use should create client certificate when tlsClient set true

pingcap · Mar 16, 2020 · d07f9cd · d07f9cd
1 parent 05e82bb
commit d07f9cd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/charts/tidb-cluster/values.yaml b/charts/tidb-cluster/values.yaml
@@ -465,7 +465,10 @@ tidb:
     #   2. Create a K8s Secret object which contains the TiDB server-side certificate created above.
     #      The name of this Secret must be: <clusterName>-tidb-server-secret.
     #        kubectl create secret generic <clusterName>-tidb-server-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
-    #   3. Then create the TiDB cluster with `tlsClient.enabled` set to `true`.
+    #   3. Create a K8s Secret object which contains the TiDB client-side certificate created above which will be used by TiDB Operator.
+    #      The name of this Secret must be: <clusterName>-tidb-client-secret.
+    #        kubectl create secret generic <clusterName>-tidb-client-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
+    #   4. Then create the TiDB cluster with `tlsClient.enabled` set to `true`.
     enabled: false
 
 # mysqlClient is used to set password for TiDB

diff --git a/pkg/apis/pingcap/v1alpha1/types.go b/pkg/apis/pingcap/v1alpha1/types.go
@@ -613,7 +613,10 @@ type TiDBTLSClient struct {
 	//   2. Create a K8s Secret object which contains the TiDB server-side certificate created above.
 	//      The name of this Secret must be: <clusterName>-tidb-server-secret.
 	//        kubectl create secret generic <clusterName>-tidb-server-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
-	//   3. Set Enabled to `true`.
+	//   3. Create a K8s Secret object which contains the TiDB client-side certificate created above which will be used by TiDB Operator.
+	//      The name of this Secret must be: <clusterName>-tidb-client-secret.
+	//        kubectl create secret generic <clusterName>-tidb-client-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
+	//   4. Set Enabled to `true`.
 	// +optional
 	Enabled bool `json:"enabled,omitempty"`
 }