From d07f9cd9f2acd76b3f29a67243caae1e0240e6d4 Mon Sep 17 00:00:00 2001
From: weekface <weekface@gmail.com>
Date: Mon, 16 Mar 2020 17:07:21 +0800
Subject: [PATCH] use should create client certificate when tlsClient set true

---
 charts/tidb-cluster/values.yaml    | 5 ++++-
 pkg/apis/pingcap/v1alpha1/types.go | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/charts/tidb-cluster/values.yaml b/charts/tidb-cluster/values.yaml
index ebe10a85b4..46e730f0bf 100644
--- a/charts/tidb-cluster/values.yaml
+++ b/charts/tidb-cluster/values.yaml
@@ -465,7 +465,10 @@ tidb:
     #   2. Create a K8s Secret object which contains the TiDB server-side certificate created above.
     #      The name of this Secret must be: <clusterName>-tidb-server-secret.
     #        kubectl create secret generic <clusterName>-tidb-server-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
-    #   3. Then create the TiDB cluster with `tlsClient.enabled` set to `true`.
+    #   3. Create a K8s Secret object which contains the TiDB client-side certificate created above which will be used by TiDB Operator.
+    #      The name of this Secret must be: <clusterName>-tidb-client-secret.
+    #        kubectl create secret generic <clusterName>-tidb-client-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
+    #   4. Then create the TiDB cluster with `tlsClient.enabled` set to `true`.
     enabled: false
 
 # mysqlClient is used to set password for TiDB
diff --git a/pkg/apis/pingcap/v1alpha1/types.go b/pkg/apis/pingcap/v1alpha1/types.go
index 82363dba05..99997e4f8c 100644
--- a/pkg/apis/pingcap/v1alpha1/types.go
+++ b/pkg/apis/pingcap/v1alpha1/types.go
@@ -613,7 +613,10 @@ type TiDBTLSClient struct {
 	//   2. Create a K8s Secret object which contains the TiDB server-side certificate created above.
 	//      The name of this Secret must be: <clusterName>-tidb-server-secret.
 	//        kubectl create secret generic <clusterName>-tidb-server-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
-	//   3. Set Enabled to `true`.
+	//   3. Create a K8s Secret object which contains the TiDB client-side certificate created above which will be used by TiDB Operator.
+	//      The name of this Secret must be: <clusterName>-tidb-client-secret.
+	//        kubectl create secret generic <clusterName>-tidb-client-secret --namespace=<namespace> --from-file=tls.crt=<path/to/tls.crt> --from-file=tls.key=<path/to/tls.key> --from-file=ca.crt=<path/to/ca.crt>
+	//   4. Set Enabled to `true`.
 	// +optional
 	Enabled bool `json:"enabled,omitempty"`
 }