Skip to main content

Overview

MySQL is a widely used open-source relational database management system. This template deploys a single-replica MySQL instance with persistent storage, an optional phpMyAdmin web interface, and optional scheduled backups to AWS S3 or GCS.
MySQL on Control Plane operates as a single-replica deployment. Do not scale up the replica count, as this would result in multiple isolated instances rather than a replicated cluster.

What Gets Created

  • Stateful Workload — A single-replica MySQL database container with configurable resources.
  • Volume Set — Persistent storage for MySQL data, with optional autoscaling.
  • Secret — A dictionary secret storing the database name, root password, and user credentials. When backup is enabled, the secret also includes backup storage configuration.
  • Identity & Policy — An identity bound to the workload with reveal access to the database credentials secret. When backup is enabled, the identity also grants the backup cron job access to the configured cloud storage.
  • Backup Cron Job (optional) — A scheduled job that dumps the MySQL database to an S3 or GCS bucket. Enabled when backup.enabled: true.
  • phpMyAdmin Workload (optional) — A web-based database management interface. Enabled when enablePhpMyAdmin: true.
This template does not create a GVC. You must deploy it into an existing GVC.

Prerequisites

Prerequisites are only required if you plan to enable MySQL backups (backup.enabled: true). The backup feature requires MySQL 9+. Skip this section if backups are not needed.

AWS S3

  1. Create an S3 bucket. Set backup.aws.bucket and backup.aws.region in your values file.
  2. If you do not have a Control Plane Cloud Account set up, follow the Create a Cloud Account guide. Set backup.aws.cloudAccountName to the name of your Cloud Account.
  3. Create an IAM policy with the following JSON, replacing YOUR_BUCKET_NAME: 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:GetObjectVersion",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME",
                "arn:aws:s3:::YOUR_BUCKET_NAME/*"
            ]
        }
    ]
}
  1. Set backup.aws.policyName to the name of the policy created in step 3.

GCS

  1. Create a GCS bucket. Set backup.gcp.bucket in your values file.
  2. If you do not have a Control Plane Cloud Account set up, follow the Create a Cloud Account guide. Set backup.gcp.cloudAccountName to the name of your Cloud Account.
  3. Add the Storage Admin role to the GCP service account associated with the Cloud Account.

Installation

To install, follow the instructions for your preferred method:

UI

Browse, install, and manage templates visually

CLI

Manage templates from your terminal

Terraform

Declare templates in your Terraform configurations

Pulumi

Declare templates in your Pulumi programs

Configuration

The default values.yaml for this template: 
image: mysql:9 # versions before mysql:9 are compatible but do not support backup feature

resources:
  minCpu: 100m
  maxCpu: 400m
  minMemory: 128Mi
  maxMemory: 512Mi

timeoutSeconds: 15

config:
  db: test
  rootPassword: root-password
  user: username
  password: password

internalAccess:
  type: same-gvc # options: none, same-gvc, same-org, workload-list
  workloads: # Note: can only be used if type is same-gvc or workload-list
    #- //gvc/GVC_NAME/workload/WORKLOAD_NAME

volumeset:
  capacity: 10 # initial capacity in GiB (minimum is 10)
  autoscaling:
    enabled: false
    maxCapacity: 100 # Maximum capacity in GiB
    minFreePercentage: 10 # Trigger scaling when free space drops below this percentage
    scalingFactor: 1.2 # Multiply current capacity by this factor when scaling up

enablePhpMyAdmin: false

backup: # compatible with MySQL 9+
  enabled: true
  image: controlplanecorporation/mysql-backup:9.1 # tag 9.1 = MySQL 9 compatible
  schedule: "0 2 * * *" # daily at 2am UTC

  resources:
    cpu: 100m
    memory: 128Mi

  provider: aws # Options: aws or gcp

  aws:
    bucket: mysql-backup-bucket
    region: us-east-1
    cloudAccountName: mysql-backup-cloudaccount
    policyName: mysql-backup-policy
    prefix: mysql/backups # Folder path within the bucket

  gcp:
    bucket: mysql-backup-bucket
    cloudAccountName: mysql-backup-cloudaccount
    prefix: mysql/backups

Credentials

  • config.db — Name of the database created on startup.
  • config.rootPassword — Password for the MySQL root user. Change before deploying to production.
  • config.user — Name of the non-root database user created on startup.
  • config.password — Password for the non-root user. Change before deploying to production.
These values are only applied on first startup when the data directory is empty. Updating them after the initial deployment will have no effect on the running database. To change credentials or the database name on an existing instance, use MySQL’s native commands (e.g. ALTER USER, RENAME DATABASE).

Resources

  • resources.minCpu / resources.minMemory — Minimum CPU and memory guaranteed to the workload.
  • resources.maxCpu / resources.maxMemory — Maximum CPU and memory the workload can use.
  • timeoutSeconds — Workload timeout in seconds.

Storage

  • volumeset.capacity — Initial volume size in GiB (minimum 10).
  • volumeset.autoscaling.enabled — Automatically expand the volume as it fills. When enabled:
    • maxCapacity — Maximum volume size in GiB.
    • minFreePercentage — Trigger a scale-up when free space drops below this percentage.
    • scalingFactor — Multiply the current capacity by this factor when scaling up.

Internal Access

  • internalAccess.type — Controls which workloads can connect to MySQL on port 3306:
TypeDescription
noneNo internal access allowed
same-gvcAllow access from all workloads in the same GVC
same-orgAllow access from all workloads in the same organization
workload-listAllow access only from specific workloads listed in workloads

phpMyAdmin

  • enablePhpMyAdmin — When true, deploys a phpMyAdmin workload for browser-based database management.

Backup

Set backup.enabled: true to enable scheduled database dumps to object storage. The backup feature requires MySQL 9+. Set backup.provider to aws or gcp and fill in the corresponding section. The prefix field controls the folder path within the bucket where backups are stored.

Restoring a Backup

To restore from a backup, run the following from a client with access to the bucket: AWS S3 
export MYSQL_PWD="ROOT_PASSWORD"

aws s3 cp "s3://BUCKET_NAME/PREFIX/BACKUP_FILE.sql.gz" - \
  | gunzip \
  | mysql \
      --host=WORKLOAD_NAME \
      --port=3306 \
      --user=root \
      DATABASE_NAME

unset MYSQL_PWD
GCS 
export MYSQL_PWD="ROOT_PASSWORD"

gsutil cp "gs://BUCKET_NAME/PREFIX/BACKUP_FILE.sql.gz" - \
  | gunzip \
  | mysql \
      --host=WORKLOAD_NAME \
      --port=3306 \
      --user=root \
      DATABASE_NAME

unset MYSQL_PWD

Connecting to MySQL

Once deployed, connect to the database from within the same GVC using: 
RELEASE_NAME-mysql.GVC_NAME.cpln.local:3306

External References

MySQL Documentation

Official MySQL documentation

phpMyAdmin Documentation

phpMyAdmin user documentation

Cloud Accounts

Create a Control Plane Cloud Account for backup storage access

MySQL Template

View the source files, default values, and chart definition