K8s部署MySQL8.0数据库
Kubernetes 部署 MySQL 8.0 专业指南
🧩 完整部署方案
1. 创建专用命名空间
kubectl create namespace database
2. 配置持久化存储
# mysql-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: mysql-pvcnamespace: database
spec:accessModes:- ReadWriteOncestorageClassName: standard # 根据集群存储类调整resources:requests:storage: 10Gi
3. 安全凭证配置(Secret)
kubectl create secret generic mysql-secrets -n database \--from-literal=mysql-root-password='YourStrongRootPass!123' \--from-literal=mysql-password='YourUserPass!456'
4. 部署 MySQL StatefulSet
# mysql-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:name: mysqlnamespace: database
spec:serviceName: mysqlreplicas: 1selector:matchLabels:app: mysqltemplate:metadata:labels:app: mysqlspec:containers:- name: mysqlimage: mysql:8.0env:- name: MYSQL_ROOT_PASSWORDvalueFrom:secretKeyRef:name: mysql-secretskey: mysql-root-password- name: MYSQL_PASSWORDvalueFrom:secretKeyRef:name: mysql-secretskey: mysql-password- name: MYSQL_USERvalue: "appuser"- name: MYSQL_DATABASEvalue: "appdb"ports:- containerPort: 3306name: mysqlvolumeMounts:- name: mysql-persistent-storagemountPath: /var/lib/mysqlresources:requests:memory: "512Mi"cpu: "0.5"limits:memory: "1Gi"cpu: "1"livenessProbe:exec:command: ["mysqladmin", "ping", "-h", "localhost"]initialDelaySeconds: 30periodSeconds: 10readinessProbe:exec:command: ["mysql", "-uappuser", "-p${MYSQL_PASSWORD}", "-e", "SELECT 1"]initialDelaySeconds: 5periodSeconds: 5volumes:- name: mysql-persistent-storagepersistentVolumeClaim:claimName: mysql-pvc
5. 创建 MySQL 服务
# mysql-service.yaml
apiVersion: v1
kind: Service
metadata:name: mysqlnamespace: database
spec:selector:app: mysqlports:- protocol: TCPport: 3306targetPort: mysqlclusterIP: None # Headless Service
🔒 高级安全配置
1. 加密通信(TLS)
# 生成证书
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \-keyout mysql.key -out mysql.crt -subj "/CN=mysql.database.svc.cluster.local"# 创建 Kubernetes Secret
kubectl create secret tls mysql-tls -n database \--cert=mysql.crt \--key=mysql.key
2. 在 StatefulSet 中添加 TLS 配置
# 在容器配置中添加
volumeMounts:
- name: tls-certsmountPath: "/etc/mysql/certs"readOnly: true# 在volumes部分添加
volumes:
- name: tls-certssecret:secretName: mysql-tlsdefaultMode: 0400# 在env中添加
- name: MYSQL_SSL_CERTvalue: "/etc/mysql/certs/tls.crt"
- name: MYSQL_SSL_KEYvalue: "/etc/mysql/certs/tls.key"
⚙️ 配置优化
1. 自定义 MySQL 配置
# 创建 ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:name: mysql-confignamespace: database
data:my.cnf: |[mysqld]innodb_buffer_pool_size = 512Mmax_connections = 200character-set-server = utf8mb4collation-server = utf8mb4_unicode_cidefault_authentication_plugin = mysql_native_passwordskip-name-resolvelog-bin = mysql-binserver-id = 1binlog_format = ROWtransaction_isolation = READ-COMMITTED
2. 在 StatefulSet 中挂载配置
volumeMounts:
- name: mysql-configmountPath: /etc/mysql/conf.d/my.cnfsubPath: my.cnfvolumes:
- name: mysql-configconfigMap:name: mysql-config
🔄 高可用方案(主从复制)
1. 主库配置(StatefulSet 0)
env:
- name: MYSQL_REPLICATION_MODEvalue: "master"
- name: MYSQL_REPLICATION_USERvalue: "repl"
- name: MYSQL_REPLICATION_PASSWORDvalueFrom:secretKeyRef:name: mysql-secretskey: mysql-repl-password
2. 从库配置(StatefulSet 1+)
env:
- name: MYSQL_REPLICATION_MODEvalue: "slave"
- name: MYSQL_MASTER_HOSTvalue: "mysql-0.mysql.database.svc.cluster.local"
- name: MYSQL_MASTER_PORTvalue: "3306"
- name: MYSQL_REPLICATION_USERvalue: "repl"
- name: MYSQL_REPLICATION_PASSWORDvalueFrom:secretKeyRef:name: mysql-secretskey: mysql-repl-password
📊 监控配置(Prometheus)
1. 启用 MySQL Exporter
# 在 StatefulSet 中添加 sidecar 容器
- name: mysql-exporterimage: prom/mysqld-exporter:v0.14.0env:- name: DATA_SOURCE_NAMEvalue: "exporter:ExporterPass123@(localhost:3306)/"ports:- containerPort: 9104name: metrics
2. ServiceMonitor 配置
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:name: mysql-monitornamespace: database
spec:selector:matchLabels:app: mysqlendpoints:- port: metricsinterval: 30snamespaceSelector:matchNames:- database
🚀 部署命令
# 应用所有配置
kubectl apply -f mysql-pvc.yaml
kubectl apply -f mysql-secrets.yaml
kubectl apply -f mysql-config.yaml
kubectl apply -f mysql-statefulset.yaml
kubectl apply -f mysql-service.yaml
kubectl apply -f mysql-tls.yaml
kubectl apply -f mysql-monitor.yaml# 验证部署
kubectl -n database get pods -l app=mysql
kubectl -n database logs mysql-0 -c mysql
🔧 维护操作
1. 数据库备份
# 创建备份任务
kubectl -n database exec mysql-0 -- \mysqldump -u root -p$MYSQL_ROOT_PASSWORD --all-databases | gzip > mysql-backup-$(date +%F).sql.gz
2. 数据库恢复
gunzip < mysql-backup-2023-08-15.sql.gz | kubectl -n database exec -i mysql-0 -- \mysql -u root -p$MYSQL_ROOT_PASSWORD
3. 版本升级
# 滚动更新策略
kubectl -n database patch statefulset mysql \-p '{"spec":{"updateStrategy":{"type":"RollingUpdate"}}}'# 更新镜像版本
kubectl -n database set image statefulset/mysql mysql=mysql:8.0.33
💡 最佳实践建议
- 资源隔离:
- 使用专用节点池(taints/tolerations)
- 配置 PodDisruptionBudget
- 安全加固:
- 启用网络策略限制访问
- 定期轮换数据库凭证
- 性能优化:
- 使用本地 SSD 存储
- 调整 InnoDB 缓冲池大小
- 灾难恢复:
- 配置定期快照备份
- 部署跨可用区副本
📊 监控指标关键项
| 指标 | 正常范围 | 告警阈值 |
|---|---|---|
| 连接数 | < 最大连接数80% | > 90% |
| QPS | 根据业务负载 | 突增300% |
| 缓冲池命中率 | > 95% | < 90% |
| 复制延迟 | < 1s | > 5s |
| 磁盘空间 | < 80% | > 90% |
通过此方案,您将在 Kubernetes 上获得一个生产级、高可用的 MySQL 8.0 部署,具备完善的安全防护、监控告警和灾备能力。