Skip to main content
Skip to main content
Edit this page

Helm cloud deployments

This guide covers cloud-specific configurations for deploying ClickStack on managed Kubernetes services. For basic installation, see the main Helm deployment guide.

Google Kubernetes Engine (GKE)

When deploying to GKE, you may need to override certain values due to cloud-specific networking behavior.

LoadBalancer DNS resolution issue

GKE's LoadBalancer service can cause internal DNS resolution issues where pod-to-pod communication resolves to external IPs instead of staying within the cluster network. This specifically affects the OTEL collector's connection to the OpAMP server.

Symptoms:

  • OTEL collector logs showing "connection refused" errors with cluster IP addresses
  • OpAMP connection failures like: dial tcp 34.118.227.30:4320: connect: connection refused

Solution:

Use the fully qualified domain name (FQDN) for the OpAMP server URL:

helm install my-clickstack clickstack/clickstack \
  --set hyperdx.frontendUrl="http://your-external-ip-or-domain.com" \
  --set otel.opampServerUrl="http://my-clickstack-clickstack-app.default.svc.cluster.local:4320"

Other GKE considerations

# values-gke.yaml
hyperdx:
  frontendUrl: "http://34.123.61.99"  # Use your LoadBalancer external IP

otel:
  opampServerUrl: "http://my-clickstack-clickstack-app.default.svc.cluster.local:4320"

# Adjust for GKE pod networking if needed
clickhouse:
  config:
    clusterCidrs:
      - "10.8.0.0/16"  # GKE commonly uses this range
      - "10.0.0.0/8"   # Fallback for other configurations

Amazon EKS

For EKS deployments, consider these common configurations:

# values-eks.yaml
hyperdx:
  frontendUrl: "http://your-alb-domain.com"

# EKS typically uses these pod CIDRs
clickhouse:
  config:
    clusterCidrs:
      - "192.168.0.0/16"
      - "10.0.0.0/8"

# Enable ingress for production
hyperdx:
  ingress:
    enabled: true
    host: "hyperdx.yourdomain.com"
    tls:
      enabled: true

Azure AKS

For AKS deployments:

# values-aks.yaml
hyperdx:
  frontendUrl: "http://your-azure-lb.com"

# AKS pod networking
clickhouse:
  config:
    clusterCidrs:
      - "10.244.0.0/16"  # Common AKS pod CIDR
      - "10.0.0.0/8"

Production Cloud deployment checklist

Before deploying ClickStack to production on any cloud provider:

  • Configure proper frontendUrl with your external domain/IP
  • Set up ingress with TLS for HTTPS access
  • Override otel.opampServerUrl with FQDN if experiencing connection issues (especially on GKE)
  • Adjust clickhouse.config.clusterCidrs for your pod network CIDR
  • Configure persistent storage for production workloads
  • Set appropriate resource requests and limits
  • Enable monitoring and alerting
  • Configure backup and disaster recovery
  • Implement proper secret management

Production best practices

Resource management

hyperdx:
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 2000m
      memory: 4Gi

High availability

hyperdx:
  replicaCount: 3
  
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                    - clickstack
            topologyKey: kubernetes.io/hostname

Persistent storage

Ensure persistent volumes are configured for data retention:

clickhouse:
  persistence:
    enabled: true
    size: 100Gi
    storageClass: "fast-ssd"  # Use cloud-specific storage class

Cloud-specific storage classes:

  • GKE: pd-ssd or pd-balanced
  • EKS: gp3 or io2
  • AKS: managed-premium or managed-csi

Browser compatibility notes

For HTTP-only deployments (development/testing), some browsers may show crypto API errors due to secure context requirements. For production deployments, always use HTTPS with proper TLS certificates through ingress configuration.

See Ingress configuration for TLS setup instructions.

Next steps