From cd24a06a12b3c9b61cd86a2a8cb97b9d63ee5dec Mon Sep 17 00:00:00 2001 From: qqqdan Date: Tue, 27 Aug 2024 23:39:28 +0800 Subject: [PATCH 01/15] new connect ux --- tidb-cloud/connect-to-tidb-cluster.md | 38 ++++--- tidb-cloud/connect-via-standard-connection.md | 49 +++++---- tidb-cloud/create-tidb-cluster.md | 11 +- tidb-cloud/set-up-vpc-peering-connections.md | 100 ++++++++++++++++-- 4 files changed, 141 insertions(+), 57 deletions(-) diff --git a/tidb-cloud/connect-to-tidb-cluster.md b/tidb-cloud/connect-to-tidb-cluster.md index 0ec762a2c3350..2e941a233d710 100644 --- a/tidb-cloud/connect-to-tidb-cluster.md +++ b/tidb-cloud/connect-to-tidb-cluster.md @@ -11,35 +11,41 @@ This document introduces the methods to connect to your TiDB Dedicated cluster. > > To learn how to connect to a TiDB Serverless cluster, see [Connect to Your TiDB Serverless Cluster](/tidb-cloud/connect-to-tidb-cluster-serverless.md). -After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to it via one of the following methods: +After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to it via one of the following methods: -- [Connect via standard connection](/tidb-cloud/connect-via-standard-connection.md) +- Direct connections - The standard connection exposes a public endpoint with traffic filters, so you can connect to your TiDB cluster via a SQL client from your laptop. You can connect to your TiDB clusters using TLS, which ensures the security of data transmission from your applications to TiDB clusters. + Direct connections mean the MySQL native connection system over TCP. You can connect to your TiDB Dedicated cluster using any tool that supports MySQL connection, such as [MySQL client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html). -- [Connect via private endpoint with AWS](/tidb-cloud/set-up-private-endpoint-connections.md) (recommended) +- [built-in SQL Editor](/tidb-cloud/explore-data-with-chat2query.md) - For TiDB Dedicated clusters hosted on AWS, private endpoint connection provides a private endpoint to allow SQL clients in your VPC to securely access services over AWS PrivateLink, which provides highly secure and one-way access to database services with simplified network management. + > **Note:** + > + > To use SQL Editor on [TiDB Dedicated](/tidb-cloud/select-cluster-tier.md#tidb-dedicated) clusters, contact [TiDB Cloud support](/tidb-cloud/tidb-cloud-support.md). -- [Connect via private endpoint with Google Cloud](/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md) (recommended) + If your cluster is hosted on AWS and the TiDB version of the cluster is v6.5.0 or later, you can use the AI-assisted SQL Editor in the [TiDB Cloud console](https://tidbcloud.com/) to maximize your data value. - For TiDB Dedicated clusters hosted on Google Cloud, private endpoint connection provides a private endpoint to allow SQL clients in your VPC to securely access services over Google Cloud Private Service Connect, which provides highly secure and one-way access to database services with simplified network management. + In SQL Editor, you can either write SQL queries manually or simply press + I on macOS (or Control + I on Windows or Linux) to instruct [Chat2Query (beta)](/tidb-cloud/tidb-cloud-glossary.md#chat2query) to generate SQL queries automatically. This enables you to run SQL queries against databases without a local SQL client. You can intuitively view the query results in tables or charts and easily check the query logs. -- [Connect via VPC peering](/tidb-cloud/set-up-vpc-peering-connections.md) +## Network for Direct Connections - If you want lower latency and more security, set up VPC peering and connect via a private endpoint using a VM instance on the corresponding cloud provider in your cloud account. +There are three network connection types for TiDB Dedicated: -- [Connect via built-in SQL Editor](/tidb-cloud/explore-data-with-chat2query.md) +- [Public connection](/tidb-cloud/connect-via-standard-connection.md) - > **Note:** - > - > To use SQL Editor on [TiDB Dedicated](/tidb-cloud/select-cluster-tier.md#tidb-dedicated) clusters, contact [TiDB Cloud support](/tidb-cloud/tidb-cloud-support.md). + The public connection exposes a public endpoint with traffic filters, so you can connect to your TiDB cluster via a SQL client from your laptop. You can connect to your TiDB clusters using TLS, which ensures the security of data transmission from your applications to TiDB clusters. - If your cluster is hosted on AWS and the TiDB version of the cluster is v6.5.0 or later, you can use the AI-assisted SQL Editor in the [TiDB Cloud console](https://tidbcloud.com/) to maximize your data value. +- Private endpoint (recommended) - In SQL Editor, you can either write SQL queries manually or simply press + I on macOS (or Control + I on Windows or Linux) to instruct [Chat2Query (beta)](/tidb-cloud/tidb-cloud-glossary.md#chat2query) to generate SQL queries automatically. This enables you to run SQL queries against databases without a local SQL client. You can intuitively view the query results in tables or charts and easily check the query logs. + Private endpoint connection provides a private endpoint to allow SQL clients in your VPC to securely access TiDB Dedicated Clusters over the Private Link Service provided by different Cloud providers, which provides highly secure and one-way access to database services with simplified network management + + - For TiDB Dedicated Clusters on AWS, the private endpoint connection is powered by AWS PrivateLink. To learn how to create private endpoint connection,see [Connect to a TiDB Dedicated Cluster via Private Endpoint with AWS](/tidb-cloud/set-up-private-endpoint-connections.md) + - For TiDB Dedicated Clusters on Google Cloud, the private endpoint connection is powered by Google Cloud Private Service Connect. To learn how to create private endpoint connection,see [Connect to a TiDB Dedicated Cluster via Google Cloud Private Service Connect](/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md) + +- [VPC peering](/tidb-cloud/set-up-vpc-peering-connections.md) + + If you want lower latency and more security, set up VPC peering and connect via a private endpoint using a VM instance on the corresponding cloud provider in your cloud account. -- [Connect via SQL Shell](/tidb-cloud/connect-via-sql-shell.md): to try TiDB SQL and test out TiDB's compatibility with MySQL quickly, or administer user privileges. ## What's next diff --git a/tidb-cloud/connect-via-standard-connection.md b/tidb-cloud/connect-via-standard-connection.md index dfe68f465736f..4e12e68ef8eae 100644 --- a/tidb-cloud/connect-via-standard-connection.md +++ b/tidb-cloud/connect-via-standard-connection.md @@ -3,51 +3,50 @@ title: Connect to TiDB Dedicated via Standard Connection summary: Learn how to connect to your TiDB Cloud cluster via standard connection. --- -# Connect to TiDB Dedicated via Standard Connection +# Connect to TiDB Dedicated via Public Connection -This document describes how to connect to your TiDB Dedicated cluster via standard connection. The standard connection exposes a public endpoint with traffic filters, so you can connect to your TiDB Dedicated cluster via a SQL client from your laptop. +This document describes how to connect to your TiDB Dedicated cluster via public connection. The public connection exposes a public endpoint with traffic filters, so you can connect to your TiDB Dedicated cluster via a SQL client from your laptop. > **Tip:** > -> To learn how to connect to a TiDB Serverless cluster via standard connection, see [Connect to TiDB Serverless via Public Endpoint](/tidb-cloud/connect-via-standard-connection-serverless.md). +> To learn how to connect to a TiDB Serverless cluster via public connection, see [Connect to TiDB Serverless via Public Endpoint](/tidb-cloud/connect-via-standard-connection-serverless.md). -To connect to a TiDB Dedicated cluster via standard connection, take the following steps: +## Prerequisite: Configure IP access list -1. Open the overview page of the target cluster. +For public connection, TiDB Cloud only allows client connections from addresses in the IP access list. If you have not configured IP access list, take the following sub-steps to configure it before first connection. - 1. Log in to the [TiDB Cloud console](https://tidbcloud.com/) and navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. +1. Navigate to the Networking page of a TiDB Dedicated cluster.. - > **Tip:** - > - > If you have multiple projects, you can click in the lower-left corner and switch to another project. +2. Click **Add IP Address**, choose one of the following options. - 2. Click the name of your target cluster to go to its overview page. + - **Allow access from anywhere** : All IP addresses are allowed to access TiDB Cloud. This would expose your cluster to the internet completely, which is highly risky. + - **Use IP addresses**: Recommand, you can add a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client. -2. Click **Connect** in the upper-right corner. A connection dialog is displayed. +3. Add IP addresses or CIDR range with an optional description. You can add up to 100 addresses. -3. Create a traffic filter for the cluster. Traffic filter is a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client. +4. Click **Confirm** to confirm the changes. - If the traffic filter is already set, skip the following sub-steps. If the traffic filter is empty, take the following sub-steps to add one. +## Connect to the cluster: - 1. Click one of the buttons to add some rules quickly. +To connect to a TiDB Dedicated cluster via public connection, take the following steps: - - **Add My Current IP Address** - - **Allow Access from Anywhere** +1. Open the overview page of the target cluster. - 2. Provide an optional description for the newly added IP address or CIDR range. + 1. Log in to the [TiDB Cloud console](https://tidbcloud.com/) and navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. - 3. Click **Create Filter** to confirm the changes. + > **Tip:** + > + > If you have multiple projects, you can click in the lower-left corner and switch to another project. -4. Under **Step 2: Download CA cert** in the dialog, click **Download CA cert** for TLS connection to TiDB clusters. The CA cert supports TLS 1.2 version by default. + 2. Click the name of your target cluster to go to its overview page. + +2. Click **Connect** in the upper-right corner. A connection dialog is displayed. - > **Note:** - > - > - The CA cert is only available for TiDB Dedicated clusters. - > - Currently, TiDB Cloud only provides the connection strings and sample code for these connection methods: MySQL, MyCLI, JDBC, Python, Go, and Node.js. +3. Select `Public` in **Connection Type**. If you have not configured IP access list, you need to click **Configure IP Access List** to configure it before first connection. -5. Under **Step 3: Connect with a SQL client** in the dialog, click the tab of your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. +4. Click **CA cert** to download CA cert for TLS connection to TiDB clusters. The CA cert supports TLS 1.2 version by default. - Note that you need to use the path of the downloaded CA file as the argument of the `--ssl-ca` option in the connection string. +5. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. ## What's next diff --git a/tidb-cloud/create-tidb-cluster.md b/tidb-cloud/create-tidb-cluster.md index 1ff57fedd7822..20158d67e3ea6 100644 --- a/tidb-cloud/create-tidb-cluster.md +++ b/tidb-cloud/create-tidb-cluster.md @@ -78,14 +78,13 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea Your TiDB Cloud cluster will be created in approximately 20 to 30 minutes. -## Step 3. Configure secure settings +## Step 3. Set root password +After your cluster is created, take the following steps to configure the root password : -After your cluster is created, take the following steps to configure the security settings: +1. In the upper-right corner of your cluster overview page, click **...** and select **Password Settings**. -1. In the upper-right corner of your cluster overview page, click **...** and select **Security Settings**. - -2. Set the root password and allowed IP addresses to connect to your cluster, and then click **Apply**. +2. Set the root password to connect to your cluster, and then click **Save**. Make sure to copy your password and save it in a secure location. ## What's next -After your cluster is created on TiDB Cloud, you can connect to it via the methods provided in [Connect to Your TiDB Dedicated Cluster](/tidb-cloud/connect-via-standard-connection-serverless.md). \ No newline at end of file +After your cluster is created on TiDB Cloud, you can connect to it via the methods provided in [Connect to Your TiDB Dedicated Cluster](/tidb-cloud/connect-to-tidb-cluster). \ No newline at end of file diff --git a/tidb-cloud/set-up-vpc-peering-connections.md b/tidb-cloud/set-up-vpc-peering-connections.md index 2edbec2391000..c0a449b7fd7a6 100644 --- a/tidb-cloud/set-up-vpc-peering-connections.md +++ b/tidb-cloud/set-up-vpc-peering-connections.md @@ -61,6 +61,11 @@ This section describes how to set up VPC peering connections on AWS. For Google ### Step 1. Add VPC peering requests +Use either of the following two options to add VPC peering requests from TiDB Cloud console: + + +
+ 1. Log in to the [TiDB Cloud console](https://tidbcloud.com). 2. Click in the lower-left corner, switch to the target project if you have multiple projects, and then click **Project Settings**. 3. On the **Project Settings** page of your project, click **Network Access** in the left navigation pane, and click the **VPC Peering** > **AWS** tab. @@ -82,14 +87,45 @@ This section describes how to set up VPC peering connections on AWS. For Google 6. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **VPC Peering Details** page is displayed. +
+
+ +1. Open the overview page of the target cluster. + + 1. Log in to the [TiDB Cloud console](https://tidbcloud.com/) and navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. + + > **Tip:** + > + > If you have multiple projects, you can click in the lower-left corner and switch to another project. + + 2. Click the name of your target cluster to go to its overview page. + +3. On the **Networing** page of your cluster, click **Create VPC Peering**. + +4. Fill in the required information of your existing AWS VPC: + + - Your VPC Region + - AWS Account ID + - VPC ID + - VPC CIDR + + You can get such information from your VPC details page of the [AWS Management Console](https://console.aws.amazon.com/). TiDB Cloud supports creating VPC peerings between VPCs in the same region or from two different regions. + + ![VPC peering](/media/tidb-cloud/vpc-peering/vpc-peering-creating-infos.png) + +5. Click **Create** to send the VPC peering request, and then view the VPC peering information on the **VPC Peering** > **AWS** tab. The status of the newly created VPC peering is **System Checking**. + +6. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **AWS VPC Peering Details** page is displayed. + +
+ + ### Step 2. Approve and configure the VPC peering Use either of the following two options to approve and configure the VPC peering connection: -- [Option 1: Use AWS CLI](#option-1-use-aws-cli) -- [Option 2: Use the AWS dashboard](#option-2-use-the-aws-dashboard) - -#### Option 1. Use AWS CLI + +
1. Install AWS Command Line Interface (AWS CLI). @@ -165,7 +201,8 @@ Use either of the following two options to approve and configure the VPC peering After finishing the configuration, the VPC peering has been created. You can [connect to the TiDB cluster](#connect-to-the-tidb-cluster) to verify the result. -#### Option 2. Use the AWS dashboard +
+
You can also use the AWS dashboard to configure the VPC peering connection. @@ -207,8 +244,18 @@ You can also use the AWS dashboard to configure the VPC peering connection. Now you have successfully set up the VPC peering connection. Next, [connect to the TiDB cluster via VPC peering](#connect-to-the-tidb-cluster). +
+ + ## Set up VPC peering on Google Cloud +### Step 1. Add VPC peering requests + +Use either of the following two options to add VPC peering requests from TiDB Cloud console: + + +
+ 1. Log in to the [TiDB Cloud console](https://tidbcloud.com). 2. Click in the lower-left corner, switch to the target project if you have multiple projects, and then click **Project Settings**. 3. On the **Project Settings** page of your project, click **Network Access** in the left navigation pane, and click the **VPC Peering** > **Google Cloud** tab. @@ -219,7 +266,7 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t > **Tip:** > - > You can follow instructions next to the **Application Google Cloud Project ID** and **VPC Network Name** fields to find the project ID and VPC network name. + > You can follow instructions next to the **Google Cloud Project ID** and **VPC Network Name** fields to find the project ID and VPC network name. - Google Cloud Project ID - VPC Network Name @@ -229,7 +276,39 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t 6. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **VPC Peering Details** page is displayed. -7. Execute the following command to finish the setup of VPC peerings: +
+
+ +1. Open the overview page of the target cluster. + + 1. Log in to the [TiDB Cloud console](https://tidbcloud.com/) and navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. + + > **Tip:** + > + > If you have multiple projects, you can click in the lower-left corner and switch to another project. + + 2. Click the name of your target cluster to go to its overview page. + +3. On the **Networing** page of your cluster, click **Create VPC Peering**,and then fill in the required information of your existing Google Cloud VPC: + + > **Tip:** + > + > You can follow instructions next to the **Google Cloud Project ID** and **VPC Network Name** fields to find the project ID and VPC network name. + + - Google Cloud Project ID + - VPC Network Name + - VPC CIDR + +4. Click **Create** to send the VPC peering request, and then view the VPC peering information on the **Google Cloud VPC Peering** part. The status of the newly created VPC peering is **System Checking**. + +5. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **VPC Peering Details** page is displayed. + +
+ + +### Step 2. Approve the VPC peering + +1. Execute the following command to finish the setup of VPC peerings: {{< copyable "shell-regular" >}} @@ -247,10 +326,11 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t 1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target cluster to go to its overview page. -2. Click **Connect** in the upper-right corner, and select the **VPC Peering** tab in the connection dialog. +2. Click **Connect** in the upper-right corner, and select `VPC Peering` in **Connection Type**. - You can see the **Status** of the VPC peering is **active**. If **Status** is still **system checking**, wait for about 5 minutes and open the dialog again. + You can see the VPC information when the peering is **active**. If the peering status is still **system checking**, wait for about 5 minutes and open the dialog again. 3. Click **Get Endpoint** and wait for a few minutes. Then the connection command is displayed in the dialog. -4. Under **Step 2: Connect with a SQL client** in the dialog box, click the tab of your preferred connection method, and then connect to your cluster with the connection string. +4. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. + From 4279db0c1ac8ba473d6e78983678612402aaceb1 Mon Sep 17 00:00:00 2001 From: qqqdan Date: Wed, 28 Aug 2024 16:15:46 +0800 Subject: [PATCH 02/15] Update set-up-vpc-peering-connections.md --- tidb-cloud/set-up-vpc-peering-connections.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tidb-cloud/set-up-vpc-peering-connections.md b/tidb-cloud/set-up-vpc-peering-connections.md index c0a449b7fd7a6..767c503c78c19 100644 --- a/tidb-cloud/set-up-vpc-peering-connections.md +++ b/tidb-cloud/set-up-vpc-peering-connections.md @@ -330,7 +330,5 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t You can see the VPC information when the peering is **active**. If the peering status is still **system checking**, wait for about 5 minutes and open the dialog again. -3. Click **Get Endpoint** and wait for a few minutes. Then the connection command is displayed in the dialog. - -4. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. +3. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. From 93de0d4a07c36f7723aff465961a1bee696ebbcb Mon Sep 17 00:00:00 2001 From: qqqdan Date: Wed, 28 Aug 2024 19:43:57 +0800 Subject: [PATCH 03/15] update 4 docs --- tidb-cloud/configure-ip-access-list.md | 49 ++++--------------- ...te-endpoint-connections-on-google-cloud.md | 32 ++++++------ .../set-up-private-endpoint-connections.md | 39 ++++++++------- .../tidb-cloud-tls-connect-to-dedicated.md | 11 ++--- 4 files changed, 50 insertions(+), 81 deletions(-) diff --git a/tidb-cloud/configure-ip-access-list.md b/tidb-cloud/configure-ip-access-list.md index 1b035c7bc1101..979a206de9287 100644 --- a/tidb-cloud/configure-ip-access-list.md +++ b/tidb-cloud/configure-ip-access-list.md @@ -11,48 +11,17 @@ For each TiDB Dedicated cluster in TiDB Cloud, you can configure an IP access li > > Configuring the IP access list is only available for [TiDB Dedicated](/tidb-cloud/select-cluster-tier.md#tidb-dedicated) clusters. -For a TiDB Dedicated cluster, you can configure its IP access list in either of the following ways: +## Configure an IP access list in Networking page -- [Configure an IP access list in standard connection](#configure-an-ip-access-list-in-standard-connection) +To configure an IP access list for your TiDB Dedicated cluster in networking page, take the following steps: -- [Configure an IP access list in security settings](#configure-an-ip-access-list-in-security-settings) +1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. +2. Go to **Network** in the left navigation pane, click **Add IP Address**. +3. In the dialog, choose one of the following options. -## Configure an IP access list in standard connection + - **Allow access from anywhere** : All IP addresses are allowed to access TiDB Cloud. This would expose your cluster to the internet completely, which is highly risky. + - **Use IP addresses**: Recommand, you can add a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client. -To configure an IP access list for your TiDB Dedicated cluster in standard connection, take the following steps: +3. Add IP addresses or CIDR range with an optional description. You can add up to 100 addresses. -1. In the [TiDB Cloud console](https://tidbcloud.com/), navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. -2. In the row of your TiDB Dedicated cluster, click **...** and select **Connect**. A dialog is displayed. -3. In the dialog, locate **Step 1: Create traffic filter** on the **Standard Connection** tab and configure the IP access list. - - - If the IP access list of your cluster has not been set, you can click **Add My Current IP Address** to add your current IP address to the IP access list, and then click **Add Item** to add more IP addresses if necessary. Next, click **Update Filter** to save the configuration. - - > **Note:** - > - > For each TiDB Dedicated cluster, you can add up to 100 IP addresses to the IP access list. To apply for a quota to add more IP addresses, contact [TiDB Cloud Support](/tidb-cloud/tidb-cloud-support.md). - - - If the IP access list of your cluster has been set, click **Edit** to add, edit, or remove IP addresses, and then click **Update Filter** to save the configuration. - - - To allow any IP address to access your cluster (not recommended), click **Allow Access From Anywhere**, and then click **Update Filter**. According to security best practices, it is NOT recommended that you allow any IP address to access your cluster, as this would expose your cluster to the internet completely, which is highly risky. - -## Configure an IP access list in security settings - -To configure an IP access list for your TiDB Dedicated cluster in security settings, take the following steps: - -1. In the [TiDB Cloud console](https://tidbcloud.com/), navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. -2. In the row of your TiDB Dedicated cluster, click **...** and select **Security Settings**. A security setting dialog is displayed. -3. In the dialog, configure the IP access list as follows: - - - To add your current IP address to the IP access list, click **Add My Current IP Address**. - - - To add an IP address to the IP access list, enter the IP address and description, and click **Add to IP List**. - - > **Note:** - > - > For each TiDB Dedicated cluster, you can add up to 100 IP addresses to the IP access list. To apply for a quota to add more IP addresses, contact [TiDB Cloud Support](/tidb-cloud/tidb-cloud-support.md). - - - To allow any IP address to access your cluster (not recommended), click **Allow Access From Anywhere**. According to security best practices, it is NOT recommended that you allow any IP address to access your cluster, as this would expose your cluster to the internet completely, which is highly risky. - - - To remove an IP address from the access list, click **Remove** in the line of the IP address. - -4. Click **Apply** to save the configuration. \ No newline at end of file +4. Click **Confirm** to confirm the changes. \ No newline at end of file diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md index c00709e54a460..014d97c86c978 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md @@ -45,7 +45,7 @@ In most scenarios, it is recommended that you use private endpoint connection ov To connect to your TiDB Dedicated cluster via a private endpoint, complete the [prerequisites](#prerequisites) and follow these steps: -1. [Select a TiDB cluster](#step-1-select-a-tidb-cluster) +1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create a Google Cloud private endpoint](#step-2-create-a-google-cloud-private-endpoint) 3. [Accept endpoint access](#step-3-accept-endpoint-access) 4. [Connect to your TiDB cluster](#step-4-connect-to-your-tidb-cluster) @@ -70,24 +70,22 @@ Before you begin to create an endpoint: - [Compute Network Admin](https://cloud.google.com/iam/docs/understanding-roles#compute.networkAdmin) (roles/compute.networkAdmin) - [Service Directory Editor](https://cloud.google.com/iam/docs/understanding-roles#servicedirectory.editor) (roles/servicedirectory.editor) -Perform the following steps to go to the **Google Cloud Private Endpoint** page: - -1. Log in to the [TiDB Cloud console](https://tidbcloud.com). -2. Click in the lower-left corner, switch to the target project if you have multiple projects, and then click **Project Settings**. -3. On the **Project Settings** page of your project, click **Network Access** in the left navigation pane, and click the **Private Endpoint** > **Google Cloud** tab to view the Google Cloud private endpoints. -4. In the upper-right corner, click **Create Private Endpoint Connection**. - -### Step 1. Select a TiDB cluster - -In the **Cluster** list, select the TiDB Dedicated cluster that you want to establish a private endpoint connection. - -You can select a cluster with any of the following statuses: +### Step 1. Choose a TiDB cluster +1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. You can choose a cluster with any of the following statuses: - **Available** - **Restoring** - **Modifying** - **Importing** +2. Click **Connect** in the upper-right corner. A connection dialog is displayed. + +3. In the **Connection Type** drop-down list, select **Private Endpoint**, click **Create Private Endpoint Connection**. + +> **Note:** +> +> If you already created a private endpoint connection, the active endpoint will show on connection dialog. You need to go to **Network** in the left navigation pane to create other private endpiont connections. + ### Step 2. Create a Google Cloud private endpoint 1. Provide the following information to generate the command for private endpoint creation: @@ -107,11 +105,11 @@ If you see an error `not received connection request from endpoint`, make sure t ### Step 4. Connect to your TiDB cluster -After you have accepted the endpoint connection, take the following steps to connect to your TiDB cluster: +After you have accepted the private endpoint connection, you are guided back to the connection window. + +1. You can see the endpoint info if the connection is **active**. If the connection is in **System Checking** status, wait for about 5 minutes before it changes to **Active**. -1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click **...** in the **Action** column. -2. Click **Connect**. A connection dialog is displayed. -3. Select the **Private Endpoint** tab. The private endpoint you just created is displayed. Copy the command to connect to the TiDB cluster. +2. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. ### Private endpoint status reference diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index 3f03450ec5a60..b98fd5bbdd3c5 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -36,11 +36,11 @@ In most scenarios, you are recommended to use private endpoint connection over V - You are using a TiCDC cluster to replicate data to a downstream cluster (such as Amazon Aurora, MySQL, and Kafka) but you cannot maintain the endpoint service on your own. - You are connecting to PD or TiKV nodes directly. -## Set up a private endpoint with AWS +## Set up private endpoint connection and connect to your cluster -To connect to your TiDB Dedicated cluster via a private endpoint, complete the [prerequisites](#prerequisites) and follow these steps: +To connect to your TiDB Dedicated cluster via a private endpoint, complete the follow these steps: -1. [Select a TiDB cluster](#step-1-select-a-tidb-cluster) +1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) 3. [Fill in your endpoint ID](#step-3-fill-in-your-endpoint-id) 4. [Enable private DNS and create connection](#step-4-enable-private-dns-and-create-connection) @@ -48,16 +48,15 @@ To connect to your TiDB Dedicated cluster via a private endpoint, complete the [ If you have multiple clusters, you need to repeat these steps for each cluster that you want to connect to using AWS PrivateLink. -### Prerequisites +### Step 1. Choose a TiDB cluster -1. Log in to the [TiDB Cloud console](https://tidbcloud.com). -2. Click in the lower-left corner, switch to the target project if you have multiple projects, and then click **Project Settings**. -3. On the **Project Settings** page of your project, click **Network Access** in the left navigation pane, and click the **Private Endpoint** > **AWS** tab to view the AWS private endpoints. -4. In the upper-right corner, click **Create Private Endpoint Connection**. +1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. +2. Click **Connect** in the upper-right corner. A connection dialog is displayed. +3. In the **Connection Type** drop-down list, select **Private Endpoint**, click **Create Private Endpoint Connection**. -### Step 1. Select a TiDB cluster - -In the **Cluster** list, select the TiDB Dedicated cluster that you want to establish a private endpoint connection. +> **Note:** +> +> If you already created a private endpoint connection, the active endpoint will show on connection dialog. You need to go to **Network** in the left navigation pane to create other private endpiont connections. ### Step 2. Create an AWS interface endpoint @@ -67,7 +66,7 @@ In the **Cluster** list, select the TiDB Dedicated cluster that you want to esta If you see the `TiDB Private Link Service is ready` message, the corresponding endpoint service is ready. You can provide the following information to create the endpoint. -1. On the **Create AWS Private Endpoint Connection** page, fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can get the IDs from your [AWS Management Console](https://console.aws.amazon.com/). +1. Fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can get the IDs from your [AWS Management Console](https://console.aws.amazon.com/). 2. Click **Generate Command** to get the following endpoint creation command. ```bash @@ -160,17 +159,23 @@ Click **Create Private Endpoint Connection** in the TiDB Cloud console to finali Then you can connect to your TiDB cluster. +> **Tip:** +> +> You can view and manage the private endpoint connections from the following 2 pages. +> - Cluster level **Networking** pages: **Networking** in the left navigation pane of cluster page. +> - Project level **Networking** pages: **Network Access** in the left navigation pane of project setting page. + ### Step 5. Connect to your TiDB cluster -After you have enabled the private DNS, go back to the TiDB Cloud console and take the following steps: +After you have created the private endpoint connection, you are guided back to the connection window. -1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click **...** in the **Action** column. -2. Click **Connect**. A connection dialog is displayed. -3. Select the **Private Endpoint** tab. The private endpoint you just created is displayed under **Step 1: Create Private Endpoint**. -4. Under **Step 2: Connect your connection**, click **Connect**, click the tab of your preferred connection method, and then connect to your cluster with the connection string. The placeholders `:` in the connection string are automatically replaced with the real values. +1. You can see the endpoint info if the connection is **active**. If the connection is in **System Checking** status, wait for about 5 minutes before it changes to **Active**. +2. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. > **Tip:** > +> Ensure to enabled the private DNS before connecting to your TiDB Cluster. You can go to **Network** in the left navigation pane, find private endpoint list ivew and click **...** > **Enable DNS** in the **Action** column to view the command and follow [Step 4. Enable private DNS and create connection](#step-4-enable-private-dns-and-create-connection) to enable private DNS. +> > If you cannot connect to the cluster, the reason might be that the security group of your VPC endpoint in AWS is not properly set. See [this FAQ](#troubleshooting) for solutions. ### Private endpoint status reference diff --git a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md index 93eebf02a3cb4..a591bcda4302b 100644 --- a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md +++ b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md @@ -26,21 +26,18 @@ In the [TiDB Cloud console](https://tidbcloud.com/), you can get examples of dif 2. Click **Connect** in the upper-right corner. A dialog is displayed. -3. On the **Standard Connection** tab of this dialog, follow the three steps to set up the TLS connection. - - Step 1:Create traffic filter - - Step 2:Download CA cert - - Step 3:Connect with an SQL client +3. In the **Connection Type** drop-down list, select **Public** -4. Under **Step 1: Create traffic filter** in the dialog, configure the IP addresses that are allowed to access your cluster. For more information, see [Configure an IP access list in standard connection](/tidb-cloud/configure-ip-access-list.md#configure-an-ip-access-list-in-standard-connection). + If you have not configured IP access list, you need to click **Configure IP Access List** to configure it before first connection. For more information, see [Configure an IP access list in standard connection](/tidb-cloud/configure-ip-access-list.md#configure-an-ip-access-list-in-standard-connection). -5. Under **Step 2: Download CA cert**, click **Download CA cert** to download it locally for client TLS configuration. The CA cert ensures that the TLS connection is secure and reliable. +4. Click **CA cert** to download CA cert for TLS connection to TiDB clusters. The CA cert supports TLS 1.2 version by default. > **Note:** > > - You can store the downloaded CA cert in the default storage path of your operating system, or specify another storage path. You need to replace the CA cert path in the code example with your own CA cert path in the subsequent steps. > - TiDB Dedicated does not force clients to use TLS connections, and user-defined configuration of the [`require_secure_transport`](/system-variables.md#require_secure_transport-new-in-v610) variable is currently not supported on TiDB Dedicated. -6. Under **Step 3: Connect with an SQL client** in the dialog, click the tab of your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. +5. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. The following examples show the connection strings in MySQL, MyCLI, JDBC, Python, Go, and Node.js: From 33ece59b4bcb33edccd62422d3423c29a58ce33e Mon Sep 17 00:00:00 2001 From: qqqdan Date: Wed, 28 Aug 2024 23:08:40 +0800 Subject: [PATCH 04/15] Update connect-via-sql-shell.md --- tidb-cloud/connect-via-sql-shell.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tidb-cloud/connect-via-sql-shell.md b/tidb-cloud/connect-via-sql-shell.md index a6d3c26e1b6fe..928ec008262f7 100644 --- a/tidb-cloud/connect-via-sql-shell.md +++ b/tidb-cloud/connect-via-sql-shell.md @@ -13,14 +13,8 @@ In TiDB Cloud SQL Shell, you can try TiDB SQL, test out TiDB's compatibility wit To connect to your TiDB cluster using SQL shell, perform the following steps: -1. Log in to the [TiDB Cloud console](https://tidbcloud.com/) and navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. +1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. - > **Tip:** - > - > If you have multiple projects, you can click in the lower-left corner and switch to another project. +2. Go to **Network** in the left navigation pane, click **Open SQL Shell** on the upper-right corner . -2. Click the name of your target cluster to go to its cluster overview page, and then click **Connect** in the upper-right corner. A connection dialog is displayed. - -3. In the dialog, select the **Web SQL Shell** tab, and then click **Open SQL Shell**. - -4. On the prompted **Enter password** line, enter the root password of the current cluster. Then your application is connected to the TiDB cluster. \ No newline at end of file +3. On the prompted **Enter password** line, enter the root password of the current cluster. Then your application is connected to the TiDB cluster. \ No newline at end of file From da32f459f610b7158e87b845a0c1b3cf37ddbd96 Mon Sep 17 00:00:00 2001 From: qqqdan Date: Thu, 29 Aug 2024 23:24:32 +0800 Subject: [PATCH 05/15] Update set-up-private-endpoint-connections.md --- tidb-cloud/set-up-private-endpoint-connections.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index b98fd5bbdd3c5..fc9bff8fe4bcb 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -66,7 +66,8 @@ If you have multiple clusters, you need to repeat these steps for each cluster t If you see the `TiDB Private Link Service is ready` message, the corresponding endpoint service is ready. You can provide the following information to create the endpoint. -1. Fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can get the IDs from your [AWS Management Console](https://console.aws.amazon.com/). +1. Fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can get the IDs from your [AWS Management Console](https://console.aws.amazon.com/). If you have more than one subnets, multiple subnet IDs can be entered, separated by spaces. + 2. Click **Generate Command** to get the following endpoint creation command. ```bash From 3a100c92a164a1d8e42b00c346742c7564a626ed Mon Sep 17 00:00:00 2001 From: Aolin Date: Fri, 30 Aug 2024 16:10:10 +0800 Subject: [PATCH 06/15] group public connection, private endpoint, and VPC into the "direct connections" list, and add "SQL Shell" --- tidb-cloud/connect-to-tidb-cluster.md | 43 +++++++++++++-------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/tidb-cloud/connect-to-tidb-cluster.md b/tidb-cloud/connect-to-tidb-cluster.md index 2e941a233d710..614f83f3a962f 100644 --- a/tidb-cloud/connect-to-tidb-cluster.md +++ b/tidb-cloud/connect-to-tidb-cluster.md @@ -11,13 +11,30 @@ This document introduces the methods to connect to your TiDB Dedicated cluster. > > To learn how to connect to a TiDB Serverless cluster, see [Connect to Your TiDB Serverless Cluster](/tidb-cloud/connect-to-tidb-cluster-serverless.md). -After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to it via one of the following methods: +After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to it via one of the following methods: - Direct connections - Direct connections mean the MySQL native connection system over TCP. You can connect to your TiDB Dedicated cluster using any tool that supports MySQL connection, such as [MySQL client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html). + Direct connections use the MySQL native connection system over TCP. You can connect to your TiDB Dedicated cluster using any tool that supports MySQL connections, such as the [MySQL Command-Line Client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html). TiDB Cloud also provides [SQL Shell](/tidb-cloud/connect-via-sql-shell.md), which enables you to try TiDB SQL, test out TiDB's compatibility with MySQL quickly, and administer user privileges. -- [built-in SQL Editor](/tidb-cloud/explore-data-with-chat2query.md) + TiDB Dedicated provides three network connection types: + + - [Public connection](/tidb-cloud/connect-via-standard-connection.md) + + The public connection exposes a public endpoint with traffic filters, so you can connect to your TiDB cluster via a SQL client from your laptop. You can connect to your TiDB clusters using TLS, which ensures the security of data transmission from your applications to TiDB clusters. For more information, see [Connect to TiDB Dedicated via Public Connection](/tidb-cloud/connect-via-standard-connection.md). + + - Private endpoint (recommended) + + Private endpoint connection provides a private endpoint to allow SQL clients in your VPC to securely access TiDB Dedicated clusters. This uses the private link service provided by different cloud providers, which provides highly secure and one-way access to database services with simplified network management. + + - For TiDB Dedicated clusters hosted on AWS, the private endpoint connection uses AWS PrivateLink. For more information, see [Connect to a TiDB Dedicated Cluster via Private Endpoint with AWS](/tidb-cloud/set-up-private-endpoint-connections.md). + - For TiDB Dedicated clusters hosted on Google Cloud, the private endpoint connection uses Google Cloud Private Service Connect. For more information, see [Connect to a TiDB Dedicated Cluster via Google Cloud Private Service Connect](/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md). + + - [VPC peering](/tidb-cloud/set-up-vpc-peering-connections.md) + + If you want lower latency and more security, set up VPC peering and connect via a private endpoint using a VM instance on the corresponding cloud provider in your cloud account. For more information, see [Connect to TiDB Dedicated via VPC Peering](/tidb-cloud/set-up-vpc-peering-connections.md). + +- [Built-in SQL Editor](/tidb-cloud/explore-data-with-chat2query.md) > **Note:** > @@ -27,26 +44,6 @@ After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to i In SQL Editor, you can either write SQL queries manually or simply press + I on macOS (or Control + I on Windows or Linux) to instruct [Chat2Query (beta)](/tidb-cloud/tidb-cloud-glossary.md#chat2query) to generate SQL queries automatically. This enables you to run SQL queries against databases without a local SQL client. You can intuitively view the query results in tables or charts and easily check the query logs. -## Network for Direct Connections - -There are three network connection types for TiDB Dedicated: - -- [Public connection](/tidb-cloud/connect-via-standard-connection.md) - - The public connection exposes a public endpoint with traffic filters, so you can connect to your TiDB cluster via a SQL client from your laptop. You can connect to your TiDB clusters using TLS, which ensures the security of data transmission from your applications to TiDB clusters. - -- Private endpoint (recommended) - - Private endpoint connection provides a private endpoint to allow SQL clients in your VPC to securely access TiDB Dedicated Clusters over the Private Link Service provided by different Cloud providers, which provides highly secure and one-way access to database services with simplified network management - - - For TiDB Dedicated Clusters on AWS, the private endpoint connection is powered by AWS PrivateLink. To learn how to create private endpoint connection,see [Connect to a TiDB Dedicated Cluster via Private Endpoint with AWS](/tidb-cloud/set-up-private-endpoint-connections.md) - - For TiDB Dedicated Clusters on Google Cloud, the private endpoint connection is powered by Google Cloud Private Service Connect. To learn how to create private endpoint connection,see [Connect to a TiDB Dedicated Cluster via Google Cloud Private Service Connect](/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md) - -- [VPC peering](/tidb-cloud/set-up-vpc-peering-connections.md) - - If you want lower latency and more security, set up VPC peering and connect via a private endpoint using a VM instance on the corresponding cloud provider in your cloud account. - - ## What's next After you have successfully connected to your TiDB cluster, you can [explore SQL statements with TiDB](/basic-sql-operations.md). From 0ebf8426c76618a0d2af1852f53202eb3bfa2602 Mon Sep 17 00:00:00 2001 From: Aolin Date: Fri, 30 Aug 2024 17:13:01 +0800 Subject: [PATCH 07/15] update Networking page and connection page description --- tidb-cloud/configure-ip-access-list.md | 19 +++---- tidb-cloud/connect-via-sql-shell.md | 10 ++-- tidb-cloud/connect-via-standard-connection.md | 23 +++----- ...te-endpoint-connections-on-google-cloud.md | 27 +++++----- .../set-up-private-endpoint-connections.md | 29 +++++----- tidb-cloud/set-up-vpc-peering-connections.md | 54 ++++++++++--------- .../tidb-cloud-tls-connect-to-dedicated.md | 4 +- 7 files changed, 80 insertions(+), 86 deletions(-) diff --git a/tidb-cloud/configure-ip-access-list.md b/tidb-cloud/configure-ip-access-list.md index 979a206de9287..c0f28114934cb 100644 --- a/tidb-cloud/configure-ip-access-list.md +++ b/tidb-cloud/configure-ip-access-list.md @@ -11,17 +11,14 @@ For each TiDB Dedicated cluster in TiDB Cloud, you can configure an IP access li > > Configuring the IP access list is only available for [TiDB Dedicated](/tidb-cloud/select-cluster-tier.md#tidb-dedicated) clusters. -## Configure an IP access list in Networking page +To configure an IP access list, take the following steps in the [TiDB Cloud console](https://tidbcloud.com/console/clusters): -To configure an IP access list for your TiDB Dedicated cluster in networking page, take the following steps: +1. Navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page, and then click the name of your target cluster to go to its overview page. +2. In the left navigation pane, click **Networking**, and then click **Add IP Address**. +3. In the dialog, choose one of the following options: -1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. -2. Go to **Network** in the left navigation pane, click **Add IP Address**. -3. In the dialog, choose one of the following options. + - **Allow access from anywhere**: allows all IP addresses to access TiDB Cloud. This option exposes your cluster to the internet completely and is highly risky. + - **Use IP addresses** (recommended): you can add a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client. - - **Allow access from anywhere** : All IP addresses are allowed to access TiDB Cloud. This would expose your cluster to the internet completely, which is highly risky. - - **Use IP addresses**: Recommand, you can add a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client. - -3. Add IP addresses or CIDR range with an optional description. You can add up to 100 addresses. - -4. Click **Confirm** to confirm the changes. \ No newline at end of file +4. If you choose **Use IP addresses**, add IP addresses or CIDR range with an optional description. For each TiDB Dedicated cluster, you can add up to 100 IP addresses. +5. Click **Confirm** to save your changes. diff --git a/tidb-cloud/connect-via-sql-shell.md b/tidb-cloud/connect-via-sql-shell.md index 928ec008262f7..83c8497a4a6af 100644 --- a/tidb-cloud/connect-via-sql-shell.md +++ b/tidb-cloud/connect-via-sql-shell.md @@ -13,8 +13,12 @@ In TiDB Cloud SQL Shell, you can try TiDB SQL, test out TiDB's compatibility wit To connect to your TiDB cluster using SQL shell, perform the following steps: -1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. +1. Log in to the [TiDB Cloud console](https://tidbcloud.com/) and navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project. -2. Go to **Network** in the left navigation pane, click **Open SQL Shell** on the upper-right corner . + > **Tip:** + > + > If you have multiple projects, you can click in the lower-left corner and switch to another project. -3. On the prompted **Enter password** line, enter the root password of the current cluster. Then your application is connected to the TiDB cluster. \ No newline at end of file +2. Click the name of your target cluster to go to its cluster overview page, and then click **Networking** in the left navigation pane. +3. On the **Networking** page, click **Web SQL Shell** in the upper-right corner. +4. On the prompted **Enter password** line, enter the root password of the current cluster. Then your application is connected to the TiDB cluster. \ No newline at end of file diff --git a/tidb-cloud/connect-via-standard-connection.md b/tidb-cloud/connect-via-standard-connection.md index 4e12e68ef8eae..26ab2961416c6 100644 --- a/tidb-cloud/connect-via-standard-connection.md +++ b/tidb-cloud/connect-via-standard-connection.md @@ -1,6 +1,6 @@ --- -title: Connect to TiDB Dedicated via Standard Connection -summary: Learn how to connect to your TiDB Cloud cluster via standard connection. +title: Connect to TiDB Dedicated via Public Connection +summary: Learn how to connect to your TiDB Cloud cluster via public connection. --- # Connect to TiDB Dedicated via Public Connection @@ -13,20 +13,9 @@ This document describes how to connect to your TiDB Dedicated cluster via public ## Prerequisite: Configure IP access list -For public connection, TiDB Cloud only allows client connections from addresses in the IP access list. If you have not configured IP access list, take the following sub-steps to configure it before first connection. +For public connections, TiDB Dedicated only allows client connections from addresses in the IP access list. If you have not configured the IP access list, follow the steps in [Configure an IP Access List](/tidb-cloud/configure-ip-access-list.md) to configure it before your first connection. -1. Navigate to the Networking page of a TiDB Dedicated cluster.. - -2. Click **Add IP Address**, choose one of the following options. - - - **Allow access from anywhere** : All IP addresses are allowed to access TiDB Cloud. This would expose your cluster to the internet completely, which is highly risky. - - **Use IP addresses**: Recommand, you can add a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client. - -3. Add IP addresses or CIDR range with an optional description. You can add up to 100 addresses. - -4. Click **Confirm** to confirm the changes. - -## Connect to the cluster: +## Connect to the cluster To connect to a TiDB Dedicated cluster via public connection, take the following steps: @@ -42,7 +31,9 @@ To connect to a TiDB Dedicated cluster via public connection, take the following 2. Click **Connect** in the upper-right corner. A connection dialog is displayed. -3. Select `Public` in **Connection Type**. If you have not configured IP access list, you need to click **Configure IP Access List** to configure it before first connection. +3. In the connection dialog, select **Public** from the **Connection Type** drop-down list. + + If you have not configured the IP access list, click **Configure IP Access List** or follow the steps in [Configure an IP Access List](/tidb-cloud/configure-ip-access-list.md) to configure it before your first connection. 4. Click **CA cert** to download CA cert for TLS connection to TiDB clusters. The CA cert supports TLS 1.2 version by default. diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md index 014d97c86c978..e515ec5e46ce7 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md @@ -45,7 +45,7 @@ In most scenarios, it is recommended that you use private endpoint connection ov To connect to your TiDB Dedicated cluster via a private endpoint, complete the [prerequisites](#prerequisites) and follow these steps: -1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) +1. [Select a TiDB cluster](#step-1-select-a-tidb-cluster) 2. [Create a Google Cloud private endpoint](#step-2-create-a-google-cloud-private-endpoint) 3. [Accept endpoint access](#step-3-accept-endpoint-access) 4. [Connect to your TiDB cluster](#step-4-connect-to-your-tidb-cluster) @@ -70,21 +70,22 @@ Before you begin to create an endpoint: - [Compute Network Admin](https://cloud.google.com/iam/docs/understanding-roles#compute.networkAdmin) (roles/compute.networkAdmin) - [Service Directory Editor](https://cloud.google.com/iam/docs/understanding-roles#servicedirectory.editor) (roles/servicedirectory.editor) -### Step 1. Choose a TiDB cluster +### Step 1. Select a TiDB cluster -1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. You can choose a cluster with any of the following statuses: -- **Available** -- **Restoring** -- **Modifying** -- **Importing** +1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. You can select a cluster with any of the following statuses: + + - **Available** + - **Restoring** + - **Modifying** + - **Importing** 2. Click **Connect** in the upper-right corner. A connection dialog is displayed. -3. In the **Connection Type** drop-down list, select **Private Endpoint**, click **Create Private Endpoint Connection**. +3. In the **Connection Type** drop-down list, select **Private Endpoint**, and then click **Create Private Endpoint Connection**. > **Note:** > -> If you already created a private endpoint connection, the active endpoint will show on connection dialog. You need to go to **Network** in the left navigation pane to create other private endpiont connections. +> If you have already created a private endpoint connection, the active endpoint will appear in the connection dialog. To create additional private endpoint connections, navigate to the **Networking** page in the left navigation pane. ### Step 2. Create a Google Cloud private endpoint @@ -105,11 +106,11 @@ If you see an error `not received connection request from endpoint`, make sure t ### Step 4. Connect to your TiDB cluster -After you have accepted the private endpoint connection, you are guided back to the connection window. - -1. You can see the endpoint info if the connection is **active**. If the connection is in **System Checking** status, wait for about 5 minutes before it changes to **Active**. +After you have accepted the private endpoint connection, you are redirected back to the connection dialog. -2. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. +1. Wait for the private endpoint connection status to change from **System Checking** to **Active** (approximately 5 minutes). +2. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog. +3. Connect to your cluster with the connection string. ### Private endpoint status reference diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index fc9bff8fe4bcb..7356fd650dc05 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -36,11 +36,11 @@ In most scenarios, you are recommended to use private endpoint connection over V - You are using a TiCDC cluster to replicate data to a downstream cluster (such as Amazon Aurora, MySQL, and Kafka) but you cannot maintain the endpoint service on your own. - You are connecting to PD or TiKV nodes directly. -## Set up private endpoint connection and connect to your cluster +## Set up a private endpoint connection and connect to your cluster To connect to your TiDB Dedicated cluster via a private endpoint, complete the follow these steps: -1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) +1. [Select a TiDB cluster](#step-1-select-a-tidb-cluster) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) 3. [Fill in your endpoint ID](#step-3-fill-in-your-endpoint-id) 4. [Enable private DNS and create connection](#step-4-enable-private-dns-and-create-connection) @@ -48,15 +48,15 @@ To connect to your TiDB Dedicated cluster via a private endpoint, complete the f If you have multiple clusters, you need to repeat these steps for each cluster that you want to connect to using AWS PrivateLink. -### Step 1. Choose a TiDB cluster +### Step 1. Select a TiDB cluster 1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target TiDB cluster to go to its overview page. 2. Click **Connect** in the upper-right corner. A connection dialog is displayed. -3. In the **Connection Type** drop-down list, select **Private Endpoint**, click **Create Private Endpoint Connection**. +3. In the **Connection Type** drop-down list, select **Private Endpoint**, and then click **Create Private Endpoint Connection**. > **Note:** > -> If you already created a private endpoint connection, the active endpoint will show on connection dialog. You need to go to **Network** in the left navigation pane to create other private endpiont connections. +> If you have already created a private endpoint connection, the active endpoint will appear in the connection dialog. To create additional private endpoint connections, navigate to the **Networking** page in the left navigation pane. ### Step 2. Create an AWS interface endpoint @@ -66,8 +66,7 @@ If you have multiple clusters, you need to repeat these steps for each cluster t If you see the `TiDB Private Link Service is ready` message, the corresponding endpoint service is ready. You can provide the following information to create the endpoint. -1. Fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can get the IDs from your [AWS Management Console](https://console.aws.amazon.com/). If you have more than one subnets, multiple subnet IDs can be entered, separated by spaces. - +1. Fill in the **Your VPC ID** and **Your Subnet IDs** fields. You can find these IDs from your [AWS Management Console](https://console.aws.amazon.com/). For multiple subnets, enter the IDs separated by spaces. 2. Click **Generate Command** to get the following endpoint creation command. ```bash @@ -162,21 +161,21 @@ Then you can connect to your TiDB cluster. > **Tip:** > -> You can view and manage the private endpoint connections from the following 2 pages. -> - Cluster level **Networking** pages: **Networking** in the left navigation pane of cluster page. -> - Project level **Networking** pages: **Network Access** in the left navigation pane of project setting page. +> You can view and manage private endpoint connections on two pages: +> +> - Cluster-level **Networking** page: click **Networking** in the left navigation pane of the cluster overview page. +> - Project-level **Network Access** page: click **Network Access** in the left navigation pane of the **Project Settings** page. ### Step 5. Connect to your TiDB cluster -After you have created the private endpoint connection, you are guided back to the connection window. +After you have accepted the private endpoint connection, you are redirected back to the connection dialog. -1. You can see the endpoint info if the connection is **active**. If the connection is in **System Checking** status, wait for about 5 minutes before it changes to **Active**. -2. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. +1. Wait for the private endpoint connection status to change from **System Checking** to **Active** (approximately 5 minutes). +2. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog. +3. Connect to your cluster with the connection string. > **Tip:** > -> Ensure to enabled the private DNS before connecting to your TiDB Cluster. You can go to **Network** in the left navigation pane, find private endpoint list ivew and click **...** > **Enable DNS** in the **Action** column to view the command and follow [Step 4. Enable private DNS and create connection](#step-4-enable-private-dns-and-create-connection) to enable private DNS. -> > If you cannot connect to the cluster, the reason might be that the security group of your VPC endpoint in AWS is not properly set. See [this FAQ](#troubleshooting) for solutions. ### Private endpoint status reference diff --git a/tidb-cloud/set-up-vpc-peering-connections.md b/tidb-cloud/set-up-vpc-peering-connections.md index 767c503c78c19..63922a1b58926 100644 --- a/tidb-cloud/set-up-vpc-peering-connections.md +++ b/tidb-cloud/set-up-vpc-peering-connections.md @@ -61,10 +61,10 @@ This section describes how to set up VPC peering connections on AWS. For Google ### Step 1. Add VPC peering requests -Use either of the following two options to add VPC peering requests from TiDB Cloud console: +You can add VPC peering requests on either the project-level **Network Access** page or the cluster-level **Networking** page in the TiDB Cloud console. -
+
1. Log in to the [TiDB Cloud console](https://tidbcloud.com). 2. Click in the lower-left corner, switch to the target project if you have multiple projects, and then click **Project Settings**. @@ -88,7 +88,7 @@ Use either of the following two options to add VPC peering requests from TiDB Cl 6. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **VPC Peering Details** page is displayed.
-
+
1. Open the overview page of the target cluster. @@ -100,9 +100,9 @@ Use either of the following two options to add VPC peering requests from TiDB Cl 2. Click the name of your target cluster to go to its overview page. -3. On the **Networing** page of your cluster, click **Create VPC Peering**. +2. In the left navigation pane, click **Networking**, and then click **Create VPC Peering**. -4. Fill in the required information of your existing AWS VPC: +3. Fill in the required information of your existing AWS VPC: - Your VPC Region - AWS Account ID @@ -113,16 +113,16 @@ Use either of the following two options to add VPC peering requests from TiDB Cl ![VPC peering](/media/tidb-cloud/vpc-peering/vpc-peering-creating-infos.png) -5. Click **Create** to send the VPC peering request, and then view the VPC peering information on the **VPC Peering** > **AWS** tab. The status of the newly created VPC peering is **System Checking**. +4. Click **Create** to send the VPC peering request, and then view the VPC peering information on the **Networking** > **AWS VPC Peering** section. The status of the newly created VPC peering is **System Checking**. -6. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **AWS VPC Peering Details** page is displayed. +5. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **AWS VPC Peering Details** page is displayed.
### Step 2. Approve and configure the VPC peering -Use either of the following two options to approve and configure the VPC peering connection: +You can approve and configure the VPC peering connection using AWS CLI or AWS dashboard.
@@ -251,10 +251,10 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t ### Step 1. Add VPC peering requests -Use either of the following two options to add VPC peering requests from TiDB Cloud console: +You can add VPC peering requests on either the project-level **Network Access** page or the cluster-level **Networking** page in the TiDB Cloud console. -
+
1. Log in to the [TiDB Cloud console](https://tidbcloud.com). 2. Click in the lower-left corner, switch to the target project if you have multiple projects, and then click **Project Settings**. @@ -277,7 +277,7 @@ Use either of the following two options to add VPC peering requests from TiDB Cl 6. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **VPC Peering Details** page is displayed.
-
+
1. Open the overview page of the target cluster. @@ -289,7 +289,9 @@ Use either of the following two options to add VPC peering requests from TiDB Cl 2. Click the name of your target cluster to go to its overview page. -3. On the **Networing** page of your cluster, click **Create VPC Peering**,and then fill in the required information of your existing Google Cloud VPC: +2. In the left navigation pane, click **Networking**, and then click **Create VPC Peering**. + +3. Fill in the required information of your existing Google Cloud VPC: > **Tip:** > @@ -299,26 +301,26 @@ Use either of the following two options to add VPC peering requests from TiDB Cl - VPC Network Name - VPC CIDR -4. Click **Create** to send the VPC peering request, and then view the VPC peering information on the **Google Cloud VPC Peering** part. The status of the newly created VPC peering is **System Checking**. +4. Click **Create** to send the VPC peering request, and then view the VPC peering information on the **Networking** > **Google Cloud VPC Peering** section. The status of the newly created VPC peering is **System Checking**. -5. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **VPC Peering Details** page is displayed. +5. To view detailed information about your newly created VPC peering, click **...** > **View** in the **Action** column. The **Google Cloud VPC Peering Details** page is displayed.
### Step 2. Approve the VPC peering -1. Execute the following command to finish the setup of VPC peerings: +Execute the following command to finish the setup of VPC peering: - {{< copyable "shell-regular" >}} +{{< copyable "shell-regular" >}} - ```bash - gcloud beta compute networks peerings create --project --network --peer-project --peer-network - ``` +```bash +gcloud beta compute networks peerings create --project --network --peer-project --peer-network +``` - > **Note:** - > - > You can name `` as you like. +> **Note:** +> +> You can name `` as you like. Now you have successfully set up the VPC peering connection. Next, [connect to the TiDB cluster via VPC peering](#connect-to-the-tidb-cluster). @@ -326,9 +328,9 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t 1. On the [**Clusters**](https://tidbcloud.com/console/clusters) page, click the name of your target cluster to go to its overview page. -2. Click **Connect** in the upper-right corner, and select `VPC Peering` in **Connection Type**. - - You can see the VPC information when the peering is **active**. If the peering status is still **system checking**, wait for about 5 minutes and open the dialog again. +2. Click **Connect** in the upper-right corner, and select **VPC Peering** from the **Connection Type** drop-down list. -3. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster. + Wait for the VPC peering connection status to change from **system checking** to **active** (approximately 5 minutes). +3. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog. +4. Connect to your cluster with the connection string. diff --git a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md index a591bcda4302b..bbb72434dab0f 100644 --- a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md +++ b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md @@ -26,9 +26,9 @@ In the [TiDB Cloud console](https://tidbcloud.com/), you can get examples of dif 2. Click **Connect** in the upper-right corner. A dialog is displayed. -3. In the **Connection Type** drop-down list, select **Public** +3. In the connection dialog, select **Public** from the **Connection Type** drop-down list. - If you have not configured IP access list, you need to click **Configure IP Access List** to configure it before first connection. For more information, see [Configure an IP access list in standard connection](/tidb-cloud/configure-ip-access-list.md#configure-an-ip-access-list-in-standard-connection). + If you have not configured the IP access list, click **Configure IP Access List** to configure it before first connection. For more information, see [Configure an IP access list](/tidb-cloud/configure-ip-access-list.md). 4. Click **CA cert** to download CA cert for TLS connection to TiDB clusters. The CA cert supports TLS 1.2 version by default. From ca48e1646f1ad5a293458e64edb5e9887712e2b5 Mon Sep 17 00:00:00 2001 From: Aolin Date: Fri, 30 Aug 2024 17:13:44 +0800 Subject: [PATCH 08/15] rename Standard Connection to Public Connection --- TOC-tidb-cloud.md | 2 +- tidb-cloud/connect-via-standard-connection-serverless.md | 2 +- tidb-cloud/import-with-mysql-cli.md | 2 +- tidb-cloud/migrate-from-mysql-using-data-migration.md | 2 +- tidb-cloud/migrate-from-op-tidb.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md index 06e700f46f808..1c4dfeb1c490b 100644 --- a/TOC-tidb-cloud.md +++ b/TOC-tidb-cloud.md @@ -133,7 +133,7 @@ - [Create a TiDB Dedicated Cluster](/tidb-cloud/create-tidb-cluster.md) - Connect to Your TiDB Dedicated Cluster - [Connection Method Overview](/tidb-cloud/connect-to-tidb-cluster.md) - - [Connect via Standard Connection](/tidb-cloud/connect-via-standard-connection.md) + - [Connect via Public Connection](/tidb-cloud/connect-via-standard-connection.md) - [Connect via Private Endpoint with AWS](/tidb-cloud/set-up-private-endpoint-connections.md) - [Connect via Private Endpoint (Private Service Connect) with Google Cloud](/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md) - [Connect via VPC Peering](/tidb-cloud/set-up-vpc-peering-connections.md) diff --git a/tidb-cloud/connect-via-standard-connection-serverless.md b/tidb-cloud/connect-via-standard-connection-serverless.md index d8cf180f10989..0d12a2661631c 100644 --- a/tidb-cloud/connect-via-standard-connection-serverless.md +++ b/tidb-cloud/connect-via-standard-connection-serverless.md @@ -11,7 +11,7 @@ This document describes how to connect to your TiDB Serverless cluster via a pub > **Tip:** > -> To learn how to connect to a TiDB Dedicated cluster via public endpoint, see [Connect to TiDB Dedicated via Standard Connection](/tidb-cloud/connect-via-standard-connection.md). +> To learn how to connect to a TiDB Dedicated cluster via public endpoint, see [Connect to TiDB Dedicated via Public Connection](/tidb-cloud/connect-via-standard-connection.md). To connect to a TiDB Serverless cluster via public endpoint, take the following steps: diff --git a/tidb-cloud/import-with-mysql-cli.md b/tidb-cloud/import-with-mysql-cli.md index 749efd0697c31..a7efc31313859 100644 --- a/tidb-cloud/import-with-mysql-cli.md +++ b/tidb-cloud/import-with-mysql-cli.md @@ -46,7 +46,7 @@ Connect to your TiDB cluster depending on the TiDB deployment option you have se 3. Click **Allow Access from Anywhere**. - For more details about how to obtain the connection string, see [Connect to TiDB Dedicated via Standard Connection](/tidb-cloud/connect-via-standard-connection.md). + For more details about how to obtain the connection string, see [Connect to TiDB Dedicated via Public Connection](/tidb-cloud/connect-via-standard-connection.md).
