Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add serivce account requirement for tiflash pod while restore #2651

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
+15 −1
Open

Add serivce account requirement for tiflash pod while restore #2651

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
45f5f1d
mod
RidRisR Nov 22, 2024
e16811f
Update zh/grant-permissions-to-remote-storage.md
RidRisR Nov 25, 2024
1390411
Update en/grant-permissions-to-remote-storage.md
RidRisR Nov 25, 2024
4b275a0
Update en/grant-permissions-to-remote-storage.md
RidRisR Nov 25, 2024
f83980c
Update zh/grant-permissions-to-remote-storage.md
RidRisR Nov 25, 2024
de85798
lint
RidRisR Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions en/grant-permissions-to-remote-storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,12 @@ When you use this method to grant permissions, you can [create the EKS cluster](

Modify the value of `spec.tikv.serviceAccount` to `tidb-backup-manager`. After the TiKV Pod is restarted, check whether the Pod's `serviceAccountName` is changed.

5. (Optional) If your cluster includes TiFlash Pods, repeat step 4 to associate the `ServiceAccount` with the TiFlash Pod.

```shell
kubectl patch tc demo1 -n test1 --type merge -p '{"spec":{"tiflash":{"serviceAccount": "tidb-backup-manager"}}}'
```

> **Note:**
>
> `arn:aws:iam::123456789012:role/user` is the IAM role created in Step 2.
Expand Down
2 changes: 1 addition & 1 deletion en/renew-tls-certificate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ If the original TLS certificates are issued by [the `cfssl` system](enable-tls-b

> **Note:**
>
> The above command only renews the server-side and the client-side certificate between PD, TiKV, and TiDB components. If you need to renew the server-side certificates for other components, such as TiCDC, TiFlash and TiProxy, you can execute the similar command.
> The above command only renews the server-side and the client-side certificate between PD, TiKV, and TiDB components. If you need to renew the server-side certificates for other components, such as TiCDC, TiFlash and TiProxy, you can execute the similar command.

3. [Perform the rolling restart](restart-a-tidb-cluster.md) to components that need to load the new certificates.

Expand Down
8 changes: 8 additions & 0 deletions zh/grant-permissions-to-remote-storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,14 @@ kubectl create secret generic s3-secret --from-literal=access_key=xxx --from-lit

将 `spec.tikv.serviceAccount` 修改为 tidb-backup-manager,等到 TiKV Pod 重启后,查看 Pod 的 `serviceAccountName` 是否有变化。

5. (可选)如果集群中包含 TiFlash 节点,重复步骤 4 将 ServiceAccount 绑定到 TiFlash Pod:

{{< copyable "shell-regular" >}}

```shell
kubectl patch tc demo1 -n test1 --type merge -p '{"spec":{"tiflash":{"serviceAccount": "tidb-backup-manager"}}}'
```

> **注意:**
>
> `arn:aws:iam::123456789012:role/user` 为步骤 2 中创建的 IAM 角色。
Expand Down