Skip to content

Commit 40798d3

Browse files
authored
feat(pd): initial support of multiple pd group (#6562)
1 parent da46b2d commit 40798d3

91 files changed

Lines changed: 1190 additions & 1370 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

api/core/v1alpha1/cluster_types.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,13 @@ type ClusterSpec struct {
8686
// +listMapKey=name
8787
FeatureGates []meta.FeatureGate `json:"featureGates,omitempty"`
8888

89+
// CustomizedPDServiceName is the internal pd service name which will be created by the cluster.
90+
// If MultiPDGroup feature is not enabled, this field doesn't work.
91+
// If MultiPDGroup feature is enabled, the default service name is ${clusterName}-pd.
92+
// This field is useful to keep use legacy pd service name when enable MultiPDGroup.
93+
CustomizedPDServiceName *string `json:"customizedPDServiceName,omitempty"`
94+
95+
// Security defines the security config of the whole cluster
8996
Security *ClusterSecurity `json:"security,omitempty"`
9097
}
9198

@@ -119,7 +126,14 @@ type TLSCluster struct {
119126
Enabled bool `json:"enabled,omitempty"`
120127
}
121128

129+
type ClusterTLSConfig struct {
130+
// Client defines the client tls for the tidb operator to visit components
131+
Client *InternalClientTLS `json:"client,omitempty"`
132+
}
133+
122134
type ClusterSecurity struct {
135+
// TLS defines tls configs for the whole cluster
136+
TLS *ClusterTLSConfig `json:"tls,omitempty"`
123137
// SessionTokenSigningCertKeyPair is the name of the K8s secret, where stores certificates for signing the TiDB session token,
124138
// which is used by TiProxy for session migration.
125139
// You can generate certificates and create a secret by: kubectl create secret generic <secret-name> --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key>

api/core/v1alpha1/common_types.go

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -513,13 +513,10 @@ type CertKeyPairReference struct {
513513
// Security defines the security config of a component
514514
type Security struct {
515515
// TLS defines the tls configs of components
516-
TLS *ComponentTLS `json:"tls,omitempty"`
516+
TLS *ComponentTLSConfig `json:"tls,omitempty"`
517517
}
518518

519-
// ComponentTLS defines the tls config of a component
520-
type ComponentTLS struct {
519+
// ComponentTLSConfig defines the tls config of a component
520+
type ComponentTLSConfig struct {
521521
Cluster *InternalTLS `json:"cluster,omitempty"`
522-
523-
// Client defines the client tls for the tidb operator to visit the group
524-
Client *InternalClientTLS `json:"client,omitempty"`
525522
}

api/core/v1alpha1/pd_types.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -196,10 +196,10 @@ type PDMode string
196196

197197
const (
198198
// Normal mode of PD, all services are provided by a single component
199-
PDModeNormal = ""
199+
PDModeNormal PDMode = ""
200200
// Micro Service Mode of PD, some services(TSO,Scheduling) are separated from PD
201201
// See https://docs.pingcap.com/tidb/stable/pd-microservices/
202-
PDModeMS = "ms"
202+
PDModeMS PDMode = "ms"
203203
)
204204

205205
type PDServer struct {

api/core/v1alpha1/tidb_types.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -217,7 +217,7 @@ type TiDBPreStop struct {
217217

218218
type TiDBSecurity struct {
219219
// TLS defines the tls configs of TiDB
220-
TLS *TiDBTLS `json:"tls,omitempty"`
220+
TLS *TiDBTLSConfig `json:"tls,omitempty"`
221221

222222
// Whether enable `tidb_auth_token` authentication method.
223223
// To enable this feature, a secret named `<groupName>-tidb-auth-token-jwks-secret` must be created to store the JWKs.
@@ -280,7 +280,7 @@ type TiDBSlowLog struct {
280280
Resources ResourceRequirements `json:"resources,omitempty"`
281281
}
282282

283-
type TiDBTLS struct {
283+
type TiDBTLSConfig struct {
284284
// When enabled, TiDB will accept TLS encrypted connections from MySQL clients.
285285
// The steps to enable this feature:
286286
// 1. Generate a TiDB server-side certificate and a client-side certifiacete for the TiDB cluster.
@@ -298,8 +298,8 @@ type TiDBTLS struct {
298298
// +kubebuilder:validation:XValidation:rule="oldSelf == null || self.enabled == oldSelf.enabled",message="field .mysql.enabled is immutable"
299299
MySQL *TLS `json:"mysql,omitempty"`
300300

301-
// ComponentTLS is tls config to access internal components
302-
ComponentTLS `json:",inline"`
301+
// ComponentTLSConfig is tls config to access internal components
302+
ComponentTLSConfig `json:",inline"`
303303
}
304304

305305
type TiDBAuthToken struct {

api/core/v1alpha1/tiproxy_types.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ type TiProxyPreStop struct {
177177

178178
type TiProxySecurity struct {
179179
// Whether enable the TLS connection.
180-
TLS *TiProxyTLS `json:"tls,omitempty"`
180+
TLS *TiProxyTLSConfig `json:"tls,omitempty"`
181181
}
182182

183183
type TiProxyServer struct {
@@ -216,7 +216,7 @@ type TiProxyProb struct {
216216
Type *string `json:"type,omitempty"`
217217
}
218218

219-
type TiProxyTLS struct {
219+
type TiProxyTLSConfig struct {
220220
// MySQL defines the TLS configuration for connections between TiProxy and MySQL clients.
221221
// The steps to enable this feature:
222222
// 1. Generate a TiProxy server-side certificate for the TiProxy cluster.
@@ -243,9 +243,6 @@ type TiProxyTLS struct {
243243
// It can be disabled by set Enabled to false.
244244
// NOTE: if server tls is disabled, the Client will also be disabled.
245245
Server *TLS `json:"server,omitempty"`
246-
247-
// Client defines the client tls for the tidb operator to visit the tiproxy group
248-
Client *InternalClientTLS `json:"client,omitempty"`
249246
}
250247

251248
type TiProxyGroupStatus struct {

api/core/v1alpha1/zz_generated.deepcopy.go

Lines changed: 47 additions & 26 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/meta/v1alpha1/feature.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ package v1alpha1
1818
// NOTE(liubo02): +enum is not supported now, we have to add all enum into comments
1919
// NOTE(liubo02): It's supported by https://github.com/kubernetes-sigs/controller-tools/pull/1179
2020
//
21-
// +kubebuilder:validation:Enum=FeatureModification;VolumeAttributesClass;DisablePDDefaultReadinessProbe;UsePDReadyAPI;SessionTokenSigning;ClusterSubdomain;TerminableLogTailer;UseTSOReadyAPI;UseSchedulingReadyAPI;UseTiKVReadyAPI;UsePDReadyAPIV2;UseTiFlashReadyAPI
21+
// +kubebuilder:validation:Enum=FeatureModification;VolumeAttributesClass;DisablePDDefaultReadinessProbe;UsePDReadyAPI;SessionTokenSigning;ClusterSubdomain;TerminableLogTailer;UseTSOReadyAPI;UseSchedulingReadyAPI;UseTiKVReadyAPI;UsePDReadyAPIV2;UseTiFlashReadyAPI;MultiPDGroup
2222
// +enum
2323
type Feature string
2424

@@ -102,4 +102,12 @@ const (
102102
// UseTiFlashReadyAPI means use TiFlash's /readyz API as the readiness probe.
103103
UseTiFlashReadyAPI Feature = "UseTiFlashReadyAPI"
104104
UseTiFlashReadyAPIStage FeatureStage = FeatureStageAlpha
105+
106+
// If this feature is enabled
107+
// - More than one pd group can be created for one cluster.
108+
// - A new PD service will be created for all PDGroups.
109+
// - The default internal pd svc of the PDGroup will be not created.
110+
// - Cannot customize advertised client port
111+
MultiPDGroup Feature = "MultiPDGroup"
112+
MultiPDGroupStage FeatureStage = FeatureStageAlpha
105113
)

