Kubernetes 部署 MySQL 8.0 专业指南
🧩 完整部署方案
1. 创建专用命名空间
kubectl create namespace database2. 配置持久化存储
# mysql-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
namespace: database
spec:
accessModes:
- ReadWriteOnce
storageClassName: standard # 根据集群存储类调整
resources:
requests:
storage: 10Gi3. 安全凭证配置(Secret)
kubectl create secret generic mysql-secrets -n database \
--from-literal=mysql-root-password='YourStrongRootPass!123' \
--from-literal=mysql-password='YourUserPass!456'4. 部署 MySQL StatefulSet
# mysql-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
namespace: database
spec:
serviceName: mysql
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8.0
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secrets
key: mysql-root-password
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secrets
key: mysql-password
- name: MYSQL_USER
value: "appuser"
- name: MYSQL_DATABASE
value: "appdb"
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
resources:
requests:
memory: "512Mi"
cpu: "0.5"
limits:
memory: "1Gi"
cpu: "1"
livenessProbe:
exec:
command: ["mysqladmin", "ping", "-h", "localhost"]
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
exec:
command: ["mysql", "-uappuser", "-p${MYSQL_PASSWORD}", "-e", "SELECT 1"]
initialDelaySeconds: 5
periodSeconds: 5
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pvc5. 创建 MySQL 服务
# mysql-service.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: database
spec:
selector:
app: mysql
ports:
- protocol: TCP
port: 3306
targetPort: mysql
clusterIP: None # Headless Service🔒 高级安全配置
1. 加密通信(TLS)
# 生成证书
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout mysql.key -out mysql.crt -subj "/CN=mysql.database.svc.cluster.local"
# 创建 Kubernetes Secret
kubectl create secret tls mysql-tls -n database \
--cert=mysql.crt \
--key=mysql.key2. 在 StatefulSet 中添加 TLS 配置
# 在容器配置中添加
volumeMounts:
- name: tls-certs
mountPath: "/etc/mysql/certs"
readOnly: true
# 在volumes部分添加
volumes:
- name: tls-certs
secret:
secretName: mysql-tls
defaultMode: 0400
# 在env中添加
- name: MYSQL_SSL_CERT
value: "/etc/mysql/certs/tls.crt"
- name: MYSQL_SSL_KEY
value: "/etc/mysql/certs/tls.key"⚙️ 配置优化
1. 自定义 MySQL 配置
# 创建 ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
namespace: database
data:
my.cnf: |
[mysqld]
innodb_buffer_pool_size = 512M
max_connections = 200
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
default_authentication_plugin = mysql_native_password
skip-name-resolve
log-bin = mysql-bin
server-id = 1
binlog_format = ROW
transaction_isolation = READ-COMMITTED2. 在 StatefulSet 中挂载配置
volumeMounts:
- name: mysql-config
mountPath: /etc/mysql/conf.d/my.cnf
subPath: my.cnf
volumes:
- name: mysql-config
configMap:
name: mysql-config🔄 高可用方案(主从复制)
1. 主库配置(StatefulSet 0)
env:
- name: MYSQL_REPLICATION_MODE
value: "master"
- name: MYSQL_REPLICATION_USER
value: "repl"
- name: MYSQL_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secrets
key: mysql-repl-password2. 从库配置(StatefulSet 1+)
env:
- name: MYSQL_REPLICATION_MODE
value: "slave"
- name: MYSQL_MASTER_HOST
value: "mysql-0.mysql.database.svc.cluster.local"
- name: MYSQL_MASTER_PORT
value: "3306"
- name: MYSQL_REPLICATION_USER
value: "repl"
- name: MYSQL_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secrets
key: mysql-repl-password📊 监控配置(Prometheus)
1. 启用 MySQL Exporter
# 在 StatefulSet 中添加 sidecar 容器
- name: mysql-exporter
image: prom/mysqld-exporter:v0.14.0
env:
- name: DATA_SOURCE_NAME
value: "exporter:ExporterPass123@(localhost:3306)/"
ports:
- containerPort: 9104
name: metrics2. ServiceMonitor 配置
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: mysql-monitor
namespace: database
spec:
selector:
matchLabels:
app: mysql
endpoints:
- port: metrics
interval: 30s
namespaceSelector:
matchNames:
- database🚀 部署命令
# 应用所有配置
kubectl apply -f mysql-pvc.yaml
kubectl apply -f mysql-secrets.yaml
kubectl apply -f mysql-config.yaml
kubectl apply -f mysql-statefulset.yaml
kubectl apply -f mysql-service.yaml
kubectl apply -f mysql-tls.yaml
kubectl apply -f mysql-monitor.yaml
# 验证部署
kubectl -n database get pods -l app=mysql
kubectl -n database logs mysql-0 -c mysql🔧 维护操作
1. 数据库备份
# 创建备份任务
kubectl -n database exec mysql-0 -- \
mysqldump -u root -p$MYSQL_ROOT_PASSWORD --all-databases | gzip > mysql-backup-$(date +%F).sql.gz2. 数据库恢复
gunzip < mysql-backup-2023-08-15.sql.gz | kubectl -n database exec -i mysql-0 -- \
mysql -u root -p$MYSQL_ROOT_PASSWORD3. 版本升级
# 滚动更新策略
kubectl -n database patch statefulset mysql \
-p '{"spec":{"updateStrategy":{"type":"RollingUpdate"}}}'
# 更新镜像版本
kubectl -n database set image statefulset/mysql mysql=mysql:8.0.33💡 最佳实践建议
- 资源隔离 :
- 使用专用节点池(taints/tolerations)
- 配置 PodDisruptionBudget
- 安全加固 :
- 启用网络策略限制访问
- 定期轮换数据库凭证
- 性能优化 :
- 使用本地 SSD 存储
- 调整 InnoDB 缓冲池大小
- 灾难恢复 :
- 配置定期快照备份
- 部署跨可用区副本
📊 监控指标关键项
| 指标 | 正常范围 | 告警阈值 |
|---|---|---|
| 连接数 | < 最大连接数80% | > 90% |
| QPS | 根据业务负载 | 突增300% |
| 缓冲池命中率 | > 95% | < 90% |
| 复制延迟 | < 1s | > 5s |
| 磁盘空间 | < 80% | > 90% |
通过此方案,您将在 Kubernetes 上获得一个生产级、高可用的 MySQL 8.0 部署,具备完善的安全防护、监控告警和灾备能力。