bitnamicharts/mysql Docker 镜像 - 轩辕镜像
bitnamicharts/mysqlBitnami提供的MySQL Helm chart,用于在Kubernetes环境中简化MySQL数据库的部署、配置与管理,遵循开源最佳实践。
0 次下载activebitnamicharts
Bitnami Secure Images Helm chart for MySQL
MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications.
Overview of MySQL
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
TL;DR
consolehelm install my-release oci://registry-1.docker.io/bitnamicharts/mysql
Why use Bitnami Secure Images?
Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise OS Photon Linux. Why choose BSI images?
- Hardened secure images of popular open source software with Near-Zero Vulnerabilities
- Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
- Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
- Software supply chain provenance attestation through in-toto
- First class support for the internet’s favorite Helm charts
Each image comes with valuable security metadata. You can view the metadata in our public catalog here. Note: Some data is only available with commercial subscriptions to BSI.
!Alt text !Alt text
If you are looking for our previous generation of images based on Debian Linux, please see the Bitnami Legacy registry.
Introduction
This chart bootstraps a MySQL replication cluster deployment on a Kubernetes cluster using the Helm package manager.
Prerequisites
- Kubernetes 1.23+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure
Installing the Chart
To install the chart with the release name my-release:
consolehelm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mysql
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to useREGISTRY_NAME=registry-1.docker.ioandREPOSITORY_NAME=bitnamicharts.
These commands deploy MySQL on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Configuration and installation details
Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the resources value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the resourcesPreset values, which automatically sets the resources section according to different presets. Check these presets in the bitnami/common chart. However, in production workloads using resourcesPreset is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the official Kubernetes documentation.
Prometheus metrics
This chart can be integrated with Prometheus by setting metrics.enabled to true. This will deploy a sidecar container with mysqld_exporter in all pods and will expose it via the MariaDB service. This service will have the necessary annotations to be automatically scraped by Prometheus.
Prometheus requirements
It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the Bitnami Prometheus helm chart or the Bitnami Kube Prometheus helm chart to easily have a working Prometheus in your cluster.
Integration with Prometheus Operator
The chart can deploy ServiceMonitor objects for integration with Prometheus Operator installations. To do so, set the value metrics.serviceMonitor.enabled=true. Ensure that the Prometheus Operator CustomResourceDefinitions are installed in the cluster or it will fail with the following error:
textno matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
Install the Bitnami Kube Prometheus helm chart for having the necessary CRDs and the Prometheus Operator.
Rolling VS Immutable tags
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
Use a different MySQL version
To modify the application version used in this chart, specify a different version of the image using the image.tag parameter and/or a different repository using the image.repository parameter.
Customize a new MySQL instance
The Bitnami MySQL image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the initdbScripts parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the initdbScriptsConfigMap parameter. Note that this will override the initdbScripts parameter.
The allowed extensions are .sh, .sql and .sql.gz.
These scripts are treated differently depending on their extension. While .sh scripts are executed on all the nodes, .sql and .sql.gz scripts are only executed on the primary nodes. This is because .sh scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in .sql or sql.gz files.
When using a .sh script, you may wish to perform a "one-time" action like creating a database. This can be achieved by adding a condition in the script to ensure that it is executed only on one node, as shown in the example below:
yamlinitdbScripts: my_init_script.sh: | #!/bin/bash if [[ $(hostname) == *primary* ]]; then echo "Primary node" password_aux="${MYSQL_ROOT_PASSWORD:-}" if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") fi mysql -P 3306 -uroot -p"$password_aux" -e "create database new_database"; else echo "Secondary node" fi
Sidecars and Init Containers
If you have a need for additional containers to run within the same pod as MySQL, you can do so via the sidecars config parameter. Simply define your container according to the Kubernetes container spec.
yamlsidecars: - name: your-image-name image: your-image imagePullPolicy: Always ports: - name: portname containerPort: 1234
Similarly, you can add extra init containers using the initContainers parameter.
yamlinitContainers: - name: your-image-name image: your-image imagePullPolicy: Always ports: - name: portname containerPort: 1234
Securing traffic using TLS
This chart supports encrypting communications using TLS. To enable this feature, set the tls.enabled.
It is necessary to create a secret containing the TLS certificates and pass it to the chart via the tls.existingSecret parameter. Every secret should contain a tls.crt and tls.key keys including the certificate and key files respectively and, optionally, a ca.crt key including the CA certificate. For example: create the secret with the certificates files:
consolekubectl create secret generic tls-secret --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
You can manually create the required TLS certificates or relying on the chart auto-generation capabilities. The chart supports two different ways to auto-generate the required certificates:
- Using Helm capabilities. Enable this feature by setting
tls.autoGenerated.enabledtotrueandtls.autoGenerated.enginetohelm. - Relying on CertManager (please note it's required to have CertManager installed in your K8s cluster). Enable this feature by setting
tls.autoGenerated.enabledtotrueandtls.autoGenerated.enginetocert-manager. Please note it's supported to use an existing Issuer/ClusterIssuer for issuing the TLS certificates by setting thetls.autoGenerated.certManager.existingIssuerandtls.autoGenerated.certManager.existingIssuerKindparameters.
Update credentials
Bitnami charts, with its default settings, configure credentials at first boot. Any further change in the secrets or credentials can be done using one of the following methods:
Manual update of the passwords and secrets
- Update the user password following the upstream documentation
- Update the password secret with the new values (replace the SECRET_NAME, PASSWORD and ROOT_PASSWORD placeholders)
shellkubectl create secret generic SECRET_NAME --from-literal=password=PASSWORD --from-literal=root-password=ROOT_PASSWORD --dry-run -o yaml | kubectl apply -f -
Automated update using a password update job
The Bitnami MySQL provides a password update job that will automatically change the MySQL passwords when running helm upgrade. To enable the job set passwordUpdateJob.enabled=true. This job requires:
- The new passwords: this is configured using either
auth.rootPassword,auth.passwordandauth.replicationPassword(if applicable) or settingauth.existingSecret. - The previous passwords: This value is taken automatically from already deployed secret object. If you are using
auth.existingSecretorhelm templateinstead ofhelm upgrade, then set eitherpasswordUpdate.job.previousPasswords.rootPassword,passwordUpdate.job.previousPasswords.password,passwordUpdate.job.previousPasswords.replicationPassword(when applicable), settingauth.existingSecret.
In the following example we update the password via values.yaml in a mysql installation with replication
yamlarchitecture: "replication" auth: user: "user" rootPassword: "newRootPassword123" password: "newUserPassword123" replicationPassword: "newReplicationPassword123" passwordUpdateJob: enabled: true
In this example we use two existing secrets (new-password-secret and previous-password-secret) to update the passwords:
yamlauth: existingSecret: new-password-secret passwordUpdateJob: enabled: true previousPasswords: existingSecret: previous-password-secret
You can add extra update commands using the passwordUpdateJob.extraCommands value.
Network Policy config
To enable network policy for MySQL, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set networkPolicy.enabled to true.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for all pods in the namespace:
consolekubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
With NetworkPolicy enabled, traffic will be limited to just port 3306.
For more precise policy, set networkPolicy.allowExternal=false. This will only allow pods with the generated client label to connect to MySQL.
This label will be displayed in the output of a successful install.
Pod affinity
This chart allows you to set your custom affinity using the XXX.affinity parameter(s). Find more information about Pod affinity in the Kubernetes documentation.
As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the bitnami/common chart. To do so, set the XXX.podAffinityPreset, XXX.podAntiAffinityPreset, or XXX.nodeAffinityPreset parameters.
Backup and restore
To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool. Find the instructions for using Velero in this guide.
Persistence
The Bitnami MySQL image stores the MySQL data and configurations at the /bitnami/mysql path of the container.
The chart mounts a Persistent Volume volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose.
If you encounter errors when working with persistent volumes, refer to our troubleshooting guide for persistent volumes.
Parameters
Global parameters
| Name | Description | Value |
|---|---|---|
global.imageRegistry | Global Docker image registry | "" |
global.imagePullSecrets | Global Docker registry secret names as an array | [] |
global.defaultStorageClass | Global default StorageClass for Persistent Volume(s) | "" |
global.storageClass | DEPRECATED: use global.defaultStorageClass instead | "" |
global.security.allowInsecureImages | Allows skipping image verification | false |
global.compatibility.openshift.adaptSecurityContext | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | auto |
Common parameters
| Name | Description | Value |
|---|---|---|
kubeVersion | Force target Kubernetes version (using Helm capabilities if not set) | "" |
nameOverride | String to partially override common.names.fullname template (will maintain the release name) | "" |
fullnameOverride | String to fully override common.names.fullname template | "" |
namespaceOverride | String to fully override common.names.namespace | "" |
clusterDomain | Cluster domain | cluster.local |
commonAnnotations | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | {} |
commonLabels | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | {} |
extraDeploy | Array with extra yaml to deploy with the chart. Evaluated as a template | [] |
serviceBindings.enabled | Create secret for service binding (Experimental) | false |
diagnosticMode.enabled | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | false |
diagnosticMode.command | Command to override all containers in the deployment | ["sleep"] |
diagnosticMode.args | Args to override all containers in the deployment | ["infinity"] |
MySQL common parameters
| Name | Description | Value |
|---|---|---|
image.registry | MySQL image registry | REGISTRY_NAME |
image.repository | MySQL image repository | REPOSITORY_NAME/mysql |
image.digest | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | "" |
image.pullPolicy | MySQL image pull policy | IfNotPresent |
image.pullSecrets | Specify docker-registry secret names as an array | [] |
image.debug | Specify if debug logs should be enabled | false |
architecture | MySQL architecture (standalone or replication) | standalone |
auth.rootPassword | Password for the root user. Ignored if existing secret is provided | "" |
auth.createDatabase | Whether to create the .Values.auth.database or not | true |
auth.database | Name for a custom database to create | my_database |
auth.username | Name for a custom user to create | "" |
auth.password | Password for the new user. Ignored if existing secret is provided | "" |
auth.replicationUser | MySQL replication user | replicator |
auth.replicationPassword | MySQL replication user password. Ignored if existing secret is provided | "" |
auth.existingSecret | Use existing secret for password details. The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password | "" |
auth.usePasswordFiles | Mount credentials as files instead of using an environment variable | true |
auth.customPasswordFiles | Use custom password files when auth.usePasswordFiles is set to true. Define path for keys root and user, also define replicator if architecture is set to replication | {} |
_Note: the README for this chart is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at [***]
mysql
by library
官方
MySQL是一款广泛使用的开源关系型数据库管理系统(RDBMS),凭借开源特性、高效稳定的性能及良好的兼容性,被广泛应用于各类Web应用、企业级系统及数据存储场景,是全球最受欢迎的关系型数据库管理系统之一,为用户提供可靠的数据管理与处理支持,在数据存储、查询及维护等方面展现出优异的实用性与灵活性。
160351B+ pulls
上次更新:11 天前
bitnami/mysql
by VMware
认证
比特纳米MySQL安全镜像是一款针对MySQL数据库精心打造的预先配置、安全加固的应用镜像,集成自动安全更新机制、合规性支持(如PCI DSS、GDPR)及优化的性能配置,可简化部署流程,确保数据库在开发、测试及生产环境中稳定运行,有效防范未授权访问、数据泄露等安全风险,适用于企业级应用及各类需要高安全性数据库支持的场景。
147100M+ pulls
上次更新:3 个月前
cimg/mysql
by CircleCI
认证
cimg/mysql Docker镜像基于官方MySQL稳定版构建,为开发与CI/CD环境提供轻量级高性能服务。内置优化配置,支持数据持久化与网络隔离,基于Ubuntu系统并包含常用客户端工具。可快速部署单节点实例及容器化架构集成,适合自动化测试、本地开发及小型生产环境。镜像定期更新,确保安全性与兼容性,简化数据库环境一致性管理。
350M+ pulls
上次更新:2 个月前
ubuntu/mysql
by Canonical
认证
MySQL是一款广泛应用于各类Web应用、企业级系统及数据存储场景的开源SQL数据库,它以快速的数据处理能力、稳定的运行性能和高效的多线程架构为核心优势,其长期版本的维护工作由Canonical负责,为用户提供持续的技术支持、安全更新及功能优化服务,是全球众多开发者和企业信赖的数据库解决方案。
721M+ pulls
上次更新:6 天前
linuxserver/mysql
by linuxserver.io
由LinuxServer.io提供的MySQL容器,MySQL是世界上最流行的开源数据库,适用于各种Web应用程序。请注意:该镜像已弃用,不再维护和/或更新。
485M+ pulls
上次更新:8 年前
elestio/mysql
by Elestio
认证
由Elestio验证和打包的MySQL
250K+ pulls
上次更新:2 个月前
轩辕镜像配置手册
探索更多轩辕镜像的使用方法,找到最适合您系统的配置方式
登录仓库拉取
通过 Docker 登录认证访问私有仓库
Linux
在 Linux 系统配置镜像服务
Windows/Mac
在 Docker Desktop 配置镜像
Docker Compose
Docker Compose 项目配置
K8s Containerd
Kubernetes 集群配置 Containerd
K3s
K3s 轻量级 Kubernetes 镜像加速
宝塔面板
在宝塔面板一键配置镜像
群晖
Synology 群晖 NAS 配置
飞牛
飞牛 fnOS 系统配置镜像
极空间
极空间 NAS 系统配置服务
爱快路由
爱快 iKuai 路由系统配置
绿联
绿联 NAS 系统配置镜像
威联通
QNAP 威联通 NAS 配置
Podman
Podman 容器引擎配置
Singularity/Apptainer
HPC 科学计算容器配置
其他仓库配置
ghcr、Quay、nvcr 等镜像仓库
专属域名拉取
无需登录使用专属域名
需要其他帮助?请查看我们的 常见问题Docker 镜像访问常见问题解答 或 提交工单
镜像拉取常见问题
轩辕镜像免费版与专业版有什么区别?
免费版仅支持 Docker Hub 访问,不承诺可用性和速度;专业版支持更多镜像源,保证可用性和稳定速度,提供优先客服响应。
轩辕镜像支持哪些镜像仓库?
专业版支持 docker.io、gcr.io、ghcr.io、registry.k8s.io、nvcr.io、quay.io、mcr.microsoft.com、docker.elastic.co 等;免费版仅支持 docker.io。
流量耗尽错误提示
当返回 402 Payment Required 错误时,表示流量已耗尽,需要充值流量包以恢复服务。
410 错误问题
通常由 Docker 版本过低导致,需要升级到 20.x 或更高版本以支持 V2 协议。
manifest unknown 错误
先检查 Docker 版本,版本过低则升级;版本正常则验证镜像信息是否正确。
镜像拉取成功后,如何去掉轩辕镜像域名前缀?
使用 docker tag 命令为镜像打上新标签,去掉域名前缀,使镜像名称更简洁。
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"