diff --git a/tidb-cloud/migrate-from-mysql-using-data-migration.md b/tidb-cloud/migrate-from-mysql-using-data-migration.md index aeab9ffdc9bcf..733bd4a377443 100644 --- a/tidb-cloud/migrate-from-mysql-using-data-migration.md +++ b/tidb-cloud/migrate-from-mysql-using-data-migration.md @@ -106,7 +106,7 @@ To quickly test a migration job, you can use the `root` account of the TiDB Clou Before creating a migration job, set up the network connection according to your connection methods. See [Connect to Your TiDB Dedicated Cluster](/tidb-cloud/connect-to-tidb-cluster.md). -- If you use public IP (this is, standard connection) for network connection, make sure that the upstream database can be connected through the public network. +- If you use public IP (this is, public connection) for network connection, make sure that the upstream database can be connected through the public network. - If you use AWS VPC Peering or Google Cloud VPC Network Peering, see the following instructions to configure the network. diff --git a/tidb-cloud/migrate-from-op-tidb.md b/tidb-cloud/migrate-from-op-tidb.md index f96f59668f203..51ad676e362a9 100644 --- a/tidb-cloud/migrate-from-op-tidb.md +++ b/tidb-cloud/migrate-from-op-tidb.md @@ -283,7 +283,7 @@ To replicate incremental data, do the following: ![Update Filter](/media/tidb-cloud/edit_traffic_filter_rules.png) -3. Get the connection information of the downstream TiDB Cloud cluster. In the [TiDB Cloud console](https://tidbcloud.com/console/clusters), go to **Overview** > **Connect** > **Standard Connection** > **Connect with a SQL Client**. From the connection information, you can get the host IP address and port of the cluster. For more information, see [Connect via standard connection](/tidb-cloud/connect-via-standard-connection.md). +3. Get the connection information of the downstream TiDB Cloud cluster. In the [TiDB Cloud console](https://tidbcloud.com/console/clusters), go to **Overview** > **Connect** > **Standard Connection** > **Connect with a SQL Client**. From the connection information, you can get the host IP address and port of the cluster. For more information, see [Connect via public connection](/tidb-cloud/connect-via-standard-connection.md). 4. Create and run the incremental replication task. In the upstream cluster, run the following: From 83c417ce0f1dd1adf282afe8c8920244027f34ee Mon Sep 17 00:00:00 2001 From: Aolin Date: Fri, 30 Aug 2024 17:14:09 +0800 Subject: [PATCH 09/15] update Step 3. Set the root password --- tidb-cloud/create-tidb-cluster.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tidb-cloud/create-tidb-cluster.md b/tidb-cloud/create-tidb-cluster.md index 20158d67e3ea6..8f87a4c1687df 100644 --- a/tidb-cloud/create-tidb-cluster.md +++ b/tidb-cloud/create-tidb-cluster.md @@ -78,13 +78,16 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea Your TiDB Cloud cluster will be created in approximately 20 to 30 minutes. -## Step 3. Set root password -After your cluster is created, take the following steps to configure the root password : +## Step 3. Set the root password + +After your cluster is created, take the following steps to set the root password: 1. In the upper-right corner of your cluster overview page, click **...** and select **Password Settings**. -2. Set the root password to connect to your cluster, and then click **Save**. Make sure to copy your password and save it in a secure location. +2. Set the root password to connect to your cluster, and then click **Save**. + + You can click **Auto-generate Password** to generate a random password. The generated password will not show again, so save your password in a secure location. ## What's next -After your cluster is created on TiDB Cloud, you can connect to it via the methods provided in [Connect to Your TiDB Dedicated Cluster](/tidb-cloud/connect-to-tidb-cluster). \ No newline at end of file +After your cluster is created on TiDB Cloud, you can connect to it via the methods provided in [Connect to Your TiDB Dedicated Cluster](/tidb-cloud/connect-to-tidb-cluster.md). \ No newline at end of file From 1d5aa9de62f829d45fecf305add1d874e82351e1 Mon Sep 17 00:00:00 2001 From: Aolin Date: Fri, 30 Aug 2024 18:05:22 +0800 Subject: [PATCH 10/15] update Private endpoint status reference --- tidb-cloud/set-up-private-endpoint-connections.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index 7356fd650dc05..acab384fc60b5 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -180,7 +180,10 @@ After you have accepted the private endpoint connection, you are redirected back ### Private endpoint status reference -When you use private endpoint connections, the statuses of private endpoints or private endpoint services are displayed on the [**Private Endpoint** page](#prerequisites). +When you use private endpoint connections, the statuses of private endpoints or private endpoint services are displayed on the following pages: + +- Cluster-level **Networking** page: click **Networking** in the left navigation pane of the cluster overview page. +- Project-level **Network Access** page: click **Network Access** in the left navigation pane of the **Project Settings** page. The possible statuses of a private endpoint are explained as follows: From 27c178d2f6620c00e1d495a4d7a8f2c4a5958779 Mon Sep 17 00:00:00 2001 From: Aolin Date: Mon, 2 Sep 2024 14:29:37 +0800 Subject: [PATCH 11/15] address comments: Migrate from TiDB Self-Hosted to TiDB Cloud and Enable DNS --- tidb-cloud/migrate-from-op-tidb.md | 6 ++---- tidb-cloud/set-up-private-endpoint-connections.md | 12 ++++++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/tidb-cloud/migrate-from-op-tidb.md b/tidb-cloud/migrate-from-op-tidb.md index 51ad676e362a9..f59458ee65de2 100644 --- a/tidb-cloud/migrate-from-op-tidb.md +++ b/tidb-cloud/migrate-from-op-tidb.md @@ -279,11 +279,9 @@ To replicate incremental data, do the following: ![Start Time in Metadata](/media/tidb-cloud/start_ts_in_metadata.png) -2. Grant TiCDC to connect to TiDB Cloud. In the [TiDB Cloud console](https://tidbcloud.com/console/clusters), locate the cluster, and then go to **Overview** > **Connect** > **Standard Connection** > **Create traffic filter**. Click **Edit** > **Add Item**. Fill in the public IP address of the TiCDC component in the **IP Address** field, and click **Update Filter** to save it. Now TiCDC can access TiDB Cloud. +2. Grant TiCDC to connect to TiDB Cloud. In the [TiDB Cloud console](https://tidbcloud.com/console/clusters), locate the cluster, and then go to the **Networking** page. Click **Add IP Address** > **Use IP addresses**. Fill in the public IP address of the TiCDC component in the **IP Address** field, and click **Confirm** to save it. Now TiCDC can access TiDB Cloud. For more information, see [Configure an IP Access List](/tidb-cloud/configure-ip-access-list.md). - ![Update Filter](/media/tidb-cloud/edit_traffic_filter_rules.png) - -3. Get the connection information of the downstream TiDB Cloud cluster. In the [TiDB Cloud console](https://tidbcloud.com/console/clusters), go to **Overview** > **Connect** > **Standard Connection** > **Connect with a SQL Client**. From the connection information, you can get the host IP address and port of the cluster. For more information, see [Connect via public connection](/tidb-cloud/connect-via-standard-connection.md). +3. Get the connection information of the downstream TiDB Cloud cluster. In the [TiDB Cloud console](https://tidbcloud.com/console/clusters), go to **Overview** > **Connect**. In the connection dialog, select **Public** from the **Connection Type** drop-down list and select **General** from the **Connect With** drop-down list. From the connection information, you can get the host IP address and port of the cluster. For more information, see [Connect via public connection](/tidb-cloud/connect-via-standard-connection.md). 4. Create and run the incremental replication task. In the upstream cluster, run the following: diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index acab384fc60b5..32de8f4b63e0b 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -146,11 +146,15 @@ To enable private DNS in your AWS Management Console:
-To enable private DNS using your AWS CLI, copy the command and run it in your AWS CLI. +To enable private DNS using your AWS CLI: -```bash -aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled -``` +1. In the [TiDB Cloud console](https://tidbcloud.com), go to the **Networking** page of your cluster. +2. On the **Networking** page, locate the private endpoint, and click **...*** > **Enable DNS** in the **Action** column. +3. Copy the command and run it in your AWS CLI. + + ```bash + aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled + ```
From cd5e882a255a17e792de816a0bebfd56b5f6f791 Mon Sep 17 00:00:00 2001 From: Aolin Date: Mon, 2 Sep 2024 14:44:33 +0800 Subject: [PATCH 12/15] remove Security Settings --- TOC-tidb-cloud.md | 2 +- tidb-cloud/_index.md | 2 +- tidb-cloud/backup-and-restore.md | 8 ++++---- tidb-cloud/configure-security-settings.md | 16 +++++++--------- .../tidb-cloud-tls-connect-to-dedicated.md | 2 +- 5 files changed, 14 insertions(+), 16 deletions(-) diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md index 1c4dfeb1c490b..1aa1d61be1c95 100644 --- a/TOC-tidb-cloud.md +++ b/TOC-tidb-cloud.md @@ -311,7 +311,7 @@ - Data Access Control - [Encryption at Rest Using Customer-Managed Encryption Keys](/tidb-cloud/tidb-cloud-encrypt-cmek.md) - Database Access Control - - [Configure Cluster Security Settings](/tidb-cloud/configure-security-settings.md) + - [Configure Cluster Password Settings](/tidb-cloud/configure-security-settings.md) - Audit Management - [Database Audit Logging](/tidb-cloud/tidb-cloud-auditing.md) - [Console Audit Logging](/tidb-cloud/tidb-cloud-console-auditing.md) diff --git a/tidb-cloud/_index.md b/tidb-cloud/_index.md index 9f8ec56ab846b..689593572eac3 100644 --- a/tidb-cloud/_index.md +++ b/tidb-cloud/_index.md @@ -114,7 +114,7 @@ summary: TiDB Cloud is a fully-managed Database-as-a-Service (DBaaS) that brings [Manage project access](https://docs.pingcap.com/tidbcloud/manage-user-access#manage-project-access) -[Configure Security Settings](https://docs.pingcap.com/tidbcloud/configure-security-settings) +[Configure Password Settings](https://docs.pingcap.com/tidbcloud/configure-security-settings) diff --git a/tidb-cloud/backup-and-restore.md b/tidb-cloud/backup-and-restore.md index 3984d1f0c9ca9..e842924ce9657 100644 --- a/tidb-cloud/backup-and-restore.md +++ b/tidb-cloud/backup-and-restore.md @@ -238,9 +238,9 @@ To restore your TiDB Dedicated cluster data from a backup to a new cluster, take 7. Click **Restore**. - The cluster restore process starts and the **Security Settings** dialog box is displayed. + The cluster restore process starts and the **Password Settings** dialog box is displayed. -8. In the **Security Settings** dialog box, set the root password and allowed IP addresses to connect to your cluster, and then click **Apply**. +8. In the **Password Settings** dialog box, set the root password to connect to your cluster, and then click **Save**. ### Restore a deleted cluster @@ -261,6 +261,6 @@ To restore a deleted cluster from recycle bin, take the following steps: 6. Click **Confirm**. - The cluster restore process starts and the **Security Settings** dialog box is displayed. + The cluster restore process starts and the **Password Settings** dialog box is displayed. -7. In the **Security Settings** dialog box, set the root password and allowed IP addresses to connect to your cluster, and then click **Apply**. +7. In the **Password Settings** dialog box, set the root password to connect to your cluster, and then click **Save**. diff --git a/tidb-cloud/configure-security-settings.md b/tidb-cloud/configure-security-settings.md index c45b5705bbd4d..4673e80bb9477 100644 --- a/tidb-cloud/configure-security-settings.md +++ b/tidb-cloud/configure-security-settings.md @@ -1,9 +1,9 @@ --- -title: Configure Cluster Security Settings -summary: Learn how to configure the root password and allowed IP addresses to connect to your cluster. +title: Configure Cluster Password Settings +summary: Learn how to configure the root password to connect to your cluster. --- -# Configure Cluster Security Settings +# Configure Cluster Password Settings For TiDB Dedicated clusters, you can configure the root password and allowed IP addresses to connect to your cluster. @@ -17,13 +17,11 @@ For TiDB Dedicated clusters, you can configure the root password and allowed IP > > If you have multiple projects, you can click in the lower-left corner and switch to another project. -2. In the row of your target cluster, click **...** and select **Security Settings**. -3. In the **Security Settings** dialog, configure the root password and allowed IP addresses. +2. In the row of your target cluster, click **...** and select **Password Settings**. +3. Set the root password to connect to your cluster, and then click **Save**. - To allow your cluster to be accessible by any IP addresses, click **Allow Access from Anywhere**. - -4. Click **Apply**. + You can click **Auto-generate Password** to generate a random password. The generated password will not show again, so save your password in a secure location. > **Tip:** > -> If you are viewing the overview page of your cluster, you can click the **...** in the upper-right corner of the page, select **Security Settings**, and configure these settings, too. +> If you are viewing the overview page of your cluster, you can click the **...** in the upper-right corner of the page, select **Password Settings**, and configure these settings, too. diff --git a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md index bbb72434dab0f..3b7796affd8ca 100644 --- a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md +++ b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md @@ -16,7 +16,7 @@ To ensure data security, TiDB cluster CA for your TiDB Dedicated cluster is host - Set a password to access your cluster in secure settings. - To do so, you can navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project, click **...** in the row of your TiDB Dedicated cluster, and then select **Security Settings**. In security settings, you can click **Generate** to automatically generate a root password with a length of 16 characters, including numbers, uppercase and lowercase characters, and special characters. + To do so, you can navigate to the [**Clusters**](https://tidbcloud.com/console/clusters) page of your project, click **...** in the row of your TiDB Dedicated cluster, and then select **Password Settings**. In password settings, you can click **Auto-generate Password** to automatically generate a root password with a length of 16 characters, including numbers, uppercase and lowercase characters, and special characters. ## Secure connection to a TiDB Dedicated cluster From 0732dd9b1f48a8ea0b53933490ae7639f7250d30 Mon Sep 17 00:00:00 2001 From: Aolin Date: Mon, 2 Sep 2024 15:02:55 +0800 Subject: [PATCH 13/15] update Enable DNS --- tidb-cloud/set-up-private-endpoint-connections.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections.md b/tidb-cloud/set-up-private-endpoint-connections.md index 32de8f4b63e0b..6bdeed6553566 100644 --- a/tidb-cloud/set-up-private-endpoint-connections.md +++ b/tidb-cloud/set-up-private-endpoint-connections.md @@ -146,15 +146,13 @@ To enable private DNS in your AWS Management Console:
-To enable private DNS using your AWS CLI: +To enable private DNS using your AWS CLI, copy the following `aws ec2 modify-vpc-endpoint` command from the **Create Private Endpoint Connection** page and run it in your AWS CLI. -1. In the [TiDB Cloud console](https://tidbcloud.com), go to the **Networking** page of your cluster. -2. On the **Networking** page, locate the private endpoint, and click **...*** > **Enable DNS** in the **Action** column. -3. Copy the command and run it in your AWS CLI. +```bash +aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled +``` - ```bash - aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${your_vpc_endpoint_id} --private-dns-enabled - ``` +Alternatively, you can find the command on the **Networking** page of your cluster. Locate the private endpoint and click **...*** > **Enable DNS** in the **Action** column.
