Using Azure Service Operator to provision Azure DB for MySQL- Flexible Server from within Kubernetes

As shared in my previous blog post (AKS + Azure Database for MySQL - Flexible Server: Deploy applications in 5 easy steps!), there are primarily three options for using a MySQL database in a Kubernetes (AKS or otherwise) application: 

1. Provisioning a managed database, such as Azure Database for MySQL - Flexible Server, in the cloud.
2. Running MySQL in a container in a Kubernetes pod.
3. Provisioning a MySQL server locally or on a virtual machine (VM). 

Note: For more information about the advantages and disadvantages of each option, see my previous post. 

With the new Azure Service Operator (ASO), you can now take advantage of the benefits of the first two options above – having a fully managed cloud database service (Azure Database for MySQL – Flexible Server) together with seamless automation - the ability to provision and manage a MySQL resource within the Kubernetes plane by using familiar Kubernetes tooling and primitives. 

What is Azure Service Operator? 

ASO helps provision and connect applications to Azure resources from within Kubernetes. ASO consists of: 

• Custom Resource Definitions (CRDs) for each of the Azure services that a Kubernetes user can provision. 
• A Kubernetes controller that manages the Azure resources represented by the user specified Custom Resources. The controller attempts to synchronize the desired state in the user specified Custom Resource with the actual state of that resource in Azure, creating it if it doesn't exist, updating it if it has been changed, or deleting it. 

Note: For more details about ASO, see this blog post and the associated GitHub repository. 

ASO v2 (currently in alpha stage) now supports provisioning Azure Database for MySQL – Flexible Server, providing CRDs to create and manage MySQL Flexible Servers, databases, and firewall rules. 

This post provides a step-by-step guide for using ASO to provision an instance of MySQL - Flexible Server from within Kubernetes (AKS or otherwise). 

Note: For information about provisioning MySQL – Single Server, see the blog post Provisioning Azure Database for MySQL - Single Server from AKS.

Prerequisites 

Before you begin the procedure outlined in this blog post, be sure that you’ve set up: 

• An Azure subscription on which you can provision Azure Database for MySQL – Flexible Server. If you don’t have one already, create an Azure free account before you begin. You can use an Azure free account to try Azure Database for MySQL - Flexible Server for free for 12 months. For more details, see Try Flexible Server for free. 
• A Kubernetes cluster (at least version 1.16), and that it is running. To get started quickly, you can use Kind to spin up a local cluster or you can use Azure Kubernetes Service. If you opt to create an AKS cluster in your Azure subscription, then perform the following steps: 

1. Install the Azure Command-Line Interface. 
2. At a command prompt, sign in to your Azure account using the below command: 

   az login

3. Choose your Azure subscription by running the following command: 

   az account set -s <your-subscription-ID>

4. Create a resource group by running the following command: 

   az group create --name rg-asodemo --location eastus​

5. Create an AKS cluster in the resource group by running the following command:  

   az aks create --resource-group rg-asodemo --name aks-asodemo --node-count 1 --generate-ssh-keys

6. Install kubectl, the Kubernetes command-line client, by running the following command: 
   

   az aks install-cli

7. Configure kubectl to connect to your Kubernetes cluster by running the following command: 

   az aks get-credentials --resource-group rg-asodemo --name aks-asodemo

8. Verify the connection to your cluster by running the following command: 

   kubectl get nodes

You should see a single node in the Ready state. 

Install and run ASO on your Kubernetes cluster 

Let’s get started by installing and running ASO on the Kubernetes cluster. To accomplish this, perform the following steps: 

1. Install cert-manager on the Kubernetes cluster by running the following command: 

   kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml

2. To grant ASO permissions to create resources in your subscription, create an Azure Service Principal by running the following command: 

   az ad sp create-for-rbac -n "azure-service-operator" --role contributor \
   --scopes /subscriptions/<your-subscription-ID>

   Output: 

   "appId": "xxxxxxxxxx",
   "displayName": "azure-service-operator",
   "name": "http://azure-service-operator",
   "password": "xxxxxxxxxxx",
   "tenant": "xxxxxxxxxxxxx"

   Note: Be sure to make a note of the AppID and Password that appear in the output, as you’ll need these in a later step. 

3. Download the latest ASO v2 release YAML file (e.g., azureserviceoperator_v2.0.0-alpha.5.yaml file) from the Assets section here.  
4. To install ASO v2 to the Kubernetes cluster, run the following command: 

   kubectl apply --server-side=true -f azureserviceoperator_v2.0.0-alpha.5.yaml

5. Create an ASO v2 secret that contains the identity ASO will run as. (Obtain your Subscription ID and Tenant ID by using the command az account show.) 

   cat <<EOF | kubectl apply -f -
   apiVersion: v1
   kind: Secret
   metadata:
     name: aso-controller-settings
     namespace: azureserviceoperator-system
   stringData:
     AZURE_SUBSCRIPTION_ID: <your-azure-subscription-id>
     AZURE_TENANT_ID: <your-azure-tenant-id>
     AZURE_CLIENT_ID: <service-principal-appID>
     AZURE_CLIENT_SECRET: <service-principal-password>
   EOF

6.  Verify that the service operator is running by using the following command:  

   kubectl get pods -n azureserviceoperator-system

   Output:

   NAME                                                    READY   STATUS    RESTARTS   AGE
   azureserviceoperator-controller-manager-569966545-gfkd8 2/2     Running   0          6m27s 

Provision a MySQL flexible server, then create a database and firewall rules to access it

1. Create a YAML file named deploy.yaml and add the following code snippet, which contains definitions to create: a namespace, a resource group to contain the resources, an Azure Database for MySQL - Flexible Server, a firewall rule to access the server using the Public Access connectivity method, and a database within the MySQL flexible server.
   
