Sign InTry Free

Initialize a TiDB Cluster on Kubernetes

This document describes how to initialize a TiDB cluster on Kubernetes (K8s), specifically, how to configure the initial account and password and how to initialize the database by executing SQL statements automatically in batch.

Configure TidbInitializer

Refer to TidbInitializer configuration example, API documentation, and the following steps to complete TidbInitializer Custom Resource (CR), and save it to the ${cluster_name}/tidb-initializer.yaml file. When referring to the TidbInitializer configuration example and API documentation, you need to switch the branch to the TiDB Operator version currently in use.

Set the cluster namespace and name

In the ${cluster_name}/tidb-initializer.yaml file, modify the spec.cluster.namespace and spec.cluster.name fields:

# ... spec: # ... cluster: namespace: ${cluster_namespace} name: ${cluster_name}

Set initial account and password

When a cluster is created, a default account root is created with no password. This might cause security issues. You can set a password for the root account in the following methods:

  • Create a secret to specify the password for root:

    kubectl create secret generic tidb-secret --from-literal=root=${root_password} --namespace=${namespace}
  • If you want to create more than one user, add the desired username and the password in the above command. For example:

    kubectl create secret generic tidb-secret --from-literal=root=${root_password} --from-literal=developer=${developer_password} --namespace=${namespace}

    This command creates root and developer users with their passwords, which are saved in the tidb-secret object. By default, the regular developer user is only granted with the USAGE privilege. You can set other privileges in the initSql configuration item.

Set a host that has access to TiDB

To set a host that has access to TiDB, modify the permitHost: ${mysql_client_host_name} configuration item in ${cluster_name}/tidb-initializer.yaml. If it is not set, all hosts have access to TiDB. For details, refer to Mysql GRANT host name.

Initialize SQL statements in batch

The cluster can also automatically execute the SQL statements in batch in initSql during the initialization. This function can be used to create some databases or tables for the cluster and perform user privilege management operations.

For example, the following configuration automatically creates a database named app after the cluster creation, and grants the developer account full management privileges on app:

spec: ... initSql: |- CREATE DATABASE app; GRANT ALL PRIVILEGES ON app.* TO 'developer'@'%';

Initialize the cluster

kubectl apply -f ${cluster_name}/tidb-initializer.yaml --namespace=${namespace}

The above command automatically creates an initialized Job. This Job tries to set the initial password for the root account using the secret object provided. It also tries to create other accounts and passwords, if they are specified.

After the initialization, the Pod state becomes Completed. If you log in via MySQL client later, you need to specify the password created by the Job.

If the server does not have an external network, you need to download the Docker image used for cluster initialization on a machine with an external network and upload it to the server, and then use docker load to install the Docker image on the server.

The following Docker images are used to initialize a TiDB cluster:

tnir/mysqlclient:latest

Next, download all these images with the following command:

docker pull tnir/mysqlclient:latest docker save -o mysqlclient-latest.tar tnir/mysqlclient:latest

Next, upload these Docker images to the server, and execute docker load to install these Docker images on the server:

docker load -i mysqlclient-latest.tar

Was this page helpful?

Download PDFRequest docs changesAsk questions on DiscordEdit this page
Playground
New
One-stop & interactive experience of TiDB's capabilities WITHOUT registration.
Products
TiDB
TiDB Dedicated
TiDB Serverless
Pricing
Get Demo
Get Started
© 2024 PingCAP. All Rights Reserved.
Privacy Policy.