Skip to content

Commit

Permalink
env: manifests
Browse files Browse the repository at this point in the history
  • Loading branch information
@sunsingerus
sunsingerus committed Oct 3, 2024
1 parent 917e775 commit 4cf2cc0
Show file tree
Hide file tree
Showing 9 changed files with 304 additions and 88 deletions.
31 changes: 29 additions & 2 deletions ...erator/crds/CustomResourceDefinition-clickhouseinstallations.clickhouse.altinity.com.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,25 @@ spec:
description: "optional access credentials string with `user:password` format used when use digest authorization in Zookeeper"
users:
type: object
description: "allows configure <yandex><users>..</users></yandex> section in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/users.d/`\nyou can configure password hashed, authorization restrictions, database level security row filters etc.\nMore details: https://clickhouse.tech/docs/en/operations/settings/settings-users/\nYour yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationusers\n\nany key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets\nsecret value will pass in `pod.spec.containers.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/users.d/chop-generated-users.xml \nit not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle\n\nlook into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples\n\nany key with prefix `k8s_secret_` shall has value with format namespace/secret/key or secret/key \nin this case value from secret will write directly into XML tag during render *-usersd ConfigMap\n\nany key with prefix `k8s_secret_env` shall has value with format namespace/secret/key or secret/key \nin this case value from secret will write into environment variable and write to XML tag via from_env=XXX\n\nlook into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples\n"
description: |
allows configure <yandex><users>..</users></yandex> section in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/users.d/`
you can configure password hashed, authorization restrictions, database level security row filters etc.
More details: https://clickhouse.tech/docs/en/operations/settings/settings-users/
Your yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationusers
any key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets
secret value will pass in `pod.spec.containers.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/users.d/chop-generated-users.xml
it not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle
look into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples
any key with prefix `k8s_secret_` shall has value with format namespace/secret/key or secret/key
in this case value from secret will write directly into XML tag during render *-usersd ConfigMap
any key with prefix `k8s_secret_env` shall has value with format namespace/secret/key or secret/key
in this case value from secret will write into environment variable and write to XML tag via from_env=XXX
look into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples
# nullable: true
x-kubernetes-preserve-unknown-fields: true
profiles:
Expand All @@ -565,7 +583,16 @@ spec:
x-kubernetes-preserve-unknown-fields: true
settings: &TypeSettings
type: object
description: "allows configure `clickhouse-server` settings inside <yandex>...</yandex> tag in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/config.d/`\nMore details: https://clickhouse.tech/docs/en/operations/settings/settings/\nYour yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationsettings\n\nany key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets\nlook into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples\n\nsecret value will pass in `pod.spec.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/config.d/chop-generated-settings.xml \nit not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle\n"
description: |
allows configure `clickhouse-server` settings inside <yandex>...</yandex> tag in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/config.d/`
More details: https://clickhouse.tech/docs/en/operations/settings/settings/
Your yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationsettings
any key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets
look into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples
secret value will pass in `pod.spec.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/config.d/chop-generated-settings.xml
it not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle
# nullable: true
x-kubernetes-preserve-unknown-fields: true
files: &TypeFiles
Expand Down
31 changes: 29 additions & 2 deletions ...rds/CustomResourceDefinition-clickhouseinstallationtemplates.clickhouse.altinity.com.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,25 @@ spec:
description: "optional access credentials string with `user:password` format used when use digest authorization in Zookeeper"
users:
type: object
description: "allows configure <yandex><users>..</users></yandex> section in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/users.d/`\nyou can configure password hashed, authorization restrictions, database level security row filters etc.\nMore details: https://clickhouse.tech/docs/en/operations/settings/settings-users/\nYour yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationusers\n\nany key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets\nsecret value will pass in `pod.spec.containers.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/users.d/chop-generated-users.xml \nit not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle\n\nlook into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples\n\nany key with prefix `k8s_secret_` shall has value with format namespace/secret/key or secret/key \nin this case value from secret will write directly into XML tag during render *-usersd ConfigMap\n\nany key with prefix `k8s_secret_env` shall has value with format namespace/secret/key or secret/key \nin this case value from secret will write into environment variable and write to XML tag via from_env=XXX\n\nlook into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples\n"
description: |
allows configure <yandex><users>..</users></yandex> section in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/users.d/`
you can configure password hashed, authorization restrictions, database level security row filters etc.
More details: https://clickhouse.tech/docs/en/operations/settings/settings-users/
Your yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationusers
any key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets
secret value will pass in `pod.spec.containers.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/users.d/chop-generated-users.xml
it not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle
look into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples
any key with prefix `k8s_secret_` shall has value with format namespace/secret/key or secret/key
in this case value from secret will write directly into XML tag during render *-usersd ConfigMap
any key with prefix `k8s_secret_env` shall has value with format namespace/secret/key or secret/key
in this case value from secret will write into environment variable and write to XML tag via from_env=XXX
look into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples
# nullable: true
x-kubernetes-preserve-unknown-fields: true
profiles:
Expand All @@ -565,7 +583,16 @@ spec:
x-kubernetes-preserve-unknown-fields: true
settings: &TypeSettings
type: object
description: "allows configure `clickhouse-server` settings inside <yandex>...</yandex> tag in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/config.d/`\nMore details: https://clickhouse.tech/docs/en/operations/settings/settings/\nYour yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationsettings\n\nany key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets\nlook into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples\n\nsecret value will pass in `pod.spec.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/config.d/chop-generated-settings.xml \nit not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle\n"
description: |
allows configure `clickhouse-server` settings inside <yandex>...</yandex> tag in each `Pod` during generate `ConfigMap` which will mount in `/etc/clickhouse-server/config.d/`
More details: https://clickhouse.tech/docs/en/operations/settings/settings/
Your yaml code will convert to XML, see examples https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#specconfigurationsettings
any key could contains `valueFrom` with `secretKeyRef` which allow pass password from kubernetes secrets
look into https://github.com/Altinity/clickhouse-operator/blob/master/docs/chi-examples/05-settings-01-overview.yaml for examples
secret value will pass in `pod.spec.evn`, and generate with from_env=XXX in XML in /etc/clickhouse-server/config.d/chop-generated-settings.xml
it not allow automatically updates when updates `secret`, change spec.taskID for manually trigger reconcile cycle
# nullable: true
x-kubernetes-preserve-unknown-fields: true
files: &TypeFiles
Expand Down
Loading

0 comments on commit 4cf2cc0

Please sign in to comment.