feat: add support for remote_servers secret configuration #8
Conversation
|
Thanks for the PR! We've actually been discussing this internally around what would be the best practice here. My current thinking is that this helm chart should always (or at least by default) create the default user with no password, and have a simple values section for adding a new remote user besides the default user. WDYT? If we decide to keep the default user editable as it is currently, then we'd definitely want to include the changes from this PR. |
|
I think that by default you need to create a secret and refer to it. The password can be generated during the first installation via helm helpers. |
|
Moreover, It is not possible to add some custom configuration, isn't it? For example, how to configure |
|
We'll implement the auto-generated password, thanks! For more custom configurations it is recommended to create a CHI resource directly, although a mechanism for common options like max_connections would probably be useful here too. |
Pull Request Description
This PR introduces support for configuring
remote_serversin the ClickHouseInstallation resource with secret-based authentication.Error
DB::Exception: default: Authentication failed: password is incorrect, or there is no user with such name.occurs because the Distributed table is unable to connect to another server in the cluster. By default, shards use the default user to connect to each other. You can resolve this issue by:Note
The current Altinity Helm chart for ClickHouse installations does not support configuring remote_servers. As a workaround, you can use the default user without a password. This setup is secure as it restricts access to local connections only.
Key Changes:
settingssection forremote_serversusing the Helm chart's templating with dynamically configured via Kubernetes Secret references.Reviewer Notes:
Please ensure that: