apiVersion: apps/v1 kind: StatefulSet metadata: name: mysql namespace: mysql spec: replicas: 1 podManagementPolicy: Parallel serviceName: mysql-headless updateStrategy: type: RollingUpdate selector: matchLabels: component: primary template: metadata: labels: component: primary spec: serviceAccountName: default automountServiceAccountToken: false securityContext: fsGroup: 1001 fsGroupChangePolicy: Always initContainers: - name: preserve-logs-symlinks image: {{ .apps.mysql.image }} imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seccompProfile: type: RuntimeDefault resources: limits: cpu: 250m ephemeral-storage: 1Gi memory: 256Mi requests: cpu: 100m ephemeral-storage: 50Mi memory: 128Mi command: - /bin/bash args: - -ec - | #!/bin/bash . /opt/bitnami/scripts/libfs.sh # We copy the logs folder because it has symlinks to stdout and stderr if ! is_dir_empty /opt/bitnami/mysql/logs; then cp -r /opt/bitnami/mysql/logs /emptydir/app-logs-dir fi volumeMounts: - name: empty-dir mountPath: /emptydir containers: - name: mysql image: {{ .apps.mysql.image }} imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seccompProfile: type: RuntimeDefault env: - name: BITNAMI_DEBUG value: "false" - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-secrets key: apps.mysql.rootPassword - name: MYSQL_USER value: {{ .apps.mysql.user }} - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: mysql-secrets key: apps.mysql.password - name: MYSQL_DATABASE value: {{ .apps.mysql.dbName }} - name: MYSQL_PORT value: "{{ .apps.mysql.port }}" ports: - name: mysql containerPort: {{ .apps.mysql.port }} livenessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_ROOT_PASSWORD:-}" mysqladmin status -uroot -p"${password_aux}" readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_ROOT_PASSWORD:-}" mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" startupProbe: failureThreshold: 10 initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 exec: command: - /bin/bash - -ec - | password_aux="${MYSQL_ROOT_PASSWORD:-}" mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" resources: limits: cpu: 750m ephemeral-storage: 2Gi memory: 768Mi requests: cpu: 500m ephemeral-storage: 50Mi memory: 512Mi volumeMounts: - name: data mountPath: /bitnami/mysql - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: empty-dir mountPath: /opt/bitnami/mysql/conf subPath: app-conf-dir - name: empty-dir mountPath: /opt/bitnami/mysql/tmp subPath: app-tmp-dir - name: empty-dir mountPath: /opt/bitnami/mysql/logs subPath: app-logs-dir - name: config mountPath: /opt/bitnami/mysql/conf/my.cnf subPath: my.cnf volumes: - name: config configMap: name: mysql - name: empty-dir emptyDir: {} volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .apps.mysql.storage }}