feat: Add base and ipfix overlays for separation

Keep the base overlay simple with one node and let the ipfix overlay do
the heavy lifting with regard to multiple shards, replicas, and other
ideal production related items.

Author: LukeRepko

base-kustomize/clickhouse/base/chi-cluster.yaml renamed to base-kustomize/clickhouse/base/chi-server-base.yaml

@@ -7,11 +7,7 @@ spec:
   taskID: "1"
 
   configuration:
-    # Use Keeper for replication
-    zookeeper:
-      nodes:
-        - host: keeper-keeper
-          port: 2181
+    # No Keeper here for base config (single node / non-replicated)
 
     users:
       # Disable dangerous defaults; create reader/writer explicitly.
@@ -56,10 +52,10 @@ spec:
               requiredDuringSchedulingIgnoredDuringExecution:
                 nodeSelectorTerms:
                   - matchExpressions:
-                    - key: node-role.kubernetes.io/worker
-                      operator: In
-                      values:
-                      - worker
+                      - key: node-role.kubernetes.io/worker
+                        operator: In
+                        values:
+                          - worker
             podAntiAffinity:
               requiredDuringSchedulingIgnoredDuringExecution:
                 - labelSelector:

base-kustomize/clickhouse/base/kustomization.yaml

@@ -2,6 +2,5 @@
 sortOptions:
   order: fifo
 resources:
-  - chk-keeper.yaml
-  - chi-cluster.yaml
+  - chi-server-base.yaml
   - svc-clickhouse-http.yaml

base-kustomize/clickhouse/ipfix/ch-pdb-s01.yaml

@@ -0,0 +1,12 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: ch-pdb-s01
+  namespace: clickhouse
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      clickhouse.altinity.com/chi: server
+      clickhouse.altinity.com/cluster: ipfix
+      clickhouse.altinity.com/shard: s01

base-kustomize/clickhouse/ipfix/ch-pdb-s02.yaml

@@ -0,0 +1,12 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: ch-pdb-s02
+  namespace: clickhouse
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      clickhouse.altinity.com/chi: server
+      clickhouse.altinity.com/cluster: ipfix
+      clickhouse.altinity.com/shard: s02

base-kustomize/clickhouse/ipfix/ch-pdb-s03.yaml

@@ -0,0 +1,12 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: ch-pdb-s03
+  namespace: clickhouse
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      clickhouse.altinity.com/chi: server
+      clickhouse.altinity.com/cluster: ipfix
+      clickhouse.altinity.com/shard: s03

