fix(mysql): probe over TCP so a moved socket can't kill a healthy DB

[LukasWodka]

Summary

All three MySQL probes (startupProbe, livenessProbe, readinessProbe) ran mysqladmin ping -h localhost, which connects over the client-default unix socket /var/run/mysqld/mysqld.sock. The mysql-client image actually writes its socket to /var/lib/mysql/mysql.sock, so the probe can never reach a perfectly healthy mysqld — the startupProbe exhausts (~130s) and the kubelet kill-loops the database, cascading jobs-manager and requests-proxy into CrashLoopBackOff.

This switches all three probes to TCP (mysqladmin ping -h 127.0.0.1, port 3306), which is immune to wherever the image places its socket, and adds a comment so it isn't reverted.

Why it slipped

Mutable image tag :prod + imagePullPolicy: IfNotPresent: cached clusters keep an older working image, but every fresh install pulling the current :prod is broken. Reproduced on a clean cluster (RAM and proxy/NO_PROXY both ruled out). Full root-cause writeup: tracebloc/backend#767.

Type

• Bug fix (regression)

Test plan

• helm template renders cleanly (1998 lines, valid YAML) with ci/bm-values.yaml; all three rendered probes show -h 127.0.0.1.
• mysqladmin ping returns "mysqld is alive" (exit 0) over TCP without credentials — same auth behavior as the previous -h localhost, just TCP transport.
• Verified live on an affected cluster via the equivalent runtime patch: mysql-client went 1/1 with 0 restarts and the cascade recovered.

Checklist

• Targets develop
• No customer identifiers
• Reviewer to confirm CI (helm-ci, installer-tests) green

Follow-ups (tracked in backend#767, not in this PR)

• Pin mysql-client by digest (images.mysqlClient.digest) — a mutable :prod tag is how this shipped silently.
• A secrets-gated full-stack E2E (waits for mysql-client/jobs-manager Ready) under the install-journey epic #736 would have caught it.

[LukasWodka]

👋 Heads-up — Code review queue is at 9 / 8

Above the WIP limit. The team convention is to review existing PRs before opening new work.

Open PRs currently in Code review (oldest first):

• client#215 — Post-install self-verification of CLI usability (#738) · author: @LukasWodka · no reviewer assigned
• client#223 — test(charts): add helm-unittest suite for requests-proxy-service template · author: @saadqbal · no reviewer assigned
• client#224 — fix(Wire SINGLE_NODE flag: chart default from hostPath.enabled + installer sets it #222): wire SINGLE_NODE — chart default from hostPath.enabled + installer · author: @saadqbal · no reviewer assigned
• client-runtime#93 — fix(chore: revert default CODEOWNERS (back to author-picks-reviewer) #92): gate GPU→CPU pending fallback to single-node clusters · author: @saadqbal · no reviewer assigned
• data-ingestors#169 — feat: add token_classification (NER/POS) ingestion · author: @shujaatTracebloc · reviewer: @divyasinghds
• design-system#38 — feat(molecules): add ButtonGroup + InputButtonCombo · author: @waqaskhanroghani · reviewer: @saadqbal
• frontend-app#510 — fix(leaderboard): derive Score tooltip from use case metric (#509) · author: @waqaskhanroghani · reviewer: @saadqbal
• tracebloc-client#355 — fix(object_detection): scale RCNN targets to pixel space · author: @shujaatTracebloc · reviewer: @divyasinghds

Pull from review before opening new work. (This is a nudge from the kanban WIP check, not a block.)