Deploy a highly available MySQL Database System in a Container Engine for Kubernetes cluster

Oracle MySQL Database Service is a fully-managed database service deployed within Oracle Cloud Infrastructure (OCI) that supports operators and developers looking to rapidly deploy secure, cloud-native applications. You can use the OCI Service operator for Kubernetes (OSOK) to provision and manage MySQL Database systems for applications deployed in Container Engine for Kubernetes (OKE) clusters.

Using OSOK simplifies the management of MySQL Database systems for OKE administrators and allows MySQL Database System instances to be deployed alongside applications using the Kubernetes package management tool, Helm.

Architecture

This reference architecture shows an application deployed in an OKE cluster that utilizes a highly available MySQL Database System for its database. The MySQL Database System is deployed and managed entirely from within the OKE cluster with OSOK.

OSOK allows the MySQL Database System to be managed like any other Kubernetes resource using the standard Kubernetes CLI - kubectl, by modeling the MySQL Database System as Custom Resource Definition (CRD) and applying those definitions to the OKE cluster.

The MySQL Database System can be deployed as a standalone system or with High Availability (HA). An HA-enabled MySQL Database System contains three instances deployed across different availability domains or fault domains. The application connects to a single endpoint to read and write to the database. In the event of a failure, the database system will automatically fail over to a secondary instance without reconfiguration of the application.

The following diagram illustrates this reference architecture.

Description of the illustration oci-mysql-oke-ha-arch.png

oci-mysql-oke-ha-arch-oracle.zip

The architecture has the following components:

• Region

  An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Availability domains

  Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

• Fault domains

  A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

• Virtual cloud network (VCN) and subnets

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Container Engine for Kubernetes

  Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.

• Oracle MySQL Database Service

  Oracle MySQL Database Service is a fully managed Oracle Cloud Infrastructure (OCI) database service that lets developers quickly develop and deploy secure, cloud native applications. Optimized for and exclusively available in OCI, Oracle MySQL Database Service is 100% built, managed, and supported by the OCI and MySQL engineering teams.

  Oracle MySQL Database Service has an integrated, high-performance analytics engine (HeatWave) to run sophisticated real-time analytics directly against an operational MySQL database.

• Network address translation (NAT) gateway

  A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

• Service gateway

  The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

• Registry

  Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development-to-production workflow. Registry makes it easy for you to store, share, and manage development artifacts, like Docker images. The highly available and scalable architecture of Oracle Cloud Infrastructure ensures that you can deploy and manage your applications reliably.

• Load balancer

  The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

• Route table

  Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

• Security list

  For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

Recommendations

Use the following recommendations as a starting point. Your requirements might differ from the architecture described here.

• VCN

  When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

  Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

  After you create a VCN, you can change, add, and remove its CIDR blocks.

  When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

• Load balancer bandwidth

  While creating the load balancer, you can either select a predefined shape that provides a fixed bandwidth, or specify a custom (flexible) shape where you set a bandwidth range and let the service scale the bandwidth automatically based on traffic patterns. With either approach, you can change the shape at any time after creating the load balancer.

• Security lists

  Use security lists to define ingress and egress rules that apply to the entire subnet.

• Oracle MySQL Database Service

  In this architecture, the application stores the relational data in Oracle MySQL Database Service. We recommend using the latest version.

Considerations

When deploying an application in Oracle Cloud, consider these options for availability.

• Application availability

  The application is deployed with multiple pods in the deployment to provide high-availability.

• My SQL Database Service availability and scalability

  The MySQL Database Service displayed in the highly-available architecture makes use of the built-in MySQL High Availability option, which creates three instances and places them in different fault domains.

• Security

  Use policies that restrict who can access the available OCI resources. OKE is integrated with OCI Identity and Access Management (IAM). IAM provides easy authentication with native OCI identity functionality.

Deploy

This reference architecture can be deployed and managed from the OKE cluster without using the OCI console or CLI and automated with a Helm chart. The sample Helm chart for this reference architecture makes it easy to create and manage a MySQL Database System from a Kubernetes cluster deployed in OCI. You can download the code from GitHub, and customize it to suit your specific requirements.

1. Go to GitHub.
2. Clone or download the repository to your local computer.
3. Follow the instructions in the README document.

Explore More

Review these additional resources to learn more about the features of this architecture:

• Best practices framework for Oracle Cloud Infrastructure
• Deploy Cloud Native Apps that use MySQL to Oracle Cloud Infrastructure
• Learn about deploying MySQL Database Service in Oracle Cloud
• OCI Service Operator for Kubernetes
• Overview of Container Engine for Kubernetes
• The Oracle MySQL Blog

Acknowledgements

Author: Chiping Hwang