Skip to content

Commit

Permalink
Automated cherry pick of #2085: support pd dashboard config (#2152)
Browse files Browse the repository at this point in the history
* support pd dashboard config

* Update pkg/manager/member/pd_member_manager.go

Co-Authored-By: DanielZhangQD <36026334+DanielZhangQD@users.noreply.github.com>

* fix ci

* address comment

* fix ci

Co-authored-by: DanielZhangQD <36026334+DanielZhangQD@users.noreply.github.com>
Co-authored-by: Song Gao <disxiaofei@163.com>
  • Loading branch information
3 people authored Apr 13, 2020
1 parent 3b2fe37 commit 95581ef
Show file tree
Hide file tree
Showing 7 changed files with 145 additions and 2 deletions.
62 changes: 62 additions & 0 deletions docs/api-references/docs.md
Original file line number Diff line number Diff line change
Expand Up @@ -2990,6 +2990,55 @@ CrdKind
</tr>
</tbody>
</table>
<h3 id="pingcap.com/v1alpha1.DashboardConfig">DashboardConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#pingcap.com/v1alpha1.PDConfig">PDConfig</a>)
</p>
<p>
<p>DashboardConfig is the configuration for tidb-dashboard.</p>
</p>
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>tidb_cacert_path</code></br>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>tidb_cert_path</code></br>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td>
<code>tidb_key_path</code></br>
<em>
string
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<h3 id="pingcap.com/v1alpha1.Experimental">Experimental
</h3>
<p>
Expand Down Expand Up @@ -4835,6 +4884,19 @@ namespaces.
Optional: Defaults to true</p>
</td>
</tr>
<tr>
<td>
<code>dashboard</code></br>
<em>
<a href="#pingcap.com/v1alpha1.DashboardConfig">
DashboardConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
</tbody>
</table>
<h3 id="pingcap.com/v1alpha1.PDFailureMember">PDFailureMember
Expand Down
21 changes: 21 additions & 0 deletions examples/selfsigned-tls/tidb-client-cert.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: tidb-client-cert
spec:
secretName: tls-tidb-client-secret # <cluster>-tidb-client-secret
subject:
organizationalUnits:
- "TiDB Operator"
organization:
- "PingCAP"
duration: "8760h" # 364 days
# If you want verify server cert Common Name (e.g. --ssl-verify-server-cert
# flag in MySQL CLI), you must configure the HostName you used to connect the
# server here.
commonName: "tls-tidb-client"
usages:
- "client auth"
issuerRef:
name: selfsigned-cert-issuer
kind: Issuer
1 change: 1 addition & 0 deletions manifests/crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1344,6 +1344,7 @@ spec:
type: string
cluster-version:
type: string
dashboard: {}
election-interval:
description: ElectionInterval is the interval for etcd Raft
election.
Expand Down
7 changes: 6 additions & 1 deletion pkg/apis/pingcap/v1alpha1/openapi_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions pkg/apis/pingcap/v1alpha1/pd_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,16 @@ type PDConfig struct {
// Optional: Defaults to true
// +optional
NamespaceClassifier string `toml:"namespace-classifier,omitempty" json:"namespace-classifier,omitempty"`

// +optional
Dashboard *DashboardConfig `toml:"dashboard,omitempty" json:"dashboard,omitempty"`
}

// DashboardConfig is the configuration for tidb-dashboard.
type DashboardConfig struct {
TiDBCAPath string `toml:"tidb-cacert-path,omitempty" json:"tidb_cacert_path,omitempty"`
TiDBCertPath string `toml:"tidb-cert-path,omitempty" json:"tidb_cert_path,omitempty"`
TiDBKeyPath string `toml:"tidb-key-path,omitempty" json:"tidb_key_path,omitempty"`
}

// PDLogConfig serializes log related config in toml/json.
Expand Down
21 changes: 21 additions & 0 deletions pkg/apis/pingcap/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 24 additions & 1 deletion pkg/manager/member/pd_member_manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ import (

const (
// pdClusterCertPath is where the cert for inter-cluster communication stored (if any)
pdClusterCertPath = "/var/lib/pd-tls"
pdClusterCertPath = "/var/lib/pd-tls"
tidbClientCertPath = "/var/lib/tidb-client-tls"
)

type pdMemberManager struct {
Expand Down Expand Up @@ -513,6 +514,11 @@ func getNewPDSetForTidbCluster(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (
Name: "pd-tls", ReadOnly: true, MountPath: "/var/lib/pd-tls",
})
}
if tc.Spec.TiDB.IsTLSClientEnabled() {
volMounts = append(volMounts, corev1.VolumeMount{
Name: "tidb-client-tls", ReadOnly: true, MountPath: tidbClientCertPath,
})
}

vols := []corev1.Volume{
annVolume,
Expand Down Expand Up @@ -546,6 +552,15 @@ func getNewPDSetForTidbCluster(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (
},
})
}
if tc.Spec.TiDB.IsTLSClientEnabled() {
vols = append(vols, corev1.Volume{
Name: "tidb-client-tls", VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: util.TiDBClientTLSSecretName(tc.Name),
},
},
})
}

storageRequest, err := controller.ParseStorageRequest(tc.Spec.PD.Requests)
if err != nil {
Expand Down Expand Up @@ -688,6 +703,14 @@ func getPDConfigMap(tc *v1alpha1.TidbCluster) (*corev1.ConfigMap, error) {
config.Security.CertPath = path.Join(pdClusterCertPath, corev1.TLSCertKey)
config.Security.KeyPath = path.Join(pdClusterCertPath, corev1.TLSPrivateKeyKey)
}
if tc.Spec.TiDB.IsTLSClientEnabled() {
if config.Dashboard == nil {
config.Dashboard = &v1alpha1.DashboardConfig{}
}
config.Dashboard.TiDBCAPath = path.Join(tidbClientCertPath, tlsSecretRootCAKey)
config.Dashboard.TiDBCertPath = path.Join(tidbClientCertPath, corev1.TLSCertKey)
config.Dashboard.TiDBKeyPath = path.Join(tidbClientCertPath, corev1.TLSPrivateKeyKey)
}

confText, err := MarshalTOML(config)
if err != nil {
Expand Down

0 comments on commit 95581ef

Please sign in to comment.