Environment Setup:
- A Kubernetes cluster is up and running.
- The kubectl CLI tool is configured to communicate with your cluster.
- KubeBlocks CLI and KubeBlocks Operator are installed. Follow the installation instructions here.
Namespace Preparation: To keep resources isolated, create a dedicated namespace for this tutorial:

kubectl create ns demo

Expected Output:

namespace/demo created

Deploying the MySQL Semi-Synchronous Cluster

KubeBlocks uses a declarative approach for managing MySQL clusters. Below is an example configuration for deploying a MySQL cluster with 2 nodes (1 primary, 1 replicas) in semi-synchronous mode and a custom root password.

Step 1: Create a Secret for the Root Account

The custom root password is stored in a Kubernetes Secret. Create the Secret by applying the following YAML:

kubectl apply -f - <<EOF
apiVersion: v1
data:
  password: Y3VzdG9tcGFzc3dvcmQ= # custompassword
  username: cm9vdA== #root
immutable: true
kind: Secret
metadata:
  name: custom-mysql-root-secret
  namespace: demo
EOF

password: Replace custompassword with your desired password and encode it using Base64 (echo -n "custompassword" | base64).
username: The default MySQL root user is 'root', encoded as 'cm9vdA=='.

Step 2: Deploy the MySQL Cluster

Apply the following manifest to deploy the MySQL cluster, referencing the Secret created in Step 1 for the root account:

kubectl apply -f - <<EOF
apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: example-mysql-cluster
  namespace: demo
spec:
  clusterDef: mysql
  topology: semisync
  terminationPolicy: Delete
  componentSpecs:
    - name: mysql
      serviceVersion: 8.0.35
      replicas: 2
      systemAccounts:
        - name: root
          secretRef:
            name: custom-mysql-root-secret
            namespace: demo
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi
EOF

Verifying the Deployment

Once the cluster is deployed, check its status by running the following command:

kubectl get cluster example-mysql-cluster -n demo -w

Expected Output:

NAME                          CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS     AGE
example-mysql-cluster   mysql                Delete               Creating   19s
example-mysql-cluster   mysql                Delete               Running    1m

Wait until the STATUS changes to 'Running'.

Connecting to the MySQL Cluster

KubeBlocks automatically creates a secret containing the MySQL root credentials. Retrieve the credentials with the following commands:

kubectl get secrets -n demo example-mysql-cluster-mysql-account-root -o jsonpath='{.data.username}' | base64 -d
root

kubectl get secrets -n demo example-mysql-cluster-mysql-account-root -o jsonpath='{.data.password}' | base64 -d
custompassword

To connect to the cluster's primary node, use the MySQL client with the custom password:

kubectl exec -it -n demo example-mysql-cluster-mysql-0 -c mysql -- mysql -h example-mysql-cluster-mysql.demo.svc.cluster.local -uroot -pcustompassword

Cleanup

To remove all created resources, delete the MySQL cluster along with its namespace:

kubectl delete cluster example-mysql-cluster -n demo
kubectl delete secret custom-mysql-root-secret -n demo
kubectl delete ns demo

Summary

In this guide, you:

Created a Kubernetes Secret to securely store a custom MySQL root password.
Deployed a MySQL cluster in KubeBlocks with a custom root password.
Verified the deployment and connected to the cluster's primary node using the MySQL client.

Using Kubernetes Secrets ensures secure credential management for your MySQL clusters, while KubeBlocks simplifies the deployment and management process.