Merge pull request #1182 from Altinity/0.21.2

0.21.2

README.md

@@ -1,6 +1,6 @@
-# Altinity Operator for ClickHouse
+# Altinity Kubernetes Operator for ClickHouse
 
-Operator creates, configures and manages ClickHouse clusters running on Kubernetes.
+Altinity Kubernetes Operator for ClickHouse creates, configures and manages ClickHouse clusters running on Kubernetes.
 
 [![Build Master](https://github.com/Altinity/clickhouse-operator/actions/workflows/build_master.yaml/badge.svg)](https://github.com/Altinity/clickhouse-operator/actions/workflows/build_master.yaml)
 [![GitHub release](https://img.shields.io/github/v/release/altinity/clickhouse-operator?include_prereleases)](https://img.shields.io/github/v/release/altinity/clickhouse-operator?include_prereleases)
@@ -24,7 +24,7 @@ Operator creates, configures and manages ClickHouse clusters running on Kubernet
 
 ## Requirements
 
- * Kubernetes 1.15.11+
+ * Kubernetes 1.19+
 
 ## Documentation
 
@@ -62,7 +62,7 @@ Operator creates, configures and manages ClickHouse clusters running on Kubernet
 
 Copyright (c) 2019-2023, Altinity Inc and/or its affiliates. All rights reserved.
 
-Altinity Operator for ClickHouse is licensed under the Apache License 2.0.
+Altinity Kubernetes Operator for ClickHouse is licensed under the Apache License 2.0.
 
 See [LICENSE](./LICENSE) for more details.
 

cmd/metrics_exporter/app/metrics_exporter.go

@@ -18,7 +18,6 @@ import (
  "context"
  "flag"
  "fmt"
- "github.com/altinity/clickhouse-operator/pkg/model/clickhouse"
  "os"
  "os/signal"
  "syscall"
@@ -70,20 +69,6 @@ func init() {
  flag.Parse()
 }
 
-func clusterConnectionParams() *clickhouse.ClusterConnectionParams {
- params := clickhouse.NewClusterConnectionParams(
- chop.Config().ClickHouse.Access.Scheme,
- chop.Config().ClickHouse.Access.Username,
- chop.Config().ClickHouse.Access.Password,
- chop.Config().ClickHouse.Access.RootCA,
- chop.Config().ClickHouse.Access.Port,
- )
- params.SetConnectTimeout(chop.Config().ClickHouse.Access.Timeouts.Connect)
- params.SetQueryTimeout(chop.Config().ClickHouse.Access.Timeouts.Query)
-
- return params
-}
-
 // Run is an entry point of the application
 func Run() {
  if versionRequest {
@@ -112,8 +97,6 @@ func Run() {
  log.Info(chop.Config().String(true))
 
  exporter := metrics.StartMetricsREST(
- clusterConnectionParams(),
-
  metricsEP,
  metricsPath,
  chop.Config().ClickHouse.Metrics.Timeouts.Collect,
@@ -122,7 +105,7 @@ func Run() {
  chiListPath,
  )
 
- exporter.DiscoveryWatchedCHIs(chopClient)
+ exporter.DiscoveryWatchedCHIs(kubeClient, chopClient)
 
  <-ctx.Done()
 }

config/config.yaml

@@ -20,6 +20,8 @@
 watch:
  # List of namespaces where clickhouse-operator watches for events.
  # Concurrently running operators should watch on different namespaces.
+ # IMPORTANT
+ # Regexp is applicable.
  #namespaces: ["dev", "test"]
  namespaces: []
 
@@ -46,18 +48,23 @@ clickhouse:
  ################################################
  user:
  # Default settings for user accounts, created by the operator.
- # NB. These are not access credentials or settings for 'default' user account,
- # it is a template for filling out missing fields for all user accounts to be created by the operator, except:
- # 1. 'default' account, which DOES NOT use provided password, but uses all the rest of the fields
- # Password for 'default' account as to be provided explicitly, if to be used
- # 2. CHOP account, which DOES NOT use profile, quota, password and regexp, but uses network IPs - extending them
- # Password for CHOP account is used from `clickhouse.access.password` section
+ # IMPORTANT. These are not access credentials or settings for 'default' user account,
+ # it is a template for filling out missing fields for all user accounts to be created by the operator,
+ # with the following EXCEPTIONS:
+ # 1. 'default' user account DOES NOT use provided password, but uses all the rest of the fields.
+ # Password for 'default' user account has to be provided explicitly, if to be used.
+ # 2. CHOP user account DOES NOT use:
+ # - profile setting. It uses predefined profile called 'clickhouse_operator'
+ # - quota setting. It uses empty quota name.
+ # - network IPs setting. Operator specifies networks/ip to match operators' pod IP only.
+ # - password setting. Password for CHOP account is used from 'clickhouse.access.password' section
  default:
- # Default values for ClickHouse user configuration
- # 1. user/profile - string
- # 2. user/quota - string
- # 3. user/networks/ip - multiple strings
- # 4. user/password - string
+ # Default values for ClickHouse user account(s) created by the operator
+ # 1. user/profile - string
+ # 2. user/quota - string
+ # 3. user/networks/ip - multiple strings
+ # 4. user/password - string
+ # These values can be overwritten on per-user basis.
  profile: "default"
  quota: "default"
  networksIP:
@@ -110,28 +117,29 @@ clickhouse:
  ##
  ################################################
  access:
- # Possible values for `scheme` are:
- # 1. http
- # 2. https
- scheme: ""
+ # Possible values for 'scheme' are:
+ # 1. http - force http to be used to connect to ClickHouse instances
+ # 2. https - force https to be used to connect to ClickHouse instances
+ # 3. auto - either http or https is selected based on open ports
+ scheme: "auto"
  # ClickHouse credentials (username, password and port) to be used by the operator to connect to ClickHouse instances.
- # Used for:
- # 1. Metrics requests
- # 2. Schema maintenance
- # 3. DROP DNS CACHE
+ # These credentials are used for:
+ #  1. Metrics requests
+ #  2. Schema maintenance
+ #  3. DROP DNS CACHE
  # User with these credentials can be specified in additional ClickHouse .xml config files,
- # located in `clickhouse.configuration.file.path.user` folder
+ # located in 'clickhouse.configuration.file.path.user' folder
  username: ""
  password: ""
  rootCA: ""
 
  # Location of the k8s Secret with username and password to be used by the operator to connect to ClickHouse instances.
- # Can be used instead of explicitly specified username and password which are:
- # clickhouse.access.username
- # clickhouse.access.password
+ # Can be used instead of explicitly specified username and password available in sections:
+ #  - clickhouse.access.username
+ #  - clickhouse.access.password
  # Secret should have two keys:
- # 1. username
- # 2. password
+ #  1. username
+ #  2. password
  secret:
  # Empty `namespace` means that k8s secret would be looked in the same namespace where operator's pod is running.
  namespace: ""
@@ -179,9 +187,10 @@ reconcile:
  create:
  # What to do in case created StatefulSet is not in 'Ready' after `reconcile.statefulSet.update.timeout` seconds
  # Possible options:
- # 1. abort - do nothing, just break the process and wait for an admin to assist
- # 2. delete - delete newly created problematic StatefulSet
- # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet
+ # 1. abort - abort the process, do not do anything, do not try to fix ror delete or update problematic StatefulSet,
+ # just abort reconcile cycle without processing next StatefulSet(s) and wait for an admin to assist.
+ # 2. delete - delete newly created problematic StatefulSet and follow 'abort' path afterwards.
+ # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet.
  onFailure: ignore
 
  update:
@@ -191,18 +200,20 @@ reconcile:
  pollInterval: 5
  # What to do in case updated StatefulSet is not in 'Ready' after `reconcile.statefulSet.update.timeout` seconds
  # Possible options:
- # 1. abort - do nothing, just break the process and wait for an admin to assist
+ # 1. abort - abort the process, do not do anything, do not try to fix ror delete or update problematic StatefulSet,
+ # just abort reconcile cycle without processing next StatefulSet(s) and wait for an admin to assist.
  # 2. rollback - delete Pod and rollback StatefulSet to previous Generation.
- # Pod would be recreated by StatefulSet based on rollback-ed configuration
- # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet
- onFailure: rollback
+ # Pod would be recreated by StatefulSet based on rollback-ed StatefulSet configuration.
+ # Then just abort reconcile cycle without processing next StatefulSet(s) and wait for an admin to assist.
+ # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet.
+ onFailure: abort
 
  host:
  # Whether reconciler should wait for a host:
  # - to be excluded from a cluster
  # OR
  # - to be included into a cluster
- # respectfully
+ # respectfully before proceeding to the host reconciliation.
  wait:
  exclude: true
  include: false

deploy/builder/templates-config/config.yaml

@@ -14,6 +14,8 @@
 watch:
  # List of namespaces where clickhouse-operator watches for events.
  # Concurrently running operators should watch on different namespaces.
+ # IMPORTANT
+ # Regexp is applicable.
  #namespaces: ["dev", "test"]
  namespaces: [${WATCH_NAMESPACES}]
 
