Skip to content

Commit fd03254

Browse files
author
github-actions
committed
update MD by dispatch event pingcap/docs-tidb-operator master
1 parent e0d8976 commit fd03254

File tree

2 files changed

+124
-0
lines changed

2 files changed

+124
-0
lines changed

markdown-pages/en/tidb-in-kubernetes/master/enable-tls-between-components.md

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1138,6 +1138,68 @@ This section describes how to issue certificates using two methods: `cfssl` and
11381138
11391139
After the object is created, `cert-manager` generates a `${cluster_name}-ticdc-cluster-secret` Secret object to be used by the TiCDC component of the TiDB server.
11401140
1141+
- TiProxy
1142+
1143+
```yaml
1144+
apiVersion: cert-manager.io/v1
1145+
kind: Certificate
1146+
metadata:
1147+
name: ${cluster_name}-tiproxy-cluster-secret
1148+
namespace: ${namespace}
1149+
spec:
1150+
secretName: ${cluster_name}-tiproxy-cluster-secret
1151+
duration: 8760h # 365d
1152+
renewBefore: 360h # 15d
1153+
subject:
1154+
organizations:
1155+
- PingCAP
1156+
commonName: "TiDB"
1157+
usages:
1158+
- server auth
1159+
- client auth
1160+
dnsNames:
1161+
- "${cluster_name}-tiproxy"
1162+
- "${cluster_name}-tiproxy.${namespace}"
1163+
- "${cluster_name}-tiproxy.${namespace}.svc"
1164+
- "${cluster_name}-tiproxy-peer"
1165+
- "${cluster_name}-tiproxy-peer.${namespace}"
1166+
- "${cluster_name}-tiproxy-peer.${namespace}.svc"
1167+
- "*.${cluster_name}-tiproxy-peer"
1168+
- "*.${cluster_name}-tiproxy-peer.${namespace}"
1169+
- "*.${cluster_name}-tiproxy-peer.${namespace}.svc"
1170+
ipAddresses:
1171+
- 127.0.0.1
1172+
- ::1
1173+
issuerRef:
1174+
name: ${cluster_name}-tidb-issuer
1175+
kind: Issuer
1176+
group: cert-manager.io
1177+
```
1178+
1179+
`${cluster_name}` is the name of the cluster. Configure the items as follows:
1180+
1181+
- Set `spec.secretName` to `${cluster_name}-tiproxy-cluster-secret`.
1182+
- Add `server auth` and `client auth` in `usages`.
1183+
- Add the following DNSs in `dnsNames`. You can also add other DNSs according to your needs:
1184+
1185+
- `${cluster_name}-tiproxy`
1186+
- `${cluster_name}-tiproxy.${namespace}`
1187+
- `${cluster_name}-tiproxy.${namespace}.svc`
1188+
- `${cluster_name}-tiproxy-peer`
1189+
- `${cluster_name}-tiproxy-peer.${namespace}`
1190+
- `${cluster_name}-tiproxy-peer.${namespace}.svc`
1191+
- `*.${cluster_name}-tiproxy-peer`
1192+
- `*.${cluster_name}-tiproxy-peer.${namespace}`
1193+
- `*.${cluster_name}-tiproxy-peer.${namespace}.svc`
1194+
1195+
- Add the following 2 IPs in `ipAddresses`. You can also add other IPs according to your needs:
1196+
- `127.0.0.1`
1197+
- `::1`
1198+
- Add the Issuer created above in `issuerRef`.
1199+
- For other attributes, refer to [cert-manager API](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec).
1200+
1201+
After the object is created, `cert-manager` generates a `${cluster_name}-tiproxy-cluster-secret` Secret object to be used by the TiProxy component of the TiDB server.
1202+
11411203
- TiFlash
11421204
11431205
```yaml

markdown-pages/zh/tidb-in-kubernetes/master/enable-tls-between-components.md

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1125,6 +1125,68 @@ aliases: ['/docs-cn/tidb-in-kubernetes/dev/enable-tls-between-components/']
11251125
11261126
创建这个对象以后,`cert-manager` 会生成一个名字为 `${cluster_name}-ticdc-cluster-secret` 的 Secret 对象供 TiDB 集群的 TiCDC 组件使用。
11271127
1128+
- TiProxy 组件的 Server 端证书。
1129+
1130+
```yaml
1131+
apiVersion: cert-manager.io/v1
1132+
kind: Certificate
1133+
metadata:
1134+
name: ${cluster_name}-tiproxy-cluster-secret
1135+
namespace: ${namespace}
1136+
spec:
1137+
secretName: ${cluster_name}-tiproxy-cluster-secret
1138+
duration: 8760h # 365d
1139+
renewBefore: 360h # 15d
1140+
subject:
1141+
organizations:
1142+
- PingCAP
1143+
commonName: "TiDB"
1144+
usages:
1145+
- server auth
1146+
- client auth
1147+
dnsNames:
1148+
- "${cluster_name}-tiproxy"
1149+
- "${cluster_name}-tiproxy.${namespace}"
1150+
- "${cluster_name}-tiproxy.${namespace}.svc"
1151+
- "${cluster_name}-tiproxy-peer"
1152+
- "${cluster_name}-tiproxy-peer.${namespace}"
1153+
- "${cluster_name}-tiproxy-peer.${namespace}.svc"
1154+
- "*.${cluster_name}-tiproxy-peer"
1155+
- "*.${cluster_name}-tiproxy-peer.${namespace}"
1156+
- "*.${cluster_name}-tiproxy-peer.${namespace}.svc"
1157+
ipAddresses:
1158+
- 127.0.0.1
1159+
- ::1
1160+
issuerRef:
1161+
name: ${cluster_name}-tidb-issuer
1162+
kind: Issuer
1163+
group: cert-manager.io
1164+
```
1165+
1166+
其中 `${cluster_name}` 为集群的名字:
1167+
1168+
- `spec.secretName` 请设置为 `${cluster_name}-tiproxy-cluster-secret`
1169+
- `usages` 请添加上 `server auth``client auth`
1170+
- `dnsNames` 需要填写这些 DNS,根据需要可以填写其他 DNS:
1171+
1172+
- `${cluster_name}-tiproxy`
1173+
- `${cluster_name}-tiproxy.${namespace}`
1174+
- `${cluster_name}-tiproxy.${namespace}.svc`
1175+
- `${cluster_name}-tiproxy-peer`
1176+
- `${cluster_name}-tiproxy-peer.${namespace}`
1177+
- `${cluster_name}-tiproxy-peer.${namespace}.svc`
1178+
- `*.${cluster_name}-tiproxy-peer`
1179+
- `*.${cluster_name}-tiproxy-peer.${namespace}`
1180+
- `*.${cluster_name}-tiproxy-peer.${namespace}.svc`
1181+
1182+
- `ipAddresses` 需要填写这两个 IP,根据需要可以填写其他 IP:
1183+
- `127.0.0.1`
1184+
- `::1`
1185+
- `issuerRef` 请填写上面创建的 Issuer;
1186+
- 其他属性请参考 [cert-manager API](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec)。
1187+
1188+
创建这个对象以后,`cert-manager` 会生成一个名字为 `${cluster_name}-tiproxy-cluster-secret` 的 Secret 对象供 TiDB 集群的 TiProxy 组件使用。
1189+
11281190
- TiFlash 组件的 Server 端证书。
11291191
11301192
```yaml

0 commit comments

Comments
 (0)