Doc Menu

Access the TiDB Cluster

This document describes how to access the TiDB cluster.

You can configure Service with different types according to the scenarios, such as ClusterIP, NodePort, LoadBalancer, etc., and use different access methods for different types.

You can obtain TiDB Service information by running the following command:

kubectl get svc ${serviceName} -n ${namespace}

For example:

# kubectl get svc basic-tidb -n default
NAME         TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                          AGE
basic-tidb   NodePort   <none>        4000:32498/TCP,10080:30171/TCP   61d

The above example describes the information of the basic-tidb service in the default namespace. The type is NodePort, ClusterIP is, ServicePort is 4000 and 10080, and the corresponding NodePort is 32498 and 30171.


The default authentication plugin of MySQL 8.0 is updated from mysql_native_password to caching_sha2_password. Therefore, if you use MySQL client from MySQL 8.0 to access the TiDB service (TiDB version earlier than v4.0.7), and if the user account has a password, you need to explicitly specify the --default-auth=mysql_native_password parameter.


ClusterIP exposes services through the internal IP of the cluster. When selecting this type of service, you can only access it within the cluster by the following methods:

  • ClusterIP + ServicePort
  • Service domain name (${serviceName}.${namespace}) + ServicePort


If there is no LoadBalancer, you can choose to expose the service through NodePort. NodePort exposes services through the node's IP and static port. You can access a NodePort service from outside of the cluster by requesting NodeIP + NodePort.

To view the Node Port assigned by Service, run the following commands to obtain the Service object of TiDB:

kubectl -n ${namespace} get svc ${cluster_name}-tidb -ojsonpath="{.spec.ports[?('mysql-client')].nodePort}{'\n'}"

To check you can access TiDB services by using the IP of what nodes, see the following two cases:

  • When externalTrafficPolicy is configured as Cluster, you can use the IP of any node to access TiDB services.

  • When externalTrafficPolicy is configured as Local, use the following commands to get the nodes where the TiDB instance of a specified cluster is located:

    kubectl -n ${namespace} get pods -l ",${cluster_name}" -ojsonpath="{range .items[*]}{.spec.nodeName}{'\n'}{end}"


If the TiDB cluster runs in an environment with LoadBalancer, such as on GCP or AWS, it is recommended to use the LoadBalancer feature of these cloud platforms by setting tidb.service.type=LoadBalancer.

To access TiDB Service through LoadBalancer, refer to EKS, GKE and ACK.

See Kubernetes Service Documentation to know more about the features of Service and what LoadBalancer in the cloud platform supports.