Skip to content
Percona Operators Documentation

For help, click the link below to get free database assistance or contact our experts for personalized support.

Get help from Percona

Install Percona XtraDB Cluster on Kubernetes

  1. First of all, clone the percona-xtradb-cluster-operator repository:

    $ git clone -b v1.17.0 https://github.com/percona/percona-xtradb-cluster-operator
$ cd percona-xtradb-cluster-operator

Note

It is crucial to specify the right branch with -b option while cloning the code on this step. Please be careful.

  1. Now Custom Resource Definition for Percona XtraDB Cluster should be created from the deploy/crd.yaml file. Custom Resource Definition extends the standard set of resources which Kubernetes “knows” about with the new items (in our case ones which are the core of the operator).

    This step should be done only once; it does not need to be repeated with the next Operator deployments, etc.

    $ kubectl apply --server-side -f deploy/crd.yaml

  2. The next thing to do is to add the pxc namespace to Kubernetes, not forgetting to set the correspondent context for further steps:

    $ kubectl create namespace pxc
$ kubectl config set-context $(kubectl config current-context) --namespace=pxc

  3. Now RBAC (role-based access control) for Percona XtraDB Cluster should be set up from the deploy/rbac.yaml file. Briefly speaking, role-based access is based on specifically defined roles and actions corresponding to them, allowed to be done on specific Kubernetes resources (details about users and roles can be found in Kubernetes documentation ).

    $ kubectl apply -f deploy/rbac.yaml

    Note

    Setting RBAC requires your user to have cluster-admin role privileges. For example, those using Google Kubernetes Engine can grant user needed privileges with the following command:

    $ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)

    Finally it’s time to start the operator within Kubernetes:

    $ kubectl apply -f deploy/operator.yaml

    Note

    You can simplify the Operator installation by applying a single deploy/bundle.yaml file instead of running commands from the steps 2 and 4:

    $ kubectl apply --server-side -f deploy/bundle.yaml

    This will automatically create Custom Resource Definition, set up role-based access control and install the Operator as one single action.

  4. Now that’s time to add the Percona XtraDB Cluster users Secrets with logins and passwords to Kubernetes. By default, the Operator generates users Secrets automatically, and no actions are required at this step.

    Still, you can generate and apply your Secrets on your own. In this case, place logins and plaintext passwords for the user accounts in the data section of the deploy/secrets.yaml file; after editing is finished, create users Secrets with the following command:

    $ kubectl create -f deploy/secrets.yaml

    More details about secrets can be found in Users.

  5. Now certificates should be generated. By default, the Operator generates certificates automatically, and no actions are required at this step. Still, you can generate and apply your own certificates as secrets according to the TLS instructions.

  6. After the operator is started and user secrets are added, Percona XtraDB Cluster can be created at any time with the following command:

    $ kubectl apply -f deploy/cr.yaml

    Creation process will take some time. When the process is over your cluster will obtain the ready status. You can check it with the following command:

    $ kubectl get pxc
    Expected output 
    NAME       ENDPOINT                   STATUS   PXC   PROXYSQL   HAPROXY   AGE
cluster1   cluster1-haproxy.default   ready    3                3         5m51s

Verify the cluster operation

It may take ten minutes to get the cluster started. When kubectl get pxc command finally shows you the cluster status as ready, you can try to connect to the cluster.

To connect to Percona XtraDB Cluster you will need the password for the root user. Passwords are stored in the Secrets object.

Here’s how to get it:

  1. List the Secrets objects.

    $ kubectl get secrets
    The Secrets object you are interested in has the cluster1-secrets name by default.

  2. Use the following command to get the password of the root user. Substitute the <namespace> placeholder with your value (and use the different Secrets object name instead of the cluster1-secrets, if needed):

    $ kubectl get secret cluster1-secrets -n <namespace> --template='{{.data.root | base64decode}}{{"\n"}}'

  3. Run a container with mysql tool and connect its console output to your terminal. The following command does this, naming the new Pod percona-client:

    $ kubectl run -n <namespace> -i --rm --tty percona-client --image=percona:8.0 --restart=Never -- bash -il

    Executing it may require some time to deploy the corresponding Pod.

  4. Now run the mysql tool in the percona-client command shell using the password obtained from the Secret instead of the <root_password> placeholder. The command will look different depending on whether your cluster provides load balancing with HAProxy (the default choice) or ProxySQL:

    $ mysql -h cluster1-haproxy -uroot -p'<root_password>'

    $ mysql -h cluster1-proxysql -uroot -p'<root_password>'

    This command will connect you to the MySQL server.

Last update: 2025-04-15