Hi I have few doubts regarding the Signoz for

Question

Hi < Ankit Nayan> I have few doubts regarding the Signoz for community edition 1 In privacy policy stated like this collecting personal information a Email address b First name and last name c Cookies and Usage Data Is it applicable for community edition standalone application which deployed via helm charts 2 Is there any tutorial to enable authentication to clickhouse db and work along with signoz as we are able to access the db without username and password 3 What is the impact to signoz application if we add encryption to clickhouse

Ankit Nayan · Answer

< Anil Kumar Bandrapalli> 1 yes stats around usage along with email and first and last name are collected for all 2 < Prashant Shahi> 3 can you refer to some doc blog around encryption that you plan to use

Anil Kumar Bandrapalli · Answer

< Ankit Nayan> even for the standalone signoz also data will get collected by but how data from our standalone application is being shared with you what level of stats information will be shared with you for the improving signoz

Ankit Nayan · Answer

Ankit Nayan · Answer

you can anonymise the data by a toggle available during account creation

Anil Kumar Bandrapalli · Answer

if i set this env variable will our standalone signoz application stop sending metrics to <http signoz io|signoz io> ```TELEMETRY ENABLED=false```

Ankit Nayan · Answer

yes it will not send any metric to us

Anil Kumar Bandrapalli · Answer

ok thank you ankit please help us to setup the clickhouse with authentication enabled

Ankit Nayan · Answer

using helm charts

Anil Kumar Bandrapalli · Answer

yes

Ankit Nayan · Answer

should be doable give some time for < Prashant Shahi> to come back on this

Anil Kumar Bandrapalli · Answer

ok thank you < Ankit Nayan> sure we will wait for him

Prashant Shahi · Answer

gt 2 Is there any tutorial to enable authentication to clickhouse db and work along with signoz as we are able to access the db without username and password gt Currently we don t have any tutorial clickhouse auth in SigNoz In Docker right now the ClickHouse DB is accessible with default credentials Only security measure at the moment would be to not expose the ClickHouse ports publicly However we will be working on adding admin user with strong password on default signoz installation in the future Do let us know if you need help on the same in Docker environment In case of K8s ClickHouse DB should be secure and accessible via the credentials mentioned in `values yaml` <https github com SigNoz charts blob main charts signoz values yaml L54 L57|https github com SigNoz charts blob main charts signoz values yaml L54 L57> You can update the values and the IP whitelisting using `clickhouse allowedNetworkIps` as per requirements

Anil Kumar Bandrapalli · Answer

ok

Ankit Nayan · Answer

gt < Prashant Shahi> will just updating the username and password in these lines work Don t we need to change values in otel colllectors and query service as those clients will be connecting to CH

Prashant Shahi · Answer

gt Don t we need to change values in otel colllectors and query service as those clients will be connecting to CH SigNoz helm chart takes care of it by including the CH creds as environment variables in query service and otel collectors containers

Ankit Nayan · Answer

Cool

Rahul Tiwari · Answer

Hello < Prashant Shahi> and < Ankit Nayan> i have applied the changes in override values yaml i mentioned the username and password but when i try to login into chi signoz cluster 0 0 0 pod to connect to clickhouse client am able to connect without passing username and password it should not be the case i must able to connect to clickhouse client only when i pass username and password

Rahul Tiwari · Answer

clickhouse cloud aws installCustomStorageClass true user admin password admin 123 persistence storageClass gp2 resizable

Rahul Tiwari · Answer

my override values yaml file content

Prashant Shahi · Answer

< Rahul Tiwari> can you share the command you are using to connect to clickhouse and from which container

Rahul Tiwari · Answer

< Prashant Shahi> please find the command below

Rahul Tiwari · Answer

ec2 user ~ $ k get pods n platform NAME READY STATUS RESTARTS AGE chi signoz cluster 0 0 0 1 1 Running 0 16h clickhouse operator 57959d7fd8 wbzgd 2 2 Running 0 8d my release signoz alertmanager 0 1 1 Running 0 8d my release signoz frontend 7f96779f4f l42l9 1 1 Running 0 8d my release signoz otel collector 6ff6468844 cltjx 1 1 Running 4 16h my release signoz otel collector metrics 577574c498 2vdcp 1 1 Running 2 16h my release signoz query service 0 1 1 Running 3 16h my release zookeeper 0 1 1 Running 0 8d ec2 user ~ $ k exec it chi signoz cluster 0 0 0 n platform bash kubectl exec POD COMMAND is DEPRECATED and will be removed in a future version Use kubectl exec POD COMMAND instead bash 5 1$ clickhouse client ClickHouse client version 22 4 5 9 official build Connecting to localhost 9000 as user default Connected to ClickHouse server version 22 4 5 revision 54455 Warnings Effective user of the process clickhouse does not match the owner of the data root Some obsolete setting is changed Check select from system settings where changed and read the changelog chi signoz cluster 0 0 0 chi signoz cluster 0 0 platform svc cluster local

Prashant Shahi · Answer

< Rahul Tiwari> default ClickHouse credentials are allowed when ClickHouse server is accessible from `localhost`

Rahul Tiwari · Answer

< Prashant Shahi> we need to make it password protected So that it can be access by username and password only

Anil Kumar Bandrapalli · Answer

yes we need with password only

Prashant Shahi · Answer

It is password protected It would require the password when trying to access ClickHouse from outside the container aka non localhost

Rahul Tiwari · Answer

< Prashant Shahi> our requirement is nobody should connect to clickhouse without username and password even if they try to access it within the pod container itself