diff --git a/README.md b/README.md
index 3e6c82632d9a6ec3955cda3188d7de05a8d09a43..7e06f50465587780ee5ba4565e4277111015dc9d 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,7 @@
 # k8s-mysql-cluster
+
+[![Join the chat at https://gitter.im/k8s-mysql-cluster/community](https://badges.gitter.im/k8s-mysql-cluster/community.svg)](https://gitter.im/k8s-mysql-cluster/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
 各大云厂商都推出了RDS服务器，主要特点提供Mysql集群，保证高可用性，额外提供备份功能，但对于初创公司来说，价格有些贵。而单机mysql虽然不能保证高可用，但是其本身也提供了准备复制(Master Slave Replication)、主复制(Group Replication)，甚至提供了Mysql Innodb Cluster，一个利用mysql-shell, mysql group replication和mysql-router搭建集群的方案，这些功能社区版都是提供的，因此，自建mysql集群是初创公司高性价比的方案之一。
 
 ## 关于本项目
diff --git a/create-mysql-account.sh b/create-mysql-account.sh
index 6325e1076e7a6a39926effb51f55edcf589e0553..77854593075f56c2511cf92aabd48300f9984b77 100755
--- a/create-mysql-account.sh
+++ b/create-mysql-account.sh
@@ -7,34 +7,34 @@ MYSQL_REPLICATOR_PASSWORD='mysql_pass'
 MYSQL_SERVER_ADDRESS='127.0.0.1'
 
 # create accounts
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "create user admin@'%' identified by $(MYSQL_ADMIN_PASSWORD)"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "create user backup@'127.0.0.1' identified by $(MYSQL_BACKUP_PASSWORD)"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "create user bootstrap@'%' identified by $(MYSQL_BOOTSTRAP_PASSWORD)"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "create user replicator@'%' identified by $(MYSQL_REPLICATOR_PASSWORD)"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "create user readiness@'127.0.0.1' identified by readiness"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "create user admin@'%' identified by $MYSQL_ADMIN_PASSWORD"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "create user backuper@'127.0.0.1' identified by $MYSQL_BACKUP_PASSWORD"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "create user bootstrap@'%' identified by $MYSQL_BOOTSTRAP_PASSWORD"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "create user replicator@'%' identified by $MYSQL_REPLICATOR_PASSWORD"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "create user readiness@'127.0.0.1' identified by readiness"
 
 # grant group replication privileges for amdin
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT, RELOAD, SHUTDOWN, PROCESS, FILE, SUPER, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER ON *.* TO `admin`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT BACKUP_ADMIN,CLONE_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SYSTEM_VARIABLES_ADMIN ON *.* TO `admin`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT INSERT, UPDATE, DELETE ON `mysql`.* TO `admin`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysql_innodb_cluster_metadata`.* TO `admin`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysql_innodb_cluster_metadata_bkp`.* TO `admin`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysql_innodb_cluster_metadata_previous`.* TO `admin`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT, RELOAD, SHUTDOWN, PROCESS, FILE, SUPER, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER ON *.* TO `admin`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT BACKUP_ADMIN,CLONE_ADMIN,PERSIST_RO_VARIABLES_ADMIN,SYSTEM_VARIABLES_ADMIN ON *.* TO `admin`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT INSERT, UPDATE, DELETE ON `mysql`.* TO `admin`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysql_innodb_cluster_metadata`.* TO `admin`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysql_innodb_cluster_metadata_bkp`.* TO `admin`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysql_innodb_cluster_metadata_previous`.* TO `admin`@`%` WITH GRANT OPTION"
 
 # grant privileges for backup
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT ON *.* TO `backuper`@`127.0.0.1`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT BACKUP_ADMIN ON *.* TO `backuper`@`127.0.0.1`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT ON `performance_schema`.`log_status` TO `backuper`@`127.0.0.1`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT ON *.* TO `backuper`@`127.0.0.1`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT BACKUP_ADMIN ON *.* TO `backuper`@`127.0.0.1`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT ON `performance_schema`.`log_status` TO `backuper`@`127.0.0.1`"
 
 # grant privileges for bootstrap
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT CREATE USER ON *.* TO `bootstraper`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES, EXECUTE ON `mysql_innodb_cluster_metadata`.* TO `bootstraper`@`%` WITH GRANT OPTION"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT REFERENCES ON `mysql_innodb_cluster_metadata_bkp`.* TO `bootstraper`@`%`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT REFERENCES ON `mysql_innodb_cluster_metadata_previous`.* TO `bootstraper`@`%`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT ON `mysql`.`user` TO `bootstraper`@`%`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT ON `performance_schema`.`global_variables` TO `bootstraper`@`%`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT ON `performance_schema`.`replication_group_member_stats` TO `bootstraper`@`%`"
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT SELECT ON `performance_schema`.`replication_group_members` TO `bootstraper`@`%`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT CREATE USER ON *.* TO `bootstraper`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES, EXECUTE ON `mysql_innodb_cluster_metadata`.* TO `bootstraper`@`%` WITH GRANT OPTION"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT REFERENCES ON `mysql_innodb_cluster_metadata_bkp`.* TO `bootstraper`@`%`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT REFERENCES ON `mysql_innodb_cluster_metadata_previous`.* TO `bootstraper`@`%`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT ON `mysql`.`user` TO `bootstraper`@`%`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT ON `performance_schema`.`global_variables` TO `bootstraper`@`%`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT ON `performance_schema`.`replication_group_member_stats` TO `bootstraper`@`%`"
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT SELECT ON `performance_schema`.`replication_group_members` TO `bootstraper`@`%`"
 
 # grant privileges for replicator
-mysql -uroot -p$(MYSQL_ROOT_PASSWORD) -h $(MYSQL_SERVER_ADDRESS) -e "GRANT REPLICATION SLAVE ON *.* TO `replicator`@`%`"
\ No newline at end of file
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_SERVER_ADDRESS -e "GRANT REPLICATION SLAVE ON *.* TO `replicator`@`%`"
\ No newline at end of file
diff --git a/image/mysql-router/Dockerfile b/image/mysql-router/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..7925157d65f2c6d26c1ee3d017ea51e5d4d596a4
--- /dev/null
+++ b/image/mysql-router/Dockerfile
@@ -0,0 +1,9 @@
+FROM percona-xtrabackup:8.0
+LABEL maintainer="xiaochaoren"
+RUN apt-get purge -y percona-xtrabackup-80
+RUN apt-get install -y mysql-router
+
+EXPOSE 646
+EXPOSE 6447
+
+CMD ["bash", "-c", "tail -f /dev/null"]
\ No newline at end of file
diff --git a/image/percona-mysql/Dockerfile b/image/percona-mysql/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..a8bc4076ca356def670a3204a252999d4e1eb368
--- /dev/null
+++ b/image/percona-mysql/Dockerfile
@@ -0,0 +1,20 @@
+FROM percona/percona-server:8.0.18
+MAINTAINER xiaochaoren
+
+USER root
+
+RUN yum install -y gnupg
+COPY gosu-amd64 /usr/local/bin/gosu
+COPY gosu-amd64.asc /usr/local/bin/gosu.asc
+RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+    && gpg --verify /usr/local/bin/gosu.asc \
+    && rm /usr/local/bin/gosu.asc \
+    && rm -r /root/.gnupg/ \
+    && chmod +x /usr/local/bin/gosu \
+    && gosu nobody true
+
+COPY entry.sh /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["mysqld"]
diff --git a/image/percona-mysql/entry.sh b/image/percona-mysql/entry.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a6ec1d676dd7aa5451bab25e205f477d9ae349f6
--- /dev/null
+++ b/image/percona-mysql/entry.sh
@@ -0,0 +1,247 @@
+#!/bin/bash
+set -eo pipefail
+shopt -s nullglob
+
+# if command starts with an option, prepend mysqld
+if [ "${1:0:1}" = '-' ]; then
+	set -- mysqld "$@"
+fi
+
+# skip setup if they want an option that stops mysqld
+wantHelp=
+for arg; do
+	case "$arg" in
+		-'?'|--help|--print-defaults|-V|--version)
+			wantHelp=1
+			break
+			;;
+	esac
+done
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# usage: process_init_file FILENAME MYSQLCOMMAND...
