diff --git a/mysql/configmap.yaml b/mysql/configmap.yaml index a0d9c4b..494cc04 100644 --- a/mysql/configmap.yaml +++ b/mysql/configmap.yaml @@ -4,34 +4,36 @@ metadata: name: mysql namespace: mysql data: - my.cnf: | + custom.cnf: | [mysqld] - authentication_policy='* ,,' + # Connection settings skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port={{ .apps.mysql.port }} - mysqlx=0 - mysqlx_port=33060 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=* - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - slow_query_log=0 - long_query_time=10.0 - + max_connections=200 + max_allowed_packet=64M + + # Character set + character-set-server=utf8mb4 + collation-server=utf8mb4_unicode_ci + + # Performance tuning + innodb_buffer_pool_size=512M + innodb_log_file_size=128M + innodb_flush_log_at_trx_commit=2 + innodb_flush_method=O_DIRECT + + # Query optimization + slow_query_log=1 + long_query_time=2 + slow_query_log_file=/var/lib/mysql/slow-query.log + + # Timeout settings + wait_timeout=600 + interactive_timeout=600 + + # Binary logging (optional, for replication) + # server-id=1 + # log_bin=/var/lib/mysql/mysql-bin + # binlog_format=ROW + [client] - port={{ .apps.mysql.port }} - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - - [manager] - port={{ .apps.mysql.port }} - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid \ No newline at end of file + default-character-set=utf8mb4 \ No newline at end of file diff --git a/mysql/manifest.yaml b/mysql/manifest.yaml index 80d6f27..ceaa2cd 100644 --- a/mysql/manifest.yaml +++ b/mysql/manifest.yaml @@ -1,10 +1,10 @@ name: mysql description: MySQL is an open-source relational database management system -version: 8.4.5 +version: 9.1.0 icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png requires: [] defaultConfig: - image: docker.io/bitnami/mysql:8.4.5-debian-12-r0 + image: mysql:9.1.0 port: 3306 storage: 20Gi dbName: mysql diff --git a/mysql/statefulset.yaml b/mysql/statefulset.yaml index ea6975a..0deabe2 100644 --- a/mysql/statefulset.yaml +++ b/mysql/statefulset.yaml @@ -20,46 +20,13 @@ spec: serviceAccountName: default automountServiceAccountToken: false securityContext: - fsGroup: 1001 + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + fsGroup: 999 fsGroupChangePolicy: Always - initContainers: - - name: preserve-logs-symlinks - image: {{ .apps.mysql.image }} - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault - resources: - limits: - cpu: 250m - ephemeral-storage: 1Gi - memory: 256Mi - requests: - cpu: 100m - ephemeral-storage: 50Mi - memory: 128Mi - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash - . /opt/bitnami/scripts/libfs.sh - # We copy the logs folder because it has symlinks to stdout and stderr - if ! is_dir_empty /opt/bitnami/mysql/logs; then - cp -r /opt/bitnami/mysql/logs /emptydir/app-logs-dir - fi - volumeMounts: - - name: empty-dir - mountPath: /emptydir + seccompProfile: + type: RuntimeDefault containers: - name: mysql image: {{ .apps.mysql.image }} @@ -69,15 +36,8 @@ spec: capabilities: drop: - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seccompProfile: - type: RuntimeDefault + readOnlyRootFilesystem: false env: - - name: BITNAMI_DEBUG - value: "false" - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: @@ -92,83 +52,59 @@ spec: key: apps.mysql.password - name: MYSQL_DATABASE value: {{ .apps.mysql.dbName }} - - name: MYSQL_PORT - value: "{{ .apps.mysql.port }}" + - name: TZ + value: {{ .apps.mysql.timezone }} ports: - name: mysql containerPort: {{ .apps.mysql.port }} + protocol: TCP livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 exec: command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - mysqladmin status -uroot -p"${password_aux}" + - /bin/sh + - -c + - mysqladmin ping -h 127.0.0.1 -u root -p${MYSQL_ROOT_PASSWORD} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 exec: command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" + - /bin/sh + - -c + - mysqladmin ping -h 127.0.0.1 -u root -p${MYSQL_ROOT_PASSWORD} + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 startupProbe: - failureThreshold: 10 + exec: + command: + - /bin/sh + - -c + - mysqladmin ping -h 127.0.0.1 -u root -p${MYSQL_ROOT_PASSWORD} initialDelaySeconds: 15 periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - mysqladmin ping -uroot -p"${password_aux}" | grep "mysqld is alive" + timeoutSeconds: 5 + failureThreshold: 30 resources: limits: - cpu: 750m - ephemeral-storage: 2Gi - memory: 768Mi + cpu: 1000m + memory: 1Gi requests: cpu: 500m - ephemeral-storage: 50Mi memory: 512Mi volumeMounts: - name: data - mountPath: /bitnami/mysql - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/mysql/conf - subPath: app-conf-dir - - name: empty-dir - mountPath: /opt/bitnami/mysql/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/mysql/logs - subPath: app-logs-dir + mountPath: /var/lib/mysql - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf + mountPath: /etc/mysql/conf.d/custom.cnf + subPath: custom.cnf volumes: - name: config configMap: name: mysql - - name: empty-dir - emptyDir: {} volumeClaimTemplates: - metadata: name: data