From 6d273a543d9b4c6aa8ab33b9b94cb5863de3579e Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Wed, 1 Apr 2026 15:18:03 +0800 Subject: [PATCH 1/4] cloud: add private link firewall rules for clusters on AWS and Alibaba Cloud (#22650) --- ...e-endpoint-connections-on-alibaba-cloud.md | 24 +++++++++++++++++-- ...private-endpoint-connections-serverless.md | 24 +++++++++++++++++-- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md index 4af012f718bad..6c935ae4e5f98 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md +++ b/tidb-cloud/set-up-private-endpoint-connections-on-alibaba-cloud.md @@ -22,7 +22,8 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} cluster via a private 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create a private endpoint on Alibaba Cloud](#step-2-create-a-private-endpoint-on-alibaba-cloud) -3. [Connect to your TiDB cluster using the private endpoint](#step-3-connect-to-your-tidb-cluster-using-the-private-endpoint) +3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +4. [Connect to your TiDB cluster using the private endpoint](#step-4-connect-to-your-tidb-cluster-using-the-private-endpoint) ### Step 1. Choose a TiDB cluster @@ -50,7 +51,26 @@ To use the Alibaba Cloud Management Console to create a VPC interface endpoint, 8. Click **OK** to create the endpoint. 9. Wait for the endpoint status to become **Active** and the connection status to become **Connected**. -### Step 3: Connect to your TiDB cluster using the private endpoint +### Step 3. Authorize your private endpoint in TiDB Cloud + +After creating the interface endpoint on Alibaba Cloud, you must add it to your cluster's allowlist. + +1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. +2. Click **Settings** > **Networking** in the left navigation pane. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. +4. Click **Add Rule** to add a firewall rule. + + - **Endpoint Service Name**: paste the service name you got from [Step 1](#step-1-choose-a-tidb-cluster). + - **Firewall Rule Name**: enter a name to identify this connection. + - **Your Endpoint ID**: paste your 23-character endpoint ID from the Alibaba Cloud Management Console (starts with `ep-`). + + > **Tip:** + > + > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your Endpoint ID** field. + +5. Click **Submit**. + +### Step 4. Connect to your TiDB cluster using the private endpoint After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: diff --git a/tidb-cloud/set-up-private-endpoint-connections-serverless.md b/tidb-cloud/set-up-private-endpoint-connections-serverless.md index a55c18dd54508..0d343f07e0a9b 100644 --- a/tidb-cloud/set-up-private-endpoint-connections-serverless.md +++ b/tidb-cloud/set-up-private-endpoint-connections-serverless.md @@ -41,7 +41,8 @@ To connect to your {{{ .starter }}} or {{{ .essential }}} cluster via a private 1. [Choose a TiDB cluster](#step-1-choose-a-tidb-cluster) 2. [Create an AWS interface endpoint](#step-2-create-an-aws-interface-endpoint) -3. [Connect to your TiDB cluster](#step-3-connect-to-your-tidb-cluster) +3. [Authorize your private endpoint in TiDB Cloud](#step-3-authorize-your-private-endpoint-in-tidb-cloud) +4. [Connect to your TiDB cluster](#step-4-connect-to-your-tidb-cluster) ### Step 1. Choose a TiDB cluster @@ -102,7 +103,26 @@ aws ec2 create-vpc-endpoint --vpc-id ${your_vpc_id} --region ${region_id} --serv Then you can connect to the endpoint service with the private DNS name. -### Step 3: Connect to your TiDB cluster +### Step 3. Authorize your private endpoint in TiDB Cloud + +After creating the AWS interface endpoint, you must add it to your cluster's allowlist. + +1. On the [**Clusters**](https://tidbcloud.com/project/clusters) page, click the name of your target {{{ .starter }}} or {{{ .essential }}} cluster to go to its overview page. +2. Click **Settings** > **Networking** in the left navigation pane. +3. Scroll down to the **Private Endpoint** section and then locate the **Authorized Networks** table. +4. Click **Add Rule** to add a firewall rule. + + - **Endpoint Service Name**: paste the service name you got from [Step 1](#step-1-choose-a-tidb-cluster). + - **Firewall Rule Name**: enter a name to identify this connection. + - **Your VPC Endpoint ID**: paste your 22-character VPC Endpoint ID from the AWS Management Console (starts with `vpce-`). + + > **Tip:** + > + > To allow all Private Endpoint connections from your cloud region (for testing or open access), enter a single asterisk (`*`) in the **Your VPC Endpoint ID** field. + +5. Click **Submit**. + +### Step 4. Connect to your TiDB cluster After you have created the interface endpoint, go back to the TiDB Cloud console and take the following steps: From 896c0c103b718fb9a15ac8690ef09b25699272a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Thu, 26 Feb 2026 15:23:13 +0100 Subject: [PATCH 2/4] DM: MySQL 8.4 support is now available --- dm/dm-compatibility-catalog.