Merge branch 'master' into fed_backup_schedule

OWNERS

@@ -1,30 +1,38 @@
 # See the OWNERS docs at https://go.k8s.io/owners
 approvers:
-  # kubernetes-maintainers:
+  - AstroProfundis
+  - aylei
   - azurezyq
+  - BornChanger
   - charleszheng44
+  - cofyc
   - csuzhangxc
+  - DanielZhangQD
+  - dragonly
+  - Ehco1996
+  - fengou1
+  - gozssky
+  - gregwebs
   - grovecai
+  - handlerww
   - hanlins
+  - jlerche
+  - july2993
   - KanShiori
+  - LinuxGit
   - liubog2008
-  # kubernetes-committers:
-  - WangLe1321
-  - tennix
-  - shuijing198799
-  - sdojjy
   - mikechengwei
-  - LinuxGit
-  - KanShiori
-  - handlerww
-  - gozssky
-  - fengou1
-  - Ehco1996
-  - dragonly
-  - BornChanger
+  - onlymellb
+  - qiffang
+  - sdojjy
+  - shuijing198799
+  - tennix
+  - WangLe1321
+  - weekface
+  - WizardXiao
+  - Yisaer
 reviewers:
-  # kubernetes-reviewers:
+  - cvvz
   - howardlau1999
-  - KanShiori
   - lichunzhu
   - shonge

docs/api-references/docs.md

@@ -22592,13 +22592,13 @@ int32
 </tr>
 <tr>
 <td>
-<code>sslDisableTiDB</code></br>
+<code>sslEnableTiDB</code></br>
 <em>
 bool
 </em>
 </td>
 <td>
-<p>Whether disable SSL connection between tiproxy and TiDB server</p>
+<p>Whether enable SSL connection between tiproxy and TiDB server</p>
 </td>
 </tr>
 <tr>

manifests/crd.yaml

@@ -34239,7 +34239,7 @@ spec:
                     type: string
                   serviceAccount:
                     type: string
-                  sslDisableTiDB:
+                  sslEnableTiDB:
                     type: boolean
                   statefulSetUpdateStrategy:
                     type: string

manifests/crd/v1/pingcap.com_tidbclusters.yaml

@@ -19617,7 +19617,7 @@ spec:
                     type: string
                   serviceAccount:
                     type: string
-                  sslDisableTiDB:
+                  sslEnableTiDB:
                     type: boolean
                   statefulSetUpdateStrategy:
                     type: string

manifests/crd/v1beta1/pingcap.com_tidbclusters.yaml

@@ -19587,7 +19587,7 @@ spec:
                   type: string
                 serviceAccount:
                   type: string
-                sslDisableTiDB:
+                sslEnableTiDB:
                   type: boolean
                 statefulSetUpdateStrategy:
                   type: string

manifests/crd_v1beta1.yaml

@@ -34193,7 +34193,7 @@ spec:
                   type: string
                 serviceAccount:
                   type: string
-                sslDisableTiDB:
+                sslEnableTiDB:
                   type: boolean
                 statefulSetUpdateStrategy:
                   type: string

pkg/apis/pingcap/v1alpha1/types.go

@@ -774,8 +774,8 @@ type TiProxySpec struct {
 	// +kubebuilder:validation:Minimum=0
 	Replicas int32 `json:"replicas"`
 
-	// Whether disable SSL connection between tiproxy and TiDB server
-	SSLDisableTiDB bool `json:"sslDisableTiDB,omitempty"`
+	// Whether enable SSL connection between tiproxy and TiDB server
+	SSLEnableTiDB bool `json:"sslEnableTiDB,omitempty"`
 
 	// TLSClientSecretName is the name of secret which stores tidb server client certificate
 	// used by TiProxy to check health status.

pkg/manager/member/tiflash_util.go

@@ -37,6 +37,8 @@ const (
 var (
 	// the first version that tiflash change default config
 	tiflashEqualOrGreaterThanV540, _ = cmpver.NewConstraint(cmpver.GreaterOrEqual, "v5.4.0")
+	// the first version that tiflash discards http and tcp ports.
+	tiflashEqualOrGreaterThanV710, _ = cmpver.NewConstraint(cmpver.GreaterOrEqual, "v7.1.0")
 )
 
 func buildTiFlashSidecarContainers(tc *v1alpha1.TidbCluster) ([]corev1.Container, error) {
@@ -138,6 +140,7 @@ func getTiFlashConfigV2(tc *v1alpha1.TidbCluster) *v1alpha1.TiFlashConfigWraper
 	if tc.Spec.PreferIPv6 {
 		listenHost = listenHostForIPv6
 	}
+	version := tc.TiFlashVersion()
 
 	// common
 	{
@@ -161,8 +164,10 @@ func getTiFlashConfigV2(tc *v1alpha1.TidbCluster) *v1alpha1.TiFlashConfigWraper
 		common.SetIfNil("tmp_path", "/data0/tmp")
 
 		// port
-		common.SetIfNil("tcp_port", int64(v1alpha1.DefaultTiFlashTcpPort))
-		common.SetIfNil("http_port", int64(v1alpha1.DefaultTiFlashHttpPort))
+		if ok, err := tiflashEqualOrGreaterThanV710.Check(version); err == nil && !ok {
+			common.SetIfNil("tcp_port", int64(v1alpha1.DefaultTiFlashTcpPort))
+			common.SetIfNil("http_port", int64(v1alpha1.DefaultTiFlashHttpPort))
+		}
 
 		// flash
 		tidbStatusAddr := fmt.Sprintf("%s.%s.svc:%d", controller.TiDBMemberName(name), ns, v1alpha1.DefaultTiDBStatusPort)
@@ -224,8 +229,10 @@ func getTiFlashConfigV2(tc *v1alpha1.TidbCluster) *v1alpha1.TiFlashConfigWraper
 		common.Set("security.ca_path", path.Join(tiflashCertPath, corev1.ServiceAccountRootCAKey))
 		common.Set("security.cert_path", path.Join(tiflashCertPath, corev1.TLSCertKey))
 		common.Set("security.key_path", path.Join(tiflashCertPath, corev1.TLSPrivateKeyKey))
-		common.SetIfNil("tcp_port_secure", int64(v1alpha1.DefaultTiFlashTcpPort))
-		common.SetIfNil("https_port", int64(v1alpha1.DefaultTiFlashHttpPort))
+		if ok, err := tiflashEqualOrGreaterThanV710.Check(version); err == nil && !ok {
+			common.SetIfNil("tcp_port_secure", int64(v1alpha1.DefaultTiFlashTcpPort))
+			common.SetIfNil("https_port", int64(v1alpha1.DefaultTiFlashHttpPort))
+		}
 		common.Del("http_port")
 		common.Del("tcp_port")
 

pkg/manager/member/tiflash_util_test.go

@@ -1511,8 +1511,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.TiFlash.Config = nil
 				},
 				expectCommonCfg: `
-					http_port = 8123
-					tcp_port = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1549,8 +1547,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.TLSCluster = &v1alpha1.TLSCluster{Enabled: true}
 				},
 				expectCommonCfg: `
-					https_port = 8123
-					tcp_port_secure = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1598,8 +1594,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.TLSCluster = &v1alpha1.TLSCluster{Enabled: true}
 				},
 				expectCommonCfg: `
-					https_port = 8123
-					tcp_port_secure = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1653,8 +1647,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 
 				},
 				expectCommonCfg: `
-					http_port = 8123
-					tcp_port = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1693,8 +1685,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.Cluster = &v1alpha1.TidbClusterRef{Name: "cluster-1", Namespace: "default"}
 				},
 				expectCommonCfg: `
-					http_port = 8123
-					tcp_port = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1731,8 +1721,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.AcrossK8s = true
 				},
 				expectCommonCfg: `
-					http_port = 8123
-					tcp_port = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1772,8 +1760,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.AcrossK8s = true
 				},
 				expectCommonCfg: `
-					http_port = 8123
-					tcp_port = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1813,8 +1799,6 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 					tc.Spec.AcrossK8s = true
 				},
 				expectCommonCfg: `
-					http_port = 8123
-					tcp_port = 9000
 					tmp_path = "/data0/tmp"
 					[flash]
 					  service_addr = "0.0.0.0:3930"
@@ -1854,29 +1838,47 @@ func TestTestGetTiFlashConfig(t *testing.T) {
 				tc.Name = "test"
 				tc.Namespace = "default"
 				tc.Spec.TiFlash = &v1alpha1.TiFlashSpec{}
+				tc.Spec.TiFlash.BaseImage = "pingcap/tiflash"
 
 				if testcase.setTC != nil {
 					testcase.setTC(tc)
 				}
 
-				cfg := getTiFlashConfigV2(tc)
+				for _, version := range []string{"v7.0.0", "v7.1.0"} {
+					tc.Spec.Version = version
+
+					expectCommonCfg := testcase.expectCommonCfg
+					if ok, err := tiflashEqualOrGreaterThanV710.Check(version); err == nil && !ok {
+						if tc.Spec.TLSCluster != nil && tc.Spec.TLSCluster.Enabled {
+							expectCommonCfg = `
+							https_port = 8123
+							tcp_port_secure = 9000` + expectCommonCfg
+						} else {
+							expectCommonCfg = `
+							http_port = 8123
+							tcp_port = 9000` + expectCommonCfg
+						}
+					}
 
-				commonCfgData, err := cfg.Common.MarshalTOML()
-				g.Expect(err).Should(Succeed())
-				proxyCfgData, err := cfg.Proxy.MarshalTOML()
-				g.Expect(err).Should(Succeed())
+					cfg := getTiFlashConfigV2(tc)
 
-				outputCfg := v1alpha1.NewTiFlashConfig()
-				expectCfg := v1alpha1.NewTiFlashConfig()
-				outputCfg.Common.UnmarshalTOML(commonCfgData)
-				outputCfg.Proxy.UnmarshalTOML(proxyCfgData)
-				expectCfg.Common.UnmarshalTOML([]byte(testcase.expectCommonCfg))
-				expectCfg.Proxy.UnmarshalTOML([]byte(testcase.expectProxyCfg))
+					commonCfgData, err := cfg.Common.MarshalTOML()
+					g.Expect(err).Should(Succeed())
+					proxyCfgData, err := cfg.Proxy.MarshalTOML()
+					g.Expect(err).Should(Succeed())
 
-				diff := cmp.Diff(outputCfg.Common.Inner(), expectCfg.Common.Inner())
-				g.Expect(diff).Should(BeEmpty())
-				diff = cmp.Diff(outputCfg.Proxy.Inner(), expectCfg.Proxy.Inner())
-				g.Expect(diff).Should(BeEmpty())
+					outputCfg := v1alpha1.NewTiFlashConfig()
+					expectCfg := v1alpha1.NewTiFlashConfig()
+					outputCfg.Common.UnmarshalTOML(commonCfgData)
+					outputCfg.Proxy.UnmarshalTOML(proxyCfgData)
+					expectCfg.Common.UnmarshalTOML([]byte(expectCommonCfg))
+					expectCfg.Proxy.UnmarshalTOML([]byte(testcase.expectProxyCfg))
+
+					diff := cmp.Diff(outputCfg.Common.Inner(), expectCfg.Common.Inner())
+					g.Expect(diff).Should(BeEmpty())
+					diff = cmp.Diff(outputCfg.Proxy.Inner(), expectCfg.Proxy.Inner())
+					g.Expect(diff).Should(BeEmpty())
+				}
 			})
 		}
 	})

pkg/manager/member/tiproxy_member_manager.go

@@ -134,7 +134,7 @@ func (m *tiproxyMemberManager) syncConfigMap(tc *v1alpha1.TidbCluster, set *apps
 		cfgWrapper.Set("security.server-tls.cert", path.Join(tiproxyServerPath, "tls.crt"))
 		cfgWrapper.Set("security.server-tls.skip-ca", true)
 
-		if !tc.Spec.TiProxy.SSLDisableTiDB || !tc.SkipTLSWhenConnectTiDB() {
+		if tc.Spec.TiProxy.SSLEnableTiDB || !tc.SkipTLSWhenConnectTiDB() {
 			if tc.Spec.TiDB.TLSClient.SkipInternalClientCA {
 				cfgWrapper.Set("security.sql-tls.skip-ca", true)
 			} else {
@@ -440,7 +440,7 @@ func (m *tiproxyMemberManager) getNewStatefulSet(tc *v1alpha1.TidbCluster, cm *c
 			},
 		})
 
-		if !tc.Spec.TiProxy.SSLDisableTiDB || !tc.SkipTLSWhenConnectTiDB() {
+		if tc.Spec.TiProxy.SSLEnableTiDB || !tc.SkipTLSWhenConnectTiDB() {
 			volMounts = append(volMounts, corev1.VolumeMount{
 				Name: "tidb-client-tls", ReadOnly: true, MountPath: tiproxySQLPath,
 			})