--- # Source: mysql/templates/networkpolicy.yaml kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: my-mysql namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql spec: podSelector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 policyTypes: - Ingress - Egress egress: - {} ingress: # Allow connection from other cluster pods - ports: - port: 3306 --- # Source: mysql/templates/primary/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: my-mysql-primary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary --- # Source: mysql/templates/secondary/pdb.yaml apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: my-mysql-secondary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/component: secondary --- # Source: mysql/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: my-mysql namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql automountServiceAccountToken: false secrets: - name: my-mysql --- # Source: mysql/templates/secrets.yaml apiVersion: v1 kind: Secret metadata: name: my-mysql namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql type: Opaque data: mysql-root-password: "N0ZveE5ZdXRobg==" mysql-password: "TVlvWXZYOFZiZQ==" mysql-replication-password: "NzNkc0NtbmtJMQ==" --- # Source: mysql/templates/primary/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: my-mysql-primary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary data: my.cnf: |- [mysqld] authentication_policy='* ,,' skip-name-resolve explicit_defaults_for_timestamp basedir=/opt/bitnami/mysql plugin_dir=/opt/bitnami/mysql/lib/plugin port=3306 mysqlx=0 mysqlx_port=33060 socket=/opt/bitnami/mysql/tmp/mysql.sock datadir=/bitnami/mysql/data tmpdir=/opt/bitnami/mysql/tmp max_allowed_packet=16M bind-address=* pid-file=/opt/bitnami/mysql/tmp/mysqld.pid log-error=/opt/bitnami/mysql/logs/mysqld.log character-set-server=UTF8 slow_query_log=0 long_query_time=10.0 [client] port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock default-character-set=UTF8 plugin_dir=/opt/bitnami/mysql/lib/plugin [manager] port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock pid-file=/opt/bitnami/mysql/tmp/mysqld.pid --- # Source: mysql/templates/secondary/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: my-mysql-secondary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary data: my.cnf: |- [mysqld] authentication_policy='* ,,' skip-name-resolve explicit_defaults_for_timestamp basedir=/opt/bitnami/mysql plugin_dir=/opt/bitnami/mysql/lib/plugin port=3306 mysqlx=0 mysqlx_port=33060 socket=/opt/bitnami/mysql/tmp/mysql.sock datadir=/bitnami/mysql/data tmpdir=/opt/bitnami/mysql/tmp max_allowed_packet=16M bind-address=* pid-file=/opt/bitnami/mysql/tmp/mysqld.pid log-error=/opt/bitnami/mysql/logs/mysqld.log character-set-server=UTF8 slow_query_log=0 long_query_time=10.0 [client] port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock default-character-set=UTF8 plugin_dir=/opt/bitnami/mysql/lib/plugin [manager] port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock pid-file=/opt/bitnami/mysql/tmp/mysqld.pid --- # Source: mysql/templates/primary/svc-headless.yaml apiVersion: v1 kind: Service metadata: name: my-mysql-primary-headless namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary spec: type: ClusterIP clusterIP: None publishNotReadyAddresses: true ports: - name: mysql port: 3306 targetPort: mysql selector: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/component: primary --- # Source: mysql/templates/primary/svc.yaml apiVersion: v1 kind: Service metadata: name: my-mysql-primary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary spec: type: ClusterIP sessionAffinity: None ports: - name: mysql port: 3306 protocol: TCP targetPort: mysql nodePort: null selector: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary --- # Source: mysql/templates/secondary/svc-headless.yaml apiVersion: v1 kind: Service metadata: name: my-mysql-secondary-headless namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary spec: type: ClusterIP clusterIP: None publishNotReadyAddresses: true ports: - name: mysql port: 3306 targetPort: mysql selector: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary --- # Source: mysql/templates/secondary/svc.yaml apiVersion: v1 kind: Service metadata: name: my-mysql-secondary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary spec: type: ClusterIP sessionAffinity: None ports: - name: mysql port: 3306 protocol: TCP targetPort: mysql nodePort: null selector: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/component: secondary --- # Source: mysql/templates/primary/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: my-mysql-primary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary spec: replicas: 1 podManagementPolicy: "" selector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary serviceName: my-mysql-primary-headless updateStrategy: type: RollingUpdate template: metadata: annotations: checksum/configuration: a581348f7af561e486fad8d76b185ef64f865137e8229ff5d0fa6cdf95694ea1 labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: primary spec: serviceAccountName: my-mysql automountServiceAccountToken: false affinity: podAffinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: securityContext: fsGroup: 1001 fsGroupChangePolicy: Always supplementalGroups: [] sysctls: [] initContainers: - name: preserve-logs-symlinks image: docker.io/bitnami/mysql:8.4.5-debian-12-r0 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault resources: limits: cpu: 750m ephemeral-storage: 2Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi command: - /bin/bash args: - -ec - | #!