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dm/dm-compatibility-catalog.md b/dm/dm-compatibility-catalog.md index c7a28d31ed256..4ffdd3395ce7b 100644 --- a/dm/dm-compatibility-catalog.md +++ b/dm/dm-compatibility-catalog.md @@ -20,8 +20,8 @@ DM supports migrating data from different sources to TiDB clusters. Based on the | MySQL 5.6 | GA | | | MySQL 5.7 | GA | | | MySQL 8.0 | GA | Does not support binlog transaction compression [Transaction_payload_event](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | -| MySQL 8.1 ~ 8.3 | Not tested | | -| MySQL 8.4 | Incompatible | For more information, see [DM Issue #11020](https://github.com/pingcap/tiflow/issues/11020). | +| MySQL 8.1 ~ 8.3 | Not tested | Does not support binlog transaction compression [Transaction_payload_event](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | +| MySQL 8.4 | Experimental, since 8.5.6 | Does not support binlog transaction compression [Transaction_payload_event](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | | MySQL 9.x | Not tested | | | MariaDB < 10.1.2 | Incompatible | Incompatible with binlog of the time type. | | MariaDB 10.1.2 ~ 10.5.10 | Experimental | | From 6dc85cf51166fefad930f52ec8e441c5e5828c64 Mon Sep 17 00:00:00 2001 From: Aolin Date: Tue, 17 Mar 2026 11:44:22 +0800 Subject: [PATCH 3/4] fix format --- dm/dm-compatibility-catalog.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dm/dm-compatibility-catalog.md b/dm/dm-compatibility-catalog.md index 4ffdd3395ce7b..204463523761d 100644 --- a/dm/dm-compatibility-catalog.md +++ b/dm/dm-compatibility-catalog.md @@ -19,9 +19,9 @@ DM supports migrating data from different sources to TiDB clusters. Based on the | MySQL ≤ 5.5 | Not tested | | | MySQL 5.6 | GA | | | MySQL 5.7 | GA | | -| MySQL 8.0 | GA | Does not support binlog transaction compression [Transaction_payload_event](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | -| MySQL 8.1 ~ 8.3 | Not tested | Does not support binlog transaction compression [Transaction_payload_event](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | -| MySQL 8.4 | Experimental, since 8.5.6 | Does not support binlog transaction compression [Transaction_payload_event](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | +| MySQL 8.0 | GA | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | +| MySQL 8.1 ~ 8.3 | Not tested | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | +| MySQL 8.4 | Experimental, supported starting from TiDB v8.5.6 | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.4/en/binary-log-transaction-compression.html). | | MySQL 9.x | Not tested | | | MariaDB < 10.1.2 | Incompatible | Incompatible with binlog of the time type. | | MariaDB 10.1.2 ~ 10.5.10 | Experimental | | From 9db8e52979d3eadba208f39077d7a3a831981868 Mon Sep 17 00:00:00 2001 From: Grace Cai Date: Mon, 30 Mar 2026 15:08:14 +0800 Subject: [PATCH 4/4] Rest LGTM --- dm/dm-compatibility-catalog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dm/dm-compatibility-catalog.md b/dm/dm-compatibility-catalog.md index 204463523761d..e0b90ec3dcc82 100644 --- a/dm/dm-compatibility-catalog.md +++ b/dm/dm-compatibility-catalog.md @@ -21,7 +21,7 @@ DM supports migrating data from different sources to TiDB clusters. Based on the | MySQL 5.7 | GA | | | MySQL 8.0 | GA | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | | MySQL 8.1 ~ 8.3 | Not tested | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.0/en/binary-log-transaction-compression.html). | -| MySQL 8.4 | Experimental, supported starting from TiDB v8.5.6 | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.4/en/binary-log-transaction-compression.html). | +| MySQL 8.4 | Experimental (supported starting from TiDB v8.5.6) | Does not support [binlog transaction compression (`Transaction_payload_event`)](https://dev.mysql.com/doc/refman/8.4/en/binary-log-transaction-compression.html). | | MySQL 9.x | Not tested | | | MariaDB < 10.1.2 | Incompatible | Incompatible with binlog of the time type. | | MariaDB 10.1.2 ~ 10.5.10 | Experimental | |