Skip to content

Percona Operator for MySQL based on Percona XtraDB Cluster 1.12.0

  • Date

December 7, 2022

  • Installation

Installing Percona Operator for MySQL based on Percona XtraDB Cluster

Release Highlights

  • Azure Kubernetes Service (AKS) is now officially supported platform, so developers and vendors of the solutions based on the Azure platform can take advantage of the official support from Percona or just use officially certified Percona Operator for MysQL images; also, Azure Blob Storage can now be used for backups
  • This release also includes fixes to the following CVEs (Common Vulnerabilities and Exposures): CVE-2021-20329 (potential injections in MongoDB Go Driver used HAProxy, which had no effect on Percona Operator for MySQL), and CVE-2022-42898 (images used by the Operator suffering from the unauthenticated denial of service vulnerability). Users of previous Operator versions are advised to upgrade to version 1.12.0 which resolves this issue

New Features

Improvements

  • K8SPXC-1104: Starting from now, the Operator changed its API version to v1 instead of having a separate API version for each release. Three last API version are supported in addition to v1, which substantially reduces the size of Custom Resource Definition to prevent reaching the etcd limit
  • K8SPXC-955: Add Custom Resource options to set static IP-address for the HAProxy and ProxySQL LoadBalancers
  • K8SPXC-1032: Disable automated upgrade by default to prevent an unplanned downtime for user applications and to provide defaults more focused on strict user’s control over the cluster
  • K8SPXC-1095: Process the SIGTERM signal to avoid unneeded lags in case of Percona XtraDB Cluster recovery or using the debug image to start up
  • K8SPXC-1113: Utilize dual password feature of MySQL 8 to avoid cluster restart when changing password of the monitor user
  • K8SPXC-1125: The Operator now does not attempt to start Percona Monitoring and Management (PMM) client sidecar if the corresponding secret does not contain the pmmserver or pmmserverkey key
  • K8SPXC-1153: Configuring the log structuring and leveling is now supported using the LOG_STRUCTURED and LOG_LEVEL environment variables. This reduces the information overload in logs, still leaving the possibility of getting more details when needed, for example, for debugging
  • K8SPXC-1123: Starting from now, installing the Operator for cluster-wide (multi-namespace) doesn’t require to add Operator’s own namespace to the list of watched namespaces (thanks to Bart Vercoulen for reporting this issue)
  • K8SPXC-1030: The new delete-ssl finalizer can now be used to automatically delete objects created for SSL (Secret, certificate, and issuer) in case of cluster deletion

Bugs Fixed

  • K8SPXC-1158: Fix CVE-2022-42898 vulnerability found in MIT krb5, which made images used by the Operator vulnerable to DoS attacks
  • K8SPXC-1028: Fix a bug that prevented the Operator to automatically tune innodb_buffer_pool_size and innodb_buffer_pool_chunk_size variables
  • K8SPXC-1036: Fix the bug that caused Liveness Probe failure when XtraBackup was running and the wsrep_sync_wait option was set, making the instance to be rejected from the cluster
  • K8SPXC-1065: Fix a bug due to which, in a pair of scheduled backups close in time, the next backup could overwrite the previous one: bucket destination was made more unique by including seconds
  • K8SPXC-1059: Fix a bug due to which pxc-monit and proxysql-monit containers were printing passwords in their logs (thanks to zlcnju for contribution)
  • K8SPXC-1099: Fix CrashLoopBackOff error caused by incorrect (non-atomic) multi-user password change
  • K8SPXC-1100: Fix a bug that made it impossible to use slash characters in the monitor user’s password
  • K8SPXC-1118: Fix a bug due to which the point-in-time recovery collector only reported warnings in logs when the gaps in binlogs were found. Starting from now, such backups are marked as not suitable for consistent PITR, and restoring them with point-in-time recovery fails without manual user’s intervention
  • K8SPXC-1137: Fix a bug that prevented adding, deleting or updating ProxySQL Service labels/annotations except at the Service creation time
  • K8SPXC-1138: Fix a bug due to which not enough responsive scripts for readiness and liveness Probes could be the reason of killing the overloaded database Pods

Supported Platforms

The following platforms were tested and are officially supported by the Operator 1.12.0:

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services. Join K8S Squad to benefit from early access to features and “ask me anything” sessions with the Experts.


Last update: 2024-12-19