- Deploy TiDB Cluster
- Deploy a TiDB Cluster across Multiple Kubernetes Clusters
- Deploy Heterogeneous Cluster
- Deploy TiFlash
- Deploy TiCDC
- Deploy TiDB Binlog
- Deploy TiDB Enterprise Edition
- Deploy Multiple Sets of TiDB Operator
- Migrate TiDB to Kubernetes
- Upgrade TiDB Cluster
- Upgrade TiDB Operator
- Perform a Canary Upgrade
- Pause Sync of TiDB Cluster
- Backup and Restore
- Backup and Restore with S3-Compatible Storage
- Backup and Restore with GCS
- Backup and Restore with Persistent Volumes
- Disaster Recovery
- TiDB Operator Roadmap
- Release Notes
In some Kubernetes environments, containers cannot be run as the root user. In this case, you can set
securityContext to run containers as a non-root user.
For TiDB Operator containers, you can configure security context in the helm
values.yaml file. All TiDB Operator components (at
<controllerManager/scheduler/advancedStatefulset/admissionWebhook>.securityContext) support this configuration.
The following is an example configuration:
controllerManager: securityContext: runAsUser: 1000 runAsGroup: 2000 fsGroup: 2000
For the containers controlled by CR, you can configure security context in any CRs (TidbCluster/DMCluster/TiInitializer/TiMonitor/Backup/BackupSchedule/Restore) to make the containers run as a non-root user.
You can either configure
podSecurityContext at a cluster level (
spec.podSecurityContext) for all components or at a component level (such as
spec.tidb.podSecurityContext for TidbCluster and
spec.master.podSecurityContext for DMCluster) for a specific component.
The following is an example configuration at a cluster level:
spec: podSecurityContext: runAsUser: 1000 runAsGroup: 2000 fsGroup: 2000
The following is an example configuration at a component level:
spec: pd: podSecurityContext: runAsUser: 1000 runAsGroup: 2000 fsGroup: 2000 tidb: podSecurityContext: runAsUser: 1000 runAsGroup: 2000 fsGroup: 2000
For a component, if both the cluster level and the component level are configured, only the configuration of the component level takes effect.