feat: support more container/pod fields overrides, enchance default security context and probes#151
Merged
GrigoryPervakov merged 1 commit intomainfrom Apr 8, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR expands the CRD override surface for pod/container templates (probes, init containers, priority/runtime class) and updates default pod security context + health probes to better support hardened clusters (avoiding exec probes).
Changes:
- Add
livenessProbe/readinessProbeoverrides toContainerTemplateSpecand apply them during container override merging. - Add
initContainers,priorityClassName, andruntimeClassNametoPodTemplateSpec, plus CRD/docs updates. - Update default ClickHouse/Keeper probes (exec → tcpSocket/httpGet) and set pod-level
FSGroup/RunAsUser/RunAsGroupdefaults.
Reviewed changes
Copilot reviewed 9 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
internal/controller/overrides.go |
Applies probe overrides during container template merging. |
internal/controller/overrides_test.go |
Adds tests for probe override behavior and initContainers behavior. |
internal/controller/clickhouse/templates.go |
Changes ClickHouse default probes and adds a default PodSecurityContext. |
internal/controller/keeper/templates.go |
Changes Keeper default probes and adds a default PodSecurityContext. |
internal/controller/constants.go |
Adds DefaultUser and adjusts default probe settings. |
api/v1alpha1/common.go |
Adds new CRD fields (probes, initContainers, priority/runtime class). |
api/v1alpha1/zz_generated.deepcopy.go |
Regenerates deepcopy logic for the new fields. |
docs/api_reference.md |
Documents the new API fields. |
config/crd/bases/clickhouse.com_keeperclusters.yaml |
Updates generated CRD schema for new fields. |
dist/chart/templates/crd/keeperclusters.clickhouse.com.yaml |
Updates Helm chart CRD with new fields. |
dist/chart/templates/crd/clickhouseclusters.clickhouse.com.yaml |
Updates Helm chart CRD with new fields. |
config/manager/kustomization.yaml |
Bumps controller image tag. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
GrigoryPervakov
force-pushed
the
schema-tweaks
branch
5 times, most recently
from
9104cb7 to
3b9492d
Compare
…ecurity context and probes Add livenessProbe, readinessProbe, initContainers, priorityClassName, and runtimeClassName fields to ContainerTemplateSpec/PodTemplateSpec. Replace exec+wget-based liveness/readiness probes with TCP-socket (liveness) and httpGet /ping (readiness) handlers. Set default security settings use mount volumes with the same user/group as clickhouse Add overrideslivenessProbe, readinessProbe, initContainers, priorityClassName, runtimeClassName fields, changed defaults for liveness/readiness probes to tcp/httpGet
GrigoryPervakov
force-pushed
the
schema-tweaks
branch
from
3b9492d to
375b05e
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 14 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Added fields were requested or proposed in PRs
Current probes can break in some environments #142
What
Add livenessProbe, readinessProbe, initContainers, priorityClassName, and runtimeClassName fields to ContainerTemplateSpec/PodTemplateSpec.
Replace exec+wget-based liveness/readiness probes with TCP-socket (liveness) and httpGet /ping (readiness) handlers.
Set default security settings to use mount volumes with the same user/group as ClickHouse
Add
overrideslivenessProbe, readinessProbe, initContainers, priorityClassName, and runtimeClassName fields, changed defaults for liveness/readiness probes to
tcp/httpGet
Related Issues
Fixes #142
Related to #125, #143