Initialize a TiDB Cluster in Kubernetes

    Note

    • After creating the TiDB cluster, if you manually change the password of the account, the initialization will fail.
    • The following steps apply only when you have created a cluster for the first time. Further configuration or modification after the initial cluster creation is not valid.

    Refer to TidbInitializer configuration example, , and the following steps to complete TidbInitializer Custom Resource (CR), and save it to the ${cluster_name}/tidb-initializer.yaml file. When referring to the TidbInitializer configuration example and API documentation, you need to switch the branch to the TiDB Operator version currently in use.

    In the ${cluster_name}/tidb-initializer.yaml file, modify the spec.cluster.namespace and spec.cluster.name fields:

    Set initial account and password

    When a cluster is created, a default account root is created with no password. This might cause security issues. You can set a password for the root account in the following methods:

    • Create a to specify the password for root:

      1. kubectl create secret generic tidb-secret --from-literal=root=${root_password} --namespace=${namespace}

    • This command creates root and developer users with their passwords, which are saved in the tidb-secret object. By default, the regular user is only granted with the USAGE privilege. You can set other privileges in the initSql configuration item.

    To set a host that has access to TiDB, modify the permitHost: ${mysql_client_host_name} configuration item in ${cluster_name}/tidb-initializer.yaml. If it is not set, all hosts have access to TiDB. For details, refer to Mysql GRANT host name.

    The cluster can also automatically execute the SQL statements in batch in initSql during the initialization. This function can be used to create some databases or tables for the cluster and perform user privilege management operations.

    For example, the following configuration automatically creates a database named app after the cluster creation, and grants the developer account full management privileges on app:

    1. ...
    2. initSql: |-
    4.     GRANT ALL PRIVILEGES ON app.* TO 'developer'@'%';

    Initialize a TiDB Cluster - 图2Note

    The above command automatically creates an initialized Job. This Job tries to set the initial password for the root account using the secret object provided. It also tries to create other accounts and passwords, if they are specified.

    After the initialization, the Pod state becomes Completed. If you log in via MySQL client later, you need to specify the password created by the Job.

    If the server does not have an external network, you need to download the Docker image used for cluster initialization on a machine with an external network and upload it to the server, and then use docker load to install the Docker image on the server.

    The following Docker images are used to initialize a TiDB cluster:

    1. tnir/mysqlclient:latest

    Next, download all these images with the following command: