stable/percona-xtradb-cluster/README.md
As of Nov 13, 2020, charts in this repo will no longer be updated. For more information, see the Helm Charts Deprecation and Archive Notice, and Update.
Percona Server for MySQL® is a free, fully compatible, enhanced, open source drop-in replacement for MySQL that provides superior performance, scalability and instrumentation. With over 3,000,000 downloads, Percona Server for MySQL's self-tuning algorithms and support for extremely high-performance hardware delivers excellent performance and reliability.
Notable users include Netflix, Amazon Web Services, Alcatel-Lucent, and Smug Mug.
This chart is deprecated and no longer supported.
This chart, based off of the Percona chart (which in turn is based off the MySQL chart), bootstraps a multi-node Percona XtraDB Cluster deployment on a Kubernetes cluster using the Helm package manager.
The chart exploits the deterministic nature of StatefulSet and KubeDNS to ensure the cluster bootstrap is performed in the correct order.
To install the chart with the release name my-release:
$ helm install --name my-release stable/percona-xtradb-cluster
The command deploys a Percona XtraDB Cluster on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
The root password can only be used inside each pod. You should set a default mysqlDatabase, mysqlUser and mysqlPassword in the values.yaml file.
By default an insecure password will be generated for the root and replication users. If you'd like to set your own password change the mysqlRootPassword or xtraBackupPassword respectively
in the values.yaml.
You can retrieve your root password (usable only via localhost in each pod) by running the following command. Make sure to replace [YOUR_RELEASE_NAME]:
printf $(printf '\%o' `kubectl get secret [YOUR_RELEASE_NAME]-percona -o jsonpath="{.data.mysql-root-password[*]}"`)
Tip: List all releases using
helm list
To uninstall/delete the my-release deployment:
$ helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.
The following table lists the configurable parameters of the Percona chart and their default values.
| Parameter | Description | Default |
|---|---|---|
image.repository | percona-xtradb-cluster image Repo. | 5.7.19 release |
image.tag | percona-xtradb-cluster image tag. | percona/percona-xtradb-cluster |
image.pullPolicy | Image pull policy | IfNotPresent |
replicas | Number of pods to join the Percona XtraDB Cluster | 3 |
allowRootFrom | Remote hosts to allow root access, set to 127.0.0.1 to disable remote root | % |
mysqlRootPassword | Password for the root user. | not-a-secure-password |
xtraBackupPassword | Password for the xtrabackup user. | replicate-my-data |
pxc_strict_mode | Setting for pxc_strict_mode. | ENFORCING |
mysqlUser | Username of new user to create. | nil |
mysqlPassword | Password for the new user. | nil |
mysqlDatabase | Name for new database to create. | nil |
serviceAccountName | Name for the pod's serviceAccount | nil |
securityContext.runAsUser | Run the pod with this uid | nil |
securityContext.runAsGroup | Run the pod with this gid | nil |
securityContext.fsGroup | Set GID for mounted volumes | nil |
persistence.enabled | Create a volume to store data | false |
persistence.size | Size of persistent volume claim | 8Gi RW |
persistence.storageClass | Type of persistent volume claim | nil (uses alpha storage class annotation) |
persistence.accessMode | ReadWriteOnce or ReadOnly | ReadWriteOnce |
tolerations | Node labels for pod assignment | [] |
nodeSelector | Node labels for pod assignment | {} |
podAnnotations | Pod annotations | {} |
resources | CPU/Memory resource requests/limits | Memory: 256Mi, CPU: 100m |
configFiles | files to write to /etc/mysql/conf.d | see values.yaml |
ssl.enabled | Setup and use SSL for MySQL connections | false |
ssl.secret | Name of the secret containing the SSL certificates | mysql-ssl-certs |
ssl.certificates[0].name | Name of the secret containing the SSL certificates | nil |
ssl.certificates[0].ca | CA certificate | nil |
ssl.certificates[0].cert | Server certificate (public key) | nil |
ssl.certificates[0].key | Server key (private key) | nil |
logTail | if set to true runs a container to tail /var/log/mysqld.log in the pod | true |
