Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't initialize when there is no tidb.password #282

Merged
merged 2 commits into from
Feb 26, 2019
Merged

Don't initialize when there is no tidb.password #282

merged 2 commits into from
Feb 26, 2019

Conversation

gregwebs
Copy link
Contributor

@gregwebs gregwebs commented Feb 22, 2019
edited
Loading

Changes

Don't create

  • a secret
  • an initializer job

Motivation

From my reading, random password initialization is broken: helm/helm#3053

The user can manage users from the MySQL connection
As a benefit this allows users manage their password such that it is never stored in K8s. Or they can create their own init job, etc.

Testing

  • Run with -set tidb.password=password
  • Run without setting the tidb password

For both options:

  • Perform output suggested in NOTES
  • Verify whether secret/initializer are created

@gregwebs gregwebs requested a review from tennix February 22, 2019 18:03
@gregwebs
Copy link
Contributor Author

Relates to some discussion on #274

@gregwebs
Don't initialize when there is no tidb.password
7519a26 
Don't create
* a secret
* an initializer job

The user can manage users from the MySQL connection
@tennix
Copy link
Member

tennix commented Feb 23, 2019

The related documents should be updated too.

@tennix
Copy link
Member

tennix commented Feb 24, 2019

/run-e2e-tests

@tennix
Copy link
Member

tennix commented Feb 25, 2019

What are the checkbox meaning? Will you support both of them in this PR?

@gregwebs
Copy link
Contributor Author

Yes. It is listing the manual testing cases. Perhaps you want to do the unchecked one?

@tennix
Copy link
Member

tennix commented Feb 25, 2019

From #274, we've discussed that it's better to reference secret name created outside of helm. Are you going to do this in another PR or just leave it like this?

tennix
tennix approved these changes Feb 25, 2019
View reviewed changes
Copy link
Member

@tennix tennix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gregwebs
Copy link
Contributor Author

secret name references would be a different PR.

@tennix tennix merged commit 4f5c8c1 into pingcap:master Feb 26, 2019
@tennix tennix deleted the no-init branch February 26, 2019 03:10
shuijing198799 pushed a commit to shuijing198799/tidb-operator that referenced this pull request Mar 15, 2019
@gregwebs @shuijing198799
Don't initialize when there is no tidb.password (pingcap#282)
27010a4 
* Don't initialize when there is no tidb.password

Don't create
* a secret
* an initializer job

The user can manage users from the MySQL connection

* update password documentation
yahonda pushed a commit that referenced this pull request Dec 27, 2021
@TomShawn
en: add a link in kind tutorial (#282)
c5f2707
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tennix tennix tennix approved these changes

@weekface weekface weekface approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gregwebs @tennix @weekface