v0.2.6 (#46)

* Update operator version

* add support for service account creation

resolves #41

* Fixes logVolumeClaimTemplate usage

resolves #44

* allows for a cluster secret to be created or defined. Resolves #42

* [clickhouse] v0.2.6 version bump

Author: joshleecreates

Makefile

@@ -13,7 +13,9 @@ docs:
 	helm-docs charts/clickhouse-keeper-sts --template-files=templates/README.md.gotmpl
 	helm-docs charts/keeper-sts --template-files=templates/README.md.gotmpl
 	# Trim whitespace from generated README files
-	find charts -name "README.md" -exec sed -i '' -e '1,2{/^[[:space:]]*$$/d;}' -e 's/[[:space:]]*$$//' {} \;
+	for file in $$(find charts -name "README.md"); do \
+		sed -i -e '1,2{/^[[:space:]]*$$/d;}' -e 's/[[:space:]]*$$//' "$$file"; \
+	done
 
 verify:
 	${REPO_ROOT}/scripts/validate.sh

charts/clickhouse/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: altinity-clickhouse-operator
   repository: https://docs.altinity.com/clickhouse-operator
-  version: 0.24.3
-digest: sha256:b94131a88dd2045295643ffb85cd0c84c723e86c0513df7308c527e19ee80cc2
-generated: "2025-01-28T13:19:50.741222228+01:00"
+  version: 0.25.2
+digest: sha256:baaefed641447864a2e78270a19cfc3667071f2ebbaca3d40e4f3293b30be015
+generated: "2025-07-17T15:27:54.494193-04:00"

charts/clickhouse/Chart.yaml

@@ -2,12 +2,12 @@ apiVersion: v2
 name: clickhouse
 description: A Helm chart for creating a ClickHouse® Cluster with the Altinity Operator for ClickHouse
 type: application
-version: 0.2.5
+version: 0.2.6
 appVersion: "24.8.14.10459"
 
 dependencies:
   - name: altinity-clickhouse-operator
     repository: https://docs.altinity.com/clickhouse-operator
-    version: 0.24.3
+    version: 0.25.2
     alias: operator
     condition: operator.enabled

charts/clickhouse/README.md

@@ -1,5 +1,5 @@
 # clickhouse
-![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 24.8.14.10459](https://img.shields.io/badge/AppVersion-24.8.14.10459-informational?style=flat-square)
+![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 24.8.14.10459](https://img.shields.io/badge/AppVersion-24.8.14.10459-informational?style=flat-square)
 
 A Helm chart for creating a ClickHouse® Cluster with the Altinity Operator for ClickHouse
 
@@ -15,7 +15,7 @@ A Helm chart for creating a ClickHouse® Cluster with the Altinity Operator for
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://docs.altinity.com/clickhouse-operator | operator(altinity-clickhouse-operator) | 0.24.3 |
+| https://docs.altinity.com/clickhouse-operator | operator(altinity-clickhouse-operator) | 0.25.2 |
 
 ## Installing the Chart
 
@@ -132,6 +132,13 @@ EOSQL
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | clickhouse.antiAffinity | bool | `false` |  |
+| clickhouse.clusterSecret | object | `{"auto":true,"enabled":false,"value":"","valueFrom":{"secretKeyRef":{"key":"secret","name":""}}}` | Cluster secret configuration for secure inter-node communication |
+| clickhouse.clusterSecret.auto | bool | `true` | Auto-generate cluster secret (recommended for security) |
+| clickhouse.clusterSecret.enabled | bool | `false` | Whether to enable secure cluster communication |
+| clickhouse.clusterSecret.value | string | `""` | Plaintext cluster secret value (not recommended for production) |
+| clickhouse.clusterSecret.valueFrom | object | `{"secretKeyRef":{"key":"secret","name":""}}` | Reference to an existing Kubernetes secret containing the cluster secret |
+| clickhouse.clusterSecret.valueFrom.secretKeyRef.key | string | `"secret"` | Key in the secret that contains the cluster secret value |
+| clickhouse.clusterSecret.valueFrom.secretKeyRef.name | string | `""` | Name of the secret containing the cluster secret |
 | clickhouse.defaultUser.allowExternalAccess | bool | `false` | Allow the default user to access ClickHouse from any IP. If set, will override `hostIP` to always be `0.0.0.0/0`. |
 | clickhouse.defaultUser.hostIP | string | `"127.0.0.1/32"` |  |
 | clickhouse.defaultUser.password | string | `""` |  |
@@ -162,6 +169,9 @@ EOSQL
 | clickhouse.service.serviceAnnotations | object | `{}` |  |
 | clickhouse.service.serviceLabels | object | `{}` |  |
 | clickhouse.service.type | string | `"ClusterIP"` |  |
+| clickhouse.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| clickhouse.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
+| clickhouse.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | clickhouse.shardsCount | int | `1` | number of shards. |
 | clickhouse.zones | list | `[]` |  |
 | keeper.enabled | bool | `false` | Whether to enable Keeper. Required for replicated tables. |

charts/clickhouse/templates/_helpers.tpl

@@ -77,6 +77,9 @@ Pod Template Base
           imagePullSecrets:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- if or .Values.clickhouse.serviceAccount.create .Values.clickhouse.serviceAccount.name }}
+          serviceAccountName: {{ include "clickhouse.serviceAccountName" . }}
+          {{- end }}
           securityContext:
             {{- toYaml .Values.clickhouse.podSecurityContext | nindent 12 }}
           containers:
@@ -218,3 +221,14 @@ Selector labels
 app.kubernetes.io/name: {{ include "clickhouse.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "clickhouse.serviceAccountName" -}}
+{{- if .Values.clickhouse.serviceAccount.create }}
+{{- default (include "clickhouse.fullname" .) .Values.clickhouse.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.clickhouse.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/clickhouse/templates/chi.yaml

@@ -17,13 +17,19 @@ spec:
       {{- if .Values.clickhouse.persistence.enabled }}
       dataVolumeClaimTemplate: {{ include "clickhouse.volumeClaimTemplateName" . }}
       {{- end }}
+      {{- if .Values.clickhouse.persistence.logs.enabled }}
+      logVolumeClaimTemplate: {{ include "clickhouse.logsVolumeClaimTemplateName" . }}
+      {{- end }}
   useTemplates:
     - name: {{ $service_name }}
     {{- if .Values.clickhouse.lbService.enabled }}
     - name: {{ $service_name }}-lb
     {{- end }}
     - name: {{ include "clickhouse.podTemplateName" . }}
     - name: {{ include "clickhouse.volumeClaimTemplateName" . }}
+    {{- if .Values.clickhouse.persistence.logs.enabled }}
+    - name: {{ include "clickhouse.logsVolumeClaimTemplateName" . }}
+    {{- end }}
     {{- if not (empty .Values.clickhouse.zones) -}}
     {{- $originalContext := . -}}
     {{- range .Values.clickhouse.zones }}
@@ -44,6 +50,20 @@ spec:
             key: password
     clusters:
       - name: {{ include "clickhouse.clustername" . }}
+        {{- if .Values.clickhouse.clusterSecret.enabled }}
+        secure: "yes"
+        secret:
+          {{- if .Values.clickhouse.clusterSecret.auto }}
+          auto: "true"
+          {{- else if .Values.clickhouse.clusterSecret.value }}
+          value: {{ .Values.clickhouse.clusterSecret.value | quote }}
+          {{- else if .Values.clickhouse.clusterSecret.valueFrom.secretKeyRef.name }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.clickhouse.clusterSecret.valueFrom.secretKeyRef.name | quote }}
+              key: {{ .Values.clickhouse.clusterSecret.valueFrom.secretKeyRef.key | quote }}
+          {{- end }}
+        {{- end }}
         layout:
           {{- if (empty .Values.clickhouse.zones) }}
           shardsCount: {{ .Values.clickhouse.shardsCount | default 1 }}

charts/clickhouse/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.clickhouse.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "clickhouse.serviceAccountName" . }}
+  labels:
+    {{- include "clickhouse.labels" . | nindent 4 }}
+  {{- with .Values.clickhouse.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/clickhouse/values.yaml

@@ -24,6 +24,22 @@ clickhouse:
   # -- number of shards.
   shardsCount: 1
 
+  # -- Cluster secret configuration for secure inter-node communication
+  clusterSecret:
+    # -- Whether to enable secure cluster communication
+    enabled: false
+    # -- Auto-generate cluster secret (recommended for security)
+    auto: true
+    # -- Plaintext cluster secret value (not recommended for production)
+    value: ""
+    # -- Reference to an existing Kubernetes secret containing the cluster secret
+    valueFrom:
+      secretKeyRef:
+        # -- Name of the secret containing the cluster secret
+        name: ""
+        # -- Key in the secret that contains the cluster secret value
+        key: "secret"
+
   # Specify which zones to run in.
   # `replicaCount` will applied within each zone.
   zones: []
@@ -75,6 +91,14 @@ clickhouse:
   # @ignore
   imagePullSecrets: []
 
+  serviceAccount:
+    # -- Specifies whether a service account should be created
+    create: false
+    # -- Annotations to add to the service account
+    annotations: {}
+    # -- The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
 
   podAnnotations: {}
   podLabels: {}