New to KubeDB? Please start here.
Rotate Authentication of ClickHouse
This guide will give an overview on how KubeDB Ops-manager operator Rotate Authentication configuration.
Before You Begin
- You should be familiar with the following
KubeDB
concepts:
How Rotate ClickHouse Authentication Configuration Process Works
The Rotate ClickHouse Authentication process consists of the following steps:
At first, a user creates a
ClickHouse
Custom Resource Object (CRO).KubeDB
Provisioner operator watches theClickHouse
CRO.When the operator finds a
ClickHouse
CR, it creates required number ofPetSets
and related necessary stuff like secrets, services, etc.Then, in order to rotate the authentication configuration of the
ClickHouse
, the user creates aClickHouseOpsRequest
CR with desired information.KubeDB
Ops-manager operator watches theClickHouseOpsRequest
CR.When it finds a
ClickHouseOpsRequest
CR, it pauses theClickHouse
object which is referred from theClickHouseOpsRequest
. So, theKubeDB
Provisioner operator doesn’t perform any operations on theClickHouse
object during the rotating Authentication process.Then the
KubeDB
Ops-manager operator will update necessary configuration based on the Ops Request yaml to update credentials.Then the
KubeDB
Ops-manager operator will restart all the Pods of the database so that they restart with the new authenticationENVs
or other configuration defined in theClickHouseOpsRequest
CR.After the successful rotating of the
ClickHouse
Authentication, theKubeDB
Ops-manager operator resumes theClickHouse
object so that theKubeDB
Provisioner operator resumes its usual operations.
In the next docs, we are going to show a step-by-step guide on rotating Authentication configuration of a ClickHouse using ClickHouseOpsRequest
CRD.