MySQL Operator for Kubernetes Release Notes
MySQL Shell
MySQL Router
MySQL Operator for Kubernetes creates and/or utilizes several MySQL accounts as when creating an InnoDB Cluster. Internal accounts created and only used by MySQL Operator for Kubernetes may be used by users but they must not be changed (dropped, password changes, grant changes, and so on).
Typically the only account a system administrator uses is the 'root' user, whereas other MySQL users are considered internal to the MySQL InnoDB Cluster installation.
Table 3.1 MySQL accounts created and/or used by MySQL Operator.
| MySQL User | Purpose | Creator | Description |
|---|---|---|---|
root |
General system administration by the user | MySQL Operator for Kubernetes as defined by the user |
Defined when InnoDB Cluster is created using a
user-supplied Kubernetes secret object as referenced by
the You may want to create less-privileged MySQL accounts with this user. |
localroot |
Used by Operator to perform local administration tasks | MySQL Operator for Kubernetes | This local root account specific to MySQL Operator for Kubernetes, and is used by the MySQL sidecar container for local maintenance tasks like creating other accounts, configuring instances, and verifying replication status. It should not be used or edited by users. It's created with auth_socket authentication and PROXY with full privileges and no password. |
mysqladmin |
Administration tasks by the Operator | MySQL Operator for Kubernetes | Used to administer the InnoDB Cluster, credentials managed by the "{clustername}-privsecrets" Kubernetes secret |
mysqlbackup |
Administration tasks by the Operator | MySQL Operator for Kubernetes | Used to create backups and manage backup jobs, credentials managed by the "{clustername}-backup" Kubernetes secret |
mysqlrouter |
Administration tasks by the Operator | MySQL Operator for Kubernetes | Tasks include managing MySQL Router instances to access cluster metadata; credentials managed by the "{clustername}-router" Kubernetes secret |
mysqlhealthchecker |
Internal health checks | MySQL Operator for Kubernetes | A local account used for health checks only (liveness and readiness probes); created with auth_socket authentication and no privileges. |
mysql_innodb_cluster_{server_id} |
Internal recovery users that enable connections between the servers in the cluster | MySQL InnoDB Cluster | One per MySQL instance, for additional information see Internal User Accounts Created by InnoDB Cluster. |
mysql.infoschema |
Reserved | MySQL Server | See Reserved Accounts. |
mysql.session |
Reserved | MySQL Server | See Reserved Accounts. |
mysql.sys |
Reserved | MySQL Server | See Reserved Accounts. |
Related: Deploying MySQL Operator for Kubernetes creates a Kubernetes service
account with a name defaulting to
mysql-operator-sa in the bundled
deploy-operator.yaml and Helm deployment
template.
For a list of all ports used by MySQL services, see MySQL Port Reference.