From 83d9fad5f9ab414d18bc532d2a4ead92db4008ee Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Wed, 12 Feb 2025 16:56:30 +0000 Subject: [PATCH 01/34] New squashed commit --- .github/dependabot.yml | 6 + .github/release.yml | 17 + .github/workflows/ci-cd.yaml | 140 ++ .gitignore | 3 + .helmignore | 4 + .pre-commit-config.yaml | 16 + LICENSE | 202 +++ README.md | 116 +- charts/gateway/Chart.yaml | 16 + charts/gateway/README.md | 161 +++ charts/gateway/README.md.gotmpl | 25 + charts/gateway/templates/NOTES.txt | 24 + charts/gateway/templates/_helpers.tpl | 65 + charts/gateway/templates/deployment.yaml | 113 ++ charts/gateway/templates/hpa.yaml | 32 + charts/gateway/templates/ingress.yaml | 69 + charts/gateway/templates/secrets.yaml | 7 + charts/gateway/templates/service.yaml | 28 + charts/gateway/templates/serviceaccount.yaml | 13 + .../templates/tests/test-connection.yaml | 68 + charts/gateway/values.yaml | 205 +++ Chart.yaml => charts/trino/Chart.yaml | 17 +- charts/trino/README.md | 967 ++++++++++++++ charts/trino/README.md.gotmpl | 25 + .../trino/templates}/NOTES.txt | 2 +- charts/trino/templates/_helpers.tpl | 157 +++ charts/trino/templates/autoscaler.yaml | 37 + .../configmap-access-control-coordinator.yaml | 14 + .../configmap-access-control-worker.yaml | 22 + charts/trino/templates/configmap-catalog.yaml | 16 + .../templates/configmap-coordinator.yaml | 187 +++ .../templates/configmap-jmx-exporter.yaml | 29 + charts/trino/templates/configmap-worker.yaml | 120 ++ .../templates/deployment-coordinator.yaml | 267 ++++ charts/trino/templates/deployment-worker.yaml | 259 ++++ charts/trino/templates/ingress.yaml | 38 + charts/trino/templates/keda-scaledobject.yaml | 40 + charts/trino/templates/networkpolicy.yaml | 37 + charts/trino/templates/secret.yaml | 55 + .../trino/templates/service-coordinator.yaml | 42 + charts/trino/templates/service-worker.yaml | 27 + charts/trino/templates/serviceaccount.yaml | 13 + .../templates/servicemonitor-coordinator.yaml | 24 + .../templates/servicemonitor-worker.yaml | 24 + .../templates/tests/test-connection.yaml | 63 + .../tests/test-graceful-shutdown.yaml | 120 ++ charts/trino/templates/tests/test-jmx.yaml | 99 ++ .../templates/tests/test-networkpolicy.yaml | 28 + charts/trino/values.yaml | 1167 +++++++++++++++++ templates/_helpers.tpl | 40 - templates/configmap-coordinator.yaml | 44 - templates/configmap-worker.yaml | 39 - templates/deployment-coordinator.yaml | 65 - templates/deployment-worker.yaml | 63 - templates/service.yaml | 20 - tests/gateway/test-https.yaml | 31 + tests/gateway/test-nodeport.yaml | 19 + tests/gateway/test-values-with-env.yaml | 37 + tests/gateway/test-values.yaml | 36 + tests/gateway/test.sh | 140 ++ ...test-access-control-properties-values.yaml | 7 + tests/trino/test-exchange-manager-values.yaml | 35 + .../trino/test-graceful-shutdown-values.yaml | 6 + ...est-resource-groups-properties-values.yaml | 15 + tests/trino/test-values.yaml | 296 +++++ tests/trino/test.sh | 194 +++ values.yaml | 58 - 67 files changed, 6007 insertions(+), 364 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/release.yml create mode 100644 .github/workflows/ci-cd.yaml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 LICENSE create mode 100644 charts/gateway/Chart.yaml create mode 100644 charts/gateway/README.md create mode 100644 charts/gateway/README.md.gotmpl create mode 100644 charts/gateway/templates/NOTES.txt create mode 100644 charts/gateway/templates/_helpers.tpl create mode 100644 charts/gateway/templates/deployment.yaml create mode 100644 charts/gateway/templates/hpa.yaml create mode 100644 charts/gateway/templates/ingress.yaml create mode 100644 charts/gateway/templates/secrets.yaml create mode 100644 charts/gateway/templates/service.yaml create mode 100644 charts/gateway/templates/serviceaccount.yaml create mode 100644 charts/gateway/templates/tests/test-connection.yaml create mode 100644 charts/gateway/values.yaml rename Chart.yaml => charts/trino/Chart.yaml (76%) create mode 100644 charts/trino/README.md create mode 100644 charts/trino/README.md.gotmpl rename {templates => charts/trino/templates}/NOTES.txt (78%) create mode 100644 charts/trino/templates/_helpers.tpl create mode 100644 charts/trino/templates/autoscaler.yaml create mode 100644 charts/trino/templates/configmap-access-control-coordinator.yaml create mode 100644 charts/trino/templates/configmap-access-control-worker.yaml create mode 100644 charts/trino/templates/configmap-catalog.yaml create mode 100644 charts/trino/templates/configmap-coordinator.yaml create mode 100644 charts/trino/templates/configmap-jmx-exporter.yaml create mode 100644 charts/trino/templates/configmap-worker.yaml create mode 100644 charts/trino/templates/deployment-coordinator.yaml create mode 100644 charts/trino/templates/deployment-worker.yaml create mode 100644 charts/trino/templates/ingress.yaml create mode 100644 charts/trino/templates/keda-scaledobject.yaml create mode 100644 charts/trino/templates/networkpolicy.yaml create mode 100644 charts/trino/templates/secret.yaml create mode 100644 charts/trino/templates/service-coordinator.yaml create mode 100644 charts/trino/templates/service-worker.yaml create mode 100644 charts/trino/templates/serviceaccount.yaml create mode 100644 charts/trino/templates/servicemonitor-coordinator.yaml create mode 100644 charts/trino/templates/servicemonitor-worker.yaml create mode 100644 charts/trino/templates/tests/test-connection.yaml create mode 100644 charts/trino/templates/tests/test-graceful-shutdown.yaml create mode 100644 charts/trino/templates/tests/test-jmx.yaml create mode 100644 charts/trino/templates/tests/test-networkpolicy.yaml create mode 100644 charts/trino/values.yaml delete mode 100644 templates/_helpers.tpl delete mode 100644 templates/configmap-coordinator.yaml delete mode 100644 templates/configmap-worker.yaml delete mode 100644 templates/deployment-coordinator.yaml delete mode 100644 templates/deployment-worker.yaml delete mode 100644 templates/service.yaml create mode 100644 tests/gateway/test-https.yaml create mode 100644 tests/gateway/test-nodeport.yaml create mode 100644 tests/gateway/test-values-with-env.yaml create mode 100644 tests/gateway/test-values.yaml create mode 100755 tests/gateway/test.sh create mode 100644 tests/trino/test-access-control-properties-values.yaml create mode 100644 tests/trino/test-exchange-manager-values.yaml create mode 100644 tests/trino/test-graceful-shutdown-values.yaml create mode 100644 tests/trino/test-resource-groups-properties-values.yaml create mode 100644 tests/trino/test-values.yaml create mode 100755 tests/trino/test.sh delete mode 100644 values.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5ace4600 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 00000000..a8738587 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,17 @@ +changelog: + exclude: + labels: + - ignore-for-release + categories: + - title: Breaking changes + labels: + - breaking-change + - title: Features + labels: + - enhancement + - title: Bug fixes + labels: + - bug + - title: Other changes + labels: + - "*" diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml new file mode 100644 index 00000000..234b8244 --- /dev/null +++ b/.github/workflows/ci-cd.yaml @@ -0,0 +1,140 @@ +# This workflow: +# - lints the chart, runs tests and verifies documentation is up to date +# Additionally if the event isn't a pull-request (and hence a merge/push to main): +# - sync README to gh-pages branch +# - release a new chart version if the version isn't already released +name: CI/CD + +on: + push: + branches: + - main + pull_request: + +# Cancel previous PR builds. +concurrency: + # Cancel all workflow runs except latest within a concurrency group. This is achieved by defining a concurrency group for the PR. + # Non-PR builds have singleton concurrency groups. + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.event.number || github.sha }} + cancel-in-progress: true + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.7.0 + - name: Lint charts + run: ct lint --charts=charts/trino,charts/gateway --validate-maintainers=false + + test: + runs-on: ubuntu-latest + name: test trino ${{ matrix.label }} + strategy: + fail-fast: false + matrix: + include: + - { label: default, args: '' } + # last Trino version that requires JDK 21 + - { label: 446, args: '-a "--set image.tag=446"' } + # last Trino version that requires JDK 17 + - { label: 435, args: '-a "--set image.tag=435"' } + # skip cleanup to test deploying multiple releases in a single namespace + - { label: overrides, args: '-s -t default,overrides' } + steps: + - uses: actions/checkout@v4 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.16.4 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.7.0 + - name: Create kind cluster + uses: helm/kind-action@v1.12.0 + with: + version: v0.26.0 + - name: Run tests + run: ./tests/trino/test.sh ${{ matrix.args }} + + test-gateway: + runs-on: ubuntu-latest + name: test gateway ${{ matrix.label }} + strategy: + fail-fast: false + matrix: + include: + - { label: default, args: '' } + steps: + - uses: actions/checkout@v4 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.16.4 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.7.0 + - name: Create kind cluster + uses: helm/kind-action@v1.12.0 + with: + version: v0.24.0 + - name: Run gateway tests + run: ./tests/gateway/test.sh ${{ matrix.args }} + + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: '3.x' + - uses: pre-commit/action@v3.0.1 + + # Everything above is CI, everything here and below is for releases and runs only on non-pull-request events + sync-readme: + needs: [lint, test, docs] + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + steps: + - name: Checkout main + uses: actions/checkout@v4 + with: + path: main + - name: Checkout gh-pages + uses: actions/checkout@v4 + with: + ref: gh-pages + path: gh-pages + - name: Copy all README files from main to gh-pages + run: | + cd main + # cp --parents preserves directory structure + find . -name 'README.md' -exec cp --parents '{}' "../gh-pages/" ';' + - name: Commit changes to gh-pages and push + run: | + cd gh-pages + git add . + git config user.name "GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + # Commit only if changes exist to avoid failure in this step + git diff-index --quiet HEAD || git commit --signoff -m "Sync READMEs from main" + git push + + release: + needs: [lint, test, docs, sync-readme] + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Release charts + uses: helm/chart-releaser-action@v1.7.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_GENERATE_RELEASE_NOTES: true + # If we didn't bump the chart version then we can skip the release + CR_SKIP_EXISTING: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..95fa20e6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.idea/* +*/*/cert.key +*/*/cert.crt diff --git a/.helmignore b/.helmignore index f0c13194..417ff7fd 100644 --- a/.helmignore +++ b/.helmignore @@ -14,8 +14,12 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project .idea/ *.tmproj +.vscode/ +# helm-doc template +README.md.gotmpl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..eccac9b1 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,16 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: trailing-whitespace + args: + - --markdown-linebreak-ext=md + - id: end-of-file-fixer +- repo: https://github.com/norwoodj/helm-docs + rev: v1.14.2 + hooks: + - id: helm-docs-container + args: + - --chart-search-root=charts + - --document-dependency-values + - --sort-values-order=file diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index 896b4856..b2c2eb02 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,96 @@ -Trino +Trino Community Kubernetes Helm Charts =========== +[![CI/CD](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml/badge.svg?branch=main)](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml) -Fast distributed SQL query engine for big data analytics +A repository of Helm charts for the Trino community. The following charts are +included: +* `trino/trino` for [Trino](https://trino.io/) +* `trino/trino-gateway` for [Trino Gateway](https://trinodb.github.io/trino-gateway) -## Configuration +## Usage -The following table lists the configurable parameters of the Trino chart and their default values. +[Helm](https://helm.sh) must be installed to use the charts. +Refer to Helm's [documentation](https://helm.sh/docs/) to get started. -| Parameter | Description | Default | -| ------------------------ | ----------------------- | -------------- | -| `image.repository` | | `"trinodb/trino"` | -| `image.pullPolicy` | | `"IfNotPresent"` | -| `image.tag` | | `"latest"` | -| `server.workers` | | `2` | -| `server.node.environment` | | `"production"` | -| `server.node.dataDir` | | `"/data/trino"` | -| `server.node.pluginDir` | | `"/usr/lib/trino/plugin"` | -| `server.log.trino.level` | | `"INFO"` | -| `server.config.path` | | `"/etc/trino"` | -| `server.config.http.port` | | `8080` | -| `server.config.query.maxMemory` | | `"4GB"` | -| `server.config.query.maxMemoryPerNode` | | `"1GB"` | -| `server.jvm.maxHeapSize` | | `"8G"` | -| `server.jvm.gcMethod.type` | | `"UseG1GC"` | -| `server.jvm.gcMethod.g1.heapRegionSize` | | `"32M"` | -| `securityContext.runAsUser` | | `1000` | -| `securityContext.runAsGroup` | | `1000` | -| `service.type` | | `"ClusterIP"` | -| `service.port` | | `8080` | -| `resources` | | `{}` | -| `nodeSelector` | | `{}` | -| `tolerations` | | `[]` | -| `affinity` | | `{}` | +Once Helm is set up properly, add the repo as follows: +```console +helm repo add trino https://trinodb.github.io/charts/ +``` +Run `helm search repo trino` to see the latest charts with the string `trino` in +the name to get an output similar to the following: ---- -_Documentation generated by [Frigate](https://frigate.readthedocs.io)._ +``` +NAME CHART VERSION APP VERSION DESCRIPTION +trino/trino 1.37.0 470 Fast distributed SQL query engine for big data ... +trino/trino-gateway 1.13.2 13 A Helm chart for Trino Gateway +``` +Use `helm search repo trino -l` for information about all available versions. + +After configuring your Kubernetes cluster, you can install Trino with the chart +`trino/trino` using: + +```console +helm install my-trino trino/trino --version 1.37.0 +``` + +Also, you can check the manifests using: + +```console +helm template my-trino trino/trino --namespace +``` + +Similarly install Trino Gateway with the `trino/trino-gateway` chart. + +## Documentation + +More information about Trino, Trino Gateway, and the charts is available in the +following resources: + +* [Trino Kubernetes documentation](https://trino.io/docs/current/installation/kubernetes.html) +* [trino/trino chart configuration](./charts/trino/README.md) +* [Trino documentation](https://trino.io/docs/current/index.html) +* [Trino Gateway Kubernetes documentation](https://trinodb.github.io/trino-gateway/installation/#helm) +* [trino/trino-gateway chart configuration](./charts/gateway/README.md) +* [Trino Gateway documentation](https://trinodb.github.io/trino-gateway) + +## Development + +To test the chart, install it into a Kubernetes cluster. Use `kind` to create a +Kubernetes cluster running in a container, and `chart-testing` to install the +chart and run [tests](charts/trino/templates/tests). + +```console +brew install helm kind chart-testing +kind create cluster +ct install +``` + +To run tests with specific values: +```console +ct install --helm-extra-set-args "--set image.tag=470" +``` + +Use the `test.sh` script to run a suite of tests, with different chart values. +If some of the tests fail, use the `-s` flag to skip cleanup and inspect the +resources installed in the Kubernetes cluster. Use `-n` to use a specific +namespace, not a randomly generated one. Use `-t` to run only selected tests. +See the command help (`-h`) for a list of available tests. + +Example: +```console +./test.sh -n trino -s -t default +``` + +The documentation is automatically generated from the chart files. Install a +git hook to have it automatically updated when committing changes. Make sure +you [install the pre-commit binary](https://pre-commit.com/#install), then run: + +```console +pre-commit install +pre-commit install-hooks +``` diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml new file mode 100644 index 00000000..fe8550e2 --- /dev/null +++ b/charts/gateway/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: trino-gateway +description: A Helm chart for Trino Gateway +type: application +version: "1.13.2" +appVersion: "13" + +icon: https://trino.io/assets/images/logos/trino-gateway-small.png + +home: https://trinodb.github.io/trino-gateway/ +sources: + - https://github.com/trinodb/charts + - https://github.com/trinodb/trino-gateway + +maintainers: + - name: Trino community diff --git a/charts/gateway/README.md b/charts/gateway/README.md new file mode 100644 index 00000000..f32fb5dc --- /dev/null +++ b/charts/gateway/README.md @@ -0,0 +1,161 @@ +# trino-gateway + +![Version: 1.13.2](https://img.shields.io/badge/Version-1.13.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 13](https://img.shields.io/badge/AppVersion-13-informational?style=flat-square) + +A Helm chart for Trino Gateway + +**Homepage:** + +## Source Code + +* +* + +## Values +* `replicaCount` - int, default: `1` +* `image.repository` - string, default: `"trinodb/trino-gateway"` + + Repository location of the Trino Gateway image, typically `organization/imagename` +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `image.tag` - string, default: `""` + + Override the image tag whose default is the chart appVersion. +* `imagePullSecrets` - list, default: `[]` + + An optional list of references to secrets in the same namespace to use for pulling images. + Example: + ```yaml + imagePullSecrets: + - name: registry-credentials + ``` +* `envFrom` - list, default: `[]` + + A list of secrets and configmaps to mount into the init container as environment variables. + Example: + ```yaml + envFrom: + - secretRef: + name: password-secret + ``` +* `config.serverConfig."node.environment"` - string, default: `"test"` +* `config.serverConfig."http-server.http.port"` - int, default: `8080` +* `config.serverConfig."http-server.http.enabled"` - bool, default: `true` +* `config.dataStore.jdbcUrl` - string, default: `"jdbc:postgresql://localhost:5432/gateway"` + + The connection details for the backend database for Trino Gateway and Trino query history +* `config.dataStore.user` - string, default: `"postgres"` +* `config.dataStore.password` - string, default: `"mysecretpassword"` +* `config.dataStore.driver` - string, default: `"org.postgresql.Driver"` +* `config.clusterStatsConfiguration.monitorType` - string, default: `"INFO_API"` +* `config.modules[0]` - string, default: `"io.trino.gateway.ha.module.HaGatewayProviderModule"` +* `config.modules[1]` - string, default: `"io.trino.gateway.ha.module.ClusterStateListenerModule"` +* `config.modules[2]` - string, default: `"io.trino.gateway.ha.module.ClusterStatsMonitorModule"` +* `config.managedApps[0]` - string, default: `"io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor"` +* `command` - list, default: `["java","-XX:MinRAMPercentage=80.0","-XX:MaxRAMPercentage=80.0","-jar","/usr/lib/trino/gateway-ha-jar-with-dependencies.jar","/etc/gateway/config.yaml"]` + + Startup command for Trino Gateway process. Add additional Java options and other modifications as desired. +* `service` - object, default: `{"ports":[{"name":"gateway","protocol":"TCP"}],"type":"ClusterIP"}` + + Service for accessing the gateway. The contents of this dictionary are used for the [service spec](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). The `port` and `targetPort` of the first element of the ports list will automatically be set to the value of `config.serverConfig."http-server.http[s].port"`. If both https and http ports are defined the https port is used. In this case, an additional service for the http port must be configured manually. Additional ports, such as for JMX or a Java Agent can be configured by adding elements to the ports list. The selector is also automatically configured. All other values are passed through as is. Example configuration for exposing both https and http: + ```yaml + service: + type: NodePort + ports: + - protocol: TCP + name: request + nodePort: 30443 + # targetPort and port will automatically pulled from serverConfig.http-server.https.port + - protocol: TCP + name: gateway-http + nodePort: 30080 + port: 8080 + # targetPort must be explicitly set to the same value as serverConfig.http-server.http.port + targetPort: 8080 + ``` +* `serviceName` - string, default: `"trino-gateway"` + + Set a custom name for the gateway service +* `ingress.enabled` - bool, default: `false` +* `ingress.className` - string, default: `""` +* `ingress.annotations` - object, default: `{}` +* `ingress.hosts` - list, default: `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` + + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Example: + ```yaml + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific + ``` +* `ingress.tls` - list, default: `[]` + + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Example: + ```yaml + - secretName: chart-example-tls + hosts: + - chart-example.local + ``` +* `resources.limits.cpu` - int, default: `2` +* `resources.limits.memory` - string, default: `"4Gi"` +* `resources.requests.cpu` - int, default: `2` +* `resources.requests.memory` - string, default: `"4Gi"` +* `autoscaling.enabled` - bool, default: `false` +* `autoscaling.minReplicas` - int, default: `1` +* `autoscaling.maxReplicas` - int, default: `100` +* `autoscaling.targetCPUUtilizationPercentage` - int, default: `80` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `autoscaling.targetMemoryUtilizationPercentage` - string, default: `""` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `livenessProbe.initialDelaySeconds` - int, default: `30` +* `livenessProbe.periodSeconds` - int, default: `10` +* `livenessProbe.failureThreshold` - int, default: `3` +* `livenessProbe.timeoutSeconds` - int, default: `1` +* `livenessProbe.scheme` - string, default: `"HTTP"` +* `readinessProbe.initialDelaySeconds` - int, default: `5` +* `readinessProbe.periodSeconds` - int, default: `5` +* `readinessProbe.failureThreshold` - int, default: `12` +* `readinessProbe.timeoutSeconds` - int, default: `1` +* `readinessProbe.scheme` - string, default: `"HTTP"` +* `volumes` - object, default: `{}` +* `volumeMounts` - object, default: `{}` +* `nodeSelector` - object, default: `{}` +* `tolerations` - list, default: `[]` +* `affinity` - object, default: `{}` +* `commonLabels` - object, default: `{}` + + Labels that get applied to every resource's metadata +* `podAnnotations` - object, default: `{}` +* `podLabels` - object, default: `{}` +* `podSecurityContext` - object, default: `{}` + + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `securityContext` - object, default: `{}` + + [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. + Example: + ```yaml + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + ``` +* `serviceAccount.create` - bool, default: `true` + + Specifies whether a service account should be created +* `serviceAccount.automount` - bool, default: `true` + + Automatically mount a ServiceAccount's API credentials? +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/gateway/README.md.gotmpl b/charts/gateway/README.md.gotmpl new file mode 100644 index 00000000..e296f05a --- /dev/null +++ b/charts/gateway/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesHeader" . }} + +{{- range .Values }} +* `{{ .Key }}` - {{ .Type }}, default: {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}{{ if or .Description .AutoDescription }} {{ end }} +{{- if .Description }} +{{ .Description | nindent 2 }} +{{- else if .AutoDescription }} +{{ .AutoDescription | nindent 2 }} +{{- end }} +{{- end }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/gateway/templates/NOTES.txt b/charts/gateway/templates/NOTES.txt new file mode 100644 index 00000000..9c7216fa --- /dev/null +++ b/charts/gateway/templates/NOTES.txt @@ -0,0 +1,24 @@ +You can get the Trino Gateway endpoints by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath='{.spec.ports[0].nodePort}' svc trino-gateway) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w trino-gateway' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} trino-gateway --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:'{{ .Values.service.ports | first | get "port" }}' +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "trino-gateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export PORT=$(kubectl get pod --namespace test $POD_NAME -o jsonpath='{.spec.containers[0].ports[0].containerPort}') + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$PORT +{{- end }} + +Happy Helming! diff --git a/charts/gateway/templates/_helpers.tpl b/charts/gateway/templates/_helpers.tpl new file mode 100644 index 00000000..fcf24d7a --- /dev/null +++ b/charts/gateway/templates/_helpers.tpl @@ -0,0 +1,65 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "trino-gateway.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trino-gateway.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trino-gateway.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "trino-gateway.labels" -}} +helm.sh/chart: {{ include "trino-gateway.chart" . }} +{{ include "trino-gateway.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels }} +{{ tpl (toYaml .Values.commonLabels) . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trino-gateway.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trino-gateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "trino-gateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "trino-gateway.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/gateway/templates/deployment.yaml b/charts/gateway/templates/deployment.yaml new file mode 100644 index 00000000..5d712e4d --- /dev/null +++ b/charts/gateway/templates/deployment.yaml @@ -0,0 +1,113 @@ +{{- $probePort := -1 }} +{{- $probeScheme := "" }} +{{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} +{{- $probePort = index .Values "config" "serverConfig" "http-server.http.port" }} +{{- $probeScheme = "HTTP" }} +{{- else if index .Values "config" "serverConfig" "http-server.https.enabled" }} +{{ $probePort = index .Values "config" "serverConfig" "http-server.https.port" }} +{{- $probeScheme = "HTTPS" }} +{{- else }} + {{- fail "Error: Either https or http must be enabled in serverConfig!" }} +{{- end }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "trino-gateway.fullname" . }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "trino-gateway.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "trino-gateway.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "trino-gateway.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- toYaml .Values.command | nindent 12}} + envFrom: + {{- toYaml .Values.envFrom | nindent 12}} + ports: + {{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} + - name: http + containerPort: {{ index .Values "config" "serverConfig" "http-server.http.port" }} + protocol: TCP + {{- end }} + {{- if index .Values "config" "serverConfig" "http-server.https.enabled" }} + - name: https + containerPort: {{ index .Values "config" "serverConfig" "http-server.https.port" }} + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: /trino-gateway + port: {{ $probePort }} + scheme: {{ $probeScheme }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: /trino-gateway + port: {{ $probePort }} + scheme: {{ $probeScheme }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: trino-gateway-configuration + mountPath: "/etc/gateway/config.yaml" + subPath: "config.yaml" + readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: trino-gateway-configuration + secret: + secretName: trino-gateway-configuration + optional: false + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gateway/templates/hpa.yaml b/charts/gateway/templates/hpa.yaml new file mode 100644 index 00000000..ccc74402 --- /dev/null +++ b/charts/gateway/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "trino-gateway.fullname" . }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "trino-gateway.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/gateway/templates/ingress.yaml b/charts/gateway/templates/ingress.yaml new file mode 100644 index 00000000..ff5f4625 --- /dev/null +++ b/charts/gateway/templates/ingress.yaml @@ -0,0 +1,69 @@ + +{{- if .Values.ingress.enabled -}} +{{- $fullName := .Values.serviceName -}} +{{- $svcPort := -1 }} +{{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} + {{- $svcPort = index .Values "config" "serverConfig" "http-server.http.port" }} +{{- else if index .Values "config" "serverConfig" "http-server.https.enabled" }} + {{ $svcPort = index .Values "config" "serverConfig" "http-server.https.port" }} +{{- else }} + {{- fail "Error: Either https or http must be enabled in serverConfig!" }} +{{- end }} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/gateway/templates/secrets.yaml b/charts/gateway/templates/secrets.yaml new file mode 100644 index 00000000..da3bba6e --- /dev/null +++ b/charts/gateway/templates/secrets.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: trino-gateway-configuration +type: "Opaque" +data: + config.yaml: "{{toYaml .Values.config | b64enc}}" diff --git a/charts/gateway/templates/service.yaml b/charts/gateway/templates/service.yaml new file mode 100644 index 00000000..f30bbe28 --- /dev/null +++ b/charts/gateway/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.serviceName }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} +{{- $gatewayPort := "" }} +{{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} + {{- $gatewayPort = index .Values "config" "serverConfig" "http-server.http.port" }} +{{- end }} +{{- if index .Values "config" "serverConfig" "http-server.https.enabled" }} +{{- $gatewayPort = index .Values "config" "serverConfig" "http-server.https.port" }} +{{- end }} +{{- if empty $gatewayPort }} +{{- fail "Error: No port defined in serverConfig!" $gatewayPort }} +{{- end}} +{{- $portDefault := dict "port" $gatewayPort "targetPort" $gatewayPort }} +{{- $portValues := .Values.service.ports | default list | first | default $portDefault}} +{{- $_0 := set $portValues "port" $gatewayPort}} +{{- $_1 := set $portValues "targetPort" $gatewayPort}} +{{- $ports := list $portValues }} +{{- $additionalPorts := .Values.service.ports | default list | rest }} +{{- $allPorts := concat $ports $additionalPorts}} +{{- $spec := .Values.service }} +{{- $_2 := set $spec "ports" $allPorts }} +{{- $selectorLabels := include "trino-gateway.selectorLabels" . | fromYaml }} +{{- $_3 := set $spec "selector" $selectorLabels }} +spec: {{ $spec | toYaml | nindent 2}} diff --git a/charts/gateway/templates/serviceaccount.yaml b/charts/gateway/templates/serviceaccount.yaml new file mode 100644 index 00000000..5c6ba208 --- /dev/null +++ b/charts/gateway/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trino-gateway.serviceAccountName" . }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/gateway/templates/tests/test-connection.yaml b/charts/gateway/templates/tests/test-connection.yaml new file mode 100644 index 00000000..ba994e15 --- /dev/null +++ b/charts/gateway/templates/tests/test-connection.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "trino-gateway.fullname" . }}-test-connection" + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + initContainers: + - name: extract-persistence-sql + image: "trinodb/trino-gateway" + command: + - "/bin/sh" + - "-c" + - | + cd /etc/persistence && \ + jar -xvf /usr/lib/trino/gateway-ha-jar-with-dependencies.jar \ + gateway-ha-persistence-postgres.sql + volumeMounts: + - name: persistence-sql + mountPath: /etc/persistence + - name: initialize-db + image: bitnami/postgresql:17.1.0 + command: + - "/bin/sh" + - "-c" + - | + echo "Initialize gateway schema"; + PGPASSWORD=pass0000 psql \ + -h gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local \ + -U gateway -d gateway \ + -f /etc/persistence/gateway-ha-persistence-postgres.sql + volumeMounts: + - name: persistence-sql + mountPath: /etc/persistence + containers: + - name: curl + image: alpine + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + # Get the list of backends, which should return an empty list, "[]". For this test to pass + # the gateway must successfully connect to an initialized backend database + command: + - "sh" + - "-c" + - | + apk add curl + {{- if eq .Values.service.type "NodePort" -}} + && [ "$(curl -k --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 https://${NODE_IP}:30443/entity/GATEWAY_BACKEND )" = "[]" ] && [ "$(curl --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 http://${NODE_IP}:30080/entity/GATEWAY_BACKEND )" = "[]" ] + {{- end }} + {{- if index .Values "config" "serverConfig" "http-server.https.enabled" -}} + && [ "$(curl -k --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 -v https://{{ .Values.serviceName }}:8443/entity/GATEWAY_BACKEND )" = "[]" ] + {{- end }} + {{- if index .Values "config" "serverConfig" "http-server.http.enabled" -}} + && [ "$(curl --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 -v http://{{ .Values.serviceName }}:8080/entity/GATEWAY_BACKEND )" = "[]" ] + {{- end }} + volumes: + - name: persistence-sql + emptyDir: + sizeLimit: 10Mi + + restartPolicy: Never diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml new file mode 100644 index 00000000..39794f5c --- /dev/null +++ b/charts/gateway/values.yaml @@ -0,0 +1,205 @@ +# Default values for trino. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + # -- Override the image tag whose default is the chart appVersion. + tag: "" + +# -- An optional list of references to secrets in the same namespace to use for pulling images. +# @raw +# Example: +# ```yaml +# imagePullSecrets: +# - name: registry-credentials +# ``` +imagePullSecrets: [] + +# -- A list of secrets and configmaps to mount into the init container as environment variables. +# @raw +# Example: +# ```yaml +# envFrom: +# - secretRef: +# name: password-secret +# ``` +envFrom: [] + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + http-server.http.enabled: true + dataStore: + # -- The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://localhost:5432/gateway + user: postgres + password: mysecretpassword + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +# -- Startup command for Trino Gateway process. Add additional Java options and other modifications as desired. +command: + - "java" + - "-XX:MinRAMPercentage=80.0" + - "-XX:MaxRAMPercentage=80.0" + - "-jar" + - "/usr/lib/trino/gateway-ha-jar-with-dependencies.jar" + - "/etc/gateway/config.yaml" + +# -- Service for accessing the gateway. The contents of this dictionary are used +# for the [service spec](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). +# The `port` and `targetPort` of the first element +# of the ports list will automatically be set to the value of +# `config.serverConfig."http-server.http[s].port"`. If both https and http ports are defined +# the https port is used. In this case, an additional service for the http port must be +# configured manually. Additional ports, such as for JMX or a Java Agent +# can be configured by adding elements to the ports list. The selector is +# also automatically configured. All other values are passed through as is. +# +# Example configuration for exposing both https and http: +# @raw +# ```yaml +# service: +# type: NodePort +# ports: +# - protocol: TCP +# name: request +# nodePort: 30443 +# # targetPort and port will automatically pulled from serverConfig.http-server.https.port +# - protocol: TCP +# name: gateway-http +# nodePort: 30080 +# port: 8080 +# # targetPort must be explicitly set to the same value as serverConfig.http-server.http.port +# targetPort: 8080 +# ``` + +service: + type: ClusterIP + ports: + - protocol: TCP + name: gateway + +# -- Set a custom name for the gateway service +serviceName: trino-gateway + +ingress: + enabled: false + className: "" + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + # ingress.hosts -- [Ingress + # rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + # @raw + # Example: + # ```yaml + # - host: trino.example.com + # paths: + # - path: / + # pathType: ImplementationSpecific + # ``` + tls: [] + # ingress.tls -- Ingress + # [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) + # configuration. + # @raw + # Example: + # ```yaml + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # ``` + +resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 2 + memory: 4Gi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + # -- Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, + # set to an empty string. + targetCPUUtilizationPercentage: 80 + # -- Target average memory utilization, represented as a percentage of requested memory. To disable scaling + # based on memory, set to an empty string. + targetMemoryUtilizationPercentage: "" + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 + timeoutSeconds: 1 + scheme: HTTP + +readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 12 + timeoutSeconds: 1 + scheme: HTTP + +volumes: {} + +volumeMounts: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Labels that get applied to every resource's metadata +commonLabels: {} + +podAnnotations: {} + +podLabels: {} + +# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. +# To remove the default, set it to null (or `~`). +podSecurityContext: {} + +securityContext: {} +# securityContext -- [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +# @raw +# Example: +# ```yaml +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# ``` + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" diff --git a/Chart.yaml b/charts/trino/Chart.yaml similarity index 76% rename from Chart.yaml rename to charts/trino/Chart.yaml index 14808ec2..2dd929fd 100644 --- a/Chart.yaml +++ b/charts/trino/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: trino -description: Fast distributed SQL query engine for big data analytics +description: Fast distributed SQL query engine for big data analytics that helps you explore your data universe # A chart can be either an 'application' or a 'library' chart. # @@ -15,9 +15,20 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 1.37.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 351 +# Same value as in values.yml#image.tag +appVersion: "470" + +icon: https://trino.io/assets/trino.png + +home: https://trino.io/ +sources: + - https://github.com/trinodb/charts + - https://github.com/trinodb/trino/tree/master/core/docker + +maintainers: + - name: Trino community diff --git a/charts/trino/README.md b/charts/trino/README.md new file mode 100644 index 00000000..48caa55a --- /dev/null +++ b/charts/trino/README.md @@ -0,0 +1,967 @@ +# trino + +![Version: 1.37.0](https://img.shields.io/badge/Version-1.37.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 470](https://img.shields.io/badge/AppVersion-470-informational?style=flat-square) + +Fast distributed SQL query engine for big data analytics that helps you explore your data universe + +**Homepage:** + +## Source Code + +* +* + +## Values +* `accessControl` - object, default: `{}` + + [System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration. + Set the type property to either: + * `configmap`, and provide the rule file contents in `rules`, + * `properties`, and provide configuration properties in `properties`. + Properties example: + ```yaml + type: properties + properties: | + access-control.name=custom-access-control + access-control.custom_key=custom_value + ``` + Config map example: + ```yaml + type: configmap + refreshPeriod: 60s + # Rules file is mounted to /etc/trino/access-control + configFile: "rules.json" + rules: + rules.json: |- + { + "catalogs": [ + { + "user": "admin", + "catalog": "(mysql|system)", + "allow": "all" + }, + { + "group": "finance|human_resources", + "catalog": "postgres", + "allow": true + }, + { + "catalog": "hive", + "allow": "all" + }, + { + "user": "alice", + "catalog": "postgresql", + "allow": "read-only" + }, + { + "catalog": "system", + "allow": "none" + } + ], + "schemas": [ + { + "user": "admin", + "schema": ".*", + "owner": true + }, + { + "user": "guest", + "owner": false + }, + { + "catalog": "default", + "schema": "default", + "owner": true + } + ] + } + ``` +* `additionalCatalogs` - object, default: `{}` + + Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +* `additionalConfigProperties` - list, default: `[]` + + [Additional config properties](https://trino.io/docs/current/admin/properties.html). + Example: + ```yaml + - internal-communication.shared-secret=random-value-999 + - http-server.process-forwarded=true + ``` +* `additionalExchangeManagerProperties` - list, default: `[]` + + [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). + Example: + ```yaml + - exchange.s3.region=object-store-region + - exchange.s3.endpoint=your-object-store-endpoint + - exchange.s3.aws-access-key=your-access-key + - exchange.s3.aws-secret-key=your-secret-key + ``` +* `additionalLogProperties` - list, default: `[]` + + [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example: + ```yaml + - io.airlift=DEBUG + ``` +* `additionalNodeProperties` - list, default: `[]` + + [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example, assuming the NODE_ID environment variable has been set: + ```yaml + - node.id=${NODE_ID} + ``` +* `auth` - object, default: `{}` + + Available authentication methods. + Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): + ```yaml + passwordAuth: "username:encrypted-password-with-htpasswd" + ``` + Set the name of a secret containing this file in the password.db key + ```yaml + passwordAuthSecret: "trino-password-authentication" + ``` + Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): + ```yaml + refreshPeriod: 5s + groups: "group_name:user_1,user_2,user_3" + ``` + Set the name of a secret containing this file in the group.db key + ```yaml + groupAuthSecret: "trino-group-authentication" + ``` +* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` + + Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + Example: + ```yaml + objectstore: | + connector.name=iceberg + iceberg.catalog.type=glue + jmx: | + connector.name=memory + memory: | + connector.name=memory + memory.max-data-per-node=128MB + ``` +* `catalogsSecrets` - list, default: `[]` +* `commonLabels` - object, default: `{}` + + Labels that get applied to every resource's metadata +* `configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-map + path: /config-map/sample.json + subPath: sample.json + ``` +* `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` + + [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +* `containerSecurityContext.allowPrivilegeEscalation` - bool, default: `false` + + Control whether a process can gain more privileges than its parent process. +* `containerSecurityContext.capabilities.drop` - list, default: `["ALL"]` + + A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove the "CAP_" prefix which the kernel attaches to the names of permissions. +* `coordinator.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `coordinator.additionalExposedPorts` - object, default: `{}` + + Additional ports configured in the coordinator container and the service. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + nodePort: 30443 + protocol: TCP + ``` +* `coordinator.additionalJVMConfig` - list, default: `[]` +* `coordinator.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to the coordinator. + Example: + - name: extras + mountPath: /usr/share/extras + readOnly: true +* `coordinator.additionalVolumes` - list, default: `[]` + + One or more additional volumes to add to the coordinator. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `coordinator.affinity` - object, default: `{}` +* `coordinator.annotations` - object, default: `{}` +* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""` +* `coordinator.config.nodeScheduler.includeCoordinator` - bool, default: `false` + + Allows scheduling work on the coordinator so that a single machine can function as both coordinator and worker. For large clusters, processing work on the coordinator can negatively impact query performance because the machine's resources are not available for the critical coordinator tasks of scheduling, managing, and monitoring query execution. +* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `coordinator.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json + ``` +* `coordinator.deployment.annotations` - object, default: `{}` +* `coordinator.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `coordinator.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `coordinator.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `coordinator.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `coordinator.jvm.maxHeapSize` - string, default: `"8G"` +* `coordinator.labels` - object, default: `{}` +* `coordinator.lifecycle` - object, default: `{}` + + Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `coordinator.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) options + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.nodeSelector` - object, default: `{}` +* `coordinator.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `coordinator.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `coordinator.terminationGracePeriodSeconds` - int, default: `30` +* `coordinator.tolerations` - list, default: `[]` +* `coordinatorNameOverride` - string, default: `nil` +* `env` - list, default: `[]` + + additional environment variables added to every pod, specified as a list with explicit values + Example: + ```yaml + - name: NAME + value: "value" + ``` +* `envFrom` - list, default: `[]` + + additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references + Example: + ```yaml + - secretRef: + name: extra-secret + ``` +* `eventListenerProperties` - list, default: `[]` + + [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + Example: + ```yaml + - event-listener.name=custom-event-listener + - custom-property1=custom-value1 + - custom-property2=custom-value2 + ``` +* `image.digest` - string, default: `""` + + Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `image.registry` - string, default: `""` + + Image registry, defaults to empty, which results in DockerHub usage +* `image.repository` - string, default: `"trinodb/trino"` + + Repository location of the Trino image, typically `organization/imagename` +* `image.tag` - string, default: `""` + + Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml +* `image.useRepositoryAsSoleImageReference` - bool, default: `false` + + When true, only the content in `repository` is used as image reference +* `imagePullSecrets` - list, default: `[]` + + An optional list of references to secrets in the same namespace to use for pulling images. + Example: + ```yaml + imagePullSecrets: + - name: registry-credentials + ``` +* `ingress.annotations` - object, default: `{}` +* `ingress.className` - string, default: `""` +* `ingress.enabled` - bool, default: `false` +* `ingress.hosts` - list, default: `[]` + + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Example: + ```yaml + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific + ``` +* `ingress.tls` - list, default: `[]` + + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Example: + ```yaml + - secretName: chart-example-tls + hosts: + - chart-example.local + ``` +* `initContainers` - object, default: `{}` + + Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. + Example: + ```yaml + coordinator: + - name: init-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + worker: + - name: init-worker + image: busybox:1.28 + command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] + ``` +* `jmx.coordinator` - object, default: `{}` + + Override JMX configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + exporter: + enabled: true + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + ``` +* `jmx.enabled` - bool, default: `false` + + Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). +* `jmx.exporter.configProperties` - string, default: `""` + + The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + Example: + ```yaml + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + lowercaseOutputName: false + lowercaseOutputLabelNames: false + includeObjectNames: ["java.lang:type=Threading"] + autoExcludeObjectNameAttributes: true + excludeObjectNameAttributes: + "java.lang:type=OperatingSystem": + - "ObjectName" + "java.lang:type=Runtime": + - "ClassPath" + - "SystemProperties" + rules: + - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + name: java_lang_Threading_ThreadCount + value: '$2' + help: 'ThreadCount (java.lang<>ThreadCount)' + type: UNTYPED + ``` +* `jmx.exporter.enabled` - bool, default: `false` + + Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption +* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:1.0.1"` +* `jmx.exporter.port` - int, default: `5556` +* `jmx.exporter.pullPolicy` - string, default: `"Always"` +* `jmx.exporter.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `jmx.exporter.securityContext` - object, default: `{}` +* `jmx.registryPort` - int, default: `9080` +* `jmx.serverPort` - int, default: `9081` +* `jmx.worker` - object, default: `{}` + + Override JMX configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + exporter: + enabled: true + ``` +* `kafka.mountPath` - string, default: `"/etc/trino/schemas"` +* `kafka.tableDescriptions` - object, default: `{}` + + Custom kafka table descriptions that will be mounted in mountPath. + Example: + ```yaml + testschema.json: |- + { + "tableName": "testtable", + "schemaName": "testschema", + "topicName": "testtopic", + "key": { + "dataFormat": "json", + "fields": [ + { + "name": "_key", + "dataFormat": "VARCHAR", + "type": "VARCHAR", + "hidden": "false" + } + ] + }, + "message": { + "dataFormat": "json", + "fields": [ + { + "name": "id", + "mapping": "id", + "type": "BIGINT" + }, + { + "name": "test_field", + "mapping": "test_field", + "type": "VARCHAR" + } + ] + } + } + ``` +* `ldapSecrets` - list, default: `[]` +* `nameOverride` - string, default: `nil` + + Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. + Example: + ```yaml + coordinatorNameOverride: trino-coordinator-adhoc + workerNameOverride: trino-worker-adhoc + nameOverride: trino-adhoc + ``` +* `networkPolicy.egress` - list, default: `[]` + + Egress rules to apply to the Trino pods. + Example: + ```yaml + - to: + - podSelector: + matchLabels: + role: log-ingestor + ports: + - protocol: TCP + port: 9999 + ``` +* `networkPolicy.enabled` - bool, default: `false` + + Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + > [!NOTE] + > - NetworkPolicies cannot block the ingress traffic coming directly + > from the Kubernetes node on which the Pod is running, + > and are thus incompatible with services of type `NodePort`. + > - When using NetworkPolicies together with JMX metrics export, + > additional ingress rules might be required to allow metric scraping. +* `networkPolicy.ingress` - list, default: `[]` + + Additional ingress rules to apply to the Trino pods. + Example: + ```yaml + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus + - podSelector: + matchLabels: + role: backend-app + ports: + - protocol: TCP + port: 8080 + - protocol: TCP + port: 5556 + ``` +* `resourceGroups` - object, default: `{}` + + [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) + Set the type property to either: + * `configmap`, and provide the Resource groups file contents in `resourceGroupsConfig`, + * `properties`, and provide configuration properties in `properties`. + Properties example: + ```yaml + type: properties + properties: | + resource-groups.configuration-manager=db + resource-groups.config-db-url=jdbc:postgresql://trino-postgresql.postgresql.svc.cluster.local:3306/resource_groups + resource-groups.config-db-user=username + resource-groups.config-db-password=password + ``` + Config map example: + ```yaml + type: configmap + # Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json + resourceGroupsConfig: |- + { + "rootGroups": [ + { + "name": "global", + "softMemoryLimit": "80%", + "hardConcurrencyLimit": 100, + "maxQueued": 100, + "schedulingPolicy": "fair", + "jmxExport": true, + "subGroups": [ + { + "name": "admin", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "finance_human_resources", + "softMemoryLimit": "20%", + "hardConcurrencyLimit": 15, + "maxQueued": 10 + }, + { + "name": "general", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "readonly", + "softMemoryLimit": "10%", + "hardConcurrencyLimit": 5, + "maxQueued": 5 + } + ] + } + ], + "selectors": [ + { + "user": "admin", + "group": "global.admin" + }, + { + "group": "finance|human_resources", + "group": "global.finance_human_resources" + }, + { + "user": "alice", + "group": "global.readonly" + }, + { + "group": "global.general" + } + ] + } + ``` +* `secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + - name: catalogs + secretName: catalogs + path: /etc/trino/catalog + - name: ldap + secretName: ldap + path: /etc/trino/ldap + ``` +* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` + + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `server.autoscaling` - object, default: `{"behavior":{},"enabled":false,"maxReplicas":5,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":80}` + + Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for workers (`server.keda.enabled` must be `false`). +* `server.autoscaling.behavior` - object, default: `{}` + + Configuration for scaling up and down. + Example: + ```yaml + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + scaleUp: + stabilizationWindowSeconds: 0 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + - type: Pods + value: 4 + periodSeconds: 15 + selectPolicy: Max + ``` +* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `server.config.authenticationType` - string, default: `""` + + Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. +* `server.config.https.enabled` - bool, default: `false` +* `server.config.https.keystore.path` - string, default: `""` +* `server.config.https.port` - int, default: `8443` +* `server.config.path` - string, default: `"/etc/trino"` +* `server.config.query.maxMemory` - string, default: `"4GB"` +* `server.coordinatorExtraConfig` - string, default: `""` +* `server.exchangeManager` - object, default: `{}` + + Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. + Example: + ```yaml + server: + exchangeManager: + name: "filesystem" + baseDir: + - "/tmp/trino-local-file-system-exchange-manager" + additionalConfigProperties: + - retry-policy=TASK + additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 + ``` +* `server.keda` - object, default: `{"advanced":{},"annotations":{},"cooldownPeriod":300,"enabled":false,"fallback":{},"initialCooldownPeriod":0,"maxReplicaCount":5,"minReplicaCount":0,"pollingInterval":30,"triggers":[]}` + + Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers (`server.autoscaling.enabled` must be `false`). +* `server.keda.advanced` - object, default: `{}` + + Specifies HPA related options + Example: + ```yaml + advanced: + horizontalPodAutoscalerConfig: + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + ``` +* `server.keda.annotations` - object, default: `{}` + + Annotations to apply to the ScaledObject CRD. + Example: + ```yaml + annotations: + autoscaling.keda.sh/paused-replicas: "0" + autoscaling.keda.sh/paused: "true" + ``` +* `server.keda.cooldownPeriod` - int, default: `300` + + Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 +* `server.keda.fallback` - object, default: `{}` + + Defines a number of replicas to fall back to if a scaler is in an error state. + Example: + ```yaml + fallback: # Optional. Section to specify fallback options + failureThreshold: 3 # Mandatory if fallback section is included + replicas: 6 # Mandatory if fallback section is included + ``` +* `server.keda.initialCooldownPeriod` - int, default: `0` + + The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. +* `server.keda.maxReplicaCount` - int, default: `5` + + This setting is passed to the HPA definition that KEDA will create for a given resource and holds the maximum number of replicas of the target resource. +* `server.keda.minReplicaCount` - int, default: `0` + + Minimum number of replicas KEDA will scale the resource down to. By default, it’s scale to zero, but you can use it with some other value as well. +* `server.keda.triggers` - list, default: `[]` + + List of triggers to activate scaling of the target resource + Example: + ```yaml + triggers: + - type: prometheus + metricType: Value + metadata: + serverAddress: "http://prometheus.example.com" + threshold: "1" + metricName: required_workers + query: >- + sum by (service) + (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + ``` +* `server.log.trino.level` - string, default: `"INFO"` +* `server.node.dataDir` - string, default: `"/data/trino"` +* `server.node.environment` - string, default: `"production"` +* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"` +* `server.workerExtraConfig` - string, default: `""` +* `server.workers` - int, default: `2` +* `service.annotations` - object, default: `{}` +* `service.nodePort` - string, default: `""` + + The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). +* `service.port` - int, default: `8080` +* `service.type` - string, default: `"ClusterIP"` +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `serviceAccount.create` - bool, default: `false` + + Specifies whether a service account should be created +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template +* `serviceMonitor.apiVersion` - string, default: `"monitoring.coreos.com/v1"` +* `serviceMonitor.coordinator` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + labels: + prometheus: my-prometheus + ``` +* `serviceMonitor.enabled` - bool, default: `false` + + Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). +* `serviceMonitor.interval` - string, default: `"30s"` + + The serviceMonitor web endpoint interval +* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}` + + Labels for serviceMonitor, so that Prometheus can select it +* `serviceMonitor.worker` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + labels: + prometheus: my-prometheus + ``` +* `shareProcessNamespace.coordinator` - bool, default: `false` +* `shareProcessNamespace.worker` - bool, default: `false` +* `sidecarContainers` - object, default: `{}` + + Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run. + Example: + ```yaml + coordinator: + - name: side-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + worker: + - name: side-worker + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + ``` +* `worker.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `worker.additionalExposedPorts` - object, default: `{}` + + Additional container ports configured in all worker pods. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + ``` +* `worker.additionalJVMConfig` - list, default: `[]` +* `worker.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + mountPath: /usr/share/extras + readOnly: true + ``` +* `worker.additionalVolumes` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `worker.affinity` - object, default: `{}` +* `worker.annotations` - object, default: `{}` +* `worker.config.memory.heapHeadroomPerNode` - string, default: `""` +* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `worker.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json + ``` +* `worker.deployment.annotations` - object, default: `{}` +* `worker.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `worker.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}` + + Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually. + Example: + ```yaml + gracefulShutdown: + enabled: true + gracePeriodSeconds: 120 + ``` +* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `worker.jvm.maxHeapSize` - string, default: `"8G"` +* `worker.labels` - object, default: `{}` +* `worker.lifecycle` - object, default: `{}` + + Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `worker.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.nodeSelector` - object, default: `{}` +* `worker.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `worker.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `worker.terminationGracePeriodSeconds` - int, default: `30` +* `worker.tolerations` - list, default: `[]` +* `workerNameOverride` - string, default: `nil` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/trino/README.md.gotmpl b/charts/trino/README.md.gotmpl new file mode 100644 index 00000000..e296f05a --- /dev/null +++ b/charts/trino/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesHeader" . }} + +{{- range .Values }} +* `{{ .Key }}` - {{ .Type }}, default: {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}{{ if or .Description .AutoDescription }} {{ end }} +{{- if .Description }} +{{ .Description | nindent 2 }} +{{- else if .AutoDescription }} +{{ .AutoDescription | nindent 2 }} +{{- end }} +{{- end }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/templates/NOTES.txt b/charts/trino/templates/NOTES.txt similarity index 78% rename from templates/NOTES.txt rename to charts/trino/templates/NOTES.txt index 251ff875..90930a1d 100644 --- a/templates/NOTES.txt +++ b/charts/trino/templates/NOTES.txt @@ -4,7 +4,7 @@ Get the application URL by running these commands: export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "trino.name" . }},release={{ .Release.Name }},component=coordinator" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} --selector "app.kubernetes.io/name={{ template "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=coordinator" --output name) echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:8080 {{- end }} diff --git a/charts/trino/templates/_helpers.tpl b/charts/trino/templates/_helpers.tpl new file mode 100644 index 00000000..e6023abd --- /dev/null +++ b/charts/trino/templates/_helpers.tpl @@ -0,0 +1,157 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trino.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trino.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trino.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "trino.coordinator" -}} +{{- if .Values.coordinatorNameOverride }} +{{- .Values.coordinatorNameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "coordinator" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "coordinator" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trino.worker" -}} +{{- if .Values.workerNameOverride }} +{{- .Values.workerNameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "worker" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "worker" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{- define "trino.catalog" -}} +{{ template "trino.fullname" . }}-catalog +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "trino.labels" -}} +helm.sh/chart: {{ include "trino.chart" . }} +{{ include "trino.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels }} +{{ tpl (toYaml .Values.commonLabels) . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trino.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trino.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "trino.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "trino.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the proper image name +{{ include "trino.image" . }} + +Code is inspired from bitnami/common + +*/}} +{{- define "trino.image" -}} +{{- $repositoryName := .Values.image.repository -}} +{{- if .Values.image.useRepositoryAsSoleImageReference -}} + {{- printf "%s" $repositoryName -}} +{{- else -}} + {{- $repositoryName := .Values.image.repository -}} + {{- $registryName := .Values.image.registry -}} + {{- $separator := ":" -}} + {{- $termination := (default .Chart.AppVersion .Values.image.tag) | toString -}} + {{- if .Values.image.digest }} + {{- $separator = "@" -}} + {{- $termination = .Values.image.digest | toString -}} + {{- end -}} + {{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} + {{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the secret name for the file-based authentication's password file +*/}} +{{- define "trino.passwordSecretName" -}} +{{- if and .Values.auth .Values.auth.passwordAuthSecret }} +{{- .Values.auth.passwordAuthSecret | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "password-file" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "password-file" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create the secret name for the group-provider file +*/}} +{{- define "trino.groupsSecretName" -}} +{{- if and .Values.auth .Values.auth.groupAuthSecret }} +{{- .Values.auth.groupAuthSecret | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "groups-file" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "groups-file" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/trino/templates/autoscaler.yaml b/charts/trino/templates/autoscaler.yaml new file mode 100644 index 00000000..9bc88014 --- /dev/null +++ b/charts/trino/templates/autoscaler.yaml @@ -0,0 +1,37 @@ +{{- if .Values.server.autoscaling.enabled -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + minReplicas: {{ .Values.server.workers }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "trino.worker" . }} + metrics: + {{- if .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- if .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{ if .Values.server.autoscaling.behavior -}} + behavior: + {{- toYaml .Values.server.autoscaling.behavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-access-control-coordinator.yaml b/charts/trino/templates/configmap-access-control-coordinator.yaml new file mode 100644 index 00000000..80e6edbc --- /dev/null +++ b/charts/trino/templates/configmap-access-control-coordinator.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.accessControl.type "configmap" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.accessControl.rules }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-access-control-worker.yaml b/charts/trino/templates/configmap-access-control-worker.yaml new file mode 100644 index 00000000..7585962b --- /dev/null +++ b/charts/trino/templates/configmap-access-control-worker.yaml @@ -0,0 +1,22 @@ +{{- if .Values.worker.gracefulShutdown.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + graceful-shutdown-rules.json: >- + { + "system_information": [ + { + "allow": [ + "write" + ], + "user": "admin" + } + ] + } +{{- end }} diff --git a/charts/trino/templates/configmap-catalog.yaml b/charts/trino/templates/configmap-catalog.yaml new file mode 100644 index 00000000..767b49fd --- /dev/null +++ b/charts/trino/templates/configmap-catalog.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.catalog" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: catalogs +data: +{{- $merged := merge .Values.catalogs .Values.additionalCatalogs }} +{{- range $catalogName, $catalogProperties := $merged }} + {{ $catalogName }}.properties: | + {{- $catalogProperties | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml new file mode 100644 index 00000000..5c4f7500 --- /dev/null +++ b/charts/trino/templates/configmap-coordinator.yaml @@ -0,0 +1,187 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} + node.data-dir={{ .Values.server.node.dataDir }} + plugin.dir={{ .Values.server.node.pluginDir }} + {{- range $configValue := .Values.additionalNodeProperties }} + {{ $configValue }} + {{- end }} + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx{{ .Values.coordinator.jvm.maxHeapSize }} + -XX:+{{ .Values.coordinator.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.coordinator.jvm.gcMethod.g1.heapRegionSize }} + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + {{/* only check the version number if the image is not overriden in any way */}} + {{- with .Values.image -}} + {{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }} + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + {{- end }}{{/* if */}} + {{- end }}{{/* with */}} + {{- range $configValue := .Values.coordinator.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + {{- if $coordinatorJmx.enabled }} + -Dcom.sun.management.jmxremote.rmi.port={{- $coordinatorJmx.serverPort }} + {{- end }} + + config.properties: | + coordinator=true + node-scheduler.include-coordinator={{ .Values.coordinator.config.nodeScheduler.includeCoordinator }} + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.coordinator.config.query.maxMemoryPerNode }} + {{- if .Values.coordinator.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.coordinator.config.memory.heapHeadroomPerNode }} + {{- end }} + discovery.uri=http://localhost:{{ .Values.service.port }} + {{- if .Values.server.config.authenticationType }} + http-server.authentication.type={{ .Values.server.config.authenticationType }} + {{- end }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} + {{- if .Values.server.config.https.enabled }} + http-server.https.enabled=true + http-server.https.port={{ .Values.server.config.https.port }} + http-server.https.keystore.path={{ .Values.server.config.https.keystore.path }} + {{- end }} + {{- if $coordinatorJmx.enabled }} + jmx.rmiregistry.port={{- $coordinatorJmx.registryPort }} + jmx.rmiserver.port={{- $coordinatorJmx.serverPort }} + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s + {{- end }} + {{- if .Values.server.coordinatorExtraConfig }} + {{- .Values.server.coordinatorExtraConfig | nindent 4 }} + {{- end }} + +{{- if .Values.accessControl }} + {{- if eq .Values.accessControl.type "configmap" }} + access-control.properties: | + access-control.name=file + {{- if .Values.accessControl.refreshPeriod }} + security.refresh-period={{ .Values.accessControl.refreshPeriod }} + {{- end }} + security.config-file={{ .Values.server.config.path }}/access-control/{{ .Values.accessControl.configFile | default "rules.json" }} + {{- else if eq .Values.accessControl.type "properties" }} + access-control.properties: | + {{- if .Values.accessControl.properties }} + {{- .Values.accessControl.properties | nindent 4 }} + {{- else}} + {{- fail "accessControl.properties is required when accessControl.type is 'properties'." }} + {{- end }} + {{- else}} + {{- fail "Invalid accessControl.type value. It must be either 'configmap' or 'properties'." }} + {{- end }} +{{- end }} + +{{- if .Values.resourceGroups }} + {{- if eq .Values.resourceGroups.type "configmap" }} + resource-groups.properties: | + resource-groups.configuration-manager=file + resource-groups.config-file={{ .Values.server.config.path }}/resource-groups/resource-groups.json + {{- else if eq .Values.resourceGroups.type "properties" }} + resource-groups.properties: | + {{- if .Values.resourceGroups.properties }} + {{- .Values.resourceGroups.properties | nindent 4 }} + {{- else}} + {{- fail "resourceGroups.properties is required when resourceGroups.type is 'properties'." }} + {{- end }} + {{- else}} + {{- fail "Invalid resourceGroups.type value. It must be either 'configmap' or 'properties'." }} + {{- end }} +{{- end }} + +{{- if .Values.server.exchangeManager }} + exchange-manager.properties: | + exchange-manager.name={{ .Values.server.exchangeManager.name }} + exchange.base-directories={{ join "," .Values.server.exchangeManager.baseDir }} + {{- range $configValue := .Values.additionalExchangeManagerProperties }} + {{ $configValue }} + {{- end }} +{{- end }} + + log.properties: | + io.trino={{ .Values.server.log.trino.level }} + {{- range $configValue := .Values.additionalLogProperties }} + {{ $configValue }} + {{- end }} + + {{- if contains "PASSWORD" .Values.server.config.authenticationType }}{{- if not (index .Values.coordinator.additionalConfigFiles "password-authenticator.properties") }} + password-authenticator.properties: | + password-authenticator.name=file + file.password-file={{ .Values.server.config.path }}/auth/password/password.db + {{- end }}{{- end }} + + {{- if .Values.auth.groups }}{{- if not (index .Values.coordinator.additionalConfigFiles "group-provider.properties") }} + group-provider.properties: | + group-provider.name=file + file.group-file={{ .Values.server.config.path }}/auth/group/group.db + {{- if .Values.auth.refreshPeriod }} + file.refresh-period={{ .Values.auth.refreshPeriod }} + {{- end }} + {{- end }}{{- end }} + +{{ if .Values.eventListenerProperties }} + event-listener.properties: | + {{- range $configValue := .Values.eventListenerProperties }} + {{ $configValue }} + {{- end }} +{{ end }} + +{{- range $fileName, $fileContent := .Values.coordinator.additionalConfigFiles }} + {{ $fileName }}: | + {{- tpl $fileContent $ | nindent 4 }} +{{- end }} +{{- if eq .Values.resourceGroups.type "configmap" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + resource-groups.json: |- + {{- .Values.resourceGroups.resourceGroupsConfig | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-schemas-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} diff --git a/charts/trino/templates/configmap-jmx-exporter.yaml b/charts/trino/templates/configmap-jmx-exporter.yaml new file mode 100644 index 00000000..e11f3478 --- /dev/null +++ b/charts/trino/templates/configmap-jmx-exporter.yaml @@ -0,0 +1,29 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +{{- if $coordinatorJmx.exporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: jmx +data: + jmx-exporter-config.yaml: |- + {{- tpl $coordinatorJmx.exporter.configProperties . | nindent 4 }} +{{- end }} +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if $workerJmx.exporter.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: jmx +data: + jmx-exporter-config.yaml: |- + {{- tpl $workerJmx.exporter.configProperties . | nindent 4 }} +{{- end }} diff --git a/charts/trino/templates/configmap-worker.yaml b/charts/trino/templates/configmap-worker.yaml new file mode 100644 index 00000000..d78cdee2 --- /dev/null +++ b/charts/trino/templates/configmap-worker.yaml @@ -0,0 +1,120 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if or .Values.server.keda.enabled (gt (int .Values.server.workers) 0) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} + node.data-dir={{ .Values.server.node.dataDir }} + plugin.dir={{ .Values.server.node.pluginDir }} + {{- range $configValue := .Values.additionalNodeProperties }} + {{ $configValue }} + {{- end }} + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx{{ .Values.worker.jvm.maxHeapSize }} + -XX:+{{ .Values.worker.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.worker.jvm.gcMethod.g1.heapRegionSize }} + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + {{/* only check the version number if the image is not overriden in any way */}} + {{- with .Values.image -}} + {{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }} + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + {{- end }}{{/* if */}} + {{- end }}{{/* with */}} + {{- range $configValue := .Values.worker.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + {{- if $workerJmx.enabled }} + -Dcom.sun.management.jmxremote.rmi.port={{- $workerJmx.serverPort }} + {{- end }} + + config.properties: | + coordinator=false + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.worker.config.query.maxMemoryPerNode }} + {{- if .Values.worker.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.worker.config.memory.heapHeadroomPerNode }} + {{- end }} + discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} + {{- if $workerJmx.enabled }} + jmx.rmiregistry.port={{- $workerJmx.registryPort }} + jmx.rmiserver.port={{- $workerJmx.serverPort }} + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s + {{- end }} + {{- if .Values.server.workerExtraConfig }} + {{- .Values.server.workerExtraConfig | nindent 4 }} + {{- end }} + +{{- if .Values.worker.gracefulShutdown.enabled }} + access-control.properties: | + access-control.name=file + security.config-file={{ .Values.server.config.path }}/access-control/graceful-shutdown-rules.json +{{- end }} + +{{- if .Values.server.exchangeManager }} + exchange-manager.properties: | + exchange-manager.name={{ .Values.server.exchangeManager.name }} + exchange.base-directories={{ join "," .Values.server.exchangeManager.baseDir }} + {{- range $configValue := .Values.additionalExchangeManagerProperties }} + {{ $configValue }} + {{- end }} +{{- end }} + + log.properties: | + io.trino={{ .Values.server.log.trino.level }} + {{- range $configValue := .Values.additionalLogProperties }} + {{ $configValue }} + {{- end }} + +{{ if .Values.eventListenerProperties }} + event-listener.properties: | + {{- range $configValue := .Values.eventListenerProperties }} + {{ $configValue }} + {{- end }} +{{ end }} + +{{- range $fileName, $fileContent := .Values.worker.additionalConfigFiles }} + {{ $fileName }}: | + {{- tpl $fileContent $ | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-schemas-volume-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml new file mode 100644 index 00000000..41eb8c4e --- /dev/null +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -0,0 +1,267 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.coordinator.deployment.annotations | nindent 4 }} +spec: + progressDeadlineSeconds: {{ .Values.coordinator.deployment.progressDeadlineSeconds }} + revisionHistoryLimit: {{ .Values.coordinator.deployment.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.coordinator.deployment.strategy | nindent 4 }} + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: coordinator + template: + metadata: + annotations: + {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} + {{- end }} + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} + {{- end }} + checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }} + {{- if .Values.coordinator.annotations }} + {{- tpl (toYaml .Values.coordinator.annotations) . | nindent 8 }} + {{- end }} + + labels: + {{- include "trino.labels" . | nindent 8 }} + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace.coordinator }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "trino.coordinator" . }} + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + {{- end }} + - name: schemas-volume + configMap: + name: {{ template "trino.fullname" . }}-schemas-volume-coordinator + {{- if eq .Values.accessControl.type "configmap" }} + - name: access-control-volume + configMap: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + {{- end }} + {{- if eq .Values.resourceGroups.type "configmap" }} + - name: resource-groups-volume + configMap: + name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator + {{- end }} + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - name: file-password-authentication-volume + secret: + secretName: {{ template "trino.passwordSecretName" . }} + items: + - key: password.db + path: password.db + {{- end }} + {{- if or .Values.auth.groups .Values.auth.groupsAuthSecret }} + - name: file-groups-authentication-volume + secret: + secretName: {{ template "trino.groupsSecretName" . }} + items: + - key: group.db + path: group.db + {{- end }} + {{- if $coordinatorJmx.exporter.enabled }} + - name: jmx-exporter-config-volume + configMap: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.coordinator.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- with .Values.coordinator.additionalVolumes }} + {{- tpl (. | toYaml) $ | nindent 8 }} + {{- end }} + {{- if .Values.initContainers.coordinator }} + initContainers: + {{- tpl (toYaml .Values.initContainers.coordinator) . | nindent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.coordinator.terminationGracePeriodSeconds }} + containers: + - name: {{ .Chart.Name }}-coordinator + image: {{ include "trino.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + env: + {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- tpl (toYaml .Values.envFrom) . | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume + {{- end }} + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- if eq .Values.accessControl.type "configmap" }} + - mountPath: {{ .Values.server.config.path }}/access-control + name: access-control-volume + {{- end }} + {{- if eq .Values.resourceGroups.type "configmap" }} + - mountPath: {{ .Values.server.config.path }}/resource-groups + name: resource-groups-volume + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.coordinator.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - mountPath: {{ .Values.server.config.path }}/auth/password + name: file-password-authentication-volume + {{- end }} + {{- if or .Values.auth.groups .Values.auth.groupsAuthSecret }} + - mountPath: {{ .Values.server.config.path }}/auth/group + name: file-groups-authentication-volume + {{- end }} + {{- with .Values.coordinator.additionalVolumeMounts }} + {{- . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + {{- if $coordinatorJmx.enabled }} + - name: jmx-registry + containerPort: {{ $coordinatorJmx.registryPort }} + protocol: TCP + - name: jmx-server + containerPort: {{ $coordinatorJmx.serverPort }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.coordinator.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.coordinator.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.livenessProbe.successThreshold | default 1 }} + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: {{ .Values.coordinator.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.coordinator.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.readinessProbe.successThreshold | default 1 }} + lifecycle: + {{- toYaml .Values.coordinator.lifecycle | nindent 12 }} + resources: + {{- toYaml .Values.coordinator.resources | nindent 12 }} + {{- if $coordinatorJmx.exporter.enabled }} + - name: jmx-exporter + image: {{ $coordinatorJmx.exporter.image }} + imagePullPolicy: {{ $coordinatorJmx.exporter.pullPolicy }} + securityContext: + {{- toYaml $coordinatorJmx.exporter.securityContext | nindent 12 }} + args: + - "{{ $coordinatorJmx.exporter.port }}" + - /etc/jmx-exporter/jmx-exporter-config.yaml + volumeMounts: + - mountPath: /etc/jmx-exporter/ + name: jmx-exporter-config-volume + resources: + {{- toYaml $coordinatorJmx.exporter.resources | nindent 12 }} + ports: + - name: jmx-exporter + containerPort: {{ $coordinatorJmx.exporter.port }} + protocol: TCP + {{- end }} + {{- if .Values.sidecarContainers.coordinator }} + {{- toYaml .Values.sidecarContainers.coordinator | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml new file mode 100644 index 00000000..9b088755 --- /dev/null +++ b/charts/trino/templates/deployment-worker.yaml @@ -0,0 +1,259 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if or .Values.server.keda.enabled (gt (int .Values.server.workers) 0) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.worker.deployment.annotations | nindent 4 }} +spec: + progressDeadlineSeconds: {{ .Values.worker.deployment.progressDeadlineSeconds }} + revisionHistoryLimit: {{ .Values.worker.deployment.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.worker.deployment.strategy | nindent 4 }} + {{- if and (not .Values.server.autoscaling.enabled) (not .Values.server.keda.enabled) }} + replicas: {{ .Values.server.workers }} + {{- end }} + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + template: + metadata: + annotations: + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} + {{- end }} + checksum/worker-config: {{ include (print $.Template.BasePath "/configmap-worker.yaml") . | sha256sum }} + {{- if .Values.worker.gracefulShutdown.enabled }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-worker.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.worker.annotations }} + {{- tpl (toYaml .Values.worker.annotations) . | nindent 8 }} + {{- end }} + labels: + {{- include "trino.labels" . | nindent 8 }} + app.kubernetes.io/component: worker + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace.worker }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "trino.worker" . }} + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + {{- end }} + - name: schemas-volume + configMap: + name: {{ template "trino.fullname" . }}-schemas-volume-worker + {{- if $workerJmx.exporter.enabled }} + - name: jmx-exporter-config-volume + configMap: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + - name: access-control-volume + configMap: + name: {{ template "trino.fullname" . }}-access-control-volume-worker + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.worker.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- with .Values.worker.additionalVolumes }} + {{- tpl (. | toYaml) $ | nindent 8 }} + {{- end }} + {{- if .Values.initContainers.worker }} + initContainers: + {{- tpl (toYaml .Values.initContainers.worker) . | nindent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if and .Values.worker.gracefulShutdown.enabled (gt (mulf 2.0 .Values.worker.gracefulShutdown.gracePeriodSeconds) .Values.worker.terminationGracePeriodSeconds) }} + {{- fail "The user must set the `worker.terminationGracePeriodSeconds` to a value of at least two times the configured `gracePeriodSeconds`." }} + {{- else }} + terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-worker + image: {{ include "trino.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + env: + {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- tpl (toYaml .Values.envFrom) . | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume + {{- end }} + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- if .Values.worker.gracefulShutdown.enabled }} + - mountPath: {{ .Values.server.config.path }}/access-control + name: access-control-volume + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.worker.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- with .Values.worker.additionalVolumeMounts }} + {{- . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + {{- if $workerJmx.enabled }} + - name: jmx-registry + containerPort: {{ $workerJmx.registryPort }} + protocol: TCP + - name: jmx-server + containerPort: {{ $workerJmx.serverPort }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.worker.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.worker.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.livenessProbe.successThreshold | default 1 }} + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.readinessProbe.successThreshold | default 1 }} + lifecycle: + {{- if .Values.worker.lifecycle }} + {{- if .Values.worker.gracefulShutdown.enabled }} + {{- fail "The `worker.lifecycle` configuration conflicts with `worker.gracefulShutdown`. Either disable `worker.gracefulShutdown` and apply the related configurations manually, or remove `worker.lifecycle`." }} + {{- end }} + {{- toYaml .Values.worker.lifecycle | nindent 12 }} + {{- else if .Values.worker.gracefulShutdown.enabled }} + preStop: + exec: + command: + - /bin/sh + - -c + - >- + curl -v -X PUT + -d '"SHUTTING_DOWN"' + -H 'Content-type: application/json' + -H 'X-Trino-User: admin' + http://localhost:{{- .Values.service.port -}}/v1/info/state + {{- end }} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + {{- if $workerJmx.exporter.enabled }} + - name: jmx-exporter + image: {{ $workerJmx.exporter.image }} + imagePullPolicy: {{ $workerJmx.exporter.pullPolicy }} + securityContext: + {{- toYaml $workerJmx.exporter.securityContext | nindent 12 }} + args: + - "{{ $workerJmx.exporter.port }}" + - /etc/jmx-exporter/jmx-exporter-config.yaml + volumeMounts: + - mountPath: /etc/jmx-exporter/ + name: jmx-exporter-config-volume + resources: + {{- toYaml $workerJmx.exporter.resources | nindent 12 }} + ports: + - name: jmx-exporter + containerPort: {{ $workerJmx.exporter.port }} + protocol: TCP + {{- end }} + {{- if .Values.sidecarContainers.worker }} + {{- toYaml .Values.sidecarContainers.worker | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/ingress.yaml b/charts/trino/templates/ingress.yaml new file mode 100644 index 00000000..1da324c3 --- /dev/null +++ b/charts/trino/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "trino.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/keda-scaledobject.yaml b/charts/trino/templates/keda-scaledobject.yaml new file mode 100644 index 00000000..4f1df9f9 --- /dev/null +++ b/charts/trino/templates/keda-scaledobject.yaml @@ -0,0 +1,40 @@ +{{- if .Values.server.keda.enabled }} +{{- if .Values.server.autoscaling.enabled }} +{{- fail "The worker Kubernetes Event-driven Autoscaling configuration (`server.keda`) conflicts with the worker Horizontal Pod Autoscaling (`server.autoscaling`). They cannot be both enabled at the same time!" }} +{{- end }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- with .Values.server.keda.annotations }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "trino.worker" . }} + pollingInterval: {{ .Values.server.keda.pollingInterval }} + cooldownPeriod: {{ .Values.server.keda.cooldownPeriod }} + initialCooldownPeriod: {{ .Values.server.keda.initialCooldownPeriod }} + minReplicaCount: {{ .Values.server.keda.minReplicaCount }} + maxReplicaCount: {{ .Values.server.keda.maxReplicaCount }} + {{- with .Values.server.keda.fallback }} + fallback: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.keda.advanced }} + advanced: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.keda.triggers }} + triggers: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- else }} + {{- fail "At least one element in `.Values.server.keda.triggers` is required!" }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/networkpolicy.yaml b/charts/trino/templates/networkpolicy.yaml new file mode 100644 index 00000000..592c8823 --- /dev/null +++ b/charts/trino/templates/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.networkPolicy.enabled }} +{{- if eq "NodePort" .Values.service.type}} +{{- fail "NetworkPolicy enforcement is not supported with NodePort services, as traffic reaches the Pod through the node itself, bypassing pod-level network controls." }} +{{- end }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: network-policy +spec: + podSelector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + trino.io/network-policy-protection: enabled + policyTypes: + - Ingress + {{- with .Values.networkPolicy.egress }} + - Egress + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 14 }} + trino.io/network-policy-protection: enabled + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- with .Values.networkPolicy.ingress }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml new file mode 100644 index 00000000..97b62ab7 --- /dev/null +++ b/charts/trino/templates/secret.yaml @@ -0,0 +1,55 @@ +{{- if and (not .Values.auth.passwordAuthSecret) .Values.auth.passwordAuth }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "trino.passwordSecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +data: +{{- if .Values.auth.passwordAuth }} + password.db: {{ .Values.auth.passwordAuth | b64enc }} +{{- end }} +{{- end }} +--- +{{- if and (not .Values.auth.groupsAuthSecret) .Values.auth.groups }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "trino.groupsSecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +data: +{{- if .Values.auth.groups}} + group.db: {{ .Values.auth.groups | b64enc }} +{{- end }} +{{- end }} +--- +{{- if .Values.catalogsSecrets }} +{{- range .Values.catalogsSecrets }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .name }}" +data: +{{- range $key, $val := .value }} + {{ $key }}: {{ $val | b64enc | nindent 4 }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} +--- +{{- if .Values.ldapSecrets }} +{{- range .Values.ldapSecrets }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .name }}" +data: +{{- range $key, $val := .value }} + {{ $key }}: {{ $val | b64enc | nindent 4 }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} diff --git a/charts/trino/templates/service-coordinator.yaml b/charts/trino/templates/service-coordinator.yaml new file mode 100644 index 00000000..b028047a --- /dev/null +++ b/charts/trino/templates/service-coordinator.yaml @@ -0,0 +1,42 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- if $coordinatorJmx.exporter.enabled }} + - port: {{ $coordinatorJmx.exporter.port }} + targetPort: jmx-exporter + protocol: TCP + name: jmx-exporter + {{- if $coordinatorJmx.exporter.nodePort }} + nodePort: {{ $coordinatorJmx.exporter.nodePort }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - port: {{ $value.servicePort }} + name: {{ $value.name }} + targetPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- if $value.nodePort }} + nodePort: {{ $value.nodePort }} + {{- end }} + {{- end }} + selector: + {{- include "trino.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: coordinator diff --git a/charts/trino/templates/service-worker.yaml b/charts/trino/templates/service-worker.yaml new file mode 100644 index 00000000..97fec58c --- /dev/null +++ b/charts/trino/templates/service-worker.yaml @@ -0,0 +1,27 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + clusterIP: None + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if $workerJmx.exporter.enabled }} + - port: {{$workerJmx.exporter.port }} + targetPort: jmx-exporter + protocol: TCP + name: jmx-exporter + {{- end }} + selector: + {{- include "trino.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: worker diff --git a/charts/trino/templates/serviceaccount.yaml b/charts/trino/templates/serviceaccount.yaml new file mode 100644 index 00000000..a61c0724 --- /dev/null +++ b/charts/trino/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trino.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/servicemonitor-coordinator.yaml b/charts/trino/templates/servicemonitor-coordinator.yaml new file mode 100644 index 00000000..7e6ba1ed --- /dev/null +++ b/charts/trino/templates/servicemonitor-coordinator.yaml @@ -0,0 +1,24 @@ +{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if $coordinatorServiceMonitor.enabled -}} +apiVersion: {{ $coordinatorServiceMonitor.apiVersion }} +kind: ServiceMonitor +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if $coordinatorServiceMonitor.labels }} + {{- toYaml $coordinatorServiceMonitor.labels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: coordinator + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: jmx-exporter + interval: {{ $coordinatorServiceMonitor.interval }} +{{- end }} diff --git a/charts/trino/templates/servicemonitor-worker.yaml b/charts/trino/templates/servicemonitor-worker.yaml new file mode 100644 index 00000000..7e3c3c51 --- /dev/null +++ b/charts/trino/templates/servicemonitor-worker.yaml @@ -0,0 +1,24 @@ +{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if $workerServiceMonitor.enabled }} +apiVersion: {{ $workerServiceMonitor.apiVersion }} +kind: ServiceMonitor +metadata: + name: {{ template "trino.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if $workerServiceMonitor.labels }} + {{- toYaml $workerServiceMonitor.labels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: jmx-exporter + interval: {{ $workerServiceMonitor.interval }} +{{- end }} diff --git a/charts/trino/templates/tests/test-connection.yaml b/charts/trino/templates/tests/test-connection.yaml new file mode 100644 index 00000000..5749c1ea --- /dev/null +++ b/charts/trino/templates/tests/test-connection.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-connection + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + {{- if eq .Values.resourceGroups.type "properties" }} + initContainers: + - name: postgresql-client + image: bitnami/postgresql:17.1.0 + command: + - /bin/sh + - -c + - | + echo "Inserting resource groups data"; + PGUSER=trino PGPASSWORD=pass0000 psql -h trino-resource-groups-db-postgresql.postgresql.svc.cluster.local resource_groups <- + kubectl get pods + --selector="app.kubernetes.io/name={{ include "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=worker" + --output=jsonpath="{.items[0].metadata.name}" + --namespace={{ .Release.Namespace }} + > /pods/worker-pod.txt + volumeMounts: + - mountPath: /pods + name: worker-pod + containers: + - name: check-logs + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + WORKER_POD=$(cat /pods/worker-pod.txt) && + kubectl logs ${WORKER_POD} + --follow + --container=trino-worker + --namespace={{ .Release.Namespace }} + | grep --max-count=1 "Shutdown requested" + volumeMounts: + - mountPath: /pods + name: worker-pod + - name: trigger-graceful-shutdown + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + sleep 5 && + WORKER_POD=$(cat /pods/worker-pod.txt) && + kubectl delete pod + ${WORKER_POD} + --namespace={{ .Release.Namespace }} + volumeMounts: + - mountPath: /pods + name: worker-pod + restartPolicy: Never + volumes: + - name: worker-pod + emptyDir: {} + +{{- end }} diff --git a/charts/trino/templates/tests/test-jmx.yaml b/charts/trino/templates/tests/test-jmx.yaml new file mode 100644 index 00000000..a968cc8f --- /dev/null +++ b/charts/trino/templates/tests/test-jmx.yaml @@ -0,0 +1,99 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if or $coordinatorJmx.exporter.enabled $coordinatorServiceMonitor.enabled $workerJmx.exporter.enabled $workerServiceMonitor.enabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-jmx + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: jmx + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + containers: + {{- if $coordinatorJmx.exporter.enabled }} + - name: trino-jmx-coordinator + image: {{ include "trino.image" . }} + command: ["/bin/bash", "-c"] + args: + - curl -s {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ $coordinatorJmx.exporter.port }}/metrics | grep -q trino + {{- end }} + {{- if $workerJmx.exporter.port }} + - name: trino-jmx-worker + image: {{ include "trino.image" . }} + command: ["/bin/bash", "-c"] + args: + - curl -s {{ include "trino.fullname" . }}-worker.{{ .Release.Namespace }}:{{ $workerJmx.exporter.port }}/metrics | grep -q trino + {{- end }} + {{- if $coordinatorServiceMonitor.enabled }} + - name: service-monitor-coordinator + image: python:3-slim + command: [ "python", "/tests/test.py" ] + args: ["{{ include "trino.fullname" . }}"] + volumeMounts: + - name: tests + mountPath: /tests + {{- end }} + {{- if $workerServiceMonitor.enabled }} + - name: service-monitor-worker + image: python:3-slim + command: ["python", "/tests/test.py"] + args: ["{{ include "trino.fullname" . }}-worker"] + volumeMounts: + - name: tests + mountPath: /tests + {{- end }} + volumes: + - name: tests + configMap: + name: {{ include "trino.fullname" . }}-test-jmx + restartPolicy: Never +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "trino.fullname" . }}-test-jmx + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: jmx + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +data: + test.py: | + from urllib.request import urlopen + from urllib.error import URLError, HTTPError + import json + import logging + import sys + import time + + logger = logging.getLogger(__name__) + target_service = sys.argv[1] + url = f"http://prometheus-operator-kube-p-prometheus:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{target_service}/0&state=active" + while True: + try: + with urlopen(url) as response: + data = json.load(response) + except (URLError, HTTPError) as e: + logger.warning("Error fetching targets, Prometheus service might not be ready: ", e) + time.sleep(2) # Retry after 2 seconds + continue + + try: + service_name = data["data"]["activeTargets"][0]["discoveredLabels"]["__meta_kubernetes_service_name"] + except (KeyError, IndexError) as e: + logger.warning("Invalid Prometheus response: ", e) + time.sleep(2) # Retry after 2 seconds + continue + + if service_name == target_service: + logger.info(f"Found expected service '{service_name}' in Prometheus targets!") + break +{{- end }} diff --git a/charts/trino/templates/tests/test-networkpolicy.yaml b/charts/trino/templates/tests/test-networkpolicy.yaml new file mode 100644 index 00000000..2d7455fd --- /dev/null +++ b/charts/trino/templates/tests/test-networkpolicy.yaml @@ -0,0 +1,28 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-networkpolicy + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: network-policy + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + containers: + - name: check-connection + image: {{ include "trino.image" . }} + command: [ "/bin/bash", "-c" ] + args: + - >- + curl + {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} + --head + --fail + --connect-timeout 10 + --max-time 10 + 2>&1 | grep -q "timed out" + restartPolicy: Never +{{- end }} diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml new file mode 100644 index 00000000..3d52191c --- /dev/null +++ b/charts/trino/values.yaml @@ -0,0 +1,1167 @@ +# Default values for trino. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Override resource names to avoid name conflicts when deploying multiple +# releases in the same namespace. +# @raw +# Example: +# ```yaml +# coordinatorNameOverride: trino-coordinator-adhoc +# workerNameOverride: trino-worker-adhoc +# nameOverride: trino-adhoc +# ``` +nameOverride: +coordinatorNameOverride: +workerNameOverride: + +image: + # -- Image registry, defaults to empty, which results in DockerHub usage + registry: "" + # -- Repository location of the Trino image, typically `organization/imagename` + repository: trinodb/trino + # -- Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml + tag: "" + # -- Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. + digest: "" + # -- When true, only the content in `repository` is used as image reference + useRepositoryAsSoleImageReference: false + pullPolicy: IfNotPresent + +# -- An optional list of references to secrets in the same namespace to use for pulling images. +# @raw +# Example: +# ```yaml +# imagePullSecrets: +# - name: registry-credentials +# ``` +imagePullSecrets: [] + +server: + workers: 2 + node: + environment: production + dataDir: /data/trino + pluginDir: /usr/lib/trino/plugin + log: + trino: + level: INFO + config: + path: /etc/trino + https: + enabled: false + port: 8443 + keystore: + path: "" + # -- Trino supports multiple [authentication + # types](https://trino.io/docs/current/security/authentication-types.html): + # PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. + authenticationType: "" + query: + maxMemory: "4GB" + exchangeManager: {} + # server.exchangeManager -- Mandatory [exchange manager + # configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). + # Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. + # To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. + # Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. + # @raw + # Example: + # ```yaml + # server: + # exchangeManager: + # name: "filesystem" + # baseDir: + # - "/tmp/trino-local-file-system-exchange-manager" + # additionalConfigProperties: + # - retry-policy=TASK + # additionalExchangeManagerProperties: + # - exchange.sink-buffer-pool-min-size=10 + # - exchange.sink-buffers-per-partition=2 + # - exchange.source-concurrent-readers=4 + # ``` + + workerExtraConfig: "" + coordinatorExtraConfig: "" + # server.autoscaling -- Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) + # for workers (`server.keda.enabled` must be `false`). + autoscaling: + enabled: false + maxReplicas: 5 + # -- Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, + # set to an empty string. + targetCPUUtilizationPercentage: 50 + # -- Target average memory utilization, represented as a percentage of requested memory. To disable scaling + # based on memory, set to an empty string. + targetMemoryUtilizationPercentage: 80 + behavior: {} + # server.autoscaling.behavior -- Configuration for scaling up and down. + # @raw + # Example: + # ```yaml + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # scaleUp: + # stabilizationWindowSeconds: 0 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # - type: Pods + # value: 4 + # periodSeconds: 15 + # selectPolicy: Max + # ``` + + # server.keda -- Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers + # (`server.autoscaling.enabled` must be `false`). + keda: + enabled: false + pollingInterval: 30 + # -- Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 + cooldownPeriod: 300 + # -- The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. + initialCooldownPeriod: 0 + # -- Minimum number of replicas KEDA will scale the resource down to. + # By default, it’s scale to zero, but you can use it with some other value as well. + minReplicaCount: 0 + # -- This setting is passed to the HPA definition that KEDA will create for a given resource and + # holds the maximum number of replicas of the target resource. + maxReplicaCount: 5 + fallback: {} + # server.keda.fallback -- Defines a number of replicas to fall back to if a scaler is in an error state. + # @raw + # Example: + # ```yaml + # fallback: # Optional. Section to specify fallback options + # failureThreshold: 3 # Mandatory if fallback section is included + # replicas: 6 # Mandatory if fallback section is included + # ``` + advanced: {} + # server.keda.advanced -- Specifies HPA related options + # @raw + # Example: + # ```yaml + # advanced: + # horizontalPodAutoscalerConfig: + # behavior: + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # ``` + triggers: [] + # server.keda.triggers -- List of triggers to activate scaling of the target resource + # @raw + # Example: + # ```yaml + # triggers: + # - type: prometheus + # metricType: Value + # metadata: + # serverAddress: "http://prometheus.example.com" + # threshold: "1" + # metricName: required_workers + # query: >- + # sum by (service) + # (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + # ``` + annotations: {} + # server.keda.annotations -- Annotations to apply to the ScaledObject CRD. + # @raw + # Example: + # ```yaml + # annotations: + # autoscaling.keda.sh/paused-replicas: "0" + # autoscaling.keda.sh/paused: "true" + # ``` + +accessControl: {} +# accessControl -- [System access +# control](https://trino.io/docs/current/security/built-in-system-access-control.html) +# configuration. +# @raw +# Set the type property to either: +# * `configmap`, and provide the rule file contents in `rules`, +# * `properties`, and provide configuration properties in `properties`. +# Properties example: +# ```yaml +# type: properties +# properties: | +# access-control.name=custom-access-control +# access-control.custom_key=custom_value +# ``` +# Config map example: +# ```yaml +# type: configmap +# refreshPeriod: 60s +# # Rules file is mounted to /etc/trino/access-control +# configFile: "rules.json" +# rules: +# rules.json: |- +# { +# "catalogs": [ +# { +# "user": "admin", +# "catalog": "(mysql|system)", +# "allow": "all" +# }, +# { +# "group": "finance|human_resources", +# "catalog": "postgres", +# "allow": true +# }, +# { +# "catalog": "hive", +# "allow": "all" +# }, +# { +# "user": "alice", +# "catalog": "postgresql", +# "allow": "read-only" +# }, +# { +# "catalog": "system", +# "allow": "none" +# } +# ], +# "schemas": [ +# { +# "user": "admin", +# "schema": ".*", +# "owner": true +# }, +# { +# "user": "guest", +# "owner": false +# }, +# { +# "catalog": "default", +# "schema": "default", +# "owner": true +# } +# ] +# } +# ``` + +resourceGroups: {} +# resourceGroups -- [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) +# @raw +# Set the type property to either: +# * `configmap`, and provide the Resource groups file contents in `resourceGroupsConfig`, +# * `properties`, and provide configuration properties in `properties`. +# Properties example: +# ```yaml +# type: properties +# properties: | +# resource-groups.configuration-manager=db +# resource-groups.config-db-url=jdbc:postgresql://trino-postgresql.postgresql.svc.cluster.local:3306/resource_groups +# resource-groups.config-db-user=username +# resource-groups.config-db-password=password +# ``` +# Config map example: +# ```yaml +# type: configmap +# # Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json +# resourceGroupsConfig: |- +# { +# "rootGroups": [ +# { +# "name": "global", +# "softMemoryLimit": "80%", +# "hardConcurrencyLimit": 100, +# "maxQueued": 100, +# "schedulingPolicy": "fair", +# "jmxExport": true, +# "subGroups": [ +# { +# "name": "admin", +# "softMemoryLimit": "30%", +# "hardConcurrencyLimit": 20, +# "maxQueued": 10 +# }, +# { +# "name": "finance_human_resources", +# "softMemoryLimit": "20%", +# "hardConcurrencyLimit": 15, +# "maxQueued": 10 +# }, +# { +# "name": "general", +# "softMemoryLimit": "30%", +# "hardConcurrencyLimit": 20, +# "maxQueued": 10 +# }, +# { +# "name": "readonly", +# "softMemoryLimit": "10%", +# "hardConcurrencyLimit": 5, +# "maxQueued": 5 +# } +# ] +# } +# ], +# "selectors": [ +# { +# "user": "admin", +# "group": "global.admin" +# }, +# { +# "group": "finance|human_resources", +# "group": "global.finance_human_resources" +# }, +# { +# "user": "alice", +# "group": "global.readonly" +# }, +# { +# "group": "global.general" +# } +# ] +# } +# ``` + +additionalNodeProperties: [] +# additionalNodeProperties -- [Additional node +# properties](https://trino.io/docs/current/installation/deployment.html#log-levels). +# @raw +# Example, assuming the NODE_ID environment variable has been set: +# ```yaml +# - node.id=${NODE_ID} +# ``` + +additionalConfigProperties: [] +# additionalConfigProperties -- [Additional config +# properties](https://trino.io/docs/current/admin/properties.html). +# @raw +# Example: +# ```yaml +# - internal-communication.shared-secret=random-value-999 +# - http-server.process-forwarded=true +# ``` + +additionalLogProperties: [] +# additionalLogProperties -- [Additional log +# properties](https://trino.io/docs/current/installation/deployment.html#log-levels). +# @raw +# Example: +# ```yaml +# - io.airlift=DEBUG +# ``` + +additionalExchangeManagerProperties: [] +# additionalExchangeManagerProperties -- [Exchange manager +# properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). +# @raw +# Example: +# ```yaml +# - exchange.s3.region=object-store-region +# - exchange.s3.endpoint=your-object-store-endpoint +# - exchange.s3.aws-access-key=your-access-key +# - exchange.s3.aws-secret-key=your-secret-key +# ``` + +eventListenerProperties: [] +# eventListenerProperties -- [Event +# listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) +# properties. To configure multiple event listeners, add them in +# `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and +# set the `event-listener.config-files` property in +# `additionalConfigProperties` to their locations. +# @raw +# Example: +# ```yaml +# - event-listener.name=custom-event-listener +# - custom-property1=custom-value1 +# - custom-property2=custom-value2 +# ``` + +catalogs: + tpch: | + connector.name=tpch + tpch.splits-per-node=4 + tpcds: | + connector.name=tpcds + tpcds.splits-per-node=4 +# catalogs -- Configure +# [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +# @raw +# Example: +# ```yaml +# objectstore: | +# connector.name=iceberg +# iceberg.catalog.type=glue +# jmx: | +# connector.name=memory +# memory: | +# connector.name=memory +# memory.max-data-per-node=128MB +# ``` + +additionalCatalogs: {} +# additionalCatalogs -- Deprecated, use `catalogs` instead. Configure additional +# [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + +env: [] +# env -- additional environment variables added to every pod, specified as a list with explicit values +# @raw +# Example: +# ```yaml +# - name: NAME +# value: "value" +# ``` + +envFrom: [] +# envFrom -- additional environment variables added to every pod, specified as a list of either `ConfigMap` +# or `Secret` references +# @raw +# Example: +# ```yaml +# - secretRef: +# name: extra-secret +# ``` + +initContainers: {} +# initContainers -- Additional [containers that run to +# completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) +# during pod initialization. +# @raw +# Example: +# ```yaml +# coordinator: +# - name: init-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] +# worker: +# - name: init-worker +# image: busybox:1.28 +# command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] +# ``` + +sidecarContainers: {} +# sidecarContainers -- Additional [containers that starts +# before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) +# the Trino container and continues to run. +# @raw +# Example: +# ```yaml +# coordinator: +# - name: side-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# worker: +# - name: side-worker +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# ``` + +# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. +# To remove the default, set it to null (or `~`). +securityContext: + runAsUser: 1000 + runAsGroup: 1000 + +# -- [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +containerSecurityContext: + # -- Control whether a process can gain more privileges than its parent process. + allowPrivilegeEscalation: false + capabilities: + # -- A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in + # [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove + # the "CAP_" prefix which the kernel attaches to the names of permissions. + drop: + - ALL + +shareProcessNamespace: + coordinator: false + worker: false + +service: + annotations: {} + type: ClusterIP + port: 8080 + # service.nodePort -- The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will + # [allocate a port + # automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). + nodePort: "" + +auth: {} +# auth -- Available authentication methods. +# @raw +# Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): +# ```yaml +# passwordAuth: "username:encrypted-password-with-htpasswd" +# ``` +# Set the name of a secret containing this file in the password.db key +# ```yaml +# passwordAuthSecret: "trino-password-authentication" +# ``` +# Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): +# ```yaml +# refreshPeriod: 5s +# groups: "group_name:user_1,user_2,user_3" +# ``` +# Set the name of a secret containing this file in the group.db key +# ```yaml +# groupAuthSecret: "trino-group-authentication" +# ``` + +serviceAccount: + # -- Specifies whether a service account should be created + create: false + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # -- Annotations to add to the service account + annotations: {} + +configMounts: [] +# configMounts -- Allows mounting additional Trino configuration files from +# Kubernetes config maps on all nodes. +# @raw +# Example: +# ```yaml +# - name: sample-config-mount +# configMap: sample-config-map +# path: /config-map/sample.json +# subPath: sample.json +# ``` + +secretMounts: [] +# secretMounts -- Allows mounting additional Trino configuration files from +# Kubernetes secrets on all nodes. +# @raw +# Example: +# ```yaml +# - name: sample-secret +# secretName: sample-secret +# path: /secrets/sample.json +# subPath: sample.json +# - name: catalogs +# secretName: catalogs +# path: /etc/trino/catalog +# - name: ldap +# secretName: ldap +# path: /etc/trino/ldap +# ``` + +coordinator: + deployment: + annotations: {} + progressDeadlineSeconds: 600 + # coordinator.deployment.progressDeadlineSeconds -- The maximum time in seconds for a deployment to make progress before it + # is considered failed. The deployment controller continues to + # process failed deployments and a condition with a ProgressDeadlineExceeded + # reason is surfaced in the deployment status. + + revisionHistoryLimit: 10 + # coordinator.deployment.revisionHistoryLimit -- The number of old ReplicaSets to retain to allow rollback. + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + # coordinator.deployment.strategy -- The deployment strategy to use to replace existing pods with new ones. + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + + config: + memory: + heapHeadroomPerNode: "" + nodeScheduler: + includeCoordinator: false + # coordinator.config.nodeScheduler.includeCoordinator -- Allows scheduling work on the coordinator so that a + # single machine can function as both coordinator and worker. For large clusters, processing work on the + # coordinator can negatively impact query performance because the machine's resources are not available for the + # critical coordinator tasks of scheduling, managing, and monitoring query execution. + query: + maxMemoryPerNode: "1GB" + + additionalJVMConfig: [] + + additionalExposedPorts: {} + # coordinator.additionalExposedPorts -- Additional ports configured in the coordinator container and the service. + # @raw + # Example: + # ```yaml + # https: + # servicePort: 8443 + # name: https + # port: 8443 + # nodePort: 30443 + # protocol: TCP + # ``` + + resources: {} + # coordinator.resources -- It is recommended not to specify default resources + # and to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + + livenessProbe: {} + # coordinator.livenessProbe -- [Liveness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # options + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + readinessProbe: {} + # coordinator.readinessProbe -- [Readiness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + + lifecycle: {} + # coordinator.lifecycle -- Coordinator container [lifecycle + # events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + # @raw + # Example: + # ```yaml + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 120"] + # ``` + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + # coordinator.additionalConfigFiles -- Additional config files placed in the default configuration directory. + # Supports templating the files' contents with `tpl`. + # @raw + # Example: + # ```yaml + # secret.txt: | + # secret-value={{- .Values.someValue }} + # ``` + + additionalVolumes: [] + # coordinator.additionalVolumes -- One or more additional volumes to add to the coordinator. + # @raw + # Example: + # ```yaml + # - name: extras + # emptyDir: {} + # ``` + + additionalVolumeMounts: [] + # coordinator.additionalVolumeMounts -- One or more additional volume mounts to add to the coordinator. + # @raw + # Example: + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + + annotations: {} + + labels: {} + + configMounts: [] + # coordinator.configMounts -- Allows mounting additional Trino configuration + # files from Kubernetes config maps on the coordinator node. + # @raw + # Example: + # ```yaml + # - name: sample-config-mount + # configMap: sample-config-mount + # path: /config-mount/sample.json + # subPath: sample.json + # ``` + + secretMounts: [] + # coordinator.secretMounts -- Allows mounting additional Trino configuration + # files from Kubernetes secrets on the coordinator node. + # @raw + # Example: + # ```yaml + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + # subPath: sample.json + # ``` + +worker: + deployment: + annotations: {} + progressDeadlineSeconds: 600 + # worker.deployment.progressDeadlineSeconds -- The maximum time in seconds for a deployment to make progress before it + # is considered failed. The deployment controller continues to + # process failed deployments and a condition with a ProgressDeadlineExceeded + # reason is surfaced in the deployment status. + + revisionHistoryLimit: 10 + # worker.deployment.revisionHistoryLimit -- The number of old ReplicaSets to retain to allow rollback. + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + # worker.deployment.strategy -- The deployment strategy to use to replace existing pods with new ones. + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + + config: + memory: + heapHeadroomPerNode: "" + query: + maxMemoryPerNode: "1GB" + + additionalJVMConfig: [] + + additionalExposedPorts: {} + # worker.additionalExposedPorts -- Additional container ports configured in all worker pods. + # @raw + # Example: + # ```yaml + # https: + # servicePort: 8443 + # name: https + # port: 8443 + # protocol: TCP + # ``` + + resources: {} + # worker.resources -- It is recommended not to specify default resources and + # to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + + livenessProbe: {} + # worker.livenessProbe -- [Liveness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + readinessProbe: {} + # worker.readinessProbe -- [Readiness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + + lifecycle: {} + # worker.lifecycle -- Worker container [lifecycle + # events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + # + # Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + # + # @raw + # Example: + # ```yaml + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 120"] + # ``` + + gracefulShutdown: + enabled: false + gracePeriodSeconds: 120 + # worker.gracefulShutdown -- Configure [graceful + # shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate + # without affecting running queries, given a sufficient grace period. When enabled, the value of + # `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. + # Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration + # needs to be used, graceful shutdown must be configured manually. + # + # @raw + # Example: + # ```yaml + # gracefulShutdown: + # enabled: true + # gracePeriodSeconds: 120 + # ``` + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + # worker.additionalConfigFiles -- Additional config files placed in the default configuration directory. + # Supports templating the files' contents with `tpl`. + # @raw + # Example: + # ```yaml + # secret.txt: | + # secret-value={{- .Values.someValue }} + # ``` + + additionalVolumes: [] + # worker.additionalVolumes -- One or more additional volume mounts to add to all workers. + # @raw + # Example: + # ```yaml + # - name: extras + # emptyDir: {} + # ``` + + additionalVolumeMounts: [] + # worker.additionalVolumeMounts -- One or more additional volume mounts to add to all workers. + # @raw + # Example: + # ```yaml + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + # ``` + + annotations: {} + + labels: {} + + configMounts: [] + # worker.configMounts -- Allows mounting additional Trino configuration + # files from Kubernetes config maps on all worker nodes. + # @raw + # Example: + # ```yaml + # - name: sample-config-mount + # configMap: sample-config-mount + # path: /config-mount/sample.json + # subPath: sample.json + # ``` + + secretMounts: [] + # worker.secretMounts -- Allows mounting additional Trino configuration + # files from Kubernetes secrets on all worker nodes. + # @raw + # Example: + # ```yaml + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + # subPath: sample.json + # ``` + +kafka: + mountPath: "/etc/trino/schemas" + tableDescriptions: {} + # kafka.tableDescriptions -- Custom kafka table descriptions that will be mounted in mountPath. + # @raw + # Example: + # ```yaml + # testschema.json: |- + # { + # "tableName": "testtable", + # "schemaName": "testschema", + # "topicName": "testtopic", + # "key": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "_key", + # "dataFormat": "VARCHAR", + # "type": "VARCHAR", + # "hidden": "false" + # } + # ] + # }, + # "message": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "id", + # "mapping": "id", + # "type": "BIGINT" + # }, + # { + # "name": "test_field", + # "mapping": "test_field", + # "type": "VARCHAR" + # } + # ] + # } + # } + # ``` + +jmx: + # -- Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). + enabled: false + registryPort: 9080 + serverPort: 9081 + exporter: + # jmx.exporter.enabled -- Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption + enabled: false + image: bitnami/jmx-exporter:1.0.1 + pullPolicy: Always + port: 5556 + configProperties: "" + # jmx.exporter.configProperties -- The string value is templated using `tpl`. The JMX config properties file + # is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + # @raw + # Example: + # ```yaml + # configProperties: |- + # hostPort: localhost:{{- .Values.jmx.registryPort }} + # startDelaySeconds: 0 + # ssl: false + # lowercaseOutputName: false + # lowercaseOutputLabelNames: false + # includeObjectNames: ["java.lang:type=Threading"] + # autoExcludeObjectNameAttributes: true + # excludeObjectNameAttributes: + # "java.lang:type=OperatingSystem": + # - "ObjectName" + # "java.lang:type=Runtime": + # - "ClassPath" + # - "SystemProperties" + # rules: + # - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + # name: java_lang_Threading_ThreadCount + # value: '$2' + # help: 'ThreadCount (java.lang<>ThreadCount)' + # type: UNTYPED + # ``` + securityContext: {} + resources: {} + # jmx.exporter.resources -- It is recommended not to specify default resources + # and to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + coordinator: {} + # jmx.coordinator -- Override JMX configurations for the Trino coordinator. + # @raw + # Example + # ```yaml + # coordinator: + # enabled: true + # exporter: + # enabled: true + # configProperties: |- + # hostPort: localhost:{{- .Values.jmx.registryPort }} + # startDelaySeconds: 0 + # ssl: false + # ``` + worker: {} + # jmx.worker -- Override JMX configurations for the Trino workers. + # @raw + # Example + # ```yaml + # worker: + # enabled: true + # exporter: + # enabled: true + # ``` + +serviceMonitor: + # serviceMonitor.enabled -- Set to true to create resources for the + # [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). + enabled: false + + apiVersion: monitoring.coreos.com/v1 + # serviceMonitor.labels -- Labels for serviceMonitor, so that Prometheus can select it + labels: + prometheus: kube-prometheus + # serviceMonitor.interval -- The serviceMonitor web endpoint interval + interval: "30s" + coordinator: {} + # serviceMonitor.coordinator -- Override ServiceMonitor configurations for the Trino coordinator. + # @raw + # Example + # ```yaml + # coordinator: + # enabled: true + # labels: + # prometheus: my-prometheus + # ``` + worker: {} + # serviceMonitor.worker -- Override ServiceMonitor configurations for the Trino workers. + # @raw + # Example + # ```yaml + # worker: + # enabled: true + # labels: + # prometheus: my-prometheus + # ``` + +# -- Labels that get applied to every resource's metadata +commonLabels: {} + +ingress: + enabled: false + className: "" + annotations: {} + hosts: [] + # ingress.hosts -- [Ingress + # rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + # @raw + # Example: + # ```yaml + # - host: trino.example.com + # paths: + # - path: / + # pathType: ImplementationSpecific + # ``` + tls: [] + # ingress.tls -- Ingress + # [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) + # configuration. + # @raw + # Example: + # ```yaml + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # ``` + +networkPolicy: + # networkPolicy.enabled -- Set to true to enable Trino pod protection with a + # [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). + # By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + # @raw + # > [!NOTE] + # > - NetworkPolicies cannot block the ingress traffic coming directly + # > from the Kubernetes node on which the Pod is running, + # > and are thus incompatible with services of type `NodePort`. + # > - When using NetworkPolicies together with JMX metrics export, + # > additional ingress rules might be required to allow metric scraping. + enabled: false + # networkPolicy.ingress -- Additional ingress rules to apply to the Trino pods. + # @raw + # Example: + # ```yaml + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: prometheus + # - podSelector: + # matchLabels: + # role: backend-app + # ports: + # - protocol: TCP + # port: 8080 + # - protocol: TCP + # port: 5556 + # ``` + ingress: [] + # networkPolicy.egress -- Egress rules to apply to the Trino pods. + # @raw + # Example: + # ```yaml + # - to: + # - podSelector: + # matchLabels: + # role: log-ingestor + # ports: + # - protocol: TCP + # port: 9999 + # ``` + egress: [] + +catalogsSecrets: [] + # - name: catalogs + # value: + # mariadb.properties: | + # connector.name=mariadb + # connection-user= + # connection-url= + # connection-password= + # postgresql.properties: | + # connector.name=postgresql + # connection-user= + # connection-url= + # postgresql.array-mapping= + # connection-password= +ldapSecrets: [] + # - name: ldap + # value: + # ldap.properties: | + # password-authenticator.name=ldap + # ldap.bind-dn=uid= + # ldap.url= + # ldap.bind-password= + # ldap.user-bind-pattern= + # ldap.group-auth-pattern= + # ldap.user-base-dn= diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl deleted file mode 100644 index ea0a1da5..00000000 --- a/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "trino.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "trino.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "trino.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "trino.coordinator" -}} -{{ template "trino.fullname" . }}-coordinator -{{- end -}} - -{{- define "trino.worker" -}} -{{ template "trino.fullname" . }}-worker -{{- end -}} diff --git a/templates/configmap-coordinator.yaml b/templates/configmap-coordinator.yaml deleted file mode 100644 index 92c05bca..00000000 --- a/templates/configmap-coordinator.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "trino.coordinator" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: coordinator -data: - node.properties: | - node.environment={{ .Values.server.node.environment }} - node.data-dir={{ .Values.server.node.dataDir }} - plugin.dir={{ .Values.server.node.pluginDir }} - - jvm.config: | - -server - -Xmx{{ .Values.server.jvm.maxHeapSize }} - -XX:+{{ .Values.server.jvm.gcMethod.type }} - -XX:G1HeapRegionSize={{ .Values.server.jvm.gcMethod.g1.heapRegionSize }} - -XX:+UseGCOverheadLimit - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -Djdk.attach.allowAttachSelf=true - - config.properties: | - coordinator=true -{{- if gt (int .Values.server.workers) 0 }} - node-scheduler.include-coordinator=false -{{- else }} - node-scheduler.include-coordinator=true -{{- end }} - http-server.http.port={{ .Values.service.port }} - query.max-memory={{ .Values.server.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} - discovery-server.enabled=true - discovery.uri=http://localhost:{{ .Values.service.port }} - - log.properties: | - io.trinosql={{ .Values.server.log.trino.level }} - ---- diff --git a/templates/configmap-worker.yaml b/templates/configmap-worker.yaml deleted file mode 100644 index 202e0e97..00000000 --- a/templates/configmap-worker.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if gt (int .Values.server.workers) 0 }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "trino.worker" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: worker -data: - node.properties: | - node.environment={{ .Values.server.node.environment }} - node.data-dir={{ .Values.server.node.dataDir }} - plugin.dir={{ .Values.server.node.pluginDir }} - - jvm.config: | - -server - -Xmx{{ .Values.server.jvm.maxHeapSize }} - -XX:+{{ .Values.server.jvm.gcMethod.type }} - -XX:G1HeapRegionSize={{ .Values.server.jvm.gcMethod.g1.heapRegionSize }} - -XX:+UseGCOverheadLimit - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -Djdk.attach.allowAttachSelf=true - - config.properties: | - coordinator=false - http-server.http.port={{ .Values.service.port }} - query.max-memory={{ .Values.server.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} - discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} - - log.properties: | - io.trinosql={{ .Values.server.log.trino.level }} - -{{- end }} diff --git a/templates/deployment-coordinator.yaml b/templates/deployment-coordinator.yaml deleted file mode 100644 index f35f0e47..00000000 --- a/templates/deployment-coordinator.