base-kustomize/clickhouse/ipfix/chi-server-ipfix.yaml

@@ -0,0 +1,162 @@
+apiVersion: clickhouse.altinity.com/v1
+kind: ClickHouseInstallation
+metadata:
+  name: server
+  namespace: clickhouse
+spec:
+  configuration:
+    # Keeper for replication in this overlay
+    zookeeper:
+      nodes:
+        - host: keeper-keeper
+          port: 2181
+
+    # Override cluster layout to 3 shards × 2 replicas
+    clusters:
+      - name: ipfix
+        layout:
+          shardsCount: 3
+          replicasCount: 2
+        templates:
+          podTemplate: ch-pod
+          volumeClaimTemplate: ch-data
+
+    # Cluster-wide init SQL (replicated engines + distributed + hourly MV)
+    files:
+      10-init-ipfix.sql: |
+        CREATE DATABASE IF NOT EXISTS ipfix ON CLUSTER '{cluster}';
+
+        ----------------------------------------------------------------------
+        -- Replicated VIP hourly schema
+        ----------------------------------------------------------------------
+        CREATE TABLE IF NOT EXISTS ipfix.vip_hourly_node ON CLUSTER '{cluster}'
+        (
+          hour_ts   DateTime,
+          vip       LowCardinality(String),
+          dir       LowCardinality(String),   -- 'to' | 'from'
+          bytes     UInt64,
+          packets   UInt64,
+          node      LowCardinality(String)
+        )
+        ENGINE = ReplicatedReplacingMergeTree('/clickhouse/tables/{shard}/vip_hourly_node','{replica}')
+        PARTITION BY toYYYYMMDD(hour_ts)
+        ORDER BY (hour_ts, vip, dir, node);
+
+        CREATE TABLE IF NOT EXISTS ipfix.vip_hourly_mv ON CLUSTER '{cluster}'
+        (
+          hour_ts   DateTime,
+          vip       LowCardinality(String),
+          dir       LowCardinality(String),
+          bytes     UInt64,
+          packets   UInt64
+        )
+        ENGINE = ReplicatedSummingMergeTree('/clickhouse/tables/{shard}/vip_hourly_mv','{replica}')
+        PARTITION BY toYYYYMMDD(hour_ts)
+        ORDER BY (hour_ts, vip, dir);
+
+        CREATE MATERIALIZED VIEW IF NOT EXISTS ipfix.vip_hourly_mv__mv ON CLUSTER '{cluster}'
+        TO ipfix.vip_hourly_mv
+        AS
+        SELECT
+          hour_ts,
+          vip,
+          dir,
+          sum(bytes)   AS bytes,
+          sum(packets) AS packets
+        FROM ipfix.vip_hourly_node
+        GROUP BY hour_ts, vip, dir;
+
+        ----------------------------------------------------------------------
+        -- Replicated flows + distributed table (replica-aware)
+        ----------------------------------------------------------------------
+        CREATE TABLE IF NOT EXISTS ipfix.flows_local ON CLUSTER '{cluster}'
+        (
+          flow_start   DateTime64(3),
+          flow_end     DateTime64(3),
+          fip          IPv6,
+          src_ip       IPv6,
+          dst_ip       IPv6,
+          src_port     UInt16,
+          dst_port     UInt16,
+          proto        UInt8,
+          bytes        UInt64,
+          packets      UInt64,
+          exporter_id  LowCardinality(String)
+        )
+        ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/flows_local','{replica}')
+        PARTITION BY toDate(flow_start)
+        ORDER BY (fip, flow_start, src_ip, dst_ip, src_port, dst_port, proto)
+        SETTINGS index_granularity = 8192;
+
+        CREATE TABLE IF NOT EXISTS ipfix.flows_dist ON CLUSTER '{cluster}'
+        AS ipfix.flows_local
+        ENGINE = Distributed('{cluster}', 'ipfix', 'flows_local', cityHash64(fip))
+        SETTINGS internal_replication = 1;
+
+        -- Hourly rollup by FIP
+        CREATE TABLE IF NOT EXISTS ipfix.flows_by_fip_1h ON CLUSTER '{cluster}'
+        (
+          ts       DateTime,
+          fip      IPv6,
+          bytes    UInt64,
+          packets  UInt64
+        )
+        ENGINE = SummingMergeTree
+        PARTITION BY toDate(ts)
+        ORDER BY (fip, ts);
+
+        CREATE MATERIALIZED VIEW IF NOT EXISTS ipfix.mv_flows_by_fip_1h ON CLUSTER '{cluster}'
+        TO ipfix.flows_by_fip_1h
+        AS
+        SELECT
+          toStartOfHour(flow_start) AS ts,
+          fip,
+          sum(bytes)   AS bytes,
+          sum(packets) AS packets
+        FROM ipfix.flows_local
+        GROUP BY ts, fip;
+
+  templates:
+    podTemplates:
+      - name: ch-pod
+        spec:
+          nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+              nodeSelectorTerms:
+                - matchExpressions:
+                  - key: node-role.kubernetes.io/worker
+                    operator: In
+                    values:
+                    - worker
+
+          # Prefer spreading across nodes cluster-wide
+          affinity:
+            podAntiAffinity:
+              preferredDuringSchedulingIgnoredDuringExecution:
+                - weight: 100
+                  podAffinityTerm:
+                    labelSelector:
+                      matchLabels:
+                        clickhouse.altinity.com/chi: server
+                    topologyKey: kubernetes.io/hostname
+
+          containers:
+            - name: clickhouse
+              image: ${CLICKHOUSE_SERVER_IMAGE}
+              imagePullPolicy: IfNotPresent
+              ports:
+                - name: http
+                  containerPort: 8123
+                - name: native
+                  containerPort: 9000
+                - name: inter
+                  containerPort: 9009
+
+    volumeClaimTemplates:
+      - name: ch-data
+        spec:
+          accessModes: ["ReadWriteOnce"]
+          storageClassName: general
+          resources:
+            requests:
+              storage: 10Gi

base-kustomize/clickhouse/base/chk-keeper.yaml renamed to base-kustomize/clickhouse/ipfix/chk-keeper.yaml

@@ -0,0 +1,10 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: keeper-pdb
+  namespace: clickhouse
+spec:
+  minAvailable: 2
+  selector:
+    matchLabels:
+      clickhouse-keeper.altinity.com/chi: keeper

base-kustomize/clickhouse/ipfix/keeper-pdb.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: clickhouse
+
+resources:
+  - ../base
+  - chk-keeper.yaml
+  - keeper-pdb.yaml
+  - ch-pdb-s01.yaml
+  - ch-pdb-s02.yaml
+  - ch-pdb-s03.yaml
+
+patchesStrategicMerge:
+  - chi-server-ipfix.yaml

base-kustomize/clickhouse/ipfix/kustomization.yaml

@@ -26,7 +26,7 @@ GLOBAL_OVERRIDES_DIR="${GENESTACK_OVERRIDES_DIR}/helm-configs/global_overrides"
 
 # Read the desired chart version from VERSION_FILE
 VERSION_FILE="${GENESTACK_OVERRIDES_DIR}/helm-chart-versions.yaml"
-KUSTOMIZE_DIR="/etc/genestack/kustomize/clickhouse/overlay"
+KUSTOMIZE_DIR="${GENESTACK_OVERRIDES_DIR}/kustomize/clickhouse/overlay"
 OP_RELEASE="altinity-operator"
 
 need() { command -v "$1" >/dev/null || { echo "Missing required command: $1" >&2; exit 1; }; }
@@ -169,10 +169,6 @@ echo "==> Applying ClickHouse Keeper + Cluster (kustomize + envsubst)"
 # We envsubst only image placeholders present in manifests.
 kubectl kustomize "${KUSTOMIZE_DIR}" | envsubst '${CLICKHOUSE_SERVER_IMAGE} ${CLICKHOUSE_KEEPER_IMAGE}' | kubectl apply -n "${SERVICE_NAMESPACE}" -f -
 
-echo "==> Waiting for ClickHouse cluster pods (CHI=ch) to be Ready"
-sleep 5  # wait a few seconds for stateful set to be created
-kubectl wait -n clickhouse --for=jsonpath='{.status.readyReplicas}'=1 statefulset/chi-ch-main-0-0 --timeout=10m
-
 echo "==> Service endpoint (HTTP 8123)"
 kubectl -n "${SERVICE_NAMESPACE}" get svc clickhouse-http -o wide