Install Percona Server for MySQL on Kubernetes¶
-
First of all, clone the percona-server-mysql-operator repository:
$ git clone -b v0.10.0 https://github.com/percona/percona-server-mysql-operator cd percona-server-mysql-operatorNote
It is crucial to specify the right branch with
-boption while cloning the code on this step. Please be careful. -
Now Custom Resource Definition for Percona Server for MySQL should be created from the
deploy/crd.yamlfile. Custom Resource Definition extends the standard set of resources which Kubernetes “knows” about with the new items (in our case ones which are the core of the operator). Apply it as follows:$ kubectl apply --server-side -f deploy/crd.yamlThis step should be done only once; it does not need to be repeated with the next Operator deployments, etc.
-
The next thing to do is to add the
mysqlnamespace to Kubernetes, not forgetting to set the correspondent context for further steps:$ kubectl create namespace mysql $ kubectl config set-context $(kubectl config current-context) --namespace=mysqlNote
You can use different namespace name or even stay with the Default one.
-
Now RBAC (role-based access control) for Percona Server for MySQL should be set up from the
deploy/rbac.yamlfile. Briefly speaking, role-based access is based on specifically defined roles and actions corresponding to them, allowed to be done on specific Kubernetes resources (details about users and roles can be found in Kubernetes documentation ).$ kubectl apply -f deploy/rbac.yamlNote
Setting RBAC requires your user to have cluster-admin role privileges. For example, those using Google Kubernetes Engine can grant user needed privileges with the following command:
$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)Finally it’s time to start the operator within Kubernetes:
$ kubectl apply -f deploy/operator.yaml -
Now that’s time to add the Percona Server for MySQL Users secrets to Kubernetes. They should be placed in the data section of the
deploy/secrets.yamlfile as logins and plaintext passwords for the user accounts (see Kubernetes documentation for details).After editing is finished, users secrets should be created using the following command:
$ kubectl create -f deploy/secrets.yamlMore details about secrets can be found in Users.
-
Now certificates should be generated. By default, the Operator generates certificates automatically, and no actions are required at this step. Still, you can generate and apply your own certificates as secrets according to the TLS instructions.
-
After the operator is started and user secrets are added, Percona Server for MySQL can be created at any time with the following command:
$ kubectl apply -f deploy/cr.yamlCreation process will take some time. The process is over when both operator and replica set pod have reached their Running status.
kubectl get podsoutput should look like this:NAME READY STATUS RESTARTS AGE cluster1-mysql-0 1/1 Running 0 7m6s cluster1-mysql-1 1/1 Running 1 (5m39s ago) 6m4s cluster1-mysql-2 1/1 Running 1 (4m40s ago) 5m7s cluster1-orc-0 2/2 Running 0 7m6s percona-server-for-mysql-operator-54c5c87988-xfmlf 1/1 Running 0 7m42s
Verify the cluster operation¶
To connect to Percona Server for MySQL you will need the password for the root user. Passwords are stored in the Secrets object, which was generated during the previous steps.
Here’s how to get it:
-
List the Secrets objects.
It will show you the list of Secrets objects (by default the Secrets object you are interested in has$ kubectl get secretscluster1-secretsname). -
Use the following command to get the password of the
rootuser. Substitutecluster1with your value, if needed:$ kubectl get secret cluster1-secrets -o yamlThe command returns the YAML file with generated Secrets, including the
rootpassword, which should look as follows:... data: ... root: <base64-encoded-password> -
The actual password is base64-encoded. Use the following command to bring it back to a human-readable form:
$ echo '<base64-encoded-password>' | base64 --decode -
Run a container with
mysqltool and connect its console output to your terminal. The following command will do this, naming the new Podpercona-client:$ kubectl run -i --rm --tty percona-client --image=percona:8.0 --restart=Never -- bash -ilIt may require some time to execute the command and deploy the correspondent Pod.
-
Now run
mysqltool in thepercona-clientcommand shell using the password obtained from the Secret instead of the<root password>placeholder. The command will look different depending on whether the cluster uses load balancing with HAProxy (the default behavior) or uses MySQL Router (can be used with Group Replication clusters):$ mysql -h cluster1-haproxy -uroot -p<root password>$ mysql -h cluster1-router -uroot -p<root password>Expected output
mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4065 Server version: 8.0.29-21 Percona Server (GPL), Release 21, Revision c59f87d2854 Copyright (c) 2009-2022 Percona LLC and/or its affiliates Copyright (c) 2000, 2022, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>The following example uses the MySQL prompt to check the
max_connectionsvariable:mysql> SHOW VARIABLES LIKE "max_connections";Expected output
+-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | max_connections | 158 | +-----------------+-------+ 1 row in set (0.02 sec) mysql>