# ===== 1. Secret - MySQL 认证信息 =====
kind: Secret
apiVersion: v1
metadata:
  name: mysql-secret
  namespace: cpte-wms
  annotations:
    kubesphere.io/creator: admin
    kubesphere.io/description: MySQL 认证信息
data:
  MYSQL_ROOT_PASSWORD: Y3B0ZUAxMjM=
  MYSQL_DATABASE: Y3B0ZS13bXM=
type: Opaque

---
# ===== 2. ConfigMap - MySQL 配置文件 =====
kind: ConfigMap
apiVersion: v1
metadata:
  name: mysql-conf
  namespace: cpte-wms
  creationTimestamp: '2026-03-16T13:31:47Z'
  annotations:
    kubesphere.io/creator: admin
    kubesphere.io/description: 配置文件
data:
  my.cnf: |
    [client]
    default-character-set = utf8mb4
    socket = /tmp/mysql.sock

    [mysql]
    default-character-set = utf8mb4

    [mysqld]
    # ===== 基础设置 =====
    user = mysql
    datadir = /var/lib/mysql
    socket = /tmp/mysql.sock
    pid-file = /var/run/mysqld/mysqld.pid
    secure-file-priv = /var/lib/mysql-files

    # ===== 连接设置 =====
    max_connections = 200
    max_connect_errors = 100
    max_allowed_packet = 512M

    # ===== 字符集设置 =====
    character-set-server = utf8mb4
    default_authentication_plugin = mysql_native_password
    lower_case_table_names = 1

    # ===== 缓存和缓冲区设置 =====
    # 线程缓存
    thread_cache_size = 512
    thread_stack = 256K

    # 表缓存
    table_open_cache = 8192
    table_definition_cache = 4096
    tmp_table_size = 1G

    # 键缓存
    key_buffer_size = 256M

    # 查询缓存
    join_buffer_size = 4M
    sort_buffer_size = 8M
    read_buffer_size = 2M
    read_rnd_buffer_size = 4M

    # MyISAM
    myisam_sort_buffer_size = 256M

    # ===== InnoDB 设置 =====
    default-storage-engine = INNODB
    innodb_buffer_pool_size = 40G
    innodb_log_file_size = 4G
    innodb_log_buffer_size = 256M
    innodb_flush_log_at_trx_commit = 1


    # ===== 日志设置 =====
    log-bin = mysql-bin
    binlog_format = ROW
    server-id = 1
    max_binlog_cache_size = 2G
    max_binlog_size = 1G
    expire_logs_days = 7

    # 慢查询日志
    slow-query-log=1
    slow-query-log-file = /var/lib/mysql/mysql-slow.log
    long_query_time = 5


    # ===== 其他设置 =====
    sql-mode="STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION"
    open_files_limit = 8192

---
# ===== 3. Headless Service - 用于 StatefulSet =====
apiVersion: v1
kind: Service
metadata:
  name: mysql-headless
  namespace: cpte-wms
  labels:
    app: mysql
spec:
  clusterIP: None
  selector:
    app: mysql
  ports:
    - port: 3306
      targetPort: 3306
      name: mysql

---
# ===== 4. StatefulSet - MySQL 主容器 =====
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql
  namespace: cpte-wms
  labels:
    app: mysql
  annotations:
    kubesphere.io/description: "8.0.39"
spec:
  serviceName: mysql-headless
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      # ===== Pod 级别安全上下文 =====
      securityContext:
        fsGroup: 999
      containers:
        - name: mysql
          image: docker.io/library/mysql:8.0.39
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3306
              name: mysql
          env:
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-secret
                  key: MYSQL_ROOT_PASSWORD
            - name: MYSQL_DATABASE
              valueFrom:
                secretKeyRef:
                  name: mysql-secret
                  key: MYSQL_DATABASE
          volumeMounts:
            - name: mysql-data
              mountPath: /var/lib/mysql
            - name: mysql-conf
              mountPath: /etc/mysql/conf.d/my.cnf
              subPath: my.cnf
              readOnly: true
            - name: mysql-log
              mountPath: /var/log/mysql
            - name: mysql-run
              mountPath: /var/run/mysqld
            - name: host-time
              mountPath: /etc/localtime
              readOnly: true
          livenessProbe:
            exec:
              command: ['sh', '-c', 'mysqladmin ping -h localhost -u root -p"$MYSQL_ROOT_PASSWORD" | grep -q alive']
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 3
          readinessProbe:
            exec:
              command: ['sh', '-c', 'mysqladmin ping -h localhost -u root -p"$MYSQL_ROOT_PASSWORD" | grep -q alive']
            initialDelaySeconds: 30
            periodSeconds: 5
            failureThreshold: 3
          startupProbe:
            exec:
              command: ['sh', '-c', 'mysqladmin ping -h localhost -u root -p"$MYSQL_ROOT_PASSWORD" | grep -q alive']
            initialDelaySeconds: 0
            periodSeconds: 5
            failureThreshold: 30
          resources:
            requests:
              memory: "4Gi"
              cpu: "500m"
            limits:
              memory: "8Gi"
              cpu: "2000m"
          # ===== 容器级别安全上下文 =====
          securityContext:
            runAsUser: 999
            runAsGroup: 999
      volumes:
        - name: mysql-conf
          configMap:
            name: mysql-conf
        - name: mysql-log
          emptyDir: {}
        - name: mysql-run
          emptyDir: {}
        - name: host-time
          hostPath:
            path: /etc/localtime
            type: File
  volumeClaimTemplates:
    - metadata:
        name: mysql-data
      spec:
        accessModes: ["ReadWriteOnce"]
        storageClassName: local
        resources:
          requests:
            storage: 20Gi

---
# ===== 5. ClusterIP Service - 用于集群内访问 =====
kind: Service
apiVersion: v1
metadata:
  name: mysql-service
  namespace: cpte-wms
  creationTimestamp: '2026-03-16T14:34:50Z'
  labels:
    app: mysql
spec:
  ports:
    - name: mysql
      protocol: TCP
      port: 3306
      targetPort: 3306
      nodePort: 30926
  selector:
    app: mysql
  clusterIP: 10.233.28.135
  clusterIPs:
    - 10.233.28.135
  type: NodePort
  sessionAffinity: None
  externalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster