As shared in my previous blog post (AKS + Azure Database for MySQL - Flexible Server: Deploy applications in 5 easy steps!), there are primarily three options for using a MySQL database in a Kubernetes (AKS or otherwise) application:
Note: For more information about the advantages and disadvantages of each option, see my previous post.
With the new Azure Service Operator (ASO), you can now take advantage of the benefits of the first two options above – having a fully managed cloud database service (Azure Database for MySQL – Flexible Server) together with seamless automation - the ability to provision and manage a MySQL resource within the Kubernetes plane by using familiar Kubernetes tooling and primitives.
ASO helps provision and connect applications to Azure resources from within Kubernetes. ASO consists of:
Note: For more details about ASO, see this blog post and the associated GitHub repository.
ASO v2 (currently in alpha stage) now supports provisioning Azure Database for MySQL – Flexible Server, providing CRDs to create and manage MySQL Flexible Servers, databases, and firewall rules.
This post provides a step-by-step guide for using ASO to provision an instance of MySQL - Flexible Server from within Kubernetes (AKS or otherwise).
Note: For information about provisioning MySQL – Single Server, see the blog post Provisioning Azure Database for MySQL - Single Server from AKS.
Before you begin the procedure outlined in this blog post, be sure that you’ve set up:
az login
az account set -s <your-subscription-ID>
az group create --name rg-asodemo --location eastus
az aks create --resource-group rg-asodemo --name aks-asodemo --node-count 1 --generate-ssh-keys
az aks install-cli
az aks get-credentials --resource-group rg-asodemo --name aks-asodemo
kubectl get nodes
You should see a single node in the Ready state.
Let’s get started by installing and running ASO on the Kubernetes cluster. To accomplish this, perform the following steps:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
az ad sp create-for-rbac -n "azure-service-operator" --role contributor \
--scopes /subscriptions/<your-subscription-ID>
Output:
"appId": "xxxxxxxxxx",
"displayName": "azure-service-operator",
"name": "http://azure-service-operator",
"password": "xxxxxxxxxxx",
"tenant": "xxxxxxxxxxxxx"
Note: Be sure to make a note of the AppID and Password that appear in the output, as you’ll need these in a later step.
kubectl apply --server-side=true -f azureserviceoperator_v2.0.0-alpha.5.yaml
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: aso-controller-settings
namespace: azureserviceoperator-system
stringData:
AZURE_SUBSCRIPTION_ID: <your-azure-subscription-id>
AZURE_TENANT_ID: <your-azure-tenant-id>
AZURE_CLIENT_ID: <service-principal-appID>
AZURE_CLIENT_SECRET: <service-principal-password>
EOF
kubectl get pods -n azureserviceoperator-system
Output:
NAME READY STATUS RESTARTS AGE
azureserviceoperator-controller-manager-569966545-gfkd8 2/2 Running 0 6m27s
apiVersion: v1 #Create a namespace
kind: Namespace
metadata:
name: asodemo
---
apiVersion: resources.azure.com/v1alpha1api20200601 #Create a resource group
kind: ResourceGroup
metadata:
name: aso-rg
namespace: asodemo
spec:
location: eastus
---
apiVersion: dbformysql.azure.com/v1alpha1api20210501 #Create a MySQL - Flexible Server
kind: FlexibleServer
metadata:
name: aso-mysql
namespace: asodemo
spec:
location: eastus
owner:
name: aso-rg
version: "8.0.21"
sku:
name: Standard_B1ms
tier: Burstable
administratorLogin: <your-admin-name>
administratorLoginPassword: <your-password>
storage:
storageSizeGB: 32
---
apiVersion: dbformysql.azure.com/v1alpha1api20210501 #Create a Firewall Rule to allow all IPs
kind: FlexibleServersFirewallRule
metadata:
name: aso-mysqlfwrule
namespace: asodemo
spec:
location: eastus
owner:
name: aso-mysql
startIpAddress: 0.0.0.0
endIpAddress: 255.255.255.255
---
apiVersion: dbformysql.azure.com/v1alpha1api20210501 #Create a database
kind: FlexibleServersDatabase
metadata:
name: demodb
namespace: asodemo
spec:
owner:
name: aso-mysql
charset: utf8mb4
kubectl apply -f deploy.yaml
kubectl get resourcegroups,flexibleservers,flexibleserversdatabases,flexibleserversfirewallrules -n asodemo
It may take a few minutes for the MySQL flexible server to deploy successfully, during which time you are likely to see output similar to the following:
NAME READY REASON MESSAGE
resourcegroup.resources.azure.com/aso-rg True Succeeded
NAME READY SEVERITY REASON MESSAGE
flexibleserver.dbformysql.azure.com/aso-mysql False Info Reconciling The resource is in the process of being reconciled by the operator
NAME READY SEVERITY REASON MESSAGE
flexibleserversdatabase.dbformysql.azure.com/demodb False Warning ResourceNotFound The Resource 'Microsoft.DBforMySQL/flexibleServers/aso-mysql' under resource group 'aso-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
NAME READY SEVERITY REASON MESSAGE
flexibleserversfirewallrule.dbformysql.azure.com/aso-mysqlfwrule False Warning ResourceNotFound The Resource 'Microsoft.DBforMySQL/flexibleServers/aso-mysql' under resource group 'aso-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
When the resources move to the “Ready” state, you’ll have successfully provisioned an Azure Database for MySQL flexible server! You can now access this server through the Azure portal and CLI, as well as other tools.
After using ASO to provision the MySQL flexible server, you can deploy an application on Kubernetes following the usual process.
For guidance on end-to-end application deployment on AKS that integrates Azure Database for MySQL - Flexible Server on the backend, see the following tutorials:
During the lifecycle of the application, if you want to update the MySQL flexible server configuration, you merely need to update and re-deploy the relevant manifest files. The ASO controller will then synchronize the desired state in the user specified Custom Resource with the actual state of that resource in Azure.
To delete the resources that you have created using ASO, you don’t need to delete the resources individually. When the namespace containing the resources is deleted, the delete is propagated to all resources.
kubectl delete namespace asodemo
To delete other ASO controller components, such as cert-manager, use the command kubectl delete -f :
kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
I hope this blog post helps you get started with ASO and enhances your experience using Azure Database for MySQL – Flexible Server with Kubernetes.
If you have any questions, feedback, or suggestions about other topics that you’d like us to cover, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.