cmd/runtime-gen/generators/namer.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,15 +49,15 @@ func GroupToSecurityTypeName(t *types.Type) string {
4949
// GroupToTLSTypeName returns tls type name from group type
5050
// TiDB and TiProxy have their own tls type
5151
// Others: ComponentTLS
52-
// TiDB and TiProxy: TiDBTLS, TiProxyTLS
52+
// TiDB and TiProxy: TiDBTLSConfig, TiProxyTLSConfig
5353
func GroupToTLSTypeName(t *types.Type) string {
5454
name := strings.TrimSuffix(t.Name.Name, "Group")
5555
switch name {
5656
case "TiDB", "TiProxy":
57-
return name + "TLS"
57+
return name + "TLSConfig"
5858
}
5959

60-
return "ComponentTLS"
60+
return "ComponentTLSConfig"
6161
}
6262

6363
// GroupToInternalTLSTypeName returns internal tls type name from group type

cmd/runtime-gen/generators/runtime.go

Lines changed: 0 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -298,30 +298,6 @@ func (in *$.|pub$) ClusterCASecretName() string {
298298
prefix, _ := NamePrefixAndSuffix(in.GetName())
299299
return prefix + "-" + in.Component() + "-cluster-secret"
300300
}
301-
302-
func (in *$.|pub$) ClientCertKeyPairSecretName() string {
303-
sec := in.Spec.Security
304-
if sec != nil && sec.TLS != nil && sec.TLS.Client != nil && sec.TLS.Client.CertKeyPair != nil {
305-
return sec.TLS.Client.CertKeyPair.Name
306-
}
307-
return in.Cluster() + "-cluster-client-secret"
308-
}
309-
310-
func (in *$.|pub$) ClientCASecretName() string {
311-
sec := in.Spec.Security
312-
if sec != nil && sec.TLS != nil && sec.TLS.Client != nil && sec.TLS.Client.CA != nil {
313-
return sec.TLS.Client.CA.Name
314-
}
315-
return in.Cluster() + "-cluster-client-secret"
316-
}
317-
318-
func (in *$.|pub$) ClientInsecureSkipTLSVerify() bool {
319-
sec := in.Spec.Security
320-
if sec != nil && sec.TLS != nil && sec.TLS.Client != nil && sec.TLS.Client.CA != nil {
321-
return sec.TLS.Client.InsecureSkipTLSVerify
322-
}
323-
return false
324-
}
325301
`, t)
326302

327303
// Generate Store interface methods for TiKV and TiFlash
@@ -556,30 +532,6 @@ func (g *$.|pub$) ClusterCASecretName() string {
556532
return defaultName
557533
}
558534
559-
func (g *$.|pub$) ClientCertKeyPairSecretName() string {
560-
sec := g.Spec.Template.Spec.Security
561-
if sec != nil && sec.TLS != nil && sec.TLS.Client != nil && sec.TLS.Client.CertKeyPair != nil {
562-
return sec.TLS.Client.CertKeyPair.Name
563-
}
564-
return g.Cluster() + "-cluster-client-secret"
565-
}
566-
567-
func (g *$.|pub$) ClientCASecretName() string {
568-
sec := g.Spec.Template.Spec.Security
569-
if sec != nil && sec.TLS != nil && sec.TLS.Client != nil && sec.TLS.Client.CA != nil {
570-
return sec.TLS.Client.CA.Name
571-
}
572-
return g.Cluster() + "-cluster-client-secret"
573-
}
574-
575-
func (g *$.|pub$) ClientInsecureSkipTLSVerify() bool {
576-
sec := g.Spec.Template.Spec.Security
577-
if sec != nil && sec.TLS != nil && sec.TLS.Client != nil && sec.TLS.Client.CA != nil {
578-
return sec.TLS.Client.InsecureSkipTLSVerify
579-
}
580-
return false
581-
}
582-
583535
func (g *$.|pub$) MinReadySeconds() int64 {
584536
if g.Spec.MinReadySeconds == nil {
585537
return v1alpha1.Default$.|instance$MinReadySeconds

0 commit comments

Comments
 (0)