{{- $shards := .Values.shards | int }} {{- range $i, $e := until $shards }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }} namespace: {{ include "common.names.namespace" $ | quote }} labels: {{- include "common.labels.standard" $ | nindent 4 }} app.kubernetes.io/component: clickhouse {{- if $.Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if $.Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: replicas: {{ $.Values.replicaCount }} podManagementPolicy: {{ $.Values.podManagementPolicy | quote }} selector: matchLabels: {{ include "common.labels.matchLabels" $ | nindent 6 }} app.kubernetes.io/component: clickhouse serviceName: {{ printf "%s-headless" (include "common.names.fullname" $) }} {{- if $.Values.updateStrategy }} updateStrategy: {{- toYaml $.Values.updateStrategy | nindent 4 }} {{- end }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} checksum/config-users: {{ include (print $.Template.BasePath "/configmap-users.yaml") $ | sha256sum }} checksum/config-extra: {{ include (print $.Template.BasePath "/configmap-extra.yaml") $ | sha256sum }} {{- if $.Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }} {{- end }} labels: {{- include "common.labels.standard" $ | nindent 8 }} app.kubernetes.io/component: clickhouse {{- if $.Values.podLabels }} {{- include "common.tplvalues.render" (dict "value" $.Values.podLabels "context" $) | nindent 8 }} {{- end }} spec: serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }} {{- include "clickhouse.imagePullSecrets" $ | nindent 6 }} {{- if $.Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if $.Values.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if $.Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" $.Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if $.Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.tolerations "context" $) | nindent 8 }} {{- end }} {{- if $.Values.priorityClassName }} priorityClassName: {{ $.Values.priorityClassName | quote }} {{- end }} {{- if $.Values.schedulerName }} schedulerName: {{ $.Values.schedulerName | quote }} {{- end }} {{- if $.Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} {{- if $.Values.podSecurityContext.enabled }} securityContext: {{- omit $.Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if $.Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} {{- end }} initContainers: {{- if and $.Values.tls.enabled (not $.Values.volumePermissions.enabled) }} - name: copy-certs image: {{ include "clickhouse.volumePermissions.image" $ }} imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} {{- end }} # We don't require a privileged container in this case {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} command: - /bin/sh - -ec - | cp -L /tmp/certs/* /opt/bitnami/clickhouse/certs/ chmod 600 {{ include "clickhouse.tlsCertKey" $ }} volumeMounts: - name: raw-certificates mountPath: /tmp/certs - name: clickhouse-certificates mountPath: /opt/bitnami/clickhouse/certs {{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} - name: volume-permissions image: {{ include "clickhouse.volumePermissions.image" $ }} imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} command: | mkdir -p /bitnami/clickhouse/data chmod 700 /bitnami/clickhouse/data {{- if $.Values.keeper.enabled }} mkdir -p /bitnami/clickhouse/keeper chmod 700 /bitnami/clickhouse/keeper {{- end }} chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /bitnami/clickhouse find /bitnami/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} {{- if $.Values.tls.enabled }} cp /tmp/certs/* /opt/bitnami/clickhouse/certs/ {{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/clickhouse/certs/ {{- else }} chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/bitnami/clickhouse/certs/ {{- end }} chmod 600 {{ include "clickhouse.tlsCertKey" $ }} {{- end }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if $.Values.volumePermissions.resources }} resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }} {{- end }} volumeMounts: - name: data mountPath: /bitnami/clickhouse - name: config mountPath: /bitnami/clickhouse/conf/default {{- if $.Values.tls.enabled }} - name: raw-certificates mountPath: /tmp/certs - name: clickhouse-certificates mountPath: /opt/bitnami/clickhouse/certs {{- end }} {{- end }} {{- if $.Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 8 }} {{- end }} containers: - name: clickhouse image: {{ template "clickhouse.image" $ }} imagePullPolicy: {{ $.Values.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if $.Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if $.Values.command }} command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} {{- end }} {{- if $.Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if $.Values.args }} args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} {{- end }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} - name: CLICKHOUSE_HTTP_PORT value: {{ $.Values.containerPorts.http | quote }} - name: CLICKHOUSE_TCP_PORT value: {{ $.Values.containerPorts.tcp | quote }} - name: CLICKHOUSE_MYSQL_PORT value: {{ $.Values.containerPorts.mysql | quote }} - name: CLICKHOUSE_POSTGRESQL_PORT value: {{ $.Values.containerPorts.postgresql | quote }} - name: CLICKHOUSE_INTERSERVER_HTTP_PORT value: {{ $.Values.containerPorts.interserver | quote }} {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_TCP_SECURE_PORT value: {{ $.Values.containerPorts.tcpSecure | quote }} - name: CLICKHOUSE_HTTPS_PORT value: {{ $.Values.containerPorts.https | quote }} {{- end }} {{- if $.Values.keeper.enabled }} - name: CLICKHOUSE_KEEPER_PORT value: {{ $.Values.containerPorts.keeper | quote }} - name: CLICKHOUSE_KEEPER_INTER_PORT value: {{ $.Values.containerPorts.keeperInter | quote }} {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_KEEPER_SECURE_PORT value: {{ $.Values.containerPorts.keeperSecure | quote }} {{- end }} {{- end }} {{- if $.Values.metrics.enabled }} - name: CLICKHOUSE_METRICS_PORT value: {{ $.Values.containerPorts.metrics | quote }} {{- end }} - name: CLICKHOUSE_ADMIN_USER value: {{ $.Values.auth.username | quote }} - name: CLICKHOUSE_SHARD_ID value: {{ printf "shard%d" $i | quote }} - name: CLICKHOUSE_REPLICA_ID valueFrom: fieldRef: fieldPath: metadata.name - name: CLICKHOUSE_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ include "clickhouse.secretName" $ }} key: {{ include "clickhouse.secretKey" $ }} {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_TLS_CERT_FILE value: {{ include "clickhouse.tlsCert" $ | quote}} - name: CLICKHOUSE_TLS_KEY_FILE value: {{ include "clickhouse.tlsCertKey" $ | quote }} - name: CLICKHOUSE_TLS_CA_FILE value: {{ include "clickhouse.tlsCACert" $ | quote }} {{- end }} {{- if $.Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if $.Values.keeper.enabled }} {{- $replicas := $.Values.replicaCount | int }} {{- range $j, $r := until $replicas }} - name: {{ printf "KEEPER_NODE_%d" $j }} value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $i $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} {{- end }} {{- else if $.Values.zookeeper.enabled }} {{- $replicas := $.Values.zookeeper.replicaCount | int }} {{- range $j, $r := until $replicas }} - name: {{ printf "KEEPER_NODE_%d" $j }} value: {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $j (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }} {{- end }} {{- end }} envFrom: {{- if $.Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if $.Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsSecret "context" $) }} {{- end }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} {{- end }} ports: - name: http containerPort: {{ $.Values.containerPorts.http }} - name: tcp containerPort: {{ $.Values.containerPorts.tcp }} {{- if $.Values.tls.enabled }} - name: https containerPort: {{ $.Values.containerPorts.https }} - name: tcp-secure containerPort: {{ $.Values.containerPorts.tcpSecure }} {{- end }} {{- if $.Values.keeper.enabled }} - name: tcp-keeper containerPort: {{ $.Values.containerPorts.keeper }} - name: tcp-keeperinter containerPort: {{ $.Values.containerPorts.keeperInter }} {{- if $.Values.tls.enabled }} - name: tcp-keepertls containerPort: {{ $.Values.containerPorts.keeperSecure }} {{- end }} {{- end }} - name: tcp-postgresql containerPort: {{ $.Values.containerPorts.postgresql }} - name: tcp-mysql containerPort: {{ $.Values.containerPorts.mysql }} - name: http-intersrv containerPort: {{ $.Values.containerPorts.interserver }} {{- if $.Values.metrics.enabled }} - name: http-metrics containerPort: {{ $.Values.containerPorts.metrics }} {{- end }} {{- if not $.Values.diagnosticMode.enabled }} {{- if $.Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if $.Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /ping port: http {{- end }} {{- if $.Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customReadinessProbe "context" $) | nindent 12 }} {{- else if $.Values.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.readinessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /ping port: http {{- end }} {{- if $.Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customStartupProbe "context" $) | nindent 12 }} {{- else if $.Values.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.startupProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /ping port: http {{- end }} {{- end }} {{- if $.Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: scripts mountPath: /scripts/setup.sh subPath: setup.sh - name: data mountPath: /bitnami/clickhouse - name: config mountPath: /bitnami/clickhouse/etc/conf.d/default - name: config-users mountPath: /bitnami/clickhouse/etc {{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }} - name: extra-config mountPath: /bitnami/clickhouse/etc/conf.d/extra-configmap {{- end }} {{- if $.Values.extraOverridesSecret }} - name: extra-secret mountPath: /bitnami/clickhouse/etc/conf.d/extra-secret {{- end }} {{- if $.Values.tls.enabled }} - name: clickhouse-certificates mountPath: /bitnami/clickhouse/certs {{- end }} {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} - name: custom-start-scripts mountPath: /docker-entrypoint-startdb.d {{- end }} {{- if $.Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if $.Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - name: scripts configMap: name: {{ printf "%s-scripts" (include "common.names.fullname" $) }} defaultMode: 0755 - name: config configMap: name: {{ template "clickhouse.configmapName" $ }} - name: config-users configMap: name: clickhouse-users items: - key: users.xml path: users.xml {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} - name: custom-init-scripts secret: secretName: {{ include "clickhouse.initdbScriptsSecret" $ }} {{- end }} {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} - name: custom-start-scripts secret: secretName: {{ include "clickhouse.startdbScriptsSecret" $ }} {{- end }} {{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }} - name: extra-config configMap: name: {{ template "clickhouse.extraConfigmapName" $ }} {{- end }} {{- if $.Values.extraOverridesSecret }} - name: extra-secret secret: secretName: {{ $.Values.extraOverridesSecret }} {{- end }} {{- if not $.Values.persistence.enabled }} - name: data emptyDir: {} {{- end }} {{- if $.Values.tls.enabled }} - name: raw-certificates secret: secretName: {{ include "clickhouse.tlsSecretName" $ }} - name: clickhouse-certificates emptyDir: {} {{- end }} {{- if $.Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if $.Values.persistence.enabled }} volumeClaimTemplates: - metadata: name: data annotations: {{- if $.Values.persistence.annotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }} {{- end }} {{- if $.Values.commonAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) | nindent 10 }} {{- end }} labels: {{- if $.Values.commonLabels }} {{- include "common.tplvalues.render" (dict "value" $.Values.commonLabels "context" $) | nindent 10 }} {{- end }} {{- if $.Values.persistence.labels }} labels: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.labels "context" $) | nindent 10 }} {{- end }} spec: accessModes: {{- range $.Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ $.Values.persistence.size | quote }} {{- if $.Values.persistence.selector }} selector: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.selector "context" $) | nindent 10 }} {{- end }} {{- if $.Values.persistence.dataSource }} dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }} {{- end }} {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} {{- end }} --- {{- end }}