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "trino.coordinator" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: coordinator -spec: - selector: - matchLabels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: coordinator - template: - metadata: - labels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: coordinator - spec: - {{- with .Values.securityContext }} - securityContext: - runAsUser: {{ .runAsUser }} - runAsGroup: {{ .runAsGroup }} - {{- end }} - volumes: - - name: config-volume - configMap: - name: {{ template "trino.coordinator" . }} - containers: - - name: {{ .Chart.Name }}-coordinator - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.server.config.path }} - name: config-volume - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: /v1/info - port: http - readinessProbe: - httpGet: - path: /v1/info - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/templates/deployment-worker.yaml b/templates/deployment-worker.yaml deleted file mode 100644 index 1ea38e9c..00000000 --- a/templates/deployment-worker.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if gt (int .Values.server.workers) 0 }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "trino.worker" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: worker -spec: - replicas: {{ .Values.server.workers }} - selector: - matchLabels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: worker - template: - metadata: - labels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: worker - spec: - volumes: - - name: config-volume - configMap: - name: {{ template "trino.worker" . }} - containers: - - name: {{ .Chart.Name }}-worker - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.server.config.path }} - name: config-volume - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: /v1/info - port: http - readinessProbe: - httpGet: - path: /v1/info - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml deleted file mode 100644 index bd137ef6..00000000 --- a/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "trino.fullname" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: coordinator diff --git a/tests/gateway/test-https.yaml b/tests/gateway/test-https.yaml new file mode 100644 index 00000000..e59b51bf --- /dev/null +++ b/tests/gateway/test-https.yaml @@ -0,0 +1,31 @@ +command: + - "/bin/sh" + - "-c" + - | + cat /etc/certificates/tls.crt /etc/certificates/tls.key > /etc/scratch/tls.pem && \ + java -XX:MinRAMPercentage=80.0 -XX:MaxRAMPercentage=80.0 -jar /usr/lib/trino/gateway-ha-jar-with-dependencies.jar /etc/gateway/config.yaml + +config: + serverConfig: + http-server.http.enabled: false + http-server.https.enabled: true + http-server.https.port: 8443 + http-server.https.keystore.path: /etc/scratch/tls.pem + +ingress: + enabled: true + +volumes: + - name: certificates + secret: + secretName: certificates + - name: scratch + emptyDir: + sizeLimit: 10Mi + +volumeMounts: + - name: certificates + mountPath: /etc/certificates + readOnly: true + - name: scratch + mountPath: /etc/scratch diff --git a/tests/gateway/test-nodeport.yaml b/tests/gateway/test-nodeport.yaml new file mode 100644 index 00000000..aef9bfea --- /dev/null +++ b/tests/gateway/test-nodeport.yaml @@ -0,0 +1,19 @@ +config: + serverConfig: + http-server.http.enabled: true + http-server.http.port: 8080 + http-server.https.enabled: true + http-server.https.port: 8443 + http-server.https.keystore.path: /etc/scratch/tls.pem + +service: + type: NodePort + ports: + - protocol: TCP + name: request + nodePort: 30443 + - protocol: TCP + name: gateway-http + nodePort: 30080 + port: 8080 + targetPort: 8080 diff --git a/tests/gateway/test-values-with-env.yaml b/tests/gateway/test-values-with-env.yaml new file mode 100644 index 00000000..c58a470a --- /dev/null +++ b/tests/gateway/test-values-with-env.yaml @@ -0,0 +1,37 @@ +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + dataStore: + # The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local:5432/gateway + user: "${ENV:PG_USER}" + password: "${ENV:PG_PASSWORD}" + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +envFrom: + - secretRef: + name: db-credentials + +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi diff --git a/tests/gateway/test-values.yaml b/tests/gateway/test-values.yaml new file mode 100644 index 00000000..d91692bd --- /dev/null +++ b/tests/gateway/test-values.yaml @@ -0,0 +1,36 @@ +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + dataStore: + # The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local:5432/gateway + user: gateway + password: pass0000 + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +ingress: + enabled: true + +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi diff --git a/tests/gateway/test.sh b/tests/gateway/test.sh new file mode 100755 index 00000000..915cf6f2 --- /dev/null +++ b/tests/gateway/test.sh @@ -0,0 +1,140 @@ +#!/usr/bin/env bash + +set -euo pipefail + +declare -A testCases=( + [complete_values]="--values test-values.yaml" + [env_from]="--values test-values-with-env.yaml" + [nodeport]="--values test-values.yaml --values test-https.yaml --values test-nodeport.yaml" + [https]="--values test-values.yaml --values test-https.yaml" +) + +declare -A testCaseCharts=( + [complete_values]="../../charts/gateway" + [env_from]="../../charts/gateway" + [nodeport]="../../charts/gateway" + [https]="../../charts/gateway" +) + +TEST_NAMES=(complete_values env_from nodeport https) + +function join_by { + local d=${1-} f=${2-} + if shift 2; then + printf %s "$f" "${@/#/$d}" + fi +} + +# default to randomly generated namespace, same as chart-testing would do, but we need to load secrets into the same namespace +NAMESPACE=trino-gateway-$(LC_ALL=C tr -dc 'a-z0-9' &2 "Generating a self-signed TLS certificate" +NODE_IP=$(kubectl get nodes -o json -o jsonpath='{.items[0].status.addresses[0].address}') +openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/O=Trino Software Foundation" \ + -addext "subjectAltName=DNS:trino-gateway,DNS:localhost,DNS:*.$NAMESPACE,DNS:*.$NAMESPACE.svc,DNS:*.$NAMESPACE.svc.cluster.local,IP:127.0.0.1,IP:${NODE_IP}" \ + -keyout cert.key -out cert.crt +kubectl -n "$NAMESPACE" create secret tls certificates --cert=cert.crt --key=cert.key --dry-run=client --output yaml | kubectl apply --filename - + +HELM_EXTRA_SET_ARGS= +CT_ARGS=( + --skip-clean-up + --helm-extra-args="--timeout 4m" +) +CLEANUP_NAMESPACE=true + +usage() { + cat <&2 +Usage: $0 [-h] [-n ] [-a ] [-t ] [-s] +Test the Trino chart + +-h Display help +-n Kubernetes namespace, a randomly generated one is used if not provided +-a Extra Helm set args +-t Test names to run, comma separated; defaults to $(join_by , "${TEST_NAMES[@]}") +-s Skip chart cleanup +EOF +} + +while getopts ":a:n:t:sh:" OPTKEY; do + case "${OPTKEY}" in + a) + HELM_EXTRA_SET_ARGS=${OPTARG} + ;; + n) + NAMESPACE=${OPTARG} + ;; + t) + IFS=, read -ra TEST_NAMES <<<"$OPTARG" + ;; + s) + CLEANUP_NAMESPACE=false + ;; + h) + usage + exit 0 + ;; + *) + usage + exit 1 + ;; + esac +done +shift $((OPTIND - 1)) + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" +cd "${SCRIPT_DIR}" || exit 2 + +CT_ARGS+=(--namespace "$NAMESPACE") + +DB_PASSWORD=pass0000 + +DB_INSTALLATION_NAME=gateway-backend-db +helm upgrade --install ${DB_INSTALLATION_NAME} oci://registry-1.docker.io/bitnamicharts/postgresql -n "$DB_NAMESPACE" \ + --create-namespace \ + --version "16.2.1" \ + --set common.resources.preset=micro \ + --set auth.username=gateway \ + --set auth.password=${DB_PASSWORD} \ + --set auth.database=gateway \ + --set primary.persistence.enabled=false +kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgresql --timeout=300s -n "$DB_NAMESPACE" + +kubectl --namespace "$NAMESPACE" create secret generic db-credentials --from-literal=PG_USER='gateway' --from-literal=PG_PASSWORD='pass0000' + +result=0 +for test_name in "${TEST_NAMES[@]}"; do + echo 1>&2 "" + echo 1>&2 "🧪 Running test $test_name" + echo 1>&2 "" + HELM_EXTRA_SET_ARGS="$HELM_EXTRA_SET_ARGS --set=serviceName=trino-gateway-${test_name//_/-}" + if ! time ct install "${CT_ARGS[@]}" --charts="${testCaseCharts[$test_name]}" --helm-extra-set-args "$HELM_EXTRA_SET_ARGS ${testCases[$test_name]}"; then + echo 1>&2 "❌ Test $test_name failed" + echo 1>&2 "Test logs:" + kubectl --namespace "$NAMESPACE" logs --tail=-1 --selector app.kubernetes.io/component=test --all-containers=true --prefix=true + result=1 + else + echo 1>&2 "✅ Test $test_name completed" + fi + if [ "$CLEANUP_NAMESPACE" == "true" ]; then + for release in $(helm --namespace "$NAMESPACE" ls --all --short | grep -v 'prometheus-operator'); do + echo 1>&2 "Cleaning up Helm release $release" + helm --namespace "$NAMESPACE" delete "$release" + done + fi +done + +if [ "$CLEANUP_NAMESPACE" == "true" ]; then + helm -n "$DB_NAMESPACE" uninstall gateway-backend-db --ignore-not-found + kubectl delete namespace "$DB_NAMESPACE" --ignore-not-found + kubectl delete namespace "$NAMESPACE" --ignore-not-found + mapfile -t crds < <(kubectl api-resources --api-group=monitoring.coreos.com --output name) + if [ ${#crds[@]} -ne 0 ]; then + kubectl delete crd "${crds[@]}" + fi +fi +echo Exit code $result +exit $result diff --git a/tests/trino/test-access-control-properties-values.yaml b/tests/trino/test-access-control-properties-values.yaml new file mode 100644 index 00000000..c1ad9156 --- /dev/null +++ b/tests/trino/test-access-control-properties-values.yaml @@ -0,0 +1,7 @@ +# Access Control 'properties' values to test. +# This is a YAML-formatted file. + +accessControl: + type: properties + properties: | + access-control.name=read-only diff --git a/tests/trino/test-exchange-manager-values.yaml b/tests/trino/test-exchange-manager-values.yaml new file mode 100644 index 00000000..87fa13bb --- /dev/null +++ b/tests/trino/test-exchange-manager-values.yaml @@ -0,0 +1,35 @@ +# Exchange Manager values to test. +# This is a YAML-formatted file. + +coordinator: + additionalVolumes: + - name: exchange-volume + persistentVolumeClaim: + claimName: exchange-manager-pvc + + additionalVolumeMounts: + - name: exchange-volume + mountPath: "/tmp/trino-local-file-system-exchange-manager" + +worker: + additionalVolumes: + - name: exchange-volume + persistentVolumeClaim: + claimName: exchange-manager-pvc + + additionalVolumeMounts: + - name: exchange-volume + mountPath: "/tmp/trino-local-file-system-exchange-manager" + +server: + exchangeManager: + name: "filesystem" + baseDir: "/tmp/trino-local-file-system-exchange-manager" + +additionalConfigProperties: + - retry-policy=TASK + +additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 diff --git a/tests/trino/test-graceful-shutdown-values.yaml b/tests/trino/test-graceful-shutdown-values.yaml new file mode 100644 index 00000000..87185484 --- /dev/null +++ b/tests/trino/test-graceful-shutdown-values.yaml @@ -0,0 +1,6 @@ +worker: + gracefulShutdown: + enabled: true + gracePeriodSeconds: 60 + + terminationGracePeriodSeconds: 120 diff --git a/tests/trino/test-resource-groups-properties-values.yaml b/tests/trino/test-resource-groups-properties-values.yaml new file mode 100644 index 00000000..7f6631c1 --- /dev/null +++ b/tests/trino/test-resource-groups-properties-values.yaml @@ -0,0 +1,15 @@ +# Resource Groups 'properties' values to test. +# This is a YAML-formatted file. + +server: + log: + trino: + level: INFO + +resourceGroups: + type: properties + properties: | + resource-groups.configuration-manager=db + resource-groups.config-db-url=jdbc:postgresql://trino-resource-groups-db-postgresql.postgresql.svc.cluster.local:5432/resource_groups + resource-groups.config-db-user=trino + resource-groups.config-db-password=pass0000 diff --git a/tests/trino/test-values.yaml b/tests/trino/test-values.yaml new file mode 100644 index 00000000..cc45edb9 --- /dev/null +++ b/tests/trino/test-values.yaml @@ -0,0 +1,296 @@ +# All custom values belong here during testing. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +server: + workers: 0 + config: + https: + enabled: true + keystore: + path: /etc/trino/generated/tls.pem + authenticationType: PASSWORD + coordinatorExtraConfig: | + query.client.timeout=5m + query.execution-policy=phased + autoscaling: + enabled: false + keda: + enabled: true + pollingInterval: 5 + minReplicaCount: 0 + maxReplicaCount: 2 + cooldownPeriod: 300 + triggers: + - type: prometheus + metricType: Value + metadata: + serverAddress: http://prometheus-operator-kube-p-prometheus.{{ .Release.Namespace }}:9090 + threshold: "1" + metricName: required_workers + query: >- + sum by (service) + (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + + +additionalConfigProperties: + - internal-communication.shared-secret=random-value-999 + - http-server.authentication.allow-insecure-over-http=true + - http-server.process-forwarded=true + +service: + annotations: + custom/name: value + port: 8080 + +auth: + # created using htpasswd -B -C 10 password.db admin + # every password is admin123 + passwordAuth: | + admin:$2y$10$8SWYy3DhcZNfQnpeHOMnD.GOcuKJ/Hqzw8CXSp05YEmXUA.k/4L7a + alice:$2y$10$6XLlfiT7Q0MwJmU61CnP1.BzOImMxfqzULQHbSxAoeqTHn661uoGK + bob:$2y$10$aXfppF9iHtHjuKzbIUY8f.F98IRj2ZGfu2aok0wDgBBnD6hnDZKwK + refreshPeriod: 15s + groups: | + group1:admin,alice,bob + group2:alice + group3:bob + +secretMounts: + - name: certificates + secretName: '{{ .Release.Namespace }}-certificates' + path: /etc/trino/certificates + +coordinator: + deployment: + annotations: + custom/name: value + progressDeadlineSeconds: 500 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 50% + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + config: + memory: + heapHeadroomPerNode: "2GB" + query: + maxMemoryPerNode: "2GB" + + additionalVolumes: + - name: generated-files + emptyDir: {} + + additionalVolumeMounts: + - name: generated-files + mountPath: /etc/trino/generated + readOnly: false + + additionalExposedPorts: + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + + annotations: + custom/name: value + +worker: + deployment: + annotations: + custom/name: value + progressDeadlineSeconds: 500 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 50% + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + config: + memory: + heapHeadroomPerNode: "2GB" + query: + maxMemoryPerNode: "2GB" + + annotations: + custom/name: value + +commonLabels: + extra-label: extra-value + +initContainers: + coordinator: + - name: init-coordinator + image: busybox:1.36 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "cat /etc/trino/certificates/tls.crt /etc/trino/certificates/tls.key > /etc/trino/generated/tls.pem"] + volumeMounts: + - name: certificates + readOnly: true + mountPath: "/etc/trino/certificates" + - name: generated-files + readOnly: false + mountPath: "/etc/trino/generated" + +accessControl: + type: configmap + refreshPeriod: 60s + configFile: "rules.json" + rules: + rules.json: |- + { + "catalogs": [ + { + "user": "admin", + "catalog": "(tpch|system)", + "allow": "all" + }, + { + "group": "group1", + "catalog": "tpch", + "allow": true + }, + { + "user": "alice", + "catalog": "jmx", + "allow": "read-only" + }, + { + "catalog": "system", + "allow": "none" + } + ], + "schemas": [ + { + "user": "admin", + "schema": ".*", + "owner": true + }, + { + "user": "alice", + "owner": false + } + ] + } + +resourceGroups: + type: configmap + resourceGroupsConfig: |- + { + "rootGroups": [ + { + "name": "global", + "softMemoryLimit": "80%", + "hardConcurrencyLimit": 100, + "maxQueued": 100, + "schedulingPolicy": "fair", + "jmxExport": true, + "subGroups": [ + { + "name": "admin", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "finance_human_resources", + "softMemoryLimit": "20%", + "hardConcurrencyLimit": 15, + "maxQueued": 10 + }, + { + "name": "general", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "readonly", + "softMemoryLimit": "10%", + "hardConcurrencyLimit": 5, + "maxQueued": 5 + } + ] + } + ], + "selectors": [ + { + "user": "admin", + "group": "global.admin" + }, + { + "group": "finance|human_resources", + "group": "global.finance_human_resources" + }, + { + "user": "alice", + "group": "global.readonly" + }, + { + "group": "global.general" + } + ] + } + + +jmx: + enabled: true + registryPort: 9080 + serverPort: 9081 + exporter: + enabled: true + image: bitnami/jmx-exporter:1.0.1 + pullPolicy: Always + port: 5556 + configProperties: | + startDelaySeconds: 0 + hostPort: 127.0.0.1:{{- .Values.jmx.registryPort }} + rules: + - pattern: 'trino.memory*' + - pattern: 'trino.execution*' + - pattern: 'trino.execution*' + +serviceMonitor: + enabled: true + labels: + prometheus: default + interval: "1s" + +ingress: + enabled: true + hosts: + - host: trino.local + paths: + - path: / + pathType: ImplementationSpecific + +networkPolicy: + enabled: true + ingress: + - from: + - podSelector: + matchExpressions: + - key: test + operator: NotIn + values: [network-policy] + +catalogs: + tpch: | + connector.name=tpch + tpch.splits-per-node=4 diff --git a/tests/trino/test.sh b/tests/trino/test.sh new file mode 100755 index 00000000..797f5b60 --- /dev/null +++ b/tests/trino/test.sh @@ -0,0 +1,194 @@ +#!/usr/bin/env bash + +set -euo pipefail + +declare -A testCases=( + [default]="" + [single_node]="--set server.workers=0,coordinator.config.nodeScheduler.includeCoordinator=true" + [complete_values]="--values test-values.yaml" + [overrides]="--set coordinatorNameOverride=coordinator-overridden,workerNameOverride=worker-overridden,nameOverride=overridden" + [access_control_properties_values]="--values test-access-control-properties-values.yaml" + [exchange_manager_values]="--values test-exchange-manager-values.yaml" + [graceful_shutdown]="--values test-graceful-shutdown-values.yaml" + [resource_groups_properties]="--values test-resource-groups-properties-values.yaml" +) + +declare -A testCaseCharts=( + [default]="../../charts/trino" + [single_node]="../../charts/trino" + [complete_values]="../../charts/trino" + [overrides]="../../charts/trino" + [access_control_properties_values]="../../charts/trino" + [exchange_manager_values]="../../charts/trino" + [graceful_shutdown]="../../charts/trino" + [resource_groups_properties]="../../charts/trino" +) + +function join_by { + local d=${1-} f=${2-} + if shift 2; then + printf %s "$f" "${@/#/$d}" + fi +} + +# default to randomly generated namespace, same as chart-testing would do, but we need to load secrets into the same namespace +NAMESPACE=trino-$(LC_ALL=C tr -dc 'a-z0-9' &2 +Usage: $0 [-h] [-n ] [-a ] [-t ] [-s] +Test the Trino chart + +-h Display help +-n Kubernetes namespace, a randomly generated one is used if not provided +-a Extra Helm set args +-t Test names to run, comma separated; defaults to $(join_by , "${TEST_NAMES[@]}") +-s Skip chart cleanup +EOF +} + +while getopts ":a:n:t:sh:" OPTKEY; do + case "${OPTKEY}" in + a) + HELM_EXTRA_SET_ARGS=${OPTARG} + ;; + n) + NAMESPACE=${OPTARG} + ;; + t) + IFS=, read -ra TEST_NAMES <<<"$OPTARG" + ;; + s) + CLEANUP_NAMESPACE=false + ;; + h) + usage + exit 0 + ;; + *) + usage + exit 1 + ;; + esac +done +shift $((OPTIND - 1)) + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" +cd "${SCRIPT_DIR}" || exit 2 + +echo 1>&2 "Generating a self-signed TLS certificate" +openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/O=Trino Software Foundation" \ + -addext "subjectAltName=DNS:localhost,DNS:*.$NAMESPACE,DNS:*.$NAMESPACE.svc,DNS:*.$NAMESPACE.svc.cluster.local,IP:127.0.0.1" \ + -keyout cert.key -out cert.crt + +kubectl create namespace "$NAMESPACE" --dry-run=client --output yaml | kubectl apply --filename - +kubectl -n "$NAMESPACE" create secret tls "$NAMESPACE"-certificates --cert=cert.crt --key=cert.key --dry-run=client --output yaml | kubectl apply --filename - +cat <&2 "" + echo 1>&2 "🧪 Running test $test_name" + echo 1>&2 "" + if ! time ct install "${CT_ARGS[@]}" --charts="${testCaseCharts[$test_name]}" --helm-extra-set-args "$HELM_EXTRA_SET_ARGS ${testCases[$test_name]}"; then + echo 1>&2 "❌ Test $test_name failed" + echo 1>&2 "Test logs:" + kubectl --namespace "$NAMESPACE" logs --tail=-1 --selector app.kubernetes.io/component=test --all-containers=true + result=1 + else + echo 1>&2 "✅ Test $test_name completed" + fi + if [ "$CLEANUP_NAMESPACE" == "true" ]; then + for release in $(helm --namespace "$NAMESPACE" ls --all --short | grep -v 'prometheus-operator'); do + echo 1>&2 "Cleaning up Helm release $release" + helm --namespace "$NAMESPACE" delete "$release" + done + fi +done + +if [ "$CLEANUP_NAMESPACE" == "true" ]; then + helm -n "$DB_NAMESPACE" uninstall trino-resource-groups-db --ignore-not-found + kubectl delete namespace "$DB_NAMESPACE" --ignore-not-found + helm -n "$NAMESPACE" uninstall prometheus-operator --ignore-not-found + kubectl delete namespace "$NAMESPACE" + helm -n "$KEDA_NAMESPACE" uninstall keda --ignore-not-found + kubectl delete namespace "$KEDA_NAMESPACE" + for api_group in monitoring.coreos.com eventing.keda.sh keda.sh; do + mapfile -t crds < <(kubectl api-resources --api-group="$api_group" --output name) + if [ ${#crds[@]} -ne 0 ]; then + kubectl delete crd "${crds[@]}" + fi + done +fi + +exit $result diff --git a/values.yaml b/values.yaml deleted file mode 100644 index 7895f990..00000000 --- a/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# Default values for trino. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: trinodb/trino - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart version. - tag: latest - -server: - workers: 2 - node: - environment: production - dataDir: /data/trino - pluginDir: /usr/lib/trino/plugin - log: - trino: - level: INFO - config: - path: /etc/trino - http: - port: 8080 - query: - maxMemory: "4GB" - maxMemoryPerNode: "1GB" - jvm: - maxHeapSize: "8G" - gcMethod: - type: "UseG1GC" - g1: - heapRegionSize: "32M" - -securityContext: - runAsUser: 1000 - runAsGroup: 1000 - -service: - type: ClusterIP - port: 8080 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} From ff97f8d1c5161a0ee61e4387a1c2b80e24e72b92 Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Wed, 12 Feb 2025 16:56:42 +0000 Subject: [PATCH 02/34] squash --- charts/trino/cenko.yaml | 425 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) create mode 100644 charts/trino/cenko.yaml diff --git a/charts/trino/cenko.yaml b/charts/trino/cenko.yaml new file mode 100644 index 00000000..9ad9c742 --- /dev/null +++ b/charts/trino/cenko.yaml @@ -0,0 +1,425 @@ +--- +# Source: trino/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: "catalogs" +data: + mariadb.properties: + Y29ubmVjdG9yLm5hbWU9bWFyaWFkYgpjb25uZWN0aW9uLXVzZXI9CmNvbm5lY3Rpb24tdXJsPQpjb25uZWN0aW9uLXBhc3N3b3JkPQo= + postgresql.properties: + Y29ubmVjdG9yLm5hbWU9cG9zdGdyZXNxbApjb25uZWN0aW9uLXVzZXI9CmNvbm5lY3Rpb24tdXJsPQpwb3N0Z3Jlc3FsLmFycmF5LW1hcHBpbmc9CmNvbm5lY3Rpb24tcGFzc3dvcmQ9Cg== +type: Opaque +--- +# Source: trino/templates/configmap-coordinator.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-coordinator + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator +data: + node.properties: | + node.environment=production + node.data-dir=/data/trino + plugin.dir=/usr/lib/trino/plugin + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx8G + -XX:+UseG1GC + -XX:G1HeapRegionSize=32M + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + + config.properties: | + coordinator=true + node-scheduler.include-coordinator=false + http-server.http.port=8080 + query.max-memory=4GB + query.max-memory-per-node=1GB + discovery.uri=http://localhost:8080 + + log.properties: | + io.trino=INFO +--- +# Source: trino/templates/configmap-coordinator.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-schemas-volume-coordinator + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator +data: +--- +# Source: trino/templates/configmap-worker.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker +data: + node.properties: | + node.environment=production + node.data-dir=/data/trino + plugin.dir=/usr/lib/trino/plugin + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx8G + -XX:+UseG1GC + -XX:G1HeapRegionSize=32M + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + + config.properties: | + coordinator=false + http-server.http.port=8080 + query.max-memory=4GB + query.max-memory-per-node=1GB + discovery.uri=http://release-name-trino:8080 + + log.properties: | + io.trino=INFO +--- +# Source: trino/templates/configmap-worker.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-schemas-volume-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker +data: +--- +# Source: trino/templates/service-coordinator.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-trino + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator + annotations: + {} +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: coordinator +--- +# Source: trino/templates/service-worker.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-trino-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker + annotations: + {} +spec: + clusterIP: None + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: worker +--- +# Source: trino/templates/deployment-coordinator.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-trino-coordinator + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: disabled + annotations: + {} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: coordinator + template: + metadata: + annotations: + checksum/coordinator-config: 40751d21000a49da8ca8810cbffafd533666be33fdd78b1f93421fa9f5b37a6c + + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: disabled + spec: + serviceAccountName: default + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + volumes: + - name: config-volume + configMap: + name: release-name-trino-coordinator + - name: schemas-volume + configMap: + name: release-name-trino-schemas-volume-coordinator + terminationGracePeriodSeconds: 30 + containers: + - name: trino-coordinator + image: trinodb/trino:470 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + [] + envFrom: + [] + volumeMounts: + - mountPath: /etc/trino + name: config-volume + - mountPath: /etc/trino/schemas + name: schemas-volume + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + lifecycle: + {} + resources: + {} +--- +# Source: trino/templates/deployment-worker.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-trino-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker + trino.io/network-policy-protection: disabled + annotations: + {} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: worker + template: + metadata: + annotations: + checksum/worker-config: e580771155dcd8953af6dc546e698fd7af4c3b5510b489c6b4463bcec072dda7 + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker + trino.io/network-policy-protection: disabled + spec: + serviceAccountName: default + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + volumes: + - name: config-volume + configMap: + name: release-name-trino-worker + - name: schemas-volume + configMap: + name: release-name-trino-schemas-volume-worker + terminationGracePeriodSeconds: 30 + containers: + - name: trino-worker + image: trinodb/trino:470 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + [] + envFrom: + [] + volumeMounts: + - mountPath: /etc/trino + name: config-volume + - mountPath: /etc/trino/schemas + name: schemas-volume + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + lifecycle: + resources: + {} +--- +# Source: trino/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: release-name-trino-test-connection + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + containers: + - name: cli + image: trinodb/trino:470 + command: ['trino'] + args: + - trino://release-name-trino:8080 + - --user=admin + - --debug + - --execute=SELECT COUNT(*) FROM tpch.tiny.nation + - --no-progress + restartPolicy: Never From e34e56eea866f815f58fe6884d3d27396662826d Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Feb 2025 17:05:09 +0000 Subject: [PATCH 03/34] Delete charts/trino/cenko.yaml --- charts/trino/cenko.yaml | 425 ---------------------------------------- 1 file changed, 425 deletions(-) delete mode 100644 charts/trino/cenko.yaml diff --git a/charts/trino/cenko.yaml b/charts/trino/cenko.yaml deleted file mode 100644 index 9ad9c742..00000000 --- a/charts/trino/cenko.yaml +++ /dev/null @@ -1,425 +0,0 @@ ---- -# Source: trino/templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: "catalogs" -data: - mariadb.properties: - Y29ubmVjdG9yLm5hbWU9bWFyaWFkYgpjb25uZWN0aW9uLXVzZXI9CmNvbm5lY3Rpb24tdXJsPQpjb25uZWN0aW9uLXBhc3N3b3JkPQo= - postgresql.properties: - Y29ubmVjdG9yLm5hbWU9cG9zdGdyZXNxbApjb25uZWN0aW9uLXVzZXI9CmNvbm5lY3Rpb24tdXJsPQpwb3N0Z3Jlc3FsLmFycmF5LW1hcHBpbmc9CmNvbm5lY3Rpb24tcGFzc3dvcmQ9Cg== -type: Opaque ---- -# Source: trino/templates/configmap-coordinator.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-trino-coordinator - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: coordinator -data: - node.properties: | - node.environment=production - node.data-dir=/data/trino - plugin.dir=/usr/lib/trino/plugin - - jvm.config: | - -server - -agentpath:/usr/lib/trino/bin/libjvmkill.so - -Xmx8G - -XX:+UseG1GC - -XX:G1HeapRegionSize=32M - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -XX:-OmitStackTraceInFastThrow - -XX:ReservedCodeCacheSize=512M - -XX:PerMethodRecompilationCutoff=10000 - -XX:PerBytecodeRecompilationCutoff=10000 - -Djdk.attach.allowAttachSelf=true - -Djdk.nio.maxCachedBufferSize=2000000 - # Allow loading dynamic agent used by JOL - -XX:+EnableDynamicAgentLoading - - # https://bugs.openjdk.org/browse/JDK-8329528 - -XX:+UnlockDiagnosticVMOptions - -XX:G1NumCollectionsKeepPinned=10000000 - - config.properties: | - coordinator=true - node-scheduler.include-coordinator=false - http-server.http.port=8080 - query.max-memory=4GB - query.max-memory-per-node=1GB - discovery.uri=http://localhost:8080 - - log.properties: | - io.trino=INFO ---- -# Source: trino/templates/configmap-coordinator.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-trino-schemas-volume-coordinator - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: coordinator -data: ---- -# Source: trino/templates/configmap-worker.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-trino-worker - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: worker -data: - node.properties: | - node.environment=production - node.data-dir=/data/trino - plugin.dir=/usr/lib/trino/plugin - - jvm.config: | - -server - -agentpath:/usr/lib/trino/bin/libjvmkill.so - -Xmx8G - -XX:+UseG1GC - -XX:G1HeapRegionSize=32M - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -XX:-OmitStackTraceInFastThrow - -XX:ReservedCodeCacheSize=512M - -XX:PerMethodRecompilationCutoff=10000 - -XX:PerBytecodeRecompilationCutoff=10000 - -Djdk.attach.allowAttachSelf=true - -Djdk.nio.maxCachedBufferSize=2000000 - # Allow loading dynamic agent used by JOL - -XX:+EnableDynamicAgentLoading - - # https://bugs.openjdk.org/browse/JDK-8329528 - -XX:+UnlockDiagnosticVMOptions - -XX:G1NumCollectionsKeepPinned=10000000 - - config.properties: | - coordinator=false - http-server.http.port=8080 - query.max-memory=4GB - query.max-memory-per-node=1GB - discovery.uri=http://release-name-trino:8080 - - log.properties: | - io.trino=INFO ---- -# Source: trino/templates/configmap-worker.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: release-name-trino-schemas-volume-worker - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: worker -data: ---- -# Source: trino/templates/service-coordinator.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-trino - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: coordinator - annotations: - {} -spec: - type: ClusterIP - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: coordinator ---- -# Source: trino/templates/service-worker.yaml -apiVersion: v1 -kind: Service -metadata: - name: release-name-trino-worker - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: worker - annotations: - {} -spec: - clusterIP: None - ports: - - port: 8080 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: worker ---- -# Source: trino/templates/deployment-coordinator.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name-trino-coordinator - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: coordinator - trino.io/network-policy-protection: disabled - annotations: - {} -spec: - progressDeadlineSeconds: 600 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: coordinator - template: - metadata: - annotations: - checksum/coordinator-config: 40751d21000a49da8ca8810cbffafd533666be33fdd78b1f93421fa9f5b37a6c - - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: coordinator - trino.io/network-policy-protection: disabled - spec: - serviceAccountName: default - securityContext: - runAsGroup: 1000 - runAsUser: 1000 - volumes: - - name: config-volume - configMap: - name: release-name-trino-coordinator - - name: schemas-volume - configMap: - name: release-name-trino-schemas-volume-coordinator - terminationGracePeriodSeconds: 30 - containers: - - name: trino-coordinator - image: trinodb/trino:470 - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - env: - [] - envFrom: - [] - volumeMounts: - - mountPath: /etc/trino - name: config-volume - - mountPath: /etc/trino/schemas - name: schemas-volume - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /v1/info - port: http - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - exec: - command: [/usr/lib/trino/bin/health-check] - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - lifecycle: - {} - resources: - {} ---- -# Source: trino/templates/deployment-worker.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: release-name-trino-worker - namespace: default - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: worker - trino.io/network-policy-protection: disabled - annotations: - {} -spec: - progressDeadlineSeconds: 600 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/component: worker - template: - metadata: - annotations: - checksum/worker-config: e580771155dcd8953af6dc546e698fd7af4c3b5510b489c6b4463bcec072dda7 - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: worker - trino.io/network-policy-protection: disabled - spec: - serviceAccountName: default - securityContext: - runAsGroup: 1000 - runAsUser: 1000 - volumes: - - name: config-volume - configMap: - name: release-name-trino-worker - - name: schemas-volume - configMap: - name: release-name-trino-schemas-volume-worker - terminationGracePeriodSeconds: 30 - containers: - - name: trino-worker - image: trinodb/trino:470 - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - env: - [] - envFrom: - [] - volumeMounts: - - mountPath: /etc/trino - name: config-volume - - mountPath: /etc/trino/schemas - name: schemas-volume - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - httpGet: - path: /v1/info - port: http - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - exec: - command: [/usr/lib/trino/bin/health-check] - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - lifecycle: - resources: - {} ---- -# Source: trino/templates/tests/test-connection.yaml -apiVersion: v1 -kind: Pod -metadata: - name: release-name-trino-test-connection - labels: - helm.sh/chart: trino-1.37.0 - app.kubernetes.io/name: trino - app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "470" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: test - test: connection - annotations: - "helm.sh/hook": test -spec: - containers: - - name: cli - image: trinodb/trino:470 - command: ['trino'] - args: - - trino://release-name-trino:8080 - - --user=admin - - --debug - - --execute=SELECT COUNT(*) FROM tpch.tiny.nation - - --no-progress - restartPolicy: Never From 6e79f810b8d1c308387ca78519124715a80a12ff Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Feb 2025 17:05:47 +0000 Subject: [PATCH 04/34] Update README.md --- charts/trino/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/trino/README.md b/charts/trino/README.md index 9eb2aba9..206ccbf3 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -954,6 +954,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore - protocol: TCP port: 9999 ``` + * `catalogsSecrets` - list, default: `[]` Example: ```yaml @@ -984,4 +985,4 @@ ldapSecrets: [] # ldap.user-base-dn= ``` ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From 3a0df0829e14123283823b42f922eec7328b8509 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Feb 2025 17:06:37 +0000 Subject: [PATCH 05/34] Update README.md --- charts/trino/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/trino/README.md b/charts/trino/README.md index 206ccbf3..ba8465d9 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -954,7 +954,6 @@ Fast distributed SQL query engine for big data analytics that helps you explore - protocol: TCP port: 9999 ``` - * `catalogsSecrets` - list, default: `[]` Example: ```yaml From ead587dfe7a68078dacafee7971303557c991179 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Feb 2025 17:10:15 +0000 Subject: [PATCH 06/34] Update README.md --- charts/trino/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/trino/README.md b/charts/trino/README.md index ba8465d9..c6e28f08 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -954,6 +954,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore - protocol: TCP port: 9999 ``` + * `catalogsSecrets` - list, default: `[]` Example: ```yaml @@ -983,5 +984,6 @@ ldapSecrets: [] # ldap.group-auth-pattern= # ldap.user-base-dn= ``` + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From 5e5b068a7f7524daac8e8e95563a55b4a203585b Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Feb 2025 17:16:51 +0000 Subject: [PATCH 07/34] Update secret.yaml --- charts/trino/templates/secret.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml index 8b4795ad..97b62ab7 100644 --- a/charts/trino/templates/secret.yaml +++ b/charts/trino/templates/secret.yaml @@ -53,4 +53,3 @@ data: type: Opaque {{- end }} {{- end }} -======= From 051fe3bc6f6bd5d622e352daf2b7160b5b5d633d Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Wed, 12 Feb 2025 17:22:41 +0000 Subject: [PATCH 08/34] remove validation --- charts/trino/templates/configmap-catalog.yaml | 2 +- charts/trino/templates/deployment-coordinator.yaml | 6 +++--- charts/trino/templates/deployment-worker.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/trino/templates/configmap-catalog.yaml b/charts/trino/templates/configmap-catalog.yaml index 767b49fd..0a148ca8 100644 --- a/charts/trino/templates/configmap-catalog.yaml +++ b/charts/trino/templates/configmap-catalog.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +{{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 41eb8c4e..7b2e4c09 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -28,7 +28,7 @@ spec: {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} {{- end }} - {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} {{- end }} checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }} @@ -56,7 +56,7 @@ spec: - name: config-volume configMap: name: {{ template "trino.coordinator" . }} - {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} - name: catalog-volume configMap: name: {{ template "trino.catalog" . }} @@ -140,7 +140,7 @@ spec: volumeMounts: - mountPath: {{ .Values.server.config.path }} name: config-volume - {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} - mountPath: {{ .Values.server.config.path }}/catalog name: catalog-volume {{- end }} diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index 9b088755..7ffe7035 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -29,7 +29,7 @@ spec: template: metadata: annotations: - {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} {{- end }} checksum/worker-config: {{ include (print $.Template.BasePath "/configmap-worker.yaml") . | sha256sum }} @@ -59,7 +59,7 @@ spec: - name: config-volume configMap: name: {{ template "trino.worker" . }} - {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} - name: catalog-volume configMap: name: {{ template "trino.catalog" . }} @@ -126,7 +126,7 @@ spec: volumeMounts: - mountPath: {{ .Values.server.config.path }} name: config-volume - {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} - mountPath: {{ .Values.server.config.path }}/catalog name: catalog-volume {{- end }} From c5faf82a4bd08a3f932f05a716bb73c52ab23e73 Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Thu, 13 Feb 2025 09:30:22 +0000 Subject: [PATCH 09/34] add tests --- .../trino/test-catalogs-secrests-values.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 tests/trino/test-catalogs-secrests-values.yaml diff --git a/tests/trino/test-catalogs-secrests-values.yaml b/tests/trino/test-catalogs-secrests-values.yaml new file mode 100644 index 00000000..d8f643d0 --- /dev/null +++ b/tests/trino/test-catalogs-secrests-values.yaml @@ -0,0 +1,20 @@ + +catalogs: {} +catalogsSecrets: + - name: catalogs + value: + mariadb.properties: | + connector.name=mariadb + connection-user= + connection-url= + connection-password= + postgresql.properties: | + connector.name=postgresql + connection-user= + connection-url= + postgresql.array-mapping= + connection-password +secretMounts: + - name: catalogs + secretName: catalogs + path: /etc/trino/catalog From 1c665a5fad7214acb88278349ab3d83f29b39abb Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Thu, 13 Feb 2025 09:30:45 +0000 Subject: [PATCH 10/34] add tests --- ...ogs-secrests-values.yaml => test-catalogs-secrets-values.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/trino/{test-catalogs-secrests-values.yaml => test-catalogs-secrets-values.yaml} (100%) diff --git a/tests/trino/test-catalogs-secrests-values.yaml b/tests/trino/test-catalogs-secrets-values.yaml similarity index 100% rename from tests/trino/test-catalogs-secrests-values.yaml rename to tests/trino/test-catalogs-secrets-values.yaml From 149ace3214539a7086efb5938178f125d4f2ac74 Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Thu, 13 Feb 2025 09:31:03 +0000 Subject: [PATCH 11/34] add tests --- tests/trino/test-catalogs-secrets-values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/trino/test-catalogs-secrets-values.yaml b/tests/trino/test-catalogs-secrets-values.yaml index d8f643d0..64876bcb 100644 --- a/tests/trino/test-catalogs-secrets-values.yaml +++ b/tests/trino/test-catalogs-secrets-values.yaml @@ -1,4 +1,3 @@ - catalogs: {} catalogsSecrets: - name: catalogs From 660ed49fc8372438beb540552342f6ef42751c85 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Tue, 18 Feb 2025 19:44:09 +0000 Subject: [PATCH 12/34] Update values.yaml --- charts/trino/values.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 3d52191c..33ddd5e6 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -382,13 +382,13 @@ eventListenerProperties: [] # - custom-property2=custom-value2 # ``` -catalogs: - tpch: | - connector.name=tpch - tpch.splits-per-node=4 - tpcds: | - connector.name=tpcds - tpcds.splits-per-node=4 +catalogs: {} +# tpch: | +# connector.name=tpch +# tpch.splits-per-node=4 +# tpcds: | +# connector.name=tpcds +# tpcds.splits-per-node=4 # catalogs -- Configure # [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). # @raw From 7dc7fee4e6814d45653c025960cb3bfaae2c1621 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:20:59 +0000 Subject: [PATCH 13/34] Update README.md --- charts/trino/README.md | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/charts/trino/README.md b/charts/trino/README.md index c6e28f08..0ece1464 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -955,10 +955,10 @@ Fast distributed SQL query engine for big data analytics that helps you explore port: 9999 ``` - * `catalogsSecrets` - list, default: `[]` + * `additionalSecrets` - list, default: `[]` Example: ```yaml - catalogsSecrets: [] + additionalSecrets: [] # - name: catalogs # value: # mariadb.properties: | @@ -972,17 +972,6 @@ Fast distributed SQL query engine for big data analytics that helps you explore # connection-url= # postgresql.array-mapping= # connection-password= -ldapSecrets: [] - # - name: ldap - # value: - # ldap.properties: | - # password-authenticator.name=ldap - # ldap.bind-dn=uid= - # ldap.url= - # ldap.bind-password= - # ldap.user-bind-pattern= - # ldap.group-auth-pattern= - # ldap.user-base-dn= ``` ---------------------------------------------- From 2ac0d314c64814d3ce14080f8eda0315a0159bef Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:21:50 +0000 Subject: [PATCH 14/34] Update values.yaml --- charts/trino/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 33ddd5e6..2ff72b7a 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -1140,7 +1140,7 @@ networkPolicy: # ``` egress: [] -catalogsSecrets: [] +additionalSecrets: [] # - name: catalogs # value: # mariadb.properties: | From baa2a980fefcd28426d8dba02ff9cf99aa28281f Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:23:03 +0000 Subject: [PATCH 15/34] Update secret.yaml --- charts/trino/templates/secret.yaml | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml index 97b62ab7..adedb9a9 100644 --- a/charts/trino/templates/secret.yaml +++ b/charts/trino/templates/secret.yaml @@ -26,22 +26,8 @@ data: {{- end }} {{- end }} --- -{{- if .Values.catalogsSecrets }} -{{- range .Values.catalogsSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ .name }}" -data: -{{- range $key, $val := .value }} - {{ $key }}: {{ $val | b64enc | nindent 4 }} -{{- end }} -type: Opaque -{{- end }} -{{- end }} ---- -{{- if .Values.ldapSecrets }} -{{- range .Values.ldapSecrets }} +{{- if .Values.additionalSecrets }} +{{- range .Values.additionalSecrets }} apiVersion: v1 kind: Secret metadata: From 467783cecae7288477f687cc477b92c632eafeb1 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:23:56 +0000 Subject: [PATCH 16/34] Update values.yaml --- charts/trino/values.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 2ff72b7a..5762bdff 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -1154,14 +1154,3 @@ additionalSecrets: [] # connection-url= # postgresql.array-mapping= # connection-password= -ldapSecrets: [] - # - name: ldap - # value: - # ldap.properties: | - # password-authenticator.name=ldap - # ldap.bind-dn=uid= - # ldap.url= - # ldap.bind-password= - # ldap.user-bind-pattern= - # ldap.group-auth-pattern= - # ldap.user-base-dn= From b7e9189dfcd821606c97932e8ca9ea951c4a8ea8 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:24:32 +0000 Subject: [PATCH 17/34] Update test-catalogs-secrets-values.yaml --- tests/trino/test-catalogs-secrets-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/trino/test-catalogs-secrets-values.yaml b/tests/trino/test-catalogs-secrets-values.yaml index 64876bcb..45826e35 100644 --- a/tests/trino/test-catalogs-secrets-values.yaml +++ b/tests/trino/test-catalogs-secrets-values.yaml @@ -1,5 +1,5 @@ catalogs: {} -catalogsSecrets: +additionalSecrets: - name: catalogs value: mariadb.properties: | From 00b2d04c650567ac58d1acd3754dd91d20371968 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Sun, 2 Mar 2025 12:25:03 +0000 Subject: [PATCH 18/34] Update test-catalogs-secrets-values.yaml --- tests/trino/test-catalogs-secrets-values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/trino/test-catalogs-secrets-values.yaml b/tests/trino/test-catalogs-secrets-values.yaml index 45826e35..8da1dacd 100644 --- a/tests/trino/test-catalogs-secrets-values.yaml +++ b/tests/trino/test-catalogs-secrets-values.yaml @@ -1,4 +1,3 @@ -catalogs: {} additionalSecrets: - name: catalogs value: From feff8d7aaca25364a1e97002f9191e8d322d2e5b Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Mar 2025 19:07:15 +0000 Subject: [PATCH 19/34] Update deployment-worker.yaml --- charts/trino/templates/deployment-worker.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index 7ffe7035..b463dd23 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -29,6 +29,9 @@ spec: template: metadata: annotations: + {{- if .Values.secrets }} + checksum/secret-config: {{ include (print $.Template.BasePath "/secrets-catalogs.yaml") . | sha256sum }} + {{- end }} {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} {{- end }} From ae0783548c20c33e3a41134be6748a46ca1ceec1 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Mar 2025 19:07:34 +0000 Subject: [PATCH 20/34] Update deployment-coordinator.yaml --- charts/trino/templates/deployment-coordinator.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 7b2e4c09..45313835 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -25,6 +25,9 @@ spec: template: metadata: annotations: + {{- if .Values.secrets }} + checksum/secret-config: {{ include (print $.Template.BasePath "/secrets-catalogs.yaml") . | sha256sum }} + {{- end }} {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} {{- end }} From a3ba746295a9ef464a5cca93a67f28e4a0fcb897 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Mar 2025 19:08:09 +0000 Subject: [PATCH 21/34] Update deployment-coordinator.yaml --- charts/trino/templates/deployment-coordinator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 45313835..515fc6c9 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -26,7 +26,7 @@ spec: metadata: annotations: {{- if .Values.secrets }} - checksum/secret-config: {{ include (print $.Template.BasePath "/secrets-catalogs.yaml") . | sha256sum }} + checksum/secret-config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} From 93daba72ee9381c390093da86f78285aa2bcfb09 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Mar 2025 19:08:25 +0000 Subject: [PATCH 22/34] Update deployment-worker.yaml --- charts/trino/templates/deployment-worker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index b463dd23..0a10cc9a 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -30,7 +30,7 @@ spec: metadata: annotations: {{- if .Values.secrets }} - checksum/secret-config: {{ include (print $.Template.BasePath "/secrets-catalogs.yaml") . | sha256sum }} + checksum/secret-config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} From 9de99f997e4f83baf7f292afc8303a3bd0cf113b Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Mar 2025 20:06:41 +0000 Subject: [PATCH 23/34] Update deployment-coordinator.yaml --- charts/trino/templates/deployment-coordinator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 515fc6c9..5713cb9c 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -25,7 +25,7 @@ spec: template: metadata: annotations: - {{- if .Values.secrets }} + {{- if .Values.additionalSecrets }} checksum/secret-config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} From e591ad98f3ff0c96fcead3e95a3d401f461618f5 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 12 Mar 2025 20:06:58 +0000 Subject: [PATCH 24/34] Update deployment-worker.yaml --- charts/trino/templates/deployment-worker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index 0a10cc9a..6cbf70ed 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -29,7 +29,7 @@ spec: template: metadata: annotations: - {{- if .Values.secrets }} + {{- if .Values.additionalSecrets }} checksum/secret-config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- end }} {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} From bb54aad6faab4b496019cb6f27ef0b4b035bb0c2 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:00:50 +0100 Subject: [PATCH 25/34] Delete tests/trino/test-catalogs-secrets-values.yaml --- tests/trino/test-catalogs-secrets-values.yaml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 tests/trino/test-catalogs-secrets-values.yaml diff --git a/tests/trino/test-catalogs-secrets-values.yaml b/tests/trino/test-catalogs-secrets-values.yaml deleted file mode 100644 index 8da1dacd..00000000 --- a/tests/trino/test-catalogs-secrets-values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -additionalSecrets: - - name: catalogs - value: - mariadb.properties: | - connector.name=mariadb - connection-user= - connection-url= - connection-password= - postgresql.properties: | - connector.name=postgresql - connection-user= - connection-url= - postgresql.array-mapping= - connection-password -secretMounts: - - name: catalogs - secretName: catalogs - path: /etc/trino/catalog From 4a7561fde574bbefaa03b01064f7cbf8cb5c4679 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:01:29 +0100 Subject: [PATCH 26/34] Update values.yaml --- charts/trino/values.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 1b46d30b..a87062c3 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -1140,18 +1140,3 @@ networkPolicy: # port: 9999 # ``` egress: [] - -additionalSecrets: [] - # - name: catalogs - # value: - # mariadb.properties: | - # connector.name=mariadb - # connection-user= - # connection-url= - # connection-password= - # postgresql.properties: | - # connector.name=postgresql - # connection-user= - # connection-url= - # postgresql.array-mapping= - # connection-password= From a31f1683e5d2ebc0c6ec01145571407dbb08a2a0 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:02:23 +0100 Subject: [PATCH 27/34] Update charts/trino/values.yaml --- charts/trino/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index a87062c3..a30f8963 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -550,9 +550,6 @@ secretMounts: [] # - name: catalogs # secretName: catalogs # path: /etc/trino/catalog -# - name: ldap -# secretName: ldap -# path: /etc/trino/ldap # ``` coordinator: From 1a43135ac09be972065972890ce6ab364c0f96a7 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:03:18 +0100 Subject: [PATCH 28/34] Update charts/trino/README.md --- charts/trino/README.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/charts/trino/README.md b/charts/trino/README.md index 4d3d1740..88b390bf 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -956,25 +956,6 @@ Fast distributed SQL query engine for big data analytics that helps you explore - protocol: TCP port: 9999 ``` - - * `additionalSecrets` - list, default: `[]` - Example: - ```yaml - additionalSecrets: [] - # - name: catalogs - # value: - # mariadb.properties: | - # connector.name=mariadb - # connection-user= - # connection-url= - # connection-password= - # postgresql.properties: | - # connector.name=postgresql - # connection-user= - # connection-url= - # postgresql.array-mapping= - # connection-password= - ``` ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) From 196ea67e196932a83112f5496e40b51d40fcaba5 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:03:53 +0100 Subject: [PATCH 29/34] Update charts/trino/templates/deployment-coordinator.yaml --- charts/trino/templates/deployment-coordinator.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 5713cb9c..7b2e4c09 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -25,9 +25,6 @@ spec: template: metadata: annotations: - {{- if .Values.additionalSecrets }} - checksum/secret-config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} {{- end }} From da4344a060892a117e5e5b0739c7d1517af87610 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:04:53 +0100 Subject: [PATCH 30/34] Update charts/trino/templates/deployment-worker.yaml --- charts/trino/templates/deployment-worker.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index 6cbf70ed..7ffe7035 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -29,9 +29,6 @@ spec: template: metadata: annotations: - {{- if .Values.additionalSecrets }} - checksum/secret-config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} {{- end }} From 28bda700287ddc94a575d59d413025dcaf865e93 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Wed, 9 Apr 2025 18:05:24 +0100 Subject: [PATCH 31/34] Update charts/trino/templates/secret.yaml --- charts/trino/templates/secret.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml index adedb9a9..6f908ec0 100644 --- a/charts/trino/templates/secret.yaml +++ b/charts/trino/templates/secret.yaml @@ -25,17 +25,3 @@ data: group.db: {{ .Values.auth.groups | b64enc }} {{- end }} {{- end }} ---- -{{- if .Values.additionalSecrets }} -{{- range .Values.additionalSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ .name }}" -data: -{{- range $key, $val := .value }} - {{ $key }}: {{ $val | b64enc | nindent 4 }} -{{- end }} -type: Opaque -{{- end }} -{{- end }} From 621806197e7833f4b435cc47c2f18d4088617199 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Thu, 10 Apr 2025 12:36:08 +0100 Subject: [PATCH 32/34] revert values.yaml --- charts/trino/values.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index a30f8963..4b8ed1ca 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -383,13 +383,13 @@ eventListenerProperties: [] # - custom-property2=custom-value2 # ``` -catalogs: {} -# tpch: | -# connector.name=tpch -# tpch.splits-per-node=4 -# tpcds: | -# connector.name=tpcds -# tpcds.splits-per-node=4 +catalogs: + tpch: | + connector.name=tpch + tpch.splits-per-node=4 + tpcds: | + connector.name=tpcds + tpcds.splits-per-node=4 # catalogs -- Configure # [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). # @raw From e49de08b676ff308019870841b20d334005efbd1 Mon Sep 17 00:00:00 2001 From: luismacosta <92727123+luismacosta@users.noreply.github.com> Date: Thu, 10 Apr 2025 14:04:14 +0100 Subject: [PATCH 33/34] Update charts/trino/values.yaml --- charts/trino/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 4b8ed1ca..e4f754db 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -547,9 +547,6 @@ secretMounts: [] # secretName: sample-secret # path: /secrets/sample.json # subPath: sample.json -# - name: catalogs -# secretName: catalogs -# path: /etc/trino/catalog # ``` coordinator: From 9eec1f135174a42e137b02e82d681b28135e3679 Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Thu, 10 Apr 2025 19:15:35 +0100 Subject: [PATCH 34/34] all --- .github/workflows/ci-cd.yaml | 8 + .github/workflows/ci.yaml | 28 + .github/workflows/release.yaml | 29 + .github/workflows/sync-readme.yaml | 30 + .helmignore | 16 + README.md | 145 +++ charts/gateway/Chart.yaml | 5 + charts/gateway/README.md | 12 + charts/gateway/templates/deployment.yaml | 19 + charts/gateway/templates/secrets.yaml | 4 + .../templates/tests/test-connection.yaml | 30 + charts/gateway/values.yaml | 14 + charts/trino/Chart.yaml | 16 + charts/trino/README.md | 896 ++++++++++++++++-- charts/trino/cenko.yaml | 425 +++++++++ charts/trino/templates/NOTES.txt | 6 + charts/trino/templates/_helpers.tpl | 22 + charts/trino/templates/configmap-catalog.yaml | 29 + .../templates/configmap-coordinator.yaml | 60 ++ charts/trino/templates/configmap-worker.yaml | 52 + .../templates/deployment-coordinator.yaml | 79 ++ charts/trino/templates/deployment-worker.yaml | 77 ++ charts/trino/templates/secret.yaml | 31 + charts/trino/templates/service.yaml | 20 + charts/trino/values.yaml | 104 ++ tests/gateway/test-https.yaml | 4 + tests/gateway/test-values-with-env.yaml | 9 + tests/gateway/test-values.yaml | 9 + tests/trino/test-values.yaml | 4 + 29 files changed, 2124 insertions(+), 59 deletions(-) create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/sync-readme.yaml create mode 100644 charts/trino/cenko.yaml create mode 100644 charts/trino/templates/service.yaml diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml index 004eaf7c..352be06b 100644 --- a/.github/workflows/ci-cd.yaml +++ b/.github/workflows/ci-cd.yaml @@ -91,7 +91,11 @@ jobs: # Everything above is CI, everything here and below is for releases and runs only on non-pull-request events sync-readme: +<<<<<<< HEAD needs: [lint, test, test-gateway, docs] +======= + needs: [lint, test, docs] +>>>>>>> 83d9fad (New squashed commit) runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: @@ -120,7 +124,11 @@ jobs: git push release: +<<<<<<< HEAD needs: [lint, test, test-gateway, docs, sync-readme] +======= + needs: [lint, test, docs, sync-readme] +>>>>>>> 83d9fad (New squashed commit) runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..ce09622c --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,28 @@ +name: Lint and Test Chart +on: push + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Cleanup node + uses: AutoModality/action-clean@1.1.0 + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set up Helm + uses: azure/setup-helm@v1 + with: + version: v3.4.0 + - uses: actions/setup-python@v2 + with: + python-version: 3.7 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.0.1 + - name: Run chart-testing (lint) + run: ct lint --charts=charts/trino --validate-maintainers=false + - name: Create kind cluster + uses: helm/kind-action@v1.0.0 + - name: Run chart-testing (install) + run: ct install --charts=charts/trino diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..27660745 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,29 @@ +name: Release Trino Chart + +on: + push: + branches: + - main + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Cleanup node + uses: AutoModality/action-clean@1.1.0 + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Install Helm + uses: azure/setup-helm@v1 + with: + version: v3.5.2 + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.0.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/sync-readme.yaml b/.github/workflows/sync-readme.yaml new file mode 100644 index 00000000..f38aee7f --- /dev/null +++ b/.github/workflows/sync-readme.yaml @@ -0,0 +1,30 @@ +name: Sync Readme + +on: + push: + branches: + - 'master' + paths: + - 'README.md' + +jobs: + sync-readme: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: copy README.md + run: | + cp -f README.md ${{ runner.temp }}/README.md + - name: Checkout gh-pages + uses: actions/checkout@v2 + with: + ref: gh-pages + - name: commit + run: | + cp -f ${{ runner.temp }}/README.md . + git config user.name trino_community + git config user.email "trino_community@users.noreply.github.com" + git add README.md + git commit --signoff -m "Sync README from main" + git push diff --git a/.helmignore b/.helmignore index 417ff7fd..bb02fd57 100644 --- a/.helmignore +++ b/.helmignore @@ -14,12 +14,28 @@ *.swp *.bak *.tmp +<<<<<<< HEAD +<<<<<<< HEAD *.orig +======= +>>>>>>> 1cc98e4 (Initial commit) +======= +*.orig +>>>>>>> 83d9fad (New squashed commit) *~ # Various IDEs .project .idea/ *.tmproj +<<<<<<< HEAD +<<<<<<< HEAD +.vscode/ +# helm-doc template +README.md.gotmpl +======= +>>>>>>> 1cc98e4 (Initial commit) +======= .vscode/ # helm-doc template README.md.gotmpl +>>>>>>> 83d9fad (New squashed commit) diff --git a/README.md b/README.md index 9da10f21..1a952557 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ +<<<<<<< HEAD +<<<<<<< HEAD Trino Community Kubernetes Helm Charts =========== [![CI/CD](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml/badge.svg?branch=main)](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml) @@ -14,12 +16,48 @@ included: [Helm](https://helm.sh) must be installed to use the charts. Refer to Helm's [documentation](https://helm.sh/docs/) to get started. +<<<<<<< HEAD Once Helm is set up properly, add the repo as follows: +======= +| Parameter | Description | Default | +| ------------------------ | ----------------------- | -------------- | +| `image.repository` | | `"trinodb/trino"` | +| `image.pullPolicy` | | `"IfNotPresent"` | +| `image.tag` | | `"latest"` | +| `server.workers` | | `2` | +| `server.node.environment` | | `"production"` | +| `server.node.dataDir` | | `"/data/trino"` | +| `server.node.pluginDir` | | `"/usr/lib/trino/plugin"` | +| `server.log.trino.level` | | `"INFO"` | +| `server.config.path` | | `"/etc/trino"` | +| `server.config.http.port` | | `8080` | +| `server.config.query.maxMemory` | | `"4GB"` | +| `server.config.query.maxMemoryPerNode` | | `"1GB"` | +| `server.config.query.maxTotalMemoryPerNode` | | `"2GB"` | +| `server.config.memory.heapHeadroomPerNode` | | `"1GB"` | +| `server.jvm.maxHeapSize` | | `"8G"` | +| `server.jvm.gcMethod.type` | | `"UseG1GC"` | +| `server.jvm.gcMethod.g1.heapRegionSize` | | `"32M"` | +| `additionalNodeProperties` | | `{}` | +| `additionalJVMConfig` | | `{}` | +| `additionalConfigProperties` | | `{}` | +| `additionalLogProperties` | | `{}` | +| `additionalCatalogs` | | `{}` | +| `securityContext.runAsUser` | | `1000` | +| `securityContext.runAsGroup` | | `1000` | +| `service.type` | | `"ClusterIP"` | +| `service.port` | | `8080` | +| `resources` | | `{}` | +| `nodeSelector` | | `{}` | +| `tolerations` | | `[]` | +| `affinity` | | `{}` | +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) ```console helm repo add trino https://trinodb.github.io/charts/ ``` +<<<<<<< HEAD Run `helm search repo trino` to see the latest charts with the string `trino` in the name to get an output similar to the following: @@ -28,6 +66,10 @@ NAME CHART VERSION APP VERSION DESCRIPTION trino/trino 1.38.0 474 Fast distributed SQL query engine for big data ... trino/trino-gateway 1.15.1 15 A Helm chart for Trino Gateway ``` +======= +--- +_Documentation generated by [Frigate](https://frigate.readthedocs.io)._ +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) Use `helm search repo trino -l` for information about all available versions. @@ -94,3 +136,106 @@ you [install the pre-commit binary](https://pre-commit.com/#install), then run: pre-commit install pre-commit install-hooks ``` +======= +Trino +======= +Trino Community Kubernetes Helm Charts +>>>>>>> 83d9fad (New squashed commit) +=========== +[![CI/CD](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml/badge.svg?branch=main)](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml) + +A repository of Helm charts for the Trino community. The following charts are +included: + +* `trino/trino` for [Trino](https://trino.io/) +* `trino/trino-gateway` for [Trino Gateway](https://trinodb.github.io/trino-gateway) + +## Usage + +[Helm](https://helm.sh) must be installed to use the charts. +Refer to Helm's [documentation](https://helm.sh/docs/) to get started. + +Once Helm is set up properly, add the repo as follows: + +```console +helm repo add trino https://trinodb.github.io/charts/ +``` + +Run `helm search repo trino` to see the latest charts with the string `trino` in +the name to get an output similar to the following: + +``` +NAME CHART VERSION APP VERSION DESCRIPTION +trino/trino 1.37.0 470 Fast distributed SQL query engine for big data ... +trino/trino-gateway 1.13.2 13 A Helm chart for Trino Gateway +``` + +<<<<<<< HEAD +>>>>>>> 1cc98e4 (Initial commit) +======= +Use `helm search repo trino -l` for information about all available versions. + +After configuring your Kubernetes cluster, you can install Trino with the chart +`trino/trino` using: + +```console +helm install my-trino trino/trino --version 1.37.0 +``` + +Also, you can check the manifests using: + +```console +helm template my-trino trino/trino --namespace +``` + +Similarly install Trino Gateway with the `trino/trino-gateway` chart. + +## Documentation + +More information about Trino, Trino Gateway, and the charts is available in the +following resources: + +* [Trino Kubernetes documentation](https://trino.io/docs/current/installation/kubernetes.html) +* [trino/trino chart configuration](./charts/trino/README.md) +* [Trino documentation](https://trino.io/docs/current/index.html) +* [Trino Gateway Kubernetes documentation](https://trinodb.github.io/trino-gateway/installation/#helm) +* [trino/trino-gateway chart configuration](./charts/gateway/README.md) +* [Trino Gateway documentation](https://trinodb.github.io/trino-gateway) + +## Development + +To test the chart, install it into a Kubernetes cluster. Use `kind` to create a +Kubernetes cluster running in a container, and `chart-testing` to install the +chart and run [tests](charts/trino/templates/tests). + +```console +brew install helm kind chart-testing +kind create cluster +ct install +``` + +To run tests with specific values: +```console +ct install --helm-extra-set-args "--set image.tag=470" +``` + +Use the `test.sh` script to run a suite of tests, with different chart values. +If some of the tests fail, use the `-s` flag to skip cleanup and inspect the +resources installed in the Kubernetes cluster. Use `-n` to use a specific +namespace, not a randomly generated one. Use `-t` to run only selected tests. +See the command help (`-h`) for a list of available tests. + +Example: +```console +./test.sh -n trino -s -t default +``` + +The documentation is automatically generated from the chart files. Install a +git hook to have it automatically updated when committing changes. Make sure +you [install the pre-commit binary](https://pre-commit.com/#install), then run: + +```console +pre-commit install +pre-commit install-hooks +``` +>>>>>>> 83d9fad (New squashed commit) diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml index c4ae253c..47e406ac 100644 --- a/charts/gateway/Chart.yaml +++ b/charts/gateway/Chart.yaml @@ -2,8 +2,13 @@ apiVersion: v2 name: trino-gateway description: A Helm chart for Trino Gateway type: application +<<<<<<< HEAD version: "1.15.1" appVersion: "15" +======= +version: "1.13.2" +appVersion: "13" +>>>>>>> 83d9fad (New squashed commit) icon: https://trino.io/assets/images/logos/trino-gateway-small.png diff --git a/charts/gateway/README.md b/charts/gateway/README.md index 2025bcc2..47eee473 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -1,6 +1,10 @@ # trino-gateway +<<<<<<< HEAD ![Version: 1.15.1](https://img.shields.io/badge/Version-1.15.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 15](https://img.shields.io/badge/AppVersion-15-informational?style=flat-square) +======= +![Version: 1.13.2](https://img.shields.io/badge/Version-1.13.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 13](https://img.shields.io/badge/AppVersion-13-informational?style=flat-square) +>>>>>>> 83d9fad (New squashed commit) A Helm chart for Trino Gateway @@ -47,7 +51,15 @@ A Helm chart for Trino Gateway * `config.dataStore.password` - string, default: `"mysecretpassword"` * `config.dataStore.driver` - string, default: `"org.postgresql.Driver"` * `config.clusterStatsConfiguration.monitorType` - string, default: `"INFO_API"` +<<<<<<< HEAD * `command` - list, default: `["java","-XX:MinRAMPercentage=80.0","-XX:MaxRAMPercentage=80.0","-jar","/usr/lib/trino-gateway/gateway-ha-jar-with-dependencies.jar","/etc/trino-gateway/config.yaml"]` +======= +* `config.modules[0]` - string, default: `"io.trino.gateway.ha.module.HaGatewayProviderModule"` +* `config.modules[1]` - string, default: `"io.trino.gateway.ha.module.ClusterStateListenerModule"` +* `config.modules[2]` - string, default: `"io.trino.gateway.ha.module.ClusterStatsMonitorModule"` +* `config.managedApps[0]` - string, default: `"io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor"` +* `command` - list, default: `["java","-XX:MinRAMPercentage=80.0","-XX:MaxRAMPercentage=80.0","-jar","/usr/lib/trino/gateway-ha-jar-with-dependencies.jar","/etc/gateway/config.yaml"]` +>>>>>>> 83d9fad (New squashed commit) Startup command for Trino Gateway process. Add additional Java options and other modifications as desired. * `service` - object, default: `{"ports":[{"name":"gateway","protocol":"TCP"}],"type":"ClusterIP"}` diff --git a/charts/gateway/templates/deployment.yaml b/charts/gateway/templates/deployment.yaml index 1273a916..6362f356 100644 --- a/charts/gateway/templates/deployment.yaml +++ b/charts/gateway/templates/deployment.yaml @@ -65,7 +65,11 @@ spec: {{- end }} livenessProbe: httpGet: +<<<<<<< HEAD path: /trino-gateway/livez +======= + path: /trino-gateway +>>>>>>> 83d9fad (New squashed commit) port: {{ $probePort }} scheme: {{ $probeScheme }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} @@ -74,7 +78,11 @@ spec: timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: +<<<<<<< HEAD path: /trino-gateway/readyz +======= + path: /trino-gateway +>>>>>>> 83d9fad (New squashed commit) port: {{ $probePort }} scheme: {{ $probeScheme }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} @@ -84,17 +92,28 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: +<<<<<<< HEAD - name: {{ include "trino-gateway.fullname" . }}-configuration mountPath: "/etc/trino-gateway/config.yaml" +======= + - name: trino-gateway-configuration + mountPath: "/etc/gateway/config.yaml" +>>>>>>> 83d9fad (New squashed commit) subPath: "config.yaml" readOnly: true {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} volumes: +<<<<<<< HEAD - name: {{ include "trino-gateway.fullname" . }}-configuration secret: secretName: {{ include "trino-gateway.fullname" . }}-configuration +======= + - name: trino-gateway-configuration + secret: + secretName: trino-gateway-configuration +>>>>>>> 83d9fad (New squashed commit) optional: false {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/gateway/templates/secrets.yaml b/charts/gateway/templates/secrets.yaml index c3f6b330..caa2bbae 100644 --- a/charts/gateway/templates/secrets.yaml +++ b/charts/gateway/templates/secrets.yaml @@ -1,7 +1,11 @@ apiVersion: v1 kind: Secret metadata: +<<<<<<< HEAD name: {{ include "trino-gateway.fullname" . }}-configuration +======= + name: trino-gateway-configuration +>>>>>>> 83d9fad (New squashed commit) type: "Opaque" data: config.yaml: "{{toYaml .Values.config | b64enc}}" diff --git a/charts/gateway/templates/tests/test-connection.yaml b/charts/gateway/templates/tests/test-connection.yaml index 6130e220..17903a9c 100644 --- a/charts/gateway/templates/tests/test-connection.yaml +++ b/charts/gateway/templates/tests/test-connection.yaml @@ -9,6 +9,36 @@ metadata: annotations: "helm.sh/hook": test spec: +<<<<<<< HEAD +======= + initContainers: + - name: extract-persistence-sql + image: "trinodb/trino-gateway" + command: + - "/bin/sh" + - "-c" + - | + cd /etc/persistence && \ + jar -xvf /usr/lib/trino/gateway-ha-jar-with-dependencies.jar \ + gateway-ha-persistence-postgres.sql + volumeMounts: + - name: persistence-sql + mountPath: /etc/persistence + - name: initialize-db + image: bitnami/postgresql:17.1.0 + command: + - "/bin/sh" + - "-c" + - | + echo "Initialize gateway schema"; + PGPASSWORD=pass0000 psql \ + -h gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local \ + -U gateway -d gateway \ + -f /etc/persistence/gateway-ha-persistence-postgres.sql + volumeMounts: + - name: persistence-sql + mountPath: /etc/persistence +>>>>>>> 83d9fad (New squashed commit) containers: - name: curl image: alpine diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml index f434c517..2e2d7aea 100644 --- a/charts/gateway/values.yaml +++ b/charts/gateway/values.yaml @@ -43,6 +43,15 @@ config: driver: org.postgresql.Driver clusterStatsConfiguration: monitorType: INFO_API +<<<<<<< HEAD +======= + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor +>>>>>>> 83d9fad (New squashed commit) # -- Startup command for Trino Gateway process. Add additional Java options and other modifications as desired. command: @@ -50,8 +59,13 @@ command: - "-XX:MinRAMPercentage=80.0" - "-XX:MaxRAMPercentage=80.0" - "-jar" +<<<<<<< HEAD - "/usr/lib/trino-gateway/gateway-ha-jar-with-dependencies.jar" - "/etc/trino-gateway/config.yaml" +======= + - "/usr/lib/trino/gateway-ha-jar-with-dependencies.jar" + - "/etc/gateway/config.yaml" +>>>>>>> 83d9fad (New squashed commit) # -- Service for accessing the gateway. The contents of this dictionary are used # for the [service spec](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). diff --git a/charts/trino/Chart.yaml b/charts/trino/Chart.yaml index ccfba056..3f3f1d86 100644 --- a/charts/trino/Chart.yaml +++ b/charts/trino/Chart.yaml @@ -15,13 +15,29 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) +<<<<<<< HEAD +<<<<<<< HEAD version: 1.38.0 +======= +version: 1.37.0 +>>>>>>> 83d9fad (New squashed commit) +======= +version: 0.2.0 +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. +<<<<<<< HEAD # Same value as in values.yml#image.tag +<<<<<<< HEAD appVersion: "474" +======= +appVersion: "470" +>>>>>>> 83d9fad (New squashed commit) +======= +appVersion: "355" +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) icon: https://trino.io/assets/trino.png diff --git a/charts/trino/README.md b/charts/trino/README.md index 88b390bf..878a7fa9 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -1,6 +1,10 @@ # trino +<<<<<<< HEAD ![Version: 1.38.0](https://img.shields.io/badge/Version-1.38.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 474](https://img.shields.io/badge/AppVersion-474-informational?style=flat-square) +======= +![Version: 1.37.0](https://img.shields.io/badge/Version-1.37.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 470](https://img.shields.io/badge/AppVersion-470-informational?style=flat-square) +>>>>>>> 83d9fad (New squashed commit) Fast distributed SQL query engine for big data analytics that helps you explore your data universe @@ -12,6 +16,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore * ## Values +<<<<<<< HEAD * `nameOverride` - string, default: `nil` Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. @@ -176,6 +181,8 @@ Fast distributed SQL query engine for big data analytics that helps you explore autoscaling.keda.sh/paused-replicas: "0" autoscaling.keda.sh/paused: "true" ``` +======= +>>>>>>> 83d9fad (New squashed commit) * `accessControl` - object, default: `{}` [System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration. @@ -241,6 +248,478 @@ Fast distributed SQL query engine for big data analytics that helps you explore ] } ``` +<<<<<<< HEAD +======= +* `additionalCatalogs` - object, default: `{}` + + Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +* `additionalConfigProperties` - list, default: `[]` + + [Additional config properties](https://trino.io/docs/current/admin/properties.html). + Example: + ```yaml + - internal-communication.shared-secret=random-value-999 + - http-server.process-forwarded=true + ``` +* `additionalExchangeManagerProperties` - list, default: `[]` + + [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). + Example: + ```yaml + - exchange.s3.region=object-store-region + - exchange.s3.endpoint=your-object-store-endpoint + - exchange.s3.aws-access-key=your-access-key + - exchange.s3.aws-secret-key=your-secret-key + ``` +* `additionalLogProperties` - list, default: `[]` + + [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example: + ```yaml + - io.airlift=DEBUG + ``` +* `additionalNodeProperties` - list, default: `[]` + + [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example, assuming the NODE_ID environment variable has been set: + ```yaml + - node.id=${NODE_ID} + ``` +* `auth` - object, default: `{}` + + Available authentication methods. + Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): + ```yaml + passwordAuth: "username:encrypted-password-with-htpasswd" + ``` + Set the name of a secret containing this file in the password.db key + ```yaml + passwordAuthSecret: "trino-password-authentication" + ``` + Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): + ```yaml + refreshPeriod: 5s + groups: "group_name:user_1,user_2,user_3" + ``` + Set the name of a secret containing this file in the group.db key + ```yaml + groupAuthSecret: "trino-group-authentication" + ``` +* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` + + Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + Example: + ```yaml + objectstore: | + connector.name=iceberg + iceberg.catalog.type=glue + jmx: | + connector.name=memory + memory: | + connector.name=memory + memory.max-data-per-node=128MB + ``` +* `catalogsSecrets` - list, default: `[]` +* `commonLabels` - object, default: `{}` + + Labels that get applied to every resource's metadata +* `configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-map + path: /config-map/sample.json + subPath: sample.json + ``` +* `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` + + [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +* `containerSecurityContext.allowPrivilegeEscalation` - bool, default: `false` + + Control whether a process can gain more privileges than its parent process. +* `containerSecurityContext.capabilities.drop` - list, default: `["ALL"]` + + A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove the "CAP_" prefix which the kernel attaches to the names of permissions. +* `coordinator.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `coordinator.additionalExposedPorts` - object, default: `{}` + + Additional ports configured in the coordinator container and the service. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + nodePort: 30443 + protocol: TCP + ``` +* `coordinator.additionalJVMConfig` - list, default: `[]` +* `coordinator.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to the coordinator. + Example: + - name: extras + mountPath: /usr/share/extras + readOnly: true +* `coordinator.additionalVolumes` - list, default: `[]` + + One or more additional volumes to add to the coordinator. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `coordinator.affinity` - object, default: `{}` +* `coordinator.annotations` - object, default: `{}` +* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""` +* `coordinator.config.nodeScheduler.includeCoordinator` - bool, default: `false` + + Allows scheduling work on the coordinator so that a single machine can function as both coordinator and worker. For large clusters, processing work on the coordinator can negatively impact query performance because the machine's resources are not available for the critical coordinator tasks of scheduling, managing, and monitoring query execution. +* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `coordinator.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json + ``` +* `coordinator.deployment.annotations` - object, default: `{}` +* `coordinator.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `coordinator.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `coordinator.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `coordinator.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `coordinator.jvm.maxHeapSize` - string, default: `"8G"` +* `coordinator.labels` - object, default: `{}` +* `coordinator.lifecycle` - object, default: `{}` + + Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `coordinator.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) options + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.nodeSelector` - object, default: `{}` +* `coordinator.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `coordinator.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `coordinator.terminationGracePeriodSeconds` - int, default: `30` +* `coordinator.tolerations` - list, default: `[]` +* `coordinatorNameOverride` - string, default: `nil` +* `env` - list, default: `[]` + + additional environment variables added to every pod, specified as a list with explicit values + Example: + ```yaml + - name: NAME + value: "value" + ``` +* `envFrom` - list, default: `[]` + + additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references + Example: + ```yaml + - secretRef: + name: extra-secret + ``` +* `eventListenerProperties` - list, default: `[]` + + [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + Example: + ```yaml + - event-listener.name=custom-event-listener + - custom-property1=custom-value1 + - custom-property2=custom-value2 + ``` +* `image.digest` - string, default: `""` + + Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `image.registry` - string, default: `""` + + Image registry, defaults to empty, which results in DockerHub usage +* `image.repository` - string, default: `"trinodb/trino"` + + Repository location of the Trino image, typically `organization/imagename` +* `image.tag` - string, default: `""` + + Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml +* `image.useRepositoryAsSoleImageReference` - bool, default: `false` + + When true, only the content in `repository` is used as image reference +* `imagePullSecrets` - list, default: `[]` + + An optional list of references to secrets in the same namespace to use for pulling images. + Example: + ```yaml + imagePullSecrets: + - name: registry-credentials + ``` +* `ingress.annotations` - object, default: `{}` +* `ingress.className` - string, default: `""` +* `ingress.enabled` - bool, default: `false` +* `ingress.hosts` - list, default: `[]` + + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Example: + ```yaml + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific + ``` +* `ingress.tls` - list, default: `[]` + + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Example: + ```yaml + - secretName: chart-example-tls + hosts: + - chart-example.local + ``` +* `initContainers` - object, default: `{}` + + Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. + Example: + ```yaml + coordinator: + - name: init-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + worker: + - name: init-worker + image: busybox:1.28 + command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] + ``` +* `jmx.coordinator` - object, default: `{}` + + Override JMX configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + exporter: + enabled: true + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + ``` +* `jmx.enabled` - bool, default: `false` + + Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). +* `jmx.exporter.configProperties` - string, default: `""` + + The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + Example: + ```yaml + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + lowercaseOutputName: false + lowercaseOutputLabelNames: false + includeObjectNames: ["java.lang:type=Threading"] + autoExcludeObjectNameAttributes: true + excludeObjectNameAttributes: + "java.lang:type=OperatingSystem": + - "ObjectName" + "java.lang:type=Runtime": + - "ClassPath" + - "SystemProperties" + rules: + - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + name: java_lang_Threading_ThreadCount + value: '$2' + help: 'ThreadCount (java.lang<>ThreadCount)' + type: UNTYPED + ``` +* `jmx.exporter.enabled` - bool, default: `false` + + Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption +* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:1.0.1"` +* `jmx.exporter.port` - int, default: `5556` +* `jmx.exporter.pullPolicy` - string, default: `"Always"` +* `jmx.exporter.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `jmx.exporter.securityContext` - object, default: `{}` +* `jmx.registryPort` - int, default: `9080` +* `jmx.serverPort` - int, default: `9081` +* `jmx.worker` - object, default: `{}` + + Override JMX configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + exporter: + enabled: true + ``` +* `kafka.mountPath` - string, default: `"/etc/trino/schemas"` +* `kafka.tableDescriptions` - object, default: `{}` + + Custom kafka table descriptions that will be mounted in mountPath. + Example: + ```yaml + testschema.json: |- + { + "tableName": "testtable", + "schemaName": "testschema", + "topicName": "testtopic", + "key": { + "dataFormat": "json", + "fields": [ + { + "name": "_key", + "dataFormat": "VARCHAR", + "type": "VARCHAR", + "hidden": "false" + } + ] + }, + "message": { + "dataFormat": "json", + "fields": [ + { + "name": "id", + "mapping": "id", + "type": "BIGINT" + }, + { + "name": "test_field", + "mapping": "test_field", + "type": "VARCHAR" + } + ] + } + } + ``` +* `ldapSecrets` - list, default: `[]` +* `nameOverride` - string, default: `nil` + + Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. + Example: + ```yaml + coordinatorNameOverride: trino-coordinator-adhoc + workerNameOverride: trino-worker-adhoc + nameOverride: trino-adhoc + ``` +* `networkPolicy.egress` - list, default: `[]` + + Egress rules to apply to the Trino pods. + Example: + ```yaml + - to: + - podSelector: + matchLabels: + role: log-ingestor + ports: + - protocol: TCP + port: 9999 + ``` +* `networkPolicy.enabled` - bool, default: `false` + + Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + > [!NOTE] + > - NetworkPolicies cannot block the ingress traffic coming directly + > from the Kubernetes node on which the Pod is running, + > and are thus incompatible with services of type `NodePort`. + > - When using NetworkPolicies together with JMX metrics export, + > additional ingress rules might be required to allow metric scraping. +* `networkPolicy.ingress` - list, default: `[]` + + Additional ingress rules to apply to the Trino pods. + Example: + ```yaml + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus + - podSelector: + matchLabels: + role: backend-app + ports: + - protocol: TCP + port: 8080 + - protocol: TCP + port: 5556 + ``` +>>>>>>> 83d9fad (New squashed commit) * `resourceGroups` - object, default: `{}` [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) @@ -317,95 +796,291 @@ Fast distributed SQL query engine for big data analytics that helps you explore ] } ``` +<<<<<<< HEAD * `additionalNodeProperties` - list, default: `[]` - [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). - Example, assuming the NODE_ID environment variable has been set: - ```yaml - - node.id=${NODE_ID} - ``` -* `additionalConfigProperties` - list, default: `[]` + [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example, assuming the NODE_ID environment variable has been set: + ```yaml + - node.id=${NODE_ID} + ``` +* `additionalConfigProperties` - list, default: `[]` + + [Additional config properties](https://trino.io/docs/current/admin/properties.html). + Example: + ```yaml + - internal-communication.shared-secret=random-value-999 + - http-server.process-forwarded=true + ``` +* `additionalLogProperties` - list, default: `[]` + + [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example: + ```yaml + - io.airlift=DEBUG + ``` +* `additionalExchangeManagerProperties` - list, default: `[]` + + [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). + Example: + ```yaml + - exchange.s3.region=object-store-region + - exchange.s3.endpoint=your-object-store-endpoint + - exchange.s3.aws-access-key=your-access-key + - exchange.s3.aws-secret-key=your-secret-key + ``` +* `eventListenerProperties` - list, default: `[]` + + [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + Example: + ```yaml + - event-listener.name=custom-event-listener + - custom-property1=custom-value1 + - custom-property2=custom-value2 + ``` +* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` + + Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + Example: + ```yaml + objectstore: | + connector.name=iceberg + iceberg.catalog.type=glue + jmx: | + connector.name=memory + memory: | + connector.name=memory + memory.max-data-per-node=128MB + ``` +* `additionalCatalogs` - object, default: `{}` + + Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +* `env` - list, default: `[]` + + additional environment variables added to every pod, specified as a list with explicit values + Example: + ```yaml + - name: NAME + value: "value" + ``` +* `envFrom` - list, default: `[]` + + additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references + Example: + ```yaml + - secretRef: + name: extra-secret + ``` +* `initContainers` - object, default: `{}` + + Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. + Example: + ```yaml + coordinator: + - name: init-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + worker: + - name: init-worker + image: busybox:1.28 + command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] + ``` +======= +* `secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + - name: catalogs + secretName: catalogs + path: /etc/trino/catalog + - name: ldap + secretName: ldap + path: /etc/trino/ldap + ``` +* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` + + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `server.autoscaling` - object, default: `{"behavior":{},"enabled":false,"maxReplicas":5,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":80}` + + Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for workers (`server.keda.enabled` must be `false`). +* `server.autoscaling.behavior` - object, default: `{}` + + Configuration for scaling up and down. + Example: + ```yaml + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + scaleUp: + stabilizationWindowSeconds: 0 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + - type: Pods + value: 4 + periodSeconds: 15 + selectPolicy: Max + ``` +* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `server.config.authenticationType` - string, default: `""` + + Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. +* `server.config.https.enabled` - bool, default: `false` +* `server.config.https.keystore.path` - string, default: `""` +* `server.config.https.port` - int, default: `8443` +* `server.config.path` - string, default: `"/etc/trino"` +* `server.config.query.maxMemory` - string, default: `"4GB"` +* `server.coordinatorExtraConfig` - string, default: `""` +* `server.exchangeManager` - object, default: `{}` - [Additional config properties](https://trino.io/docs/current/admin/properties.html). + Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. Example: ```yaml - - internal-communication.shared-secret=random-value-999 - - http-server.process-forwarded=true + server: + exchangeManager: + name: "filesystem" + baseDir: + - "/tmp/trino-local-file-system-exchange-manager" + additionalConfigProperties: + - retry-policy=TASK + additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 ``` -* `additionalLogProperties` - list, default: `[]` +* `server.keda` - object, default: `{"advanced":{},"annotations":{},"cooldownPeriod":300,"enabled":false,"fallback":{},"initialCooldownPeriod":0,"maxReplicaCount":5,"minReplicaCount":0,"pollingInterval":30,"triggers":[]}` - [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). - Example: - ```yaml - - io.airlift=DEBUG - ``` -* `additionalExchangeManagerProperties` - list, default: `[]` + Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers (`server.autoscaling.enabled` must be `false`). +* `server.keda.advanced` - object, default: `{}` - [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). + Specifies HPA related options Example: ```yaml - - exchange.s3.region=object-store-region - - exchange.s3.endpoint=your-object-store-endpoint - - exchange.s3.aws-access-key=your-access-key - - exchange.s3.aws-secret-key=your-secret-key + advanced: + horizontalPodAutoscalerConfig: + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 ``` -* `eventListenerProperties` - list, default: `[]` +* `server.keda.annotations` - object, default: `{}` - [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + Annotations to apply to the ScaledObject CRD. Example: ```yaml - - event-listener.name=custom-event-listener - - custom-property1=custom-value1 - - custom-property2=custom-value2 + annotations: + autoscaling.keda.sh/paused-replicas: "0" + autoscaling.keda.sh/paused: "true" ``` -* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` +* `server.keda.cooldownPeriod` - int, default: `300` - Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 +* `server.keda.fallback` - object, default: `{}` + + Defines a number of replicas to fall back to if a scaler is in an error state. Example: ```yaml - objectstore: | - connector.name=iceberg - iceberg.catalog.type=glue - jmx: | - connector.name=memory - memory: | - connector.name=memory - memory.max-data-per-node=128MB + fallback: # Optional. Section to specify fallback options + failureThreshold: 3 # Mandatory if fallback section is included + replicas: 6 # Mandatory if fallback section is included ``` -* `additionalCatalogs` - object, default: `{}` +* `server.keda.initialCooldownPeriod` - int, default: `0` - Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). -* `env` - list, default: `[]` + The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. +* `server.keda.maxReplicaCount` - int, default: `5` - additional environment variables added to every pod, specified as a list with explicit values + This setting is passed to the HPA definition that KEDA will create for a given resource and holds the maximum number of replicas of the target resource. +* `server.keda.minReplicaCount` - int, default: `0` + + Minimum number of replicas KEDA will scale the resource down to. By default, it’s scale to zero, but you can use it with some other value as well. +* `server.keda.triggers` - list, default: `[]` + + List of triggers to activate scaling of the target resource Example: ```yaml - - name: NAME - value: "value" + triggers: + - type: prometheus + metricType: Value + metadata: + serverAddress: "http://prometheus.example.com" + threshold: "1" + metricName: required_workers + query: >- + sum by (service) + (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) ``` -* `envFrom` - list, default: `[]` +* `server.log.trino.level` - string, default: `"INFO"` +* `server.node.dataDir` - string, default: `"/data/trino"` +* `server.node.environment` - string, default: `"production"` +* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"` +* `server.workerExtraConfig` - string, default: `""` +* `server.workers` - int, default: `2` +* `service.annotations` - object, default: `{}` +* `service.nodePort` - string, default: `""` - additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references - Example: + The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). +* `service.port` - int, default: `8080` +* `service.type` - string, default: `"ClusterIP"` +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `serviceAccount.create` - bool, default: `false` + + Specifies whether a service account should be created +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template +* `serviceMonitor.apiVersion` - string, default: `"monitoring.coreos.com/v1"` +* `serviceMonitor.coordinator` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino coordinator. + Example ```yaml - - secretRef: - name: extra-secret + coordinator: + enabled: true + labels: + prometheus: my-prometheus ``` -* `initContainers` - object, default: `{}` +* `serviceMonitor.enabled` - bool, default: `false` - Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. - Example: + Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). +* `serviceMonitor.interval` - string, default: `"30s"` + + The serviceMonitor web endpoint interval +* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}` + + Labels for serviceMonitor, so that Prometheus can select it +* `serviceMonitor.worker` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino workers. + Example ```yaml - coordinator: - - name: init-coordinator - image: busybox:1.28 - imagePullPolicy: IfNotPresent - command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] - worker: - - name: init-worker - image: busybox:1.28 - command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] + worker: + enabled: true + labels: + prometheus: my-prometheus ``` +* `shareProcessNamespace.coordinator` - bool, default: `false` +* `shareProcessNamespace.worker` - bool, default: `false` +>>>>>>> 83d9fad (New squashed commit) * `sidecarContainers` - object, default: `{}` Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run. @@ -422,6 +1097,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore imagePullPolicy: IfNotPresent command: ['sleep', '1'] ``` +<<<<<<< HEAD * `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). @@ -570,6 +1246,9 @@ Fast distributed SQL query engine for big data analytics that helps you explore * `coordinator.tolerations` - list, default: `[]` * `coordinator.affinity` - object, default: `{}` * `coordinator.additionalConfigFiles` - object, default: `{}` +======= +* `worker.additionalConfigFiles` - object, default: `{}` +>>>>>>> 83d9fad (New squashed commit) Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. Example: @@ -577,14 +1256,42 @@ Fast distributed SQL query engine for big data analytics that helps you explore secret.txt: | secret-value={{- .Values.someValue }} ``` +<<<<<<< HEAD * `coordinator.additionalVolumes` - list, default: `[]` One or more additional volumes to add to the coordinator. +======= +* `worker.additionalExposedPorts` - object, default: `{}` + + Additional container ports configured in all worker pods. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + ``` +* `worker.additionalJVMConfig` - list, default: `[]` +* `worker.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + mountPath: /usr/share/extras + readOnly: true + ``` +* `worker.additionalVolumes` - list, default: `[]` + + One or more additional volume mounts to add to all workers. +>>>>>>> 83d9fad (New squashed commit) Example: ```yaml - name: extras emptyDir: {} ``` +<<<<<<< HEAD * `coordinator.additionalVolumeMounts` - list, default: `[]` One or more additional volume mounts to add to the coordinator. @@ -613,6 +1320,21 @@ Fast distributed SQL query engine for big data analytics that helps you explore secretName: sample-secret path: /secrets/sample.json subPath: sample.json +======= +* `worker.affinity` - object, default: `{}` +* `worker.annotations` - object, default: `{}` +* `worker.config.memory.heapHeadroomPerNode` - string, default: `""` +* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `worker.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json +>>>>>>> 83d9fad (New squashed commit) ``` * `worker.deployment.annotations` - object, default: `{}` * `worker.deployment.progressDeadlineSeconds` - int, default: `600` @@ -624,6 +1346,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore * `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` The deployment strategy to use to replace existing pods with new ones. +<<<<<<< HEAD * `worker.jvm.maxHeapSize` - string, default: `"8G"` * `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` * `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` @@ -640,6 +1363,52 @@ Fast distributed SQL query engine for big data analytics that helps you explore name: https port: 8443 protocol: TCP +======= +* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}` + + Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually. + Example: + ```yaml + gracefulShutdown: + enabled: true + gracePeriodSeconds: 120 + ``` +* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `worker.jvm.maxHeapSize` - string, default: `"8G"` +* `worker.labels` - object, default: `{}` +* `worker.lifecycle` - object, default: `{}` + + Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `worker.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.nodeSelector` - object, default: `{}` +* `worker.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +>>>>>>> 83d9fad (New squashed commit) ``` * `worker.resources` - object, default: `{}` @@ -653,6 +1422,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore cpu: 100m memory: 128Mi ``` +<<<<<<< HEAD * `worker.livenessProbe` - object, default: `{}` [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) @@ -734,6 +1504,8 @@ Fast distributed SQL query engine for big data analytics that helps you explore path: /config-mount/sample.json subPath: sample.json ``` +======= +>>>>>>> 83d9fad (New squashed commit) * `worker.secretMounts` - list, default: `[]` Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes. @@ -744,6 +1516,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore path: /secrets/sample.json subPath: sample.json ``` +<<<<<<< HEAD * `kafka.mountPath` - string, default: `"/etc/trino/schemas"` * `kafka.tableDescriptions` - object, default: `{}` @@ -956,6 +1729,11 @@ Fast distributed SQL query engine for big data analytics that helps you explore - protocol: TCP port: 9999 ``` +======= +* `worker.terminationGracePeriodSeconds` - int, default: `30` +* `worker.tolerations` - list, default: `[]` +* `workerNameOverride` - string, default: `nil` +>>>>>>> 83d9fad (New squashed commit) ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/trino/cenko.yaml b/charts/trino/cenko.yaml new file mode 100644 index 00000000..9ad9c742 --- /dev/null +++ b/charts/trino/cenko.yaml @@ -0,0 +1,425 @@ +--- +# Source: trino/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: "catalogs" +data: + mariadb.properties: + Y29ubmVjdG9yLm5hbWU9bWFyaWFkYgpjb25uZWN0aW9uLXVzZXI9CmNvbm5lY3Rpb24tdXJsPQpjb25uZWN0aW9uLXBhc3N3b3JkPQo= + postgresql.properties: + Y29ubmVjdG9yLm5hbWU9cG9zdGdyZXNxbApjb25uZWN0aW9uLXVzZXI9CmNvbm5lY3Rpb24tdXJsPQpwb3N0Z3Jlc3FsLmFycmF5LW1hcHBpbmc9CmNvbm5lY3Rpb24tcGFzc3dvcmQ9Cg== +type: Opaque +--- +# Source: trino/templates/configmap-coordinator.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-coordinator + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator +data: + node.properties: | + node.environment=production + node.data-dir=/data/trino + plugin.dir=/usr/lib/trino/plugin + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx8G + -XX:+UseG1GC + -XX:G1HeapRegionSize=32M + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + + config.properties: | + coordinator=true + node-scheduler.include-coordinator=false + http-server.http.port=8080 + query.max-memory=4GB + query.max-memory-per-node=1GB + discovery.uri=http://localhost:8080 + + log.properties: | + io.trino=INFO +--- +# Source: trino/templates/configmap-coordinator.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-schemas-volume-coordinator + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator +data: +--- +# Source: trino/templates/configmap-worker.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker +data: + node.properties: | + node.environment=production + node.data-dir=/data/trino + plugin.dir=/usr/lib/trino/plugin + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx8G + -XX:+UseG1GC + -XX:G1HeapRegionSize=32M + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + + config.properties: | + coordinator=false + http-server.http.port=8080 + query.max-memory=4GB + query.max-memory-per-node=1GB + discovery.uri=http://release-name-trino:8080 + + log.properties: | + io.trino=INFO +--- +# Source: trino/templates/configmap-worker.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-trino-schemas-volume-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker +data: +--- +# Source: trino/templates/service-coordinator.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-trino + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator + annotations: + {} +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: coordinator +--- +# Source: trino/templates/service-worker.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-trino-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker + annotations: + {} +spec: + clusterIP: None + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: worker +--- +# Source: trino/templates/deployment-coordinator.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-trino-coordinator + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: disabled + annotations: + {} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: coordinator + template: + metadata: + annotations: + checksum/coordinator-config: 40751d21000a49da8ca8810cbffafd533666be33fdd78b1f93421fa9f5b37a6c + + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: disabled + spec: + serviceAccountName: default + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + volumes: + - name: config-volume + configMap: + name: release-name-trino-coordinator + - name: schemas-volume + configMap: + name: release-name-trino-schemas-volume-coordinator + terminationGracePeriodSeconds: 30 + containers: + - name: trino-coordinator + image: trinodb/trino:470 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + [] + envFrom: + [] + volumeMounts: + - mountPath: /etc/trino + name: config-volume + - mountPath: /etc/trino/schemas + name: schemas-volume + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + lifecycle: + {} + resources: + {} +--- +# Source: trino/templates/deployment-worker.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-trino-worker + namespace: default + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker + trino.io/network-policy-protection: disabled + annotations: + {} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/component: worker + template: + metadata: + annotations: + checksum/worker-config: e580771155dcd8953af6dc546e698fd7af4c3b5510b489c6b4463bcec072dda7 + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: worker + trino.io/network-policy-protection: disabled + spec: + serviceAccountName: default + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + volumes: + - name: config-volume + configMap: + name: release-name-trino-worker + - name: schemas-volume + configMap: + name: release-name-trino-schemas-volume-worker + terminationGracePeriodSeconds: 30 + containers: + - name: trino-worker + image: trinodb/trino:470 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + env: + [] + envFrom: + [] + volumeMounts: + - mountPath: /etc/trino + name: config-volume + - mountPath: /etc/trino/schemas + name: schemas-volume + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + lifecycle: + resources: + {} +--- +# Source: trino/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: release-name-trino-test-connection + labels: + helm.sh/chart: trino-1.37.0 + app.kubernetes.io/name: trino + app.kubernetes.io/instance: release-name + app.kubernetes.io/version: "470" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + containers: + - name: cli + image: trinodb/trino:470 + command: ['trino'] + args: + - trino://release-name-trino:8080 + - --user=admin + - --debug + - --execute=SELECT COUNT(*) FROM tpch.tiny.nation + - --no-progress + restartPolicy: Never diff --git a/charts/trino/templates/NOTES.txt b/charts/trino/templates/NOTES.txt index 515512a0..d343b0b4 100644 --- a/charts/trino/templates/NOTES.txt +++ b/charts/trino/templates/NOTES.txt @@ -4,6 +4,12 @@ Get the application URL by running these commands: export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "ClusterIP" .Values.service.type }} +<<<<<<< HEAD kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ template "trino.fullname" . }} 8080:{{ .Values.service.port }} echo "Visit http://127.0.0.1:8080 to use your application" +======= + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} --selector "app.kubernetes.io/name={{ template "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=coordinator" --output name) + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:8080 +>>>>>>> 83d9fad (New squashed commit) {{- end }} diff --git a/charts/trino/templates/_helpers.tpl b/charts/trino/templates/_helpers.tpl index e6023abd..0c47129a 100644 --- a/charts/trino/templates/_helpers.tpl +++ b/charts/trino/templates/_helpers.tpl @@ -16,8 +16,13 @@ If release name contains chart name it will be used as a full name. {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} +<<<<<<< HEAD {{- if hasPrefix .Release.Name $name }} {{- $name | trunc 63 | trimSuffix "-" }} +======= +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) {{- else }} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- end }} @@ -36,10 +41,17 @@ Create chart name and version as used by the chart label. {{- .Values.coordinatorNameOverride | trunc 63 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} +<<<<<<< HEAD {{- if hasPrefix .Release.Name $name }} {{- printf "%s-%s" $name "coordinator" | trunc 63 | trimSuffix "-" }} {{- else }} {{- printf "%s-%s-%s" .Release.Name $name "coordinator" | trunc 63 | trimSuffix "-" }} +======= +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }}-coordinator +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}-coordinator +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) {{- end }} {{- end }} {{- end }} @@ -49,10 +61,17 @@ Create chart name and version as used by the chart label. {{- .Values.workerNameOverride | trunc 63 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} +<<<<<<< HEAD {{- if hasPrefix .Release.Name $name }} {{- printf "%s-%s" $name "worker" | trunc 63 | trimSuffix "-" }} {{- else }} {{- printf "%s-%s-%s" .Release.Name $name "worker" | trunc 63 | trimSuffix "-" }} +======= +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }}-worker +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}-worker +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) {{- end }} {{- end }} {{- end }} @@ -61,6 +80,7 @@ Create chart name and version as used by the chart label. {{- define "trino.catalog" -}} {{ template "trino.fullname" . }}-catalog {{- end -}} +<<<<<<< HEAD {{/* Common labels @@ -155,3 +175,5 @@ Create the secret name for the group-provider file {{- end }} {{- end }} {{- end }} +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) diff --git a/charts/trino/templates/configmap-catalog.yaml b/charts/trino/templates/configmap-catalog.yaml index 0a148ca8..759ae5aa 100644 --- a/charts/trino/templates/configmap-catalog.yaml +++ b/charts/trino/templates/configmap-catalog.yaml @@ -1,8 +1,16 @@ +<<<<<<< HEAD +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= +{{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) apiVersion: v1 kind: ConfigMap metadata: name: {{ template "trino.catalog" . }} +<<<<<<< HEAD namespace: {{ .Release.Namespace }} labels: {{- include "trino.labels" . | nindent 4 }} @@ -14,3 +22,24 @@ data: {{- $catalogProperties | nindent 4 }} {{- end }} {{- end }} +======= + labels: + app: {{ template "trino.name" . }} + chart: {{ template "trino.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: catalogs +data: + tpch.properties: | + connector.name=tpch + tpch.splits-per-node=4 + tpcds.properties: | + connector.name=tpcds + tpcds.splits-per-node=4 +{{- range $catalogName, $catalogProperties := .Values.additionalCatalogs }} + {{ $catalogName }}.properties: | + {{- $catalogProperties | nindent 4 }} +{{- end }} + + +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml index ef822dcc..f18dad08 100644 --- a/charts/trino/templates/configmap-coordinator.yaml +++ b/charts/trino/templates/configmap-coordinator.yaml @@ -1,15 +1,34 @@ +<<<<<<< HEAD {{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) apiVersion: v1 kind: ConfigMap metadata: name: {{ template "trino.coordinator" . }} +<<<<<<< HEAD namespace: {{ .Release.Namespace }} labels: {{- include "trino.labels" . | nindent 4 }} app.kubernetes.io/component: coordinator data: node.properties: | +<<<<<<< HEAD node.environment={{ tpl .Values.server.node.environment . }} +======= + node.environment={{ .Values.server.node.environment }} +>>>>>>> 83d9fad (New squashed commit) +======= + labels: + app: {{ template "trino.name" . }} + chart: {{ template "trino.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: coordinator +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) node.data-dir={{ .Values.server.node.dataDir }} plugin.dir={{ .Values.server.node.pluginDir }} {{- range $configValue := .Values.additionalNodeProperties }} @@ -18,6 +37,7 @@ data: jvm.config: | -server +<<<<<<< HEAD -agentpath:/usr/lib/trino/bin/libjvmkill.so -Xmx{{ .Values.coordinator.jvm.maxHeapSize }} -XX:+{{ .Values.coordinator.jvm.gcMethod.type }} @@ -125,6 +145,42 @@ data: {{ $configValue }} {{- end }} {{- end }} +======= + -Xmx{{ .Values.server.jvm.maxHeapSize }} + -XX:+{{ .Values.server.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.server.jvm.gcMethod.g1.heapRegionSize }} + -XX:+UseGCOverheadLimit + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -Djdk.attach.allowAttachSelf=true + -XX:-UseBiasedLocking + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.nio.maxCachedBufferSize=2000000 + {{- range $configValue := .Values.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + + config.properties: | + coordinator=true +{{- if gt (int .Values.server.workers) 0 }} + node-scheduler.include-coordinator=false +{{- else }} + node-scheduler.include-coordinator=true +{{- end }} + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} + query.max-total-memory-per-node={{ .Values.server.config.query.maxTotalMemoryPerNode }} + memory.heap-headroom-per-node={{ .Values.server.config.memory.heapHeadroomPerNode }} + discovery-server.enabled=true + discovery.uri=http://localhost:{{ .Values.service.port }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) log.properties: | io.trino={{ .Values.server.log.trino.level }} @@ -132,6 +188,7 @@ data: {{ $configValue }} {{- end }} +<<<<<<< HEAD {{- if contains "PASSWORD" .Values.server.config.authenticationType }}{{- if not (index .Values.coordinator.additionalConfigFiles "password-authenticator.properties") }} password-authenticator.properties: | password-authenticator.name=file @@ -185,3 +242,6 @@ data: {{- range $key, $val := .Values.kafka.tableDescriptions }} {{ $key }}: {{ $val | quote }} {{- end }} +======= +--- +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) diff --git a/charts/trino/templates/configmap-worker.yaml b/charts/trino/templates/configmap-worker.yaml index 85236301..ce65864d 100644 --- a/charts/trino/templates/configmap-worker.yaml +++ b/charts/trino/templates/configmap-worker.yaml @@ -1,16 +1,36 @@ +<<<<<<< HEAD {{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} {{- if or .Values.server.keda.enabled (gt (int .Values.server.workers) 0) }} +======= +{{- if gt (int .Values.server.workers) 0 }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) apiVersion: v1 kind: ConfigMap metadata: name: {{ template "trino.worker" . }} +<<<<<<< HEAD namespace: {{ .Release.Namespace }} labels: {{- include "trino.labels" . | nindent 4 }} app.kubernetes.io/component: worker data: node.properties: | +<<<<<<< HEAD node.environment={{ tpl .Values.server.node.environment . }} +======= + node.environment={{ .Values.server.node.environment }} +>>>>>>> 83d9fad (New squashed commit) +======= + labels: + app: {{ template "trino.name" . }} + chart: {{ template "trino.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: worker +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) node.data-dir={{ .Values.server.node.dataDir }} plugin.dir={{ .Values.server.node.pluginDir }} {{- range $configValue := .Values.additionalNodeProperties }} @@ -19,6 +39,7 @@ data: jvm.config: | -server +<<<<<<< HEAD -agentpath:/usr/lib/trino/bin/libjvmkill.so -Xmx{{ .Values.worker.jvm.maxHeapSize }} -XX:+{{ .Values.worker.jvm.gcMethod.type }} @@ -48,11 +69,30 @@ data: {{- if $workerJmx.enabled }} -Dcom.sun.management.jmxremote.rmi.port={{- $workerJmx.serverPort }} {{- end }} +======= + -Xmx{{ .Values.server.jvm.maxHeapSize }} + -XX:+{{ .Values.server.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.server.jvm.gcMethod.g1.heapRegionSize }} + -XX:+UseGCOverheadLimit + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -Djdk.attach.allowAttachSelf=true + -XX:-UseBiasedLocking + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.nio.maxCachedBufferSize=2000000 + {{- range $configValue := .Values.additionalJVMConfig }} + {{ $configValue }} + {{- end }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) config.properties: | coordinator=false http-server.http.port={{ .Values.service.port }} query.max-memory={{ .Values.server.config.query.maxMemory }} +<<<<<<< HEAD query.max-memory-per-node={{ .Values.worker.config.query.maxMemoryPerNode }} {{- if .Values.worker.config.memory.heapHeadroomPerNode }} memory.heap-headroom-per-node={{ .Values.worker.config.memory.heapHeadroomPerNode }} @@ -86,6 +126,15 @@ data: {{ $configValue }} {{- end }} {{- end }} +======= + query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} + query.max-total-memory-per-node={{ .Values.server.config.query.maxTotalMemoryPerNode }} + memory.heap-headroom-per-node={{ .Values.server.config.memory.heapHeadroomPerNode }} + discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) log.properties: | io.trino={{ .Values.server.log.trino.level }} @@ -93,6 +142,7 @@ data: {{ $configValue }} {{- end }} +<<<<<<< HEAD {{ if .Values.eventListenerProperties }} event-listener.properties: | {{- range $configValue := .Values.eventListenerProperties }} @@ -117,4 +167,6 @@ data: {{- range $key, $val := .Values.kafka.tableDescriptions }} {{ $key }}: {{ $val | quote }} {{- end }} +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) {{- end }} diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 7b2e4c09..965249b6 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -1,8 +1,12 @@ +<<<<<<< HEAD {{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "trino.coordinator" . }} +<<<<<<< HEAD namespace: {{ .Release.Namespace }} labels: {{- include "trino.labels" . | nindent 4 }} @@ -28,7 +32,11 @@ spec: {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} {{- end }} +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} {{- end }} checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }} @@ -51,12 +59,42 @@ spec: {{- end }} {{- if .Values.shareProcessNamespace.coordinator }} shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }} +======= + labels: + app: {{ template "trino.name" . }} + chart: {{ template "trino.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: coordinator +spec: + selector: + matchLabels: + app: {{ template "trino.name" . }} + release: {{ .Release.Name }} + component: coordinator + template: + metadata: + labels: + app: {{ template "trino.name" . }} + release: {{ .Release.Name }} + component: coordinator + spec: + {{- with .Values.securityContext }} + securityContext: + runAsUser: {{ .runAsUser }} + runAsGroup: {{ .runAsGroup }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) {{- end }} volumes: - name: config-volume configMap: name: {{ template "trino.coordinator" . }} +<<<<<<< HEAD +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) - name: catalog-volume configMap: name: {{ template "trino.catalog" . }} @@ -140,7 +178,11 @@ spec: volumeMounts: - mountPath: {{ .Values.server.config.path }} name: config-volume +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) - mountPath: {{ .Values.server.config.path }}/catalog name: catalog-volume {{- end }} @@ -193,10 +235,27 @@ spec: {{- with .Values.coordinator.additionalVolumeMounts }} {{- . | toYaml | nindent 12 }} {{- end }} +======= + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + imagePullSecrets: + - name: registry-credentials + containers: + - name: {{ .Chart.Name }}-coordinator + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP +<<<<<<< HEAD {{- if $coordinatorJmx.enabled }} - name: jmx-registry containerPort: {{ $coordinatorJmx.registryPort }} @@ -210,10 +269,13 @@ spec: containerPort: {{ $value.port }} protocol: {{ $value.protocol }} {{- end }} +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) livenessProbe: httpGet: path: /v1/info port: http +<<<<<<< HEAD initialDelaySeconds: {{ .Values.coordinator.livenessProbe.initialDelaySeconds | default 30 }} periodSeconds: {{ .Values.coordinator.livenessProbe.periodSeconds | default 10 }} timeoutSeconds: {{ .Values.coordinator.livenessProbe.timeoutSeconds | default 5 }} @@ -262,6 +324,23 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.coordinator.tolerations }} +======= + readinessProbe: + httpGet: + path: /v1/info + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index 7ffe7035..00f31640 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -1,9 +1,14 @@ +<<<<<<< HEAD {{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} {{- if or .Values.server.keda.enabled (gt (int .Values.server.workers) 0) }} +======= +{{- if gt (int .Values.server.workers) 0 }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "trino.worker" . }} +<<<<<<< HEAD namespace: {{ .Release.Namespace }} labels: {{- include "trino.labels" . | nindent 4 }} @@ -29,7 +34,11 @@ spec: template: metadata: annotations: +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} {{- end }} checksum/worker-config: {{ include (print $.Template.BasePath "/configmap-worker.yaml") . | sha256sum }} @@ -55,11 +64,38 @@ spec: {{- if .Values.shareProcessNamespace.worker }} shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }} {{- end }} +======= + labels: + app: {{ template "trino.name" . }} + chart: {{ template "trino.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: worker +spec: + replicas: {{ .Values.server.workers }} + selector: + matchLabels: + app: {{ template "trino.name" . }} + release: {{ .Release.Name }} + component: worker + template: + metadata: + labels: + app: {{ template "trino.name" . }} + release: {{ .Release.Name }} + component: worker + spec: +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) volumes: - name: config-volume configMap: name: {{ template "trino.worker" . }} +<<<<<<< HEAD +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) - name: catalog-volume configMap: name: {{ template "trino.catalog" . }} @@ -126,7 +162,11 @@ spec: volumeMounts: - mountPath: {{ .Values.server.config.path }} name: config-volume +<<<<<<< HEAD {{- if or .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +======= + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} +>>>>>>> 83d9fad (New squashed commit) - mountPath: {{ .Values.server.config.path }}/catalog name: catalog-volume {{- end }} @@ -167,10 +207,27 @@ spec: {{- with .Values.worker.additionalVolumeMounts }} {{- . | toYaml | nindent 12 }} {{- end }} +======= + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + imagePullSecrets: + - name: registry-credentials + containers: + - name: {{ .Chart.Name }}-worker + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP +<<<<<<< HEAD {{- if $workerJmx.enabled }} - name: jmx-registry containerPort: {{ $workerJmx.registryPort }} @@ -184,10 +241,13 @@ spec: containerPort: {{ $value.port }} protocol: {{ $value.protocol }} {{- end }} +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) livenessProbe: httpGet: path: /v1/info port: http +<<<<<<< HEAD initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds | default 30 }} periodSeconds: {{ .Values.worker.livenessProbe.periodSeconds | default 10 }} timeoutSeconds: {{ .Values.worker.livenessProbe.timeoutSeconds | default 5 }} @@ -253,6 +313,23 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.worker.tolerations }} +======= + readinessProbe: + httpGet: + path: /v1/info + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml index 6f908ec0..5e73c502 100644 --- a/charts/trino/templates/secret.yaml +++ b/charts/trino/templates/secret.yaml @@ -25,3 +25,34 @@ data: group.db: {{ .Values.auth.groups | b64enc }} {{- end }} {{- end }} +<<<<<<< HEAD +======= +--- +{{- if .Values.catalogsSecrets }} +{{- range .Values.catalogsSecrets }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .name }}" +data: +{{- range $key, $val := .value }} + {{ $key }}: {{ $val | b64enc | nindent 4 }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} +--- +{{- if .Values.ldapSecrets }} +{{- range .Values.ldapSecrets }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .name }}" +data: +{{- range $key, $val := .value }} + {{ $key }}: {{ $val | b64enc | nindent 4 }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} +>>>>>>> 83d9fad (New squashed commit) diff --git a/charts/trino/templates/service.yaml b/charts/trino/templates/service.yaml new file mode 100644 index 00000000..bd137ef6 --- /dev/null +++ b/charts/trino/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }} + labels: + app: {{ template "trino.name" . }} + chart: {{ template "trino.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "trino.name" . }} + release: {{ .Release.Name }} + component: coordinator diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index e4f754db..5224d15a 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -2,6 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +<<<<<<< HEAD # -- Override resource names to avoid name conflicts when deploying multiple # releases in the same namespace. # @raw @@ -36,11 +37,24 @@ image: # - name: registry-credentials # ``` imagePullSecrets: [] +======= +image: + repository: trinodb/trino + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart version. + tag: latest +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) server: workers: 2 node: +<<<<<<< HEAD +<<<<<<< HEAD # server.node.environment -- Supports templating with `tpl`. +======= +>>>>>>> 83d9fad (New squashed commit) +======= +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) environment: production dataDir: /data/trino pluginDir: /usr/lib/trino/plugin @@ -49,6 +63,7 @@ server: level: INFO config: path: /etc/trino +<<<<<<< HEAD https: enabled: false port: 8443 @@ -467,10 +482,38 @@ sidecarContainers: {} # -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. # To remove the default, set it to null (or `~`). +======= + http: + port: 8080 + query: + maxMemory: "4GB" + maxMemoryPerNode: "1GB" + maxTotalMemoryPerNode: "2GB" + memory: + heapHeadroomPerNode: "1GB" + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + +additionalNodeProperties: {} + +additionalJVMConfig: {} + +additionalConfigProperties: {} + +additionalLogProperties: {} + +additionalCatalogs: {} + +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) securityContext: runAsUser: 1000 runAsGroup: 1000 +<<<<<<< HEAD # -- [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. containerSecurityContext: # -- Control whether a process can gain more privileges than its parent process. @@ -547,6 +590,15 @@ secretMounts: [] # secretName: sample-secret # path: /secrets/sample.json # subPath: sample.json +<<<<<<< HEAD +======= +# - name: catalogs +# secretName: catalogs +# path: /etc/trino/catalog +# - name: ldap +# secretName: ldap +# path: /etc/trino/ldap +>>>>>>> 83d9fad (New squashed commit) # ``` coordinator: @@ -1134,3 +1186,55 @@ networkPolicy: # port: 9999 # ``` egress: [] +<<<<<<< HEAD +======= + +catalogsSecrets: [] + # - name: catalogs + # value: + # mariadb.properties: | + # connector.name=mariadb + # connection-user= + # connection-url= + # connection-password= + # postgresql.properties: | + # connector.name=postgresql + # connection-user= + # connection-url= + # postgresql.array-mapping= + # connection-password= +ldapSecrets: [] + # - name: ldap + # value: + # ldap.properties: | + # password-authenticator.name=ldap + # ldap.bind-dn=uid= + # ldap.url= + # ldap.bind-password= + # ldap.user-bind-pattern= + # ldap.group-auth-pattern= + # ldap.user-base-dn= +>>>>>>> 83d9fad (New squashed commit) +======= +service: + type: ClusterIP + port: 8080 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} +>>>>>>> 7f0562e (extend chart, add GHA for CI and Release) diff --git a/tests/gateway/test-https.yaml b/tests/gateway/test-https.yaml index 45275858..f35c60d0 100644 --- a/tests/gateway/test-https.yaml +++ b/tests/gateway/test-https.yaml @@ -3,7 +3,11 @@ command: - "-c" - | cat /etc/certificates/tls.crt /etc/certificates/tls.key > /etc/scratch/tls.pem && \ +<<<<<<< HEAD java -XX:MinRAMPercentage=80.0 -XX:MaxRAMPercentage=80.0 -jar /usr/lib/trino-gateway/gateway-ha-jar-with-dependencies.jar /etc/trino-gateway/config.yaml +======= + java -XX:MinRAMPercentage=80.0 -XX:MaxRAMPercentage=80.0 -jar /usr/lib/trino/gateway-ha-jar-with-dependencies.jar /etc/gateway/config.yaml +>>>>>>> 83d9fad (New squashed commit) config: serverConfig: diff --git a/tests/gateway/test-values-with-env.yaml b/tests/gateway/test-values-with-env.yaml index 243e1787..4baec182 100644 --- a/tests/gateway/test-values-with-env.yaml +++ b/tests/gateway/test-values-with-env.yaml @@ -17,6 +17,15 @@ config: driver: org.postgresql.Driver clusterStatsConfiguration: monitorType: INFO_API +<<<<<<< HEAD +======= + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor +>>>>>>> 83d9fad (New squashed commit) envFrom: - secretRef: diff --git a/tests/gateway/test-values.yaml b/tests/gateway/test-values.yaml index eeaa875b..f8f48df1 100644 --- a/tests/gateway/test-values.yaml +++ b/tests/gateway/test-values.yaml @@ -17,6 +17,15 @@ config: driver: org.postgresql.Driver clusterStatsConfiguration: monitorType: INFO_API +<<<<<<< HEAD +======= + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor +>>>>>>> 83d9fad (New squashed commit) ingress: enabled: true diff --git a/tests/trino/test-values.yaml b/tests/trino/test-values.yaml index ed145cdd..4cb64a28 100644 --- a/tests/trino/test-values.yaml +++ b/tests/trino/test-values.yaml @@ -2,6 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +<<<<<<< HEAD global: env: "dev" region: "region_test" @@ -9,6 +10,9 @@ global: server: node: environment: "{{ .Values.global.env }}_{{ .Values.global.region }}" +======= +server: +>>>>>>> 83d9fad (New squashed commit) workers: 0 config: https: