From ebc894b9d239f7d1b514780358cef25c58d03396 Mon Sep 17 00:00:00 2001 From: chenfei Date: Mon, 28 Oct 2024 18:23:31 +0800 Subject: [PATCH] Support to overwrite ClusterClientTLSSecretName for ticdc --- docs/api-references/docs.md | 15 +++++++++++++++ manifests/crd/v1/pingcap.com_tidbclusters.yaml | 2 ++ pkg/apis/pingcap/v1alpha1/openapi_generated.go | 7 +++++++ pkg/apis/pingcap/v1alpha1/types.go | 7 +++++++ pkg/manager/member/ticdc_member_manager.go | 11 ++++++++++- 5 files changed, 41 insertions(+), 1 deletion(-) diff --git a/docs/api-references/docs.md b/docs/api-references/docs.md index e9cd1f9d260..7e50e7d237c 100644 --- a/docs/api-references/docs.md +++ b/docs/api-references/docs.md @@ -16599,6 +16599,21 @@ This field is useful for sharing the same mTLS cert secret for multiple ticdc cl +clusterClientTLSSecretName
+ +string + + + +(Optional) +

ClusterTLSSecretName is used for overwriting the default cluster client cert secret name (see also: pkg/util/util.go:ClusterClientTLSSecretName) +This field is useful for sharing the same cluster client cert secret for multiple ticdc clusters connecting to the same upstream tidb cluster. +The ClusterClientTLSSecret is actually not directly used by ticdc, but it is useful for executing some commands via ticdc-ctl +by kubectl exec -it ticdc-0 -- /cdc cli --ca /var/lib/cluster-client-tls/ca.crt --cert /var/lib/cluster-client-tls/tls.crt --key /var/lib/cluster-client-tls/tls.key ....

+ + + + baseImage
string diff --git a/manifests/crd/v1/pingcap.com_tidbclusters.yaml b/manifests/crd/v1/pingcap.com_tidbclusters.yaml index 2a129e094ad..b658c82317d 100644 --- a/manifests/crd/v1/pingcap.com_tidbclusters.yaml +++ b/manifests/crd/v1/pingcap.com_tidbclusters.yaml @@ -13152,6 +13152,8 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + clusterClientTLSSecretName: + type: string clusterTLSSecretName: type: string config: diff --git a/pkg/apis/pingcap/v1alpha1/openapi_generated.go b/pkg/apis/pingcap/v1alpha1/openapi_generated.go index b95d7d76344..839f2cafb7c 100644 --- a/pkg/apis/pingcap/v1alpha1/openapi_generated.go +++ b/pkg/apis/pingcap/v1alpha1/openapi_generated.go @@ -9416,6 +9416,13 @@ func schema_pkg_apis_pingcap_v1alpha1_TiCDCSpec(ref common.ReferenceCallback) co Format: "", }, }, + "clusterClientTLSSecretName": { + SchemaProps: spec.SchemaProps{ + Description: "ClusterTLSSecretName is used for overwriting the default **cluster client** cert secret name (see also: pkg/util/util.go:ClusterClientTLSSecretName) This field is useful for sharing the same cluster client cert secret for multiple ticdc clusters connecting to the same upstream tidb cluster. The ClusterClientTLSSecret is actually not directly used by ticdc, but it is useful for executing some commands via `ticdc-ctl`\n by `kubectl exec -it ticdc-0 -- /cdc cli --ca /var/lib/cluster-client-tls/ca.crt --cert /var/lib/cluster-client-tls/tls.crt --key /var/lib/cluster-client-tls/tls.key ...`.", + Type: []string{"string"}, + Format: "", + }, + }, "baseImage": { SchemaProps: spec.SchemaProps{ Description: "Base image of the component, image tag is now allowed during validation", diff --git a/pkg/apis/pingcap/v1alpha1/types.go b/pkg/apis/pingcap/v1alpha1/types.go index 542bb03463f..b5a91e2a5cc 100644 --- a/pkg/apis/pingcap/v1alpha1/types.go +++ b/pkg/apis/pingcap/v1alpha1/types.go @@ -864,6 +864,13 @@ type TiCDCSpec struct { // +optional ClusterTLSSecretName string `json:"clusterTLSSecretName,omitempty"` + // ClusterTLSSecretName is used for overwriting the default **cluster client** cert secret name (see also: pkg/util/util.go:ClusterClientTLSSecretName) + // This field is useful for sharing the same cluster client cert secret for multiple ticdc clusters connecting to the same upstream tidb cluster. + // The ClusterClientTLSSecret is actually not directly used by ticdc, but it is useful for executing some commands via `ticdc-ctl` + // by `kubectl exec -it ticdc-0 -- /cdc cli --ca /var/lib/cluster-client-tls/ca.crt --cert /var/lib/cluster-client-tls/tls.crt --key /var/lib/cluster-client-tls/tls.key ...`. + // +optional + ClusterClientTLSSecretName string `json:"clusterClientTLSSecretName,omitempty"` + // Base image of the component, image tag is now allowed during validation // +kubebuilder:default=pingcap/ticdc // +optional diff --git a/pkg/manager/member/ticdc_member_manager.go b/pkg/manager/member/ticdc_member_manager.go index 5a06f3006af..5d66cf5d84e 100644 --- a/pkg/manager/member/ticdc_member_manager.go +++ b/pkg/manager/member/ticdc_member_manager.go @@ -411,7 +411,7 @@ func getNewTiCDCStatefulSet(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (*ap }, corev1.Volume{ Name: util.ClusterClientVolName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ - SecretName: util.ClusterClientTLSSecretName(tc.Name), + SecretName: getTiCDCClusterClientTLSCertSecretName(tc), }, }, }) @@ -575,6 +575,15 @@ func getTiCDCClusterTLSCertSecretName(tc *v1alpha1.TidbCluster) string { return clusterTLSSecretName } +func getTiCDCClusterClientTLSCertSecretName(tc *v1alpha1.TidbCluster) string { + clusterClientTLSSecretName := util.ClusterClientTLSSecretName(tc.Name) + if tc.Spec.TiCDC.ClusterClientTLSSecretName != "" { + clusterClientTLSSecretName = tc.Spec.TiCDC.ClusterClientTLSSecretName + } + + return clusterClientTLSSecretName +} + func labelTiCDC(tc *v1alpha1.TidbCluster) label.Label { instanceName := tc.GetInstanceName() return label.New().Instance(instanceName).TiCDC()