#mysql_root_password
echo -n 'test.123'  |base64
#mysql_user
echo -n 'admin'  |base64
#mysql_user_password
echo -n 'test.123'  |base64

# 密码
cat <<END > mysql-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
  namespace: default
  labels:
    app: mysql
data:
  mysql_root_password: dGVzdC4xMjM=
  mysql_user: YWRtaW4=
  mysql_user_password: dGVzdC4xMjM=
END
kubectl apply -f mysql-secret.yaml

# 服务
cat <<END > mysql-service.yaml
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
  name: mysql
  namespace: default
  labels:
    app: mysql
    tier: data
spec:
  ports:
  - port: 3306
    name: mysql
  clusterIP: None
  publishNotReadyAddresses: true
  selector:
    app: mysql
END
kubectl apply -f mysql-service.yaml

# 集群
cat <<END > mysql-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql
  namespace: default
spec:
  serviceName: "mysql"
  selector:
    matchLabels:
      app: mysql
  replicas: 3
  template:
    metadata:
      labels:
        app: mysql
      annotations:
        pod.alpha.kubernetes.io/initialized: "true"
    spec:
      securityContext:
        runAsUser: 27
        fsGroup: 27
      containers:
      - name: mysql
        image: adfinissygroup/k8s-mariadb-galera-centos:v004
        imagePullPolicy: Always
        securityContext:
          runAsNonRoot: true
        ports:
        - containerPort: 3306
          name: mysql
        - containerPort: 4444
          name: sst
        - containerPort: 4567
          name: replication
        - containerPort: 4568
          name: ist
        readinessProbe:
          exec:
            command:
            - /usr/share/container-scripts/mysql/readiness-probe.sh
          initialDelaySeconds: 15
          timeoutSeconds: 5
        volumeMounts:
        - name: datadir
          mountPath: /var/lib/mysql
          subPath: data
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: mysql-secret
              key: mysql_user
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-secret
              key: mysql_user_password
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-secret
              key: mysql_root_password
  volumeClaimTemplates:
  - metadata:
      name: datadir
      annotations:
        volume.beta.kubernetes.io/storage-class: "ceph-rbd"
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 100Gi
END
kubectl apply -f mysql-statefulset.yaml

# 外部访问服务
cat <<END > mysql-access-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: mysql-access-service
  labels:
    app: mysql
spec:
  ports:
  - name: mysql-port
    protocol: "TCP"
    port: 3306
    targetPort: 3306
  type: NodePort
  selector:
    app: mysql
END
kubectl apply -f mysql-access-service.yaml