Wrong env variable defined in config when using password secret #1344
Description
When I am loading a user password from a k8s secret the generated users chop-generated-users.xml references the wrong environment variable.
My config:
apiVersion: clickhouse.altinity.com/v1
kind: ClickHouseInstallation
metadata:
name: instance
namespace: clickhouse
spec:
configuration:
clusters:
- layout:
replicasCount: 1
shardsCount: 1
name: instance
templates:
podTemplate: clickhouse-stable
serviceTemplate: chi-service-template
volumeClaimTemplate: storage-vc-template
files:
users.d/ro_role.xml: |
<clickhouse>
<roles>
<ro_role>
<grants>
<query>REVOKE ALL ON *.*</query>
<query>GRANT SELECT,SHOW,dictGet ON *.*</query>
</grants>
</ro_role>
</roles>
</clickhouse>
users:
clickhouse_operator/networks/ip:
- 0.0.0.0/0
grafana/grants/query:
- GRANT ro_role
grafana/networks/ip:
- 0.0.0.0/0
grafana/password:
valueFrom:
secretKeyRef:
key: grafana
name: passwords
foo/allow_databases/database:
- foo
foo/networks/ip:
- 0.0.0.0/0
foo/password:
valueFrom:
secretKeyRef:
key: foo
name: passwords
defaults:
templates:
serviceTemplate: chi-service-template
templates:
podTemplates:
- metadata:
labels:
app.kubernetes.io/name: clickhouse-instance
name: clickhouse-stable
spec:
containers:
- image: altinity/clickhouse-server:23.8.8.21.altinitystable
name: clickhouse
serviceAccountName: instance
serviceTemplates:
- generateName: '{chi}'
name: chi-service-template
spec:
ports:
- name: http
port: 8123
protocol: TCP
targetPort: http
- name: tcp
port: 9000
protocol: TCP
targetPort: tcp
type: ClusterIP
volumeClaimTemplates:
- name: storage-vc-template
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: standard
which generates chop-generated-users.xml
<yandex>
<users>
<clickhouse_operator>
<networks>
<ip>10.35.19.198</ip>
<ip>0.0.0.0/0</ip>
</networks>
<password_sha256_hex>716b36073a90c6fe1d445ac1af85f4777c5b7a155cea359961826a030513e448</password_sha256_hex>
<profile>clickhouse_operator</profile>
</clickhouse_operator>
<default>
<networks>
<host_regexp>(chi-instance-[^.]+\d+-\d+|clickhouse\-instance)\.clickhouse\.svc\.cluster\.local$</host_regexp>
<ip>::1</ip>
<ip>127.0.0.1</ip>
<ip>10.35.19.225</ip>
</networks>
<profile>default</profile>
<quota>default</quota>
</default>
<grafana>
<grants>
<query>GRANT ro_role</query>
</grants>
<networks>
<host_regexp>(chi-instance-[^.]+\d+-\d+|clickhouse\-instance)\.clickhouse\.svc\.cluster\.local$</host_regexp>
<ip>::1</ip>
<ip>127.0.0.1</ip>
<ip>0.0.0.0/0</ip>
</networks>
<password from_env="CONFIGURATION_USERS_VAR_5_GRAFANA_PASSWORD"></password>
<profile>default</profile>
<quota>default</quota>
</grafana>
<foo>
<allow_databases>
<database>foo</database>
</allow_databases>
<networks>
<host_regexp>(chi-instance-[^.]+\d+-\d+|clickhouse\-instance)\.clickhouse\.svc\.cluster\.local$</host_regexp>
<ip>::1</ip>
<ip>127.0.0.1</ip>
<ip>0.0.0.0/0</ip>
</networks>
<password from_env="CONFIGURATION_USERS_VAR_12_FOO_PASSWORD"></password>
<profile>default</profile>
<quota>default</quota>
</foo>
</users>
</yandex>
but the defined env variables in the pods are:
CONFIGURATION_USERS_VAR_8_GRAFANA_PASSWORD=...
CONFIGURATION_USERS_VAR_7_FOO_PASSWORD=...
So when I connect to the instance I get a wrong password error
Best Adrian
Metadata
Metadata
Assignees
Labels
No labels