Initialize a TiDB Cluster on Kubernetes
This document describes how to initialize a TiDB cluster on Kubernetes (K8s), specifically, how to configure the initial account and password and how to initialize the database by executing SQL statements automatically in batch.
Configure TidbInitializer
Refer toTidbInitializer configuration example,API documentation, and the following steps to complete TidbInitializer Custom Resource (CR), and save it to the${cluster_name}/tidb-initializer.yaml
file. When referring to the TidbInitializer configuration example and API documentation, you need to switch the branch to the TiDB Operator version currently in use.
Set the cluster namespace and name
In the${cluster_name}/tidb-initializer.yaml
file, modify thespec.cluster.namespace
andspec.cluster.name
fields:
# ...
spec:
# ...
cluster:
namespace:
${cluster_namespace}
name:
${cluster_name}
Set initial account and password
When a cluster is created, a default accountroot
is created with no password. This might cause security issues. You can set a password for theroot
account in the following methods:
Create a
secret
to specify the password forroot
:kubectl create secret generic tidb-secret --from-literal=root=${root_password}--namespace=${namespace}If you want to create more than one user, add the desired username and the password in the above command. For example:
kubectl create secret generic tidb-secret --from-literal=root=${root_password}--from-literal=developer=${developer_password}--namespace=${namespace}This command creates
root
anddeveloper
users with their passwords, which are saved in thetidb-secret
object. By default, the regulardeveloper
user is only granted with theUSAGE
privilege. You can set other privileges in theinitSql
configuration item.
Set a host that has access to TiDB
To set a host that has access to TiDB, modify thepermitHost: ${mysql_client_host_name}
configuration item in${cluster_name}/tidb-initializer.yaml
. If it is not set, all hosts have access to TiDB. For details, refer toMysql GRANT host name.
Initialize SQL statements in batch
集群可以自动执行SQLstatements in batch ininitSql
during the initialization. This function can be used to create some databases or tables for the cluster and perform user privilege management operations.
For example, the following configuration automatically creates a database namedapp
after the cluster creation, and grants thedeveloper
account full management privileges onapp
:
spec:
...
initSql:
|- CREATE DATABASE app; GRANT ALL PRIVILEGES ON app.* TO 'developer'@'%';
Initialize the cluster
kubectl apply -f${cluster_name}/tidb-initializer.yaml --namespace=${namespace}
The above command automatically creates an initialized Job. This Job tries to set the initial password for theroot
account using thesecret
object provided. It also tries to create other accounts and passwords, if they are specified.
初始化后,状态变成了仓Completed
. If you log in via MySQL client later, you need to specify the password created by the Job.
If the server does not have an external network, you need to download the Docker image used for cluster initialization on a machine with an external network and upload it to the server, and then usedocker load
to install the Docker image on the server.
The following Docker images are used to initialize a TiDB cluster:
tnir/mysqlclient:latest
Next, download all these images with the following command:
docker pull tnir/mysqlclient:latest docker save -o mysqlclient-latest.tar tnir/mysqlclient:latest
Next, upload these Docker images to the server, and executedocker load
to install these Docker images on the server:
docker load -i mysqlclient-latest.tar