In part one and part two of this series, we introduced the different ways to manage MySQL configurations and precedence when using the Percona XtraDB Cluster (PXC) object and ConfigMap. In this post, we will see the precedence when secrets are used for MySQL configurations in Percona Operator for MySQL based on Percona XtraDB Cluster.
CASE-4: Secret with name cluster1-pxc and ConfigMap with name cluster1-pxc but without configuration in PXC object
When the MySQL configuration is present in the ConfigMap and secret but not in the PXC object, the following would be the state
|
1 2 3 4 5 6 7 8 9 10 |
# kubectl get pxc cluster1 -ojson | jq .spec.pxc.configuration # kubectl get secrets cluster1-pxc -ojson | jq -r '.data."secret.cnf"' |base64 -d [mysqld] wsrep_debug=CLIENT wsrep_provider_options="gcache.size=768M; gcache.recover=yes" # kubectl get cm cluster1-pxc -ojson | jq .data { "init.cnf": "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=64M; gcache.recover=yes\"\n" } |
Let’s query the DB to see which value has been taken
|
1 2 3 4 5 6 |
# kubectl run -i --rm --tty percona-client --image=percona:8.0 --restart=Never -- bash -il mysql> SHOW VARIABLES LIKE 'wsrep_provider_options'\G *************************** 1. row *************************** Variable_name: wsrep_provider_options </snip> gcache.size = 768M; … </snip> |
As it can be seen, secrets take precedence over ConfigMap
CASE-5: Configuration present in PXC object, ConfigMap cluster1-pxc, secret cluster1-pxc
Current State:
|
1 2 3 4 5 6 |
# kubectl get pxc cluster1 -ojson | jq .spec.pxc.configuration "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" # kubectl get cm cluster1-pxc -ojson | jq .data { "init.cnf": "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" } |
Let’s try to use secrets cluster1-pxc and see the effects.
|
1 2 3 4 5 6 |
# cat secret.cnf [mysqld] wsrep_debug=CLIENT wsrep_provider_options="gcache.size=768M; gcache.recover=yes" # kubectl create secret generic cluster1-pxc --from-file secret.cnf secret/cluster1-pxc created |
As it can be seen below, ConfigMap and pxc object had no changes.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# for i in `seq 1 100`; do kubectl get pxc cluster1 -ojson | jq .spec.pxc.configuration ; sleep 2 ; done "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" # for i in `seq 1 100`; do kubectl get cm cluster1-pxc -ojson | jq .data; sleep 2 ;done { "init.cnf": "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" } { "init.cnf": "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" } { "init.cnf": "[mysqld]\nwsrep_debug=CLIENT\nwsrep_provider_options=\"gcache.size=128M; gcache.recover=yes\"\n" } |
However, the DB has taken configurations from secrets
|
1 2 3 4 |
mysql> SHOW VARIABLES LIKE 'wsrep_provider_options'\G *************************** 1. row *************************** Variable_name: wsrep_provider_options </snip> gcache.size = 768M; … </snip> |
Secrets take precedence over pxc object and ConfigMap
We would love to hear how you are managing MySQL configurations, feel free to comment 🙂
Resources
RELATED POSTS
