From a384f38f04cba5aa809d82835d1494ed3d29f39b Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Mon, 10 Feb 2025 18:39:34 +0000 Subject: [PATCH 1/3] New squashed commit --- .github/dependabot.yml | 6 + .github/release.yml | 17 + .github/workflows/ci-cd.yaml | 140 ++ .gitignore | 3 + .helmignore | 4 + .pre-commit-config.yaml | 16 + LICENSE | 202 +++ README.md | 116 +- charts/gateway/Chart.yaml | 16 + charts/gateway/README.md | 161 +++ charts/gateway/README.md.gotmpl | 25 + charts/gateway/templates/NOTES.txt | 24 + charts/gateway/templates/_helpers.tpl | 65 + charts/gateway/templates/deployment.yaml | 113 ++ charts/gateway/templates/hpa.yaml | 32 + charts/gateway/templates/ingress.yaml | 69 + charts/gateway/templates/secrets.yaml | 7 + charts/gateway/templates/service.yaml | 28 + charts/gateway/templates/serviceaccount.yaml | 13 + .../templates/tests/test-connection.yaml | 68 + charts/gateway/values.yaml | 205 +++ Chart.yaml => charts/trino/Chart.yaml | 17 +- charts/trino/README.md | 997 ++++++++++++++ charts/trino/README.md.gotmpl | 25 + .../trino/templates}/NOTES.txt | 2 +- charts/trino/templates/_helpers.tpl | 157 +++ charts/trino/templates/autoscaler.yaml | 37 + .../configmap-access-control-coordinator.yaml | 14 + .../configmap-access-control-worker.yaml | 22 + charts/trino/templates/configmap-catalog.yaml | 16 + .../templates/configmap-coordinator.yaml | 187 +++ .../templates/configmap-jmx-exporter.yaml | 29 + charts/trino/templates/configmap-worker.yaml | 120 ++ .../templates/deployment-coordinator.yaml | 267 ++++ charts/trino/templates/deployment-worker.yaml | 259 ++++ charts/trino/templates/ingress.yaml | 38 + charts/trino/templates/keda-scaledobject.yaml | 40 + charts/trino/templates/networkpolicy.yaml | 37 + charts/trino/templates/secret.yaml | 55 + .../trino/templates/service-coordinator.yaml | 42 + charts/trino/templates/service-worker.yaml | 27 + charts/trino/templates/serviceaccount.yaml | 13 + .../templates/servicemonitor-coordinator.yaml | 24 + .../templates/servicemonitor-worker.yaml | 24 + .../templates/tests/test-connection.yaml | 63 + .../tests/test-graceful-shutdown.yaml | 120 ++ charts/trino/templates/tests/test-jmx.yaml | 99 ++ .../templates/tests/test-networkpolicy.yaml | 28 + charts/trino/values.yaml | 1167 +++++++++++++++++ templates/_helpers.tpl | 40 - templates/configmap-coordinator.yaml | 44 - templates/configmap-worker.yaml | 39 - templates/deployment-coordinator.yaml | 65 - templates/deployment-worker.yaml | 63 - templates/service.yaml | 20 - tests/gateway/test-https.yaml | 31 + tests/gateway/test-nodeport.yaml | 19 + tests/gateway/test-values-with-env.yaml | 37 + tests/gateway/test-values.yaml | 36 + tests/gateway/test.sh | 140 ++ ...test-access-control-properties-values.yaml | 7 + tests/trino/test-exchange-manager-values.yaml | 35 + .../trino/test-graceful-shutdown-values.yaml | 6 + ...est-resource-groups-properties-values.yaml | 15 + tests/trino/test-values.yaml | 296 +++++ tests/trino/test.sh | 194 +++ values.yaml | 58 - 67 files changed, 6037 insertions(+), 364 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/release.yml create mode 100644 .github/workflows/ci-cd.yaml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 LICENSE create mode 100644 charts/gateway/Chart.yaml create mode 100644 charts/gateway/README.md create mode 100644 charts/gateway/README.md.gotmpl create mode 100644 charts/gateway/templates/NOTES.txt create mode 100644 charts/gateway/templates/_helpers.tpl create mode 100644 charts/gateway/templates/deployment.yaml create mode 100644 charts/gateway/templates/hpa.yaml create mode 100644 charts/gateway/templates/ingress.yaml create mode 100644 charts/gateway/templates/secrets.yaml create mode 100644 charts/gateway/templates/service.yaml create mode 100644 charts/gateway/templates/serviceaccount.yaml create mode 100644 charts/gateway/templates/tests/test-connection.yaml create mode 100644 charts/gateway/values.yaml rename Chart.yaml => charts/trino/Chart.yaml (76%) create mode 100644 charts/trino/README.md create mode 100644 charts/trino/README.md.gotmpl rename {templates => charts/trino/templates}/NOTES.txt (78%) create mode 100644 charts/trino/templates/_helpers.tpl create mode 100644 charts/trino/templates/autoscaler.yaml create mode 100644 charts/trino/templates/configmap-access-control-coordinator.yaml create mode 100644 charts/trino/templates/configmap-access-control-worker.yaml create mode 100644 charts/trino/templates/configmap-catalog.yaml create mode 100644 charts/trino/templates/configmap-coordinator.yaml create mode 100644 charts/trino/templates/configmap-jmx-exporter.yaml create mode 100644 charts/trino/templates/configmap-worker.yaml create mode 100644 charts/trino/templates/deployment-coordinator.yaml create mode 100644 charts/trino/templates/deployment-worker.yaml create mode 100644 charts/trino/templates/ingress.yaml create mode 100644 charts/trino/templates/keda-scaledobject.yaml create mode 100644 charts/trino/templates/networkpolicy.yaml create mode 100644 charts/trino/templates/secret.yaml create mode 100644 charts/trino/templates/service-coordinator.yaml create mode 100644 charts/trino/templates/service-worker.yaml create mode 100644 charts/trino/templates/serviceaccount.yaml create mode 100644 charts/trino/templates/servicemonitor-coordinator.yaml create mode 100644 charts/trino/templates/servicemonitor-worker.yaml create mode 100644 charts/trino/templates/tests/test-connection.yaml create mode 100644 charts/trino/templates/tests/test-graceful-shutdown.yaml create mode 100644 charts/trino/templates/tests/test-jmx.yaml create mode 100644 charts/trino/templates/tests/test-networkpolicy.yaml create mode 100644 charts/trino/values.yaml delete mode 100644 templates/_helpers.tpl delete mode 100644 templates/configmap-coordinator.yaml delete mode 100644 templates/configmap-worker.yaml delete mode 100644 templates/deployment-coordinator.yaml delete mode 100644 templates/deployment-worker.yaml delete mode 100644 templates/service.yaml create mode 100644 tests/gateway/test-https.yaml create mode 100644 tests/gateway/test-nodeport.yaml create mode 100644 tests/gateway/test-values-with-env.yaml create mode 100644 tests/gateway/test-values.yaml create mode 100755 tests/gateway/test.sh create mode 100644 tests/trino/test-access-control-properties-values.yaml create mode 100644 tests/trino/test-exchange-manager-values.yaml create mode 100644 tests/trino/test-graceful-shutdown-values.yaml create mode 100644 tests/trino/test-resource-groups-properties-values.yaml create mode 100644 tests/trino/test-values.yaml create mode 100755 tests/trino/test.sh delete mode 100644 values.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5ace4600 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 00000000..a8738587 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,17 @@ +changelog: + exclude: + labels: + - ignore-for-release + categories: + - title: Breaking changes + labels: + - breaking-change + - title: Features + labels: + - enhancement + - title: Bug fixes + labels: + - bug + - title: Other changes + labels: + - "*" diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml new file mode 100644 index 00000000..234b8244 --- /dev/null +++ b/.github/workflows/ci-cd.yaml @@ -0,0 +1,140 @@ +# This workflow: +# - lints the chart, runs tests and verifies documentation is up to date +# Additionally if the event isn't a pull-request (and hence a merge/push to main): +# - sync README to gh-pages branch +# - release a new chart version if the version isn't already released +name: CI/CD + +on: + push: + branches: + - main + pull_request: + +# Cancel previous PR builds. +concurrency: + # Cancel all workflow runs except latest within a concurrency group. This is achieved by defining a concurrency group for the PR. + # Non-PR builds have singleton concurrency groups. + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.event.number || github.sha }} + cancel-in-progress: true + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.7.0 + - name: Lint charts + run: ct lint --charts=charts/trino,charts/gateway --validate-maintainers=false + + test: + runs-on: ubuntu-latest + name: test trino ${{ matrix.label }} + strategy: + fail-fast: false + matrix: + include: + - { label: default, args: '' } + # last Trino version that requires JDK 21 + - { label: 446, args: '-a "--set image.tag=446"' } + # last Trino version that requires JDK 17 + - { label: 435, args: '-a "--set image.tag=435"' } + # skip cleanup to test deploying multiple releases in a single namespace + - { label: overrides, args: '-s -t default,overrides' } + steps: + - uses: actions/checkout@v4 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.16.4 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.7.0 + - name: Create kind cluster + uses: helm/kind-action@v1.12.0 + with: + version: v0.26.0 + - name: Run tests + run: ./tests/trino/test.sh ${{ matrix.args }} + + test-gateway: + runs-on: ubuntu-latest + name: test gateway ${{ matrix.label }} + strategy: + fail-fast: false + matrix: + include: + - { label: default, args: '' } + steps: + - uses: actions/checkout@v4 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.16.4 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.7.0 + - name: Create kind cluster + uses: helm/kind-action@v1.12.0 + with: + version: v0.24.0 + - name: Run gateway tests + run: ./tests/gateway/test.sh ${{ matrix.args }} + + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: '3.x' + - uses: pre-commit/action@v3.0.1 + + # Everything above is CI, everything here and below is for releases and runs only on non-pull-request events + sync-readme: + needs: [lint, test, docs] + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + steps: + - name: Checkout main + uses: actions/checkout@v4 + with: + path: main + - name: Checkout gh-pages + uses: actions/checkout@v4 + with: + ref: gh-pages + path: gh-pages + - name: Copy all README files from main to gh-pages + run: | + cd main + # cp --parents preserves directory structure + find . -name 'README.md' -exec cp --parents '{}' "../gh-pages/" ';' + - name: Commit changes to gh-pages and push + run: | + cd gh-pages + git add . + git config user.name "GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + # Commit only if changes exist to avoid failure in this step + git diff-index --quiet HEAD || git commit --signoff -m "Sync READMEs from main" + git push + + release: + needs: [lint, test, docs, sync-readme] + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Release charts + uses: helm/chart-releaser-action@v1.7.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_GENERATE_RELEASE_NOTES: true + # If we didn't bump the chart version then we can skip the release + CR_SKIP_EXISTING: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..95fa20e6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.idea/* +*/*/cert.key +*/*/cert.crt diff --git a/.helmignore b/.helmignore index f0c13194..417ff7fd 100644 --- a/.helmignore +++ b/.helmignore @@ -14,8 +14,12 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project .idea/ *.tmproj +.vscode/ +# helm-doc template +README.md.gotmpl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..eccac9b1 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,16 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: trailing-whitespace + args: + - --markdown-linebreak-ext=md + - id: end-of-file-fixer +- repo: https://github.com/norwoodj/helm-docs + rev: v1.14.2 + hooks: + - id: helm-docs-container + args: + - --chart-search-root=charts + - --document-dependency-values + - --sort-values-order=file diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index 896b4856..b2c2eb02 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,96 @@ -Trino +Trino Community Kubernetes Helm Charts =========== +[![CI/CD](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml/badge.svg?branch=main)](https://github.com/trinodb/charts/actions/workflows/ci-cd.yaml) -Fast distributed SQL query engine for big data analytics +A repository of Helm charts for the Trino community. The following charts are +included: +* `trino/trino` for [Trino](https://trino.io/) +* `trino/trino-gateway` for [Trino Gateway](https://trinodb.github.io/trino-gateway) -## Configuration +## Usage -The following table lists the configurable parameters of the Trino chart and their default values. +[Helm](https://helm.sh) must be installed to use the charts. +Refer to Helm's [documentation](https://helm.sh/docs/) to get started. -| Parameter | Description | Default | -| ------------------------ | ----------------------- | -------------- | -| `image.repository` | | `"trinodb/trino"` | -| `image.pullPolicy` | | `"IfNotPresent"` | -| `image.tag` | | `"latest"` | -| `server.workers` | | `2` | -| `server.node.environment` | | `"production"` | -| `server.node.dataDir` | | `"/data/trino"` | -| `server.node.pluginDir` | | `"/usr/lib/trino/plugin"` | -| `server.log.trino.level` | | `"INFO"` | -| `server.config.path` | | `"/etc/trino"` | -| `server.config.http.port` | | `8080` | -| `server.config.query.maxMemory` | | `"4GB"` | -| `server.config.query.maxMemoryPerNode` | | `"1GB"` | -| `server.jvm.maxHeapSize` | | `"8G"` | -| `server.jvm.gcMethod.type` | | `"UseG1GC"` | -| `server.jvm.gcMethod.g1.heapRegionSize` | | `"32M"` | -| `securityContext.runAsUser` | | `1000` | -| `securityContext.runAsGroup` | | `1000` | -| `service.type` | | `"ClusterIP"` | -| `service.port` | | `8080` | -| `resources` | | `{}` | -| `nodeSelector` | | `{}` | -| `tolerations` | | `[]` | -| `affinity` | | `{}` | +Once Helm is set up properly, add the repo as follows: +```console +helm repo add trino https://trinodb.github.io/charts/ +``` +Run `helm search repo trino` to see the latest charts with the string `trino` in +the name to get an output similar to the following: ---- -_Documentation generated by [Frigate](https://frigate.readthedocs.io)._ +``` +NAME CHART VERSION APP VERSION DESCRIPTION +trino/trino 1.37.0 470 Fast distributed SQL query engine for big data ... +trino/trino-gateway 1.13.2 13 A Helm chart for Trino Gateway +``` +Use `helm search repo trino -l` for information about all available versions. + +After configuring your Kubernetes cluster, you can install Trino with the chart +`trino/trino` using: + +```console +helm install my-trino trino/trino --version 1.37.0 +``` + +Also, you can check the manifests using: + +```console +helm template my-trino trino/trino --namespace +``` + +Similarly install Trino Gateway with the `trino/trino-gateway` chart. + +## Documentation + +More information about Trino, Trino Gateway, and the charts is available in the +following resources: + +* [Trino Kubernetes documentation](https://trino.io/docs/current/installation/kubernetes.html) +* [trino/trino chart configuration](./charts/trino/README.md) +* [Trino documentation](https://trino.io/docs/current/index.html) +* [Trino Gateway Kubernetes documentation](https://trinodb.github.io/trino-gateway/installation/#helm) +* [trino/trino-gateway chart configuration](./charts/gateway/README.md) +* [Trino Gateway documentation](https://trinodb.github.io/trino-gateway) + +## Development + +To test the chart, install it into a Kubernetes cluster. Use `kind` to create a +Kubernetes cluster running in a container, and `chart-testing` to install the +chart and run [tests](charts/trino/templates/tests). + +```console +brew install helm kind chart-testing +kind create cluster +ct install +``` + +To run tests with specific values: +```console +ct install --helm-extra-set-args "--set image.tag=470" +``` + +Use the `test.sh` script to run a suite of tests, with different chart values. +If some of the tests fail, use the `-s` flag to skip cleanup and inspect the +resources installed in the Kubernetes cluster. Use `-n` to use a specific +namespace, not a randomly generated one. Use `-t` to run only selected tests. +See the command help (`-h`) for a list of available tests. + +Example: +```console +./test.sh -n trino -s -t default +``` + +The documentation is automatically generated from the chart files. Install a +git hook to have it automatically updated when committing changes. Make sure +you [install the pre-commit binary](https://pre-commit.com/#install), then run: + +```console +pre-commit install +pre-commit install-hooks +``` diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml new file mode 100644 index 00000000..fe8550e2 --- /dev/null +++ b/charts/gateway/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: trino-gateway +description: A Helm chart for Trino Gateway +type: application +version: "1.13.2" +appVersion: "13" + +icon: https://trino.io/assets/images/logos/trino-gateway-small.png + +home: https://trinodb.github.io/trino-gateway/ +sources: + - https://github.com/trinodb/charts + - https://github.com/trinodb/trino-gateway + +maintainers: + - name: Trino community diff --git a/charts/gateway/README.md b/charts/gateway/README.md new file mode 100644 index 00000000..f32fb5dc --- /dev/null +++ b/charts/gateway/README.md @@ -0,0 +1,161 @@ +# trino-gateway + +![Version: 1.13.2](https://img.shields.io/badge/Version-1.13.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 13](https://img.shields.io/badge/AppVersion-13-informational?style=flat-square) + +A Helm chart for Trino Gateway + +**Homepage:** + +## Source Code + +* +* + +## Values +* `replicaCount` - int, default: `1` +* `image.repository` - string, default: `"trinodb/trino-gateway"` + + Repository location of the Trino Gateway image, typically `organization/imagename` +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `image.tag` - string, default: `""` + + Override the image tag whose default is the chart appVersion. +* `imagePullSecrets` - list, default: `[]` + + An optional list of references to secrets in the same namespace to use for pulling images. + Example: + ```yaml + imagePullSecrets: + - name: registry-credentials + ``` +* `envFrom` - list, default: `[]` + + A list of secrets and configmaps to mount into the init container as environment variables. + Example: + ```yaml + envFrom: + - secretRef: + name: password-secret + ``` +* `config.serverConfig."node.environment"` - string, default: `"test"` +* `config.serverConfig."http-server.http.port"` - int, default: `8080` +* `config.serverConfig."http-server.http.enabled"` - bool, default: `true` +* `config.dataStore.jdbcUrl` - string, default: `"jdbc:postgresql://localhost:5432/gateway"` + + The connection details for the backend database for Trino Gateway and Trino query history +* `config.dataStore.user` - string, default: `"postgres"` +* `config.dataStore.password` - string, default: `"mysecretpassword"` +* `config.dataStore.driver` - string, default: `"org.postgresql.Driver"` +* `config.clusterStatsConfiguration.monitorType` - string, default: `"INFO_API"` +* `config.modules[0]` - string, default: `"io.trino.gateway.ha.module.HaGatewayProviderModule"` +* `config.modules[1]` - string, default: `"io.trino.gateway.ha.module.ClusterStateListenerModule"` +* `config.modules[2]` - string, default: `"io.trino.gateway.ha.module.ClusterStatsMonitorModule"` +* `config.managedApps[0]` - string, default: `"io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor"` +* `command` - list, default: `["java","-XX:MinRAMPercentage=80.0","-XX:MaxRAMPercentage=80.0","-jar","/usr/lib/trino/gateway-ha-jar-with-dependencies.jar","/etc/gateway/config.yaml"]` + + Startup command for Trino Gateway process. Add additional Java options and other modifications as desired. +* `service` - object, default: `{"ports":[{"name":"gateway","protocol":"TCP"}],"type":"ClusterIP"}` + + Service for accessing the gateway. The contents of this dictionary are used for the [service spec](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). The `port` and `targetPort` of the first element of the ports list will automatically be set to the value of `config.serverConfig."http-server.http[s].port"`. If both https and http ports are defined the https port is used. In this case, an additional service for the http port must be configured manually. Additional ports, such as for JMX or a Java Agent can be configured by adding elements to the ports list. The selector is also automatically configured. All other values are passed through as is. Example configuration for exposing both https and http: + ```yaml + service: + type: NodePort + ports: + - protocol: TCP + name: request + nodePort: 30443 + # targetPort and port will automatically pulled from serverConfig.http-server.https.port + - protocol: TCP + name: gateway-http + nodePort: 30080 + port: 8080 + # targetPort must be explicitly set to the same value as serverConfig.http-server.http.port + targetPort: 8080 + ``` +* `serviceName` - string, default: `"trino-gateway"` + + Set a custom name for the gateway service +* `ingress.enabled` - bool, default: `false` +* `ingress.className` - string, default: `""` +* `ingress.annotations` - object, default: `{}` +* `ingress.hosts` - list, default: `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` + + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Example: + ```yaml + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific + ``` +* `ingress.tls` - list, default: `[]` + + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Example: + ```yaml + - secretName: chart-example-tls + hosts: + - chart-example.local + ``` +* `resources.limits.cpu` - int, default: `2` +* `resources.limits.memory` - string, default: `"4Gi"` +* `resources.requests.cpu` - int, default: `2` +* `resources.requests.memory` - string, default: `"4Gi"` +* `autoscaling.enabled` - bool, default: `false` +* `autoscaling.minReplicas` - int, default: `1` +* `autoscaling.maxReplicas` - int, default: `100` +* `autoscaling.targetCPUUtilizationPercentage` - int, default: `80` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `autoscaling.targetMemoryUtilizationPercentage` - string, default: `""` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `livenessProbe.initialDelaySeconds` - int, default: `30` +* `livenessProbe.periodSeconds` - int, default: `10` +* `livenessProbe.failureThreshold` - int, default: `3` +* `livenessProbe.timeoutSeconds` - int, default: `1` +* `livenessProbe.scheme` - string, default: `"HTTP"` +* `readinessProbe.initialDelaySeconds` - int, default: `5` +* `readinessProbe.periodSeconds` - int, default: `5` +* `readinessProbe.failureThreshold` - int, default: `12` +* `readinessProbe.timeoutSeconds` - int, default: `1` +* `readinessProbe.scheme` - string, default: `"HTTP"` +* `volumes` - object, default: `{}` +* `volumeMounts` - object, default: `{}` +* `nodeSelector` - object, default: `{}` +* `tolerations` - list, default: `[]` +* `affinity` - object, default: `{}` +* `commonLabels` - object, default: `{}` + + Labels that get applied to every resource's metadata +* `podAnnotations` - object, default: `{}` +* `podLabels` - object, default: `{}` +* `podSecurityContext` - object, default: `{}` + + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `securityContext` - object, default: `{}` + + [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. + Example: + ```yaml + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + ``` +* `serviceAccount.create` - bool, default: `true` + + Specifies whether a service account should be created +* `serviceAccount.automount` - bool, default: `true` + + Automatically mount a ServiceAccount's API credentials? +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/gateway/README.md.gotmpl b/charts/gateway/README.md.gotmpl new file mode 100644 index 00000000..e296f05a --- /dev/null +++ b/charts/gateway/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesHeader" . }} + +{{- range .Values }} +* `{{ .Key }}` - {{ .Type }}, default: {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}{{ if or .Description .AutoDescription }} {{ end }} +{{- if .Description }} +{{ .Description | nindent 2 }} +{{- else if .AutoDescription }} +{{ .AutoDescription | nindent 2 }} +{{- end }} +{{- end }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/gateway/templates/NOTES.txt b/charts/gateway/templates/NOTES.txt new file mode 100644 index 00000000..9c7216fa --- /dev/null +++ b/charts/gateway/templates/NOTES.txt @@ -0,0 +1,24 @@ +You can get the Trino Gateway endpoints by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath='{.spec.ports[0].nodePort}' svc trino-gateway) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w trino-gateway' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} trino-gateway --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:'{{ .Values.service.ports | first | get "port" }}' +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "trino-gateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export PORT=$(kubectl get pod --namespace test $POD_NAME -o jsonpath='{.spec.containers[0].ports[0].containerPort}') + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$PORT +{{- end }} + +Happy Helming! diff --git a/charts/gateway/templates/_helpers.tpl b/charts/gateway/templates/_helpers.tpl new file mode 100644 index 00000000..fcf24d7a --- /dev/null +++ b/charts/gateway/templates/_helpers.tpl @@ -0,0 +1,65 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "trino-gateway.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trino-gateway.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trino-gateway.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "trino-gateway.labels" -}} +helm.sh/chart: {{ include "trino-gateway.chart" . }} +{{ include "trino-gateway.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels }} +{{ tpl (toYaml .Values.commonLabels) . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trino-gateway.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trino-gateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "trino-gateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "trino-gateway.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/gateway/templates/deployment.yaml b/charts/gateway/templates/deployment.yaml new file mode 100644 index 00000000..5d712e4d --- /dev/null +++ b/charts/gateway/templates/deployment.yaml @@ -0,0 +1,113 @@ +{{- $probePort := -1 }} +{{- $probeScheme := "" }} +{{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} +{{- $probePort = index .Values "config" "serverConfig" "http-server.http.port" }} +{{- $probeScheme = "HTTP" }} +{{- else if index .Values "config" "serverConfig" "http-server.https.enabled" }} +{{ $probePort = index .Values "config" "serverConfig" "http-server.https.port" }} +{{- $probeScheme = "HTTPS" }} +{{- else }} + {{- fail "Error: Either https or http must be enabled in serverConfig!" }} +{{- end }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "trino-gateway.fullname" . }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "trino-gateway.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "trino-gateway.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "trino-gateway.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- toYaml .Values.command | nindent 12}} + envFrom: + {{- toYaml .Values.envFrom | nindent 12}} + ports: + {{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} + - name: http + containerPort: {{ index .Values "config" "serverConfig" "http-server.http.port" }} + protocol: TCP + {{- end }} + {{- if index .Values "config" "serverConfig" "http-server.https.enabled" }} + - name: https + containerPort: {{ index .Values "config" "serverConfig" "http-server.https.port" }} + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: /trino-gateway + port: {{ $probePort }} + scheme: {{ $probeScheme }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: /trino-gateway + port: {{ $probePort }} + scheme: {{ $probeScheme }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: trino-gateway-configuration + mountPath: "/etc/gateway/config.yaml" + subPath: "config.yaml" + readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: trino-gateway-configuration + secret: + secretName: trino-gateway-configuration + optional: false + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gateway/templates/hpa.yaml b/charts/gateway/templates/hpa.yaml new file mode 100644 index 00000000..ccc74402 --- /dev/null +++ b/charts/gateway/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "trino-gateway.fullname" . }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "trino-gateway.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/gateway/templates/ingress.yaml b/charts/gateway/templates/ingress.yaml new file mode 100644 index 00000000..ff5f4625 --- /dev/null +++ b/charts/gateway/templates/ingress.yaml @@ -0,0 +1,69 @@ + +{{- if .Values.ingress.enabled -}} +{{- $fullName := .Values.serviceName -}} +{{- $svcPort := -1 }} +{{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} + {{- $svcPort = index .Values "config" "serverConfig" "http-server.http.port" }} +{{- else if index .Values "config" "serverConfig" "http-server.https.enabled" }} + {{ $svcPort = index .Values "config" "serverConfig" "http-server.https.port" }} +{{- else }} + {{- fail "Error: Either https or http must be enabled in serverConfig!" }} +{{- end }} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/gateway/templates/secrets.yaml b/charts/gateway/templates/secrets.yaml new file mode 100644 index 00000000..da3bba6e --- /dev/null +++ b/charts/gateway/templates/secrets.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: trino-gateway-configuration +type: "Opaque" +data: + config.yaml: "{{toYaml .Values.config | b64enc}}" diff --git a/charts/gateway/templates/service.yaml b/charts/gateway/templates/service.yaml new file mode 100644 index 00000000..f30bbe28 --- /dev/null +++ b/charts/gateway/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.serviceName }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} +{{- $gatewayPort := "" }} +{{- if index .Values "config" "serverConfig" "http-server.http.enabled" }} + {{- $gatewayPort = index .Values "config" "serverConfig" "http-server.http.port" }} +{{- end }} +{{- if index .Values "config" "serverConfig" "http-server.https.enabled" }} +{{- $gatewayPort = index .Values "config" "serverConfig" "http-server.https.port" }} +{{- end }} +{{- if empty $gatewayPort }} +{{- fail "Error: No port defined in serverConfig!" $gatewayPort }} +{{- end}} +{{- $portDefault := dict "port" $gatewayPort "targetPort" $gatewayPort }} +{{- $portValues := .Values.service.ports | default list | first | default $portDefault}} +{{- $_0 := set $portValues "port" $gatewayPort}} +{{- $_1 := set $portValues "targetPort" $gatewayPort}} +{{- $ports := list $portValues }} +{{- $additionalPorts := .Values.service.ports | default list | rest }} +{{- $allPorts := concat $ports $additionalPorts}} +{{- $spec := .Values.service }} +{{- $_2 := set $spec "ports" $allPorts }} +{{- $selectorLabels := include "trino-gateway.selectorLabels" . | fromYaml }} +{{- $_3 := set $spec "selector" $selectorLabels }} +spec: {{ $spec | toYaml | nindent 2}} diff --git a/charts/gateway/templates/serviceaccount.yaml b/charts/gateway/templates/serviceaccount.yaml new file mode 100644 index 00000000..5c6ba208 --- /dev/null +++ b/charts/gateway/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trino-gateway.serviceAccountName" . }} + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/gateway/templates/tests/test-connection.yaml b/charts/gateway/templates/tests/test-connection.yaml new file mode 100644 index 00000000..ba994e15 --- /dev/null +++ b/charts/gateway/templates/tests/test-connection.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "trino-gateway.fullname" . }}-test-connection" + labels: + {{- include "trino-gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + initContainers: + - name: extract-persistence-sql + image: "trinodb/trino-gateway" + command: + - "/bin/sh" + - "-c" + - | + cd /etc/persistence && \ + jar -xvf /usr/lib/trino/gateway-ha-jar-with-dependencies.jar \ + gateway-ha-persistence-postgres.sql + volumeMounts: + - name: persistence-sql + mountPath: /etc/persistence + - name: initialize-db + image: bitnami/postgresql:17.1.0 + command: + - "/bin/sh" + - "-c" + - | + echo "Initialize gateway schema"; + PGPASSWORD=pass0000 psql \ + -h gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local \ + -U gateway -d gateway \ + -f /etc/persistence/gateway-ha-persistence-postgres.sql + volumeMounts: + - name: persistence-sql + mountPath: /etc/persistence + containers: + - name: curl + image: alpine + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + # Get the list of backends, which should return an empty list, "[]". For this test to pass + # the gateway must successfully connect to an initialized backend database + command: + - "sh" + - "-c" + - | + apk add curl + {{- if eq .Values.service.type "NodePort" -}} + && [ "$(curl -k --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 https://${NODE_IP}:30443/entity/GATEWAY_BACKEND )" = "[]" ] && [ "$(curl --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 http://${NODE_IP}:30080/entity/GATEWAY_BACKEND )" = "[]" ] + {{- end }} + {{- if index .Values "config" "serverConfig" "http-server.https.enabled" -}} + && [ "$(curl -k --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 -v https://{{ .Values.serviceName }}:8443/entity/GATEWAY_BACKEND )" = "[]" ] + {{- end }} + {{- if index .Values "config" "serverConfig" "http-server.http.enabled" -}} + && [ "$(curl --retry 3 --retry-all-errors --connect-timeout 5 --retry-delay 5 -v http://{{ .Values.serviceName }}:8080/entity/GATEWAY_BACKEND )" = "[]" ] + {{- end }} + volumes: + - name: persistence-sql + emptyDir: + sizeLimit: 10Mi + + restartPolicy: Never diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml new file mode 100644 index 00000000..39794f5c --- /dev/null +++ b/charts/gateway/values.yaml @@ -0,0 +1,205 @@ +# Default values for trino. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + # -- Override the image tag whose default is the chart appVersion. + tag: "" + +# -- An optional list of references to secrets in the same namespace to use for pulling images. +# @raw +# Example: +# ```yaml +# imagePullSecrets: +# - name: registry-credentials +# ``` +imagePullSecrets: [] + +# -- A list of secrets and configmaps to mount into the init container as environment variables. +# @raw +# Example: +# ```yaml +# envFrom: +# - secretRef: +# name: password-secret +# ``` +envFrom: [] + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + http-server.http.enabled: true + dataStore: + # -- The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://localhost:5432/gateway + user: postgres + password: mysecretpassword + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +# -- Startup command for Trino Gateway process. Add additional Java options and other modifications as desired. +command: + - "java" + - "-XX:MinRAMPercentage=80.0" + - "-XX:MaxRAMPercentage=80.0" + - "-jar" + - "/usr/lib/trino/gateway-ha-jar-with-dependencies.jar" + - "/etc/gateway/config.yaml" + +# -- Service for accessing the gateway. The contents of this dictionary are used +# for the [service spec](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). +# The `port` and `targetPort` of the first element +# of the ports list will automatically be set to the value of +# `config.serverConfig."http-server.http[s].port"`. If both https and http ports are defined +# the https port is used. In this case, an additional service for the http port must be +# configured manually. Additional ports, such as for JMX or a Java Agent +# can be configured by adding elements to the ports list. The selector is +# also automatically configured. All other values are passed through as is. +# +# Example configuration for exposing both https and http: +# @raw +# ```yaml +# service: +# type: NodePort +# ports: +# - protocol: TCP +# name: request +# nodePort: 30443 +# # targetPort and port will automatically pulled from serverConfig.http-server.https.port +# - protocol: TCP +# name: gateway-http +# nodePort: 30080 +# port: 8080 +# # targetPort must be explicitly set to the same value as serverConfig.http-server.http.port +# targetPort: 8080 +# ``` + +service: + type: ClusterIP + ports: + - protocol: TCP + name: gateway + +# -- Set a custom name for the gateway service +serviceName: trino-gateway + +ingress: + enabled: false + className: "" + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + # ingress.hosts -- [Ingress + # rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + # @raw + # Example: + # ```yaml + # - host: trino.example.com + # paths: + # - path: / + # pathType: ImplementationSpecific + # ``` + tls: [] + # ingress.tls -- Ingress + # [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) + # configuration. + # @raw + # Example: + # ```yaml + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # ``` + +resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 2 + memory: 4Gi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + # -- Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, + # set to an empty string. + targetCPUUtilizationPercentage: 80 + # -- Target average memory utilization, represented as a percentage of requested memory. To disable scaling + # based on memory, set to an empty string. + targetMemoryUtilizationPercentage: "" + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 + timeoutSeconds: 1 + scheme: HTTP + +readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 12 + timeoutSeconds: 1 + scheme: HTTP + +volumes: {} + +volumeMounts: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Labels that get applied to every resource's metadata +commonLabels: {} + +podAnnotations: {} + +podLabels: {} + +# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. +# To remove the default, set it to null (or `~`). +podSecurityContext: {} + +securityContext: {} +# securityContext -- [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +# @raw +# Example: +# ```yaml +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# ``` + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" diff --git a/Chart.yaml b/charts/trino/Chart.yaml similarity index 76% rename from Chart.yaml rename to charts/trino/Chart.yaml index 14808ec2..2dd929fd 100644 --- a/Chart.yaml +++ b/charts/trino/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: trino -description: Fast distributed SQL query engine for big data analytics +description: Fast distributed SQL query engine for big data analytics that helps you explore your data universe # A chart can be either an 'application' or a 'library' chart. # @@ -15,9 +15,20 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 1.37.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 351 +# Same value as in values.yml#image.tag +appVersion: "470" + +icon: https://trino.io/assets/trino.png + +home: https://trino.io/ +sources: + - https://github.com/trinodb/charts + - https://github.com/trinodb/trino/tree/master/core/docker + +maintainers: + - name: Trino community diff --git a/charts/trino/README.md b/charts/trino/README.md new file mode 100644 index 00000000..73007715 --- /dev/null +++ b/charts/trino/README.md @@ -0,0 +1,997 @@ +# trino + +![Version: 1.37.0](https://img.shields.io/badge/Version-1.37.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 470](https://img.shields.io/badge/AppVersion-470-informational?style=flat-square) + +Fast distributed SQL query engine for big data analytics that helps you explore your data universe + +**Homepage:** + +## Source Code + +* +* + +## Values +* `nameOverride` - string, default: `nil` + + Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. + Example: + ```yaml + coordinatorNameOverride: trino-coordinator-adhoc + workerNameOverride: trino-worker-adhoc + nameOverride: trino-adhoc + ``` +* `coordinatorNameOverride` - string, default: `nil` +* `workerNameOverride` - string, default: `nil` +* `image.registry` - string, default: `""` + + Image registry, defaults to empty, which results in DockerHub usage +* `image.repository` - string, default: `"trinodb/trino"` + + Repository location of the Trino image, typically `organization/imagename` +* `image.tag` - string, default: `""` + + Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml +* `image.digest` - string, default: `""` + + Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. +* `image.useRepositoryAsSoleImageReference` - bool, default: `false` + + When true, only the content in `repository` is used as image reference +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `imagePullSecrets` - list, default: `[]` + + An optional list of references to secrets in the same namespace to use for pulling images. + Example: + ```yaml + imagePullSecrets: + - name: registry-credentials + ``` +* `server.workers` - int, default: `2` +* `server.node.environment` - string, default: `"production"` +* `server.node.dataDir` - string, default: `"/data/trino"` +* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"` +* `server.log.trino.level` - string, default: `"INFO"` +* `server.config.path` - string, default: `"/etc/trino"` +* `server.config.https.enabled` - bool, default: `false` +* `server.config.https.port` - int, default: `8443` +* `server.config.https.keystore.path` - string, default: `""` +* `server.config.authenticationType` - string, default: `""` + + Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. +* `server.config.query.maxMemory` - string, default: `"4GB"` +* `server.exchangeManager` - object, default: `{}` + + Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. + Example: + ```yaml + server: + exchangeManager: + name: "filesystem" + baseDir: + - "/tmp/trino-local-file-system-exchange-manager" + additionalConfigProperties: + - retry-policy=TASK + additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 + ``` +* `server.workerExtraConfig` - string, default: `""` +* `server.coordinatorExtraConfig` - string, default: `""` +* `server.autoscaling` - object, default: `{"behavior":{},"enabled":false,"maxReplicas":5,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":80}` + + Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for workers (`server.keda.enabled` must be `false`). +* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `server.autoscaling.behavior` - object, default: `{}` + + Configuration for scaling up and down. + Example: + ```yaml + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + scaleUp: + stabilizationWindowSeconds: 0 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + - type: Pods + value: 4 + periodSeconds: 15 + selectPolicy: Max + ``` +* `server.keda` - object, default: `{"advanced":{},"annotations":{},"cooldownPeriod":300,"enabled":false,"fallback":{},"initialCooldownPeriod":0,"maxReplicaCount":5,"minReplicaCount":0,"pollingInterval":30,"triggers":[]}` + + Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers (`server.autoscaling.enabled` must be `false`). +* `server.keda.cooldownPeriod` - int, default: `300` + + Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 +* `server.keda.initialCooldownPeriod` - int, default: `0` + + The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. +* `server.keda.minReplicaCount` - int, default: `0` + + Minimum number of replicas KEDA will scale the resource down to. By default, it’s scale to zero, but you can use it with some other value as well. +* `server.keda.maxReplicaCount` - int, default: `5` + + This setting is passed to the HPA definition that KEDA will create for a given resource and holds the maximum number of replicas of the target resource. +* `server.keda.fallback` - object, default: `{}` + + Defines a number of replicas to fall back to if a scaler is in an error state. + Example: + ```yaml + fallback: # Optional. Section to specify fallback options + failureThreshold: 3 # Mandatory if fallback section is included + replicas: 6 # Mandatory if fallback section is included + ``` +* `server.keda.advanced` - object, default: `{}` + + Specifies HPA related options + Example: + ```yaml + advanced: + horizontalPodAutoscalerConfig: + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + ``` +* `server.keda.triggers` - list, default: `[]` + + List of triggers to activate scaling of the target resource + Example: + ```yaml + triggers: + - type: prometheus + metricType: Value + metadata: + serverAddress: "http://prometheus.example.com" + threshold: "1" + metricName: required_workers + query: >- + sum by (service) + (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + ``` +* `server.keda.annotations` - object, default: `{}` + + Annotations to apply to the ScaledObject CRD. + Example: + ```yaml + annotations: + autoscaling.keda.sh/paused-replicas: "0" + autoscaling.keda.sh/paused: "true" + ``` +* `accessControl` - object, default: `{}` + + [System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration. + Set the type property to either: + * `configmap`, and provide the rule file contents in `rules`, + * `properties`, and provide configuration properties in `properties`. + Properties example: + ```yaml + type: properties + properties: | + access-control.name=custom-access-control + access-control.custom_key=custom_value + ``` + Config map example: + ```yaml + type: configmap + refreshPeriod: 60s + # Rules file is mounted to /etc/trino/access-control + configFile: "rules.json" + rules: + rules.json: |- + { + "catalogs": [ + { + "user": "admin", + "catalog": "(mysql|system)", + "allow": "all" + }, + { + "group": "finance|human_resources", + "catalog": "postgres", + "allow": true + }, + { + "catalog": "hive", + "allow": "all" + }, + { + "user": "alice", + "catalog": "postgresql", + "allow": "read-only" + }, + { + "catalog": "system", + "allow": "none" + } + ], + "schemas": [ + { + "user": "admin", + "schema": ".*", + "owner": true + }, + { + "user": "guest", + "owner": false + }, + { + "catalog": "default", + "schema": "default", + "owner": true + } + ] + } + ``` +* `resourceGroups` - object, default: `{}` + + [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) + Set the type property to either: + * `configmap`, and provide the Resource groups file contents in `resourceGroupsConfig`, + * `properties`, and provide configuration properties in `properties`. + Properties example: + ```yaml + type: properties + properties: | + resource-groups.configuration-manager=db + resource-groups.config-db-url=jdbc:postgresql://trino-postgresql.postgresql.svc.cluster.local:3306/resource_groups + resource-groups.config-db-user=username + resource-groups.config-db-password=password + ``` + Config map example: + ```yaml + type: configmap + # Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json + resourceGroupsConfig: |- + { + "rootGroups": [ + { + "name": "global", + "softMemoryLimit": "80%", + "hardConcurrencyLimit": 100, + "maxQueued": 100, + "schedulingPolicy": "fair", + "jmxExport": true, + "subGroups": [ + { + "name": "admin", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "finance_human_resources", + "softMemoryLimit": "20%", + "hardConcurrencyLimit": 15, + "maxQueued": 10 + }, + { + "name": "general", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "readonly", + "softMemoryLimit": "10%", + "hardConcurrencyLimit": 5, + "maxQueued": 5 + } + ] + } + ], + "selectors": [ + { + "user": "admin", + "group": "global.admin" + }, + { + "group": "finance|human_resources", + "group": "global.finance_human_resources" + }, + { + "user": "alice", + "group": "global.readonly" + }, + { + "group": "global.general" + } + ] + } + ``` +* `additionalNodeProperties` - list, default: `[]` + + [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example, assuming the NODE_ID environment variable has been set: + ```yaml + - node.id=${NODE_ID} + ``` +* `additionalConfigProperties` - list, default: `[]` + + [Additional config properties](https://trino.io/docs/current/admin/properties.html). + Example: + ```yaml + - internal-communication.shared-secret=random-value-999 + - http-server.process-forwarded=true + ``` +* `additionalLogProperties` - list, default: `[]` + + [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example: + ```yaml + - io.airlift=DEBUG + ``` +* `additionalExchangeManagerProperties` - list, default: `[]` + + [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). + Example: + ```yaml + - exchange.s3.region=object-store-region + - exchange.s3.endpoint=your-object-store-endpoint + - exchange.s3.aws-access-key=your-access-key + - exchange.s3.aws-secret-key=your-secret-key + ``` +* `eventListenerProperties` - list, default: `[]` + + [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + Example: + ```yaml + - event-listener.name=custom-event-listener + - custom-property1=custom-value1 + - custom-property2=custom-value2 + ``` +* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` + + Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + Example: + ```yaml + objectstore: | + connector.name=iceberg + iceberg.catalog.type=glue + jmx: | + connector.name=memory + memory: | + connector.name=memory + memory.max-data-per-node=128MB + ``` +* `additionalCatalogs` - object, default: `{}` + + Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +* `env` - list, default: `[]` + + additional environment variables added to every pod, specified as a list with explicit values + Example: + ```yaml + - name: NAME + value: "value" + ``` +* `envFrom` - list, default: `[]` + + additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references + Example: + ```yaml + - secretRef: + name: extra-secret + ``` +* `initContainers` - object, default: `{}` + + Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. + Example: + ```yaml + coordinator: + - name: init-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + worker: + - name: init-worker + image: busybox:1.28 + command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] + ``` +* `sidecarContainers` - object, default: `{}` + + Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run. + Example: + ```yaml + coordinator: + - name: side-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + worker: + - name: side-worker + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + ``` +* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` + + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` + + [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +* `containerSecurityContext.allowPrivilegeEscalation` - bool, default: `false` + + Control whether a process can gain more privileges than its parent process. +* `containerSecurityContext.capabilities.drop` - list, default: `["ALL"]` + + A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove the "CAP_" prefix which the kernel attaches to the names of permissions. +* `shareProcessNamespace.coordinator` - bool, default: `false` +* `shareProcessNamespace.worker` - bool, default: `false` +* `service.annotations` - object, default: `{}` +* `service.type` - string, default: `"ClusterIP"` +* `service.port` - int, default: `8080` +* `service.nodePort` - string, default: `""` + + The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). +* `auth` - object, default: `{}` + + Available authentication methods. + Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): + ```yaml + passwordAuth: "username:encrypted-password-with-htpasswd" + ``` + Set the name of a secret containing this file in the password.db key + ```yaml + passwordAuthSecret: "trino-password-authentication" + ``` + Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): + ```yaml + refreshPeriod: 5s + groups: "group_name:user_1,user_2,user_3" + ``` + Set the name of a secret containing this file in the group.db key + ```yaml + groupAuthSecret: "trino-group-authentication" + ``` +* `serviceAccount.create` - bool, default: `false` + + Specifies whether a service account should be created +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-map + path: /config-map/sample.json + subPath: sample.json + ``` +* `secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `coordinator.deployment.annotations` - object, default: `{}` +* `coordinator.