ClickHouse Government

Overview

ClickHouse Government is a self-deployed package consisting of the same proprietary version of ClickHouse that runs on ClickHouse Cloud and our ClickHouse Operator, configured for separation of compute and storage and hardened to meet the rigorous demands of government agencies and public sector organizations. It is deployed to Kubernetes environments with S3 compatible storage.

This package is currently available for AWS, with bare metal deployments coming soon.

Note

ClickHouse Government is designed for government agencies, public sector organizations, or cloud software companies selling to these agencies and organizations, providing full control and management over their dedicated infrastructure. This option is only available by contacting us.

Benefits over open-source

The following features differentiate ClickHouse Government from self-managed open source deployments:

Enhanced performance

• Native separation of compute and storage
• Proprietary cloud features such as shared merge tree and warehouse functionality

Tested and proven through a variety of use cases and conditions

• Fully tested and validated in ClickHouse Cloud

Compliance package

• NIST Risk Management Framework (RMF) documentation to accelerate your Authorization to Operate (ATO)

Full featured roadmap with new features added regularly

Additional features that are coming soon include:

• API to programmatically manage resources
  • Automated backups
  • Automated vertical scaling operations
• Identity provider integration

Architecture

ClickHouse Government is fully self-contained within your deployment environment and consists of compute managed within Kubernetes and storage within an S3 compatible storage solution.

Onboarding process

Customers can initiate onboarding by reaching out to us. For qualified customers, we will provide a detailed environment build guide and access to the images and Helm charts for deployment.

General requirements

This section is intended to provide an overview of the resources required to deploy ClickHouse Government. Specific deployment guides are provided as part of onboarding. Instance/server types and sizes depend on the use case.

ClickHouse Government on AWS

Required resources:

• ECR to receive the images and Helm charts
• Certificate Authority capable of generating FIPS compliant certificates
• EKS cluster with CNI, EBS CSI Driver, DNS, Cluster Autoscaler, IMDS for authentication and an OIDC provider
• Server nodes run Amazon Linux
• Operator requires an x86 node group
• An S3 bucket in the same region as the EKS cluster
• If ingress is required, also configure an NLB
• One AWS role per ClickHouse cluster for clickhouse-server/keeper operations