Merge remote-tracking branch 'altinity/0.23.0' into 0.23.0

Altinity · Feb 1, 2024 · 99c5301 · 99c5301
2 parents 688bc97 + 282c022
commit 99c5301
Show file tree

Hide file tree

Showing 26 changed files with 374 additions and 90 deletions.
diff --git a/deploy/helm/README.md b/deploy/helm/README.md
@@ -51,6 +51,7 @@ For upgrade please install CRDs separately:
 | operator.resources | object | `{}` | custom resource configuration, look `kubectl explain pod.spec.containers.resources` for details |
 | podAnnotations | object | `{"clickhouse-operator-metrics/port":"9999","clickhouse-operator-metrics/scrape":"true","prometheus.io/port":"8888","prometheus.io/scrape":"true"}` | annotations to add to the clickhouse-operator pod, look `kubectl explain pod.spec.annotations` for details |
 | podSecurityContext | object | `{}` |  |
+| rbac.create | bool | `true` | specifies whether cluster roles and cluster role bindings should be created |
 | secret.create | bool | `true` | create a secret with operator credentials |
 | secret.password | string | `"clickhouse_operator_password"` | operator credentials password |
 | secret.username | string | `"clickhouse_operator"` | operator credentials username |
@@ -61,3 +62,5 @@ For upgrade please install CRDs separately:
 | serviceMonitor.enabled | bool | `false` | ServiceMonitor Custom resource is created for a (prometheus-operator)[https://github.com/prometheus-operator/prometheus-operator] |
 | tolerations | list | `[]` | tolerations for scheduler pod assignment, look `kubectl explain pod.spec.tolerations` for details |
 
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/templates/_helpers.tpl
@@ -81,3 +81,19 @@ metadata:
   labels:
     {{- include "altinity-clickhouse-operator.labels" . | nindent 4 }}
 {{- end }}
+
+{{/*
+*/}}
+{{- define "altinity-clickhouse-operator.configmap-data" }}
+{{- $root := index . 0 }}
+{{- $data := index . 1 }}
+{{- if not $data -}}
+null
+{{ end }}
+{{- range $k, $v := $data }}
+{{- if not (kindIs "string" $v) }}
+{{- $v = toYaml $v }}
+{{- end }}
+{{- tpl (toYaml (dict $k $v)) $root }}
+{{ end }}
+{{- end }}
diff --git a/deploy/helm/templates/generated/ClusterRole-clickhouse-operator-kube-system.yaml b/deploy/helm/templates/generated/ClusterRole-clickhouse-operator-kube-system.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create -}}
 # Specifies either
 #   ClusterRole
 # or
@@ -207,3 +208,4 @@ rules:
       - patch
       - create
       - delete
+{{- end }}
diff --git a/deploy/helm/templates/generated/ClusterRoleBinding-clickhouse-operator-kube-system.yaml b/deploy/helm/templates/generated/ClusterRoleBinding-clickhouse-operator-kube-system.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create -}}
 # Specifies either
 #   ClusterRoleBinding between ClusterRole and ServiceAccount.
 # or
@@ -19,3 +20,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "altinity-clickhouse-operator.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-confd-files.yaml b/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-confd-files.yaml
@@ -10,4 +10,4 @@ metadata:
   name: {{ printf "%s-confd-files" (include "altinity-clickhouse-operator.fullname" .) }}
   namespace: {{ .Release.Namespace }}
   labels: {{ include "altinity-clickhouse-operator.labels" . | nindent 4 }}
-data: {{ tpl (toYaml .Values.configs.confdFiles) . | nindent 2 }}
+data: {{ include "altinity-clickhouse-operator.configmap-data" (list . .Values.configs.confdFiles) | nindent 2 }}
diff --git a/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-configd-files.yaml b/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-configd-files.yaml
@@ -10,4 +10,4 @@ metadata:
   name: {{ printf "%s-configd-files" (include "altinity-clickhouse-operator.fullname" .) }}
   namespace: {{ .Release.Namespace }}
   labels: {{ include "altinity-clickhouse-operator.labels" . | nindent 4 }}
-data: {{ tpl (toYaml .Values.configs.configdFiles) . | nindent 2 }}
+data: {{ include "altinity-clickhouse-operator.configmap-data" (list . .Values.configs.configdFiles) | nindent 2 }}
diff --git a/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-files.yaml b/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-files.yaml
@@ -10,4 +10,4 @@ metadata:
   name: {{ printf "%s-files" (include "altinity-clickhouse-operator.fullname" .) }}
   namespace: {{ .Release.Namespace }}
   labels: {{ include "altinity-clickhouse-operator.labels" . | nindent 4 }}
-data: {{ tpl (toYaml .Values.configs.files) . | nindent 2 }}
+data: {{ include "altinity-clickhouse-operator.configmap-data" (list . .Values.configs.files) | nindent 2 }}
diff --git a/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-templatesd-files.yaml b/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-templatesd-files.yaml
@@ -10,4 +10,4 @@ metadata:
   name: {{ printf "%s-templatesd-files" (include "altinity-clickhouse-operator.fullname" .) }}
   namespace: {{ .Release.Namespace }}
   labels: {{ include "altinity-clickhouse-operator.labels" . | nindent 4 }}
-data: {{ tpl (toYaml .Values.configs.templatesdFiles) . | nindent 2 }}
+data: {{ include "altinity-clickhouse-operator.configmap-data" (list . .Values.configs.templatesdFiles) | nindent 2 }}
diff --git a/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-usersd-files.yaml b/deploy/helm/templates/generated/ConfigMap-etc-clickhouse-operator-usersd-files.yaml
@@ -10,4 +10,4 @@ metadata:
   name: {{ printf "%s-usersd-files" (include "altinity-clickhouse-operator.fullname" .) }}
   namespace: {{ .Release.Namespace }}
   labels: {{ include "altinity-clickhouse-operator.labels" . | nindent 4 }}
-data: {{ tpl (toYaml .Values.configs.usersdFiles) . | nindent 2 }}
+data: {{ include "altinity-clickhouse-operator.configmap-data" (list . .Values.configs.usersdFiles) | nindent 2 }}
diff --git a/deploy/helm/templates/generated/ServiceAccount-clickhouse-operator.yaml b/deploy/helm/templates/generated/ServiceAccount-clickhouse-operator.yaml
@@ -13,7 +13,6 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels: {{ include "altinity-clickhouse-operator.labels" . | nindent 4 }}
   annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
-
 # Template Parameters:
 #
 # NAMESPACE=kube-system

