{{- /* Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} {{- $shards := .Values.shards | int }} {{- range $shard := until $shards }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $shard }} namespace: {{ include "common.names.namespace" $ | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: clickhouse app.kubernetes.io/part-of: clickhouse shard: {{ $shard | quote }} {{- if $.Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: replicas: {{ $.Values.replicaCount }} podManagementPolicy: {{ $.Values.podManagementPolicy | quote }} {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.podLabels $.Values.commonLabels ) "context" $ ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: clickhouse app.kubernetes.io/part-of: clickhouse shard: {{ $shard | quote }} serviceName: {{ template "clickhouse.headlessServiceName" $ }} updateStrategy: {{- include "common.tplvalues.render" (dict "value" $.Values.updateStrategy "context" $) | nindent 4 }} template: metadata: annotations: {{- if and $.Values.configuration (not $.Values.existingConfigmap) }} checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }} {{- end }} {{- if not $.Values.existingConfigdConfigmap }} checksum/configd-configuration: {{ include (print $.Template.BasePath "/configd-configmap.yaml") $ | sha256sum }} {{- end }} {{- if and $.Values.usersdFiles (not $.Values.existingUsersdConfigmap) }} checksum/usersd-configuration: {{ include (print $.Template.BasePath "/usersd-configmap.yaml") $ | sha256sum }} {{- end }} {{- if $.Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/component: clickhouse app.kubernetes.io/part-of: clickhouse shard: {{ $shard | quote }} spec: {{- include "clickhouse.imagePullSecrets" $ | nindent 6 }} automountServiceAccountToken: {{ $.Values.automountServiceAccountToken }} serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }} {{- if $.Values.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if $.Values.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "customLabels" $podLabels "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "customLabels" $podLabels "extraPodAffinityTerms" (ternary (list (dict "extraMatchLabels" (dict "shard" $shard) "topologyKey" "topology.kubernetes.io/zone")) (list) $.Values.distributeReplicasByZone) "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if $.Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" $.Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if $.Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.tolerations "context" $) | nindent 8 }} {{- end }} {{- if $.Values.priorityClassName }} priorityClassName: {{ $.Values.priorityClassName | quote }} {{- end }} {{- if $.Values.schedulerName }} schedulerName: {{ $.Values.schedulerName | quote }} {{- end }} {{- if $.Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} {{- if $.Values.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} {{- if $.Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} {{- end }} initContainers: {{- if and $.Values.defaultInitContainers.volumePermissions.enabled $.Values.keeper.persistence.enabled }} {{- include "clickhouse.defaultInitContainers.volumePermissions" (dict "context" $ "role" "") | nindent 8 }} {{- end }} {{- if $.Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 8 }} {{- end }} containers: - name: clickhouse image: {{ template "clickhouse.image" $ }} imagePullPolicy: {{ $.Values.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if $.Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if $.Values.command }} command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} {{- end }} {{- if $.Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if $.Values.args }} args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} {{- end }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }} - name: CLICKHOUSE_HTTP_PORT value: {{ $.Values.containerPorts.http | quote }} - name: CLICKHOUSE_TCP_PORT value: {{ $.Values.containerPorts.tcp | quote }} - name: CLICKHOUSE_MYSQL_PORT value: {{ $.Values.containerPorts.mysql | quote }} - name: CLICKHOUSE_POSTGRESQL_PORT value: {{ $.Values.containerPorts.postgresql | quote }} - name: CLICKHOUSE_INTERSERVER_HTTP_PORT value: {{ $.Values.containerPorts.interserver | quote }} {{- if $.Values.tls.enabled }} - name: CLICKHOUSE_TCP_SECURE_PORT value: {{ $.Values.containerPorts.tcpSecure | quote }} - name: CLICKHOUSE_HTTPS_PORT value: {{ $.Values.containerPorts.https | quote }} {{- end }} {{- if $.Values.metrics.enabled }} - name: CLICKHOUSE_METRICS_PORT value: {{ $.Values.containerPorts.metrics | quote }} {{- end }} - name: CLICKHOUSE_SHARD_ID value: {{ printf "shard%d" $shard | quote }} - name: CLICKHOUSE_REPLICA_ID valueFrom: fieldRef: fieldPath: metadata.name - name: CLICKHOUSE_ADMIN_USER value: {{ $.Values.auth.username | quote }} {{- if $.Values.usePasswordFiles }} - name: CLICKHOUSE_ADMIN_PASSWORD_FILE value: {{ printf "/opt/bitnami/clickhouse/secrets/%s" (include "clickhouse.secretKey" $) }} {{- else }} - name: CLICKHOUSE_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ include "clickhouse.secretName" $ }} key: {{ include "clickhouse.secretKey" $ }} {{- end }} {{- if $.Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if or $.Values.extraEnvVarsCM $.Values.extraEnvVarsSecret }} envFrom: {{- if $.Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if $.Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsSecret "context" $) }} {{- end }} {{- end }} {{- if $.Values.resources }} resources: {{- toYaml $.Values.resources | nindent 12 }} {{- else if ne $.Values.