Create statefulset MariaDB application in K8s

In the previous blog we created a stateless application, deployed with K8s resource Deployment, which allows one to replicate the application, but where data is lost when Pods are restarted, meaning there were no data consistency. In the same blog we used PersistentVolumeClaim for dynamic provisioning of PersistentVolume, but we used Deployment, meant for stateless application, and this way is *not recommended* for statefulset application where each replica should have its own persistent volume. The proper way to achieve that is through the Statefulset resource and this post we will cover that.

In K8s one can create a stateful application, an application like a database, which needs to save data to persistent disk storage for use by the server/clients/other applications, to keep track of its state and to be able to replicate and be used in distributed systems.

MariaDB & K8s: Deploy MariaDB and WordPress using Persistent Volumes

In the previous blog, MariaDB & K8s: Create a Secret and use it in MariaDB deployment, we used the Secrets resource to hide confidential root user data, and in the blog before that in the series, MariaDB & K8s: Communication between containers/Deployments, we created 2 containers (namely MariaDB and phpmyadmin) in a Pod. That kind of deployment didn’t have any persistent volumes.

In this blog we are going to create separate Deployments for MariaDB and WordPress applications as well as a Service for both in order to connect them. Additionally we will create Volume in a Pods of a MariaDB Deployment.

MariaDB & K8s: Create a Secret and use it in MariaDB deployment

In the previous blog we created a stateless application, deployed it with K8s resource Deployment, and exposed the root password, which, regarding security, is of course not recommended. K8s allows one to hide confidential data using specific K8s resources.

Let’s see how to use Secrets in K8s.

Secrets in K8s

In order to save confidential data one can use a K8s resource called Secret.

One can create Secret from the CLI by running kubectl create secret.

Here we will use two methods to create the secret.

Quick peek: MariaDB Galera Cluster Security talk

Seppo Jaakola is going to present the topic “MariaDB Galera Cluster Security” at the Security MariaDB Server Fest (Wed 6 April 2022).

I’m currently watching his talk. Let me share with you some details. Seppo is not talking about native MariaDB security features that are by default supported by Galera, but due to the distributed cluster topology additional security related measures are needed. He talks about cluster topology, cluster communication security, Galera enhancement Data at REST encryption and the new 10.9 feature Node screening by IP Allowlist.

Do you have questions to ask Seppo?

MariaDB & K8s: Communication between containers/Deployments

In the previous blog, a background Deployment resource was created from a YAML file, consisting of a single container (MariaDB) that acts as a background container.

In this blog we are going to proceed to create the frontend container to communicate with the backend through a Service and other resources.

About Services

When an application is run through the Deployment Pods are created and destroyed dynamically. When created, they get the internal IP address in a cluster, and since they are ephemeral, there needs to be a stable way to allow communications between Pods.

10.9 preview feature: SHOW ANALYZE and EXPLAIN FOR CONNECTION support

SHOW ANALYZE

If you ever had to do query performance troubleshooting with MariaDB, you should be
familiar with MariaDB’s ANALYZE for statements feature. It does what EXPLAIN ANALYZE does in some other database systems: ANALYZE query runs the query and produces EXPLAIN output, amended with the data from the query execution:

ANALYZE SELECT *
FROM orders, customer
WHERE
customer.c_custkey = orders.o_custkey AND
customer.c_acctbal < 0 AND
orders.o_totalprice > 200*1000
+—-+————-+———-+——+—————+————-+———+——————–+——–+——–+———-+————+————-+
| id | select_type | table | type | possible_keys | key | key_len | ref | rows | r_rows | filtered | r_filtered | Extra |
+—-+————-+———-+——+—————+————-+———+——————–+——–+——–+———-+————+————-+
| 1 | SIMPLE | customer | ALL | PRIMARY,…

Delaying Server Fest until Wed 6 April 2022

Things happen, schedules change. I don’t want to bother you with details, so you’ll have to take my word for it: Events related to Russia invading Ukraine have caused us to delay our Security themed MariaDB Server Fest with a week, from Wed 30 March to Wed 6 April 2022.

This is probably the mildest of the consequences of the ongoing war. Nonetheless, we apologise for the inconvenience.

10.9 preview feature: JSON path expression and JSON_OVERLAPS()

The MariaDB 10.9 preview releases introduce a MySQL compatibility syntax extension, range notation. The ‘last’ keyword was added in JSON path expression, as requested in MDEV-22224 and MDEV-27911. Additionally, negative indexes are now also supported. Range notation, implemented using the ‘to’ keyword, and the ‘last’ keyword, is basically an array element selector.

Syntax:

Range notation:
[M to N] selects a range of elements starting from index M to N.
Last keyword:
[last-N] / [last] selects the Nth from last element, and last element, respectively.