diff --git a/trino/base/charts/kustomization.yaml b/trino/base/charts/kustomization.yaml new file mode 100644 index 0000000..9e41b2c --- /dev/null +++ b/trino/base/charts/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: +- includeCRDs: true + name: all + namespace: trino + releaseName: trino + valuesFile: ./values/values.yaml + version: 0.32.0 +helmGlobals: + chartHome: ./charts/ + diff --git a/trino/base/charts/trino/Chart.yaml b/trino/base/charts/trino/Chart.yaml new file mode 100644 index 0000000..addc2ec --- /dev/null +++ b/trino/base/charts/trino/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +appVersion: "461" +description: Fast distributed SQL query engine for big data analytics that helps you + explore your data universe +home: https://trino.io/ +icon: https://trino.io/assets/trino.png +maintainers: +- name: Trino community +name: trino +sources: +- https://github.com/trinodb/charts +- https://github.com/trinodb/trino/tree/master/core/docker +type: application +version: 0.32.0 diff --git a/trino/base/charts/trino/README.md b/trino/base/charts/trino/README.md new file mode 100644 index 0000000..8084f9f --- /dev/null +++ b/trino/base/charts/trino/README.md @@ -0,0 +1,862 @@ +# trino + +![Version: 0.32.0](https://img.shields.io/badge/Version-0.32.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 461](https://img.shields.io/badge/AppVersion-461-informational?style=flat-square) + +Fast distributed SQL query engine for big data analytics that helps you explore your data universe + +**Homepage:** + +## Source Code + +* +* + +## Values +* `nameOverride` - string, default: `nil` + + Override resource names to avoid name conflicts when deploying multiple releases in the same namespace. + Example: + ```yaml + coordinatorNameOverride: trino-coordinator-adhoc + workerNameOverride: trino-worker-adhoc + nameOverride: trino-adhoc + ``` +* `coordinatorNameOverride` - string, default: `nil` +* `workerNameOverride` - string, default: `nil` +* `image.registry` - string, default: `""` + + Image registry, defaults to empty, which results in DockerHub usage +* `image.repository` - string, default: `"trinodb/trino"` + + Repository location of the Trino image, typically `organization/imagename` +* `image.tag` - string, default: `""` + + Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml +* `image.digest` - string, default: `""` + + Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. +* `image.useRepositoryAsSoleImageReference` - bool, default: `false` + + When true, only the content in `repository` is used as image reference +* `image.pullPolicy` - string, default: `"IfNotPresent"` +* `imagePullSecrets` - list, default: `[]` + + An optional list of references to secrets in the same namespace to use for pulling images. + Example: + ```yaml + imagePullSecrets: + - name: registry-credentials + ``` +* `server.workers` - int, default: `2` +* `server.node.environment` - string, default: `"production"` +* `server.node.dataDir` - string, default: `"/data/trino"` +* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"` +* `server.log.trino.level` - string, default: `"INFO"` +* `server.config.path` - string, default: `"/etc/trino"` +* `server.config.https.enabled` - bool, default: `false` +* `server.config.https.port` - int, default: `8443` +* `server.config.https.keystore.path` - string, default: `""` +* `server.config.authenticationType` - string, default: `""` + + Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. +* `server.config.query.maxMemory` - string, default: `"4GB"` +* `server.exchangeManager` - object, default: `{}` + + Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of the spooling storage destination. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`. + Example: + ```yaml + server: + exchangeManager: + name: "filesystem" + baseDir: "/tmp/trino-local-file-system-exchange-manager" + additionalConfigProperties: + - retry-policy=TASK + additionalExchangeManagerProperties: + - exchange.sink-buffer-pool-min-size=10 + - exchange.sink-buffers-per-partition=2 + - exchange.source-concurrent-readers=4 + ``` +* `server.workerExtraConfig` - string, default: `""` +* `server.coordinatorExtraConfig` - string, default: `""` +* `server.autoscaling.enabled` - bool, default: `false` +* `server.autoscaling.maxReplicas` - int, default: `5` +* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50` + + Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string. +* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80` + + Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string. +* `server.autoscaling.behavior` - object, default: `{}` + + Configuration for scaling up and down. + Example: + ```yaml + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + scaleUp: + stabilizationWindowSeconds: 0 + policies: + - type: Percent + value: 100 + periodSeconds: 15 + - type: Pods + value: 4 + periodSeconds: 15 + selectPolicy: Max + ``` +* `accessControl` - object, default: `{}` + + [System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration. + Set the type property to either: + * `configmap`, and provide the rule file contents in `rules`, + * `properties`, and provide configuration properties in `properties`. + Properties example: + ```yaml + type: properties + properties: | + access-control.name=custom-access-control + access-control.custom_key=custom_value + ``` + Config map example: + ```yaml + type: configmap + refreshPeriod: 60s + # Rules file is mounted to /etc/trino/access-control + configFile: "rules.json" + rules: + rules.json: |- + { + "catalogs": [ + { + "user": "admin", + "catalog": "(mysql|system)", + "allow": "all" + }, + { + "group": "finance|human_resources", + "catalog": "postgres", + "allow": true + }, + { + "catalog": "hive", + "allow": "all" + }, + { + "user": "alice", + "catalog": "postgresql", + "allow": "read-only" + }, + { + "catalog": "system", + "allow": "none" + } + ], + "schemas": [ + { + "user": "admin", + "schema": ".*", + "owner": true + }, + { + "user": "guest", + "owner": false + }, + { + "catalog": "default", + "schema": "default", + "owner": true + } + ] + } + ``` +* `resourceGroups` - object, default: `{}` + + Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json + Example: + ```yaml + resourceGroupsConfig: |- + { + "rootGroups": [ + { + "name": "global", + "softMemoryLimit": "80%", + "hardConcurrencyLimit": 100, + "maxQueued": 100, + "schedulingPolicy": "fair", + "jmxExport": true, + "subGroups": [ + { + "name": "admin", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "finance_human_resources", + "softMemoryLimit": "20%", + "hardConcurrencyLimit": 15, + "maxQueued": 10 + }, + { + "name": "general", + "softMemoryLimit": "30%", + "hardConcurrencyLimit": 20, + "maxQueued": 10 + }, + { + "name": "readonly", + "softMemoryLimit": "10%", + "hardConcurrencyLimit": 5, + "maxQueued": 5 + } + ] + } + ], + "selectors": [ + { + "user": "admin", + "group": "global.admin" + }, + { + "group": "finance|human_resources", + "group": "global.finance_human_resources" + }, + { + "user": "alice", + "group": "global.readonly" + }, + { + "group": "global.general" + } + ] + } + ``` +* `additionalNodeProperties` - list, default: `[]` + + [Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example, assuming the NODE_ID environment variable has been set: + ```yaml + - node.id=${NODE_ID} + ``` +* `additionalConfigProperties` - list, default: `[]` + + [Additional config properties](https://trino.io/docs/current/admin/properties.html). + Example: + ```yaml + - internal-communication.shared-secret=random-value-999 + - http-server.process-forwarded=true + ``` +* `additionalLogProperties` - list, default: `[]` + + [Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels). + Example: + ```yaml + - io.airlift=DEBUG + ``` +* `additionalExchangeManagerProperties` - list, default: `[]` + + [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). + Example: + ```yaml + - exchange.s3.region=object-store-region + - exchange.s3.endpoint=your-object-store-endpoint + - exchange.s3.aws-access-key=your-access-key + - exchange.s3.aws-secret-key=your-secret-key + ``` +* `eventListenerProperties` - list, default: `[]` + + [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations. + Example: + ```yaml + - event-listener.name=custom-event-listener + - custom-property1=custom-value1 + - custom-property2=custom-value2 + ``` +* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}` + + Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + Example: + ```yaml + objectstore: | + connector.name=iceberg + iceberg.catalog.type=glue + jmx: | + connector.name=memory + memory: | + connector.name=memory + memory.max-data-per-node=128MB + ``` +* `additionalCatalogs` - object, default: `{}` + + Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +* `env` - list, default: `[]` + + additional environment variables added to every pod, specified as a list with explicit values + Example: + ```yaml + - name: NAME + value: "value" + ``` +* `envFrom` - list, default: `[]` + + additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references + Example: + ```yaml + - secretRef: + name: extra-secret + ``` +* `initContainers` - object, default: `{}` + + Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization. + Example: + ```yaml + coordinator: + - name: init-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] + worker: + - name: init-worker + image: busybox:1.28 + command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] + ``` +* `sidecarContainers` - object, default: `{}` + + Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run. + Example: + ```yaml + coordinator: + - name: side-coordinator + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + worker: + - name: side-worker + image: busybox:1.28 + imagePullPolicy: IfNotPresent + command: ['sleep', '1'] + ``` +* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}` + + [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`). +* `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` + + [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +* `containerSecurityContext.allowPrivilegeEscalation` - bool, default: `false` + + Control whether a process can gain more privileges than its parent process. +* `containerSecurityContext.capabilities.drop` - list, default: `["ALL"]` + + A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove the "CAP_" prefix which the kernel attaches to the names of permissions. +* `shareProcessNamespace.coordinator` - bool, default: `false` +* `shareProcessNamespace.worker` - bool, default: `false` +* `service.annotations` - object, default: `{}` +* `service.type` - string, default: `"ClusterIP"` +* `service.port` - int, default: `8080` +* `service.nodePort` - string, default: `""` + + The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). +* `auth` - object, default: `{}` + + Available authentication methods. + Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): + ```yaml + passwordAuth: "username:encrypted-password-with-htpasswd" + ``` + Set the name of a secret containing this file in the password.db key + ```yaml + passwordAuthSecret: "trino-password-authentication" + ``` + Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): + ```yaml + refreshPeriod: 5s + groups: "group_name:user_1,user_2,user_3" + ``` +* `serviceAccount.create` - bool, default: `false` + + Specifies whether a service account should be created +* `serviceAccount.name` - string, default: `""` + + The name of the service account to use. If not set and create is true, a name is generated using the fullname template +* `serviceAccount.annotations` - object, default: `{}` + + Annotations to add to the service account +* `configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-map + path: /config-map/sample.json + ``` +* `secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + ``` +* `coordinator.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `coordinator.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `coordinator.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `coordinator.jvm.maxHeapSize` - string, default: `"8G"` +* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `coordinator.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""` +* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `coordinator.additionalJVMConfig` - list, default: `[]` +* `coordinator.additionalExposedPorts` - object, default: `{}` + + Additional ports configured in the coordinator container and the service. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + ``` +* `coordinator.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `coordinator.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) options + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `coordinator.lifecycle` - object, default: `{}` + + Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `coordinator.terminationGracePeriodSeconds` - int, default: `30` +* `coordinator.nodeSelector` - object, default: `{}` +* `coordinator.tolerations` - list, default: `[]` +* `coordinator.affinity` - object, default: `{}` +* `coordinator.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `coordinator.additionalVolumes` - list, default: `[]` + + One or more additional volumes to add to the coordinator. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `coordinator.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to the coordinator. + Example: + - name: extras + mountPath: /usr/share/extras + readOnly: true +* `coordinator.annotations` - object, default: `{}` +* `coordinator.labels` - object, default: `{}` +* `coordinator.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + ``` +* `coordinator.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + ``` +* `worker.deployment.progressDeadlineSeconds` - int, default: `600` + + The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status. +* `worker.deployment.revisionHistoryLimit` - int, default: `10` + + The number of old ReplicaSets to retain to allow rollback. +* `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}` + + The deployment strategy to use to replace existing pods with new ones. +* `worker.jvm.maxHeapSize` - string, default: `"8G"` +* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"` +* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"` +* `worker.config.memory.heapHeadroomPerNode` - string, default: `""` +* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"` +* `worker.additionalJVMConfig` - list, default: `[]` +* `worker.additionalExposedPorts` - object, default: `{}` + + Additional container ports configured in all worker pods. + Example: + ```yaml + https: + servicePort: 8443 + name: https + port: 8443 + protocol: TCP + ``` +* `worker.