metricsExporter.enabled | if set to true runs a mysql metrics exporter container in the pod | false |
metricsExporter.commandOverrides | Overrides default docker command for metrics exporter | [] |
metricsExporter.argsOverrides | Overrides default docker args for metrics exporter | [] |
metricsExporter.tag | Specify a docker image tag for prom/mysqld-exporter metrics exporter docker image | nil |
prometheus.operator.enabled | Setting to true will create Prometheus-Operator specific resources | false |
prometheus.operator.prometheusRule.enabled | Create default alerting rules | true |
prometheus.operator.prometheusRule.labels | Labels to add to alerts | {} |
prometheus.operator.prometheusRule.namespace | Namespace which Prometheus is installed in | nil |
prometheus.operator.prometheusRule.selector | Label Selector for Prometheus to find ServiceMonitors | nil |
prometheus.operator.serviceMonitor.interval | Interval at which Prometheus will scrape metrics exporter | 10s |
prometheus.operator.serviceMonitor.namespace | Namespace which Prometheus is installed in | nil |
prometheus.operator.serviceMonitor.selector | Label Selector for Prometheus to find ServiceMonitors | nil |
podDisruptionBudget | Pod disruption budget | {enabled: false, maxUnavailable: 1} |
service.percona.headless | if set to true makes the percona service headless | false |
initResources | CPU/Memory resource requests/limits for init containers | Memory: 128Mi, CPU: 100m |
Some of the parameters above map to the env variables defined in the Percona XtraDB Cluster DockerHub image.
Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,
$ helm install --name my-release \
--set mysqlRootPassword=secretpassword,mysqlUser=my-user,mysqlPassword=my-password,mysqlDatabase=my-database \
stable/percona-xtradb-cluster
The above command sets the MySQL root account password to secretpassword. Additionally it creates a standard database user named my-user, with the password my-password, who has access to a database named my-database.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
$ helm install --name my-release -f values.yaml stable/percona-xtradb-cluster
Tip: You can use the default values.yaml
The Percona XtraDB Cluster DockerHub image stores the MySQL data and configurations at the /var/lib/mysql path of the container.
By default, an emptyDir volume is mounted at that location.
"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."
You can change the values.yaml to enable persistence and use a PersistentVolumeClaim instead.
This chart supports configuring MySQL to use encrypted connections with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases:
Include your certificate data in the ssl.certificates section. For example:
ssl:
enabled: false
secret: mysql-ssl-certs
certificates:
- name: mysql-ssl-certs
ca: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
cert: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
key: |-
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
Note: Make sure your certificate data has the correct formatting in the values file.
ssl.secret.ssl.certificates.To manually create the certificate secret from local files you can execute:
kubectl create secret generic mysql-ssl-certs \
--from-file=ca.pem=./ssl/certificate-authority.pem \
--from-file=server-cert.pem=./ssl/server-public-key.pem \
--from-file=server-key.pem=./ssl/server-private-key.pem
Note:
ca.pem,server-cert.pem, andserver-key.pemmust be used as the key names in this generic secret.
If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld]
[mysqld]
ssl-ca=/ssl/ca.pem
ssl-cert=/ssl/server-cert.pem
ssl-key=/ssl/server-key.pem
PXC Strict Mode is designed to avoid the use of experimental and unsupported features in Percona XtraDB Cluster. It performs a number of validations at startup and during runtime.
Depending on the actual mode you select, upon encountering a failed validation, the server will either throw an error (halting startup or denying the operation), or log a warning and continue running as normal. The following modes are available:
By default, PXC Strict Mode is set to ENFORCING, except if the node is acting as a standalone server or the node is bootstrapping, then PXC Strict Mode defaults to DISABLED.
Source: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/features/pxc-strict-mode.html