Support partial ProxySQL configuration merge with runtime password injection

[chinaboard]

Proposal

Description:
Currently, if a user specifies spec.proxysql.configuration, they must provide a complete proxysql.cnf. The entrypoint's password injection via sed doesn't work because the ConfigMap mount is read-only.

Expected behavior:

• User provides partial config (e.g., just mysql_variables.auto_increment_delay_multiplex=0)
• Operator merges it with default config
• Passwords are still injected at runtime

Current behavior:

• User must provide complete config
• Password injection fails (read-only mount)

Thanks!

Use-Case

User does:

1. Partial config merged with defaults, passwords injected at runtime

  proxysql:
    configuration: |
      mysql_variables=
      {
        auto_increment_delay_multiplex=0
      }

2. Provide full config without hardcoded passwords:

  proxysql:
    configuration: |
      datadir="/var/lib/proxysql"
      admin_variables = { ... }
      mysql_variables = { auto_increment_delay_multiplex=0 ... }

Is this a feature you are interested in implementing yourself?

No

Anything else?

No response

[egegunes]

This request makes sense to me but I don't know how to we merge default and user provided configurations. I need to play with this a bit, I'll try to check on Friday.

[chinaboard]

@egegunes I followed the official documentation to update the cr.yaml configuration. However, the ConfigMap mounted to config.yaml is read-only. So it seems we must use the full config file and cannot render passwords dynamically via an init script directly on the mounted file. But if we copy the file first and then render it, this would solve the permission issue.

[egegunes]

Yes, we are fixing it under #2325