Mount cluster client secret only if the clusterTLSSecretName is unset

pingcap · Oct 28, 2024 · 29e8f43 · 29e8f43
1 parent 33fe843
commit 29e8f43
Showing 1 changed file with 16 additions and 10 deletions.
diff --git a/pkg/manager/member/ticdc_member_manager.go b/pkg/manager/member/ticdc_member_manager.go
@@ -396,10 +396,6 @@ func getNewTiCDCStatefulSet(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (*ap
 			Name:      ticdcCertVolumeMount,
 			ReadOnly:  true,
 			MountPath: constants.TiCDCCertPath,
-		}, corev1.VolumeMount{
-			Name:      util.ClusterClientVolName,
-			ReadOnly:  true,
-			MountPath: util.ClusterClientTLSPath,
 		})
 
 		vols = append(vols, corev1.Volume{
@@ -408,13 +404,23 @@ func getNewTiCDCStatefulSet(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (*ap
 					SecretName: getTiCDCClusterTLSCertSecretName(tc),
 				},
 			},
-		}, corev1.Volume{
-			Name: util.ClusterClientVolName, VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: util.ClusterClientTLSSecretName(tc.Name),
-				},
-			},
 		})
+
+		// For compatibility, mount the cluster client TLS secret if the ClusterTLSSecretName is unset
+		if tc.Spec.TiCDC.ClusterTLSSecretName == "" {
+			volMounts = append(volMounts, corev1.VolumeMount{
+				Name:      util.ClusterClientVolName,
+				ReadOnly:  true,
+				MountPath: util.ClusterClientTLSPath,
+			})
+			vols = append(vols, corev1.Volume{
+				Name: util.ClusterClientVolName, VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: util.ClusterClientTLSSecretName(tc.Name),
+					},
+				},
+			})
+		}
 	}
 
 	// handle StorageVolumes and AdditionalVolumeMounts in ComponentSpec