apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
parameters:
  type: gp2

---
apiVersion: v1
kind: Service
metadata:
  name: wordpress-mysql
  labels:
    app: wordpress
  annotations:
    checkov.io/skip1: CKV_K8S_21 Using default namespace is acceptable for demo code
spec:
  ports:
    - port: 3306
  selector:
    app: wordpress
    tier: mysql
  clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-pv-claim
  labels:
    app: wordpress
spec:
  storageClassName: ebs-sc
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  annotations: 
    checkov.io/skip1: CKV_K8S_37 Using the default settings of containers with capabilities for brevity
    checkov.io/skip2: CKV_K8S_37 Skip specifying the seccomp profile for simplicity
    checkov.io/skip3: CKV_K8S_8 Skipping liveness probe as it is not directly related to security
    checkov.io/skip4: CKV_K8S_15 skipping image pull policy as it is not directly related to security 

  name: wordpress-mysql
  labels:
    app: wordpress
spec:
  serviceName: wordpress-mysql
  selector:
    matchLabels:
      app: wordpress
      tier: mysql
  template:
    metadata:
      labels:
        app: wordpress
        tier: mysql
    spec:
      containers:
      - image: mysql:5.6
        name: mysql
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: password
        ports:
        - containerPort: 3306
          name: mysql
        volumeMounts:
        - name: mysql-persistent-storage
          mountPath: /var/lib/mysql
        resources:
          requests: 
            cpu: 1
            memory: 1G
          limits:
            cpu: 4
            memory: 4G
      volumes:
      - name: mysql-persistent-storage
        persistentVolumeClaim:
          claimName: mysql-pv-claim
---