Skip to main content

Documentation Index

Fetch the complete documentation index at: https://private-7c7dfe99-page-updates.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

FAQ

Compute

Yes. The infrastructure only needs to be provisioned once for every AWS account and region combination.
All public regions listed in our supported regions documentation are available for BYOC deployments.
Besides the ClickHouse instances themselves (ClickHouse servers and ClickHouse Keeper), we also run supporting services such as clickhouse-operator, aws-cluster-autoscaler, Istio, and the monitoring stack.The resource consumption of these shared components is relatively stable and doesn’t grow linearly with the number or size of your ClickHouse services. As a rough guideline, in AWS we typically use a dedicated node group of about four 4xlarge EC2 instances to run these workloads.

Network and security

This is currently not possible.
Yes. Implementing a customer controlled mechanism where customers can approve engineers’ access to the cluster is on our roadmap. At the moment, engineers must go through our internal escalation process to gain just-in-time access to the cluster. This is logged and audited by our security team.
By default, we use 10.0.0.0/16 for BYOC VPC. We recommend reserving at least /22 for potential future scaling, but if you prefer to limit the size, it is possible to use /23 if it is likely that you will be limited to 30 server pods.
Contact support to schedule maintenance windows. Please expect a minimum of a weekly update schedule.
Traffic between your Customer BYOC VPC and S3 uses HTTPS (port 443) via the AWS S3 API for table data, backups, and logs. When using S3 VPC endpoints, this traffic remains within the AWS network and doesn’t traverse the public internet.
Internal ClickHouse cluster communication within the Customer BYOC VPC uses:
  • Native ClickHouse protocol on port 9000
  • HTTP/HTTPS on ports 8123/8443
  • Interserver communication on port 9009 for replication and distributed queries

Uptime SLAs

No, since the data plane is hosted in the customer’s cloud environment, service availability depends on resources not in ClickHouse’s control. Therefore, ClickHouse doesn’t offer a formal uptime SLA for BYOC deployments. If you have additional questions, please contact support@clickhouse.com.