+#    ie: process_init_file foo.sh mysql -uroot
+# (process a single initializer file, based on its extension. we define this
+# function here, so that initializer scripts (*.sh) can use the same logic,
+# potentially recursively, or override the logic used in subsequent calls)
+process_init_file() {
+	local f="$1"; shift
+	local mysql=( "$@" )
+
+	case "$f" in
+		*.sh)     echo "$0: running $f"; . "$f" ;;
+		*.sql)    echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
+		*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
+		*)        echo "$0: ignoring $f" ;;
+	esac
+	echo
+}
+
+_check_config() {
+	toRun=( "$@" --verbose --help )
+	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+		cat >&2 <<-EOM
+			ERROR: mysqld failed while attempting to check config
+			command was: "${toRun[*]}"
+			$errors
+		EOM
+		exit 1
+	fi
+}
+
+# Fetch value from server config
+# We use mysqld --verbose --help instead of my_print_defaults because the
+# latter only show values present in config files, and not server defaults
+_get_config() {
+	local conf="$1"; shift
+	"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+		| awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+	# match "datadir      /some/path with/spaces in/it here" but not "--xyz=abc\n     datadir (xyz)"
+}
+
+docker_create_db_directories() {
+	local user; user="$(id -u)"
+
+    echo "user: $user"
+
+	# TODO other directories that are used by default? like /var/lib/mysql-files
+	# see https://github.com/docker-library/mysql/issues/562
+	mkdir -p "$DATADIR"
+
+	if [ "$user" = "0" ]; then
+        echo 'change owner to mysql'
+		# this will cause less disk access than `chown -R`
+		find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+	fi
+}
+
+if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
+	# still need to check config, container may have started with --user
+	_check_config "$@"
+
+	if [ -n "$INIT_TOKUDB" ]; then
+		export LD_PRELOAD=/usr/lib64/libjemalloc.so.1
+	fi
+	# Get config
+	DATADIR="$(_get_config 'datadir' "$@")"
+
+    docker_create_db_directories
+
+    # If container is started as root user, restart as dedicated mysql user
+	if [ "$(id -u)" = "0" ]; then
+        echo "change to mysql, $0, $@"
+		exec gosu mysql "$0" "$@"
+        echo "complete change user $(id -u)"
+    fi
+
+	if [ ! -d "$DATADIR/mysql" ]; then
+		file_env 'MYSQL_ROOT_PASSWORD'
+		if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+			echo >&2 'error: database is uninitialized and password option is not specified '
+			echo >&2 '  You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+			exit 1
+		fi
+
+		echo 'Initializing database'
+		"$@" --initialize-insecure
+		echo 'Database initialized'
+
+		if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
+			# https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
+			echo 'Initializing certificates'
+			mysql_ssl_rsa_setup --datadir="$DATADIR"
+			echo 'Certificates initialized'
+		fi
+
+		SOCKET="$(_get_config 'socket' "$@")"
+		"$@" --skip-networking --socket="${SOCKET}" &
+		pid="$!"
+
+		mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" --password="" )
+
+		for i in {120..0}; do
+			if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+				break
+			fi
+			echo 'MySQL init process in progress...'
+			sleep 1
+		done
+		if [ "$i" = 0 ]; then
+			echo >&2 'MySQL init process failed.'
