Don't initialize when there is no tidb.password

Don't create * a secret * an initializer job The user can manage users from the MySQL connection
pingcap · Feb 22, 2019 · 7519a26 · 7519a26
1 parent a2a37ab
commit 7519a26
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 14 deletions.
diff --git a/charts/tidb-cluster/templates/NOTES.txt b/charts/tidb-cluster/templates/NOTES.txt
@@ -1,17 +1,27 @@
+Cluster Startup
 1. Watch tidb-cluster up and running
-   watch kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -o wide
+     watch kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -o wide
 2. List services in the tidb-cluster
-   kubectl get services --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
+     kubectl get services --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
+{{- if .Values.tidb.password }}
 3. Wait until tidb-initializer pod becomes completed
-   watch kubectl get po --namespace {{ .Release.Namespace }}  -l app.kubernetes.io/component=tidb-initializer
+     watch kubectl get po --namespace {{ .Release.Namespace }}  -l app.kubernetes.io/component=tidb-initializer
 4. Get the TiDB password
-   PASSWORD=$(kubectl get secret -n {{ .Release.Namespace }} {{ .Values.clusterName }}-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}')
-   echo ${PASSWORD}
-5. Access tidb-cluster using the MySQL client
-   kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-tidb 4000:4000 &
-   mysql -h 127.0.0.1 -P 4000 -u root -D test -p
+     kubectl get secret -n {{ .Release.Namespace }} {{ .Values.clusterName }}-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}'
+{{- end -}}
+
+Cluster access
+* Access tidb-cluster using the MySQL client
+    kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-tidb 4000:4000 &
+{{- if .Values.tidb.password }}
+    mysql -h 127.0.0.1 -P 4000 -u root -D test -p
+{{- else -}}
+    mysql -h 127.0.0.1 -P 4000 -u root -D test
+  Set a password for your user
+    SET PASSWORD FOR 'root'@'%' = '{{ (randAlphaNum 10) }}'; FLUSH PRIVILEGES
+{{- end -}}
 {{- if .Values.monitor.create }}
-6. View monitor dashboard for TiDB cluster
+* View monitor dashboard for TiDB cluster
    kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-grafana 3000:3000
    Open browser at http://localhost:3000. The default username and password is admin/admin.
 {{- end -}}
diff --git a/charts/tidb-cluster/templates/tidb-initializer-job.yaml b/charts/tidb-cluster/templates/tidb-initializer-job.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.tidb.password }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -40,3 +41,4 @@ spec:
           items:
           - key: password
             path: init-password.sql
+{{- end }}
diff --git a/charts/tidb-cluster/templates/tidb-secret.yaml b/charts/tidb-cluster/templates/tidb-secret.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.tidb.password }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,8 +11,5 @@ metadata:
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+"  "_" }}
 type: Opaque
 data:
-  {{- if .Values.tidb.password }}
   password: {{ printf "SET PASSWORD FOR 'root'@'%%' = '%s' ; FLUSH PRIVILEGES;" .Values.tidb.password | b64enc }}
-  {{- else }}
-  password: {{ printf "SET PASSWORD FOR 'root'@'%%' = '%s' ; FLUSH PRIVILEGES;" (randAlphaNum 10) | b64enc }}
-  {{- end }}
+{{- end }}
diff --git a/charts/tidb-cluster/values.yaml b/charts/tidb-cluster/values.yaml
@@ -145,7 +145,9 @@ tikvPromGateway:
 
 tidb:
   replicas: 2
-  # password is TiDB's password, if omit password, a random password is generated
+  # The password to access TiDB
+  # If set, the password will be stored both in helm and in a Secret
+  # If unset, the root password will be empty and you can set it after connecting
   # password: "admin"
   image: pingcap/tidb:v2.1.0
   # Image pull policy.