You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

New to KubeDB? Please start here.

MySQL

What is MySQL

MySQL is a Kubernetes Custom Resource Definitions (CRD). It provides declarative configuration for MySQL in a Kubernetes native way. You only need to describe the desired database configuration in a MySQL object, and the KubeDB operator will create Kubernetes objects in the desired state for you.

MySQL Spec

As with all other Kubernetes objects, a MySQL needs apiVersion, kind, and metadata fields. It also needs a .spec section. Below is an example MySQL object.

apiVersion: kubedb.com/v1alpha1
kind: MySQL
metadata:
  name: m1
  namespace: demo
spec:
  version: "8.0-v2"
  topology:
    mode: GroupReplication
    group:
      name: "dc002fc3-c412-4d18-b1d4-66c1fbfbbc9b"
      baseServerID: 100
  databaseSecret:
    secretName: m1-auth
  storageType: "Durable"
  storage:
    storageClassName: "standard"
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 1Gi
  init:
    scriptSource:
      configMap:
        name: mg-init-script
  backupSchedule:
    cronExpression: "@every 2m"
    storageSecretName: ms-snap-secret
    gcs:
      bucket: kubedb-qa
      prefix: demo
  monitor:
    agent: prometheus.io/coreos-operator
    prometheus:
      namespace: demo
      labels:
        app: kubedb
      interval: 10s
  configSource:
    configMap:
      name: my-custom-config
  podTemplate:
    annotations:
      passMe: ToDatabasePod
    controller:
      annotations:
        passMe: ToStatefulSet
    spec:
      serviceAccountName: my-service-account
      schedulerName: my-scheduler
      nodeSelector:
        disktype: ssd
      imagePullSecrets:
      - name: myregistrykey
      args:
      - --character-set-server=utf8mb4
      env:
      - name: MYSQL_DATABASE
        value: myDB
      resources:
        requests:
          memory: "64Mi"
          cpu: "250m"
        limits:
          memory: "128Mi"
          cpu: "500m"
  serviceTemplate:
    annotations:
      passMe: ToService
    spec:
      type: NodePort
      ports:
      - name:  http
        port:  9200
        targetPort: http
  terminationPolicy: Pause
  updateStrategy:
    type: RollingUpdate

spec.version

spec.version is a required field specifying the name of the MySQLVersion crd where the docker images are specified. Currently, when you install KubeDB, it creates the following MySQLVersion crds,

  • 8.0.14, 8.0.3, 8.0-v2, 8.0-v1, 8.0, 8-v1, 8
  • 5.7.25, 5.7-v2, 5.7-v1, 5.7, 5-v1, 5

spec.topology

spec.topology is an optional field that provides a way to configure HA, fault-tolerant MySQL cluster. This field enables you to specify the clustering mode. Currently, we support only MySQL Group Replication. KubeDB uses Pod Disruption Budget to ensure that majority of the group replicas are available during voluntary disruptions so that quorum is maintained and no data loss is occurred.

You can specify the following fields in spec.topology field,

  • mode specifies the clustering mode for MySQL. For now, the supported value is "GroupReplication" for MySQL Group Replication. This field is required if you want to deploy MySQL cluster.

  • group is an optional field to configure a group replication. It contains the following fields:

    • name is an optional field to specify the name for the group. It must be a version 4 UUID if specified.

    • baseServerID is also an optional field. On a replication master and each replication slave, the --server-idoption must be specified to establish a unique replication ID in the range from 1 to 2^32 − 1. Here, “Unique” means that each ID must be different from every other ID in use by any other replication master or slave. So, baseServerID is needed to calculate a unique server_id for each member.

spec.databaseSecret

spec.databaseSecret is an optional field that points to a Secret used to hold credentials for mysql root user. If not set, KubeDB operator creates a new Secret {mysql-object-name}-auth for storing the password for mysql root user for each MySQL object. If you want to use an existing secret please specify that when creating the MySQL object using spec.databaseSecret.secretName.

This secret contains a user key and a password key which contains the username and password respectively for mysql root user. Here, the value of user key is fixed to be root.

Secrets provided by users are not managed by KubeDB, and therefore, won’t be modified or garbage collected by the KubeDB operator (version 0.13.0 and higher).

Example:

$ kubectl create secret generic m1-auth -n demo \
--from-literal=user=root \
--from-literal=password=6q8u_2jMOW-OOZXk
secret "m1-auth" created
apiVersion: v1
data:
  password: NnE4dV8yak1PVy1PT1pYaw==
  user: cm9vdA==
kind: Secret
metadata:
  ...
  name: m1-auth
  namespace: demo
  ...
type: Opaque

spec.storageType

spec.storageType is an optional field that specifies the type of storage to use for database. It can be either Durable or Ephemeral. The default value of this field is Durable. If Ephemeral is used then KubeDB will create MySQL database using emptyDir volume. In this case, you don’t have to specify spec.storage field.

spec.storage

Since 0.9.0-rc.0, If you set spec.storageType: to Durable, then spec.storage is a required field that specifies the StorageClass of PVCs dynamically allocated to store data for the database. This storage spec will be passed to the StatefulSet created by KubeDB operator to run database pods. You can specify any StorageClass available in your cluster with appropriate resource requests.

  • spec.storage.storageClassName is the name of the StorageClass used to provision PVCs. PVCs don’t necessarily have to request a class. A PVC with its storageClassName set equal to "" is always interpreted to be requesting a PV with no class, so it can only be bound to PVs with no class (no annotation or one set equal to “”). A PVC with no storageClassName is not quite the same and is treated differently by the cluster depending on whether the DefaultStorageClass admission plugin is turned on.
  • spec.storage.accessModes uses the same conventions as Kubernetes PVCs when requesting storage with specific access modes.
  • spec.storage.resources can be used to request specific quantities of storage. This follows the same resource model used by PVCs.

To learn how to configure spec.storage, please visit the links below:

spec.init

spec.init is an optional section that can be used to initialize a newly created MySQL database. MySQL databases can be initialized in one of two ways:

  1. Initialize from Script
  2. Initialize from Snapshot

Initialize via Script

To initialize a MySQL database using a script (shell script, sql script etc.), set the spec.init.scriptSource section when creating a MySQL object. It will execute files alphabetically with extensions .sh , .sql and .sql.gz that are found in the repository. The scripts inside child folders will be skipped. ScriptSource must have following information:

Below is an example showing how a script from a configMap can be used to initialize a MySQL database.

apiVersion: kubedb.com/v1alpha1
kind: MySQL
metadata:
  name: m1
spec:
  version: 8.0-v2
  init:
    scriptSource:
      configMap:
        name: mysql-init-script

In the above example, KubeDB operator will launch a Job to execute all js script of mysql-init-script in alphabetical order once StatefulSet pods are running. For more details tutorial on how to initialize from script, please visit here.

Initialize from Snapshots

To initialize from prior snapshots, set the spec.init.snapshotSource section when creating a MySQL object. In this case, SnapshotSource must have following information:

  • name: Name of the Snapshot
  • namespace: Namespace of the Snapshot
apiVersion: kubedb.com/v1alpha1
kind: MySQL
metadata:
  name: m1
spec:
  version: 8.0-v2
  init:
    snapshotSource:
      name: "snapshot-xyz"
      namespace: "demo"

In the above example, MySQL database will be initialized from Snapshot snapshot-xyz in demo namespace. Here, KubeDB operator will launch a Job to initialize MySQL once StatefulSet pods are running.

When initializing from Snapshot, root user credentials must have to match with the previous one. For example, let’s say, Snapshot snapshot-xyz is for MySQL mysql-old. In this case, new MySQL mysql-db should use the same credentials for root user of mysql-old. Otherwise, the restoration process will fail.

For more details tutorial on how to initialize from snapshot, please visit here.

spec.backupSchedule

KubeDB supports taking periodic snapshots for MySQL database. This is an optional section in .spec. When spec.backupSchedule section is added, KubeDB operator immediately takes a backup to validate this information. After that, at each tick KubeDB operator creates a Snapshot object. This triggers operator to create a Job to take backup. If used, set the various sub-fields accordingly.

  • spec.backupSchedule.cronExpression is a required cron expression. This specifies the schedule for backup operations.
  • spec.backupSchedule.{storage} is a required field that is used as the destination for storing snapshot data. KubeDB supports cloud storage providers like S3, GCS, Azure and OpenStack Swift. It also supports any locally mounted Kubernetes volumes, like NFS, Ceph, etc. Only one backend can be used at a time. To learn how to configure this, please visit here.

You can also specify a template for pod of backup job through spec.backupSchedule.podTemplate. KubeDB will use the information you have provided in podTemplate to create the backup job. KubeDB accept following fields to set in spec.backupSchedule.podTemplate:

  • metadata:
    • annotations (pod’s annotation)
  • controller:
    • annotations (job’s annotation)
  • spec:
    • args
    • env
    • resources
    • imagePullSecrets
    • initContainers
    • nodeSelector
    • affinity
    • schedulerName
    • tolerations
    • priorityClassName
    • priority
    • securityContext
    • livenessProbe
    • readinessProbe
    • lifecycle

spec.monitor

MySQL managed by KubeDB can be monitored with builtin-Prometheus and CoreOS-Prometheus operator out-of-the-box. To learn more,

spec.configSource

spec.configSource is an optional field that allows users to provide custom configuration for MySQL. This field accepts a VolumeSource. So you can use any kubernetes supported volume source such as configMap, secret, azureDisk etc. To learn more about how to use a custom configuration file see here.

spec.podTemplate

KubeDB allows providing a template for database pod through spec.podTemplate. KubeDB operator will pass the information provided in spec.podTemplate to the StatefulSet created for MySQL database.

KubeDB accept following fields to set in spec.podTemplate:

  • metadata:
    • annotations (pod’s annotation)
  • controller:
    • annotations (statefulset’s annotation)
  • spec:
    • args
    • env
    • resources
    • initContainers
    • imagePullSecrets
    • nodeSelector
    • affinity
    • serviceAccountName
    • schedulerName
    • tolerations
    • priorityClassName
    • priority
    • securityContext
    • livenessProbe
    • readinessProbe
    • lifecycle

Uses of some field of spec.podTemplate is described below,

spec.podTemplate.spec.args

spec.podTemplate.spec.args is an optional field. This can be used to provide additional arguments to database installation. To learn about available args of mysqld, visit here.

spec.podTemplate.spec.env

spec.podTemplate.spec.env is an optional field that specifies the environment variables to pass to the MySQL docker image. To know about supported environment variables, please visit here.

Note that, KubeDB does not allow MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD, MYSQL_RANDOM_ROOT_PASSWORD, and MYSQL_ONETIME_PASSWORD environment variables to set in spec.env. If you want to set the root password, please use spec.databaseSecret instead described earlier.

If you try to set any of the forbidden environment variables i.e. MYSQL_ROOT_PASSWORD in MySQL crd, Kubed operator will reject the request with following error,

Error from server (Forbidden): error when creating "./mysql.yaml": admission webhook "mysql.validators.kubedb.com" denied the request: environment variable MYSQL_ROOT_PASSWORD is forbidden to use in MySQL spec

Also note that KubeDB does not allow to update the environment variables as updating them does not have any effect once the database is created. If you try to update environment variables, KubeDB operator will reject the request with following error,

Error from server (BadRequest): error when applying patch:
...
for: "./mysql.yaml": admission webhook "mysql.validators.kubedb.com" denied the request: precondition failed for:
...At least one of the following was changed:
    apiVersion
    kind
    name
    namespace
    spec.databaseSecret
    spec.init
    spec.storageType
    spec.storage
    spec.podTemplate.spec.nodeSelector
    spec.podTemplate.spec.env

spec.podTemplate.spec.imagePullSecrets

KubeDB provides the flexibility of deploying MySQL database from a private Docker registry. spec.podTemplate.spec.imagePullSecrets is an optional field that points to secrets to be used for pulling docker image if you are using a private docker registry. To learn how to deploy MySQL from a private registry, please visit here.

spec.podTemplate.spec.nodeSelector

spec.podTemplate.spec.nodeSelector is an optional field that specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). To learn more, see here .

spec.podTemplate.spec.serviceAccountName

serviceAccountName is an optional field supported by KubeDB Operator (version 0.13.0 and higher) that can be used to specify a custom service account to fine tune role based access control.

If this field is left empty, the KubeDB operator will create a service account name matching MySQL crd name. Role and RoleBinding that provide necessary access permissions will also be generated automatically for this service account.

If a service account name is given, but there’s no existing service account by that name, the KubeDB operator will create one, and Role and RoleBinding that provide necessary access permissions will also be generated for this service account.

If a service account name is given, and there’s an existing service account by that name, the KubeDB operator will use that existing service account. Since this service account is not managed by KubeDB, users are responsible for providing necessary access permissions manually. Follow the guide here to grant necessary permissions in this scenario.

spec.podTemplate.spec.resources

spec.podTemplate.spec.resources is an optional field. This can be used to request compute resources required by the database pods. To learn more, visit here.

spec.serviceTemplate

You can also provide a template for the services created by KubeDB operator for MySQL database through spec.serviceTemplate. This will allow you to set the type and other properties of the services.

KubeDB allows following fields to set in spec.serviceTemplate:

  • metadata:
    • annotations
  • spec:
    • type
    • ports
    • clusterIP
    • externalIPs
    • loadBalancerIP
    • loadBalancerSourceRanges
    • externalTrafficPolicy
    • healthCheckNodePort

spec.updateStrategy

You can specify update strategy of StatefulSet created by KubeDB for MySQL database thorough spec.updateStrategy field. The default value of this field is RollingUpdate. In future, we will use this field to determine how automatic migration from old KubeDB version to new one should behave.

spec.terminationPolicy

terminationPolicy gives flexibility whether to nullify(reject) the delete operation of MySQL crd or which resources KubeDB should keep or delete when you delete MySQL crd. KubeDB provides following four termination policies:

  • DoNotTerminate
  • Pause (Default)
  • Delete
  • WipeOut

When, terminationPolicy is DoNotTerminate, KubeDB takes advantage of ValidationWebhook feature in Kubernetes 1.9.0 or later clusters to implement DoNotTerminate feature. If admission webhook is enabled, DoNotTerminate prevents users from deleting the database as long as the spec.terminationPolicy is set to DoNotTerminate.

Following table show what KubeDB does when you delete MySQL crd for different termination policies,

BehaviorDoNotTerminatePauseDeleteWipeOut
1. Block Delete operation
2. Create Dormant Database
3. Delete StatefulSet
4. Delete Services
5. Delete PVCs
6. Delete Secrets
7. Delete Snapshots
8. Delete Snapshot data from bucket

If you don’t specify spec.terminationPolicy KubeDB uses Pause termination policy by default.

Next Steps

  • Learn how to use KubeDB to run a MySQL database here.
  • See the list of supported storage providers for snapshots here.
  • Want to hack on KubeDB? Check our contribution guidelines.