https://signoz.io logo
Join Slack
Powered by
Hi <@U01HWQ1RTC2>, I have few doubts regarding the...
# support
a
Hi @Ankit Nayan, I have few doubts regarding the Signoz for community edition. 1. In privacy policy, stated like this collecting personal information a. Email address b. First name and last name c. Cookies and Usage Data Is it applicable for community edition/standalone application which deployed via helm charts? 2. Is there any tutorial to enable authentication to clickhouse db and work along with signoz as we are able to access the db without username and password. 3. What is the impact to signoz application if we add encryption to clickhouse ?
a
@Anil Kumar Bandrapalli 1. yes, stats around usage along with email and first and last name are collected for all. 2. @Prashant Shahi 3. can you refer to some doc/blog around encryption that you plan to use?
a
@Ankit Nayan, even for the standalone signoz also data will get collected by signoz.io ? but how data from our standalone application is being shared with you? what level of stats information will be shared with you for the improving signoz?
a
you can anonymise the data by a toggle available during account creation
a
if i set this env variable, will our standalone signoz application stop sending metrics to signoz.io ?
Copy code
TELEMETRY_ENABLED=false
a
yes...it will not send any metric to us
a
ok thank you ankit. please help us to setup the clickhouse with authentication enabled.
a
using helm charts?
a
yes
a
should be doable...give some time for @Prashant Shahi to come back on this
a
ok thank you @Ankit Nayan. sure we will wait for him
p
2. Is there any tutorial to enable authentication to clickhouse db and work along with signoz as we are able to access the db without username and password.
Currently, we don't have any tutorial clickhouse auth in SigNoz. In Docker, right now the ClickHouse DB is accessible with default credentials. Only security measure at the moment would be to not expose the ClickHouse ports publicly. However, we will be working on adding admin user with strong password on default signoz installation in the future. Do let us know if you need help on the same in Docker environment. In case of K8s, ClickHouse DB should be secure and accessible via the credentials mentioned in `values.yaml`: https://github.com/SigNoz/charts/blob/main/charts/signoz/values.yaml#L54-L57 You can update the values and the IP whitelisting using 
clickhouse.allowedNetworkIps
as per requirements.
a
ok
a
https://github.com/SigNoz/charts/blob/main/charts/signoz/values.yaml#L54-L57
@Prashant Shahi will just updating the username and password in these lines work? Don't we need to change values in otel-colllectors and query-service as those clients will be connecting to CH
p
Don't we need to change values in otel-colllectors and query-service as those clients will be connecting to CH
SigNoz helm chart takes care of it by including the CH creds as environment variables in query-service and otel collectors containers.
a
Cool
r
Hello @Prashant Shahi and @Ankit Nayan i have applied the changes in override-values.yaml https://github.com/SigNoz/charts/blob/main/charts/signoz/values.yaml#L54-L57, i mentioned the username and password, but when i try to login into chi-signoz-cluster-0-0-0 pod to connect to clickhouse-client am able to connect without passing username and password, it should not be the case i must able to connect to clickhouse-client only when i pass username and password.
clickhouse: cloud: aws installCustomStorageClass: true user: admin password: admin@123 persistence: storageClass: gp2-resizable
my override-values.yaml file content
p
@Rahul Tiwari can you share the command you are using to connect to clickhouse? and from which container?
r
@Prashant Shahi please find the command below:
[ec2-user@ ~]$ k get pods -n platform NAME READY STATUS RESTARTS AGE chi-signoz-cluster-0-0-0 1/1 Running 0 16h clickhouse-operator-57959d7fd8-wbzgd 2/2 Running 0 8d my-release-signoz-alertmanager-0 1/1 Running 0 8d my-release-signoz-frontend-7f96779f4f-l42l9 1/1 Running 0 8d my-release-signoz-otel-collector-6ff6468844-cltjx 1/1 Running 4 16h my-release-signoz-otel-collector-metrics-577574c498-2vdcp 1/1 Running 2 16h my-release-signoz-query-service-0 1/1 Running 3 16h my-release-zookeeper-0 1/1 Running 0 8d [ec2-user@ ~]$ k exec -it chi-signoz-cluster-0-0-0 -n platform bash kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. bash-5.1$ clickhouse-client ClickHouse client version 22.4.5.9 (official build). Connecting to localhost:9000 as user default. Connected to ClickHouse server version 22.4.5 revision 54455. Warnings: * Effective user of the process (clickhouse) does not match the owner of the data (root). * Some obsolete setting is changed. Check 'select * from system.settings where changed' and read the changelog. chi-signoz-cluster-0-0-0.chi-signoz-cluster-0-0.platform.svc.cluster.local :)
p
@Rahul Tiwari default ClickHouse credentials are allowed when ClickHouse server is accessible from 
localhost
r
@Prashant Shahi we need to make it password protected. So that it can be access by username and password only.
a
yes we need with password only
p
It is password protected. It would require the password when trying to access ClickHouse from outside the container aka "non-localhost"
r
@Prashant Shahi our requirement is nobody should connect to clickhouse without username and password, even if they try to access it within the pod container itself.
50 Views
Open in Slack
PreviousNext
Powered by