一、单机部署MySQL
- 单机部署后面不考虑组集群可以采用此方案,主从集群建议使用StatefulSet方式部署
1.1、MySQL密码
-
密码存储在secret,通过环境变量方式挂到容器中
-
mysql-secret.yaml【MySQL密码secret】
-
echo -n root | base64 必须加 -n 否认环境变量会换行【这种方式也不行,mysql -uroot -p的时候密码会报错】
-
正确的方法:需要使用这种重定向到文件中
-
kubectl create secret generic password-secrets --from-literal=mysql_root_username=root --from-literal=mysql_root_password=root123 -n infra --dry-run=client -oyaml
-
apiVersion: v1
data:
mysql_root_password: cm9vdDEyMw==
mysql_root_username: cm9vdA==
kind: Secret
metadata:
creationTimestamp: "2022-09-30T10:38:01Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:mysql_root_password: {}
f:mysql_root_username: {}
f:type: {}
manager: kubectl-create
operation: Update
time: "2022-09-30T10:38:01Z"
name: password-secrets
namespace: infra
resourceVersion: "3625749"
selfLink: /api/v1/namespaces/infra/secrets/password-secrets
uid: 08bdaa44-9c4d-4ef1-8f79-b8012bfd39ea
type: Opaque
1.2、MySQL编排文件
- namespace.yaml
- 或者用命令创建【kubectl create ns infra】
apiVersion: v1
kind: Namespace
metadata:
name: infra
- MySQL PV、PVC、SC 【目前公司生产也是用这种】
- 这里采用local-pv
- mysql-sc.yaml 、mysql-pvc.yaml、mysql-pv.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: infra-mysql-sc
namespace: infra
provisioner: kubernetes.io/no-provisioner
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: infra-mysql-pvc
namespace: infra
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: infra-mysql-sc
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: infra-mysql-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
storageClassName: infra-mysql-sc
local:
path: /admin/mysql/ # k8s-node01节点上的目录
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- k8s-node01
- mysql-cnf.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
namespace: infra
data:
mysqld.cnf: |-
[mysqld]
default-time_zone='+8:00'
datadir=/var/lib/mysql
symbolic-links=0
max_connections=1000
max_allowed_packet = 1000M
character-set-server=utf8
sql_mode ='STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION'
- mysql-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: infra-mysql
namespace: infra
labels:
app: infra-mysql
tier: mysql
spec:
replicas: 1
selector:
matchLabels:
app: infra-mysql
tier: mysql
template:
metadata:
labels:
app: infra-mysql
tier: mysql
spec:
nodeSelector:
kubernetes.io/hostname: k8s-node01
containers:
- name: mysql
image: mysql:5.7
imagePullPolicy: IfNotPresent
args: # 新版本镜像有更新,需要使用下面的认证插件环境变量配置才会生效
- --default_authentication_plugin=mysql_native_password
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
volumeMounts: # 容器内挂载点的定义部分
- name: time-zone # 容器内挂载点名称
mountPath: /etc/localtime # 容器内挂载点路径,可以是文件或目录
- name: mysql-data
mountPath: /var/lib/mysql # 容器内mysql的数据目录
- name: mysqlcnf # 引用 Volume的名称
mountPath: /etc/mysql/conf.d/mysqld.cnf # 挂载到容器内的目录,这写全路径否则还是会覆盖
subPath: mysqld.cnf # 不会覆盖掉原本的路径下的文件,subpath的值必须是configMap中data下的key值
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
name: dbport # 起个名字,svc可以使用这个名字关联后端pod的端口,更改端口就不需要更改svc
env: # 使用env挂载环境变量可以清晰看出来使用了哪些环境变量,还可以自定义pod内环境变量名称
- name: POD_NAMESPACE # 环境变量名
valueFrom: # value来源
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace # 挂载名称空间进去
- name: MYSQL_ROOT_USERNAME # 环境变量名==secret中key对应的value
valueFrom:
secretKeyRef:
name: password-secrets # secret 名称
key: mysql_root_username # secret中key的name
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: password-secrets
key: mysql_root_password
volumes:
- name: mysqlcnf # 引用 Volume的名称
configMap:
name: mysql-config # 使用ConfigMap "mysql-config"
- name: time-zone # 数据卷名称,需要与容器内挂载点名称一致
hostPath:
path: /etc/localtime # 挂载到容器里的路径,将localtime文件挂载到容器里,可让容器使用本地的时区
- name: mysql-data
persistentVolumeClaim: # 使用PVC进行挂载
claimName: infra-mysql-pvc # PVC name; 本地存放mysql数据的目录
1.3、创建MySQL的Service
- mysql-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: infra-mysql
namespace: infra
labels:
app: infra-mysql
spec:
ports:
- port: 3306
targetPort: dbport
selector:
app: infra-mysql
tier: mysql
1.4、检测MySQL是否正常使用
# 查看环境变量是否生效
[root@k8s-master01 ~]# kubectl exec -it -n infra infra-mysql-656f47c8d5-q6lsx -- env | grep -i mysql
HOSTNAME=infra-mysql-656f47c8d5-q6lsx
MYSQL_ROOT_PASSWORD=root123
MYSQL_ROOT_USER=root
MYSQL_MAJOR=5.7
MYSQL_VERSION=5.7.23-1debian9
# 是否能用root用户连接
[root@k8s-master01 ~]# kubectl exec -it -n infra infra-mysql-7b7776d7d6-2kc29 -- bash
root@infra-mysql-7b7776d7d6-2kc29:/# mysql -uroot -proot123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.36 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>