forked from Altinity/clickhouse-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
03-persistent-volume-07-security-context.yaml
73 lines (72 loc) · 2.2 KB
/
03-persistent-volume-07-security-context.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
---
apiVersion: "clickhouse.altinity.com/v1"
kind: "ClickHouseInstallation"
metadata:
name: "security-context"
spec:
configuration:
clusters:
- name: "cluster"
templates:
podTemplate: pod-template-with-volumes-do-not-chown
layout:
shardsCount: 1
replicasCount: 1
files:
ch-backup.yaml: |
general:
remote_storage: "none"
disable_progress_bar: false
backups_to_keep_local: -1
backups_to_keep_remote: 0
clickhouse:
username: default
password: ""
host: localhost
data_path: /var/lib/clickhouse
disk_mapping:
default: /var/lib/clickhouse
skip_tables:
- system.*
timeout: 5m
api:
listen: "0.0.0.0:7171"
enable_metrics: true
enable_pprof: true
create_integration_tables: true
templates:
podTemplates:
- name: pod-template-with-volumes-do-not-chown
spec:
securityContext:
runAsUser: 101
runAsGroup: 101
fsGroup: 101
capabilities:
add: [ "CAP_NICE", "CAP_IPC_LOCK" ]
containers:
- name: clickhouse-pod
image: clickhouse/clickhouse-server:22.3
imagePullPolicy: IfNotPresent
volumeMounts:
- name: data-storage-vc-template-1
mountPath: /var/lib/clickhouse
command:
- clickhouse-server
- --config-file=/etc/clickhouse-server/config.xml
- name: clickhouse-backup
image: altinity/clickhouse-backup:2.2.7
imagePullPolicy: Always
command:
- /bin/bash
- -c
- "/bin/clickhouse-backup -c /etc/clickhouse-server/config.d/ch-backup.yaml server || /clickhouse-backup -c /etc/clickhouse-server/config.d/ch-backup.yaml server"
volumeClaimTemplates:
- name: data-storage-vc-template-1
spec:
# storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi