k3s external db installation/setup
We will proceed by setting up an external database:
Linux [Debian/Ubuntu] w/ mysql:⌗
sudo apt update
sudo apt upgrade
sudo apt install mysql-server-8.0
mysql config is typically located in /etc/mysql/my.cnf
setting up mysql is a little weird at first this is what i found to be the most optimal path:
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'my-secret-password';
exit
sudo mysql_secure_installation
and proceed with the steps….
Next we finally create a database and user:
CREATE DATABASE k3s;
CREATE USER 'user'@'%' IDENTIFIED BY 'password'
GRANT ALL PRIVILEGES ON `k3s`.* TO 'user'@'%';
FLUSH PRIVILEGES;
sudo vim /etc/mysql/my.cnf
if you are not a vim guy feel free to use your favorite editor of choice (gg vim wars!) add this to the cnf:
[mysqld]
require_secure_transport = ON
bind-address = 0.0.0.0
ssl_cert = '/var/lib/mysql/db.crt'
ssl_key = '/var/lib/mysql/db.key'
ssl_ca = '/var/lib/mysql/k3s.crt'
Next we need to create those crt/key files which do not exist yet…
I found it most optimal to do this on the server that we have installed mysql on:
sudo openssl req -new -x509 -days 365 -nodes -text -out /var/lib/mysql/db.crt -keyout /var/lib/mysql/db.key -subj "/CN=dbk3s.local.yourdns.com" -addext "subjectAltName=DNS:lbk3s.local.yourdns.com"
sudo chmod 0600 /var/lib/mysql/db.key
sudo chown mysql:mysql /var/lib/mysql/db.key
sudo scp /var/lib/mysql/db.crt master1-user@k3s-server-1:
sudo scp /var/lib/mysql/db.crt master2-user@k3s-server-2:
Now on k3s-server-1 please create the k3s.key:
openssl req -new -x509 -days 365 -nodes -text -out k3s.crt -keyout k3s.key -subj "/CN=k3s" -addext "subjectAltName=DNS:k3s"
chmod 0600 k3s.key
dont forget to send it over to the other master server and database server i.e.:
scp k3s.crt user@k3s-database-server:
scp k3s.crt k3s.key master2-user@k3s-server-2:
And finally back on the database server remember to move that key to /var/lib/mysql i.e.
sudo mv k3s.crt /var/lib/mysql/
Congratulations External Database for our High Availability K3s is complete.
Freebsd mariadb server 15.x install/setup:⌗
location of mysql.conf: /usr/local/etc/mysql/
location of ssl certs (which i made up arbitrarily): /var/lib/mysql/
in /root there is mysqlrootpassword
so we can easily:
cat mysqlrootpassword
mysql_secure_installation
And follow the prompts :P
CREATE DATABASE k3s;
CREATE USER 'user'@'%' IDENTIFIED BY 'password';
GRANT ALL ON `k3s`.* TO 'user'@'%';
GRANT USAGE ON *.* TO 'user'@'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'user'@'%';
[mysqld]
require_secure_transport = on
bind_address = 0.0.0.0
ssl_cert = /var/lib/mysql/db.crt
ssl_key = /var/lib/mysql/db.key
ssl_ca = /var/lib/mysql/k3s.crt
Note the case in freebsd is different and there are no single quotes for [mysqld] freebsd
Follow same steps detailed in Linux section to generate those certs/keys.
Don’t forget to restart the service once completed:
/usr/local/etc/rc.d/mysql-server restart