Configuring Connections

Defining how the world talks to your ClickHouse® cluster

The Connection Configuration dialog makes it easy to configure your ClickHouse cluster’s connections to the world:

Configuring connections

Figure 1 - The Connection Configuration dialog

Here are the details of these fields:

Endpoints

This are the endpoints of your cluster. The public endpoint is enabled by default, but you can also have a private endpoint and a VPC endpoint. Contact Altinity support to configure a private or VPC endpoint.

Protocols

Port 9440 enables the ClickHouse binary protocol, port 8443 enables HTTP connections, and port 9004 enables MySQL connections. Note: MySQL connections are for BYOC environments only.

Alternate Endpoints

You can define alternate endpoints for your cluster. Click the button to add a new endpoint. The name of the alternate endpoint can contain lowercase letters, numbers, and hyphens. It must start with a letter, and it cannot end with a hyphen.

Defining an Alternate Endpoint

Figure 3 – Defining an Alternate Endpoint

For example, you might want an endpoint that uses your organization’s domain, such as cluster.environment.example.com instead ofcluster.environment.altinity.cloud. You might also want to create an alternate endpoint and use it as the ClickHouse access point in your applications. With that approach, pointing the alternate endpoint to another cluster lets you switch the cluster your applications are using without changing the applications at all.

Clicking the yellow triangle icon displays the Create DNS records panel, which lists the required and optional DNS records you’ll need to create:

Creating DNS records

Figure 4 – Creating DNS records

When your DNS records are created, contact Altinity support to set up the alternate endpoint.

Zone Awareness

When Zone Awareness is enabled, Altinity.Cloud keeps traffic between client connections and your ClickHouse cluster in a single availability zone whenever possible. This allows you to avoid cross-zone hops.

However, if all of your client connections come from a single zone, this feature will route all requests to a single ClickHouse node. In that case, turning Zone Awareness off will ensure that your load balancer will distribute requests across all the nodes in the cluster.

VPC Endpoint Enabled

Contact Altinity support to set up a VPC endpoint.

Allowed IPs

If enabled, only ClickHouse applications or clients coming from addresses in the IP restrictions text box can connect to your cluster. You can specify individual IP address or ranges of addresses in CIDR format. Separate each entry with commas or newlines.

Disabling IP restrictions means any application can connect to your ClickHouse cluster from any IP address. This is not recommended.

NOTE: The Allowed IPs restriction only applies to ClickHouse applications or clients. Anyone with the proper credentials can access the Altinity Cloud Manager UI from any IP address.

Altinity Shield (Beta)

If enabled, uses Altinity’s CHGuard as a sidecar proxy to protect your cluster endpoint from DDoS and password enumeration attacks. You can disable it temporarily with the Temporary Bypass slider; that disables the shield without uninstalling it.

Datadog Integration

You can use Datadog to monitor your ClickHouse cluster. The Datadog options are only enabled if your cluster’s environment is enabled for Datadog support. See the section Enabling Datadog at the environment level for the details. Be aware that you must have the appropriate privileges to edit an environment’s settings, so you may need to contact your administrator.