Topologies
Operations
Backup And Restores
Custom Secret
Monitoring
Topologies
Operations
Backup And Restores
Custom Secret
Monitoring
This guide explains how to deploy a MySQL cluster in KubeBlocks with a custom password generation policy for the root user. By defining specific password rules, you can ensure strong, secure credentials for your cluster.
Before proceeding, ensure the following:
kubectl create ns demo
namespace/demo created
KubeBlocks uses a declarative approach for managing MySQL clusters. Below is an example configuration for deploying a MySQL cluster with 2 nodes (1 primary, 1 replicas) in semi-synchronous mode and a custom root password that adheres to a specific pattern.
kubectl apply -f - <<EOF
apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
name: example-mysql-cluster
namespace: demo
spec:
clusterDef: mysql
topology: semisync
terminationPolicy: Delete
componentSpecs:
- name: mysql
serviceVersion: 8.0.35
replicas: 2
systemAccounts:
- name: root
passwordConfig:
length: 20 # Password length: 20 characters
numDigits: 4 # At least 4 digits
numSymbols: 4 # At least 4 symbols
letterCase: MixedCases # Uppercase and lowercase letters
resources:
limits:
cpu: '0.5'
memory: 0.5Gi
requests:
cpu: '0.5'
memory: 0.5Gi
volumeClaimTemplates:
- name: data
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
EOF
Key Features of the Password Policy:
This ensures the generated password is strong and secure.
Once the cluster is deployed, monitor its status:
kubectl get cluster example-mysql-cluster -n demo -w
NAME CLUSTER-DEFINITION TERMINATION-POLICY STATUS AGE
example-mysql-cluster mysql Delete Creating 10s
example-mysql-cluster mysql Delete Running 1m
Wait until the STATUS changes to Running.
KubeBlocks automatically creates a secret containing the MySQL root credentials. Retrieve the credentials with the following commands:
kubectl get secrets -n demo example-mysql-cluster-mysql-account-root -o jsonpath='{.data.password}' | base64 -d
Expected Output:
v@DI5PC7n*#3hE#HjRV0
This password has the following characteristics:
This password adheres to the custom policy defined in the configuration.
To connect to the cluster's primary node, use the MySQL client with the custom password:
kubectl exec -it -n demo example-mysql-cluster-mysql-0 -c mysql -- mysql -h example-mysql-cluster-mysql.demo.svc.cluster.local -uroot -pv@DI5PC7n*#3hE#HjRV0
To remove all created resources, delete the MySQL cluster along with its namespace:
kubectl delete cluster example-mysql-cluster -n demo
kubectl delete ns demo
In this tutorial, you: