User Management
TOC
Feature Overview
Provides complete user lifecycle management, including creation, permission assignment, password modification, and deletion operations.
Procedure
-
Create User Password
kubectl -n ${namespace} create secret generic mgr-${instance_name}-${username}-password \
--from-literal=host="%" \
--from-literal=user=${username} \
--from-literal=password=${password}
INFO
${instance_name} is the desired MySQL-MGR instance name for the user to be created${namespace} is the namespace to which the instance belongs${username} is the desired username to be created${password} is the desired password to be set
-
Create User Management CR
kubectl apply -n ${namespace} -f - <<EOF
apiVersion: middleware.alauda.io/v1
kind: MysqlUser
metadata:
labels:
mgr/cluster: mgr
mysql/arch: mgr
name: ${name}
namespace: ${namespace}
spec:
host: '%'
mysql: ${instance_name}
privileges:
- grants:
- SELECT
- INSERT
- UPDATE
- DELETE
- CREATE
- DROP
- REFERENCES
- INDEX
- ALTER
- CREATE TEMPORARY TABLES
- LOCK TABLES
- CREATE VIEW
- SHOW VIEW
- CREATE ROUTINE
- ALTER ROUTINE
- EXECUTE
- EVENT
- TRIGGER
targets:
- ${database}.*
secretName: ${secret_name}
user: ${username}
EOF
INFO
${instance_name} is the desired MySQL-MGR instance name for the user to be created${namespace} is the namespace to which the instance belongs${username} is the desired username to be created${secret_name} is the secret name for carrying the password${database} is the desired database name for the user to be created
-
Log in to MySQL using the corresponding user
-
Check user permissions, example for user dev:
Result will show:
+----------------------------------------------+
| Grants for dev@% |
+----------------------------------------------+
| GRANT USAGE ON *.* TO `dev`@`%` |
| GRANT ALL PRIVILEGES ON `dev`.* TO `dev`@`%` |
+----------------------------------------------+
