Description:
Kubernetes - microk8s
Version - v1.23
MySql Operator - 8.0.31
Note :
-rw-rw-r-- 1 baa baa 1399 Dec 9 12:47 ca.pem
-rw-rw-r-- 1 baa baa 1253 Dec 9 13:02 router-cert.pem
-rw-rw-r-- 1 baa baa 1675 Dec 9 13:02 router-key.pem
-rw-rw-r-- 1 baa baa 1253 Dec 9 12:49 server-cert.pem
-rw-rw-r-- 1 baa baa 1675 Dec 9 12:49 server-key.pem
server-cert.pem & router-cert.pem are same certs with different names
server-key.pem & router-key.pem are same keys with the different names
I have configured my own (Self created) TLS Certificates, with below procedure.
2.2 When you have own CA and TLS certificates
export NAMESPACE="your-namespace"
export CLUSTER_NAME="my-mysql-innodbcluster"
export CA_SECRET="${CLUSTER_NAME}-ca-secret"
export TLS_SECRET="${CLUSTER_NAME}-tls-secret"
export ROUTER_TLS_SECRET="${CLUSTER_NAME}-router-tls-secret"
# Path to ca.pem, server-cert.pem, server-key.pem, router-cert.pem and router-key.pem
export CERT_PATH="/path/to/your/ca_and_tls_certificates"
kubectl create namespace $NAMESPACE
kubectl create secret generic $CA_SECRET \
--namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
--from-file=ca.pem=${CERT_PATH}/ca.pem \
| kubectl apply -f -
kubectl create secret tls $TLS_SECRET \
--namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
--cert=${CERT_PATH}/server-cert.pem --key=${CERT_PATH}/server-key.pem \
| kubectl apply -f -
kubectl create secret tls $ROUTER_TLS_SECRET \
--namespace=$NAMESPACE --dry-run=client --save-config -o yaml \
--cert=${CERT_PATH}/router-cert.pem --key=${CERT_PATH}/router-key.pem \
| kubectl apply -f -
helm install my-mysql-innodbcluster mysql-operator/mysql-innodbcluster -n $NAMESPACE \
--version 2.0.7 \
--set credentials.root.password=">-0URS4F3P4SS" \
--set tls.useSelfSigned=false \
--set tls.caSecretName=$CA_SECRET \
--set tls.serverCertAndPKsecretName=$TLS_SECRET \
--set tls.routerCertAndPKsecretName=$ROUTER_TLS_SECRET
root@bhp-ha4-s4:/home/baa/mysql#
The router pod is not coming up and the stateful set is not showing ready.
How to repeat:
Pls test with own CA certs, it is creating this issue.
The MySQL pod is showing below error.
2022-12-13T06:58:20.832745Z 0 [ERROR] [MY-013780] [Repl] Plugin group_replication reported: 'Failed to establish MySQL client connection in Group Replication. Error establishing connection. Please refer to the manual to make sure that you configured Group Replication properly to work with MySQL Protocol connections.'