Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't initialize when there is no tidb.password #282

Merged
merged 2 commits into from
Feb 26, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions charts/tidb-cluster/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,17 +1,27 @@
Cluster Startup
1. Watch tidb-cluster up and running
watch kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -o wide
watch kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} -o wide
2. List services in the tidb-cluster
kubectl get services --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
kubectl get services --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
{{- if .Values.tidb.password }}
3. Wait until tidb-initializer pod becomes completed
watch kubectl get po --namespace {{ .Release.Namespace }} -l app.kubernetes.io/component=tidb-initializer
watch kubectl get po --namespace {{ .Release.Namespace }} -l app.kubernetes.io/component=tidb-initializer
4. Get the TiDB password
PASSWORD=$(kubectl get secret -n {{ .Release.Namespace }} {{ .Values.clusterName }}-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}')
echo ${PASSWORD}
5. Access tidb-cluster using the MySQL client
kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-tidb 4000:4000 &
mysql -h 127.0.0.1 -P 4000 -u root -D test -p
kubectl get secret -n {{ .Release.Namespace }} {{ .Values.clusterName }}-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}'
{{- end -}}

Cluster access
* Access tidb-cluster using the MySQL client
kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-tidb 4000:4000 &
{{- if .Values.tidb.password }}
mysql -h 127.0.0.1 -P 4000 -u root -D test -p
{{- else -}}
mysql -h 127.0.0.1 -P 4000 -u root -D test
Set a password for your user
SET PASSWORD FOR 'root'@'%' = '{{ (randAlphaNum 10) }}'; FLUSH PRIVILEGES
{{- end -}}
{{- if .Values.monitor.create }}
6. View monitor dashboard for TiDB cluster
* View monitor dashboard for TiDB cluster
kubectl port-forward -n {{ .Release.Namespace }} svc/{{ .Values.clusterName }}-grafana 3000:3000
Open browser at http://localhost:3000. The default username and password is admin/admin.
{{- end -}}
2 changes: 2 additions & 0 deletions charts/tidb-cluster/templates/tidb-initializer-job.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.tidb.password }}
apiVersion: batch/v1
kind: Job
metadata:
Expand Down Expand Up @@ -40,3 +41,4 @@ spec:
items:
- key: password
path: init-password.sql
{{- end }}
6 changes: 2 additions & 4 deletions charts/tidb-cluster/templates/tidb-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.tidb.password }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -10,8 +11,5 @@ metadata:
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
type: Opaque
data:
{{- if .Values.tidb.password }}
password: {{ printf "SET PASSWORD FOR 'root'@'%%' = '%s' ; FLUSH PRIVILEGES;" .Values.tidb.password | b64enc }}
{{- else }}
password: {{ printf "SET PASSWORD FOR 'root'@'%%' = '%s' ; FLUSH PRIVILEGES;" (randAlphaNum 10) | b64enc }}
{{- end }}
{{- end }}
4 changes: 3 additions & 1 deletion charts/tidb-cluster/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,9 @@ tikvPromGateway:

tidb:
replicas: 2
# password is TiDB's password, if omit password, a random password is generated
# The password to access TiDB
# If set, the password will be stored both in helm and in a Secret
# If unset, the root password will be empty and you can set it after connecting
# password: "admin"
image: pingcap/tidb:v2.1.0
# Image pull policy.
Expand Down
20 changes: 10 additions & 10 deletions docs/aws-eks-tutorial.md
Original file line number Diff line number Diff line change
Expand Up @@ -392,31 +392,31 @@ watch "kubectl get svc -n tidb"
When you see `demo-tidb` appear, you can `Control + C` to stop watching. Then the service is ready to connect to!

```sh
# Get the TiDB password
PASSWORD=$(kubectl get secret -n tidb demo-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}')
echo ${PASSWORD}

# Connect to TiDB
kubectl run -n tidb mysql-client --rm -i --tty --image mysql -- mysql -P 4000 -u root -h $(kubectl get svc demo-tidb -n tidb -o jsonpath='{.spec.clusterIP}') -p
```

Or just:
Or you can forward ports and run a mysql client locally:

```sh
kubectl -n tidb port-forward demo-tidb-0 4000:4000 &>/tmp/port-forward.log &
mysql -h 127.0.0.1 -u root -P 4000 --default-character-set=utf8 -p
```

Then open a new terminal:
Try out some mysql commands:

```sh
mysql -h 127.0.0.1 -u root -P 4000 --default-character-set=utf8 -p

# Then try some sql command:
select tidb_version();
```
It works! :tada:
If you did not specify a password in helm, set one now:
```sh
SET PASSWORD FOR 'root'@'%' =
```
### Monitoring with Grafana
TiDB cluster by default ships with a Grafana monitoring page which
Expand Down
9 changes: 6 additions & 3 deletions docs/google-kubernetes-tutorial.md
Original file line number Diff line number Diff line change
Expand Up @@ -126,8 +126,6 @@ When you see `demo-tidb` appear, you can `Control + C`. The service is ready to

You can connect to the clustered service within the Kubernetes cluster:

PASSWORD=$(kubectl get secret -n tidb demo-tidb -o jsonpath="{.data.password}" | base64 --decode | awk '{print $6}') &&
echo ${PASSWORD} &&
kubectl run -n tidb mysql-client --rm -i --tty --image mysql -- mysql -P 4000 -u root -h $(kubectl get svc demo-tidb -n tidb -o jsonpath='{.spec.clusterIP}') -p

Congratulations, you are now up and running with a distributed TiDB database compatible with MySQL!
Expand All @@ -141,10 +139,15 @@ From your Cloud Shell:
sudo apt-get install -y mysql-client &&
mysql -h 127.0.0.1 -u root -P 4000 -p

If you like, you can check your connection to TiDB inside your MySQL terminal and see the latest TiDB version being deployed, using the command:
Try out a MySQL command inside your MySQL terminal:

select tidb_version();

If you did not specify a password in helm, set one now:

SET PASSWORD FOR 'root'@'%' =


## Scale out the TiDB cluster

With a single command we can easily scale out the TiDB cluster. To scale out TiKV:
Expand Down
7 changes: 0 additions & 7 deletions docs/local-dind-tutorial.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,13 +109,6 @@ To access the TiDB cluster, use `kubectl port-forward` to expose the services to

- Access TiDB using the MySQL client

1. Get the TiDB password

```sh
$ PASSWORD=$(kubectl get secret -n tidb demo-tidb -ojsonpath="{.data.password}" | base64 --decode | awk '{print $6}')
$ echo ${PASSWORD}
```

1. Use `kubectl` to forward the host machine port to the TiDB service port:

```sh
Expand Down
7 changes: 5 additions & 2 deletions docs/operation-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,15 @@ For other settings, the variables in `values.yaml` are self-explanatory with com

By default TiDB service is exposed using [`NodePort`](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport). You can modify it to `ClusterIP` which will disable access from outside of the cluster. Or modify it to [`LoadBalancer`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) if the underlining Kubernetes supports this kind of service.

By default TiDB cluster is deployed with a random generated password. You can specify a password by setting `tidb.password` in `values.yaml` before deploying. Whether you specify the password or not, you can retrieve the password through `Secret`:
```shell
$ kubectl get svc -n ${namespace} # check the available services
```

By default the TiDB cluster has no password set. You can specify a password by setting `tidb.password` in `values.yaml` before deploying. You can retrieve the password from the initialization `Secret`:

```shell
$ PASSWORD=$(kubectl get secret -n ${namespace} ${clusterName}-tidb -ojsonpath="{.data.password}" | base64 --decode | awk '{print $6}')
$ echo ${PASSWORD}
$ kubectl get svc -n ${namespace} # check the available services
```

* Access inside of the Kubernetes cluster
Expand Down