-
Notifications
You must be signed in to change notification settings - Fork 468
/
Copy path05-settings-01-overview.yaml
130 lines (117 loc) · 5.23 KB
/
05-settings-01-overview.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
apiVersion: v1
kind: Secret
metadata:
name: clickhouse-credentials
type: Opaque
stringData:
password_plain: "password"
password_sha256_hex: "65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5"
password_double_sha1_hex: "c5bf7884d77d2294924d6dedcb60222f2730ff04"
disable_internal_dns_cache: "1"
quota: "test_quota"
example.xml: |
<yandex> <!-- just example --> </yandex>
---
apiVersion: "clickhouse.altinity.com/v1"
kind: "ClickHouseInstallation"
metadata:
name: "settings-01"
spec:
configuration:
users:
# User 'default' has plain 'password' specified, while user 'admin' has 'password_sha256_hex' specified
default/password: qwerty
# User 'test' has plain 'password' specified, while user 'admin' has 'password_sha256_hex' specified
test/password: qwerty
test/networks/ip:
- "127.0.0.1/32"
- "192.168.74.1/24"
test/profile: test_profile
# will pass via pod.spec.containers.env and render in XML with from_env attribute
# no regeneration if secret updated
test/quota:
valueFrom:
secretKeyRef:
name: clickhouse-credentials
key: quota
test/allow_databases/database:
- "dbname1"
- "dbname2"
- "dbname3"
# User 'admin' has 'password_sha256_hex' specified, thus plain password value is not published
admin/password_sha256_hex: 8bd66e4932b4968ec111da24d7e42d399a05cb90bf96f587c3fa191c56c401f8
admin/networks/ip: "127.0.0.1/32"
admin/profile: default
admin/quota: default
# User 'user_secret_ref_password_plain' has plain password specified as reference to the secret's field
# will pass via pod.spec.containers.env and render in XML with from_env attribute
# no regeneration if secret updated
user_secret_ref_password_plain/password:
valueFrom:
secretKeyRef:
name: clickhouse-credentials
key: password_plain
# User 'user_secret_ref_password_sha256_hex' has sha256 hex password specified as reference to the secret's field
# will pass via pod.spec.containers.env and render in XML with from_env attribute
# no regeneration if secret updated
user_secret_ref_password_sha256_hex/password_sha256_hex:
valueFrom:
secretKeyRef:
name: clickhouse-credentials
key: password_sha256_hex
# User 'user_secret_ref_password_double_sha1_hex' has double sha1 hex password specified as reference to the secret's field
# will pass via pod.spec.containers.env and render in XML with from_env attibute
# no regeneration if secret updated
user_secret_ref_password_double_sha1_hex/password_double_sha1_hex:
valueFrom:
secretKeyRef:
name: clickhouse-credentials
key: password_double_sha1_hex
# User 'readonly' has plain 'password' specified
readonly/password: readonly_password
readonly/profile: readonly
readonly/quota: default
# reference to namespace/secret/key in the secret with plain password, will render in XML as is from secret, no updates when secret updated
testpwduser1/k8s_secret_password: dev/clickhouse-credentials/password_plain
# reference to the same namespace as operator is running in secret/key format with hashed password, will render in XML as is from secret, no updates when secret updated
testpwduser2/k8s_secret_password_sha256_hex: clickhouse-credentials/password_sha256_hex
testpwduser3/k8s_secret_password_double_sha1_hex: clickhouse-credentials/password_double_sha1_hex
# reference to namespace/secret/key in the secret with plain password, will render in XML with from_env attribute
testenvpwduser1/k8s_secret_env_password: dev/clickhouse-credentials/password_plain
# reference to the same namespace as operator is running in/name/field in the secret with sha256 password, will render in XML with from_env attribute
testenvpwduser2/k8s_secret_env_password_sha256_hex: clickhouse-credentials/password_sha256_hex
testenvpwduser3/k8s_secret_env_password_double_sha1_hex: clickhouse-credentials/password_double_sha1_hex
profiles:
test_profile/max_memory_usage: 1000000000
test_profile/readonly: 1
readonly/readonly: 1
quotas:
test_quota/interval/duration: 3600
settings:
compression/case/method: zstd
# will pass in `pod.spec.evn`, and generate with from_env=XXX in XML, no updates when updates `secret`
disable_internal_dns_cache:
valueFrom:
secretKeyRef:
name: clickhouse-credentials
key: disable_internal_dns_cache
files:
# will mount as separate volume inside /etc/clickhouse-server/secrets.d/example/clickhouse-credentials/example.xml
# and will regenerate when secret updates, useful for SSL certificates
example:
valueFrom:
secretKeyRef:
name: clickhouse-credentials
key: example.xml
dict1.xml: |
<yandex>
<!-- ref to file /etc/clickhouse-data/config.d/source1.csv -->
</yandex>
source1.csv: |
a1,b1,c1,d1
a2,b2,c2,d2
clusters:
- name: "standard"
layout:
shardsCount: 1
replicasCount: 1