add tls support between drainer and downstream database server #2993
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #2993 +/- ##
==========================================
+ Coverage 41.41% 41.64% +0.22%
==========================================
Files 155 156 +1
Lines 16744 16801 +57
==========================================
+ Hits 6934 6996 +62
+ Misses 9250 9241 -9
- Partials 560 564 +4
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
/test pull-e2e-kind |
|
/test pull-e2e-kind-serial |
charts/tidb-drainer/values.yaml
Outdated
| @@ -48,6 +48,22 @@ tlsCluster: | |||
| certAllowedCN: [] | |||
| # - TiDB | |||
|
|
|||
| # The tls config between drainer and the downstream database server (MySQL/TiDB) | |||
There was a problem hiding this comment.
Suggested change
| # The tls config between drainer and the downstream database server (MySQL/TiDB) | |
| # The TLS config between drainer and the downstream database server (MySQL/TiDB) |
charts/tidb-drainer/values.yaml
Outdated
| @@ -48,6 +48,22 @@ tlsCluster: | |||
| certAllowedCN: [] | |||
| # - TiDB | |||
|
|
|||
| # The tls config between drainer and the downstream database server (MySQL/TiDB) | |||
| tlsSyncer: | |||
| tlsClientSecretName: | |||
There was a problem hiding this comment.
Please add comments to explain what's this field is for and what keys should be included in the secret or add an example command as in L41-L43.
There was a problem hiding this comment.
Suggest commenting out the new configurations.
There was a problem hiding this comment.
Suggested change
| tlsClientSecretName: | |
| # tlsClientSecretName: "" |
| tlsSyncer: | ||
| tlsClientSecretName: | ||
|
|
||
| # certAllowedCN is the Common Name that allowed |
There was a problem hiding this comment.
What's the difference between this one and the one in L64, please make it clear.
charts/tidb-drainer/values.yaml
Outdated
| certAllowedCN: [] | ||
| # - TiDB | ||
|
|
||
| # checkpoint is the tls config for the database we save binlog checkpoint |
There was a problem hiding this comment.
Suggested change
| # checkpoint is the tls config for the database we save binlog checkpoint | |
| # checkpoint is the TLS config for the database we save binlog checkpoint |
charts/tidb-drainer/values.yaml
Outdated
| # - TiDB | ||
|
|
||
| # checkpoint is the tls config for the database we save binlog checkpoint | ||
| # Omit this part if you just want to save checkpoint in downstream database |
There was a problem hiding this comment.
What does this mean?
| # Omit this part if you just want to save checkpoint in downstream database | ||
| checkpoint: | ||
| tlsClientSecretName: | ||
| # certAllowedCN is the Common Name that allowed |
There was a problem hiding this comment.
Make it clear for the difference with L56.
charts/tidb-drainer/values.yaml
Outdated
| @@ -48,6 +48,22 @@ tlsCluster: | |||
| certAllowedCN: [] | |||
| # - TiDB | |||
|
|
|||
| # The tls config between drainer and the downstream database server (MySQL/TiDB) | |||
| tlsSyncer: | |||
There was a problem hiding this comment.
Suggested change
| tlsSyncer: | |
| tlsSyncer: {} |
charts/tidb-drainer/values.yaml
Outdated
| tlsClientSecretName: | ||
|
|
||
| # certAllowedCN is the Common Name that allowed | ||
| certAllowedCN: [] |
There was a problem hiding this comment.
Suggested change
| certAllowedCN: [] | |
| # certAllowedCN: [] |
charts/tidb-drainer/values.yaml
Outdated
Comment on lines
61
to
62
| checkpoint: | ||
| tlsClientSecretName: |
There was a problem hiding this comment.
Suggested change
| checkpoint: | |
| tlsClientSecretName: | |
| # checkpoint: | |
| # tlsClientSecretName: "" |
charts/tidb-drainer/values.yaml
Outdated
| checkpoint: | ||
| tlsClientSecretName: | ||
| # certAllowedCN is the Common Name that allowed | ||
| certAllowedCN: [] |
There was a problem hiding this comment.
Suggested change
| certAllowedCN: [] | |
| # certAllowedCN: [] |
weekface
previously approved these changes
Jul 22, 2020
|
/test pull-e2e-kind |
ti-srebot
approved these changes
Jul 22, 2020
|
@weekface PTAL again |
weekface
approved these changes
Jul 22, 2020
ti-srebot
pushed a commit
to ti-srebot/tidb-operator
that referenced
this pull request
Jul 22, 2020
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
|
cherry pick to release-1.1 in PR #3000 |
DanielZhangQD
added a commit
that referenced
this pull request
Jul 22, 2020
Signed-off-by: ti-srebot <ti-srebot@pingcap.com> Co-authored-by: Chunzhu Li <lichunzhu@stu.xjtu.edu.cn> Co-authored-by: DanielZhangQD <36026334+DanielZhangQD@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?
resolve #2969
add tls support between drainer and downstream database server.
What is changed and how does it work?
add tls syncer part for drainer.
Check List
Tests
Related changes
Does this PR introduce a user-facing change?: