Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clickhouse credentials from k8s secret #525

Open
grandwizard28 opened this issue Oct 13, 2024 · 2 comments
Open

clickhouse credentials from k8s secret #525

grandwizard28 opened this issue Oct 13, 2024 · 2 comments
Labels
chart:clickhouse Issue related to clickhouse helm chart good first issue Good for newcomers security

Comments

@grandwizard28
Copy link
Contributor

grandwizard28 commented Oct 13, 2024

Description

We need the ability to read clickhouse credentials from k8s secrets.

@grandwizard28 grandwizard28 changed the title clickhouse user and password from k8s secret clickhouse credentials from k8s secret Oct 13, 2024
@grandwizard28 grandwizard28 added chart:clickhouse Issue related to clickhouse helm chart good first issue Good for newcomers security labels Oct 13, 2024
@BryanFauble
Copy link

BryanFauble commented Oct 13, 2024

Something of a larger benefit that I started to look at was starting to consider how k8s secrets might be used to configure things like the clickhouse password. However, there was some more work to consider how stuff like the traces url could also be fed in as it includes the username/password as well:

  1. main...BryanFauble:charts-signoz:main
  2. https://github.com/BryanFauble/charts-signoz/blob/7a29318aabc8bccab36a4db3aaf3bf7e71fb27df/charts/signoz/templates/_clickhouse.tpl#L234

The secretFrom stanza was something that the underlying clickhouse implementation is doing: https://altinity.com/blog/clickhouse-confidential-using-kubernetes-secrets-with-the-altinity-operator

@grandwizard28
Copy link
Contributor Author

Thanks @BryanFauble.

I see what you mean by the url problem.

First, we need to systematically read these from a secret which might or might not require application side changes. Then we can use the same secret for clickhouse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chart:clickhouse Issue related to clickhouse helm chart good first issue Good for newcomers security
Projects
None yet
Development

No branches or pull requests

2 participants