From 7519a261a16af0cb9559eee84f3f5a792fe766c0 Mon Sep 17 00:00:00 2001 From: Greg Weber Date: Fri, 22 Feb 2019 09:50:27 -0800 Subject: [PATCH] Don't initialize when there is no tidb.password Don't create * a secret * an initializer job The user can manage users from the MySQL connection --- charts/tidb-cluster/templates/NOTES.txt | 28 +++++++++++++------ .../templates/tidb-initializer-job.yaml | 2 ++ .../tidb-cluster/templates/tidb-secret.yaml | 6 ++-- charts/tidb-cluster/values.yaml | 4 ++- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/charts/tidb-cluster/templates/NOTES.txt b/charts/tidb-cluster/templates/NOTES.txt index d78a5b64e7e..27576a2a49d 100644 --- a/charts/tidb-cluster/templates/NOTES.txt +++ b/charts/tidb-cluster/templates/NOTES.txt @@ -1,17 +1,27 @@ +Cluster Startup 1. Watch tidb-cluster up and running - watch kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -o wide + watch kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -o wide 2. List services in the tidb-cluster - kubectl get services --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + kubectl get services --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} +{{- if .Values.tidb.password }} 3. Wait until tidb-initializer pod becomes completed - watch kubectl get po --namespace {{ .Release.Namespace }} -l app.kubernetes.io/component=tidb-initializer + watch kubectl get po --namespace {{ .Release.Namespace }} -l app.kubernetes.io/component=tidb-initializer 4. Get the TiDB password - PASSWORD=$(kubectl get secret -n {{ .Release.Namespace }} {{ .Values.clusterName }}-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}') - echo ${PASSWORD} -5. Access tidb-cluster using the MySQL client - kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-tidb 4000:4000 & - mysql -h 127.0.0.1 -P 4000 -u root -D test -p + kubectl get secret -n {{ .Release.Namespace }} {{ .Values.clusterName }}-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}' +{{- end -}} + +Cluster access +* Access tidb-cluster using the MySQL client + kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-tidb 4000:4000 & +{{- if .Values.tidb.password }} + mysql -h 127.0.0.1 -P 4000 -u root -D test -p +{{- else -}} + mysql -h 127.0.0.1 -P 4000 -u root -D test + Set a password for your user + SET PASSWORD FOR 'root'@'%' = '{{ (randAlphaNum 10) }}'; FLUSH PRIVILEGES +{{- end -}} {{- if .Values.monitor.create }} -6. View monitor dashboard for TiDB cluster +* View monitor dashboard for TiDB cluster kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-grafana 3000:3000 Open browser at http://localhost:3000. The default username and password is admin/admin. {{- end -}} diff --git a/charts/tidb-cluster/templates/tidb-initializer-job.yaml b/charts/tidb-cluster/templates/tidb-initializer-job.yaml index f60f3059f17..c4bdc76c5b6 100644 --- a/charts/tidb-cluster/templates/tidb-initializer-job.yaml +++ b/charts/tidb-cluster/templates/tidb-initializer-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tidb.password }} apiVersion: batch/v1 kind: Job metadata: @@ -40,3 +41,4 @@ spec: items: - key: password path: init-password.sql +{{- end }} diff --git a/charts/tidb-cluster/templates/tidb-secret.yaml b/charts/tidb-cluster/templates/tidb-secret.yaml index 1fcae2dcb14..e92697767fd 100644 --- a/charts/tidb-cluster/templates/tidb-secret.yaml +++ b/charts/tidb-cluster/templates/tidb-secret.yaml @@ -1,3 +1,4 @@ +{{- if .Values.tidb.password }} apiVersion: v1 kind: Secret metadata: @@ -10,8 +11,5 @@ metadata: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} type: Opaque data: - {{- if .Values.tidb.password }} password: {{ printf "SET PASSWORD FOR 'root'@'%%' = '%s' ; FLUSH PRIVILEGES;" .Values.tidb.password | b64enc }} - {{- else }} - password: {{ printf "SET PASSWORD FOR 'root'@'%%' = '%s' ; FLUSH PRIVILEGES;" (randAlphaNum 10) | b64enc }} - {{- end }} +{{- end }} diff --git a/charts/tidb-cluster/values.yaml b/charts/tidb-cluster/values.yaml index 672dde98ed8..5a6098862a3 100644 --- a/charts/tidb-cluster/values.yaml +++ b/charts/tidb-cluster/values.yaml @@ -145,7 +145,9 @@ tikvPromGateway: tidb: replicas: 2 - # password is TiDB's password, if omit password, a random password is generated + # The password to access TiDB + # If set, the password will be stored both in helm and in a Secret + # If unset, the root password will be empty and you can set it after connecting # password: "admin" image: pingcap/tidb:v2.1.0 # Image pull policy.