Skip to content

docs: expand default user password configuration#238

Merged
GrigoryPervakov merged 4 commits into
ClickHouse:mainfrom
arekborucki:docs/default-password
Jun 19, 2026
Merged

docs: expand default user password configuration#238
GrigoryPervakov merged 4 commits into
ClickHouse:mainfrom
arekborucki:docs/default-password

Conversation

@arekborucki

Copy link
Copy Markdown
Contributor

Why

The Default user password section in the Configuration guide showed a Secret/ConfigMap skeleton but used a misleading key: placeholder, which could make readers think key is the password value rather than the key name inside the resource. It also omitted practical guidance for using spec.settings.defaultUserPassword, including the exactly-one-source rule, password type choices, and the security difference between Secret and ConfigMap.

What

Rewrites the Default user password section to clarify that the password is read from a key in a Secret or ConfigMap and is never stored inline in the CR. The update documents that exactly one of secret or configMap is required, with both name and key; adds guidance for password versus password_sha256_hex, including the operator client configuration behavior; and adds full Secret + CR examples for plaintext and hashed passwords, plus ConfigMap guidance for non-sensitive values and a warning not to store plaintext passwords there. Verified against DefaultPasswordSelector.Validate(), templates.go, and config.go.

@GrigoryPervakov GrigoryPervakov force-pushed the docs/default-password branch from e6fdc8f to 8014c47 Compare June 19, 2026 12:24
Remove redundant restatement that the password is never stored in the CR
(already stated above), fold the exactly-one rule and its webhook enforcement
into a single non-tautological sentence, and drop the duplicated "not protected
like Secret data" rationale from the ConfigMap note.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@GrigoryPervakov GrigoryPervakov force-pushed the docs/default-password branch from 8014c47 to dadb2fa Compare June 19, 2026 13:14
@GrigoryPervakov GrigoryPervakov merged commit e37ed91 into ClickHouse:main Jun 19, 2026
16 checks passed
@mintlify

mintlify Bot commented Jun 19, 2026

Copy link
Copy Markdown

Docs PR opened: ClickHouse/mintlify-docs-dev#232

Synced upstream clickhouse-operator docs, expanding default user password configuration and adding monitoring, scaling, and TLS guides.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants