Comments (9)
intelligentfu
commented on August 21, 2024
已经实现,请贴一下现象,doriscluster的yaml以及环境。
from doris-operator.
anthony-yau
commented on August 21, 2024
已经实现,请贴一下现象,doriscluster的yaml以及环境。
yaml文件:
apiVersion: doris.selectdb.com/v1
kind: DorisCluster
metadata:
labels:
app.kubernetes.io/name: doris-testxx
app.kubernetes.io/instance: doris-testxx
app.kubernetes.io/part-of: doris-operator
name: doris-testxx
namespace: default
spec:
adminUser:
name: dsadmin
password: DSf@x2412
# FE配置
feSpec:
# 指定参与选举的数量,其他的为仲裁节点
electionNumber: 3
# 副本数, 1主2从
replicas: 3
image: xxx
# 配置服务类型, 如果要在集群外访问,需要使用LoadBalancer等类型
service:
type: "ClusterIP"
# 资源配置
requests:
cpu: 8
memory: 16Gi
limits:
cpu: 16
memory: 32Gi
# 持久化配置
persistentVolumes:
- mountPath: /opt/apache-doris/fe/doris-meta
name: femeta
persistentVolumeClaimSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
- mountPath: /opt/apache-doris/fe/log
name: felog
persistentVolumeClaimSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
# 初始配置
systemInitialization:
command: [ "/sbin/sysctl", "-w", "vm.max_map_count=2000000" ]
# BE配置
beSpec:
# 副本数
replicas: 3
image: xxx
# 资源配置
requests:
cpu: 8
memory: 16Gi
limits:
cpu: 16
memory: 64Gi
# 持久化配置
persistentVolumes:
- mountPath: /opt/apache-doris/be/storage
name: bedata
persistentVolumeClaimSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
- mountPath: /opt/apache-doris/be/log
name: belog
persistentVolumeClaimSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
# 初始配置
systemInitialization:
command: [ "/sbin/sysctl", "-w", "vm.max_map_count=2000000" ]
kubectl version
Client Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.5-tke.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.5-tke.15", Compiler:"gc", Platform:"linux/amd64"}
doris operator
spec:
containers:
- args:
- --leader-elect
command: - /dorisoperator
image: selectdb/doris.k8s-operator:latest
imagePullPolicy: Always
- --leader-elect
from doris-operator.
anthony-yau
commented on August 21, 2024
没看到什么具体错误现象,就是没有创建Yaml里面定义的user。operator日志也没搜索到相关日志(或者搜索错了)。
from doris-operator.
intelligentfu
commented on August 21, 2024
AdminUser的使用场景是创建出集群后,更改了root的密码。这个时候需要新建管理节点的用户并赋值密码,然后配置到AdminUser,或者配置root 的用户名密码。
adminUser的使用场景是节点管理时使用。
from doris-operator.
anthony-yau
commented on August 21, 2024
AdminUser的使用场景是创建出集群后,更改了root的密码。这个时候需要新建管理节点的用户并赋值密码,然后配置到AdminUser,或者配置root 的用户名密码。 adminUser的使用场景是节点管理时使用。
好的,谢谢,那没看懂文档部分描述了。
那有没有可能实现,初装集群后,把root密码设置下的能力。
from doris-operator.
intelligentfu
commented on August 21, 2024
AdminUser的使用场景是创建出集群后,更改了root的密码。这个时候需要新建管理节点的用户并赋值密码,然后配置到AdminUser,或者配置root 的用户名密码。 adminUser的使用场景是节点管理时使用。
好的,谢谢,那没看懂文档部分描述了。
那有没有可能实现,初装集群后,把root密码设置下的能力。
不能这么干,自动设置密码肯定是固定的,这么做会导致集群拥有后门,是一个很大的安全漏洞。而且,如果用户改了密码,那么后期节点重启有可能出现无法启动,集群也无法恢复的情况。注意能力设计的最根本的原则要包括安全。
from doris-operator.
intelligentfu
commented on August 21, 2024
纵观所有数据库,没有帮忙初始化密码的,这是最基本的安全底线,doris operator也不会这么干。
from doris-operator.
anthony-yau
commented on August 21, 2024
纵观所有数据库,没有帮忙初始化密码的,这是最基本的安全底线,doris operator也不会这么干。
那太绝对了吧,MySQL就是因为安全性,默认生成一个密码。
from doris-operator.
intelligentfu
commented on August 21, 2024
纵观所有数据库,没有帮忙初始化密码的,这是最基本的安全底线,doris operator也不会这么干。
那太绝对了吧,MySQL就是因为安全性,默认生成一个密码。
https://github.com/mysql/mysql-operator/blob/trunk/mysqloperator/sidecar_main.py#L109
from doris-operator.
Related Issues (20)
- support IP mode start when pod have static IP HOT 1
- service can't be updated in k8s 1.19 version HOT 2
- be_prestop.sh add parameter --grace HOT 1
- be graceful timeout not set for be pods HOT 1
- doris 能够部署成功,但更新yaml后重新部署,不自动重启be,fe等pod HOT 4
- The pvc created by the operator needs to support adding annotations HOT 1
- auto create account and set password for doris
- when configmap updated of some config, operator should restart service to effect. HOT 1
- antiaffinity schedule, add clustername as a key.
- config fe external service as sessionaffinity HOT 1
- [Feature] operator can add a config that let fe or be mount a shared RWX pvc to share additional resources like catalog jars HOT 1
- [Feature] Support for Arrow Flight SQL Port Configuration in Doris Operator HOT 1
- bug: volume resize does not work HOT 2
- AdminUser not work as expected.
- DorisCluster create failed permission denied: unknown HOT 1
- Security: address CVE-2024-24790 in 1.6.0 HOT 1
- fr: support priorityClass
- 通过doris-operator进行修改fe 或者be replicas的数量 只能增加 不能减少 减少无效 这个是正常的吗? HOT 3
- [Feature]Support Deploy Compute-storage decoupled Cluster HOT 1
- [BUG] 存算分离集群部署例子资源疑似有误
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doris-operator.