apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mysql-pvc labels: app: mysql spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: mysql-deployment # namespace: intern-workspace labels: app: mysql spec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: serviceAccountName: database-sa securityContext: runAsUser: 999 runAsGroup: 999 fsGroup: 999 containers: - name: mysql image: mysql:8.0 ports: - containerPort: 3306 envFrom: - configMapRef: name: app-config - secretRef: name: db-secret readinessProbe: exec: command: - sh - -c - mysqladmin ping -h 127.0.0.1 -u root -p$(MYSQL_ROOT_PASSWORD) initialDelaySeconds: 10 periodSeconds: 5 livenessProbe: exec: command: - sh - -c - mysqladmin ping -h 127.0.0.1 -u root -p$(MYSQL_ROOT_PASSWORD) initialDelaySeconds: 20 periodSeconds: 10 resources: requests: memory: "512Mi" cpu: "500m" limits: memory: "1Gi" cpu: "1000m" volumeMounts: - name: mysql-storage mountPath: /var/lib/mysql securityContext: runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL volumes: - name: mysql-storage persistentVolumeClaim: claimName: mysql-pvc --- apiVersion: v1 kind: Service metadata: name: db labels: app: mysql spec: type: ClusterIP ports: - port: 3306 targetPort: 3306 protocol: TCP selector: app: mysql