tiproxy: revert enable SSL by default

Signed-off-by: xhe <[email protected]>
pingcap · Jun 20, 2023 · 647461d · 647461d
1 parent 0015c82
commit 647461d
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 12 deletions.
diff --git a/docs/api-references/docs.md b/docs/api-references/docs.md
@@ -22592,13 +22592,13 @@ int32
 </tr>
 <tr>
 <td>
-<code>sslDisableTiDB</code></br>
+<code>sslEnableTiDB</code></br>
 <em>
 bool
 </em>
 </td>
 <td>
-<p>Whether disable SSL connection between tiproxy and TiDB server</p>
+<p>Whether enable SSL connection between tiproxy and TiDB server</p>
 </td>
 </tr>
 <tr>

diff --git a/manifests/crd.yaml b/manifests/crd.yaml
@@ -34235,7 +34235,7 @@ spec:
                     type: string
                   serviceAccount:
                     type: string
-                  sslDisableTiDB:
+                  sslEnableTiDB:
                     type: boolean
                   statefulSetUpdateStrategy:
                     type: string

diff --git a/manifests/crd/v1/pingcap.com_tidbclusters.yaml b/manifests/crd/v1/pingcap.com_tidbclusters.yaml
@@ -19617,7 +19617,7 @@ spec:
                     type: string
                   serviceAccount:
                     type: string
-                  sslDisableTiDB:
+                  sslEnableTiDB:
                     type: boolean
                   statefulSetUpdateStrategy:
                     type: string

diff --git a/manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml b/manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml
@@ -19587,7 +19587,7 @@ spec:
                   type: string
                 serviceAccount:
                   type: string
-                sslDisableTiDB:
+                sslEnableTiDB:
                   type: boolean
                 statefulSetUpdateStrategy:
                   type: string

diff --git a/manifests/crd_v1beta1.yaml b/manifests/crd_v1beta1.yaml
@@ -34189,7 +34189,7 @@ spec:
                   type: string
                 serviceAccount:
                   type: string
-                sslDisableTiDB:
+                sslEnableTiDB:
                   type: boolean
                 statefulSetUpdateStrategy:
                   type: string

diff --git a/pkg/apis/pingcap/v1alpha1/openapi_generated.go b/pkg/apis/pingcap/v1alpha1/openapi_generated.go
diff --git a/pkg/apis/pingcap/v1alpha1/types.go b/pkg/apis/pingcap/v1alpha1/types.go
@@ -774,8 +774,8 @@ type TiProxySpec struct {
 	// +kubebuilder:validation:Minimum=0
 	Replicas int32 `json:"replicas"`
 
-	// Whether disable SSL connection between tiproxy and TiDB server
-	SSLDisableTiDB bool `json:"sslDisableTiDB,omitempty"`
+	// Whether enable SSL connection between tiproxy and TiDB server
+	SSLEnableTiDB bool `json:"sslEnableTiDB,omitempty"`
 
 	// TLSClientSecretName is the name of secret which stores tidb server client certificate
 	// used by TiProxy to check health status.

diff --git a/pkg/manager/member/tiproxy_member_manager.go b/pkg/manager/member/tiproxy_member_manager.go
@@ -134,7 +134,7 @@ func (m *tiproxyMemberManager) syncConfigMap(tc *v1alpha1.TidbCluster, set *apps
 		cfgWrapper.Set("security.server-tls.cert", path.Join(tiproxyServerPath, "tls.crt"))
 		cfgWrapper.Set("security.server-tls.skip-ca", true)
 
-		if !tc.Spec.TiProxy.SSLDisableTiDB || !tc.SkipTLSWhenConnectTiDB() {
+		if tc.Spec.TiProxy.SSLEnableTiDB || !tc.SkipTLSWhenConnectTiDB() {
 			if tc.Spec.TiDB.TLSClient.SkipInternalClientCA {
 				cfgWrapper.Set("security.sql-tls.skip-ca", true)
 			} else {
@@ -440,7 +440,7 @@ func (m *tiproxyMemberManager) getNewStatefulSet(tc *v1alpha1.TidbCluster, cm *c
 			},
 		})
 
-		if !tc.Spec.TiProxy.SSLDisableTiDB || !tc.SkipTLSWhenConnectTiDB() {
+		if tc.Spec.TiProxy.SSLEnableTiDB || !tc.SkipTLSWhenConnectTiDB() {
 			volMounts = append(volMounts, corev1.VolumeMount{
 				Name: "tidb-client-tls", ReadOnly: true, MountPath: tiproxySQLPath,
 			})