@@ -40,18 +42,23 @@ clickhouse:
  ################################################
  user:
  # Default settings for user accounts, created by the operator.
- # NB. These are not access credentials or settings for 'default' user account,
- # it is a template for filling out missing fields for all user accounts to be created by the operator, except:
- # 1. 'default' account, which DOES NOT use provided password, but uses all the rest of the fields
- # Password for 'default' account as to be provided explicitly, if to be used
- # 2. CHOP account, which DOES NOT use profile, quota, password and regexp, but uses network IPs - extending them
- # Password for CHOP account is used from `clickhouse.access.password` section
+ # IMPORTANT. These are not access credentials or settings for 'default' user account,
+ # it is a template for filling out missing fields for all user accounts to be created by the operator,
+ # with the following EXCEPTIONS:
+ # 1. 'default' user account DOES NOT use provided password, but uses all the rest of the fields.
+ # Password for 'default' user account has to be provided explicitly, if to be used.
+ # 2. CHOP user account DOES NOT use:
+ # - profile setting. It uses predefined profile called 'clickhouse_operator'
+ # - quota setting. It uses empty quota name.
+ # - network IPs setting. Operator specifies networks/ip to match operators' pod IP only.
+ # - password setting. Password for CHOP account is used from 'clickhouse.access.password' section
  default:
- # Default values for ClickHouse user configuration
- # 1. user/profile - string
- # 2. user/quota - string
- # 3. user/networks/ip - multiple strings
- # 4. user/password - string
+ # Default values for ClickHouse user account(s) created by the operator
+ # 1. user/profile - string
+ # 2. user/quota - string
+ # 3. user/networks/ip - multiple strings
+ # 4. user/password - string
+ # These values can be overwritten on per-user basis.
  profile: "default"
  quota: "default"
  networksIP:
@@ -104,28 +111,29 @@ clickhouse:
  ##
  ################################################
  access:
- # Possible values for `scheme` are:
- # 1. http
- # 2. https
- scheme: ""
+ # Possible values for 'scheme' are:
+ # 1. http - force http to be used to connect to ClickHouse instances
+ # 2. https - force https to be used to connect to ClickHouse instances
+ # 3. auto - either http or https is selected based on open ports
+ scheme: "auto"
  # ClickHouse credentials (username, password and port) to be used by the operator to connect to ClickHouse instances.
- # Used for:
- # 1. Metrics requests
- # 2. Schema maintenance
- # 3. DROP DNS CACHE
+ # These credentials are used for:
+ #  1. Metrics requests
+ #  2. Schema maintenance
+ #  3. DROP DNS CACHE
  # User with these credentials can be specified in additional ClickHouse .xml config files,
- # located in `clickhouse.configuration.file.path.user` folder
+ # located in 'clickhouse.configuration.file.path.user' folder
  username: "${CH_USERNAME_PLAIN}"
  password: "${CH_PASSWORD_PLAIN}"
  rootCA: ""
 
  # Location of the k8s Secret with username and password to be used by the operator to connect to ClickHouse instances.
- # Can be used instead of explicitly specified username and password which are:
- # clickhouse.access.username
- # clickhouse.access.password
+ # Can be used instead of explicitly specified username and password available in sections:
+ #  - clickhouse.access.username
+ #  - clickhouse.access.password
  # Secret should have two keys:
- # 1. username
- # 2. password
+ #  1. username
+ #  2. password
  secret:
  # Empty `namespace` means that k8s secret would be looked in the same namespace where operator's pod is running.
  namespace: "${CH_CREDENTIALS_SECRET_NAMESPACE}"
@@ -173,9 +181,10 @@ reconcile:
  create:
  # What to do in case created StatefulSet is not in 'Ready' after `reconcile.statefulSet.update.timeout` seconds
  # Possible options:
- # 1. abort - do nothing, just break the process and wait for an admin to assist
- # 2. delete - delete newly created problematic StatefulSet
- # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet
+ # 1. abort - abort the process, do not do anything, do not try to fix ror delete or update problematic StatefulSet,
+ # just abort reconcile cycle without processing next StatefulSet(s) and wait for an admin to assist.
+ # 2. delete - delete newly created problematic StatefulSet and follow 'abort' path afterwards.
+ # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet.
  onFailure: ignore
 
