Charmed MySQL K8s
- Canonical
- Databases
Channel | Revision | Published | Runs on |
---|---|---|---|
8.0/stable | 180 | 02 Sep 2024 | |
8.0/stable | 181 | 02 Sep 2024 | |
8.0/candidate | 180 | 26 Aug 2024 | |
8.0/candidate | 181 | 26 Aug 2024 | |
8.0/beta | 207 | 15 Nov 2024 | |
8.0/beta | 206 | 15 Nov 2024 | |
8.0/edge | 209 | 18 Nov 2024 | |
8.0/edge | 208 | 18 Nov 2024 |
juju deploy mysql-k8s --channel 8.0/candidate
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Note: All commands are written for juju >= v.3.1
If you’re using juju 2.9
, check the juju 3.0
Release Notes.
How to enable encryption
This guide will show how to enable TLS using the self-signed-certificates
operator as an example.
Self-signed certificates are not recommended for a production environment.
Check this guide for an overview of the TLS certificates charms available.
Enable TLS
First, deploy the TLS charm:
juju deploy self-signed-certificates
To enable TLS on MySQL, integrate the two applications:
juju integrate self-signed-certificates mysql-k8s
Manage keys
Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key
action. Note that passing keys to external/internal keys should only be done with base64 -w0
, not cat
.
With three replicas, this schema should be followed:
Generate a shared internal (private) key
openssl genrsa -out internal-key.pem 3072
Apply the newly generated internal key on each juju
unit:
juju run-action mysql-k8s/0 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)" --wait
juju run-action mysql-k8s/1 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)" --wait
juju run-action mysql-k8s/2 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)" --wait
Updates can also be done with auto-generated keys:
juju run-action mysql-k8s/0 set-tls-private-key --wait
juju run-action mysql-k8s/1 set-tls-private-key --wait
juju run-action mysql-k8s/2 set-tls-private-key --wait
Disable TLS
Disable TLS by removing the integration:
juju remove-relation tls-certificates-operator mysql-k8s