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `coordinator.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `coordinator.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `coordinator.jvm.maxHeapSize` - string, default: `"8G"` +* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `coordinator.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""` +* `coordinator.config.nodeScheduler.includeCoordinator` - bool, default: `false` + + Allows scheduling work on the coordinator so that a single machine can function as both coordinator and worker. For large clusters, processing work on the coordinator can negatively impact query performance because the machine's resources are not available for the critical coordinator tasks of scheduling, managing, and monitoring query execution. +* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `coordinator.additionalJVMConfig` - list, default: `[]` +* `coordinator.additionalExposedPorts` - object, default: `{}` + + Additional ports configured in the coordinator container and the service. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + nodePort: 30443 + protocol: TCP + ``` +* `coordinator.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `coordinator.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) options + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.lifecycle` - object, default: `{}` + + Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `coordinator.terminationGracePeriodSeconds` - int, default: `30` +* `coordinator.nodeSelector` - object, default: `{}` +* `coordinator.tolerations` - list, default: `[]` +* `coordinator.affinity` - object, default: `{}` +* `coordinator.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `coordinator.additionalVolumes` - list, default: `[]` + + One or more additional volumes to add to the coordinator. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `coordinator.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to the coordinator. + Example: + - name: extras + mountPath: /usr/share/extras + readOnly: true +* `coordinator.annotations` - object, default: `{}` +* `coordinator.labels` - object, default: `{}` +* `coordinator.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json + ``` +* `coordinator.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `worker.deployment.annotations` - object, default: `{}` +* `worker.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `worker.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `worker.jvm.maxHeapSize` - string, default: `"8G"` +* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `worker.config.memory.heapHeadroomPerNode` - string, default: `""` +* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `worker.additionalJVMConfig` - list, default: `[]` +* `worker.additionalExposedPorts` - object, default: `{}` + + Additional container ports configured in all worker pods. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + ``` +* `worker.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `worker.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.lifecycle` - object, default: `{}` + + Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}` + + Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually. + Example: + ```yaml + gracefulShutdown: + enabled: true + gracePeriodSeconds: 120 + ``` +* `worker.terminationGracePeriodSeconds` - int, default: `30` +* `worker.nodeSelector` - object, default: `{}` +* `worker.tolerations` - list, default: `[]` +* `worker.affinity` - object, default: `{}` +* `worker.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `worker.additionalVolumes` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `worker.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + mountPath: /usr/share/extras + readOnly: true + ``` +* `worker.annotations` - object, default: `{}` +* `worker.labels` - object, default: `{}` +* `worker.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json + ``` +* `worker.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `kafka.mountPath` - string, default: `"/etc/trino/schemas"` +* `kafka.tableDescriptions` - object, default: `{}` + + Custom kafka table descriptions that will be mounted in mountPath. + Example: + ```yaml + testschema.json: |- + { + "tableName": "testtable", + "schemaName": "testschema", + "topicName": "testtopic", + "key": { + "dataFormat": "json", + "fields": [ + { + "name": "_key", + "dataFormat": "VARCHAR", + "type": "VARCHAR", + "hidden": "false" + } + ] + }, + "message": { + "dataFormat": "json", + "fields": [ + { + "name": "id", + "mapping": "id", + "type": "BIGINT" + }, + { + "name": "test_field", + "mapping": "test_field", + "type": "VARCHAR" + } + ] + } + } + ``` +* `jmx.enabled` - bool, default: `false` + + Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). +* `jmx.registryPort` - int, default: `9080` +* `jmx.serverPort` - int, default: `9081` +* `jmx.exporter.enabled` - bool, default: `false` + + Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption +* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:1.0.1"` +* `jmx.exporter.pullPolicy` - string, default: `"Always"` +* `jmx.exporter.port` - int, default: `5556` +* `jmx.exporter.configProperties` - string, default: `""` + + The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + Example: + ```yaml + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + lowercaseOutputName: false + lowercaseOutputLabelNames: false + includeObjectNames: ["java.lang:type=Threading"] + autoExcludeObjectNameAttributes: true + excludeObjectNameAttributes: + "java.lang:type=OperatingSystem": + - "ObjectName" + "java.lang:type=Runtime": + - "ClassPath" + - "SystemProperties" + rules: + - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + name: java_lang_Threading_ThreadCount + value: '$2' + help: 'ThreadCount (java.lang<>ThreadCount)' + type: UNTYPED + ``` +* `jmx.exporter.securityContext` - object, default: `{}` +* `jmx.exporter.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `jmx.coordinator` - object, default: `{}` + + Override JMX configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + exporter: + enabled: true + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + ``` +* `jmx.worker` - object, default: `{}` + + Override JMX configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + exporter: + enabled: true + ``` +* `serviceMonitor.enabled` - bool, default: `false` + + Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). +* `serviceMonitor.apiVersion` - string, default: `"monitoring.coreos.com/v1"` +* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}` + + Labels for serviceMonitor, so that Prometheus can select it +* `serviceMonitor.interval` - string, default: `"30s"` + + The serviceMonitor web endpoint interval +* `serviceMonitor.coordinator` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + labels: + prometheus: my-prometheus + ``` +* `serviceMonitor.worker` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + labels: + prometheus: my-prometheus + ``` +* `commonLabels` - object, default: `{}` + + Labels that get applied to every resource's metadata +* `ingress.enabled` - bool, default: `false` +* `ingress.className` - string, default: `""` +* `ingress.annotations` - object, default: `{}` +* `ingress.hosts` - list, default: `[]` + + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Example: + ```yaml + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific + ``` +* `ingress.tls` - list, default: `[]` + + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Example: + ```yaml + - secretName: chart-example-tls + hosts: + - chart-example.local + ``` +* `networkPolicy.enabled` - bool, default: `false` + + Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + > [!NOTE] + > - NetworkPolicies cannot block the ingress traffic coming directly + > from the Kubernetes node on which the Pod is running, + > and are thus incompatible with services of type `NodePort`. + > - When using NetworkPolicies together with JMX metrics export, + > additional ingress rules might be required to allow metric scraping. +* `networkPolicy.ingress` - list, default: `[]` + + Additional ingress rules to apply to the Trino pods. + Example: + ```yaml + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus + - podSelector: + matchLabels: + role: backend-app + ports: + - protocol: TCP + port: 8080 + - protocol: TCP + port: 5556 + ``` +* `networkPolicy.egress` - list, default: `[]` + + Egress rules to apply to the Trino pods. + Example: + ```yaml + - to: + - podSelector: + matchLabels: + role: log-ingestor + ports: + - protocol: TCP + port: 9999 + ``` + +* `catalogsSecrets` - list, default: `[]` + + An optional list of references to secrets to create catalogs + Example: + ```yaml + catalogsSecrets: [] + # - name: catalogs + # value: + # mariadb.properties: | + # connector.name=mariadb + # connection-user= + # connection-url= + # connection-password= + # postgresql.properties: | + # connector.name=postgresql + # connection-user= + # connection-url= + # postgresql.array-mapping= + # connection-password= + ``` + +* `ldapSecrets` - list, default: `[]` + + An optional list of references to secrets to create ldap config + Example: + ```yaml + ldapSecrets: + - name: ldap + value: + ldap.properties: | + password-authenticator.name=ldap + ldap.bind-dn=uid= + ldap.url= + ldap.bind-password= + ldap.user-bind-pattern= + ldap.group-auth-pattern= + ldap.user-base-dn= + ``` +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/trino/README.md.gotmpl b/charts/trino/README.md.gotmpl new file mode 100644 index 00000000..e296f05a --- /dev/null +++ b/charts/trino/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesHeader" . }} + +{{- range .Values }} +* `{{ .Key }}` - {{ .Type }}, default: {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}{{ if or .Description .AutoDescription }} {{ end }} +{{- if .Description }} +{{ .Description | nindent 2 }} +{{- else if .AutoDescription }} +{{ .AutoDescription | nindent 2 }} +{{- end }} +{{- end }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/templates/NOTES.txt b/charts/trino/templates/NOTES.txt similarity index 78% rename from templates/NOTES.txt rename to charts/trino/templates/NOTES.txt index 251ff875..90930a1d 100644 --- a/templates/NOTES.txt +++ b/charts/trino/templates/NOTES.txt @@ -4,7 +4,7 @@ Get the application URL by running these commands: export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "trino.name" . }},release={{ .Release.Name }},component=coordinator" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} --selector "app.kubernetes.io/name={{ template "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=coordinator" --output name) echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:8080 {{- end }} diff --git a/charts/trino/templates/_helpers.tpl b/charts/trino/templates/_helpers.tpl new file mode 100644 index 00000000..e6023abd --- /dev/null +++ b/charts/trino/templates/_helpers.tpl @@ -0,0 +1,157 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trino.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trino.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trino.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "trino.coordinator" -}} +{{- if .Values.coordinatorNameOverride }} +{{- .Values.coordinatorNameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "coordinator" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "coordinator" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trino.worker" -}} +{{- if .Values.workerNameOverride }} +{{- .Values.workerNameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "worker" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "worker" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{- define "trino.catalog" -}} +{{ template "trino.fullname" . }}-catalog +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "trino.labels" -}} +helm.sh/chart: {{ include "trino.chart" . }} +{{ include "trino.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels }} +{{ tpl (toYaml .Values.commonLabels) . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trino.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trino.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "trino.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "trino.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the proper image name +{{ include "trino.image" . }} + +Code is inspired from bitnami/common + +*/}} +{{- define "trino.image" -}} +{{- $repositoryName := .Values.image.repository -}} +{{- if .Values.image.useRepositoryAsSoleImageReference -}} + {{- printf "%s" $repositoryName -}} +{{- else -}} + {{- $repositoryName := .Values.image.repository -}} + {{- $registryName := .Values.image.registry -}} + {{- $separator := ":" -}} + {{- $termination := (default .Chart.AppVersion .Values.image.tag) | toString -}} + {{- if .Values.image.digest }} + {{- $separator = "@" -}} + {{- $termination = .Values.image.digest | toString -}} + {{- end -}} + {{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} + {{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the secret name for the file-based authentication's password file +*/}} +{{- define "trino.passwordSecretName" -}} +{{- if and .Values.auth .Values.auth.passwordAuthSecret }} +{{- .Values.auth.passwordAuthSecret | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "password-file" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "password-file" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create the secret name for the group-provider file +*/}} +{{- define "trino.groupsSecretName" -}} +{{- if and .Values.auth .Values.auth.groupAuthSecret }} +{{- .Values.auth.groupAuthSecret | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "groups-file" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "groups-file" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/trino/templates/autoscaler.yaml b/charts/trino/templates/autoscaler.yaml new file mode 100644 index 00000000..9bc88014 --- /dev/null +++ b/charts/trino/templates/autoscaler.yaml @@ -0,0 +1,37 @@ +{{- if .Values.server.autoscaling.enabled -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + minReplicas: {{ .Values.server.workers }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "trino.worker" . }} + metrics: + {{- if .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- if .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{ if .Values.server.autoscaling.behavior -}} + behavior: + {{- toYaml .Values.server.autoscaling.behavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-access-control-coordinator.yaml b/charts/trino/templates/configmap-access-control-coordinator.yaml new file mode 100644 index 00000000..80e6edbc --- /dev/null +++ b/charts/trino/templates/configmap-access-control-coordinator.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.accessControl.type "configmap" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.accessControl.rules }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-access-control-worker.yaml b/charts/trino/templates/configmap-access-control-worker.yaml new file mode 100644 index 00000000..7585962b --- /dev/null +++ b/charts/trino/templates/configmap-access-control-worker.yaml @@ -0,0 +1,22 @@ +{{- if .Values.worker.gracefulShutdown.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + graceful-shutdown-rules.json: >- + { + "system_information": [ + { + "allow": [ + "write" + ], + "user": "admin" + } + ] + } +{{- end }} diff --git a/charts/trino/templates/configmap-catalog.yaml b/charts/trino/templates/configmap-catalog.yaml new file mode 100644 index 00000000..65aaf251 --- /dev/null +++ b/charts/trino/templates/configmap-catalog.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.catalogs .Values.additionalCatalogs (and (kindIs "slice" .Values.catalogsSecrets) (gt (len .Values.catalogsSecrets) 0)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.catalog" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: catalogs +data: +{{- $merged := merge .Values.catalogs .Values.additionalCatalogs }} +{{- range $catalogName, $catalogProperties := $merged }} + {{ $catalogName }}.properties: | + {{- $catalogProperties | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml new file mode 100644 index 00000000..5c4f7500 --- /dev/null +++ b/charts/trino/templates/configmap-coordinator.yaml @@ -0,0 +1,187 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} + node.data-dir={{ .Values.server.node.dataDir }} + plugin.dir={{ .Values.server.node.pluginDir }} + {{- range $configValue := .Values.additionalNodeProperties }} + {{ $configValue }} + {{- end }} + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx{{ .Values.coordinator.jvm.maxHeapSize }} + -XX:+{{ .Values.coordinator.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.coordinator.jvm.gcMethod.g1.heapRegionSize }} + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + {{/* only check the version number if the image is not overriden in any way */}} + {{- with .Values.image -}} + {{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }} + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + {{- end }}{{/* if */}} + {{- end }}{{/* with */}} + {{- range $configValue := .Values.coordinator.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + {{- if $coordinatorJmx.enabled }} + -Dcom.sun.management.jmxremote.rmi.port={{- $coordinatorJmx.serverPort }} + {{- end }} + + config.properties: | + coordinator=true + node-scheduler.include-coordinator={{ .Values.coordinator.config.nodeScheduler.includeCoordinator }} + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.coordinator.config.query.maxMemoryPerNode }} + {{- if .Values.coordinator.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.coordinator.config.memory.heapHeadroomPerNode }} + {{- end }} + discovery.uri=http://localhost:{{ .Values.service.port }} + {{- if .Values.server.config.authenticationType }} + http-server.authentication.type={{ .Values.server.config.authenticationType }} + {{- end }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} + {{- if .Values.server.config.https.enabled }} + http-server.https.enabled=true + http-server.https.port={{ .Values.server.config.https.port }} + http-server.https.keystore.path={{ .Values.server.config.https.keystore.path }} + {{- end }} + {{- if $coordinatorJmx.enabled }} + jmx.rmiregistry.port={{- $coordinatorJmx.registryPort }} + jmx.rmiserver.port={{- $coordinatorJmx.serverPort }} + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s + {{- end }} + {{- if .Values.server.coordinatorExtraConfig }} + {{- .Values.server.coordinatorExtraConfig | nindent 4 }} + {{- end }} + +{{- if .Values.accessControl }} + {{- if eq .Values.accessControl.type "configmap" }} + access-control.properties: | + access-control.name=file + {{- if .Values.accessControl.refreshPeriod }} + security.refresh-period={{ .Values.accessControl.refreshPeriod }} + {{- end }} + security.config-file={{ .Values.server.config.path }}/access-control/{{ .Values.accessControl.configFile | default "rules.json" }} + {{- else if eq .Values.accessControl.type "properties" }} + access-control.properties: | + {{- if .Values.accessControl.properties }} + {{- .Values.accessControl.properties | nindent 4 }} + {{- else}} + {{- fail "accessControl.properties is required when accessControl.type is 'properties'." }} + {{- end }} + {{- else}} + {{- fail "Invalid accessControl.type value. It must be either 'configmap' or 'properties'." }} + {{- end }} +{{- end }} + +{{- if .Values.resourceGroups }} + {{- if eq .Values.resourceGroups.type "configmap" }} + resource-groups.properties: | + resource-groups.configuration-manager=file + resource-groups.config-file={{ .Values.server.config.path }}/resource-groups/resource-groups.json + {{- else if eq .Values.resourceGroups.type "properties" }} + resource-groups.properties: | + {{- if .Values.resourceGroups.properties }} + {{- .Values.resourceGroups.properties | nindent 4 }} + {{- else}} + {{- fail "resourceGroups.properties is required when resourceGroups.type is 'properties'." }} + {{- end }} + {{- else}} + {{- fail "Invalid resourceGroups.type value. It must be either 'configmap' or 'properties'." }} + {{- end }} +{{- end }} + +{{- if .Values.server.exchangeManager }} + exchange-manager.properties: | + exchange-manager.name={{ .Values.server.exchangeManager.name }} + exchange.base-directories={{ join "," .Values.server.exchangeManager.baseDir }} + {{- range $configValue := .Values.additionalExchangeManagerProperties }} + {{ $configValue }} + {{- end }} +{{- end }} + + log.properties: | + io.trino={{ .Values.server.log.trino.level }} + {{- range $configValue := .Values.additionalLogProperties }} + {{ $configValue }} + {{- end }} + + {{- if contains "PASSWORD" .Values.server.config.authenticationType }}{{- if not (index .Values.coordinator.additionalConfigFiles "password-authenticator.properties") }} + password-authenticator.properties: | + password-authenticator.name=file + file.password-file={{ .Values.server.config.path }}/auth/password/password.db + {{- end }}{{- end }} + + {{- if .Values.auth.groups }}{{- if not (index .Values.coordinator.additionalConfigFiles "group-provider.properties") }} + group-provider.properties: | + group-provider.name=file + file.group-file={{ .Values.server.config.path }}/auth/group/group.db + {{- if .Values.auth.refreshPeriod }} + file.refresh-period={{ .Values.auth.refreshPeriod }} + {{- end }} + {{- end }}{{- end }} + +{{ if .Values.eventListenerProperties }} + event-listener.properties: | + {{- range $configValue := .Values.eventListenerProperties }} + {{ $configValue }} + {{- end }} +{{ end }} + +{{- range $fileName, $fileContent := .Values.coordinator.additionalConfigFiles }} + {{ $fileName }}: | + {{- tpl $fileContent $ | nindent 4 }} +{{- end }} +{{- if eq .Values.resourceGroups.type "configmap" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + resource-groups.json: |- + {{- .Values.resourceGroups.resourceGroupsConfig | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-schemas-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} diff --git a/charts/trino/templates/configmap-jmx-exporter.yaml b/charts/trino/templates/configmap-jmx-exporter.yaml new file mode 100644 index 00000000..e11f3478 --- /dev/null +++ b/charts/trino/templates/configmap-jmx-exporter.yaml @@ -0,0 +1,29 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +{{- if $coordinatorJmx.exporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: jmx +data: + jmx-exporter-config.yaml: |- + {{- tpl $coordinatorJmx.exporter.configProperties . | nindent 4 }} +{{- end }} +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if $workerJmx.exporter.