Skip to content

Commit

Permalink
tiproxy: add description on graceful-wait and signing-cert (#2503)
Browse files Browse the repository at this point in the history
  • Loading branch information
xhebox authored Jan 25, 2024
1 parent 30eb883 commit 60b194c
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 8 deletions.
2 changes: 2 additions & 0 deletions en/configure-a-tidb-cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,8 @@ The deployment method is the same as that of PD. In addition, you need to modify
config:
```

When deploying TiProxy, you also need to configure additional parameters for TiDB. For detailed configuration steps, refer to [Deploy TiProxy Load Balancer for an Existing TiDB Cluster](deploy-tiproxy.md).

#### Enable TiFlash

If you want to enable TiFlash in the cluster, configure `spec.pd.config.replication.enable-placement-rules: true` and configure `spec.tiflash` in the `${cluster_name}/tidb-cluster.yaml` file as follows:
Expand Down
37 changes: 33 additions & 4 deletions en/deploy-tiproxy.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,43 @@ If you need to deploy TiProxy for an existing TiDB cluster, follow these steps:
```yaml
spec:
tiproxy:
config:
config: |
[log]
level = "info"
config: |
[log]
level = "info"
```

For more information about TiProxy configuration, see [TiProxy Configuration](https://docs.pingcap.com/tidb/v7.6/tiproxy-configuration).

4. Configure the related parameters in `spec.tidb` of the TidbCluster CR. For example:

+ It is recommended to configure `graceful-wait-before-shutdown` to a value greater than the maximum duration of the transactions in your application. This is used together with TiProxy's connection migration feature. For more information, see [TiProxy Limitations](https://docs.pingcap.com/tidb/v7.6/tiproxy-overview#limitations).
```yaml
spec:
tidb:
config: |
graceful-wait-before-shutdown = 30
```
+ If [TLS is enabled for the cluster](enable-tls-between-components.md), skip this step. If TLS is not enabled for the cluster, you need to generate a self-signed certificate and manually configure [`session-token-signing-cert`](https://docs.pingcap.com/tidb/stable/tidb-configuration-file#session-token-signing-cert-new-in-v640) and [`session-token-signing-key`](https://docs.pingcap.com/tidb/stable/tidb-configuration-file#session-token-signing-key-new-in-v640) for TiDB:
```yaml
spec:
tidb:
additionalVolumes:
- name: sessioncert
secret:
secretName: sessioncert-secret
additionalVolumeMounts:
- name: sessioncert
mountPath: /var/session
config: |
session-token-signing-cert = "/var/session/tls.crt"
session-token-signing-key = "/var/session/tls.key"
```
For more information, see [`session-token-signing-cert`](https://docs.pingcap.com/tidb/stable/tidb-configuration-file#session-token-signing-cert-new-in-v640).
After TiProxy is started, you can find the corresponding `tiproxy-sql` load balancer service by running the following command.
``` shell
Expand Down
2 changes: 2 additions & 0 deletions zh/configure-a-tidb-cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,8 @@ spec:
config:
```

部署 TiProxy 时,还需要给 TiDB 配置额外参数,详细的配置步骤见[为已有 TiDB 集群部署负载均衡 TiProxy](deploy-tiproxy.md)。

#### 部署 TiFlash

如果要在集群中开启 TiFlash,需要在 `${cluster_name}/tidb-cluster.yaml` 文件中配置 `spec.pd.config.replication.enable-placement-rules: true`,并配置 `spec.tiflash`:
Expand Down
37 changes: 33 additions & 4 deletions zh/deploy-tiproxy.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,43 @@ summary: 了解如何在 Kubernetes 上为已有 TiDB 集群部署负载均衡 T
```yaml
spec:
tiproxy:
config:
config: |
[log]
level = "info"
config: |
[log]
level = "info"
```

要获取更多可配置的 TiProxy 配置参数,请参考 [TiProxy 配置文档](https://docs.pingcap.com/zh/tidb/v7.6/tiproxy-configuration)。

4. 配置 TidbCluster CR 中 `spec.tidb` 的相关参数:

+ 推荐设置 TiDB `graceful-wait-before-shutdown` 的值大于应用程序中事务的最长的持续时间,配合 TiProxy 的连接迁移。详见 [TiProxy 使用限制](https://docs.pingcap.com/zh/tidb/v7.6/tiproxy-overview#使用限制)。

```yaml
spec:
tidb:
config: |
graceful-wait-before-shutdown = 30
```

+ 如果开启了[集群 TLS](enable-tls-between-components.md),则跳过这一步;如果没有开启集群 TLS,还需要生成自签名证书,并手动配置 TiDB 的 [`session-token-signing-cert`](https://docs.pingcap.com/zh/tidb/stable/tidb-configuration-file#session-token-signing-cert-从-v640-版本开始引入) 和 [`session-token-signing-key`](https://docs.pingcap.com/zh/tidb/stable/tidb-configuration-file#session-token-signing-key-从-v640-版本开始引入):

```yaml
spec:
tidb:
additionalVolumes:
- name: sessioncert
secret:
secretName: sessioncert-secret
additionalVolumeMounts:
- name: sessioncert
mountPath: /var/session
config: |
session-token-signing-cert = "/var/session/tls.crt"
session-token-signing-key = "/var/session/tls.key"
```

详见 [`session-token-signing-key`](https://docs.pingcap.com/zh/tidb/v7.6/tidb-configuration-file#session-token-signing-cert-从-v640-版本开始引入)。

TiProxy 启动后,可通过以下命令找到对应的 `tiproxy-sql` 负载均衡服务。

``` shell
Expand Down

0 comments on commit 60b194c

Please sign in to comment.