Initialize a TiDB Cluster on Kubernetes
This document describes how to initialize a TiDB cluster on Kubernetes (K8s), specifically, how to configure the initial account and password and how to initialize the database by executing SQL statements automatically in batch.
Configure TidbInitializer
Refer toTidbInitializer configuration example,API documentation, and the following steps to complete TidbInitializer Custom Resource (CR), and save it to the${cluster_name}/tidb-initializer.yamlfile. When referring to the TidbInitializer configuration example and API documentation, you need to switch the branch to the TiDB Operator version currently in use.
Set the cluster namespace and name
In the${cluster_name}/tidb-initializer.yamlfile, modify thespec.cluster.namespaceandspec.cluster.namefields:
# ...
spec:
# ...
cluster:
namespace:
${cluster_namespace}
name:
${cluster_name}
Set initial account and password
When a cluster is created, a default accountrootis created with no password. This might cause security issues. You can set a password for therootaccount in the following methods:
Create a
secretto specify the password forroot:kubectl create secret generic tidb-secret --from-literal=root=${root_password}--namespace=${namespace}If you want to create more than one user, add the desired username and the password in the above command. For example:
kubectl create secret generic tidb-secret --from-literal=root=${root_password}--from-literal=developer=${developer_password}--namespace=${namespace}This command creates
rootanddeveloperusers with their passwords, which are saved in thetidb-secretobject. By default, the regulardeveloperuser is only granted with theUSAGEprivilege. You can set other privileges in theinitSqlconfiguration item.
Set a host that has access to TiDB
To set a host that has access to TiDB, modify thepermitHost: ${mysql_client_host_name}configuration item in${cluster_name}/tidb-initializer.yaml. If it is not set, all hosts have access to TiDB. For details, refer toMysql GRANT host name.
Initialize SQL statements in batch
集群可以自动执行SQLstatements in batch ininitSqlduring the initialization. This function can be used to create some databases or tables for the cluster and perform user privilege management operations.
For example, the following configuration automatically creates a database namedappafter the cluster creation, and grants thedeveloperaccount full management privileges onapp:
spec:
...
initSql:
|- CREATE DATABASE app; GRANT ALL PRIVILEGES ON app.* TO 'developer'@'%';
Initialize the cluster
kubectl apply -f${cluster_name}/tidb-initializer.yaml --namespace=${namespace}
The above command automatically creates an initialized Job. This Job tries to set the initial password for therootaccount using thesecretobject provided. It also tries to create other accounts and passwords, if they are specified.
初始化后,状态变成了仓Completed. If you log in via MySQL client later, you need to specify the password created by the Job.
If the server does not have an external network, you need to download the Docker image used for cluster initialization on a machine with an external network and upload it to the server, and then usedocker loadto install the Docker image on the server.
The following Docker images are used to initialize a TiDB cluster:
tnir/mysqlclient:latestNext, download all these images with the following command:
docker pull tnir/mysqlclient:latest docker save -o mysqlclient-latest.tar tnir/mysqlclient:latestNext, upload these Docker images to the server, and executedocker loadto install these Docker images on the server:
docker load -i mysqlclient-latest.tar