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: jmx +data: + jmx-exporter-config.yaml: |- + {{- tpl $workerJmx.exporter.configProperties . | nindent 4 }} +{{- end }} diff --git a/charts/trino/templates/configmap-worker.yaml b/charts/trino/templates/configmap-worker.yaml new file mode 100644 index 00000000..d78cdee2 --- /dev/null +++ b/charts/trino/templates/configmap-worker.yaml @@ -0,0 +1,120 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if or .Values.server.keda.enabled (gt (int .Values.server.workers) 0) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} + node.data-dir={{ .Values.server.node.dataDir }} + plugin.dir={{ .Values.server.node.pluginDir }} + {{- range $configValue := .Values.additionalNodeProperties }} + {{ $configValue }} + {{- end }} + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx{{ .Values.worker.jvm.maxHeapSize }} + -XX:+{{ .Values.worker.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.worker.jvm.gcMethod.g1.heapRegionSize }} + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + {{/* only check the version number if the image is not overriden in any way */}} + {{- with .Values.image -}} + {{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }} + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + {{- end }}{{/* if */}} + {{- end }}{{/* with */}} + {{- range $configValue := .Values.worker.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + {{- if $workerJmx.enabled }} + -Dcom.sun.management.jmxremote.rmi.port={{- $workerJmx.serverPort }} + {{- end }} + + config.properties: | + coordinator=false + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.worker.config.query.maxMemoryPerNode }} + {{- if .Values.worker.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.worker.config.memory.heapHeadroomPerNode }} + {{- end }} + discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} + {{- if $workerJmx.enabled }} + jmx.rmiregistry.port={{- $workerJmx.registryPort }} + jmx.rmiserver.port={{- $workerJmx.serverPort }} + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s + {{- end }} + {{- if .Values.server.workerExtraConfig }} + {{- .Values.server.workerExtraConfig | nindent 4 }} + {{- end }} + +{{- if .Values.worker.gracefulShutdown.enabled }} + access-control.properties: | + access-control.name=file + security.config-file={{ .Values.server.config.path }}/access-control/graceful-shutdown-rules.json +{{- end }} + +{{- if .Values.server.exchangeManager }} + exchange-manager.properties: | + exchange-manager.name={{ .Values.server.exchangeManager.name }} + exchange.base-directories={{ join "," .Values.server.exchangeManager.baseDir }} + {{- range $configValue := .Values.additionalExchangeManagerProperties }} + {{ $configValue }} + {{- end }} +{{- end }} + + log.properties: | + io.trino={{ .Values.server.log.trino.level }} + {{- range $configValue := .Values.additionalLogProperties }} + {{ $configValue }} + {{- end }} + +{{ if .Values.eventListenerProperties }} + event-listener.properties: | + {{- range $configValue := .Values.eventListenerProperties }} + {{ $configValue }} + {{- end }} +{{ end }} + +{{- range $fileName, $fileContent := .Values.worker.additionalConfigFiles }} + {{ $fileName }}: | + {{- tpl $fileContent $ | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-schemas-volume-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml new file mode 100644 index 00000000..41eb8c4e --- /dev/null +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -0,0 +1,267 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.coordinator.deployment.annotations | nindent 4 }} +spec: + progressDeadlineSeconds: {{ .Values.coordinator.deployment.progressDeadlineSeconds }} + revisionHistoryLimit: {{ .Values.coordinator.deployment.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.coordinator.deployment.strategy | nindent 4 }} + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: coordinator + template: + metadata: + annotations: + {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} + {{- end }} + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} + {{- end }} + checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }} + {{- if .Values.coordinator.annotations }} + {{- tpl (toYaml .Values.coordinator.annotations) . | nindent 8 }} + {{- end }} + + labels: + {{- include "trino.labels" . | nindent 8 }} + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace.coordinator }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "trino.coordinator" . }} + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + {{- end }} + - name: schemas-volume + configMap: + name: {{ template "trino.fullname" . }}-schemas-volume-coordinator + {{- if eq .Values.accessControl.type "configmap" }} + - name: access-control-volume + configMap: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + {{- end }} + {{- if eq .Values.resourceGroups.type "configmap" }} + - name: resource-groups-volume + configMap: + name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator + {{- end }} + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - name: file-password-authentication-volume + secret: + secretName: {{ template "trino.passwordSecretName" . }} + items: + - key: password.db + path: password.db + {{- end }} + {{- if or .Values.auth.groups .Values.auth.groupsAuthSecret }} + - name: file-groups-authentication-volume + secret: + secretName: {{ template "trino.groupsSecretName" . }} + items: + - key: group.db + path: group.db + {{- end }} + {{- if $coordinatorJmx.exporter.enabled }} + - name: jmx-exporter-config-volume + configMap: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.coordinator.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- with .Values.coordinator.additionalVolumes }} + {{- tpl (. | toYaml) $ | nindent 8 }} + {{- end }} + {{- if .Values.initContainers.coordinator }} + initContainers: + {{- tpl (toYaml .Values.initContainers.coordinator) . | nindent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.coordinator.terminationGracePeriodSeconds }} + containers: + - name: {{ .Chart.Name }}-coordinator + image: {{ include "trino.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + env: + {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- tpl (toYaml .Values.envFrom) . | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume + {{- end }} + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- if eq .Values.accessControl.type "configmap" }} + - mountPath: {{ .Values.server.config.path }}/access-control + name: access-control-volume + {{- end }} + {{- if eq .Values.resourceGroups.type "configmap" }} + - mountPath: {{ .Values.server.config.path }}/resource-groups + name: resource-groups-volume + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.coordinator.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - mountPath: {{ .Values.server.config.path }}/auth/password + name: file-password-authentication-volume + {{- end }} + {{- if or .Values.auth.groups .Values.auth.groupsAuthSecret }} + - mountPath: {{ .Values.server.config.path }}/auth/group + name: file-groups-authentication-volume + {{- end }} + {{- with .Values.coordinator.additionalVolumeMounts }} + {{- . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + {{- if $coordinatorJmx.enabled }} + - name: jmx-registry + containerPort: {{ $coordinatorJmx.registryPort }} + protocol: TCP + - name: jmx-server + containerPort: {{ $coordinatorJmx.serverPort }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.coordinator.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.coordinator.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.livenessProbe.successThreshold | default 1 }} + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: {{ .Values.coordinator.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.coordinator.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.readinessProbe.successThreshold | default 1 }} + lifecycle: + {{- toYaml .Values.coordinator.lifecycle | nindent 12 }} + resources: + {{- toYaml .Values.coordinator.resources | nindent 12 }} + {{- if $coordinatorJmx.exporter.enabled }} + - name: jmx-exporter + image: {{ $coordinatorJmx.exporter.image }} + imagePullPolicy: {{ $coordinatorJmx.exporter.pullPolicy }} + securityContext: + {{- toYaml $coordinatorJmx.exporter.securityContext | nindent 12 }} + args: + - "{{ $coordinatorJmx.exporter.port }}" + - /etc/jmx-exporter/jmx-exporter-config.yaml + volumeMounts: + - mountPath: /etc/jmx-exporter/ + name: jmx-exporter-config-volume + resources: + {{- toYaml $coordinatorJmx.exporter.resources | nindent 12 }} + ports: + - name: jmx-exporter + containerPort: {{ $coordinatorJmx.exporter.port }} + protocol: TCP + {{- end }} + {{- if .Values.sidecarContainers.coordinator }} + {{- toYaml .Values.sidecarContainers.coordinator | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml new file mode 100644 index 00000000..9b088755 --- /dev/null +++ b/charts/trino/templates/deployment-worker.yaml @@ -0,0 +1,259 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if or .Values.server.keda.enabled (gt (int .Values.server.workers) 0) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.worker.deployment.annotations | nindent 4 }} +spec: + progressDeadlineSeconds: {{ .Values.worker.deployment.progressDeadlineSeconds }} + revisionHistoryLimit: {{ .Values.worker.deployment.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.worker.deployment.strategy | nindent 4 }} + {{- if and (not .Values.server.autoscaling.enabled) (not .Values.server.keda.enabled) }} + replicas: {{ .Values.server.workers }} + {{- end }} + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + template: + metadata: + annotations: + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} + {{- end }} + checksum/worker-config: {{ include (print $.Template.BasePath "/configmap-worker.yaml") . | sha256sum }} + {{- if .Values.worker.gracefulShutdown.enabled }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-worker.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.worker.annotations }} + {{- tpl (toYaml .Values.worker.annotations) . | nindent 8 }} + {{- end }} + labels: + {{- include "trino.labels" . | nindent 8 }} + app.kubernetes.io/component: worker + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace.worker }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "trino.worker" . }} + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + {{- end }} + - name: schemas-volume + configMap: + name: {{ template "trino.fullname" . }}-schemas-volume-worker + {{- if $workerJmx.exporter.enabled }} + - name: jmx-exporter-config-volume + configMap: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + - name: access-control-volume + configMap: + name: {{ template "trino.fullname" . }}-access-control-volume-worker + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.worker.configMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl .configMap $ }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- with .Values.worker.additionalVolumes }} + {{- tpl (. | toYaml) $ | nindent 8 }} + {{- end }} + {{- if .Values.initContainers.worker }} + initContainers: + {{- tpl (toYaml .Values.initContainers.worker) . | nindent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if and .Values.worker.gracefulShutdown.enabled (gt (mulf 2.0 .Values.worker.gracefulShutdown.gracePeriodSeconds) .Values.worker.terminationGracePeriodSeconds) }} + {{- fail "The user must set the `worker.terminationGracePeriodSeconds` to a value of at least two times the configured `gracePeriodSeconds`." }} + {{- else }} + terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-worker + image: {{ include "trino.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + env: + {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- tpl (toYaml .Values.envFrom) . | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + {{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume + {{- end }} + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- if .Values.worker.gracefulShutdown.enabled }} + - mountPath: {{ .Values.server.config.path }}/access-control + name: access-control-volume + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.worker.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- with .Values.worker.additionalVolumeMounts }} + {{- . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + {{- if $workerJmx.enabled }} + - name: jmx-registry + containerPort: {{ $workerJmx.registryPort }} + protocol: TCP + - name: jmx-server + containerPort: {{ $workerJmx.serverPort }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.worker.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.worker.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.livenessProbe.successThreshold | default 1 }} + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.readinessProbe.successThreshold | default 1 }} + lifecycle: + {{- if .Values.worker.lifecycle }} + {{- if .Values.worker.gracefulShutdown.enabled }} + {{- fail "The `worker.lifecycle` configuration conflicts with `worker.gracefulShutdown`. Either disable `worker.gracefulShutdown` and apply the related configurations manually, or remove `worker.lifecycle`." }} + {{- end }} + {{- toYaml .Values.worker.lifecycle | nindent 12 }} + {{- else if .Values.worker.gracefulShutdown.enabled }} + preStop: + exec: + command: + - /bin/sh + - -c + - >- + curl -v -X PUT + -d '"SHUTTING_DOWN"' + -H 'Content-type: application/json' + -H 'X-Trino-User: admin' + http://localhost:{{- .Values.service.port -}}/v1/info/state + {{- end }} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + {{- if $workerJmx.exporter.enabled }} + - name: jmx-exporter + image: {{ $workerJmx.exporter.image }} + imagePullPolicy: {{ $workerJmx.exporter.pullPolicy }} + securityContext: + {{- toYaml $workerJmx.exporter.securityContext | nindent 12 }} + args: + - "{{ $workerJmx.exporter.port }}" + - /etc/jmx-exporter/jmx-exporter-config.yaml + volumeMounts: + - mountPath: /etc/jmx-exporter/ + name: jmx-exporter-config-volume + resources: + {{- toYaml $workerJmx.exporter.resources | nindent 12 }} + ports: + - name: jmx-exporter + containerPort: {{ $workerJmx.exporter.port }} + protocol: TCP + {{- end }} + {{- if .Values.sidecarContainers.worker }} + {{- toYaml .Values.sidecarContainers.worker | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/ingress.yaml b/charts/trino/templates/ingress.yaml new file mode 100644 index 00000000..1da324c3 --- /dev/null +++ b/charts/trino/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ tpl .secretName $ }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "trino.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/keda-scaledobject.yaml b/charts/trino/templates/keda-scaledobject.yaml new file mode 100644 index 00000000..4f1df9f9 --- /dev/null +++ b/charts/trino/templates/keda-scaledobject.yaml @@ -0,0 +1,40 @@ +{{- if .Values.server.keda.enabled }} +{{- if .Values.server.autoscaling.enabled }} +{{- fail "The worker Kubernetes Event-driven Autoscaling configuration (`server.keda`) conflicts with the worker Horizontal Pod Autoscaling (`server.autoscaling`). They cannot be both enabled at the same time!" }} +{{- end }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- with .Values.server.keda.annotations }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "trino.worker" . }} + pollingInterval: {{ .Values.server.keda.pollingInterval }} + cooldownPeriod: {{ .Values.server.keda.cooldownPeriod }} + initialCooldownPeriod: {{ .Values.server.keda.initialCooldownPeriod }} + minReplicaCount: {{ .Values.server.keda.minReplicaCount }} + maxReplicaCount: {{ .Values.server.keda.maxReplicaCount }} + {{- with .Values.server.keda.fallback }} + fallback: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.keda.advanced }} + advanced: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.keda.triggers }} + triggers: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- else }} + {{- fail "At least one element in `.Values.server.keda.triggers` is required!" }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/networkpolicy.yaml b/charts/trino/templates/networkpolicy.yaml new file mode 100644 index 00000000..592c8823 --- /dev/null +++ b/charts/trino/templates/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.networkPolicy.enabled }} +{{- if eq "NodePort" .Values.service.type}} +{{- fail "NetworkPolicy enforcement is not supported with NodePort services, as traffic reaches the Pod through the node itself, bypassing pod-level network controls." }} +{{- end }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: network-policy +spec: + podSelector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + trino.io/network-policy-protection: enabled + policyTypes: + - Ingress + {{- with .Values.networkPolicy.egress }} + - Egress + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 14 }} + trino.io/network-policy-protection: enabled + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- with .Values.networkPolicy.ingress }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml new file mode 100644 index 00000000..97b62ab7 --- /dev/null +++ b/charts/trino/templates/secret.yaml @@ -0,0 +1,55 @@ +{{- if and (not .Values.auth.passwordAuthSecret) .Values.auth.passwordAuth }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "trino.passwordSecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +data: +{{- if .Values.auth.passwordAuth }} + password.db: {{ .Values.auth.passwordAuth | b64enc }} +{{- end }} +{{- end }} +--- +{{- if and (not .Values.auth.groupsAuthSecret) .Values.auth.groups }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "trino.groupsSecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +data: +{{- if .Values.auth.groups}} + group.db: {{ .Values.auth.groups | b64enc }} +{{- end }} +{{- end }} +--- +{{- if .Values.catalogsSecrets }} +{{- range .Values.catalogsSecrets }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .name }}" +data: +{{- range $key, $val := .value }} + {{ $key }}: {{ $val | b64enc | nindent 4 }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} +--- +{{- if .Values.ldapSecrets }} +{{- range .Values.ldapSecrets }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .name }}" +data: +{{- range $key, $val := .value }} + {{ $key }}: {{ $val | b64enc | nindent 4 }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} diff --git a/charts/trino/templates/service-coordinator.yaml b/charts/trino/templates/service-coordinator.yaml new file mode 100644 index 00000000..b028047a --- /dev/null +++ b/charts/trino/templates/service-coordinator.yaml @@ -0,0 +1,42 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- if $coordinatorJmx.exporter.enabled }} + - port: {{ $coordinatorJmx.exporter.port }} + targetPort: jmx-exporter + protocol: TCP + name: jmx-exporter + {{- if $coordinatorJmx.exporter.nodePort }} + nodePort: {{ $coordinatorJmx.exporter.nodePort }} + {{- end }} + {{- end }} + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - port: {{ $value.servicePort }} + name: {{ $value.name }} + targetPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- if $value.nodePort }} + nodePort: {{ $value.nodePort }} + {{- end }} + {{- end }} + selector: + {{- include "trino.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: coordinator diff --git a/charts/trino/templates/service-worker.yaml b/charts/trino/templates/service-worker.yaml new file mode 100644 index 00000000..97fec58c --- /dev/null +++ b/charts/trino/templates/service-worker.yaml @@ -0,0 +1,27 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + clusterIP: None + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if $workerJmx.exporter.enabled }} + - port: {{$workerJmx.exporter.port }} + targetPort: jmx-exporter + protocol: TCP + name: jmx-exporter + {{- end }} + selector: + {{- include "trino.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: worker diff --git a/charts/trino/templates/serviceaccount.yaml b/charts/trino/templates/serviceaccount.yaml new file mode 100644 index 00000000..a61c0724 --- /dev/null +++ b/charts/trino/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trino.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/servicemonitor-coordinator.yaml b/charts/trino/templates/servicemonitor-coordinator.yaml new file mode 100644 index 00000000..7e6ba1ed --- /dev/null +++ b/charts/trino/templates/servicemonitor-coordinator.yaml @@ -0,0 +1,24 @@ +{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if $coordinatorServiceMonitor.enabled -}} +apiVersion: {{ $coordinatorServiceMonitor.apiVersion }} +kind: ServiceMonitor +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if $coordinatorServiceMonitor.labels }} + {{- toYaml $coordinatorServiceMonitor.labels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: coordinator + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: jmx-exporter + interval: {{ $coordinatorServiceMonitor.interval }} +{{- end }} diff --git a/charts/trino/templates/servicemonitor-worker.yaml b/charts/trino/templates/servicemonitor-worker.yaml new file mode 100644 index 00000000..7e3c3c51 --- /dev/null +++ b/charts/trino/templates/servicemonitor-worker.yaml @@ -0,0 +1,24 @@ +{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if $workerServiceMonitor.enabled }} +apiVersion: {{ $workerServiceMonitor.apiVersion }} +kind: ServiceMonitor +metadata: + name: {{ template "trino.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if $workerServiceMonitor.labels }} + {{- toYaml $workerServiceMonitor.labels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: jmx-exporter + interval: {{ $workerServiceMonitor.interval }} +{{- end }} diff --git a/charts/trino/templates/tests/test-connection.yaml b/charts/trino/templates/tests/test-connection.yaml new file mode 100644 index 00000000..5749c1ea --- /dev/null +++ b/charts/trino/templates/tests/test-connection.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-connection + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + {{- if eq .Values.resourceGroups.type "properties" }} + initContainers: + - name: postgresql-client + image: bitnami/postgresql:17.1.0 + command: + - /bin/sh + - -c + - | + echo "Inserting resource groups data"; + PGUSER=trino PGPASSWORD=pass0000 psql -h trino-resource-groups-db-postgresql.postgresql.svc.cluster.local resource_groups <- + kubectl get pods + --selector="app.kubernetes.io/name={{ include "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=worker" + --output=jsonpath="{.items[0].metadata.name}" + --namespace={{ .Release.Namespace }} + > /pods/worker-pod.txt + volumeMounts: + - mountPath: /pods + name: worker-pod + containers: + - name: check-logs + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + WORKER_POD=$(cat /pods/worker-pod.txt) && + kubectl logs ${WORKER_POD} + --follow + --container=trino-worker + --namespace={{ .Release.Namespace }} + | grep --max-count=1 "Shutdown requested" + volumeMounts: + - mountPath: /pods + name: worker-pod + - name: trigger-graceful-shutdown + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + sleep 5 && + WORKER_POD=$(cat /pods/worker-pod.txt) && + kubectl delete pod + ${WORKER_POD} + --namespace={{ .Release.Namespace }} + volumeMounts: + - mountPath: /pods + name: worker-pod + restartPolicy: Never + volumes: + - name: worker-pod + emptyDir: {} + +{{- end }} diff --git a/charts/trino/templates/tests/test-jmx.yaml b/charts/trino/templates/tests/test-jmx.yaml new file mode 100644 index 00000000..a968cc8f --- /dev/null +++ b/charts/trino/templates/tests/test-jmx.yaml @@ -0,0 +1,99 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if or $coordinatorJmx.exporter.enabled $coordinatorServiceMonitor.enabled $workerJmx.exporter.enabled $workerServiceMonitor.enabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-jmx + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: jmx + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + containers: + {{- if $coordinatorJmx.exporter.enabled }} + - name: trino-jmx-coordinator + image: {{ include "trino.image" . }} + command: ["/bin/bash", "-c"] + args: + - curl -s {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ $coordinatorJmx.exporter.port }}/metrics | grep -q trino + {{- end }} + {{- if $workerJmx.exporter.port }} + - name: trino-jmx-worker + image: {{ include "trino.image" . }} + command: ["/bin/bash", "-c"] + args: + - curl -s {{ include "trino.fullname" . }}-worker.{{ .Release.Namespace }}:{{ $workerJmx.exporter.port }}/metrics | grep -q trino + {{- end }} + {{- if $coordinatorServiceMonitor.enabled }} + - name: service-monitor-coordinator + image: python:3-slim + command: [ "python", "/tests/test.py" ] + args: ["{{ include "trino.fullname" . }}"] + volumeMounts: + - name: tests + mountPath: /tests + {{- end }} + {{- if $workerServiceMonitor.enabled }} + - name: service-monitor-worker + image: python:3-slim + command: ["python", "/tests/test.py"] + args: ["{{ include "trino.fullname" . }}-worker"] + volumeMounts: + - name: tests + mountPath: /tests + {{- end }} + volumes: + - name: tests + configMap: + name: {{ include "trino.fullname" . }}-test-jmx + restartPolicy: Never +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "trino.fullname" . }}-test-jmx + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: jmx + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +data: + test.py: | + from urllib.request import urlopen + from urllib.error import URLError, HTTPError + import json + import logging + import sys + import time + + logger = logging.getLogger(__name__) + target_service = sys.argv[1] + url = f"http://prometheus-operator-kube-p-prometheus:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{target_service}/0&state=active" + while True: + try: + with urlopen(url) as response: + data = json.load(response) + except (URLError, HTTPError) as e: + logger.warning("Error fetching targets, Prometheus service might not be ready: ", e) + time.sleep(2) # Retry after 2 seconds + continue + + try: + service_name = data["data"]["activeTargets"][0]["discoveredLabels"]["__meta_kubernetes_service_name"] + except (KeyError, IndexError) as e: + logger.warning("Invalid Prometheus response: ", e) + time.sleep(2) # Retry after 2 seconds + continue + + if service_name == target_service: + logger.info(f"Found expected service '{service_name}' in Prometheus targets!") + break +{{- end }} diff --git a/charts/trino/templates/tests/test-networkpolicy.yaml b/charts/trino/templates/tests/test-networkpolicy.yaml new file mode 100644 index 00000000..2d7455fd --- /dev/null +++ b/charts/trino/templates/tests/test-networkpolicy.yaml @@ -0,0 +1,28 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-networkpolicy + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: network-policy + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + containers: + - name: check-connection + image: {{ include "trino.image" . }} + command: [ "/bin/bash", "-c" ] + args: + - >- + curl + {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} + --head + --fail + --connect-timeout 10 + --max-time 10 + 2>&1 | grep -q "timed out" + restartPolicy: Never +{{- end }} diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml new file mode 100644 index 00000000..3d52191c --- /dev/null +++ b/charts/trino/values.yaml @@ -0,0 +1,1167 @@ +# Default values for trino. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Override resource names to avoid name conflicts when deploying multiple +# releases in the same namespace. +# @raw +# Example: +# ```yaml +# coordinatorNameOverride: trino-coordinator-adhoc +# workerNameOverride: trino-worker-adhoc +# nameOverride: trino-adhoc +# ``` +nameOverride: +coordinatorNameOverride: +workerNameOverride: + +image: + # -- Image registry, defaults to empty, which results in DockerHub usage + registry: "" + # -- Repository location of the Trino image, typically `organization/imagename` + repository: trinodb/trino + # -- Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml + tag: "" + # -- Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. + digest: "" + # -- When true, only the content in `repository` is used as image reference + useRepositoryAsSoleImageReference: false + pullPolicy: IfNotPresent + +# -- An optional list of references to secrets in the same namespace to use for pulling images. +# @raw +# Example: +# ```yaml +# imagePullSecrets: +# - name: registry-credentials +# ``` +imagePullSecrets: [] + +server: + workers: 2 + node: + environment: production + dataDir: /data/trino + pluginDir: /usr/lib/trino/plugin + log: + trino: + level: INFO + config: + path: /etc/trino + https: + enabled: false + port: 8443 + keystore: + path: "" + # -- Trino supports multiple [authentication + # types](https://trino.io/docs/current/security/authentication-types.html): + # PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. + authenticationType: "" + query: + maxMemory: "4GB" + exchangeManager: {} + # server.exchangeManager -- Mandatory [exchange manager + # configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). + # Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. + # To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. + # Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. + # @raw + # Example: + # ```yaml + # server: + # exchangeManager: + # name: "filesystem" + # baseDir: + # - "/tmp/trino-local-file-system-exchange-manager" + # additionalConfigProperties: + # - retry-policy=TASK + # additionalExchangeManagerProperties: + # - exchange.sink-buffer-pool-min-size=10 + # - exchange.sink-buffers-per-partition=2 + # - exchange.source-concurrent-readers=4 + # ``` + + workerExtraConfig: "" + coordinatorExtraConfig: "" + # server.autoscaling -- Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) + # for workers (`server.keda.enabled` must be `false`). + autoscaling: + enabled: false + maxReplicas: 5 + # -- Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, + # set to an empty string. + targetCPUUtilizationPercentage: 50 + # -- Target average memory utilization, represented as a percentage of requested memory. To disable scaling + # based on memory, set to an empty string. + targetMemoryUtilizationPercentage: 80 + behavior: {} + # server.autoscaling.behavior -- Configuration for scaling up and down. + # @raw + # Example: + # ```yaml + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # scaleUp: + # stabilizationWindowSeconds: 0 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # - type: Pods + # value: 4 + # periodSeconds: 15 + # selectPolicy: Max + # ``` + + # server.keda -- Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers + # (`server.autoscaling.enabled` must be `false`). + keda: + enabled: false + pollingInterval: 30 + # -- Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 + cooldownPeriod: 300 + # -- The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. + initialCooldownPeriod: 0 + # -- Minimum number of replicas KEDA will scale the resource down to. + # By default, it’s scale to zero, but you can use it with some other value as well. + minReplicaCount: 0 + # -- This setting is passed to the HPA definition that KEDA will create for a given resource and + # holds the maximum number of replicas of the target resource. + maxReplicaCount: 5 + fallback: {} + # server.keda.fallback -- Defines a number of replicas to fall back to if a scaler is in an error state. + # @raw + # Example: + # ```yaml + # fallback: # Optional. Section to specify fallback options + # failureThreshold: 3 # Mandatory if fallback section is included + # replicas: 6 # Mandatory if fallback section is included + # ``` + advanced: {} + # server.keda.advanced -- Specifies HPA related options + # @raw + # Example: + # ```yaml + # advanced: + # horizontalPodAutoscalerConfig: + # behavior: + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # ``` + triggers: [] + # server.keda.triggers -- List of triggers to activate scaling of the target resource + # @raw + # Example: + # ```yaml + # triggers: + # - type: prometheus + # metricType: Value + # metadata: + # serverAddress: "http://prometheus.example.com" + # threshold: "1" + # metricName: required_workers + # query: >- + # sum by (service) + # (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + # ``` + annotations: {} + # server.keda.annotations -- Annotations to apply to the ScaledObject CRD. + # @raw + # Example: + # ```yaml + # annotations: + # autoscaling.keda.sh/paused-replicas: "0" + # autoscaling.keda.sh/paused: "true" + # ``` + +accessControl: {} +# accessControl -- [System access +# control](https://trino.io/docs/current/security/built-in-system-access-control.html) +# configuration. +# @raw +# Set the type property to either: +# * `configmap`, and provide the rule file contents in `rules`, +# * `properties`, and provide configuration properties in `properties`. +# Properties example: +# ```yaml +# type: properties +# properties: | +# access-control.name=custom-access-control +# access-control.custom_key=custom_value +# ``` +# Config map example: +# ```yaml +# type: configmap +# refreshPeriod: 60s +# # Rules file is mounted to /etc/trino/access-control +# configFile: "rules.json" +# rules: +# rules.json: |- +# { +# "catalogs": [ +# { +# "user": "admin", +# "catalog": "(mysql|system)", +# "allow": "all" +# }, +# { +# "group": "finance|human_resources", +# "catalog": "postgres", +# "allow": true +# }, +# { +# "catalog": "hive", +# "allow": "all" +# }, +# { +# "user": "alice", +# "catalog": "postgresql", +# "allow": "read-only" +# }, +# { +# "catalog": "system", +# "allow": "none" +# } +# ], +# "schemas": [ +# { +# "user": "admin", +# "schema": ".*", +# "owner": true +# }, +# { +# "user": "guest", +# "owner": false +# }, +# { +# "catalog": "default", +# "schema": "default", +# "owner": true +# } +# ] +# } +# ``` + +resourceGroups: {} +# resourceGroups -- [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) +# @raw +# Set the type property to either: +# * `configmap`, and provide the Resource groups file contents in `resourceGroupsConfig`, +# * `properties`, and provide configuration properties in `properties`. +# Properties example: +# ```yaml +# type: properties +# properties: | +# resource-groups.configuration-manager=db +# resource-groups.config-db-url=jdbc:postgresql://trino-postgresql.postgresql.svc.cluster.local:3306/resource_groups +# resource-groups.config-db-user=username +# resource-groups.config-db-password=password +# ``` +# Config map example: +# ```yaml +# type: configmap +# # Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json +# resourceGroupsConfig: |- +# { +# "rootGroups": [ +# { +# "name": "global", +# "softMemoryLimit": "80%", +# "hardConcurrencyLimit": 100, +# "maxQueued": 100, +# "schedulingPolicy": "fair", +# "jmxExport": true, +# "subGroups": [ +# { +# "name": "admin", +# "softMemoryLimit": "30%", +# "hardConcurrencyLimit": 20, +# "maxQueued": 10 +# }, +# { +# "name": "finance_human_resources", +# "softMemoryLimit": "20%", +# "hardConcurrencyLimit": 15, +# "maxQueued": 10 +# }, +# { +# "name": "general", +# "softMemoryLimit": "30%", +# "hardConcurrencyLimit": 20, +# "maxQueued": 10 +# }, +# { +# "name": "readonly", +# "softMemoryLimit": "10%", +# "hardConcurrencyLimit": 5, +# "maxQueued": 5 +# } +# ] +# } +# ], +# "selectors": [ +# { +# "user": "admin", +# "group": "global.admin" +# }, +# { +# "group": "finance|human_resources", +# "group": "global.finance_human_resources" +# }, +# { +# "user": "alice", +# "group": "global.readonly" +# }, +# { +# "group": "global.general" +# } +# ] +# } +# ``` + +additionalNodeProperties: [] +# additionalNodeProperties -- [Additional node +# properties](https://trino.io/docs/current/installation/deployment.html#log-levels). +# @raw +# Example, assuming the NODE_ID environment variable has been set: +# ```yaml +# - node.id=${NODE_ID} +# ``` + +additionalConfigProperties: [] +# additionalConfigProperties -- [Additional config +# properties](https://trino.io/docs/current/admin/properties.html). +# @raw +# Example: +# ```yaml +# - internal-communication.shared-secret=random-value-999 +# - http-server.process-forwarded=true +# ``` + +additionalLogProperties: [] +# additionalLogProperties -- [Additional log +# properties](https://trino.io/docs/current/installation/deployment.html#log-levels). +# @raw +# Example: +# ```yaml +# - io.airlift=DEBUG +# ``` + +additionalExchangeManagerProperties: [] +# additionalExchangeManagerProperties -- [Exchange manager +# properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). +# @raw +# Example: +# ```yaml +# - exchange.s3.region=object-store-region +# - exchange.s3.endpoint=your-object-store-endpoint +# - exchange.s3.aws-access-key=your-access-key +# - exchange.s3.aws-secret-key=your-secret-key +# ``` + +eventListenerProperties: [] +# eventListenerProperties -- [Event +# listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) +# properties. To configure multiple event listeners, add them in +# `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and +# set the `event-listener.config-files` property in +# `additionalConfigProperties` to their locations. +# @raw +# Example: +# ```yaml +# - event-listener.name=custom-event-listener +# - custom-property1=custom-value1 +# - custom-property2=custom-value2 +# ``` + +catalogs: + tpch: | + connector.name=tpch + tpch.splits-per-node=4 + tpcds: | + connector.name=tpcds + tpcds.splits-per-node=4 +# catalogs -- Configure +# [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +# @raw +# Example: +# ```yaml +# objectstore: | +# connector.name=iceberg +# iceberg.catalog.type=glue +# jmx: | +# connector.name=memory +# memory: | +# connector.name=memory +# memory.max-data-per-node=128MB +# ``` + +additionalCatalogs: {} +# additionalCatalogs -- Deprecated, use `catalogs` instead. Configure additional +# [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + +env: [] +# env -- additional environment variables added to every pod, specified as a list with explicit values +# @raw +# Example: +# ```yaml +# - name: NAME +# value: "value" +# ``` + +envFrom: [] +# envFrom -- additional environment variables added to every pod, specified as a list of either `ConfigMap` +# or `Secret` references +# @raw +# Example: +# ```yaml +# - secretRef: +# name: extra-secret +# ``` + +initContainers: {} +# initContainers -- Additional [containers that run to +# completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) +# during pod initialization. +# @raw +# Example: +# ```yaml +# coordinator: +# - name: init-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] +# worker: +# - name: init-worker +# image: busybox:1.28 +# command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] +# ``` + +sidecarContainers: {} +# sidecarContainers -- Additional [containers that starts +# before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) +# the Trino container and continues to run. +# @raw +# Example: +# ```yaml +# coordinator: +# - name: side-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# worker: +# - name: side-worker +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# ``` + +# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. +# To remove the default, set it to null (or `~`). +securityContext: + runAsUser: 1000 + runAsGroup: 1000 + +# -- [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +containerSecurityContext: + # -- Control whether a process can gain more privileges than its parent process. + allowPrivilegeEscalation: false + capabilities: + # -- A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in + # [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove + # the "CAP_" prefix which the kernel attaches to the names of permissions. + drop: + - ALL + +shareProcessNamespace: + coordinator: false + worker: false + +service: + annotations: {} + type: ClusterIP + port: 8080 + # service.nodePort -- The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will + # [allocate a port + # automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). + nodePort: "" + +auth: {} +# auth -- Available authentication methods. +# @raw +# Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): +# ```yaml +# passwordAuth: "username:encrypted-password-with-htpasswd" +# ``` +# Set the name of a secret containing this file in the password.db key +# ```yaml +# passwordAuthSecret: "trino-password-authentication" +# ``` +# Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): +# ```yaml +# refreshPeriod: 5s +# groups: "group_name:user_1,user_2,user_3" +# ``` +# Set the name of a secret containing this file in the group.db key +# ```yaml +# groupAuthSecret: "trino-group-authentication" +# ``` + +serviceAccount: + # -- Specifies whether a service account should be created + create: false + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # -- Annotations to add to the service account + annotations: {} + +configMounts: [] +# configMounts -- Allows mounting additional Trino configuration files from +# Kubernetes config maps on all nodes. +# @raw +# Example: +# ```yaml +# - name: sample-config-mount +# configMap: sample-config-map +# path: /config-map/sample.json +# subPath: sample.json +# ``` + +secretMounts: [] +# secretMounts -- Allows mounting additional Trino configuration files from +# Kubernetes secrets on all nodes. +# @raw +# Example: +# ```yaml +# - name: sample-secret +# secretName: sample-secret +# path: /secrets/sample.json +# subPath: sample.json +# - name: catalogs +# secretName: catalogs +# path: /etc/trino/catalog +# - name: ldap +# secretName: ldap +# path: /etc/trino/ldap +# ``` + +coordinator: + deployment: + annotations: {} + progressDeadlineSeconds: 600 + # coordinator.deployment.progressDeadlineSeconds -- The maximum time in seconds for a deployment to make progress before it + # is considered failed. The deployment controller continues to + # process failed deployments and a condition with a ProgressDeadlineExceeded + # reason is surfaced in the deployment status. + + revisionHistoryLimit: 10 + # coordinator.deployment.revisionHistoryLimit -- The number of old ReplicaSets to retain to allow rollback. + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + # coordinator.deployment.strategy -- The deployment strategy to use to replace existing pods with new ones. + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + + config: + memory: + heapHeadroomPerNode: "" + nodeScheduler: + includeCoordinator: false + # coordinator.config.nodeScheduler.includeCoordinator -- Allows scheduling work on the coordinator so that a + # single machine can function as both coordinator and worker. For large clusters, processing work on the + # coordinator can negatively impact query performance because the machine's resources are not available for the + # critical coordinator tasks of scheduling, managing, and monitoring query execution. + query: + maxMemoryPerNode: "1GB" + + additionalJVMConfig: [] + + additionalExposedPorts: {} + # coordinator.additionalExposedPorts -- Additional ports configured in the coordinator container and the service. + # @raw + # Example: + # ```yaml + # https: + # servicePort: 8443 + # name: https + # port: 8443 + # nodePort: 30443 + # protocol: TCP + # ``` + + resources: {} + # coordinator.resources -- It is recommended not to specify default resources + # and to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + + livenessProbe: {} + # coordinator.livenessProbe -- [Liveness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # options + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + readinessProbe: {} + # coordinator.readinessProbe -- [Readiness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + + lifecycle: {} + # coordinator.lifecycle -- Coordinator container [lifecycle + # events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + # @raw + # Example: + # ```yaml + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 120"] + # ``` + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + # coordinator.additionalConfigFiles -- Additional config files placed in the default configuration directory. + # Supports templating the files' contents with `tpl`. + # @raw + # Example: + # ```yaml + # secret.txt: | + # secret-value={{- .Values.someValue }} + # ``` + + additionalVolumes: [] + # coordinator.additionalVolumes -- One or more additional volumes to add to the coordinator. + # @raw + # Example: + # ```yaml + # - name: extras + # emptyDir: {} + # ``` + + additionalVolumeMounts: [] + # coordinator.additionalVolumeMounts -- One or more additional volume mounts to add to the coordinator. + # @raw + # Example: + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + + annotations: {} + + labels: {} + + configMounts: [] + # coordinator.configMounts -- Allows mounting additional Trino configuration + # files from Kubernetes config maps on the coordinator node. + # @raw + # Example: + # ```yaml + # - name: sample-config-mount + # configMap: sample-config-mount + # path: /config-mount/sample.json + # subPath: sample.json + # ``` + + secretMounts: [] + # coordinator.secretMounts -- Allows mounting additional Trino configuration + # files from Kubernetes secrets on the coordinator node. + # @raw + # Example: + # ```yaml + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + # subPath: sample.json + # ``` + +worker: + deployment: + annotations: {} + progressDeadlineSeconds: 600 + # worker.deployment.progressDeadlineSeconds -- The maximum time in seconds for a deployment to make progress before it + # is considered failed. The deployment controller continues to + # process failed deployments and a condition with a ProgressDeadlineExceeded + # reason is surfaced in the deployment status. + + revisionHistoryLimit: 10 + # worker.deployment.revisionHistoryLimit -- The number of old ReplicaSets to retain to allow rollback. + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + # worker.deployment.strategy -- The deployment strategy to use to replace existing pods with new ones. + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + + config: + memory: + heapHeadroomPerNode: "" + query: + maxMemoryPerNode: "1GB" + + additionalJVMConfig: [] + + additionalExposedPorts: {} + # worker.additionalExposedPorts -- Additional container ports configured in all worker pods. + # @raw + # Example: + # ```yaml + # https: + # servicePort: 8443 + # name: https + # port: 8443 + # protocol: TCP + # ``` + + resources: {} + # worker.resources -- It is recommended not to specify default resources and + # to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + + livenessProbe: {} + # worker.livenessProbe -- [Liveness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + readinessProbe: {} + # worker.readinessProbe -- [Readiness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + + lifecycle: {} + # worker.lifecycle -- Worker container [lifecycle + # events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + # + # Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + # + # @raw + # Example: + # ```yaml + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 120"] + # ``` + + gracefulShutdown: + enabled: false + gracePeriodSeconds: 120 + # worker.gracefulShutdown -- Configure [graceful + # shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate + # without affecting running queries, given a sufficient grace period. When enabled, the value of + # `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. + # Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration + # needs to be used, graceful shutdown must be configured manually. + # + # @raw + # Example: + # ```yaml + # gracefulShutdown: + # enabled: true + # gracePeriodSeconds: 120 + # ``` + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + # worker.additionalConfigFiles -- Additional config files placed in the default configuration directory. + # Supports templating the files' contents with `tpl`. + # @raw + # Example: + # ```yaml + # secret.txt: | + # secret-value={{- .Values.someValue }} + # ``` + + additionalVolumes: [] + # worker.additionalVolumes -- One or more additional volume mounts to add to all workers. + # @raw + # Example: + # ```yaml + # - name: extras + # emptyDir: {} + # ``` + + additionalVolumeMounts: [] + # worker.additionalVolumeMounts -- One or more additional volume mounts to add to all workers. + # @raw + # Example: + # ```yaml + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + # ``` + + annotations: {} + + labels: {} + + configMounts: [] + # worker.configMounts -- Allows mounting additional Trino configuration + # files from Kubernetes config maps on all worker nodes. + # @raw + # Example: + # ```yaml + # - name: sample-config-mount + # configMap: sample-config-mount + # path: /config-mount/sample.json + # subPath: sample.json + # ``` + + secretMounts: [] + # worker.secretMounts -- Allows mounting additional Trino configuration + # files from Kubernetes secrets on all worker nodes. + # @raw + # Example: + # ```yaml + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + # subPath: sample.json + # ``` + +kafka: + mountPath: "/etc/trino/schemas" + tableDescriptions: {} + # kafka.tableDescriptions -- Custom kafka table descriptions that will be mounted in mountPath. + # @raw + # Example: + # ```yaml + # testschema.json: |- + # { + # "tableName": "testtable", + # "schemaName": "testschema", + # "topicName": "testtopic", + # "key": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "_key", + # "dataFormat": "VARCHAR", + # "type": "VARCHAR", + # "hidden": "false" + # } + # ] + # }, + # "message": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "id", + # "mapping": "id", + # "type": "BIGINT" + # }, + # { + # "name": "test_field", + # "mapping": "test_field", + # "type": "VARCHAR" + # } + # ] + # } + # } + # ``` + +jmx: + # -- Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). + enabled: false + registryPort: 9080 + serverPort: 9081 + exporter: + # jmx.exporter.enabled -- Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption + enabled: false + image: bitnami/jmx-exporter:1.0.1 + pullPolicy: Always + port: 5556 + configProperties: "" + # jmx.exporter.configProperties -- The string value is templated using `tpl`. The JMX config properties file + # is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + # @raw + # Example: + # ```yaml + # configProperties: |- + # hostPort: localhost:{{- .Values.jmx.registryPort }} + # startDelaySeconds: 0 + # ssl: false + # lowercaseOutputName: false + # lowercaseOutputLabelNames: false + # includeObjectNames: ["java.lang:type=Threading"] + # autoExcludeObjectNameAttributes: true + # excludeObjectNameAttributes: + # "java.lang:type=OperatingSystem": + # - "ObjectName" + # "java.lang:type=Runtime": + # - "ClassPath" + # - "SystemProperties" + # rules: + # - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + # name: java_lang_Threading_ThreadCount + # value: '$2' + # help: 'ThreadCount (java.lang<>ThreadCount)' + # type: UNTYPED + # ``` + securityContext: {} + resources: {} + # jmx.exporter.resources -- It is recommended not to specify default resources + # and to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + coordinator: {} + # jmx.coordinator -- Override JMX configurations for the Trino coordinator. + # @raw + # Example + # ```yaml + # coordinator: + # enabled: true + # exporter: + # enabled: true + # configProperties: |- + # hostPort: localhost:{{- .Values.jmx.registryPort }} + # startDelaySeconds: 0 + # ssl: false + # ``` + worker: {} + # jmx.worker -- Override JMX configurations for the Trino workers. + # @raw + # Example + # ```yaml + # worker: + # enabled: true + # exporter: + # enabled: true + # ``` + +serviceMonitor: + # serviceMonitor.enabled -- Set to true to create resources for the + # [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). + enabled: false + + apiVersion: monitoring.coreos.com/v1 + # serviceMonitor.labels -- Labels for serviceMonitor, so that Prometheus can select it + labels: + prometheus: kube-prometheus + # serviceMonitor.interval -- The serviceMonitor web endpoint interval + interval: "30s" + coordinator: {} + # serviceMonitor.coordinator -- Override ServiceMonitor configurations for the Trino coordinator. + # @raw + # Example + # ```yaml + # coordinator: + # enabled: true + # labels: + # prometheus: my-prometheus + # ``` + worker: {} + # serviceMonitor.worker -- Override ServiceMonitor configurations for the Trino workers. + # @raw + # Example + # ```yaml + # worker: + # enabled: true + # labels: + # prometheus: my-prometheus + # ``` + +# -- Labels that get applied to every resource's metadata +commonLabels: {} + +ingress: + enabled: false + className: "" + annotations: {} + hosts: [] + # ingress.hosts -- [Ingress + # rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + # @raw + # Example: + # ```yaml + # - host: trino.example.com + # paths: + # - path: / + # pathType: ImplementationSpecific + # ``` + tls: [] + # ingress.tls -- Ingress + # [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) + # configuration. + # @raw + # Example: + # ```yaml + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # ``` + +networkPolicy: + # networkPolicy.enabled -- Set to true to enable Trino pod protection with a + # [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). + # By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + # @raw + # > [!NOTE] + # > - NetworkPolicies cannot block the ingress traffic coming directly + # > from the Kubernetes node on which the Pod is running, + # > and are thus incompatible with services of type `NodePort`. + # > - When using NetworkPolicies together with JMX metrics export, + # > additional ingress rules might be required to allow metric scraping. + enabled: false + # networkPolicy.ingress -- Additional ingress rules to apply to the Trino pods. + # @raw + # Example: + # ```yaml + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: prometheus + # - podSelector: + # matchLabels: + # role: backend-app + # ports: + # - protocol: TCP + # port: 8080 + # - protocol: TCP + # port: 5556 + # ``` + ingress: [] + # networkPolicy.egress -- Egress rules to apply to the Trino pods. + # @raw + # Example: + # ```yaml + # - to: + # - podSelector: + # matchLabels: + # role: log-ingestor + # ports: + # - protocol: TCP + # port: 9999 + # ``` + egress: [] + +catalogsSecrets: [] + # - name: catalogs + # value: + # mariadb.properties: | + # connector.name=mariadb + # connection-user= + # connection-url= + # connection-password= + # postgresql.properties: | + # connector.name=postgresql + # connection-user= + # connection-url= + # postgresql.array-mapping= + # connection-password= +ldapSecrets: [] + # - name: ldap + # value: + # ldap.properties: | + # password-authenticator.name=ldap + # ldap.bind-dn=uid= + # ldap.url= + # ldap.bind-password= + # ldap.user-bind-pattern= + # ldap.group-auth-pattern= + # ldap.user-base-dn= diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl deleted file mode 100644 index ea0a1da5..00000000 --- a/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "trino.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "trino.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "trino.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{- define "trino.coordinator" -}} -{{ template "trino.fullname" . }}-coordinator -{{- end -}} - -{{- define "trino.worker" -}} -{{ template "trino.fullname" . }}-worker -{{- end -}} diff --git a/templates/configmap-coordinator.yaml b/templates/configmap-coordinator.yaml deleted file mode 100644 index 92c05bca..00000000 --- a/templates/configmap-coordinator.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "trino.coordinator" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: coordinator -data: - node.properties: | - node.environment={{ .Values.server.node.environment }} - node.data-dir={{ .Values.server.node.dataDir }} - plugin.dir={{ .Values.server.node.pluginDir }} - - jvm.config: | - -server - -Xmx{{ .Values.server.jvm.maxHeapSize }} - -XX:+{{ .Values.server.jvm.gcMethod.type }} - -XX:G1HeapRegionSize={{ .Values.server.jvm.gcMethod.g1.heapRegionSize }} - -XX:+UseGCOverheadLimit - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -Djdk.attach.allowAttachSelf=true - - config.properties: | - coordinator=true -{{- if gt (int .Values.server.workers) 0 }} - node-scheduler.include-coordinator=false -{{- else }} - node-scheduler.include-coordinator=true -{{- end }} - http-server.http.port={{ .Values.service.port }} - query.max-memory={{ .Values.server.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} - discovery-server.enabled=true - discovery.uri=http://localhost:{{ .Values.service.port }} - - log.properties: | - io.trinosql={{ .Values.server.log.trino.level }} - ---- diff --git a/templates/configmap-worker.yaml b/templates/configmap-worker.yaml deleted file mode 100644 index 202e0e97..00000000 --- a/templates/configmap-worker.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if gt (int .Values.server.workers) 0 }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "trino.worker" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: worker -data: - node.properties: | - node.environment={{ .Values.server.node.environment }} - node.data-dir={{ .Values.server.node.dataDir }} - plugin.dir={{ .Values.server.node.pluginDir }} - - jvm.config: | - -server - -Xmx{{ .Values.server.jvm.maxHeapSize }} - -XX:+{{ .Values.server.jvm.gcMethod.type }} - -XX:G1HeapRegionSize={{ .Values.server.jvm.gcMethod.g1.heapRegionSize }} - -XX:+UseGCOverheadLimit - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -Djdk.attach.allowAttachSelf=true - - config.properties: | - coordinator=false - http-server.http.port={{ .Values.service.port }} - query.max-memory={{ .Values.server.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} - discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} - - log.properties: | - io.trinosql={{ .Values.server.log.trino.level }} - -{{- end }} diff --git a/templates/deployment-coordinator.yaml b/templates/deployment-coordinator.yaml deleted file mode 100644 index f35f0e47..00000000 --- a/templates/deployment-coordinator.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "trino.coordinator" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: coordinator -spec: - selector: - matchLabels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: coordinator - template: - metadata: - labels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: coordinator - spec: - {{- with .Values.securityContext }} - securityContext: - runAsUser: {{ .runAsUser }} - runAsGroup: {{ .runAsGroup }} - {{- end }} - volumes: - - name: config-volume - configMap: - name: {{ template "trino.coordinator" . }} - containers: - - name: {{ .Chart.Name }}-coordinator - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.server.config.path }} - name: config-volume - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: /v1/info - port: http - readinessProbe: - httpGet: - path: /v1/info - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/templates/deployment-worker.yaml b/templates/deployment-worker.yaml deleted file mode 100644 index 1ea38e9c..00000000 --- a/templates/deployment-worker.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if gt (int .Values.server.workers) 0 }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "trino.worker" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - component: worker -spec: - replicas: {{ .Values.server.workers }} - selector: - matchLabels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: worker - template: - metadata: - labels: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: worker - spec: - volumes: - - name: config-volume - configMap: - name: {{ template "trino.worker" . }} - containers: - - name: {{ .Chart.Name }}-worker - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.server.config.path }} - name: config-volume - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - httpGet: - path: /v1/info - port: http - readinessProbe: - httpGet: - path: /v1/info - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml deleted file mode 100644 index bd137ef6..00000000 --- a/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "trino.fullname" . }} - labels: - app: {{ template "trino.name" . }} - chart: {{ template "trino.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "trino.name" . }} - release: {{ .Release.Name }} - component: coordinator diff --git a/tests/gateway/test-https.yaml b/tests/gateway/test-https.yaml new file mode 100644 index 00000000..e59b51bf --- /dev/null +++ b/tests/gateway/test-https.yaml @@ -0,0 +1,31 @@ +command: + - "/bin/sh" + - "-c" + - | + cat /etc/certificates/tls.crt /etc/certificates/tls.key > /etc/scratch/tls.pem && \ + java -XX:MinRAMPercentage=80.0 -XX:MaxRAMPercentage=80.0 -jar /usr/lib/trino/gateway-ha-jar-with-dependencies.jar /etc/gateway/config.yaml + +config: + serverConfig: + http-server.http.enabled: false + http-server.https.enabled: true + http-server.https.port: 8443 + http-server.https.keystore.path: /etc/scratch/tls.pem + +ingress: + enabled: true + +volumes: + - name: certificates + secret: + secretName: certificates + - name: scratch + emptyDir: + sizeLimit: 10Mi + +volumeMounts: + - name: certificates + mountPath: /etc/certificates + readOnly: true + - name: scratch + mountPath: /etc/scratch diff --git a/tests/gateway/test-nodeport.yaml b/tests/gateway/test-nodeport.yaml new file mode 100644 index 00000000..aef9bfea --- /dev/null +++ b/tests/gateway/test-nodeport.yaml @@ -0,0 +1,19 @@ +config: + serverConfig: + http-server.http.enabled: true + http-server.http.port: 8080 + http-server.https.enabled: true + http-server.https.port: 8443 + http-server.https.keystore.path: /etc/scratch/tls.pem + +service: + type: NodePort + ports: + - protocol: TCP + name: request + nodePort: 30443 + - protocol: TCP + name: gateway-http + nodePort: 30080 + port: 8080 + targetPort: 8080 diff --git a/tests/gateway/test-values-with-env.yaml b/tests/gateway/test-values-with-env.yaml new file mode 100644 index 00000000..c58a470a --- /dev/null +++ b/tests/gateway/test-values-with-env.yaml @@ -0,0 +1,37 @@ +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + dataStore: + # The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local:5432/gateway + user: "${ENV:PG_USER}" + password: "${ENV:PG_PASSWORD}" + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +envFrom: + - secretRef: + name: db-credentials + +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi diff --git a/tests/gateway/test-values.yaml b/tests/gateway/test-values.yaml new file mode 100644 index 00000000..d91692bd --- /dev/null +++ b/tests/gateway/test-values.yaml @@ -0,0 +1,36 @@ +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + dataStore: + # The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local:5432/gateway + user: gateway + password: pass0000 + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +ingress: + enabled: true + +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi diff --git a/tests/gateway/test.sh b/tests/gateway/test.sh new file mode 100755 index 00000000..915cf6f2 --- /dev/null +++ b/tests/gateway/test.sh @@ -0,0 +1,140 @@ +#!/usr/bin/env bash + +set -euo pipefail + +declare -A testCases=( + [complete_values]="--values test-values.yaml" + [env_from]="--values test-values-with-env.yaml" + [nodeport]="--values test-values.yaml --values test-https.yaml --values test-nodeport.yaml" + [https]="--values test-values.yaml --values test-https.yaml" +) + +declare -A testCaseCharts=( + [complete_values]="../../charts/gateway" + [env_from]="../../charts/gateway" + [nodeport]="../../charts/gateway" + [https]="../../charts/gateway" +) + +TEST_NAMES=(complete_values env_from nodeport https) + +function join_by { + local d=${1-} f=${2-} + if shift 2; then + printf %s "$f" "${@/#/$d}" + fi +} + +# default to randomly generated namespace, same as chart-testing would do, but we need to load secrets into the same namespace +NAMESPACE=trino-gateway-$(LC_ALL=C tr -dc 'a-z0-9' &2 "Generating a self-signed TLS certificate" +NODE_IP=$(kubectl get nodes -o json -o jsonpath='{.items[0].status.addresses[0].address}') +openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/O=Trino Software Foundation" \ + -addext "subjectAltName=DNS:trino-gateway,DNS:localhost,DNS:*.$NAMESPACE,DNS:*.$NAMESPACE.svc,DNS:*.$NAMESPACE.svc.cluster.local,IP:127.0.0.1,IP:${NODE_IP}" \ + -keyout cert.key -out cert.crt +kubectl -n "$NAMESPACE" create secret tls certificates --cert=cert.crt --key=cert.key --dry-run=client --output yaml | kubectl apply --filename - + +HELM_EXTRA_SET_ARGS= +CT_ARGS=( + --skip-clean-up + --helm-extra-args="--timeout 4m" +) +CLEANUP_NAMESPACE=true + +usage() { + cat <&2 +Usage: $0 [-h] [-n ] [-a ] [-t ] [-s] +Test the Trino chart + +-h Display help +-n Kubernetes namespace, a randomly generated one is used if not provided +-a Extra Helm set args +-t Test names to run, comma separated; defaults to $(join_by , "${TEST_NAMES[@]}") +-s Skip chart cleanup +EOF +} + +while getopts ":a:n:t:sh:" OPTKEY; do + case "${OPTKEY}" in + a) + HELM_EXTRA_SET_ARGS=${OPTARG} + ;; + n) + NAMESPACE=${OPTARG} + ;; + t) + IFS=, read -ra TEST_NAMES <<<"$OPTARG" + ;; + s) + CLEANUP_NAMESPACE=false + ;; + h) + usage + exit 0 + ;; + *) + usage + exit 1 + ;; + esac +done +shift $((OPTIND - 1)) + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" +cd "${SCRIPT_DIR}" || exit 2 + +CT_ARGS+=(--namespace "$NAMESPACE") + +DB_PASSWORD=pass0000 + +DB_INSTALLATION_NAME=gateway-backend-db +helm upgrade --install ${DB_INSTALLATION_NAME} oci://registry-1.docker.io/bitnamicharts/postgresql -n "$DB_NAMESPACE" \ + --create-namespace \ + --version "16.2.1" \ + --set common.resources.preset=micro \ + --set auth.username=gateway \ + --set auth.password=${DB_PASSWORD} \ + --set auth.database=gateway \ + --set primary.persistence.enabled=false +kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgresql --timeout=300s -n "$DB_NAMESPACE" + +kubectl --namespace "$NAMESPACE" create secret generic db-credentials --from-literal=PG_USER='gateway' --from-literal=PG_PASSWORD='pass0000' + +result=0 +for test_name in "${TEST_NAMES[@]}"; do + echo 1>&2 "" + echo 1>&2 "🧪 Running test $test_name" + echo 1>&2 "" + HELM_EXTRA_SET_ARGS="$HELM_EXTRA_SET_ARGS --set=serviceName=trino-gateway-${test_name//_/-}" + if ! time ct install "${CT_ARGS[@]}" --charts="${testCaseCharts[$test_name]}" --helm-extra-set-args "$HELM_EXTRA_SET_ARGS ${testCases[$test_name]}"; then + echo 1>&2 "❌ Test $test_name failed" + echo 1>&2 "Test logs:" + kubectl --namespace "$NAMESPACE" logs --tail=-1 --selector app.kubernetes.io/component=test --all-containers=true --prefix=true + result=1 + else + echo 1>&2 "✅ Test $test_name completed" + fi + if [ "$CLEANUP_NAMESPACE" == "true" ]; then + for release in $(helm --namespace "$NAMESPACE" ls --all --short | grep -v 'prometheus-operator'); do + echo 1>&2 "Cleaning up Helm release $release" + helm --namespace "$NAMESPACE" delete "$release" + done + fi +done + +if [ "$CLEANUP_NAMESPACE" == "true" ]; then + helm -n "$DB_NAMESPACE" uninstall gateway-backend-db --ignore-not-found + kubectl delete namespace "$DB_NAMESPACE" --ignore-not-found + kubectl delete namespace "$NAMESPACE" --ignore-not-found + mapfile -t crds < <(kubectl api-resources --api-group=monitoring.coreos.com --output name) + if [ ${#crds[@]} -ne 0 ]; then + kubectl delete crd "${crds[@]}" + fi +fi +echo Exit code $result +exit $result diff --git a/tests/trino/test-access-control-properties-values.yaml b/tests/trino/test-access-control-properties-values.yaml new file mode 100644 index 00000000..c1ad9156 --- /dev/null +++ b/tests/trino/test-access-control-properties-values.yaml @@ -0,0 +1,7 @@ +# Access Control 'properties' values to test. +# This is a YAML-formatted file. + +accessControl: + type: properties + properties: | + access-control.name=read-only diff --git a/tests/trino/test-exchange-manager-values.yaml b/tests/trino/test-exchange-manager-values.yaml new file mode 100644 index 00000000..87fa13bb --- /dev/null +++ b/tests/trino/test-exchange-manager-values.yaml @@ -0,0 +1,35 @@ +# Exchange Manager values to test. +# This is a YAML-formatted file. + +coordinator: + additionalVolumes: + - name: exchange-volume + persistentVolumeClaim: + claimName: exchange-manager-pvc + + additionalVolumeMounts: + - name: exchange-volume + mountPath: "/tmp/trino-local-file-system-exchange-manager" + +worker: + additionalVolumes: + - name: exchange-volume + persistentVolumeClaim: + claimName: exchange-manager-pvc + + additionalVolumeMounts: + - name: exchange-volume + mountPath: "/tmp/trino-local-file-system-exchange-manager" + +server: + exchangeManager: + name: "filesystem" + baseDir: "/tmp/trino-local-file-system-exchange-manager" + +additionalConfigProperties: + - retry-policy=TASK + +additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 diff --git a/tests/trino/test-graceful-shutdown-values.yaml b/tests/trino/test-graceful-shutdown-values.yaml new file mode 100644 index 00000000..87185484 --- /dev/null +++ b/tests/trino/test-graceful-shutdown-values.yaml @@ -0,0 +1,6 @@ +worker: + gracefulShutdown: + enabled: true + gracePeriodSeconds: 60 + + terminationGracePeriodSeconds: 120 diff --git a/tests/trino/test-resource-groups-properties-values.yaml b/tests/trino/test-resource-groups-properties-values.yaml new file mode 100644 index 00000000..7f6631c1 --- /dev/null +++ b/tests/trino/test-resource-groups-properties-values.yaml @@ -0,0 +1,15 @@ +# Resource Groups 'properties' values to test. +# This is a YAML-formatted file. + +server: + log: + trino: + level: INFO + +resourceGroups: + type: properties + properties: | + resource-groups.configuration-manager=db + resource-groups.config-db-url=jdbc:postgresql://trino-resource-groups-db-postgresql.postgresql.svc.cluster.local:5432/resource_groups + resource-groups.config-db-user=trino + resource-groups.config-db-password=pass0000 diff --git a/tests/trino/test-values.yaml b/tests/trino/test-values.yaml new file mode 100644 index 00000000..cc45edb9 --- /dev/null +++ b/tests/trino/test-values.yaml @@ -0,0 +1,296 @@ +# All custom values belong here during testing. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +server: + workers: 0 + config: + https: + enabled: true + keystore: + path: /etc/trino/generated/tls.pem + authenticationType: PASSWORD + coordinatorExtraConfig: | + query.client.timeout=5m + query.execution-policy=phased + autoscaling: + enabled: false + keda: + enabled: true + pollingInterval: 5 + minReplicaCount: 0 + maxReplicaCount: 2 + cooldownPeriod: 300 + triggers: + - type: prometheus + metricType: Value + metadata: + serverAddress: http://prometheus-operator-kube-p-prometheus.{{ .Release.Namespace }}:9090 + threshold: "1" + metricName: required_workers + query: >- + sum by (service) + (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + + +additionalConfigProperties: + - internal-communication.shared-secret=random-value-999 + - http-server.authentication.allow-insecure-over-http=true + - http-server.process-forwarded=true + +service: + annotations: + custom/name: value + port: 8080 + +auth: + # created using htpasswd -B -C 10 password.db admin + # every password is admin123 + passwordAuth: | + admin:$2y$10$8SWYy3DhcZNfQnpeHOMnD.GOcuKJ/Hqzw8CXSp05YEmXUA.k/4L7a + alice:$2y$10$6XLlfiT7Q0MwJmU61CnP1.BzOImMxfqzULQHbSxAoeqTHn661uoGK + bob:$2y$10$aXfppF9iHtHjuKzbIUY8f.F98IRj2ZGfu2aok0wDgBBnD6hnDZKwK + refreshPeriod: 15s + groups: | + group1:admin,alice,bob + group2:alice + group3:bob + +secretMounts: + - name: certificates + secretName: '{{ .Release.Namespace }}-certificates' + path: /etc/trino/certificates + +coordinator: + deployment: + annotations: + custom/name: value + progressDeadlineSeconds: 500 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 50% + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + config: + memory: + heapHeadroomPerNode: "2GB" + query: + maxMemoryPerNode: "2GB" + + additionalVolumes: + - name: generated-files + emptyDir: {} + + additionalVolumeMounts: + - name: generated-files + mountPath: /etc/trino/generated + readOnly: false + + additionalExposedPorts: + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + + annotations: + custom/name: value + +worker: + deployment: + annotations: + custom/name: value + progressDeadlineSeconds: 500 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 50% + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + config: + memory: + heapHeadroomPerNode: "2GB" + query: + maxMemoryPerNode: "2GB" + + annotations: + custom/name: value + +commonLabels: + extra-label: extra-value + +initContainers: + coordinator: + - name: init-coordinator + image: busybox:1.36 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "cat /etc/trino/certificates/tls.crt /etc/trino/certificates/tls.key > /etc/trino/generated/tls.pem"] + volumeMounts: + - name: certificates + readOnly: true + mountPath: "/etc/trino/certificates" + - name: generated-files + readOnly: false + mountPath: "/etc/trino/generated" + +accessControl: + type: configmap + refreshPeriod: 60s + configFile: "rules.json" + rules: + rules.json: |- + { + "catalogs": [ + { + "user": "admin", + "catalog": "(tpch|system)", + "allow": "all" + }, + { + "group": "group1", + "catalog": "tpch", + "allow": true + }, + { + "user": "alice", + "catalog": "jmx", + "allow": "read-only" + }, + { + "catalog": "system", + "allow": "none" + } + ], + "schemas": [ + { + "user": "admin", + "schema": ".*", + "owner": true + }, + { + "user": "alice", + "owner": false + } + ] + } + +resourceGroups: + type: configmap + resourceGroupsConfig: |- + { + "rootGroups": [ + { + "name": "global", + "softMemoryLimit": "80%", + "hardConcurrencyLimit": 100, + "maxQueued": 100, + "schedulingPolicy": "fair", + "jmxExport": true, + "subGroups": [ + { + "name": "admin", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "finance_human_resources", + "softMemoryLimit": "20%", + "hardConcurrencyLimit": 15, + "maxQueued": 10 + }, + { + "name": "general", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "readonly", + "softMemoryLimit": "10%", + "hardConcurrencyLimit": 5, + "maxQueued": 5 + } + ] + } + ], + "selectors": [ + { + "user": "admin", + "group": "global.admin" + }, + { + "group": "finance|human_resources", + "group": "global.finance_human_resources" + }, + { + "user": "alice", + "group": "global.readonly" + }, + { + "group": "global.general" + } + ] + } + + +jmx: + enabled: true + registryPort: 9080 + serverPort: 9081 + exporter: + enabled: true + image: bitnami/jmx-exporter:1.0.1 + pullPolicy: Always + port: 5556 + configProperties: | + startDelaySeconds: 0 + hostPort: 127.0.0.1:{{- .Values.jmx.registryPort }} + rules: + - pattern: 'trino.memory*' + - pattern: 'trino.execution*' + - pattern: 'trino.execution*' + +serviceMonitor: + enabled: true + labels: + prometheus: default + interval: "1s" + +ingress: + enabled: true + hosts: + - host: trino.local + paths: + - path: / + pathType: ImplementationSpecific + +networkPolicy: + enabled: true + ingress: + - from: + - podSelector: + matchExpressions: + - key: test + operator: NotIn + values: [network-policy] + +catalogs: + tpch: | + connector.name=tpch + tpch.splits-per-node=4 diff --git a/tests/trino/test.sh b/tests/trino/test.sh new file mode 100755 index 00000000..797f5b60 --- /dev/null +++ b/tests/trino/test.sh @@ -0,0 +1,194 @@ +#!/usr/bin/env bash + +set -euo pipefail + +declare -A testCases=( + [default]="" + [single_node]="--set server.workers=0,coordinator.config.nodeScheduler.includeCoordinator=true" + [complete_values]="--values test-values.yaml" + [overrides]="--set coordinatorNameOverride=coordinator-overridden,workerNameOverride=worker-overridden,nameOverride=overridden" + [access_control_properties_values]="--values test-access-control-properties-values.yaml" + [exchange_manager_values]="--values test-exchange-manager-values.yaml" + [graceful_shutdown]="--values test-graceful-shutdown-values.yaml" + [resource_groups_properties]="--values test-resource-groups-properties-values.yaml" +) + +declare -A testCaseCharts=( + [default]="../../charts/trino" + [single_node]="../../charts/trino" + [complete_values]="../../charts/trino" + [overrides]="../../charts/trino" + [access_control_properties_values]="../../charts/trino" + [exchange_manager_values]="../../charts/trino" + [graceful_shutdown]="../../charts/trino" + [resource_groups_properties]="../../charts/trino" +) + +function join_by { + local d=${1-} f=${2-} + if shift 2; then + printf %s "$f" "${@/#/$d}" + fi +} + +# default to randomly generated namespace, same as chart-testing would do, but we need to load secrets into the same namespace +NAMESPACE=trino-$(LC_ALL=C tr -dc 'a-z0-9' &2 +Usage: $0 [-h] [-n ] [-a ] [-t ] [-s] +Test the Trino chart + +-h Display help +-n Kubernetes namespace, a randomly generated one is used if not provided +-a Extra Helm set args +-t Test names to run, comma separated; defaults to $(join_by , "${TEST_NAMES[@]}") +-s Skip chart cleanup +EOF +} + +while getopts ":a:n:t:sh:" OPTKEY; do + case "${OPTKEY}" in + a) + HELM_EXTRA_SET_ARGS=${OPTARG} + ;; + n) + NAMESPACE=${OPTARG} + ;; + t) + IFS=, read -ra TEST_NAMES <<<"$OPTARG" + ;; + s) + CLEANUP_NAMESPACE=false + ;; + h) + usage + exit 0 + ;; + *) + usage + exit 1 + ;; + esac +done +shift $((OPTIND - 1)) + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" +cd "${SCRIPT_DIR}" || exit 2 + +echo 1>&2 "Generating a self-signed TLS certificate" +openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/O=Trino Software Foundation" \ + -addext "subjectAltName=DNS:localhost,DNS:*.$NAMESPACE,DNS:*.$NAMESPACE.svc,DNS:*.$NAMESPACE.svc.cluster.local,IP:127.0.0.1" \ + -keyout cert.key -out cert.crt + +kubectl create namespace "$NAMESPACE" --dry-run=client --output yaml | kubectl apply --filename - +kubectl -n "$NAMESPACE" create secret tls "$NAMESPACE"-certificates --cert=cert.crt --key=cert.key --dry-run=client --output yaml | kubectl apply --filename - +cat <&2 "" + echo 1>&2 "🧪 Running test $test_name" + echo 1>&2 "" + if ! time ct install "${CT_ARGS[@]}" --charts="${testCaseCharts[$test_name]}" --helm-extra-set-args "$HELM_EXTRA_SET_ARGS ${testCases[$test_name]}"; then + echo 1>&2 "❌ Test $test_name failed" + echo 1>&2 "Test logs:" + kubectl --namespace "$NAMESPACE" logs --tail=-1 --selector app.kubernetes.io/component=test --all-containers=true + result=1 + else + echo 1>&2 "✅ Test $test_name completed" + fi + if [ "$CLEANUP_NAMESPACE" == "true" ]; then + for release in $(helm --namespace "$NAMESPACE" ls --all --short | grep -v 'prometheus-operator'); do + echo 1>&2 "Cleaning up Helm release $release" + helm --namespace "$NAMESPACE" delete "$release" + done + fi +done + +if [ "$CLEANUP_NAMESPACE" == "true" ]; then + helm -n "$DB_NAMESPACE" uninstall trino-resource-groups-db --ignore-not-found + kubectl delete namespace "$DB_NAMESPACE" --ignore-not-found + helm -n "$NAMESPACE" uninstall prometheus-operator --ignore-not-found + kubectl delete namespace "$NAMESPACE" + helm -n "$KEDA_NAMESPACE" uninstall keda --ignore-not-found + kubectl delete namespace "$KEDA_NAMESPACE" + for api_group in monitoring.coreos.com eventing.keda.sh keda.sh; do + mapfile -t crds < <(kubectl api-resources --api-group="$api_group" --output name) + if [ ${#crds[@]} -ne 0 ]; then + kubectl delete crd "${crds[@]}" + fi + done +fi + +exit $result diff --git a/values.yaml b/values.yaml deleted file mode 100644 index 7895f990..00000000 --- a/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# Default values for trino. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: trinodb/trino - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart version. - tag: latest - -server: - workers: 2 - node: - environment: production - dataDir: /data/trino - pluginDir: /usr/lib/trino/plugin - log: - trino: - level: INFO - config: - path: /etc/trino - http: - port: 8080 - query: - maxMemory: "4GB" - maxMemoryPerNode: "1GB" - jvm: - maxHeapSize: "8G" - gcMethod: - type: "UseG1GC" - g1: - heapRegionSize: "32M" - -securityContext: - runAsUser: 1000 - runAsGroup: 1000 - -service: - type: ClusterIP - port: 8080 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} From 8bd1a865e8b1effa1b2ef30eff6ef2ed1348ab84 Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Wed, 12 Feb 2025 12:58:54 +0000 Subject: [PATCH 2/3] correct validation on configMap --- charts/trino/templates/configmap-catalog.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/trino/templates/configmap-catalog.yaml b/charts/trino/templates/configmap-catalog.yaml index 65aaf251..767b49fd 100644 --- a/charts/trino/templates/configmap-catalog.yaml +++ b/charts/trino/templates/configmap-catalog.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.catalogs .Values.additionalCatalogs (and (kindIs "slice" .Values.catalogsSecrets) (gt (len .Values.catalogsSecrets) 0)) }} +{{- if or .Values.catalogs .Values.additionalCatalogs (and (.Values.catalogs) (gt (len .Values.catalogs) 0)) }} apiVersion: v1 kind: ConfigMap metadata: From 4f1504d13bb3d29432af722409d766bd5e03ba0e Mon Sep 17 00:00:00 2001 From: "luis.costa" Date: Wed, 12 Feb 2025 13:10:32 +0000 Subject: [PATCH 3/3] README.md --- charts/trino/README.md | 1278 ++++++++++++++++++++-------------------- 1 file changed, 624 insertions(+), 654 deletions(-) diff --git a/charts/trino/README.md b/charts/trino/README.md index 73007715..48caa55a 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -12,168 +12,6 @@ Fast distributed SQL query engine for big data analytics that helps you explore * ## Values -* `nameOverride` - string, default: `nil` - - Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. - Example: - ```yaml - coordinatorNameOverride: trino-coordinator-adhoc - workerNameOverride: trino-worker-adhoc - nameOverride: trino-adhoc - ``` -* `coordinatorNameOverride` - string, default: `nil` -* `workerNameOverride` - string, default: `nil` -* `image.registry` - string, default: `""` - - Image registry, defaults to empty, which results in DockerHub usage -* `image.repository` - string, default: `"trinodb/trino"` - - Repository location of the Trino image, typically `organization/imagename` -* `image.tag` - string, default: `""` - - Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml -* `image.digest` - string, default: `""` - - Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. -* `image.useRepositoryAsSoleImageReference` - bool, default: `false` - - When true, only the content in `repository` is used as image reference -* `image.pullPolicy` - string, default: `"IfNotPresent"` -* `imagePullSecrets` - list, default: `[]` - - An optional list of references to secrets in the same namespace to use for pulling images. - Example: - ```yaml - imagePullSecrets: - - name: registry-credentials - ``` -* `server.workers` - int, default: `2` -* `server.node.environment` - string, default: `"production"` -* `server.node.dataDir` - string, default: `"/data/trino"` -* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"` -* `server.log.trino.level` - string, default: `"INFO"` -* `server.config.path` - string, default: `"/etc/trino"` -* `server.config.https.enabled` - bool, default: `false` -* `server.config.https.port` - int, default: `8443` -* `server.config.https.keystore.path` - string, default: `""` -* `server.config.authenticationType` - string, default: `""` - - Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. -* `server.config.query.maxMemory` - string, default: `"4GB"` -* `server.exchangeManager` - object, default: `{}` - - Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. - Example: - ```yaml - server: - exchangeManager: - name: "filesystem" - baseDir: - - "/tmp/trino-local-file-system-exchange-manager" - additionalConfigProperties: - - retry-policy=TASK - additionalExchangeManagerProperties: - - exchange.sink-buffer-pool-min-size=10 - - exchange.sink-buffers-per-partition=2 - - exchange.source-concurrent-readers=4 - ``` -* `server.workerExtraConfig` - string, default: `""` -* `server.coordinatorExtraConfig` - string, default: `""` -* `server.autoscaling` - object, default: `{"behavior":{},"enabled":false,"maxReplicas":5,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":80}` - - Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for workers (`server.keda.enabled` must be `false`). -* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50` - - Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. -* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80` - - Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. -* `server.autoscaling.behavior` - object, default: `{}` - - Configuration for scaling up and down. - Example: - ```yaml - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Percent - value: 100 - periodSeconds: 15 - scaleUp: - stabilizationWindowSeconds: 0 - policies: - - type: Percent - value: 100 - periodSeconds: 15 - - type: Pods - value: 4 - periodSeconds: 15 - selectPolicy: Max - ``` -* `server.keda` - object, default: `{"advanced":{},"annotations":{},"cooldownPeriod":300,"enabled":false,"fallback":{},"initialCooldownPeriod":0,"maxReplicaCount":5,"minReplicaCount":0,"pollingInterval":30,"triggers":[]}` - - Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers (`server.autoscaling.enabled` must be `false`). -* `server.keda.cooldownPeriod` - int, default: `300` - - Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 -* `server.keda.initialCooldownPeriod` - int, default: `0` - - The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. -* `server.keda.minReplicaCount` - int, default: `0` - - Minimum number of replicas KEDA will scale the resource down to. By default, it’s scale to zero, but you can use it with some other value as well. -* `server.keda.maxReplicaCount` - int, default: `5` - - This setting is passed to the HPA definition that KEDA will create for a given resource and holds the maximum number of replicas of the target resource. -* `server.keda.fallback` - object, default: `{}` - - Defines a number of replicas to fall back to if a scaler is in an error state. - Example: - ```yaml - fallback: # Optional. Section to specify fallback options - failureThreshold: 3 # Mandatory if fallback section is included - replicas: 6 # Mandatory if fallback section is included - ``` -* `server.keda.advanced` - object, default: `{}` - - Specifies HPA related options - Example: - ```yaml - advanced: - horizontalPodAutoscalerConfig: - behavior: - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Percent - value: 100 - periodSeconds: 15 - ``` -* `server.keda.triggers` - list, default: `[]` - - List of triggers to activate scaling of the target resource - Example: - ```yaml - triggers: - - type: prometheus - metricType: Value - metadata: - serverAddress: "http://prometheus.example.com" - threshold: "1" - metricName: required_workers - query: >- - sum by (service) - (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) - ``` -* `server.keda.annotations` - object, default: `{}` - - Annotations to apply to the ScaledObject CRD. - Example: - ```yaml - annotations: - autoscaling.keda.sh/paused-replicas: "0" - autoscaling.keda.sh/paused: "true" - ``` * `accessControl` - object, default: `{}` [System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration. @@ -239,89 +77,9 @@ Fast distributed SQL query engine for big data analytics that helps you explore ] } ``` -* `resourceGroups` - object, default: `{}` - - [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) - Set the type property to either: - * `configmap`, and provide the Resource groups file contents in `resourceGroupsConfig`, - * `properties`, and provide configuration properties in `properties`. - Properties example: - ```yaml - type: properties - properties: | - resource-groups.configuration-manager=db - resource-groups.config-db-url=jdbc:postgresql://trino-postgresql.postgresql.svc.cluster.local:3306/resource_groups - resource-groups.config-db-user=username - resource-groups.config-db-password=password - ``` - Config map example: - ```yaml - type: configmap - # Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json - resourceGroupsConfig: |- - { - "rootGroups": [ - { - "name": "global", - "softMemoryLimit": "80%", - "hardConcurrencyLimit": 100, - "maxQueued": 100, - "schedulingPolicy": "fair", - "jmxExport": true, - "subGroups": [ - { - "name": "admin", - "softMemoryLimit": "30%", - "hardConcurrencyLimit": 20, - "maxQueued": 10 - }, - { - "name": "finance_human_resources", - "softMemoryLimit": "20%", - "hardConcurrencyLimit": 15, - "maxQueued": 10 - }, - { - "name": "general", - "softMemoryLimit": "30%", - "hardConcurrencyLimit": 20, - "maxQueued": 10 - }, - { - "name": "readonly", - "softMemoryLimit": "10%", - "hardConcurrencyLimit": 5, - "maxQueued": 5 - } - ] - } - ], - "selectors": [ - { - "user": "admin", - "group": "global.admin" - }, - { - "group": "finance|human_resources", - "group": "global.finance_human_resources" - }, - { - "user": "alice", - "group": "global.readonly" - }, - { - "group": "global.general" - } - ] - } - ``` -* `additionalNodeProperties` - list, default: `[]` +* `additionalCatalogs` - object, default: `{}` - [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). - Example, assuming the NODE_ID environment variable has been set: - ```yaml - - node.id=${NODE_ID} - ``` + Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). * `additionalConfigProperties` - list, default: `[]` [Additional config properties](https://trino.io/docs/current/admin/properties.html). @@ -330,13 +88,6 @@ Fast distributed SQL query engine for big data analytics that helps you explore - internal-communication.shared-secret=random-value-999 - http-server.process-forwarded=true ``` -* `additionalLogProperties` - list, default: `[]` - - [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). - Example: - ```yaml - - io.airlift=DEBUG - ``` * `additionalExchangeManagerProperties` - list, default: `[]` [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). @@ -347,14 +98,39 @@ Fast distributed SQL query engine for big data analytics that helps you explore - exchange.s3.aws-access-key=your-access-key - exchange.s3.aws-secret-key=your-secret-key ``` -* `eventListenerProperties` - list, default: `[]` +* `additionalLogProperties` - list, default: `[]` - [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). Example: ```yaml - - event-listener.name=custom-event-listener - - custom-property1=custom-value1 - - custom-property2=custom-value2 + - io.airlift=DEBUG + ``` +* `additionalNodeProperties` - list, default: `[]` + + [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example, assuming the NODE_ID environment variable has been set: + ```yaml + - node.id=${NODE_ID} + ``` +* `auth` - object, default: `{}` + + Available authentication methods. + Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): + ```yaml + passwordAuth: "username:encrypted-password-with-htpasswd" + ``` + Set the name of a secret containing this file in the password.db key + ```yaml + passwordAuthSecret: "trino-password-authentication" + ``` + Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): + ```yaml + refreshPeriod: 5s + groups: "group_name:user_1,user_2,user_3" + ``` + Set the name of a secret containing this file in the group.db key + ```yaml + groupAuthSecret: "trino-group-authentication" ``` * `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` @@ -370,59 +146,20 @@ Fast distributed SQL query engine for big data analytics that helps you explore connector.name=memory memory.max-data-per-node=128MB ``` -* `additionalCatalogs` - object, default: `{}` - - Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). -* `env` - list, default: `[]` - - additional environment variables added to every pod, specified as a list with explicit values - Example: - ```yaml - - name: NAME - value: "value" - ``` -* `envFrom` - list, default: `[]` - - additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references - Example: - ```yaml - - secretRef: - name: extra-secret - ``` -* `initContainers` - object, default: `{}` +* `catalogsSecrets` - list, default: `[]` +* `commonLabels` - object, default: `{}` - Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. - Example: - ```yaml - coordinator: - - name: init-coordinator - image: busybox:1.28 - imagePullPolicy: IfNotPresent - command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] - worker: - - name: init-worker - image: busybox:1.28 - command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] - ``` -* `sidecarContainers` - object, default: `{}` + Labels that get applied to every resource's metadata +* `configMounts` - list, default: `[]` - Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run. + Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes. Example: ```yaml - coordinator: - - name: side-coordinator - image: busybox:1.28 - imagePullPolicy: IfNotPresent - command: ['sleep', '1'] - worker: - - name: side-worker - image: busybox:1.28 - imagePullPolicy: IfNotPresent - command: ['sleep', '1'] + - name: sample-config-mount + configMap: sample-config-map + path: /config-map/sample.json + subPath: sample.json ``` -* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` - - [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). * `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. @@ -432,61 +169,57 @@ Fast distributed SQL query engine for big data analytics that helps you explore * `containerSecurityContext.capabilities.drop` - list, default: `["ALL"]` A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove the "CAP_" prefix which the kernel attaches to the names of permissions. -* `shareProcessNamespace.coordinator` - bool, default: `false` -* `shareProcessNamespace.worker` - bool, default: `false` -* `service.annotations` - object, default: `{}` -* `service.type` - string, default: `"ClusterIP"` -* `service.port` - int, default: `8080` -* `service.nodePort` - string, default: `""` - - The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). -* `auth` - object, default: `{}` +* `coordinator.additionalConfigFiles` - object, default: `{}` - Available authentication methods. - Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): - ```yaml - passwordAuth: "username:encrypted-password-with-htpasswd" - ``` - Set the name of a secret containing this file in the password.db key - ```yaml - passwordAuthSecret: "trino-password-authentication" - ``` - Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: ```yaml - refreshPeriod: 5s - groups: "group_name:user_1,user_2,user_3" + secret.txt: | + secret-value={{- .Values.someValue }} ``` - Set the name of a secret containing this file in the group.db key +* `coordinator.additionalExposedPorts` - object, default: `{}` + + Additional ports configured in the coordinator container and the service. + Example: ```yaml - groupAuthSecret: "trino-group-authentication" + https: + servicePort: 8443 + name: https + port: 8443 + nodePort: 30443 + protocol: TCP ``` -* `serviceAccount.create` - bool, default: `false` - - Specifies whether a service account should be created -* `serviceAccount.name` - string, default: `""` - - The name of the service account to use. If not set and create is true, a name is generated using the fullname template -* `serviceAccount.annotations` - object, default: `{}` +* `coordinator.additionalJVMConfig` - list, default: `[]` +* `coordinator.additionalVolumeMounts` - list, default: `[]` - Annotations to add to the service account -* `configMounts` - list, default: `[]` + One or more additional volume mounts to add to the coordinator. + Example: + - name: extras + mountPath: /usr/share/extras + readOnly: true +* `coordinator.additionalVolumes` - list, default: `[]` - Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes. + One or more additional volumes to add to the coordinator. Example: ```yaml - - name: sample-config-mount - configMap: sample-config-map - path: /config-map/sample.json - subPath: sample.json + - name: extras + emptyDir: {} ``` -* `secretMounts` - list, default: `[]` +* `coordinator.affinity` - object, default: `{}` +* `coordinator.annotations` - object, default: `{}` +* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""` +* `coordinator.config.nodeScheduler.includeCoordinator` - bool, default: `false` - Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes. + Allows scheduling work on the coordinator so that a single machine can function as both coordinator and worker. For large clusters, processing work on the coordinator can negatively impact query performance because the machine's resources are not available for the critical coordinator tasks of scheduling, managing, and monitoring query execution. +* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `coordinator.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node. Example: ```yaml - - name: sample-secret - secretName: sample-secret - path: /secrets/sample.json + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json subPath: sample.json ``` * `coordinator.deployment.annotations` - object, default: `{}` @@ -499,38 +232,18 @@ Fast distributed SQL query engine for big data analytics that helps you explore * `coordinator.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` The deployment strategy to use to replace existing pods with new ones. -* `coordinator.jvm.maxHeapSize` - string, default: `"8G"` -* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"` * `coordinator.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` -* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""` -* `coordinator.config.nodeScheduler.includeCoordinator` - bool, default: `false` - - Allows scheduling work on the coordinator so that a single machine can function as both coordinator and worker. For large clusters, processing work on the coordinator can negatively impact query performance because the machine's resources are not available for the critical coordinator tasks of scheduling, managing, and monitoring query execution. -* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"` -* `coordinator.additionalJVMConfig` - list, default: `[]` -* `coordinator.additionalExposedPorts` - object, default: `{}` - - Additional ports configured in the coordinator container and the service. - Example: - ```yaml - https: - servicePort: 8443 - name: https - port: 8443 - nodePort: 30443 - protocol: TCP - ``` -* `coordinator.resources` - object, default: `{}` +* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `coordinator.jvm.maxHeapSize` - string, default: `"8G"` +* `coordinator.labels` - object, default: `{}` +* `coordinator.lifecycle` - object, default: `{}` - It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Example: ```yaml - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] ``` * `coordinator.livenessProbe` - object, default: `{}` @@ -543,6 +256,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore failureThreshold: 6 successThreshold: 1 ``` +* `coordinator.nodeSelector` - object, default: `{}` * `coordinator.readinessProbe` - object, default: `{}` [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) @@ -554,193 +268,190 @@ Fast distributed SQL query engine for big data analytics that helps you explore failureThreshold: 6 successThreshold: 1 ``` -* `coordinator.lifecycle` - object, default: `{}` +* `coordinator.resources` - object, default: `{}` - Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. Example: ```yaml - preStop: - exec: - command: ["/bin/sh", "-c", "sleep 120"] + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `coordinator.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json ``` * `coordinator.terminationGracePeriodSeconds` - int, default: `30` -* `coordinator.nodeSelector` - object, default: `{}` * `coordinator.tolerations` - list, default: `[]` -* `coordinator.affinity` - object, default: `{}` -* `coordinator.additionalConfigFiles` - object, default: `{}` +* `coordinatorNameOverride` - string, default: `nil` +* `env` - list, default: `[]` - Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + additional environment variables added to every pod, specified as a list with explicit values Example: ```yaml - secret.txt: | - secret-value={{- .Values.someValue }} + - name: NAME + value: "value" ``` -* `coordinator.additionalVolumes` - list, default: `[]` +* `envFrom` - list, default: `[]` - One or more additional volumes to add to the coordinator. + additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references Example: ```yaml - - name: extras - emptyDir: {} + - secretRef: + name: extra-secret ``` -* `coordinator.additionalVolumeMounts` - list, default: `[]` +* `eventListenerProperties` - list, default: `[]` - One or more additional volume mounts to add to the coordinator. - Example: - - name: extras - mountPath: /usr/share/extras - readOnly: true -* `coordinator.annotations` - object, default: `{}` -* `coordinator.labels` - object, default: `{}` -* `coordinator.configMounts` - list, default: `[]` - - Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node. + [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. Example: ```yaml - - name: sample-config-mount - configMap: sample-config-mount - path: /config-mount/sample.json - subPath: sample.json + - event-listener.name=custom-event-listener + - custom-property1=custom-value1 + - custom-property2=custom-value2 ``` -* `coordinator.secretMounts` - list, default: `[]` +* `image.digest` - string, default: `""` - Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node. - Example: - ```yaml - - name: sample-secret - secretName: sample-secret - path: /secrets/sample.json - subPath: sample.json - ``` -* `worker.deployment.annotations` - object, default: `{}` -* `worker.deployment.progressDeadlineSeconds` - int, default: `600` + Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `image.registry` - string, default: `""` - The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. -* `worker.deployment.revisionHistoryLimit` - int, default: `10` + Image registry, defaults to empty, which results in DockerHub usage +* `image.repository` - string, default: `"trinodb/trino"` - The number of old ReplicaSets to retain to allow rollback. -* `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + Repository location of the Trino image, typically `organization/imagename` +* `image.tag` - string, default: `""` - The deployment strategy to use to replace existing pods with new ones. -* `worker.jvm.maxHeapSize` - string, default: `"8G"` -* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` -* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` -* `worker.config.memory.heapHeadroomPerNode` - string, default: `""` -* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"` -* `worker.additionalJVMConfig` - list, default: `[]` -* `worker.additionalExposedPorts` - object, default: `{}` + Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml +* `image.useRepositoryAsSoleImageReference` - bool, default: `false` - Additional container ports configured in all worker pods. - Example: - ```yaml - https: - servicePort: 8443 - name: https - port: 8443 - protocol: TCP - ``` -* `worker.resources` - object, default: `{}` + When true, only the content in `repository` is used as image reference +* `imagePullSecrets` - list, default: `[]` - It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + An optional list of references to secrets in the same namespace to use for pulling images. Example: ```yaml - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi + imagePullSecrets: + - name: registry-credentials ``` -* `worker.livenessProbe` - object, default: `{}` +* `ingress.annotations` - object, default: `{}` +* `ingress.className` - string, default: `""` +* `ingress.enabled` - bool, default: `false` +* `ingress.hosts` - list, default: `[]` - [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). Example: ```yaml - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific ``` -* `worker.readinessProbe` - object, default: `{}` +* `ingress.tls` - list, default: `[]` - [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. Example: ```yaml - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 + - secretName: chart-example-tls + hosts: + - chart-example.local ``` -* `worker.lifecycle` - object, default: `{}` +* `initContainers` - object, default: `{}` - Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. Example: ```yaml - preStop: - exec: - command: ["/bin/sh", "-c", "sleep 120"] + coordinator: + - name: init-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + worker: + - name: init-worker + image: busybox:1.28 + command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] ``` -* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}` +* `jmx.coordinator` - object, default: `{}` - Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually. - Example: + Override JMX configurations for the Trino coordinator. + Example ```yaml - gracefulShutdown: - enabled: true - gracePeriodSeconds: 120 + coordinator: + enabled: true + exporter: + enabled: true + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false ``` -* `worker.terminationGracePeriodSeconds` - int, default: `30` -* `worker.nodeSelector` - object, default: `{}` -* `worker.tolerations` - list, default: `[]` -* `worker.affinity` - object, default: `{}` -* `worker.additionalConfigFiles` - object, default: `{}` +* `jmx.enabled` - bool, default: `false` - Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. - Example: - ```yaml - secret.txt: | - secret-value={{- .Values.someValue }} - ``` -* `worker.additionalVolumes` - list, default: `[]` + Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). +* `jmx.exporter.configProperties` - string, default: `""` - One or more additional volume mounts to add to all workers. + The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. Example: ```yaml - - name: extras - emptyDir: {} + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + lowercaseOutputName: false + lowercaseOutputLabelNames: false + includeObjectNames: ["java.lang:type=Threading"] + autoExcludeObjectNameAttributes: true + excludeObjectNameAttributes: + "java.lang:type=OperatingSystem": + - "ObjectName" + "java.lang:type=Runtime": + - "ClassPath" + - "SystemProperties" + rules: + - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + name: java_lang_Threading_ThreadCount + value: '$2' + help: 'ThreadCount (java.lang<>ThreadCount)' + type: UNTYPED ``` -* `worker.additionalVolumeMounts` - list, default: `[]` +* `jmx.exporter.enabled` - bool, default: `false` - One or more additional volume mounts to add to all workers. - Example: - ```yaml - - name: extras - mountPath: /usr/share/extras - readOnly: true - ``` -* `worker.annotations` - object, default: `{}` -* `worker.labels` - object, default: `{}` -* `worker.configMounts` - list, default: `[]` + Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption +* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:1.0.1"` +* `jmx.exporter.port` - int, default: `5556` +* `jmx.exporter.pullPolicy` - string, default: `"Always"` +* `jmx.exporter.resources` - object, default: `{}` - Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes. + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. Example: ```yaml - - name: sample-config-mount - configMap: sample-config-mount - path: /config-mount/sample.json - subPath: sample.json + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi ``` -* `worker.secretMounts` - list, default: `[]` +* `jmx.exporter.securityContext` - object, default: `{}` +* `jmx.registryPort` - int, default: `9080` +* `jmx.serverPort` - int, default: `9081` +* `jmx.worker` - object, default: `{}` - Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes. - Example: + Override JMX configurations for the Trino workers. + Example ```yaml - - name: sample-secret - secretName: sample-secret - path: /secrets/sample.json - subPath: sample.json + worker: + enabled: true + exporter: + enabled: true ``` * `kafka.mountPath` - string, default: `"/etc/trino/schemas"` * `kafka.tableDescriptions` - object, default: `{}` @@ -781,90 +492,298 @@ Fast distributed SQL query engine for big data analytics that helps you explore } } ``` -* `jmx.enabled` - bool, default: `false` - - Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). -* `jmx.registryPort` - int, default: `9080` -* `jmx.serverPort` - int, default: `9081` -* `jmx.exporter.enabled` - bool, default: `false` - - Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption -* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:1.0.1"` -* `jmx.exporter.pullPolicy` - string, default: `"Always"` -* `jmx.exporter.port` - int, default: `5556` -* `jmx.exporter.configProperties` - string, default: `""` +* `ldapSecrets` - list, default: `[]` +* `nameOverride` - string, default: `nil` - The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. Example: ```yaml - configProperties: |- - hostPort: localhost:{{- .Values.jmx.registryPort }} - startDelaySeconds: 0 - ssl: false - lowercaseOutputName: false - lowercaseOutputLabelNames: false - includeObjectNames: ["java.lang:type=Threading"] - autoExcludeObjectNameAttributes: true - excludeObjectNameAttributes: - "java.lang:type=OperatingSystem": - - "ObjectName" - "java.lang:type=Runtime": - - "ClassPath" - - "SystemProperties" - rules: - - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' - name: java_lang_Threading_ThreadCount - value: '$2' - help: 'ThreadCount (java.lang<>ThreadCount)' - type: UNTYPED + coordinatorNameOverride: trino-coordinator-adhoc + workerNameOverride: trino-worker-adhoc + nameOverride: trino-adhoc ``` -* `jmx.exporter.securityContext` - object, default: `{}` -* `jmx.exporter.resources` - object, default: `{}` +* `networkPolicy.egress` - list, default: `[]` - It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Egress rules to apply to the Trino pods. Example: ```yaml - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi + - to: + - podSelector: + matchLabels: + role: log-ingestor + ports: + - protocol: TCP + port: 9999 ``` -* `jmx.coordinator` - object, default: `{}` +* `networkPolicy.enabled` - bool, default: `false` - Override JMX configurations for the Trino coordinator. - Example + Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + > [!NOTE] + > - NetworkPolicies cannot block the ingress traffic coming directly + > from the Kubernetes node on which the Pod is running, + > and are thus incompatible with services of type `NodePort`. + > - When using NetworkPolicies together with JMX metrics export, + > additional ingress rules might be required to allow metric scraping. +* `networkPolicy.ingress` - list, default: `[]` + + Additional ingress rules to apply to the Trino pods. + Example: ```yaml - coordinator: - enabled: true - exporter: - enabled: true - configProperties: |- - hostPort: localhost:{{- .Values.jmx.registryPort }} - startDelaySeconds: 0 - ssl: false + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus + - podSelector: + matchLabels: + role: backend-app + ports: + - protocol: TCP + port: 8080 + - protocol: TCP + port: 5556 ``` -* `jmx.worker` - object, default: `{}` +* `resourceGroups` - object, default: `{}` - Override JMX configurations for the Trino workers. - Example + [Resource groups control](https://trino.io/docs/current/admin/resource-groups.html) + Set the type property to either: + * `configmap`, and provide the Resource groups file contents in `resourceGroupsConfig`, + * `properties`, and provide configuration properties in `properties`. + Properties example: ```yaml - worker: - enabled: true - exporter: - enabled: true + type: properties + properties: | + resource-groups.configuration-manager=db + resource-groups.config-db-url=jdbc:postgresql://trino-postgresql.postgresql.svc.cluster.local:3306/resource_groups + resource-groups.config-db-user=username + resource-groups.config-db-password=password ``` -* `serviceMonitor.enabled` - bool, default: `false` + Config map example: + ```yaml + type: configmap + # Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json + resourceGroupsConfig: |- + { + "rootGroups": [ + { + "name": "global", + "softMemoryLimit": "80%", + "hardConcurrencyLimit": 100, + "maxQueued": 100, + "schedulingPolicy": "fair", + "jmxExport": true, + "subGroups": [ + { + "name": "admin", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "finance_human_resources", + "softMemoryLimit": "20%", + "hardConcurrencyLimit": 15, + "maxQueued": 10 + }, + { + "name": "general", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "readonly", + "softMemoryLimit": "10%", + "hardConcurrencyLimit": 5, + "maxQueued": 5 + } + ] + } + ], + "selectors": [ + { + "user": "admin", + "group": "global.admin" + }, + { + "group": "finance|human_resources", + "group": "global.finance_human_resources" + }, + { + "user": "alice", + "group": "global.readonly" + }, + { + "group": "global.general" + } + ] + } + ``` +* `secretMounts` - list, default: `[]` - Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). -* `serviceMonitor.apiVersion` - string, default: `"monitoring.coreos.com/v1"` -* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}` + Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + - name: catalogs + secretName: catalogs + path: /etc/trino/catalog + - name: ldap + secretName: ldap + path: /etc/trino/ldap + ``` +* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` - Labels for serviceMonitor, so that Prometheus can select it -* `serviceMonitor.interval` - string, default: `"30s"` + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `server.autoscaling` - object, default: `{"behavior":{},"enabled":false,"maxReplicas":5,"targetCPUUtilizationPercentage":50,"targetMemoryUtilizationPercentage":80}` - The serviceMonitor web endpoint interval + Configure [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for workers (`server.keda.enabled` must be `false`). +* `server.autoscaling.behavior` - object, default: `{}` + + Configuration for scaling up and down. + Example: + ```yaml + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + scaleUp: + stabilizationWindowSeconds: 0 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + - type: Pods + value: 4 + periodSeconds: 15 + selectPolicy: Max + ``` +* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `server.config.authenticationType` - string, default: `""` + + Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. +* `server.config.https.enabled` - bool, default: `false` +* `server.config.https.keystore.path` - string, default: `""` +* `server.config.https.port` - int, default: `8443` +* `server.config.path` - string, default: `"/etc/trino"` +* `server.config.query.maxMemory` - string, default: `"4GB"` +* `server.coordinatorExtraConfig` - string, default: `""` +* `server.exchangeManager` - object, default: `{}` + + Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of spooling data storage. For multiple destinations use a list or a comma separated URI locations. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. + Example: + ```yaml + server: + exchangeManager: + name: "filesystem" + baseDir: + - "/tmp/trino-local-file-system-exchange-manager" + additionalConfigProperties: + - retry-policy=TASK + additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 + ``` +* `server.keda` - object, default: `{"advanced":{},"annotations":{},"cooldownPeriod":300,"enabled":false,"fallback":{},"initialCooldownPeriod":0,"maxReplicaCount":5,"minReplicaCount":0,"pollingInterval":30,"triggers":[]}` + + Configure [Kubernetes Event-driven Autoscaling](https://keda.sh/) for workers (`server.autoscaling.enabled` must be `false`). +* `server.keda.advanced` - object, default: `{}` + + Specifies HPA related options + Example: + ```yaml + advanced: + horizontalPodAutoscalerConfig: + behavior: + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + ``` +* `server.keda.annotations` - object, default: `{}` + + Annotations to apply to the ScaledObject CRD. + Example: + ```yaml + annotations: + autoscaling.keda.sh/paused-replicas: "0" + autoscaling.keda.sh/paused: "true" + ``` +* `server.keda.cooldownPeriod` - int, default: `300` + + Period (in seconds) to wait after the last trigger reported active before scaling the resource back to 0 +* `server.keda.fallback` - object, default: `{}` + + Defines a number of replicas to fall back to if a scaler is in an error state. + Example: + ```yaml + fallback: # Optional. Section to specify fallback options + failureThreshold: 3 # Mandatory if fallback section is included + replicas: 6 # Mandatory if fallback section is included + ``` +* `server.keda.initialCooldownPeriod` - int, default: `0` + + The delay (in seconds) before the `cooldownPeriod` starts after the initial creation of the `ScaledObject`. +* `server.keda.maxReplicaCount` - int, default: `5` + + This setting is passed to the HPA definition that KEDA will create for a given resource and holds the maximum number of replicas of the target resource. +* `server.keda.minReplicaCount` - int, default: `0` + + Minimum number of replicas KEDA will scale the resource down to. By default, it’s scale to zero, but you can use it with some other value as well. +* `server.keda.triggers` - list, default: `[]` + + List of triggers to activate scaling of the target resource + Example: + ```yaml + triggers: + - type: prometheus + metricType: Value + metadata: + serverAddress: "http://prometheus.example.com" + threshold: "1" + metricName: required_workers + query: >- + sum by (service) + (avg_over_time(trino_execution_ClusterSizeMonitor_RequiredWorkers{service={{ include "trino.fullname" . | quote }}}[5s])) + ``` +* `server.log.trino.level` - string, default: `"INFO"` +* `server.node.dataDir` - string, default: `"/data/trino"` +* `server.node.environment` - string, default: `"production"` +* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"` +* `server.workerExtraConfig` - string, default: `""` +* `server.workers` - int, default: `2` +* `service.annotations` - object, default: `{}` +* `service.nodePort` - string, default: `""` + + The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). +* `service.port` - int, default: `8080` +* `service.type` - string, default: `"ClusterIP"` +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `serviceAccount.create` - bool, default: `false` + + Specifies whether a service account should be created +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template +* `serviceMonitor.apiVersion` - string, default: `"monitoring.coreos.com/v1"` * `serviceMonitor.coordinator` - object, default: `{}` Override ServiceMonitor configurations for the Trino coordinator. @@ -875,6 +794,15 @@ Fast distributed SQL query engine for big data analytics that helps you explore labels: prometheus: my-prometheus ``` +* `serviceMonitor.enabled` - bool, default: `false` + + Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). +* `serviceMonitor.interval` - string, default: `"30s"` + + The serviceMonitor web endpoint interval +* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}` + + Labels for serviceMonitor, so that Prometheus can select it * `serviceMonitor.worker` - object, default: `{}` Override ServiceMonitor configurations for the Trino workers. @@ -885,113 +813,155 @@ Fast distributed SQL query engine for big data analytics that helps you explore labels: prometheus: my-prometheus ``` -* `commonLabels` - object, default: `{}` +* `shareProcessNamespace.coordinator` - bool, default: `false` +* `shareProcessNamespace.worker` - bool, default: `false` +* `sidecarContainers` - object, default: `{}` - Labels that get applied to every resource's metadata -* `ingress.enabled` - bool, default: `false` -* `ingress.className` - string, default: `""` -* `ingress.annotations` - object, default: `{}` -* `ingress.hosts` - list, default: `[]` + Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run. + Example: + ```yaml + coordinator: + - name: side-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + worker: + - name: side-worker + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + ``` +* `worker.additionalConfigFiles` - object, default: `{}` - [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. Example: ```yaml - - host: trino.example.com - paths: - - path: / - pathType: ImplementationSpecific + secret.txt: | + secret-value={{- .Values.someValue }} ``` -* `ingress.tls` - list, default: `[]` +* `worker.additionalExposedPorts` - object, default: `{}` - Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Additional container ports configured in all worker pods. Example: ```yaml - - secretName: chart-example-tls - hosts: - - chart-example.local + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP ``` -* `networkPolicy.enabled` - bool, default: `false` +* `worker.additionalJVMConfig` - list, default: `[]` +* `worker.additionalVolumeMounts` - list, default: `[]` - Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. - > [!NOTE] - > - NetworkPolicies cannot block the ingress traffic coming directly - > from the Kubernetes node on which the Pod is running, - > and are thus incompatible with services of type `NodePort`. - > - When using NetworkPolicies together with JMX metrics export, - > additional ingress rules might be required to allow metric scraping. -* `networkPolicy.ingress` - list, default: `[]` + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + mountPath: /usr/share/extras + readOnly: true + ``` +* `worker.additionalVolumes` - list, default: `[]` - Additional ingress rules to apply to the Trino pods. + One or more additional volume mounts to add to all workers. Example: ```yaml - - from: - - ipBlock: - cidr: 172.17.0.0/16 - except: - - 172.17.1.0/24 - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: prometheus - - podSelector: - matchLabels: - role: backend-app - ports: - - protocol: TCP - port: 8080 - - protocol: TCP - port: 5556 + - name: extras + emptyDir: {} ``` -* `networkPolicy.egress` - list, default: `[]` +* `worker.affinity` - object, default: `{}` +* `worker.annotations` - object, default: `{}` +* `worker.config.memory.heapHeadroomPerNode` - string, default: `""` +* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `worker.configMounts` - list, default: `[]` - Egress rules to apply to the Trino pods. + Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes. Example: ```yaml - - to: - - podSelector: - matchLabels: - role: log-ingestor - ports: - - protocol: TCP - port: 9999 + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + subPath: sample.json + ``` +* `worker.deployment.annotations` - object, default: `{}` +* `worker.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `worker.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}` + + Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually. + Example: + ```yaml + gracefulShutdown: + enabled: true + gracePeriodSeconds: 120 ``` +* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `worker.jvm.maxHeapSize` - string, default: `"8G"` +* `worker.labels` - object, default: `{}` +* `worker.lifecycle` - object, default: `{}` -* `catalogsSecrets` - list, default: `[]` + Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `worker.livenessProbe` - object, default: `{}` - An optional list of references to secrets to create catalogs + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) Example: ```yaml - catalogsSecrets: [] - # - name: catalogs - # value: - # mariadb.properties: | - # connector.name=mariadb - # connection-user= - # connection-url= - # connection-password= - # postgresql.properties: | - # connector.name=postgresql - # connection-user= - # connection-url= - # postgresql.array-mapping= - # connection-password= + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 ``` +* `worker.nodeSelector` - object, default: `{}` +* `worker.readinessProbe` - object, default: `{}` -* `ldapSecrets` - list, default: `[]` + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.resources` - object, default: `{}` - An optional list of references to secrets to create ldap config + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. Example: ```yaml - ldapSecrets: - - name: ldap - value: - ldap.properties: | - password-authenticator.name=ldap - ldap.bind-dn=uid= - ldap.url= - ldap.bind-password= - ldap.user-bind-pattern= - ldap.group-auth-pattern= - ldap.user-base-dn= + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi ``` +* `worker.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + subPath: sample.json + ``` +* `worker.terminationGracePeriodSeconds` - int, default: `30` +* `worker.tolerations` - list, default: `[]` +* `workerNameOverride` - string, default: `nil` + ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)