apiVersion: apps/v1 kind: Deployment metadata: name: mysql labels: app.kubernetes.io/name: mysql app.kubernetes.io/component: database spec: replicas: 1 strategy: type: Recreate # MySQL requires Recreate since PVC is ReadWriteOnce selector: matchLabels: app.kubernetes.io/name: mysql app.kubernetes.io/component: database template: metadata: labels: app.kubernetes.io/name: mysql app.kubernetes.io/component: database spec: # fsGroup 999 = mysql group in the container image. # Without this, the hostPath volume is owned by root and MySQL # cannot write to /var/lib/mysql → pod CrashLoops immediately. securityContext: fsGroup: 999 containers: - name: mysql image: mysql:8.0 ports: - containerPort: 3306 name: mysql env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-secret key: MYSQL_ROOT_PASSWORD - name: MYSQL_DATABASE valueFrom: secretKeyRef: name: mysql-secret key: DB_NAME # Allow root to connect from backend pods (any host), not just localhost. - name: MYSQL_ROOT_HOST value: "%" volumeMounts: - name: mysql-data mountPath: /var/lib/mysql resources: requests: cpu: 250m memory: 512Mi limits: cpu: "1" memory: 1Gi livenessProbe: exec: command: - sh - -c - mysqladmin ping -h 127.0.0.1 -u root -p"$MYSQL_ROOT_PASSWORD" --silent initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: exec: command: - sh - -c - mysqladmin ping -h 127.0.0.1 -u root -p"$MYSQL_ROOT_PASSWORD" --silent # MySQL 8.0 first-run initialization takes 30-60s on slow disks. initialDelaySeconds: 30 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 10 volumes: - name: mysql-data persistentVolumeClaim: claimName: mysql-data-pvc