From 6bcfb5cdeb7913ac3254a25c68bc886351eff5ca Mon Sep 17 00:00:00 2001 From: Lilian Lee Date: Mon, 2 Sep 2024 18:25:07 +0800 Subject: [PATCH 14/15] Update wording --- tidb-cloud/connect-to-tidb-cluster.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/connect-to-tidb-cluster.md b/tidb-cloud/connect-to-tidb-cluster.md index 614f83f3a962f..1cea6a79416b8 100644 --- a/tidb-cloud/connect-to-tidb-cluster.md +++ b/tidb-cloud/connect-to-tidb-cluster.md @@ -15,7 +15,7 @@ After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to i - Direct connections - Direct connections use the MySQL native connection system over TCP. You can connect to your TiDB Dedicated cluster using any tool that supports MySQL connections, such as the [MySQL Command-Line Client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html). TiDB Cloud also provides [SQL Shell](/tidb-cloud/connect-via-sql-shell.md), which enables you to try TiDB SQL, test out TiDB's compatibility with MySQL quickly, and administer user privileges. + Direct connections use the MySQL native connection system over TCP. You can connect to your TiDB Dedicated cluster using any tool that supports MySQL connections, such as the [MySQL Command-Line Client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html). TiDB Cloud also provides [SQL Shell](/tidb-cloud/connect-via-sql-shell.md), which enables you to try TiDB SQL, test out TiDB's compatibility with MySQL quickly, and manage user privileges. TiDB Dedicated provides three network connection types: From cc64bb25bafe37d33ae881ddb318bbcbb12bf05a Mon Sep 17 00:00:00 2001 From: lilin90 Date: Tue, 3 Sep 2024 14:54:16 +0800 Subject: [PATCH 15/15] Update and fix format in the related doc --- tidb-cloud/connect-to-tidb-cluster.md | 12 ++++++------ ...p-private-endpoint-connections-on-google-cloud.md | 6 +++--- tidb-cloud/set-up-vpc-peering-connections.md | 11 ++++------- tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md | 4 ++-- 4 files changed, 15 insertions(+), 18 deletions(-) diff --git a/tidb-cloud/connect-to-tidb-cluster.md b/tidb-cloud/connect-to-tidb-cluster.md index 1cea6a79416b8..b4b65fa6f1d20 100644 --- a/tidb-cloud/connect-to-tidb-cluster.md +++ b/tidb-cloud/connect-to-tidb-cluster.md @@ -18,20 +18,20 @@ After your TiDB Dedicated cluster is created on TiDB Cloud, you can connect to i Direct connections use the MySQL native connection system over TCP. You can connect to your TiDB Dedicated cluster using any tool that supports MySQL connections, such as the [MySQL Command-Line Client](https://dev.mysql.com/doc/refman/8.0/en/mysql.html). TiDB Cloud also provides [SQL Shell](/tidb-cloud/connect-via-sql-shell.md), which enables you to try TiDB SQL, test out TiDB's compatibility with MySQL quickly, and manage user privileges. TiDB Dedicated provides three network connection types: - + - [Public connection](/tidb-cloud/connect-via-standard-connection.md) The public connection exposes a public endpoint with traffic filters, so you can connect to your TiDB cluster via a SQL client from your laptop. You can connect to your TiDB clusters using TLS, which ensures the security of data transmission from your applications to TiDB clusters. For more information, see [Connect to TiDB Dedicated via Public Connection](/tidb-cloud/connect-via-standard-connection.md). - + - Private endpoint (recommended) - + Private endpoint connection provides a private endpoint to allow SQL clients in your VPC to securely access TiDB Dedicated clusters. This uses the private link service provided by different cloud providers, which provides highly secure and one-way access to database services with simplified network management. - + - For TiDB Dedicated clusters hosted on AWS, the private endpoint connection uses AWS PrivateLink. For more information, see [Connect to a TiDB Dedicated Cluster via Private Endpoint with AWS](/tidb-cloud/set-up-private-endpoint-connections.md). - For TiDB Dedicated clusters hosted on Google Cloud, the private endpoint connection uses Google Cloud Private Service Connect. For more information, see [Connect to a TiDB Dedicated Cluster via Google Cloud Private Service Connect](/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md). - + - [VPC peering](/tidb-cloud/set-up-vpc-peering-connections.md) - + If you want lower latency and more security, set up VPC peering and connect via a private endpoint using a VM instance on the corresponding cloud provider in your cloud account. For more information, see [Connect to TiDB Dedicated via VPC Peering](/tidb-cloud/set-up-vpc-peering-connections.md). - [Built-in SQL Editor](/tidb-cloud/explore-data-with-chat2query.md) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md index e515ec5e46ce7..1c544ce54215a 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-google-cloud.md @@ -83,9 +83,9 @@ Before you begin to create an endpoint: 3. In the **Connection Type** drop-down list, select **Private Endpoint**, and then click **Create Private Endpoint Connection**. -> **Note:** -> -> If you have already created a private endpoint connection, the active endpoint will appear in the connection dialog. To create additional private endpoint connections, navigate to the **Networking** page in the left navigation pane. + > **Note:** + > + > If you have already created a private endpoint connection, the active endpoint will appear in the connection dialog. To create additional private endpoint connections, navigate to the **Networking** page in the left navigation pane. ### Step 2. Create a Google Cloud private endpoint diff --git a/tidb-cloud/set-up-vpc-peering-connections.md b/tidb-cloud/set-up-vpc-peering-connections.md index 63922a1b58926..72d928a197798 100644 --- a/tidb-cloud/set-up-vpc-peering-connections.md +++ b/tidb-cloud/set-up-vpc-peering-connections.md @@ -36,20 +36,18 @@ You can set the CIDR when creating the first TiDB Dedicated cluster. If you want > **Note:** > - > - To avoid any conflicts with the CIDR of the VPC where your application is located, you need to set a different project CIDR in this field. + > - To avoid any conflicts with the CIDR of the VPC where your application is located, you need to set a different project CIDR in this field. > - For AWS Region, it is recommended to configure an IP range size between `/16` and `/23`. Supported network addresses include: - > - 10.250.0.0 - 10.251.255.255 + > - 10.250.0.0 - 10.251.255.255 > - 172.16.0.0 - 172.31.255.255 > - 192.168.0.0 - 192.168.255.255 - > - For Google Cloud Region, it is recommended to configure an IP range size between `/19` and `/20`. If you want to configure an IP range size between `/16` and `/18`, contact [TiDB Cloud Support](/tidb-cloud/tidb-cloud-support.md). Supported network addresses include: > - 10.250.0.0 - 10.251.255.255 > - 172.16.0.0 - 172.17.255.255 > - 172.30.0.0 - 172.31.255.255 - > - TiDB Cloud limits the number of TiDB Cloud nodes in a region of a project based on the CIDR block size of the region. -5. View the CIDR of the cloud provider and the specific region. +5. View the CIDR of the cloud provider and the specific region. The CIDR is inactive by default. To activate the CIDR, you need to create a cluster in the target region. When the region CIDR is active, you can create VPC Peering for the region. @@ -312,8 +310,6 @@ You can add VPC peering requests on either the project-level **Network Access** Execute the following command to finish the setup of VPC peering: -{{< copyable "shell-regular" >}} - ```bash gcloud beta compute networks peerings create --project --network --peer-project --peer-network ``` @@ -333,4 +329,5 @@ Now you have successfully set up the VPC peering connection. Next, [connect to t Wait for the VPC peering connection status to change from **system checking** to **active** (approximately 5 minutes). 3. In the **Connect With** drop-down list, select your preferred connection method. The corresponding connection string is displayed at the bottom of the dialog. + 4. Connect to your cluster with the connection string. diff --git a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md index 3b7796affd8ca..cf21808cb6b08 100644 --- a/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md +++ b/tidb-cloud/tidb-cloud-tls-connect-to-dedicated.md @@ -28,13 +28,13 @@ In the [TiDB Cloud console](https://tidbcloud.com/), you can get examples of dif 3. In the connection dialog, select **Public** from the **Connection Type** drop-down list. - If you have not configured the IP access list, click **Configure IP Access List** to configure it before first connection. For more information, see [Configure an IP access list](/tidb-cloud/configure-ip-access-list.md). + If you have not configured the IP access list, click **Configure IP Access List** to configure it before your first connection. For more information, see [Configure an IP access list](/tidb-cloud/configure-ip-access-list.md). 4. Click **CA cert** to download CA cert for TLS connection to TiDB clusters. The CA cert supports TLS 1.2 version by default. > **Note:** > - > - You can store the downloaded CA cert in the default storage path of your operating system, or specify another storage path. You need to replace the CA cert path in the code example with your own CA cert path in the subsequent steps. + > - You can store the downloaded CA cert in the default storage path of your operating system, or specify another storage path. You need to replace the CA cert path in the code example with your own CA cert path in the subsequent steps. > - TiDB Dedicated does not force clients to use TLS connections, and user-defined configuration of the [`require_secure_transport`](/system-variables.md#require_secure_transport-new-in-v610) variable is currently not supported on TiDB Dedicated. 5. Choose your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster.