From 336bef94843d6e27e55e4e425bfd13814b96a8ec Mon Sep 17 00:00:00 2001 From: Song Gao <2695690803@qq.com> Date: Fri, 14 Feb 2020 23:02:59 +0800 Subject: [PATCH 1/4] fix pd-client tls bug --- .../templates/admission/admission-webhook-rbac.yaml | 3 +++ pkg/manager/member/pd_member_manager.go | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml index 748be3a295..43d3082a8c 100644 --- a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml +++ b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml @@ -27,6 +27,9 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] - apiGroups: [""] resources: ["events"] verbs: ["create","patch","update"] diff --git a/pkg/manager/member/pd_member_manager.go b/pkg/manager/member/pd_member_manager.go index 603863edcd..8b375e9f56 100644 --- a/pkg/manager/member/pd_member_manager.go +++ b/pkg/manager/member/pd_member_manager.go @@ -257,10 +257,11 @@ func (pmm *pdMemberManager) syncPDStatefulSetForTidbCluster(tc *v1alpha1.TidbClu func (pmm *pdMemberManager) syncPDClientCerts(tc *v1alpha1.TidbCluster) error { ns := tc.GetNamespace() tcName := tc.GetName() - commonName := fmt.Sprintf("%s-pd-client", tcName) + commonName := fmt.Sprintf("%s-pd", tcName) hostList := []string{ commonName, + fmt.Sprintf("%s.%s", commonName, tc.Namespace), } certOpts := &controller.TiDBClusterCertOptions{ From 7010a64b82cf671acfef1ed87945c57ffc9aaeb4 Mon Sep 17 00:00:00 2001 From: Song Gao <2695690803@qq.com> Date: Fri, 14 Feb 2020 23:10:39 +0800 Subject: [PATCH 2/4] Revert "fix pd-client tls bug" This reverts commit 336bef94843d6e27e55e4e425bfd13814b96a8ec. --- .../templates/admission/admission-webhook-rbac.yaml | 3 --- pkg/manager/member/pd_member_manager.go | 3 +-- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml index 43d3082a8c..748be3a295 100644 --- a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml +++ b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml @@ -27,9 +27,6 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - apiGroups: [""] resources: ["events"] verbs: ["create","patch","update"] diff --git a/pkg/manager/member/pd_member_manager.go b/pkg/manager/member/pd_member_manager.go index 8b375e9f56..603863edcd 100644 --- a/pkg/manager/member/pd_member_manager.go +++ b/pkg/manager/member/pd_member_manager.go @@ -257,11 +257,10 @@ func (pmm *pdMemberManager) syncPDStatefulSetForTidbCluster(tc *v1alpha1.TidbClu func (pmm *pdMemberManager) syncPDClientCerts(tc *v1alpha1.TidbCluster) error { ns := tc.GetNamespace() tcName := tc.GetName() - commonName := fmt.Sprintf("%s-pd", tcName) + commonName := fmt.Sprintf("%s-pd-client", tcName) hostList := []string{ commonName, - fmt.Sprintf("%s.%s", commonName, tc.Namespace), } certOpts := &controller.TiDBClusterCertOptions{ From e88b8d39ebcb8e3b5759beb5a3d79f9db5964184 Mon Sep 17 00:00:00 2001 From: Song Gao <2695690803@qq.com> Date: Fri, 14 Feb 2020 23:11:46 +0800 Subject: [PATCH 3/4] Update admission-webhook-rbac.yaml --- .../templates/admission/admission-webhook-rbac.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml index 748be3a295..794b6eda91 100644 --- a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml +++ b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml @@ -27,6 +27,9 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] - apiGroups: [""] resources: ["events"] verbs: ["create","patch","update"] From 8a4e4287c42088932518a91f257217ccf0be99a3 Mon Sep 17 00:00:00 2001 From: Song Gao <2695690803@qq.com> Date: Sat, 15 Feb 2020 12:31:11 +0800 Subject: [PATCH 4/4] Update admission-webhook-rbac.yaml --- .../templates/admission/admission-webhook-rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml index 794b6eda91..43d3082a8c 100644 --- a/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml +++ b/charts/tidb-operator/templates/admission/admission-webhook-rbac.yaml @@ -28,7 +28,7 @@ rules: resources: ["pods"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] - resources: ["pods"] + resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["events"]