From f5db0b557354eca348671e421fe6121d1f877a54 Mon Sep 17 00:00:00 2001 From: Omar Aloraini Date: Fri, 13 Jan 2023 17:16:58 +0300 Subject: [PATCH] [bitnami/clickhouse] feat: configure https port (#14030) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/clickhouse] feat: configure https port Signed-off-by: Omar Aloraini * Update Chart.yaml Signed-off-by: corico44 <42420333+corico44@users.noreply.github.com> Signed-off-by: Omar Aloraini Signed-off-by: Carlos Rodríguez Hernández Signed-off-by: corico44 <42420333+corico44@users.noreply.github.com> Co-authored-by: Carlos Rodríguez Hernández Co-authored-by: corico44 <42420333+corico44@users.noreply.github.com> --- bitnami/clickhouse/Chart.yaml | 2 +- bitnami/clickhouse/README.md | 5 +++++ .../clickhouse/templates/service-external-access.yaml | 10 ++++++++++ bitnami/clickhouse/templates/service.yaml | 11 +++++++++++ bitnami/clickhouse/templates/statefulset.yaml | 4 ++++ bitnami/clickhouse/values.yaml | 11 +++++++++++ 6 files changed, 42 insertions(+), 1 deletion(-) diff --git a/bitnami/clickhouse/Chart.yaml b/bitnami/clickhouse/Chart.yaml index 94d9a68933..65ea5d7b14 100644 --- a/bitnami/clickhouse/Chart.yaml +++ b/bitnami/clickhouse/Chart.yaml @@ -27,4 +27,4 @@ name: clickhouse sources: - https://github.com/bitnami/containers/tree/main/bitnami/clickhouse - https://github.com/ClickHouse/ClickHouse -version: 2.2.4 +version: 2.3.0 diff --git a/bitnami/clickhouse/README.md b/bitnami/clickhouse/README.md index 857a594735..74080d25cd 100644 --- a/bitnami/clickhouse/README.md +++ b/bitnami/clickhouse/README.md @@ -100,6 +100,7 @@ The command removes all the Kubernetes components associated with the chart and | `shards` | Number of ClickHouse shards to deploy | `2` | | `replicaCount` | Number of ClickHouse replicas per shard to deploy | `3` | | `containerPorts.http` | ClickHouse HTTP container port | `8123` | +| `containerPorts.https` | ClickHouse HTTPS container port | `8443` | | `containerPorts.tcp` | ClickHouse TCP container port | `9000` | | `containerPorts.tcpSecure` | ClickHouse TCP (secure) container port | `9440` | | `containerPorts.keeper` | ClickHouse keeper TCP container port | `2181` | @@ -202,6 +203,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | | `service.type` | ClickHouse service type | `ClusterIP` | | `service.ports.http` | ClickHouse service HTTP port | `8123` | +| `service.ports.https` | ClickHouse service HTTPS port | `443` | | `service.ports.tcp` | ClickHouse service TCP port | `9000` | | `service.ports.tcpSecure` | ClickHouse service TCP (secure) port | `9440` | | `service.ports.keeper` | ClickHouse keeper TCP container port | `2181` | @@ -212,6 +214,7 @@ The command removes all the Kubernetes components associated with the chart and | `service.ports.interserver` | ClickHouse service Interserver port | `9009` | | `service.ports.metrics` | ClickHouse service metrics port | `8001` | | `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.nodePorts.https` | Node port for HTTPS | `""` | | `service.nodePorts.tcp` | Node port for TCP | `""` | | `service.nodePorts.tcpSecure` | Node port for TCP (with TLS) | `""` | | `service.nodePorts.keeper` | ClickHouse keeper TCP container port | `""` | @@ -232,6 +235,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.enabled` | Enable Kubernetes external cluster access to ClickHouse | `false` | | `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | | `externalAccess.service.ports.http` | ClickHouse service HTTP port | `80` | +| `externalAccess.service.ports.https` | ClickHouse service HTTPS port | `443` | | `externalAccess.service.ports.tcp` | ClickHouse service TCP port | `9000` | | `externalAccess.service.ports.tcpSecure` | ClickHouse service TCP (secure) port | `9440` | | `externalAccess.service.ports.keeper` | ClickHouse keeper TCP container port | `2181` | @@ -245,6 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each ClickHouse . Length must be the same as replicaCount | `[]` | | `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | | `externalAccess.service.nodePorts.http` | Node port for HTTP | `[]` | +| `externalAccess.service.nodePorts.https` | Node port for HTTPS | `[]` | | `externalAccess.service.nodePorts.tcp` | Node port for TCP | `[]` | | `externalAccess.service.nodePorts.tcpSecure` | Node port for TCP (with TLS) | `[]` | | `externalAccess.service.nodePorts.keeper` | ClickHouse keeper TCP container port | `[]` | diff --git a/bitnami/clickhouse/templates/service-external-access.yaml b/bitnami/clickhouse/templates/service-external-access.yaml index c1ec3d43dd..fc9191dc24 100644 --- a/bitnami/clickhouse/templates/service-external-access.yaml +++ b/bitnami/clickhouse/templates/service-external-access.yaml @@ -50,6 +50,16 @@ spec: {{- else }} nodePort: null {{- end }} + {{- if $.Values.tls.enabled }} + - name: https + port: {{ $.Values.externalAccess.service.ports.https }} + targetPort: https + {{- if not (empty $.Values.externalAccess.service.nodePorts.https) }} + nodePort: {{ index $.Values.externalAccess.service.nodePorts.https $i }} + {{- else }} + nodePort: null + {{- end }} + {{- end }} {{- if $.Values.metrics.enabled }} - name: http-metrics port: {{ $.Values.externalAccess.service.ports.metrics }} diff --git a/bitnami/clickhouse/templates/service.yaml b/bitnami/clickhouse/templates/service.yaml index e400636603..7cdab49ef5 100644 --- a/bitnami/clickhouse/templates/service.yaml +++ b/bitnami/clickhouse/templates/service.yaml @@ -47,6 +47,17 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} + {{- if .Values.tls.enabled }} + - name: https + targetPort: https + port: {{ .Values.service.ports.https }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} - name: tcp targetPort: tcp port: {{ .Values.service.ports.tcp }} diff --git a/bitnami/clickhouse/templates/statefulset.yaml b/bitnami/clickhouse/templates/statefulset.yaml index 60bd369859..3dc9187a31 100644 --- a/bitnami/clickhouse/templates/statefulset.yaml +++ b/bitnami/clickhouse/templates/statefulset.yaml @@ -174,6 +174,8 @@ spec: {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_TCP_SECURE_PORT value: {{ $.Values.containerPorts.tcpSecure | quote }} + - name: CLICKHOUSE_HTTPS_PORT + value: {{ $.Values.containerPorts.https | quote }} {{- end }} {{- if $.Values.keeper.enabled }} - name: CLICKHOUSE_KEEPER_PORT @@ -244,6 +246,8 @@ spec: - name: tcp containerPort: {{ $.Values.containerPorts.tcp }} {{- if $.Values.tls.enabled }} + - name: https + containerPort: {{ $.Values.containerPorts.https }} - name: tcp-secure containerPort: {{ $.Values.containerPorts.tcpSecure }} {{- end }} diff --git a/bitnami/clickhouse/values.yaml b/bitnami/clickhouse/values.yaml index 6faceab79f..ab465aa9ac 100644 --- a/bitnami/clickhouse/values.yaml +++ b/bitnami/clickhouse/values.yaml @@ -103,6 +103,7 @@ shards: 2 ## replicaCount: 3 ## @param containerPorts.http ClickHouse HTTP container port +## @param containerPorts.https ClickHouse HTTPS container port ## @param containerPorts.tcp ClickHouse TCP container port ## @param containerPorts.tcpSecure ClickHouse TCP (secure) container port ## @param containerPorts.keeper ClickHouse keeper TCP container port @@ -115,6 +116,7 @@ replicaCount: 3 ## containerPorts: http: 8123 + https: 8443 tcp: 9000 tcpSecure: 9440 keeper: 2181 @@ -332,6 +334,7 @@ defaultConfigurationOverrides: | {{- if .Values.tls.enabled }} + {{- $certFileName := default "tls.crt" .Values.tls.certFilename }} @@ -579,6 +582,7 @@ service: ## type: ClusterIP ## @param service.ports.http ClickHouse service HTTP port + ## @param service.ports.https ClickHouse service HTTPS port ## @param service.ports.tcp ClickHouse service TCP port ## @param service.ports.tcpSecure ClickHouse service TCP (secure) port ## @param service.ports.keeper ClickHouse keeper TCP container port @@ -591,6 +595,7 @@ service: ## ports: http: 8123 + https: 443 tcp: 9000 tcpSecure: 9440 keeper: 2181 @@ -602,6 +607,7 @@ service: metrics: 8001 ## Node ports to expose ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS ## @param service.nodePorts.tcp Node port for TCP ## @param service.nodePorts.tcpSecure Node port for TCP (with TLS) ## @param service.nodePorts.keeper ClickHouse keeper TCP container port @@ -615,6 +621,7 @@ service: ## nodePorts: http: "" + https: "" tcp: "" tcpSecure: "" keeper: "" @@ -676,6 +683,7 @@ externalAccess: ## type: LoadBalancer ## @param externalAccess.service.ports.http ClickHouse service HTTP port + ## @param externalAccess.service.ports.https ClickHouse service HTTPS port ## @param externalAccess.service.ports.tcp ClickHouse service TCP port ## @param externalAccess.service.ports.tcpSecure ClickHouse service TCP (secure) port ## @param externalAccess.service.ports.keeper ClickHouse keeper TCP container port @@ -688,6 +696,7 @@ externalAccess: ## ports: http: 80 + https: 443 tcp: 9000 tcpSecure: 9440 keeper: 2181 @@ -719,6 +728,7 @@ externalAccess: ## loadBalancerSourceRanges: [] ## @param externalAccess.service.nodePorts.http Node port for HTTP + ## @param externalAccess.service.nodePorts.https Node port for HTTPS ## @param externalAccess.service.nodePorts.tcp Node port for TCP ## @param externalAccess.service.nodePorts.tcpSecure Node port for TCP (with TLS) ## @param externalAccess.service.nodePorts.keeper ClickHouse keeper TCP container port @@ -737,6 +747,7 @@ externalAccess: ## nodePorts: http: [] + https: [] tcp: [] tcpSecure: [] keeper: []