Altinity.Cloud connect

Setting up Altinity.Cloud connect

What is Altinity.Cloud connect?

Altinity.Cloud connect (altinitycloud-connect) is a tunneling daemon for Altinity.Cloud. It enables management of ClickHouse clusters through Altinity.Cloud Anywhere.

Required permissions

altinitycloud-connect requires following permissions:

Open ports:

  • 443 tcp/udp (egress; stateful)

Kubernetes permissions:

  • cluster-admin for initial provisioning only, it can be revoked afterwards
  • full access to ‘altinity-cloud-system’ and ‘altinity-cloud-managed-clickhouse’ namespaces and a few optional read-only cluster-level permissions (for observability)

Connecting to Altinity.Cloud

To get started, download the latest altinitycloud-connect binary.

Next, grab a token from Altinity.Cloud Management Console and exchange it for a certificate:

altinitycloud-connect login --token=REPLACE_WITH_ALTINITY_CLOUD_CONNECT_TOKEN

Kubernetes cluster can now be connected with

altinitycloud-connect kubernetes | kubectl apply -f -

You may inspect deployed roles and Kubernetes resources as the output of altinitycloud-connect kubernetes before applying.

TIP: altinitycloud-connect login produces cloud-connect.pem used to connect to Altinity.Cloud Anywhere control plane (--token is short-lived while cloud-connect.pem does not expire until revoked). If you need to reconnect the environment in unattended/batch mode (i.e. without requesting the token), you can do so via

altinitycloud-connect kubernetes -i /path/to/cloud-connect.pem | kubectl apply -f -

Disconnecting from Altinity.Cloud

In order to disconnect from Altinity.Cloud, run the following command:

altinitycloud-connect kubernetes --app | kubectl delete -f -

It will remove altinitycloud-connect but leave provisioned namespaces and resources in place, including ClickHouse clusters.

Last modified 2022.10.24: Update docs