pingcap · ti-chi-bot · Jan 25, 2024 · Jan 24, 2024 · Jan 24, 2024 · Jan 24, 2024
diff --git a/en/configure-a-tidb-cluster.md b/en/configure-a-tidb-cluster.md
@@ -266,6 +266,8 @@ The deployment method is the same as that of PD. In addition, you need to modify
     config:
 ```
 
+When deploying TiProxy, you also need to configure additional parameters for TiDB. For detailed configuration steps, refer to [Deploy TiProxy Load Balancer for an Existing TiDB Cluster](deploy-tiproxy.md).
+
 #### Enable TiFlash
 
 If you want to enable TiFlash in the cluster, configure `spec.pd.config.replication.enable-placement-rules: true` and configure `spec.tiflash` in the `${cluster_name}/tidb-cluster.yaml` file as follows:

diff --git a/en/deploy-tiproxy.md b/en/deploy-tiproxy.md
@@ -39,14 +39,43 @@ If you need to deploy TiProxy for an existing TiDB cluster, follow these steps:
     ```yaml
     spec:
       tiproxy:
-        config:
-          config: |
-            [log]
-            level = "info"
+        config: |
+          [log]
+          level = "info"
     ```
 
     For more information about TiProxy configuration, see [TiProxy Configuration](https://docs.pingcap.com/tidb/v7.6/tiproxy-configuration).
 
+4. Configure the related parameters in `spec.tidb` of the TidbCluster CR. For example:
+
+    + It is recommended to configure `graceful-wait-before-shutdown` to a value greater than the maximum duration of the transactions in your application. This is used together with TiProxy's connection migration feature. For more information, see [TiProxy Limitations](https://docs.pingcap.com/tidb/v7.6/tiproxy-overview#limitations).
+
+        ```yaml
+          spec:
+            tidb:
+              config: |
+                graceful-wait-before-shutdown = 30
+       ```
+
+    + If [TLS is enabled for the cluster](enable-tls-between-components.md), skip this step. If TLS is not enabled for the cluster, you need to generate a self-signed certificate and manually configure [`session-token-signing-cert`](https://docs.pingcap.com/tidb/stable/tidb-configuration-file#session-token-signing-cert-new-in-v640) and [`session-token-signing-key`](https://docs.pingcap.com/tidb/stable/tidb-configuration-file#session-token-signing-key-new-in-v640) for TiDB:
+
+        ```yaml
+        spec:
+          tidb:
+            additionalVolumes:
+              - name: sessioncert
+                secret:
+                  secretName: sessioncert-secret
+            additionalVolumeMounts:
+              - name: sessioncert
+                mountPath: /var/session
+            config: |
+              session-token-signing-cert = "/var/session/tls.crt"
+              session-token-signing-key = "/var/session/tls.key"
+        ```
+
+        For more information, see [`session-token-signing-cert`](https://docs.pingcap.com/tidb/stable/tidb-configuration-file#session-token-signing-cert-new-in-v640).
+
 After TiProxy is started, you can find the corresponding `tiproxy-sql` load balancer service by running the following command.
 
 ``` shell

diff --git a/zh/configure-a-tidb-cluster.md b/zh/configure-a-tidb-cluster.md
@@ -262,6 +262,8 @@ spec:
     config:
 ```
 
+部署 TiProxy 时，还需要给 TiDB 配置额外参数，详细的配置步骤见[为已有 TiDB 集群部署负载均衡 TiProxy](deploy-tiproxy.md)。
+
 #### 部署 TiFlash
 
 如果要在集群中开启 TiFlash，需要在 `${cluster_name}/tidb-cluster.yaml` 文件中配置 `spec.pd.config.replication.enable-placement-rules: true`，并配置 `spec.tiflash`：

diff --git a/zh/deploy-tiproxy.md b/zh/deploy-tiproxy.md
@@ -39,14 +39,43 @@ summary: 了解如何在 Kubernetes 上为已有 TiDB 集群部署负载均衡 T
     ```yaml
     spec:
       tiproxy:
-        config:
-          config: |
-            [log]
-            level = "info"
+        config: |
+          [log]
+          level = "info"
     ```
 
     要获取更多可配置的 TiProxy 配置参数，请参考 [TiProxy 配置文档](https://docs.pingcap.com/zh/tidb/v7.6/tiproxy-configuration)。
 
+4. 配置 TidbCluster CR 中 `spec.tidb` 的相关参数：
+
+    + 推荐设置 TiDB `graceful-wait-before-shutdown` 的值大于应用程序中事务的最长的持续时间，配合 TiProxy 的连接迁移。详见 [TiProxy 使用限制](https://docs.pingcap.com/zh/tidb/v7.6/tiproxy-overview#使用限制)。
+
+       ```yaml
+       spec:
+         tidb:
+           config: |
+             graceful-wait-before-shutdown = 30
+       ```
+
+    + 如果开启了[集群 TLS](enable-tls-between-components.md)，则跳过这一步；如果没有开启集群 TLS，还需要生成自签名证书，并手动配置 TiDB 的 [`session-token-signing-cert`](https://docs.pingcap.com/zh/tidb/stable/tidb-configuration-file#session-token-signing-cert-从-v640-版本开始引入) 和 [`session-token-signing-key`](https://docs.pingcap.com/zh/tidb/stable/tidb-configuration-file#session-token-signing-key-从-v640-版本开始引入)：
+
+        ```yaml
+        spec:
+          tidb:
+            additionalVolumes:
+              - name: sessioncert
+                secret:
+                  secretName: sessioncert-secret
+            additionalVolumeMounts:
+              - name: sessioncert
+                mountPath: /var/session
+            config: |
+              session-token-signing-cert = "/var/session/tls.crt"
+              session-token-signing-key = "/var/session/tls.key"
+        ```
+
+       详见 [`session-token-signing-key`](https://docs.pingcap.com/zh/tidb/v7.6/tidb-configuration-file#session-token-signing-cert-从-v640-版本开始引入)。
+
 TiProxy 启动后，可通过以下命令找到对应的 `tiproxy-sql` 负载均衡服务。
 
 ``` shell
-Original file line number
+Diff line change
@@ Expand Up @@
         config:
     ```
+    When deploying TiProxy, you also need to configure additional parameters for TiDB. For detailed configuration steps, refer to [Deploy TiProxy Load Balancer for an Existing TiDB Cluster](deploy-tiproxy.md).
     #### Enable TiFlash
     If you want to enable TiFlash in the cluster, configure `spec.pd.config.replication.enable-placement-rules: true` and configure `spec.tiflash` in the `${cluster_name}/tidb-cluster.yaml` file as follows:
@@ Expand Down @@