From 808f8131f1f68becb9924f575832200c6c68cfa4 Mon Sep 17 00:00:00 2001
From: k3forx <kanata.miyahana@bebit.com>
Date: Mon, 24 May 2021 08:34:56 +0900
Subject: [PATCH] Reduce security issues for MySQL pod

---
 k8s/mysql/base/statefulset.yaml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/k8s/mysql/base/statefulset.yaml b/k8s/mysql/base/statefulset.yaml
index 7adddae..a7e18d4 100644
--- a/k8s/mysql/base/statefulset.yaml
+++ b/k8s/mysql/base/statefulset.yaml
@@ -9,13 +9,37 @@ spec:
     spec:
       containers:
         - name: mysql
-          imagePullPolicy: IfNotPresent
+          imagePullPolicy: Always
           image: mysql:5.7
           ports:
             - containerPort: 3306
           envFrom:
             - secretRef:
                 name: mysql-secret
+          # resources:
+          #   requests:
+          #     memory: "128Mi"
+          #     cpu: "50M"
+          #   limits:
+          #     memory: "128Mi"
+          #     cpu: "50M"
+          securityContext:
+            runAsUser: 12345
+            runAsGroup: 12345
+            readOnlyRootFilesystem: true
+          livenessProbe:
+            exec:
+              command: ["mysqladmin", "ping"]
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+          # readinessProbe:
+          #   exec:
+          #     # Check we can execute queries over TCP (skip-networking is off).
+          #     command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
+          #   initialDelaySeconds: 15
+          #   periodSeconds: 5
+          #   timeoutSeconds: 1
   volumeClaimTemplates:
     - metadata:
         name: mysql-storage