The goal of this project is to setup an application deployed to Kubernetes that can discover via Consul/Consul Connect a MySQL Group Replication Cluster running on a VM cluster outside of Kubernetes. The MySQL cluster will be fronted by a ProxySQL cluster, and will be discoverable via service discovery from Consul.
- Kubernetes (via AKS)
- Hashicorp
- Consul (required)
- Packer (required)
- Vault (optional)
- Terraform (optional)
- MySQL/MariaDB (required)
- ProxySQL (required)
- Use packer to create a base image
- ensure:
- MySQL is installed
- Consul agent is installed
- run cloudinit scripts to initialize the MySQL Group Replication cluster
- check to see if current node is
<node-name>-#e.g.mysql-node-1- run initial MySQL group replication setup for first node
- output/save the config string for all other nodes
- check to see if current node
- use output from first node to join the cluster
- check to see if current node is
- ensure:
- Use packer to create a base image
- ensure:
- ProxySQL is installed
- Consul agent is installed
- run init scripts to stand up the ProxySQL cluster
- ensure:
- Deploy AKS cluster
- Install Consul via Helm
- Deploy base app that will connect to the MySQL backend
- Ensure consul agent/proxy is deployed as sidecar along side app
- enforce mTLS communication
- enforce service mesh policies (App can communicate with MySQL backend)
- Add Vault integration to dynamically get MySQL user credentials
- reduces the blast radius should a node and it's credentials get compromised
- allows for auditing/logging for who has tried to gain access