   Note: Update the administratorLogin and administratorLoginPassword fields as appropriate, and then modify the server configuration based on your requirements.

   apiVersion: v1 #Create a namespace
   kind: Namespace
   metadata:
     name: asodemo
   ---
   apiVersion: resources.azure.com/v1alpha1api20200601 #Create a resource group
   kind: ResourceGroup
   metadata:
     name: aso-rg
     namespace: asodemo
   spec:
     location: eastus
   ---
   apiVersion: dbformysql.azure.com/v1alpha1api20210501 #Create a MySQL - Flexible Server
   kind: FlexibleServer
   metadata:
     name: aso-mysql
     namespace: asodemo
   spec:
     location: eastus
     owner:
       name: aso-rg
     version: "8.0.21"
     sku:
       name: Standard_B1ms
       tier: Burstable
     administratorLogin: <your-admin-name>
     administratorLoginPassword: <your-password>
     storage:
       storageSizeGB: 32
   ---
   apiVersion: dbformysql.azure.com/v1alpha1api20210501 #Create a Firewall Rule to allow all IPs
   kind: FlexibleServersFirewallRule
   metadata:
     name: aso-mysqlfwrule
     namespace: asodemo
   spec:
     location: eastus
     owner:
       name: aso-mysql
     startIpAddress: 0.0.0.0
     endIpAddress: 255.255.255.255
   ---
   apiVersion: dbformysql.azure.com/v1alpha1api20210501 #Create a database
   kind: FlexibleServersDatabase
   metadata:
     name: demodb
     namespace: asodemo
   spec:
     owner:
       name: aso-mysql
     charset: utf8mb4

2. Deploy the resources using the following command: 

   kubectl apply -f deploy.yaml

3. Check the status of your resources and wait for them to finish provisioning. 

   kubectl get resourcegroups,flexibleservers,flexibleserversdatabases,flexibleserversfirewallrules -n asodemo ​

   It may take a few minutes for the MySQL flexible server to deploy successfully, during which time you are likely to see output similar to the following: 

   NAME                                       READY   REASON      MESSAGE
   resourcegroup.resources.azure.com/aso-rg   True    Succeeded
   
   NAME                                            READY   SEVERITY   REASON        MESSAGE 
   flexibleserver.dbformysql.azure.com/aso-mysql   False   Info       Reconciling   The resource is in the process of being reconciled by the operator
   
   NAME                                                  READY   SEVERITY   REASON             MESSAGE
   flexibleserversdatabase.dbformysql.azure.com/demodb   False   Warning    ResourceNotFound   The Resource 'Microsoft.DBforMySQL/flexibleServers/aso-mysql' under resource group 'aso-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
   
   NAME                                                               READY   SEVERITY   REASON             MESSAGE
   flexibleserversfirewallrule.dbformysql.azure.com/aso-mysqlfwrule   False   Warning    ResourceNotFound   The Resource 'Microsoft.DBforMySQL/flexibleServers/aso-mysql' under resource group 'aso-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix

When the resources move to the “Ready” state, you’ll have successfully provisioned an Azure Database for MySQL flexible server! You can now access this server through the Azure portal and CLI, as well as other tools. 

Manage the MySQL flexible server and deploy your applications connecting to this server

After using ASO to provision the MySQL flexible server, you can deploy an application on Kubernetes following the usual process.

For guidance on end-to-end application deployment on AKS that integrates Azure Database for MySQL - Flexible Server on the backend, see the following tutorials: 

• Deploy Java Spring Boot Application on AKS cluster with MySQL - Flexible Server within a VNet 
• Deploy WordPress on AKS cluster with MySQL - Flexible Server 

During the lifecycle of the application, if you want to update the MySQL flexible server configuration, you merely need to update and re-deploy the relevant manifest files. The ASO controller will then synchronize the desired state in the user specified Custom Resource with the actual state of that resource in Azure. 

Clean up 

To delete the resources that you have created using ASO, you don’t need to delete the resources individually. When the namespace containing the resources is deleted, the delete is propagated to all resources. 

kubectl delete namespace asodemo

To delete other ASO controller components, such as cert-manager, use the command kubectl delete -f :

kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml

Summary

I hope this blog post helps you get started with ASO and enhances your experience using Azure Database for MySQL – Flexible Server with Kubernetes. 

If you have any questions, feedback, or suggestions about other topics that you’d like us to cover, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!