Sign InTry Free

Initialize a TiDB Cluster in Kubernetes

This document describes how to initialize a TiDB cluster in Kubernetes (K8s), specifically, how to configure the initial account and password and how to initialize the database by executing SQL statements automatically in batch.

Set initial account and password

When a cluster is created, a default account root is created with no password. This might cause security issues. You can set a password for the root account in the following steps:

  1. Create the Namespace.

    Before creating the cluster, create the Namespace:

    kubectl create namespace <namespace>
  2. Create a secret object.

    Before creating a cluster, create a secret to specify the password for root:

    kubectl create secret generic tidb-secret --from-literal=root=<root-password> --namespace=<namespace>

    If you also want to create users automatically, append the desired user name and the password, for example:

    kubectl create secret generic tidb-secret --from-literal=root=<root-password> --from-literal=developer=<developer-passowrd> --namespace=<namespace>

    This command creates users root and developer with their passwords, which are saved in the tidb-secret object. By default, the regular user developer is only granted with USAGE privilege; other privileges are set in the configuration item tidb.initSql.

  3. Set a host that has access to TiDB.

    Before deploying the cluster, you can set a host that has access to TiDB by using the tidb.permitHost configuration item. If it is not set, all hosts have access to TiDB. For details, refer to Mysql GRANT host name.

    tidb: passwordSecretName: tidb-secret permitHost: <mysql-client-host-name>
  4. Deploy the cluster.

    After creating the secret, deploy the cluster using the following command:

    helm install pingcap/tidb-cluster -f values.yaml --name=<release-name> --namespace=<namespace> --version=<chart-version>

    After specifying tidb.passwordSecretName, the above command sets up a cluster with an initialization job created automatically. Using the available secret, this job creates the password for the root account, and creates other user accounts and passwords if specified. The password specified here is required when you login to the MySQL client.

Initialize SQL statements in batch

You can also execute the SQL statements in batch in tidb.initSql for initialization. This function by default creates some databases or tables for the cluster and performs user privilege management operations. For example, the following configuration automatically creates a database named app after the cluster creation, and grants the developer account full management privileges on app.

tidb: passwordSecretName: tidb-secret initSql: |- CREATE DATABASE app; GRANT ALL PRIVILEGES ON app.* TO 'developer'@'%';

Save the above configuration to the values.yaml file and run the following command to deploy the cluster:

helm install pingcap/tidb-cluster -f values.yaml --name=<release-name> --namespace=<namespace> --version=<chart_version>
Download PDF
One-stop & interactive experience of TiDB's capabilities WITHOUT registration.
TiDB Dedicated
TiDB Serverless
Get Demo
Get Started
© 2024 PingCAP. All Rights Reserved.
Privacy Policy.