Skip to content

K8SPXC-1830 handle caching_sha2_password for proxysql_exporter#2384

Draft
gkech wants to merge 1 commit intomainfrom
K8SPXC-1830
Draft

K8SPXC-1830 handle caching_sha2_password for proxysql_exporter#2384
gkech wants to merge 1 commit intomainfrom
K8SPXC-1830

Conversation

@gkech
Copy link
Copy Markdown
Contributor

@gkech gkech commented Mar 11, 2026
edited
Loading

CHANGE DESCRIPTION

Problem:

PMM's proxysql_exporter fails to connect to the ProxySQL admin interface (port 6032) when PXC 8.4 is used. Two root causes:

  • The monitor user has no credentials configured for the ProxySQL admin interface
  • K8SPXC-1470 added default_authentication_plugin="caching_sha2_password" to proxysql.cnf. In ProxySQL 2.7 this affects the admin interface too, causing a caching_sha2_password full-auth handshake that the Go MySQL driver in proxysql_exporter cannot complete without SSL.

Cause:
Short explanation of the root cause of the issue if applicable.

Solution:
Short explanation of the solution we are providing with this PR.

CHECKLIST

Jira

  • Is the Jira ticket created and referenced properly?
  • Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
  • Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

  • Is an E2E test/test case added for the new feature/change?
  • Are unit tests added where appropriate?
  • Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

  • Are all needed new/changed options added to default YAML files?
  • Are all needed new/changed options added to the Helm Chart?
  • Did we add proper logging messages for operator actions?
  • Did we ensure compatibility with the previous version or cluster upgrade process?
  • Does the change support oldest and newest supported PXC version?
  • Does the change support oldest and newest supported Kubernetes version?

@pull-request-size pull-request-size bot added the size/M 30-99 lines label Mar 11, 2026
github-actions[bot]
github-actions bot reviewed Mar 11, 2026
View reviewed changes
build/pmm-prerun.sh
)
fi

if [[ $DB_TYPE == "proxysql" && "${PROXYSQL_ADMIN_TLS}" == "true" ]]; then
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[shfmt] reported by reviewdog 🐶

Suggested change
if [[ $DB_TYPE == "proxysql" && "${PROXYSQL_ADMIN_TLS}" == "true" ]]; then
if [[ $DB_TYPE == "proxysql" && ${PROXYSQL_ADMIN_TLS} == "true" ]]; then

@JNKPercona
Copy link
Copy Markdown
Collaborator

JNKPercona commented Mar 11, 2026

Test Name Result Time
auto-tuning-8-0 passed 00:19:39
allocator-8-0 passed 00:14:18
allocator-8-4 passed 00:14:04
backup-storage-tls-8-0 passed 00:22:18
cross-site-8-0 passed 00:36:56
custom-users-8-0 passed 00:13:07
demand-backup-cloud-8-0 passed 01:01:30
demand-backup-cloud-8-4 passed 01:00:35
demand-backup-cloud-pxb-8-0 passed 00:57:27
demand-backup-encrypted-with-tls-5-7 passed 00:48:00
demand-backup-encrypted-with-tls-8-0 passed 00:48:01
demand-backup-encrypted-with-tls-8-4 passed 00:47:37
demand-backup-encrypted-with-tls-pxb-5-7 passed 00:18:30
demand-backup-encrypted-with-tls-pxb-8-0 passed 00:17:58
demand-backup-encrypted-with-tls-pxb-8-4 passed 00:19:15
demand-backup-8-0 passed 00:49:01
demand-backup-flow-control-8-0 passed 00:10:20
demand-backup-flow-control-8-4 passed 00:11:58
demand-backup-parallel-8-0 passed 00:09:28
demand-backup-parallel-8-4 passed 00:09:50
demand-backup-without-passwords-8-0 passed 00:16:23
demand-backup-without-passwords-8-4 passed 00:17:11
extra-pvc-8-0 passed 00:25:49
haproxy-5-7 passed 00:15:29
haproxy-8-0 passed 00:15:01
haproxy-8-4 passed 00:14:26
init-deploy-5-7 failure 00:10:08
init-deploy-8-0 failure 00:10:04
limits-8-0 failure 00:02:44
monitoring-2-0-8-0 passed 00:23:31
monitoring-pmm3-8-0 failure 00:20:50
monitoring-pmm3-8-4 failure 00:21:57
one-pod-5-7 passed 00:14:12
one-pod-8-0 passed 00:13:44
pitr-8-0 passed 00:47:27
pitr-8-4 passed 00:47:18
pitr-pxb-8-0 passed 00:47:00
pitr-pxb-8-4 passed 00:46:30
pitr-gap-errors-8-0 passed 00:50:44
pitr-gap-errors-8-4 passed 00:49:53
proxy-protocol-8-0 passed 00:09:41
proxy-switch-8-0 passed 00:15:13
proxysql-sidecar-res-limits-8-0 passed 00:09:37
proxysql-scheduler-8-0 passed 00:28:06
pvc-resize-5-7 passed 00:16:09
pvc-resize-8-0 passed 00:16:59
recreate-8-0 passed 00:18:09
restore-to-encrypted-cluster-8-0 passed 00:27:04
restore-to-encrypted-cluster-8-4 passed 00:27:40
restore-to-encrypted-cluster-pxb-8-0 passed 00:16:06
restore-to-encrypted-cluster-pxb-8-4 passed 00:17:06
scaling-proxysql-8-0 passed 00:08:47
scaling-8-0 passed 00:11:14
scheduled-backup-5-7 passed 01:04:52
scheduled-backup-8-0 passed 01:04:59
scheduled-backup-8-4 passed 01:04:45
security-context-8-0 passed 00:27:24
smart-update1-8-0 passed 00:33:23
smart-update1-8-4 passed 00:33:42
smart-update2-8-0 passed 00:39:08
smart-update2-8-4 passed 00:39:15
smart-update3-8-0 passed 00:16:38
storage-8-0 passed 00:10:50
tls-issue-cert-manager-ref-8-0 passed 00:10:00
tls-issue-cert-manager-8-0 passed 00:10:21
tls-issue-self-8-0 passed 00:14:28
upgrade-consistency-8-0 passed 00:12:00
upgrade-consistency-8-4 passed 00:12:29
upgrade-haproxy-5-7 passed 00:25:25
upgrade-haproxy-8-0 passed 00:25:15
upgrade-proxysql-5-7 passed 00:14:44
upgrade-proxysql-8-0 passed 00:16:02
users-5-7 failure 00:07:10
users-8-0 failure 00:07:15
users-scheduler-8-4 failure 00:07:10
validation-hook-8-0 passed 00:01:38
Summary Value
Tests Run 76/76
Job Duration 04:07:54
Total Test Time 31:21:31

commit: 7f4bfbf
image: perconalab/percona-xtradb-cluster-operator:PR-2384-7f4bfbf4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@jvpasinatto jvpasinatto Awaiting requested review from jvpasinatto jvpasinatto will be requested when the pull request is marked ready for review jvpasinatto is a code owner

@eleo007 eleo007 Awaiting requested review from eleo007 eleo007 will be requested when the pull request is marked ready for review eleo007 is a code owner

@valmiranogueira valmiranogueira Awaiting requested review from valmiranogueira valmiranogueira will be requested when the pull request is marked ready for review valmiranogueira is a code owner

@egegunes egegunes Awaiting requested review from egegunes egegunes will be requested when the pull request is marked ready for review egegunes is a code owner

@nmarukovich nmarukovich Awaiting requested review from nmarukovich nmarukovich will be requested when the pull request is marked ready for review nmarukovich is a code owner

@mayankshah1607 mayankshah1607 Awaiting requested review from mayankshah1607 mayankshah1607 will be requested when the pull request is marked ready for review mayankshah1607 is a code owner

@oksana-grishchenko oksana-grishchenko Awaiting requested review from oksana-grishchenko oksana-grishchenko will be requested when the pull request is marked ready for review oksana-grishchenko is a code owner

@hors hors Awaiting requested review from hors hors will be requested when the pull request is marked ready for review hors is a code owner

@pooknull pooknull Awaiting requested review from pooknull pooknull will be requested when the pull request is marked ready for review pooknull is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

size/M 30-99 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gkech @JNKPercona