apiVersion: apps/v1 kind: StatefulSet metadata: name: mysql namespace: mysql spec: replicas: 1 podManagementPolicy: Parallel serviceName: mysql-headless updateStrategy: type: RollingUpdate selector: matchLabels: component: primary template: metadata: labels: component: primary spec: serviceAccountName: default automountServiceAccountToken: false securityContext: runAsNonRoot: true runAsUser: 999 runAsGroup: 999 fsGroup: 999 fsGroupChangePolicy: Always seccompProfile: type: RuntimeDefault containers: - name: mysql image: {{ .apps.mysql.image }} imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: false env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-secrets key: apps.mysql.rootPassword - name: MYSQL_USER value: {{ .apps.mysql.user }} - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: mysql-secrets key: apps.mysql.password - name: MYSQL_DATABASE value: {{ .apps.mysql.dbName }} - name: TZ value: {{ .apps.mysql.timezone }} ports: - name: mysql containerPort: {{ .apps.mysql.port }} protocol: TCP livenessProbe: exec: command: - /bin/sh - -c - mysqladmin ping -h localhost --silent initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: exec: command: - /bin/sh - -c - mysql -h localhost -u root -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1" initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 startupProbe: exec: command: - /bin/sh - -c - mysqladmin ping -h localhost --silent initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 40 resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 500m memory: 512Mi volumeMounts: - name: data mountPath: /var/lib/mysql - name: config mountPath: /etc/mysql/conf.d/custom.cnf subPath: custom.cnf volumes: - name: config configMap: name: mysql volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .apps.mysql.storage }}