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -62,6 +62,9 @@ serviceAccount:
   annotations: {}
   # serviceAccount.name -- the name of the service account to use; if not set and create is true, a name is generated using the fullname template
   name:
+rbac:
+  # rbac.create -- specifies whether cluster roles and cluster role bindings should be created
+  create: true
 secret:
   # secret.create -- create a secret with operator credentials
   create: true
@@ -166,7 +169,7 @@ configs:
           </trace_log>
       </yandex>
   files:
-    config.yaml: |-
+    config.yaml:
       # IMPORTANT
       # This file is auto-generated
       # Do not edit this file - all changes would be lost
@@ -194,7 +197,6 @@ configs:
         # Regexp is applicable.
         #namespaces: ["dev", "test"]
         namespaces: []
-
       clickhouse:
         configuration:
           ################################################
@@ -252,7 +254,6 @@ configs:
           network:
             # Default host_regexp to limit network connectivity from outside
             hostRegexpTemplate: "(chi-{chi}-[^.]+\\d+-\\d+|clickhouse\\-{chi})\\.{namespace}\\.svc\\.cluster\\.local$"
-
         ################################################
         ##
         ## Configuration restart policy section
@@ -277,19 +278,15 @@ configs:
                 - settings/max_concurrent_queries: "no"
                 - settings/models_config: "no"
                 - settings/user_defined_executable_functions_config: "no"
-
                 - zookeeper/*: "yes"
-
                 - files/*.xml: "yes"
                 - files/config.d/*.xml: "yes"
                 - files/config.d/*dict*.xml: "no"
-
                 - profiles/default/background_*_pool_size: "yes"
                 - profiles/default/max_*_for_server: "yes"
             - version: "21.*"
               rules:
                 - settings/logger: "yes"
-
         #################################################
         ##
         ## Access to ClickHouse instances
@@ -311,7 +308,6 @@ configs:
           username: ""
           password: ""
           rootCA: ""
-
           # Location of the k8s Secret with username and password to be used by the operator to connect to ClickHouse instances.
           # Can be used instead of explicitly specified username and password available in sections:
           #   - clickhouse.access.username
@@ -323,24 +319,21 @@ configs:
             # Empty `namespace` means that k8s secret would be looked in the same namespace where operator's pod is running.
             namespace: ""
             # Empty `name` means no k8s Secret would be looked for
-            name: "{{ include "altinity-clickhouse-operator.fullname" . }}"
+            name: '{{ include "altinity-clickhouse-operator.fullname" . }}'
           # Port where to connect to ClickHouse instances to
           port: 8123
-
           # Timeouts used to limit connection and queries from the operator to ClickHouse instances
           # Specified in seconds.
           timeouts:
             # Timout to setup connection from the operator to ClickHouse instances. In seconds.
             connect: 1
             # Timout to perform SQL query from the operator to ClickHouse instances. In seconds.
             query: 4
-
         #################################################
         ##
         ## Metrics collection
         ##
         ################################################
-
         metrics:
           # Timeouts used to limit connection and queries from the metrics exporter to ClickHouse instances
           # Specified in seconds.
@@ -349,7 +342,6 @@ configs:
             # Upon reaching this timeout metrics collection is aborted and no more metrics are collected in this cycle.
             # All collected metrics are returned.
             collect: 9
-
       ################################################
       ##
       ## Template(s) management section
@@ -362,12 +354,10 @@ configs:
           #   - ReadOnStart. Accept CHIT updates on the operators start only.
           #   - ApplyOnNextReconcile. Accept CHIT updates at all time. Apply news CHITs on next regular reconcile of the CHI
           policy: ApplyOnNextReconcile
-
           # Path to the folder where ClickHouseInstallation templates .yaml manifests are located.
           # Templates are added to the list of all templates and used when CHI is reconciled.
           # Templates are applied in sorted alpha-numeric order.
           path: templates.d
-
       ################################################
       ##
       ## Reconcile section
@@ -378,7 +368,6 @@ configs:
         runtime:
           # Max number of concurrent CHI reconciles in progress
           reconcileCHIsThreadsNumber: 10
-
           # The operator reconciles shards concurrently in each CHI with the following limitations:
           #   1. Number of shards being reconciled (and thus having hosts down) in each CHI concurrently
           #      can not be greater than 'reconcileShardsThreadsNumber'.
@@ -391,7 +380,6 @@ configs:
           reconcileShardsThreadsNumber: 5
           # Max percentage of concurrent shard reconciles within one CHI in progress
           reconcileShardsMaxConcurrencyPercent: 50
-
         # Reconcile StatefulSet scenario
         statefulSet:
           # Create StatefulSet scenario
@@ -404,7 +392,6 @@ configs:
             # 2. delete - delete newly created problematic StatefulSet and follow 'abort' path afterwards.
             # 3. ignore - ignore an error, pretend nothing happened, continue reconcile and move on to the next StatefulSet.
             onFailure: ignore
-
           # Update StatefulSet scenario
           update:
             # How many seconds to wait for created/updated StatefulSet to be 'Ready'
@@ -421,7 +408,6 @@ configs:
             #    Follow 'abort' path afterwards.
             # 3. ignore - ignore an error, pretend nothing happened, continue reconcile and move on to the next StatefulSet.
             onFailure: abort
-
         # Reconcile Host scenario
         host:
           # Whether the operator during reconcile procedure should wait for a ClickHouse host:
@@ -433,7 +419,6 @@ configs:
             exclude: true
             queries: true
             include: false
-
       ################################################
       ##
       ## Annotations management section
@@ -448,7 +433,6 @@ configs:
         include: []
         # Exclude annotations from the following list:
         exclude: []
-
       ################################################
       ##
       ## Labels management section
@@ -477,15 +461,13 @@ configs:
         #  LabelClusterScopeCycleIndex
         #  LabelClusterScopeCycleOffset
         appendScope: "no"
-
       ################################################
       ##
       ## StatefulSet management section
       ##
       ################################################
       statefulSet:
         revisionHistoryLimit: 0
-
       ################################################
       ##
       ## Pod management section
@@ -497,7 +479,6 @@ configs:
         # SIGTERM and SIGKILL during Pod termination process.
         # Increase this number is case of slow shutdown.
         terminationGracePeriod: 30
-
       ################################################
       ##
       ## Log parameters section

diff --git a/dev/generate_helm_chart.sh b/dev/generate_helm_chart.sh
@@ -229,8 +229,12 @@ function update_configmap_resource() {
   data=$(yq e '.data' "${file}")
 
   if [ "${name}" = "etc-clickhouse-operator-files" ]; then
-    readonly search='name: "clickhouse-operator"'
-    readonly replace='name: "{{ include "altinity-clickhouse-operator.fullname" . }}"'
+    local search='name: "clickhouse-operator"'
+    local replace="name: '{{ include \"altinity-clickhouse-operator.fullname\" . }}'"
+    data=${data/"${search}"/"${replace}"}
+
+    search='config.yaml: |'
+    replace='config.yaml:'
     data=${data/"${search}"/"${replace}"}
   fi
 
@@ -241,7 +245,7 @@ function update_configmap_resource() {
   yq e -i '.metadata.name |= "{{ printf \"%s-'"${name_suffix}"'\" (include \"altinity-clickhouse-operator.fullname\" .) }}"' "${file}"
   yq e -i '.metadata.namespace |= "{{ .Release.Namespace }}"' "${file}"
   yq e -i '.metadata.labels |= "{{ include \"altinity-clickhouse-operator.labels\" . | nindent 4 }}"' "${file}"
-  yq e -i '.data |= "{{ tpl (toYaml .Values.configs.'"${cameled_name}"') . | nindent 2 }}"' "${file}"
+  yq e -i '.data |= "{{ include \"altinity-clickhouse-operator.configmap-data\" (list . .Values.configs.'"${cameled_name}"') | nindent 2 }}"' "${file}"
 
   if [ -z "${data}" ]; then
     yq e -i '.configs.'"${cameled_name}"' |= null' "${values_yaml}"
@@ -267,6 +271,9 @@ function update_clusterrolebinding_resource() {
   yq e -i '.roleRef.name |= "{{ include \"altinity-clickhouse-operator.fullname\" . }}"' "${file}"
   yq e -i '(.subjects[] | select(.kind == "ServiceAccount")) |= with(. ; .name = "{{ include \"altinity-clickhouse-operator.serviceAccountName\" . }}" | .namespace = "{{ .Release.Namespace }}")' "${file}"
 
+  printf '%s\n%s\n' '{{- if .Values.rbac.create -}}' "$(cat "${file}")" >"${file}"
+  printf '%s\n%s\n' "$(cat "${file}")" '{{- end }}' >"${file}"
+
   perl -pi -e "s/'//g" "${file}"
 }
 
@@ -285,6 +292,9 @@ function update_clusterrole_resource() {
 
   yq e -i '(.rules[] | select(.resourceNames | contains(["clickhouse-operator"])) | .resourceNames) = ["{{ include \"altinity-clickhouse-operator.fullname\" . }}"]' "${file}"
 
+  printf '%s\n%s\n' '{{- if .Values.rbac.create -}}' "$(cat "${file}")" >"${file}"
+  printf '%s\n%s\n' "$(cat "${file}")" '{{- end }}' >"${file}"
+
   perl -pi -e "s/'//g" "${file}"
 }
 

diff --git a/docs/chk-examples/clickhouse-keeper-1-node-for-test-only.yaml b/docs/chk-examples/clickhouse-keeper-1-node-for-test-only.yaml
@@ -0,0 +1,44 @@
+---
+# Fake Service to drop-in replacement in tests
+apiVersion: v1
+kind: Service
+metadata:
+  # DNS would be like zookeeper.namespace.svc
+  name: zookeeper
+  labels:
+    app: zookeeper
+spec:
+  ports:
+    - port: 2181
+      name: client
+    - port: 7000
+      name: prometheus
+  selector:
+    app: clickhouse-keeper
+    what: node
+---
+apiVersion: "clickhouse-keeper.altinity.com/v1"
+kind: "ClickHouseKeeperInstallation"
+metadata:
+  name: clickhouse-keeper
+spec:
+  configuration:
+    clusters:
+      - name: "simple-1"
+        layout:
+          replicasCount: 1
+    settings:
+      logger/level: "trace"
+      logger/console: "true"
+      listen_host: "0.0.0.0"
+      keeper_server/storage_path: /var/lib/clickhouse-keeper
+      keeper_server/tcp_port: "2181"
+      keeper_server/four_letter_word_white_list: "*"
+      keeper_server/coordination_settings/raft_logs_level: "information"
+      keeper_server/raft_configuration/server/port: "9444"
+      prometheus/endpoint: "/metrics"
+      prometheus/port: "7000"
+      prometheus/metrics: "true"
+      prometheus/events: "true"
+      prometheus/asynchronous_metrics: "true"
+      prometheus/status_info: "false"