Attention: Deprecation notice for Bintray, JCenter, GoCenter and ChartCenter. Learn More


Chart version: 1.3.13
Api version: v2
App version: 8.0.21-12.1
free, fully compatible, enhanced, open source drop-in replaceme...
Chart Type
Set me up:
helm repo add center
Install Chart:
helm install percona-xtradb-cluster center/kfirfer/percona-xtradb-cluster
Versions (0)

Percona XtraDB Cluster

Percona Server for MySQL® is a free, fully compatible, enhanced, open source drop-in replacement for MySQL that provides superior performance, scalability and instrumentation. With over 3,000,000 downloads, Percona Server for MySQL’s self-tuning algorithms and support for extremely high-performance hardware delivers excellent performance and reliability.

Notable users include Netflix, Amazon Web Services, Alcatel-Lucent, and Smug Mug.


This chart, based off of the Percona chart (which in turn is based off the MySQL chart), bootstraps a multi-node Percona XtraDB Cluster deployment on a Kubernetes cluster using the Helm package manager.

The chart exploits the deterministic nature of StatefulSet and KubeDNS to ensure the cluster bootstrap is performed in the correct order.


  • Kubernetes 1.8+ with Beta APIs enabled
  • PV provisioner support in the underlying infrastructure

Installing the Chart

To install the chart with the release name my-release:

$ helm install --name my-release stable/percona-xtradb-cluster

The command deploys a Percona XtraDB Cluster on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

The root password can only be used inside each pod. You should set a default mysqlDatabase, mysqlUser and mysqlPassword in the values.yaml file.

By default an insecure password will be generated for the root and replication users. If you’d like to set your own password change the mysqlRootPassword or xtraBackupPassword respectively in the values.yaml.

You can retrieve your root password (usable only via localhost in each pod) by running the following command. Make sure to replace [YOUR_RELEASE_NAME]:

printf $(printf '\%o' `kubectl get secret [YOUR_RELEASE_NAME]-percona -o jsonpath="{.data.mysql-root-password[*]}"`)

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.


The following table lists the configurable parameters of the Percona chart and their default values.

Parameter Description Default
image.repository percona-xtradb-cluster image Repo. 5.7.19 release
image.tag percona-xtradb-cluster image tag. percona/percona-xtradb-cluster
image.pullPolicy Image pull policy IfNotPresent
replicas Number of pods to join the Percona XtraDB Cluster 3
allowRootFrom Remote hosts to allow root access, set to to disable remote root %
mysqlRootPassword Password for the root user. not-a-secure-password
xtraBackupPassword Password for the xtrabackup user. replicate-my-data
pxc_strict_mode Setting for pxc_strict_mode. ENFORCING
mysqlUser Username of new user to create. nil
mysqlPassword Password for the new user. nil
mysqlDatabase Name for new database to create. nil
serviceAccountName Name for the pod’s serviceAccount nil
securityContext.runAsUser Run the pod with this uid nil
securityContext.runAsGroup Run the pod with this gid nil
securityContext.fsGroup Set GID for mounted volumes nil
persistence.enabled Create a volume to store data false
persistence.size Size of persistent volume claim 8Gi RW
persistence.storageClass Type of persistent volume claim nil (uses alpha storage class annotation)
persistence.accessMode ReadWriteOnce or ReadOnly ReadWriteOnce
tolerations Node labels for pod assignment []
nodeSelector Node labels for pod assignment {}
podAnnotations Pod annotations {}
resources CPU/Memory resource requests/limits Memory: 256Mi, CPU: 100m
configFiles files to write to /etc/mysql/conf.d see values.yaml
ssl.enabled Setup and use SSL for MySQL connections false
ssl.secret Name of the secret containing the SSL certificates mysql-ssl-certs
ssl.certificates[0].name Name of the secret containing the SSL certificates nil
ssl.certificates[0].ca CA certificate nil
ssl.certificates[0].cert Server certificate (public key) nil
ssl.certificates[0].key Server key (private key) nil
logTail if set to true runs a container to tail /var/log/mysqld.log in the pod true
metricsExporter.enabled if set to true runs a mysql metrics exporter container in the pod false
metricsExporter.commandOverrides Overrides default docker command for metrics exporter []
metricsExporter.argsOverrides Overrides default docker args for metrics exporter []
metricsExporter.tag Specify a docker image tag for prom/mysqld-exporter metrics exporter docker image nil
prometheus.operator.enabled Setting to true will create Prometheus-Operator specific resources false
prometheus.operator.prometheusRule.enabled Create default alerting rules true
prometheus.operator.prometheusRule.labels Labels to add to alerts {}
prometheus.operator.prometheusRule.namespace Namespace which Prometheus is installed in nil
prometheus.operator.prometheusRule.selector Label Selector for Prometheus to find ServiceMonitors nil
prometheus.operator.serviceMonitor.interval Interval at which Prometheus will scrape metrics exporter 10s
prometheus.operator.serviceMonitor.namespace Namespace which Prometheus is installed in nil
prometheus.operator.serviceMonitor.selector Label Selector for Prometheus to find ServiceMonitors nil
podDisruptionBudget Pod disruption budget {enabled: false, maxUnavailable: 1}
service.percona.headless if set to true makes the percona service headless false

Some of the parameters above map to the env variables defined in the Percona XtraDB Cluster DockerHub image.

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install --name my-release \
  --set mysqlRootPassword=secretpassword,mysqlUser=my-user,mysqlPassword=my-password,mysqlDatabase=my-database \

The above command sets the MySQL root account password to secretpassword. Additionally it creates a standard database user named my-user, with the password my-password, who has access to a database named my-database.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

$ helm install --name my-release -f values.yaml stable/percona-xtradb-cluster

Tip: You can use the default values.yaml


The Percona XtraDB Cluster DockerHub image stores the MySQL data and configurations at the /var/lib/mysql path of the container.

By default, an emptyDir volume is mounted at that location.

“An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever.”

You can change the values.yaml to enable persistence and use a PersistentVolumeClaim instead.


This chart supports configuring MySQL to use encrypted connections with TLS/SSL certificates provided by the user. This is accomplished by storing the required Certificate Authority file, the server public key certificate, and the server private key as a Kubernetes secret. The SSL options for this chart support the following use cases:

  • Manage certificate secrets with helm
  • Manage certificate secrets outside of helm

Manage certificate secrets with helm

Include your certificate data in the ssl.certificates section. For example:

  enabled: false
  secret: mysql-ssl-certs
  - name: mysql-ssl-certs
    ca: |-
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    cert: |-
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    key: |-
      -----BEGIN RSA PRIVATE KEY-----
      -----END RSA PRIVATE KEY-----

Note: Make sure your certificate data has the correct formatting in the values file.

Manage certificate secrets outside of helm

  1. Ensure the certificate secret exist before installation of this chart.
  2. Set the name of the certificate secret in ssl.secret.
  3. Make sure there are no entries underneath ssl.certificates.

To manually create the certificate secret from local files you can execute:

kubectl create secret generic mysql-ssl-certs \
  --from-file=ca.pem=./ssl/certificate-authority.pem \
  --from-file=server-cert.pem=./ssl/server-public-key.pem \

Note: ca.pem, server-cert.pem, and server-key.pem must be used as the key names in this generic secret.

If you are using a certificate your configurationFiles must include the three ssl lines under [mysqld]


PXC Strict Mode

PXC Strict Mode is designed to avoid the use of experimental and unsupported features in Percona XtraDB Cluster. It performs a number of validations at startup and during runtime.

Depending on the actual mode you select, upon encountering a failed validation, the server will either throw an error (halting startup or denying the operation), or log a warning and continue running as normal. The following modes are available:

  • DISABLED: Do not perform strict mode validations and run as normal.
  • PERMISSIVE: If a vaidation fails, log a warning and continue running as normal.
  • ENFORCING: If a validation fails during startup, halt the server and throw an error. If a validation fails during runtime, deny the operation and throw an error.
  • MASTER: The same as ENFORCING except that the validation of explicit table locking is not performed. This mode can be used with clusters in which write operations are isolated to a single node.

By default, PXC Strict Mode is set to ENFORCING, except if the node is acting as a standalone server or the node is bootstrapping, then PXC Strict Mode defaults to DISABLED.


Bootstrap cluster from disaster

Kill all pods

if you see

[percona-xtradb-cluster-pxc-0 logs] 2020-12-25T05:31:19.259043Z 0 [ERROR] [MY-000000] [Galera] It may not be safe to bootstrap the cluster from this node. It was not the last one to leave the cluster and may not contain all the updates. To force cluster bootstrap with this node, edit the grastate.dat file manually and set safe_to_bootstrap to 1 . 

Debug container:

kubectl debug percona-xtradb-cluster-pxc-0 -it --copy-to=percona-xtradb-cluster-pxc-0-debug --container=database -- sh

When pending:

kubectl delete pod percona-xtradb-cluster-pxc-0 --force

In the debug container:

sed -i -e 's/safe_to_bootstrap: 0/safe_to_bootstrap: 1/g' /var/lib/mysql/grastate.dat

kubectl delete pod percona-xtradb-cluster-pxc-0-debug