+			exit 1
+		fi
+
+		if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+			# sed is for https://bugs.mysql.com/bug.php?id=20545
+			mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+		fi
+
+		# install TokuDB engine
+		if [ -n "$INIT_TOKUDB" ]; then
+			ps-admin --docker --enable-tokudb -u root -p $MYSQL_ROOT_PASSWORD
+		fi
+		if [ -n "$INIT_ROCKSDB" ]; then
+			ps-admin --docker --enable-rocksdb -u root -p $MYSQL_ROOT_PASSWORD
+		fi
+
+		if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+			MYSQL_ROOT_PASSWORD="$(pwmake 128)"
+			echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+		fi
+
+		rootCreate=
+		# default root to listen for connections from anywhere
+		file_env 'MYSQL_ROOT_HOST' '%'
+		if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+			# no, we don't care if read finds a terminating character in this heredoc
+			# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+			read -r -d '' rootCreate <<-EOSQL || true
+				CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+				GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+			EOSQL
+		fi
+
+		"${mysql[@]}" <<-EOSQL
+			-- What's done in this file shouldn't be replicated
+			--  or products like mysql-fabric won't work
+			SET @@SESSION.SQL_LOG_BIN=0;
+			DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'mysql.infoschema', 'mysql.session', 'root') OR host NOT IN ('localhost') ;
+			ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+			GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+			${rootCreate}
+			DROP DATABASE IF EXISTS test ;
+			FLUSH PRIVILEGES ;
+		EOSQL
+
+		if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+			mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+		fi
+
+		file_env 'MYSQL_DATABASE'
+		if [ "$MYSQL_DATABASE" ]; then
+			echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+			mysql+=( "$MYSQL_DATABASE" )
+		fi
+
+		file_env 'MYSQL_USER'
+		file_env 'MYSQL_PASSWORD'
+		if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+			echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+
+			if [ "$MYSQL_DATABASE" ]; then
+				echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+			fi
+
+			echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
+		fi
+
+		echo
+		ls /docker-entrypoint-initdb.d/ > /dev/null
+		for f in /docker-entrypoint-initdb.d/*; do
+			process_init_file "$f" "${mysql[@]}"
+		done
+
+		if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then
+			"${mysql[@]}" <<-EOSQL
+				ALTER USER 'root'@'%' PASSWORD EXPIRE;
+			EOSQL
+		fi
+		if ! kill -s TERM "$pid" || ! wait "$pid"; then
+			echo >&2 'MySQL init process failed.'
+			exit 1
+		fi
+
+		echo
+		echo 'MySQL init process done. Ready for start up.'
+		echo
+	fi
+
+  # exit when MYSQL_INIT_ONLY environment variable is set to avoid starting mysqld
+  if [ ! -z "$MYSQL_INIT_ONLY" ]; then
+      echo 'Initialization complete, now exiting!'
+      exit 0
+  fi
+fi
+
+exec "$@"
\ No newline at end of file
diff --git a/image/percona-xtrabackup/Dockerfile b/image/percona-xtrabackup/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..73d03ecb7473850cfb5f50e39031b5406036146c
--- /dev/null
+++ b/image/percona-xtrabackup/Dockerfile
@@ -0,0 +1,24 @@
+FROM ubuntu:18.04
+MAINTAINER xiaochaoren
+RUN rm -rf /etc/apt/sources.list
+
+COPY sources.list /etc/apt/
+
+RUN apt-get update
+RUN apt-get install -y lsb-release
+RUN apt-get install -y wget
+RUN apt-get install -y gnupg
+RUN apt-get install -y nmap
+
+RUN wget -c https://repo.mysql.com/mysql-apt-config_0.8.14-1_all.deb
+RUN export DEBIAN_FRONTEND=noninteractive && export DEBIAN_PRIORITY=critical && dpkg -i mysql-apt-config_0.8.14-1_all.deb
+
+RUN wget https://repo.percona.com/apt/percona-release_latest.$(lsb_release -sc)_all.deb
+RUN dpkg -i percona-release_latest.$(lsb_release -sc)_all.deb
+RUN percona-release enable-only tools release
+RUN apt-get update
+RUN apt-get install -y mysql-client
+RUN apt-get install -y percona-xtrabackup-80
+RUN apt-get install -y mysql-shell
+
+CMD ["/bin/bash"]
diff --git a/image/percona-xtrabackup/sources.list b/image/percona-xtrabackup/sources.list
new file mode 100644
index 0000000000000000000000000000000000000000..1cd4ff9ff6f5c4c7f8696387e6217a5b6206d984
--- /dev/null
+++ b/image/percona-xtrabackup/sources.list
@@ -0,0 +1,14 @@
+deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
+deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
+
+deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
+deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
+
+deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
+deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
+
+deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
+deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
+
+deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
+deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
diff --git a/mysql-accounts/secret.yml b/mysql-accounts/secret.yml
index 82ab2d9160da11b364d20580f18e69afe74aca04..bcff4e77ff2a5fe3763b7b4a3ef1114740efed68 100644
--- a/mysql-accounts/secret.yml
+++ b/mysql-accounts/secret.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mysql-account-password
-  namespace: promotion
+  namespace: data
 type: Opaque
 data:
   admin-account: YWRtaW4=