Charmed MySQL
- By Canonical Data Platform
- Cloud
Channel | Revision | Published | Runs on |
---|---|---|---|
8.0/stable | 196 | 29 Sep 2023 | |
8.0/candidate | 196 | 27 Sep 2023 | |
8.0/beta | 196 | 25 Sep 2023 | |
8.0/edge | 203 | 01 Dec 2023 |
juju deploy mysql --channel 8.0/stable
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
22.04
How to enable encryption
Hint: Use Juju 3. Otherwise replace
juju run ...
withjuju run-action --wait ...
andjuju integrate
withjuju relate
for Juju 2.9.
Warning: The document uses ‘self-signed-certificates’ which is NOT recommended for production clusters, the ‘tls-certificates-operator’ should be considered for production!
Enable TLS
# deploy the TLS charm
juju deploy self-signed-certificates --channel edge
# to enable TLS relate the two applications
juju integrate self-signed-certificates mysql
Manage keys
Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key
action. Note: passing the key should only be done with base64 -w0
not cat
. With three units this schema should be followed:
- Generate a shared internal (private) key
openssl genrsa -out internal-key.pem 3072
- apply newly generated internal key on each juju unit:
juju run mysql/0 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/1 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/2 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
- updates can also be done with auto-generated keys with
juju run mysql/0 set-tls-private-key
juju run mysql/1 set-tls-private-key
juju run mysql/2 set-tls-private-key
Disable TLS remove the relation
juju remove-relation self-signed-certificates mysql