1 of 4

Migrations

Learn about migrations with MariaDB Enterprise Kubernetes Operator. This section covers strategies and procedures for smoothly migrating your MariaDB databases within Kubernetes environments.

Enabling TLS in existing instances

In this guide, we will be migrating existing MariaDB Galera and MaxScale instances to TLS without downtime.

1. Ensure that MariaDB has TLS enabled and not enforced. Set the following options if needed:

By setting these options, the operator will issue and configure certificates for MariaDB, but TLS will not be enforced in the connections i.e. both TLS and non-TLS connections will be accepted. TLS enforcement will be optionally configured at the end of the migration process.

This will trigger a rolling upgrade, make sure it finishes successfully before proceeding with the next step. Refer to the updates documentation for further information about update strategies.

2. If you are currently using MaxScale, it is important to note that, unlike MariaDB, it does not support TLS and non-TLS connections simultaneously (see ). For this reason, you must temporarily point your applications to MariaDB during the migration process. You can achieve this by configuring your application to use the . At the end of the MariaDB migration process, the MaxScale instance will need to be recreated in order to use TLS, and then you will be able to point your application back to MaxScale. Ensure that all applications are pointing to MariaDB before moving on to the next step.

3. MariaDB is now accepting TLS connections. The next step is by pointing them to MariaDB securely. Ensure that all applications are connecting to MariaDB via TLS before proceeding to the next step.

4. If you are currently using MaxScale, and you are planning to connect via TLS through it, you should now delete your MaxScale instance. If needed, keep a copy of the MaxScale manifest, as we will need to recreate it with TLS enabled in further steps:

It is very important that you wait until your old MaxScale instance is fully terminated to make sure that the old configuration is cleaned up by the operator.

5. For enhanced security, it is recommended to enforce TLS in all MariaDB connections by setting the following options. This will trigger a rolling upgrade, make sure it finishes successfully before proceeding with the next step:

6. For improved security, you can optionally configure TLS for Galera SSTs by following the steps below:

Get the and grant execute permissions:

Run the migration script. Make sure you set <mariadb-name> with the name of the MariaDB resource:

Set the following option to enable TLS for Galera SSTs:

This will trigger a rolling upgrade, make sure it finishes successfully before proceeding with the next step

7. As mentioned in step 4, recreate your MaxScale instance with tls.enabled=true if needed:

8. MaxScale is now accepting TLS connections. Next, you need to by pointing them back to MaxScale securely. You have done this previously for MariaDB, you just need to update your application configuration to use the and its CA bundle.

Migrate Community operator to Enterprise operator

In this guide, we will be migrating from the MariaDB Community Operator to the MariaDB Enterprise Kubernetes Operator without downtime. This guide assumes:

0.37.1 version of the MariaDB Community Operator is installed in the cluster.
MariaDB community resources will be migrated to its counterpart MariaDB enterprise resource. In this case, we will be using 11.4.4 version, which is supported in both community and enterprise versions. Check the supported MariaDB Enterprise images and migrate to a counterpart community version first if needed.
MaxScale resources cannot be migrated in a similar way, they need to be recreated. To avoid downtime, temporarily point your applications to MariaDB directly during the migration.

1. Install the Enterprise CRDs as described in the .

2. Get the and grant execute permissions:

3. Migrate MariaDB resources using the migration script. Make sure you set <mariadb-name> with the name of the MariaDB resource to be migrated and <operator-version> with the version of the Enterprise operator you will be installing:

4. Update the apiVersion of the rest of CRs to enterprise.mariadb.com/v1alpha1.

5. Uninstall the Community operator:

6. If your MariaDB Community had Galera enabled, delete the <mariadb-name> Role, as it will be specyfing the Community CRDs:

7. Install the Enterprise operator as described in the . This will trigger a rolling upgrade, make sure it finishes successfully before proceeding with the next step.

8. Delete the finalizers and uninstall the Community CRDs:

9. Run mariadb-upgrade in all Pods. Make sure you set <mariadb-name> with the name of the MariaDB resource:

10. Restart the Enterprise operator:

Migrate external MariaDB into Kubernetes

In this guide, we will be migrating an external MariaDB into a new MariaDB instance running in Kubernetes and managed by MariaDB Enterprise Kubernetes Operator. We will be using for achieving this migration.

Ensure you understand the in the MariaDB Enterprise Kubernetes Operator.

1. Take a logical backup of your external MariaDB using one of the commands below:

If you are currently using or migrating to a Galera instance, use the following command instead:

2. Ensure that your backup file matches the following format: backup.2024-08-26T12:24:34Z.sql