PolarDB for MySQL provides a multi-tenant mode that allows multiple tenants to share computing and storage resources within a single cluster. This mode guarantees data and resource isolation between tenants. This isolation prevents resource contention and ensures operational stability.
How it works
Although the system tenant, regular tenant A, and regular tenant B each contain a database named DB_1 and a user named user_1, these are distinct entities that only share the same name.
Key concepts
Tenant: A tenant resides below the database cluster level and above the database and user level. Tenants are classified as either a system tenant or a regular tenant.
-
System tenant: The system tenant is designed to support existing users and databases for backward compatibility. Pre-existing databases and users in a cluster belong to the system tenant by default. A user from the system tenant can access the databases of all tenants, provided they have the necessary permissions.
-
Regular tenant: A regular tenant must be created under the system tenant. Databases and users are completely isolated between regular tenants. Regular tenants also cannot access databases that belong to the system tenant. For CPU resource scheduling, regular tenants are classified as an exclusive tenant or a shared tenant based on whether the value of
min_cpuis greater than 0.-
Exclusive tenant:
min_cpu> 0. The system guarantees that the CPU resources for this tenant will not fall below themin_cpuvalue at any time. -
Shared tenant: The
min_cpuvalue is 0.
You can convert between an exclusive tenant and a shared tenant by adjusting the value of the
min_cpuparameter. -
Resource configuration: A resource configuration defines the resources that a tenant can use, enabling resource isolation and scheduling among tenants. Currently, only CPU resources can be isolated and scheduled.
Prerequisites
To enable the multi-tenant mode, your cluster must meet the following requirements:
The database engine is MySQL 8.0.2 or later, the database edition is Enterprise Edition, the Edition is Cluster Edition, and all cluster nodes must have identical specifications.
The multi-tenant mode is currently in canary release. To enable this feature, contact technical support through the specified DingTalk group. After the feature is enabled, you must restart the target cluster for the changes to take effect.
DingTalk group number: 59535005981.
Limitations
-
Binlog synchronization for tenants is not supported.
-
Partial permission revocation is not supported.
Quick start
-
Enable standalone multi-tenant mode.
NoteThe multi-tenant mode is currently in canary release. To enable this feature, contact technical support through the specified DingTalk group. After the feature is enabled, you must restart the target cluster for the changes to take effect.
DingTalk group number: 59535005981.
-
Connect to the database using a privileged account.
-
Create resource configurations
r1andr2.CREATE resource_config r1 min_cpu 1 max_cpu 2; CREATE resource_config r2 min_cpu 1 max_cpu 4;Note-
Set the
min_cpuandmax_cpuvalues based on the node specifications of your cluster. -
The
min_cpuvalue for any tenant cannot exceed the number of cores on a cluster node minus one. You must reserve at least one core for the system tenant. Otherwise, binding the tenant to the resource configuration will fail during tenant creation.
-
-
Create tenants
tn1andtn2. When you create the tenants, you must bind them to the resource configurations that you created.CREATE tenant tn1 resource_config r1; CREATE tenant tn2 resource_config r2;NoteEnsure that the sum of the
min_cpuvalues from the resource configurations of all tenants does not exceed the number of cores on a cluster node minus one. -
Create users
u1andu2, and databasesdb1anddb2.-- Create user u1 in tenant tn1. CREATE USER 'u1@tn1' IDENTIFIED BY 'password'; -- Create database db1 in tenant tn1. CREATE DATABASE `db1@tn1`; -- Create user u2 in tenant tn2. CREATE USER 'u2@tn2' IDENTIFIED BY 'password'; -- Create database db2 in tenant tn2. CREATE DATABASE `db2@tn2`;NoteWhen using a privileged account to create a user or database, you must append the
@<tenant_name>suffix to the username or database name. -
Grant permissions to users
u1andu2.-- Grant permissions on tenant tn1 to user u1. GRANT ALL PRIVILEGES ON `%@tn1`.* TO 'u1@tn1'@'%' WITH GRANT OPTION; -- Grant permissions on tenant tn2 to user u2. GRANT ALL PRIVILEGES ON `%@tn2`.* TO 'u2@tn2'@'%' WITH GRANT OPTION; -
You can use the users
u1@tn1andu2@tn2to verify the data and resource isolation between tenants. -
(Optional) View the tenants, users, and databases that you created.
-
Tenants: Connect to the database using a privileged account and run the
SELECTstatement to view tenants. Example:SELECT * FROM mysql.tenants; -
Users: Go to the PolarDB console and open .
-
Users with an Username that does not have the
@suffix belong to the system tenant. -
Users with an Username that has the
@suffix belong to the corresponding regular tenant.
-
-
Databases: Go to the PolarDB console and open .
-
Databases with a Database Name that does not have the
@suffix belong to the system tenant. -
Databases with a Database Name that has the
@suffix belong to the corresponding regular tenant.
-
-