled` | `test-framework` switch. | `true` |
56 | `testFramework.image` | `test-framework` image repository. | `bats/bats` |
57 | `testFramework.tag` | `test-framework` image tag. | `1.2.1` |
58 | `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
59 | `testFramework.securityContext` | `test-framework` securityContext | `{}` |
60 | `imagePullPolicy` | Image pull policy | `IfNotPresent` |
61 | `existingSecret` | Use Existing secret for Password details | `nil` |
62 | `extraVolumes` | Additional volumes as a string to be passed to the `tpl` function | |
63 | `extraVolumeMounts` | Additional volumeMounts as a string to be passed to the `tpl` function | |
64 | `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | |
65 | `extraEnvVars` | Additional environment variables as a string to be passed to the `tpl` function | |
66 | `mysqlRootPassword` | Password for the `root` user. Ignored if existing secret is provided | Random 10 characters |
67 | `mysqlUser` | Username of new user to create. | `nil` |
68 | `mysqlPassword` | Password for the new user. Ignored if existing secret is provided | Random 10 characters |
69 | `mysqlDatabase` | Name for new database to create. | `nil` |
70 | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
71 | `livenessProbe.periodSeconds` | How often to perform the probe | 10 |
72 | `livenessProbe.timeoutSeconds` | When the probe times out | 5 |
73 | `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
74 | `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 |
75 | `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 |
76 | `readinessProbe.periodSeconds` | How often to perform the probe | 10 |
77 | `readinessProbe.timeoutSeconds` | When the probe times out | 1 |
78 | `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
79 | `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 3 |
80 | `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
81 | `persistence.enabled` | Create a volume to store data | true |
82 | `persistence.size` | Size of persistent volume claim | 8Gi RW |
83 | `persistence.storageClass` | Type of persistent volume claim | nil |
84 | `persistence.accessMode` | ReadWriteOnce or ReadOnly | ReadWriteOnce |
85 | `persistence.existingClaim` | Name of existing persistent volume | `nil` |
86 | `persistence.subPath` | Subdirectory of the volume to mount | `nil` |
87 | `persistence.annotations` | Persistent Volume annotations | {} |
88 | `nodeSelector` | Node labels for pod assignment | {} |
89 | `affinity` | Affinity rules for pod assignment | {} |
90 | `tolerations` | Pod taint tolerations for deployment | {} |
91 | `metrics.enabled` | Start a side-car prometheus exporter | `false` |
92 | `metrics.image` | Exporter image | `prom/mysqld-exporter` |
93 | `metrics.imageTag` | Exporter image | `v0.10.0` |
94 | `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` |
95 | `metrics.resources` | Exporter resource requests/limit | `nil` |
96 | `metrics.livenessProbe.initialDelaySeconds` | Delay before metrics liveness probe is initiated | 15 |
97 | `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 |
98 | `metrics.readinessProbe.initialDelaySeconds` | Delay before metrics readiness probe is initiated | 5 |
99 | `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 1 |
100 | `metrics.flags` | Additional flags for the mysql exporter to use | `[]` |
101 | `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
102 | `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
103 | `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` |
104 | `configurationFiles` | List of mysql configuration files | `nil` |
105 | `configurationFilesPath` | Path of mysql configuration files | `/etc/mysql/conf.d/` |
106 | `securityContext.enabled` | Enable security context (mysql pod) | `false` |
107 | `securityContext.fsGroup` | Group ID for the container (mysql pod) | 999 |
108 | `securityContext.runAsUser` | User ID for the container (mysql pod) | 999 |
109 | `service.annotations` | Kubernetes annotations for mysql | {} |
110 | `service.type` | Kubernetes service type | ClusterIP |
111 | `service.loadBalancerIP` | LoadBalancer service IP | `""` |
112 | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` |
113 | `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mysql.fullname template |
114 | `ssl.enabled` | Setup and use SSL for MySQL connections | `false` |
115 | `ssl.secret` | Name of the secret containing the SSL certificates | mysql-ssl-certs |
116 | `ssl.certificates[0].name` | Name of the secret containing the SSL certificates | `nil` |
117 | `ssl.certificates[0].ca` | CA certificate | `nil` |
118 | `ssl.certificates[0].cert` | Server certificate (public key) | `nil` |
119 | `ssl.certificates[0].key` | Server key (private key) | `nil` |
120 | `imagePullSecrets` | Name of Secret resource containing private registry credentials | `nil` |
121 | `initializationFiles` | List of SQL files which are run after the container started | `nil` |
122 | `timezone` | Container and mysqld timezone (TZ env) | `nil` (UTC depending on image) |
123 | `podAnnotations` | Map of annotations to add to the pods | `{}` |
124 | `podLabels` | Map of labels to add to the pods | `{}` |
125 | `priorityClassName` | Set pod priorityClassName | `{}` |
126 | `deploymentAnnotations` | Map of annotations for deployment | `{}` |
127 | `strategy` | Update strategy policy | `{type: "Recreate"}` |
129 Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/).
131 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
134 $ helm install --name my-release \
135 --set mysqlRootPassword=secretpassword,mysqlUser=my-user,mysqlPassword=my-password,mysqlDatabase=my-database \
139 The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`.
141 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
144 $ helm install --name my-release -f values.yaml stable/mysql
147 > **Tip**: You can use the default [values.yaml](values.yaml)
151 The [MySQL](https://hub.docker.com/_/mysql/) image stores the MySQL data and configurations at the `/var/lib/mysql` path of the container.
153 By default a PersistentVolumeClaim is created and mounted into that directory. In order to disable this functionality
154 you can change the values.yaml to disable persistence and use an emptyDir instead.
156 > *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
158 **Notice**: You may need to increase the value of `livenessProbe.initialDelaySeconds` when enabling persistence by using PersistentVolumeClaim from PersistentVolume with varying properties. Since its IO performance has impact on the database initialization performance. The default limit for database initialization is `60` seconds (`livenessProbe.initialDelaySeconds` + `livenessProbe.periodSeconds` * `livenessProbe.failureThreshold`). Once such initialization process takes more time than this limit, kubelet will restart the database container, which will interrupt database initialization then causing persisent data in an unusable state.
160 ## Custom MySQL configuration files
162 The [MySQL](https://hub.docker.com/_/mysql/) image accepts custom configuration files at the path `/etc/mysql/conf.d`. If you want to use a customized MySQL configuration, you can create your alternative configuration files by passing the file contents on the `configurationFiles` attribute. Note that according to the MySQL documentation only files ending with `.cnf` are loaded.
170 sql-mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
175 ## MySQL initialization files
177 The [MySQL](https://hub.docker.com/_/mysql/) image accepts *.sh, *.sql and *.sql.gz files at the path `/docker-entrypoint-initdb.d`.
178 These files are being run exactly once for container initialization and ignored on following container restarts.
179 If you want to use initialization scripts, you can create initialization files by passing the file contents on the `initializationFiles` attribute.
185 CREATE DATABASE IF NOT EXISTS first DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
187 CREATE DATABASE IF NOT EXISTS second DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
192 This chart supports configuring MySQL to use [encrypted connections](https://dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html) with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases:
194 * Manage certificate secrets with helm
195 * Manage certificate secrets outside of helm
197 ## Manage certificate secrets with helm
199 Include your certificate data in the `ssl.certificates` section. For example:
204 secret: mysql-ssl-certs
206 - name: mysql-ssl-certs
208 -----BEGIN CERTIFICATE-----
210 -----END CERTIFICATE-----
212 -----BEGIN CERTIFICATE-----
214 -----END CERTIFICATE-----
216 -----BEGIN RSA PRIVATE KEY-----
218 -----END RSA PRIVATE KEY-----
221 > **Note**: Make sure your certificate data has the correct formatting in the values file.
223 ## Manage certificate secrets outside of helm
225 1. Ensure the certificate secret exist before installation of this chart.
226 2. Set the name of the certificate secret in `ssl.secret`.
227 3. Make sure there are no entries underneath `ssl.certificates`.
229 To manually create the certificate secret from local files you can execute:
231 kubectl create secret generic mysql-ssl-certs \
232 --from-file=ca.pem=./ssl/certificate-authority.pem \
233 --from-file=server-cert.pem=./ssl/server-public-key.pem \
234 --from-file=server-key.pem=./ssl/server-private-key.pem
236 > **Note**: `ca.pem`, `server-cert.pem`, and `server-key.pem` **must** be used as the key names in this generic secret.
238 If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld]
243 ssl-cert=/ssl/server-cert.pem
244 ssl-key=/ssl/server-key.pem
Code Review / it / otf.git / blob