/bin/bash . /opt/bitnami/scripts/libfs.sh # We copy the logs folder because it has symlinks to stdout and stderr if ! is_dir_empty /opt/bitnami/mysql/logs; then cp -r /opt/bitnami/mysql/logs /emptydir/app-logs-dir fi volumeMounts: - name: empty-dir mountPath: /emptydir containers: - name: mysql image: docker.io/bitnami/mysql:8.4.5-debian-12-r0 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault env: - name: BITNAMI_DEBUG value: "false" - name: MYSQL_ROOT_PASSWORD_FILE value: /opt/bitnami/mysql/secrets/mysql-root-password - name: MYSQL_ENABLE_SSL value: "no" - name: MYSQL_PORT value: "3306" - name: MYSQL_DATABASE value: "my_database" - name: MYSQL_REPLICATION_MODE value: "master" - name: MYSQL_REPLICATION_USER value: "replicator" - name: MYSQL_REPLICATION_PASSWORD_FILE value: /opt/bitnami/mysql/secrets/mysql-replication-password envFrom: ports: - name: mysql containerPort: 3306 livenessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi mysqladmin status -uroot -p"${password_aux}" readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" startupProbe: failureThreshold: 10 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" resources: limits: cpu: 750m ephemeral-storage: 2Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi volumeMounts: - name: data mountPath: /bitnami/mysql - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: empty-dir mountPath: /opt/bitnami/mysql/conf subPath: app-conf-dir - name: empty-dir mountPath: /opt/bitnami/mysql/tmp subPath: app-tmp-dir - name: empty-dir mountPath: /opt/bitnami/mysql/logs subPath: app-logs-dir - name: config mountPath: /opt/bitnami/mysql/conf/my.cnf subPath: my.cnf - name: mysql-credentials mountPath: /opt/bitnami/mysql/secrets/ volumes: - name: config configMap: name: my-mysql-primary - name: mysql-credentials secret: secretName: my-mysql items: - key: mysql-root-password path: mysql-root-password - key: mysql-password path: mysql-password - key: mysql-replication-password path: mysql-replication-password - name: empty-dir emptyDir: {} volumeClaimTemplates: - metadata: name: data labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/component: primary spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" --- # Source: mysql/templates/secondary/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: my-mysql-secondary namespace: "default" labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary spec: replicas: 2 podManagementPolicy: "" selector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary serviceName: my-mysql-secondary-headless updateStrategy: type: RollingUpdate template: metadata: annotations: checksum/configuration: 266f59054731f333d22a8fb2b77b80c341a76f974f81b0d91f20f985a2d6fabb labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: mysql app.kubernetes.io/version: 8.4.5 helm.sh/chart: mysql-12.3.4 app.kubernetes.io/part-of: mysql app.kubernetes.io/component: secondary spec: serviceAccountName: my-mysql automountServiceAccountToken: false affinity: podAffinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql topologyKey: kubernetes.io/hostname weight: 1 nodeAffinity: securityContext: fsGroup: 1001 fsGroupChangePolicy: Always supplementalGroups: [] sysctls: [] initContainers: - name: preserve-logs-symlinks image: docker.io/bitnami/mysql:8.4.5-debian-12-r0 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault resources: limits: cpu: 750m ephemeral-storage: 2Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi command: - /bin/bash args: - -ec - | #!/bin/bash . /opt/bitnami/scripts/libfs.sh # We copy the logs folder because it has symlinks to stdout and stderr if ! is_dir_empty /opt/bitnami/mysql/logs; then cp -r /opt/bitnami/mysql/logs /emptydir/app-logs-dir fi volumeMounts: - name: empty-dir mountPath: /emptydir containers: - name: mysql image: docker.io/bitnami/mysql:8.4.5-debian-12-r0 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault env: - name: BITNAMI_DEBUG value: "false" - name: MYSQL_REPLICATION_MODE value: "slave" - name: MYSQL_MASTER_HOST value: my-mysql-primary - name: MYSQL_MASTER_PORT_NUMBER value: "3306" - name: MYSQL_MASTER_ROOT_USER value: "root" - name: MYSQL_PORT value: "3306" - name: MYSQL_REPLICATION_USER value: "replicator" - name: MYSQL_ENABLE_SSL value: "no" - name: MYSQL_MASTER_ROOT_PASSWORD_FILE value: /opt/bitnami/mysql/secrets/mysql-root-password - name: MYSQL_REPLICATION_PASSWORD_FILE value: /opt/bitnami/mysql/secrets/mysql-replication-password envFrom: ports: - name: mysql containerPort: 3306 livenessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") fi mysqladmin status -uroot -p"${password_aux}" readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") fi mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" startupProbe: failureThreshold: 15 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") fi mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" resources: limits: cpu: 750m ephemeral-storage: 2Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi volumeMounts: - name: data mountPath: /bitnami/mysql - name: config mountPath: /opt/bitnami/mysql/conf/my.cnf subPath: my.cnf - name: mysql-credentials mountPath: /opt/bitnami/mysql/secrets/ - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: empty-dir mountPath: /opt/bitnami/mysql/conf subPath: app-conf-dir - name: empty-dir mountPath: /opt/bitnami/mysql/tmp subPath: app-tmp-dir - name: empty-dir mountPath: /opt/bitnami/mysql/logs subPath: app-logs-dir volumes: - name: config configMap: name: my-mysql-secondary - name: mysql-credentials secret: secretName: my-mysql items: - key: mysql-root-password path: mysql-root-password - key: mysql-replication-password path: mysql-replication-password - name: empty-dir emptyDir: {} volumeClaimTemplates: - metadata: name: data labels: app.kubernetes.io/instance: my-mysql app.kubernetes.io/name: mysql app.kubernetes.io/component: secondary spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi"