Topologies
Operations
Backup And Restores
Custom Secret
Monitoring
Topologies
Operations
Backup And Restores
Custom Secret
Monitoring
This guide demonstrates how to deploy a MySQL cluster with TLS encryption using KubeBlocks. TLS ensures secure communication between the MySQL client and server by encrypting data in transit, protecting sensitive information. You will learn how to deploy the cluster, connect securely using TLS, and clean up resources after testing.
Before proceeding, ensure the following:
kubectl create ns demo
namespace/demo created
KubeBlocks uses a declarative approach for managing MySQL clusters. Below is an example configuration for deploying a MySQL cluster with 2 nodes (1 primary, 1 replicas) in semi-synchronous mode with TLS enabled.
Apply the following YAML configuration:
kubectl apply -f - <<EOF
apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
name: example-mysql-cluster
namespace: demo
spec:
clusterDef: mysql
topology: semisync
terminationPolicy: Delete
componentSpecs:
- name: mysql
serviceVersion: 8.0.35
replicas: 2
tls: true
issuer:
name: KubeBlocks
resources:
limits:
cpu: '0.5'
memory: 0.5Gi
requests:
cpu: '0.5'
memory: 0.5Gi
volumeClaimTemplates:
- name: data
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
EOF
tls: true
: Enables TLS encryption for secure communication.issuer: KubeBlocks
: Uses KubeBlocks' default built-in certificate issuer for TLS.Monitor the cluster status until it transitions to the Running state:
kubectl get cluster -n demo
Expected Output:
NAME CLUSTER-DEFINITION TERMINATION-POLICY STATUS AGE
example-mysql-cluster mysql Delete Running 11m
KubeBlocks automatically creates a secret containing the MySQL root credentials. Retrieve the credentials with the following commands:
kubectl get secrets -n demo example-mysql-cluster-mysql-account-root -o jsonpath='{.data.username}' | base64 -d
Expected Output:
root
kubectl get secrets -n demo example-mysql-cluster-mysql-account-root -o jsonpath='{.data.password}' | base64 -d
Expected Output:
43Rysk6w10
Use the MySQL client to connect securely with TLS enabled. The '--ssl-mode=REQUIRED' option enforces the use of TLS for encryption.
kubectl exec -it -n demo example-mysql-cluster-mysql-0 -c mysql -- mysql -h example-mysql-cluster-mysql.demo.svc.cluster.local -uroot -p43Rysk6w10 --ssl-mode=REQUIRED
Verify TLS connection status in MySQL shell:
mysql> STATUS;
--------------
SSL: Cipher in use is TLS_AES_256_GCM_SHA384
If the SSL field displays a cipher, the connection is successfully encrypted using TLS.
To remove all resources created in this tutorial, run the following commands:
kubectl delete cluster example-mysql-cluster -n demo
kubectl delete ns demo
In this guide, you learned how to:
TLS encryption ensures secure communication by encrypting data in transit and protecting sensitive information. By following these steps, you can deploy a secure MySQL cluster on Kubernetes with ease using KubeBlocks.