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http containerPort: {{ $.Values.containerPorts.http }} - name: tcp containerPort: {{ $.Values.containerPorts.tcp }} {{- if $.Values.tls.enabled }} - name: https containerPort: {{ $.Values.containerPorts.https }} - name: tcp-secure containerPort: {{ $.Values.containerPorts.tcpSecure }} {{- end }} - name: tcp-postgresql containerPort: {{ $.Values.containerPorts.postgresql }} - name: tcp-mysql containerPort: {{ $.Values.containerPorts.mysql }} - name: http-intersrv containerPort: {{ $.Values.containerPorts.interserver }} {{- if $.Values.metrics.enabled }} - name: http-metrics containerPort: {{ $.Values.containerPorts.metrics }} {{- end }} {{- if not $.Values.diagnosticMode.enabled }} {{- if $.Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if $.Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: http {{- end }} {{- if $.Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customReadinessProbe "context" $) | nindent 12 }} {{- else if $.Values.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.readinessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /ping port: http {{- end }} {{- if $.Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customStartupProbe "context" $) | nindent 12 }} {{- else if $.Values.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.startupProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: http {{- end }} {{- end }} {{- if $.Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: {{ $.Values.persistence.volumeName }} mountPath: {{ $.Values.persistence.mountPath }} {{- if or $.Values.configuration $.Values.existingConfigmap }} - name: configuration mountPath: /bitnami/clickhouse/etc/config.xml subPath: config.xml {{- end }} - name: configd-configuration mountPath: /bitnami/clickhouse/etc/config.d {{- if or $.Values.usersdFiles $.Values.existingUsersdConfigmap $.Values.existingUsersdSecret }} - name: usersd-configuration-configuration mountPath: /bitnami/clickhouse/etc/users.d {{- end }} {{- if $.Values.usePasswordFiles }} - name: secrets mountPath: /opt/bitnami/clickhouse/secrets readOnly: true {{- end }} {{- if $.Values.tls.enabled }} - name: ca-cert mountPath: /opt/bitnami/clickhouse/certs/ca readOnly: true - name: server-cert mountPath: /opt/bitnami/clickhouse/certs/server readOnly: true {{- end }} - name: empty-dir mountPath: /opt/bitnami/clickhouse/etc subPath: app-conf-dir - name: empty-dir mountPath: /opt/bitnami/clickhouse/logs subPath: app-logs-dir - name: empty-dir mountPath: /opt/bitnami/clickhouse/tmp subPath: app-tmp-dir - name: empty-dir mountPath: /tmp subPath: tmp-dir {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} - name: custom-start-scripts mountPath: /docker-entrypoint-startdb.d {{- end }} {{- if $.Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if $.Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - name: empty-dir emptyDir: {} {{- if or $.Values.configuration $.Values.existingConfigmap }} - name: config configMap: name: {{ template "clickhouse.configmapName" $ }} {{- end }} - name: configd-configuration configMap: name: {{ template "clickhouse.configd.configmapName" $ }} {{- if or $.Values.usersdFiles $.Values.existingUsersdConfigmap $.Values.existingUsersdSecret }} - name: usersd-configuration-configuration projected: sources: {{- if $.Values.existingUsersdSecret }} - secret: name: {{ tpl $.Values.existingUsersdSecret $ }} {{- end }} {{- if or $.Values.usersdFiles $.Values.existingUsersdConfigmap }} - configMap: name: {{ template "clickhouse.usersd.configmapName" $ }} {{- end }} {{- end }} {{- if $.Values.usePasswordFiles }} - name: secrets secret: secretName: {{ include "clickhouse.secretName" $ }} defaultMode: 256 {{- end }} {{- if $.Values.tls.enabled }} - name: ca-cert secret: secretName: {{ template "clickhouse.tls.ca.secretName" $ }} defaultMode: 256 - name: server-cert secret: secretName: {{ template "clickhouse.tls.server.secretName" $ }} defaultMode: 256 {{- end }} {{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }} - name: custom-init-scripts secret: secretName: {{ include "clickhouse.initdbScriptsSecret" $ }} {{- end }} {{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }} - name: custom-start-scripts secret: secretName: {{ include "clickhouse.startdbScriptsSecret" $ }} {{- end }} {{- if $.Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if not $.Values.persistence.enabled }} - name: {{ $.Values.persistence.volumeName }} emptyDir: {} {{- else if $.Values.persistence.existingClaim }} - name: {{ $.Values.persistence.volumeName }} persistentVolumeClaim: claimName: {{ tpl $.Values.persistence.existingClaim $ }} {{- else }} {{- if $.Values.persistentVolumeClaimRetentionPolicy.enabled }} persistentVolumeClaimRetentionPolicy: whenDeleted: {{ $.Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} whenScaled: {{ $.Values.persistentVolumeClaimRetentionPolicy.whenScaled }} {{- end }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ $.Values.persistence.volumeName }} {{- if or $.Values.persistence.annotations $.Values.commonAnnotations }} {{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.annotations $.Values.commonLabels ) "context" $ ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }} {{- end }} {{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.labels $.Values.commonLabels ) "context" $ ) }} labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }} app.kubernetes.io/component: clickhouse spec: accessModes: {{- range $.Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ $.Values.persistence.size | quote }} {{- if $.Values.persistence.dataSource }} dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }} {{- end }} {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} {{- if $.Values.persistence.selector }} selector: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.selector "context" $) | nindent 10 }} {{- end }} {{- if $.Values.extraVolumeClaimTemplates }} {{- include "common.tplvalues.render" ( dict "value" $.Values.extraVolumeClaimTemplates "context" $) | nindent 4 }} {{- end }} {{- end }} --- {{- end }}