clickhouse

ben.wangzLess than 1 minute

clickhouse

prepare

k8s is ready
argocd is ready and logged in
ingress is ready
cert-manager is ready
- the clusterissuer named self-signed-ca-issuer is ready

installation

prepare clickhouse.yaml

single node

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: clickhouse
spec:
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    chart: clickhouse
    targetRevision: 4.5.1
    helm:
      releaseName: clickhouse
      values: |
        image:
          registry: docker.io
          pullPolicy: IfNotPresent
        volumePermissions:
          enabled: false
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
        zookeeper:
          enabled: true
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
          replicaCount: 1
          persistence:
            enabled: false
          volumePermissions:
            enabled: false
            image:
              registry: docker.io
              pullPolicy: IfNotPresent
        shards: 1
        replicaCount: 1
        ingress:
          enabled: true
          annotations:
            cert-manager.io/cluster-issuer: self-signed-ca-issuer
            nginx.ingress.kubernetes.io/rewrite-target: /$1
          hostname: clickhouse.dev.geekcity.tech
          ingressClassName: nginx
          path: /?(.*)
          tls: true
        persistence:
          enabled: false
        auth:
          username: admin
          existingSecret: clickhouse-admin-credentials
          existingSecretKey: password
  destination:
    server: https://kubernetes.default.svc
    namespace: database

2-shards-3-replicas

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: clickhouse
spec:
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
  project: default
  source:
    repoURL: https://charts.bitnami.com/bitnami
    chart: clickhouse
    targetRevision: 4.5.1
    helm:
      releaseName: clickhouse
      values: |
        image:
          registry: docker.io
          pullPolicy: IfNotPresent
        volumePermissions:
          enabled: false
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
        zookeeper:
          enabled: true
          image:
            registry: docker.io
            pullPolicy: IfNotPresent
          replicaCount: 3
          persistence:
            enabled: false
          volumePermissions:
            enabled: false
            image:
              registry: docker.io
              pullPolicy: IfNotPresent
        shards: 2
        replicaCount: 3
        ingress:
          enabled: true
          annotations:
            cert-manager.io/cluster-issuer: self-signed-ca-issuer
            nginx.ingress.kubernetes.io/rewrite-target: /$1
          hostname: clickhouse.dev.geekcity.tech
          ingressClassName: nginx
          path: /?(.*)
          tls: true
        persistence:
          enabled: false
        auth:
          username: admin
          existingSecret: clickhouse-admin-credentials
          existingSecretKey: password
  destination:
    server: https://kubernetes.default.svc
    namespace: database

prepare admin credentials secret

kubectl get namespaces database > /dev/null 2>&1 || kubectl create namespace database
kubectl -n database create secret generic clickhouse-admin-credentials \
    --from-literal=password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)

apply to k8s

kubectl -n argocd apply -f clickhouse.yaml

sync by argocd
- ```
argocd app sync argocd/clickhouse
```

expose postgresql interface

prepare postgresql-interface.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: clickhouse
    app.kubernetes.io/instance: clickhouse
  name: clickhouse-postgresql-interface
spec:
  ports:
  - name: tcp-postgresql
    port: 9005
    protocol: TCP
    targetPort: tcp-postgresql
    nodePort: 32005
  selector:
    app.kubernetes.io/component: clickhouse
    app.kubernetes.io/instance: clickhouse
    app.kubernetes.io/name: clickhouse
  type: NodePort

apply to k8s

kubectl -n database apply -f postgresql-interface.yaml

expose mysql interface

prepare mysql-interface.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: clickhouse
    app.kubernetes.io/instance: clickhouse
  name: clickhouse-mysql-interface
spec:
  ports:
  - name: tcp-mysql
    port: 9004
    protocol: TCP
    targetPort: tcp-mysql
    nodePort: 32004
  selector:
    app.kubernetes.io/component: clickhouse
    app.kubernetes.io/instance: clickhouse
    app.kubernetes.io/name: clickhouse
  type: NodePort

apply to k8s

kubectl -n database apply -f mysql-interface.yaml

tests

extract clickhouse admin credentials

PASSWORD=$(kubectl -n database get secret clickhouse-admin-credentials -o jsonpath='{.data.password}' | base64 -d)

with http
- clickhouse.dev.geekcity.tech should be resolved to nginx-ingress
  - for example, add $K8S_MASTER_IP clickhouse.dev.geekcity.tech to /etc/hosts
- ```
curl -k "https://admin:${PASSWORD}@clickhouse.dev.geekcity.tech:32443/" --data 'SELECT version()'
```

with postgresql client

podman run --rm \
    --env PGPASSWORD=${PASSWORD} \
    --entrypoint psql \
    -it docker.io/library/postgres:15.2-alpine3.17 \
    --host host.containers.internal \
    --port 32005 \
    --username admin \
    --dbname default \
    --command 'select version()'

with mysql client

podman run --rm \
    -e MYSQL_PWD=${PASSWORD} \
    -it docker.io/library/mariadb:11.2.2-jammy \
    mariadb \
    --host host.containers.internal \
    --port 32004 \
    --user admin \
    --database default \
    --execute 'select version()'