Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-14 06:47:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb6c8e3e8a7bbf630506ea477681a890bb8d3fa6
charts/bitnami/clickhouse/templates/statefulset.yaml

465 lines
24 KiB
YAML
Raw Blame History

{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $shards := .Values.shards | int }}
{{- range $i, $e := until $shards }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }}
kind: StatefulSet
metadata:
name: {{ printf "%s-shard%d" (include "common.names.fullname" $ ) $i }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: clickhouse
shard: {{ $i | quote }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ $.Values.replicaCount }}
podManagementPolicy: {{ $.Values.podManagementPolicy | quote }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.podLabels $.Values.commonLabels ) "context" $ ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: clickhouse
serviceName: {{ printf "%s-headless" (include "common.names.fullname" $) }}
{{- if $.Values.updateStrategy }}
updateStrategy: {{- toYaml $.Values.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }}
checksum/config-extra: {{ include (print $.Template.BasePath "/configmap-extra.yaml") $ | sha256sum }}
checksum/config-users-extra: {{ include (print $.Template.BasePath "/configmap-users-extra.yaml") $ | sha256sum }}
{{- if $.Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" $.Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if and $.Values.metrics.enabled $.Values.metrics.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" $.Values.metrics.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: clickhouse
shard: {{ $i | quote }}
spec:
serviceAccountName: {{ template "clickhouse.serviceAccountName" $ }}
{{- include "clickhouse.imagePullSecrets" $ | nindent 6 }}
automountServiceAccountToken: {{ $.Values.automountServiceAccountToken }}
{{- if $.Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" $.Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAffinityPreset "component" "clickhouse" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.podAntiAffinityPreset "component" "clickhouse" "customLabels" $podLabels "extraPodAffinityTerms" (ternary (list (dict "extraMatchLabels" (dict "shard" $i) "topologyKey" "topology.kubernetes.io/zone")) (list) $.Values.distributeReplicasByZone) "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.nodeAffinityPreset.type "key" $.Values.nodeAffinityPreset.key "values" $.Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if $.Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" $.Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.priorityClassName }}
priorityClassName: {{ $.Values.priorityClassName | quote }}
{{- end }}
{{- if $.Values.schedulerName }}
schedulerName: {{ $.Values.schedulerName | quote }}
{{- end }}
{{- if $.Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if $.Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if and $.Values.tls.enabled (not $.Values.volumePermissions.enabled) }}
- name: copy-certs
image: {{ include "clickhouse.volumePermissions.image" $ }}
imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }}
{{- if $.Values.resources }}
resources: {{- toYaml $.Values.resources | nindent 12 }}
{{- else if ne $.Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if $.Values.containerSecurityContext.enabled }}
# We don't require a privileged container in this case
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
command:
- /bin/sh
- -ec
- |
cp -L /tmp/certs/* /opt/bitnami/clickhouse/certs/
chmod 600 {{ include "clickhouse.tlsCertKey" $ }}
volumeMounts:
- name: raw-certificates
mountPath: /tmp/certs
- name: clickhouse-certificates
mountPath: /opt/bitnami/clickhouse/certs
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "clickhouse.volumePermissions.image" $ }}
imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/sh
- -ec
- |
mkdir -p /bitnami/clickhouse/data
chmod 700 /bitnami/clickhouse/data
{{- if $.Values.keeper.enabled }}
mkdir -p /bitnami/clickhouse/keeper
chmod 700 /bitnami/clickhouse/keeper
{{- end }}
chown {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /bitnami/clickhouse
find /bitnami/clickhouse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs -r chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }}
{{- if $.Values.tls.enabled }}
cp /tmp/certs/* /opt/bitnami/clickhouse/certs/
{{- if eq ( toString ( $.Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/clickhouse/certs/
{{- else }}
chown -R {{ $.Values.containerSecurityContext.runAsUser }}:{{ $.Values.podSecurityContext.fsGroup }} /opt/bitnami/clickhouse/certs/
{{- end }}
chmod 600 {{ include "clickhouse.tlsCertKey" $ }}
{{- end }}
securityContext: {{- include "common.tplvalues.render" (dict "value" $.Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
{{- if $.Values.volumePermissions.resources }}
resources: {{- toYaml $.Values.volumePermissions.resources | nindent 12 }}
{{- else if ne $.Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" $.Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/clickhouse
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if $.Values.tls.enabled }}
- name: raw-certificates
mountPath: /tmp/certs
- name: clickhouse-certificates
mountPath: /opt/bitnami/clickhouse/certs
{{- end }}
{{- end }}
{{- if $.Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: clickhouse
image: {{ template "clickhouse.image" $ }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if $.Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if $.Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if $.Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" $.Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if $.Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or $.Values.image.debug $.Values.diagnosticMode.enabled) | quote }}
- name: CLICKHOUSE_HTTP_PORT
value: {{ $.Values.containerPorts.http | quote }}
- name: CLICKHOUSE_TCP_PORT
value: {{ $.Values.containerPorts.tcp | quote }}
- name: CLICKHOUSE_MYSQL_PORT
value: {{ $.Values.containerPorts.mysql | quote }}
- name: CLICKHOUSE_POSTGRESQL_PORT
value: {{ $.Values.containerPorts.postgresql | quote }}
- name: CLICKHOUSE_INTERSERVER_HTTP_PORT
value: {{ $.Values.containerPorts.interserver | quote }}
{{- if $.Values.tls.enabled }}
- name: CLICKHOUSE_TCP_SECURE_PORT
value: {{ $.Values.containerPorts.tcpSecure | quote }}
- name: CLICKHOUSE_HTTPS_PORT
value: {{ $.Values.containerPorts.https | quote }}
{{- end }}
{{- if $.Values.keeper.enabled }}
- name: CLICKHOUSE_KEEPER_PORT
value: {{ $.Values.containerPorts.keeper | quote }}
- name: CLICKHOUSE_KEEPER_INTER_PORT
value: {{ $.Values.containerPorts.keeperInter | quote }}
{{- if $.Values.tls.enabled }}
- name: CLICKHOUSE_KEEPER_SECURE_PORT
value: {{ $.Values.containerPorts.keeperSecure | quote }}
{{- end }}
{{- end }}
{{- if $.Values.metrics.enabled }}
- name: CLICKHOUSE_METRICS_PORT
value: {{ $.Values.containerPorts.metrics | quote }}
{{- end }}
- name: CLICKHOUSE_ADMIN_USER
value: {{ $.Values.auth.username | quote }}
- name: CLICKHOUSE_SHARD_ID
value: {{ printf "shard%d" $i | quote }}
- name: CLICKHOUSE_REPLICA_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CLICKHOUSE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "clickhouse.secretName" $ }}
key: {{ include "clickhouse.secretKey" $ }}
{{- if $.Values.tls.enabled }}
- name: CLICKHOUSE_TLS_CERT_FILE
value: {{ include "clickhouse.tlsCert" $ | quote}}
- name: CLICKHOUSE_TLS_KEY_FILE
value: {{ include "clickhouse.tlsCertKey" $ | quote }}
- name: CLICKHOUSE_TLS_CA_FILE
value: {{ include "clickhouse.tlsCACert" $ | quote }}
{{- end }}
{{- if $.Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if $.Values.keeper.enabled }}
{{- $replicas := $.Values.replicaCount | int }}
{{- range $j, $r := until $replicas }}
- name: {{ printf "KEEPER_NODE_%d" $j }}
value: {{ printf "%s-shard%d-%d.%s.%s.svc.%s" (include "common.names.fullname" $ ) $i $j (include "clickhouse.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }}
{{- end }}
{{- else if $.Values.zookeeper.enabled }}
{{- $replicas := $.Values.zookeeper.replicaCount | int }}
{{- range $j, $r := until $replicas }}
- name: {{ printf "KEEPER_NODE_%d" $j }}
value: {{ printf "%s-%d.%s.%s.svc.%s" (include "clickhouse.zookeeper.fullname" $ ) $j (include "clickhouse.zookeeper.headlessServiceName" $) (include "common.names.namespace" $) $.Values.clusterDomain }}
{{- end }}
{{- end }}
envFrom:
{{- if $.Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if $.Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" $.Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if $.Values.resources }}
resources: {{- toYaml $.Values.resources | nindent 12 }}
{{- else if ne $.Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" $.Values.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ $.Values.containerPorts.http }}
- name: tcp
containerPort: {{ $.Values.containerPorts.tcp }}
{{- if $.Values.tls.enabled }}
- name: https
containerPort: {{ $.Values.containerPorts.https }}
- name: tcp-secure
containerPort: {{ $.Values.containerPorts.tcpSecure }}
{{- end }}
{{- if $.Values.keeper.enabled }}
- name: tcp-keeper
containerPort: {{ $.Values.containerPorts.keeper }}
- name: tcp-keeperinter
containerPort: {{ $.Values.containerPorts.keeperInter }}
{{- if $.Values.tls.enabled }}
- name: tcp-keepertls
containerPort: {{ $.Values.containerPorts.keeperSecure }}
{{- end }}
{{- end }}
- name: tcp-postgresql
containerPort: {{ $.Values.containerPorts.postgresql }}
- name: tcp-mysql
containerPort: {{ $.Values.containerPorts.mysql }}
- name: http-intersrv
containerPort: {{ $.Values.containerPorts.interserver }}
{{- if $.Values.metrics.enabled }}
- name: http-metrics
containerPort: {{ $.Values.containerPorts.metrics }}
{{- end }}
{{- if not $.Values.diagnosticMode.enabled }}
{{- if $.Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if $.Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: http
{{- end }}
{{- if $.Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if $.Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /ping
port: http
{{- end }}
{{- if $.Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if $.Values.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /ping
port: http
{{- end }}
{{- end }}
{{- if $.Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /opt/bitnami/clickhouse/etc
subPath: app-conf-dir
- name: empty-dir
mountPath: /opt/bitnami/clickhouse/logs
subPath: app-logs-dir
- name: empty-dir
mountPath: /opt/bitnami/clickhouse/tmp
subPath: app-tmp-dir
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: scripts
mountPath: /scripts/setup.sh
subPath: setup.sh
- name: data
mountPath: /bitnami/clickhouse
- name: config
mountPath: /bitnami/clickhouse/etc/conf.d/default
{{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }}
- name: extra-config
mountPath: /bitnami/clickhouse/etc/conf.d/extra-configmap
{{- end }}
{{- if or $.Values.usersExtraOverridesConfigmap $.Values.usersExtraOverrides }}
- name: users-extra-config
mountPath: /bitnami/clickhouse/etc/users.d/users-extra-configmap
{{- end }}
{{- if $.Values.extraOverridesSecret }}
- name: extra-secret
mountPath: /bitnami/clickhouse/etc/conf.d/extra-secret
{{- end }}
{{- if $.Values.usersExtraOverridesSecret }}
- name: users-extra-secret
mountPath: /bitnami/clickhouse/etc/users.d/users-extra-secret
{{- end }}
{{- if $.Values.tls.enabled }}
- name: clickhouse-certificates
mountPath: /bitnami/clickhouse/certs
{{- end }}
{{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
{{- end }}
{{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }}
- name: custom-start-scripts
mountPath: /docker-entrypoint-startdb.d
{{- end }}
{{- if $.Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if $.Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: scripts
configMap:
name: {{ printf "%s-scripts" (include "common.names.fullname" $) }}
defaultMode: 0755
- name: empty-dir
emptyDir: {}
- name: config
configMap:
name: {{ template "clickhouse.configmapName" $ }}
{{- if or $.Values.initdbScriptsSecret $.Values.initdbScripts }}
- name: custom-init-scripts
secret:
secretName: {{ include "clickhouse.initdbScriptsSecret" $ }}
{{- end }}
{{- if or $.Values.startdbScriptsSecret $.Values.startdbScripts }}
- name: custom-start-scripts
secret:
secretName: {{ include "clickhouse.startdbScriptsSecret" $ }}
{{- end }}
{{- if or $.Values.extraOverridesConfigmap $.Values.extraOverrides }}
- name: extra-config
configMap:
name: {{ template "clickhouse.extraConfigmapName" $ }}
{{- end }}
{{- if or $.Values.usersExtraOverridesConfigmap $.Values.usersExtraOverrides }}
- name: users-extra-config
configMap:
name: {{ template "clickhouse.usersExtraConfigmapName" $ }}
{{- end }}
{{- if $.Values.extraOverridesSecret }}
- name: extra-secret
secret:
secretName: {{ $.Values.extraOverridesSecret }}
{{- end }}
{{- if $.Values.usersExtraOverridesSecret }}
- name: users-extra-secret
secret:
secretName: {{ $.Values.usersExtraOverridesSecret }}
{{- end }}
{{- if not $.Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if $.Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ tpl $.Values.persistence.existingClaim $ }}
{{- end }}
{{- if $.Values.tls.enabled }}
- name: raw-certificates
secret:
secretName: {{ include "clickhouse.tlsSecretName" $ }}
- name: clickhouse-certificates
emptyDir: {}
{{- end }}
{{- if $.Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" $.Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if or $.Values.extraVolumeClaimTemplates (and $.Values.persistence.enabled (not $.Values.persistence.existingClaim)) }}
volumeClaimTemplates:
{{- if and $.Values.persistence.enabled (not $.Values.persistence.existingClaim) }}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
{{- if or $.Values.persistence.annotations $.Values.commonAnnotations }}
{{- $claimAnnotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.annotations $.Values.commonLabels ) "context" $ ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }}
{{- end }}
{{- $claimLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.persistence.labels $.Values.commonLabels ) "context" $ ) }}
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $claimLabels "context" $ ) | nindent 10 }}
app.kubernetes.io/component: clickhouse
spec:
accessModes:
{{- range $.Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ $.Values.persistence.size | quote }}
{{- if $.Values.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- if $.Values.persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" $.Values.persistence.dataSource "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }}
{{- end }}
{{- if $.Values.extraVolumeClaimTemplates }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.extraVolumeClaimTemplates "context" $) | nindent 4 }}
{{- end }}
{{- end }}
---
{{- end }}
Reference in New Issue View Git Blame Copy Permalink