From 0884a12c5cef9d6b0509b2fa6f8f1a95aac5f33e Mon Sep 17 00:00:00 2001
From: Stephane CRIVISIER <scrivisier@iliad-free.fr>
Date: Wed, 25 Mar 2026 10:59:42 +0100
Subject: [PATCH] Add support for custom config files for keeper

We wanted to enable TLS on our keepers, but were'nt able to because of
the previous configuration possibilites.

We've followed the same pattern as in 7eef93f: `keeper.configurationFiles`
supports both inline content and structured YAML (e.g. valueFrom.secretKeyRef).

We've also added `keeper.extraPorts` as it's already present in main so
we can oper other ports if necessary.
---
 charts/clickhouse/templates/chk.yaml | 20 ++++++++++++++++++++
 charts/clickhouse/values.yaml        | 23 ++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/charts/clickhouse/templates/chk.yaml b/charts/clickhouse/templates/chk.yaml
index 2c7c149a..83e23bd6 100644
--- a/charts/clickhouse/templates/chk.yaml
+++ b/charts/clickhouse/templates/chk.yaml
@@ -28,6 +28,19 @@ spec:
       {{ $k }}: {{ $v }}
     {{- end }}
     {{- end }}
+    {{- $hasConfigFiles := not (empty .Values.keeper.configurationFiles) -}}
+    {{- if $hasConfigFiles }}
+    files:
+        {{- range $path, $content := .Values.keeper.configurationFiles }}
+        {{- if kindIs "string" $content }}
+        {{ $path }}: |
+          {{- $content | nindent 10 }}
+        {{- else }}
+        {{ $path }}:
+          {{- toYaml $content | nindent 10 }}
+        {{- end }}
+        {{- end }}
+    {{- end }}
   defaults:
     storageManagement:
       provisioner: Operator
@@ -47,6 +60,13 @@ spec:
             - name: raft
               port: 9444
               targetPort: 9444
+            {{- if $.Values.keeper.extraPorts }}
+            {{- range $.Values.keeper.extraPorts }}
+            - name: {{ .name }}
+              port: {{ .containerPort }}
+              targetPort: {{ .containerPort }}
+            {{- end }}
+            {{- end }}
             {{- if not (empty $.Values.keeper.metricsPort) }}
             - name: metrics
               port: {{ $.Values.keeper.metricsPort }}
diff --git a/charts/clickhouse/values.yaml b/charts/clickhouse/values.yaml
index 31b29f1b..a2bb8518 100644
--- a/charts/clickhouse/values.yaml
+++ b/charts/clickhouse/values.yaml
@@ -190,7 +190,6 @@ clickhouse:
   # @ignore
   topologySpreadConstraints: []
 
-
   # -- Additional ports to expose in the ClickHouse container
   # Example:
   # extraPorts:
@@ -297,6 +296,28 @@ keeper:
   # @ignore
   securityContext: {}
 
+  # -- Additional ports to expose in the ClickHouse container
+  # Example:
+  # extraPorts:
+  #   - name: custom-port
+  #     containerPort: 8080
+  extraPorts: []
+
+  # -- Additional entries for spec.configuration.files.
+  # String values are rendered inline; map values (e.g. valueFrom) are passed as structured YAML.
+  # Example:
+  #   configurationFiles:
+  #     config.d/tls.xml: |
+  #       <clickhouse>
+  #         <https_port>8443</https_port>
+  #       </clickhouse>
+  #     tls.crt:
+  #       valueFrom:
+  #         secretKeyRef:
+  #           name: my-tls-secret
+  #           key: tls.crt
+  configurationFiles: {}
+
 operator:
   # -- Whether to enable the Altinity Operator for ClickHouse.
   # Disable if you already have the Operator installed cluster-wide.