  update:
@@ -185,18 +194,20 @@ reconcile:
  pollInterval: 5
  # What to do in case updated StatefulSet is not in 'Ready' after `reconcile.statefulSet.update.timeout` seconds
  # Possible options:
- # 1. abort - do nothing, just break the process and wait for an admin to assist
+ # 1. abort - abort the process, do not do anything, do not try to fix ror delete or update problematic StatefulSet,
+ # just abort reconcile cycle without processing next StatefulSet(s) and wait for an admin to assist.
  # 2. rollback - delete Pod and rollback StatefulSet to previous Generation.
- # Pod would be recreated by StatefulSet based on rollback-ed configuration
- # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet
- onFailure: rollback
+ # Pod would be recreated by StatefulSet based on rollback-ed StatefulSet configuration.
+ # Then just abort reconcile cycle without processing next StatefulSet(s) and wait for an admin to assist.
+ # 3. ignore - ignore an error, pretend nothing happened and move on to the next StatefulSet.
+ onFailure: abort
 
  host:
  # Whether reconciler should wait for a host:
  # - to be excluded from a cluster
  # OR
  # - to be included into a cluster
- # respectfully
+ # respectfully before proceeding to the host reconciliation.
  wait:
  exclude: true
  include: false

deploy/builder/templates-install-bundle/clickhouse-operator-install-yaml-template-01-section-crd-02-chopconf.yaml

@@ -132,7 +132,7 @@ spec:
  properties:
  scheme:
  type: string
- description: "The scheme to user for connecting to ClickHouse. One of http or https"
+ description: "The scheme to user for connecting to ClickHouse. Possible values: http, https, auto"
  username:
  type: string
  description: "ClickHouse username to be used by operator to connect to ClickHouse instances, deprecated, use chCredentialsSecretName"

deploy/helm/Chart.yaml

@@ -5,8 +5,8 @@ description: |-
 
  The ClickHouse Operator creates, configures and manages ClickHouse clusters running on Kubernetes.
 type: application
-version: 0.21.1
-appVersion: 0.21.1
+version: 0.21.2
+appVersion: 0.21.2
 home: https://github.com/Altinity/clickhouse-operator
 icon: https://logosandtypes.com/wp-content/uploads/2020/12/altinity.svg
 maintainers:

deploy/helm/crds/CustomResourceDefinition-clickhouseinstallations.clickhouse.altinity.com.yaml

@@ -10,7 +10,7 @@ kind: CustomResourceDefinition
 metadata:
  name: clickhouseinstallations.clickhouse.altinity.com
  labels:
- clickhouse.altinity.com/chop: 0.21.1
+ clickhouse.altinity.com/chop: 0.21.2
 spec:
  group: clickhouse.altinity.com
  scope: Namespaced

deploy/helm/crds/CustomResourceDefinition-clickhouseinstallationtemplates.clickhouse.altinity.com.yaml

@@ -10,7 +10,7 @@ kind: CustomResourceDefinition
 metadata:
  name: clickhouseinstallationtemplates.clickhouse.altinity.com
  labels:
- clickhouse.altinity.com/chop: 0.21.1
+ clickhouse.altinity.com/chop: 0.21.2
 spec:
  group: clickhouse.altinity.com
  scope: Namespaced

deploy/helm/crds/CustomResourceDefinition-clickhouseoperatorconfigurations.clickhouse.altinity.com.yaml

@@ -7,7 +7,7 @@ kind: CustomResourceDefinition
 metadata:
  name: clickhouseoperatorconfigurations.clickhouse.altinity.com
  labels:
- clickhouse.altinity.com/chop: 0.21.1
+ clickhouse.altinity.com/chop: 0.21.2
 spec:
  group: clickhouse.altinity.com
  scope: Namespaced
@@ -132,7 +132,7 @@ spec:
  properties:
  scheme:
  type: string
- description: "The scheme to user for connecting to ClickHouse. One of http or https"
+ description: "The scheme to user for connecting to ClickHouse. Possible values: http, https, auto"
  username:
  type: string
  description: "ClickHouse username to be used by operator to connect to ClickHouse instances, deprecated, use chCredentialsSecretName"