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `worker.livenessProbe` - object, default: `{}` + + [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.readinessProbe` - object, default: `{}` + + [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + Example: + ```yaml + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ``` +* `worker.lifecycle` - object, default: `{}` + + Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + Example: + ```yaml + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 120"] + ``` +* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}` + + Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually. + Example: + ```yaml + gracefulShutdown: + enabled: true + gracePeriodSeconds: 120 + ``` +* `worker.terminationGracePeriodSeconds` - int, default: `30` +* `worker.nodeSelector` - object, default: `{}` +* `worker.tolerations` - list, default: `[]` +* `worker.affinity` - object, default: `{}` +* `worker.additionalConfigFiles` - object, default: `{}` + + Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`. + Example: + ```yaml + secret.txt: | + secret-value={{- .Values.someValue }} + ``` +* `worker.additionalVolumes` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + emptyDir: {} + ``` +* `worker.additionalVolumeMounts` - list, default: `[]` + + One or more additional volume mounts to add to all workers. + Example: + ```yaml + - name: extras + mountPath: /usr/share/extras + readOnly: true + ``` +* `worker.annotations` - object, default: `{}` +* `worker.labels` - object, default: `{}` +* `worker.configMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes. + Example: + ```yaml + - name: sample-config-mount + configMap: sample-config-mount + path: /config-mount/sample.json + ``` +* `worker.secretMounts` - list, default: `[]` + + Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes. + Example: + ```yaml + - name: sample-secret + secretName: sample-secret + path: /secrets/sample.json + ``` +* `kafka.mountPath` - string, default: `"/etc/trino/schemas"` +* `kafka.tableDescriptions` - object, default: `{}` + + Custom kafka table descriptions that will be mounted in mountPath. + Example: + ```yaml + testschema.json: |- + { + "tableName": "testtable", + "schemaName": "testschema", + "topicName": "testtopic", + "key": { + "dataFormat": "json", + "fields": [ + { + "name": "_key", + "dataFormat": "VARCHAR", + "type": "VARCHAR", + "hidden": "false" + } + ] + }, + "message": { + "dataFormat": "json", + "fields": [ + { + "name": "id", + "mapping": "id", + "type": "BIGINT" + }, + { + "name": "test_field", + "mapping": "test_field", + "type": "VARCHAR" + } + ] + } + } + ``` +* `jmx.enabled` - bool, default: `false` + + Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). +* `jmx.registryPort` - int, default: `9080` +* `jmx.serverPort` - int, default: `9081` +* `jmx.exporter.enabled` - bool, default: `false` + + Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption +* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:latest"` +* `jmx.exporter.pullPolicy` - string, default: `"Always"` +* `jmx.exporter.port` - int, default: `5556` +* `jmx.exporter.configProperties` - string, default: `""` + + The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + Example: + ```yaml + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + lowercaseOutputName: false + lowercaseOutputLabelNames: false + includeObjectNames: ["java.lang:type=Threading"] + autoExcludeObjectNameAttributes: true + excludeObjectNameAttributes: + "java.lang:type=OperatingSystem": + - "ObjectName" + "java.lang:type=Runtime": + - "ClassPath" + - "SystemProperties" + rules: + - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + name: java_lang_Threading_ThreadCount + value: '$2' + help: 'ThreadCount (java.lang<>ThreadCount)' + type: UNTYPED + ``` +* `jmx.exporter.securityContext` - object, default: `{}` +* `jmx.exporter.resources` - object, default: `{}` + + It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary. + Example: + ```yaml + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ``` +* `jmx.coordinator` - object, default: `{}` + + Override JMX configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + exporter: + enable: true + configProperties: |- + hostPort: localhost:{{- .Values.jmx.registryPort }} + startDelaySeconds: 0 + ssl: false + ``` +* `jmx.worker` - object, default: `{}` + + Override JMX configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + exporter: + enable: true + ``` +* `serviceMonitor.enabled` - bool, default: `false` + + Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). +* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}` + + Labels for serviceMonitor, so that Prometheus can select it +* `serviceMonitor.interval` - string, default: `"30s"` + + The serviceMonitor web endpoint interval +* `serviceMonitor.coordinator` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino coordinator. + Example + ```yaml + coordinator: + enabled: true + labels: + prometheus: my-prometheus + ``` +* `serviceMonitor.worker` - object, default: `{}` + + Override ServiceMonitor configurations for the Trino workers. + Example + ```yaml + worker: + enabled: true + labels: + prometheus: my-prometheus + ``` +* `commonLabels` - object, default: `{}` + + Labels that get applied to every resource's metadata +* `ingress.enabled` - bool, default: `false` +* `ingress.className` - string, default: `""` +* `ingress.annotations` - object, default: `{}` +* `ingress.hosts` - list, default: `[]` + + [Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + Example: + ```yaml + - host: trino.example.com + paths: + - path: / + pathType: ImplementationSpecific + ``` +* `ingress.tls` - list, default: `[]` + + Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration. + Example: + ```yaml + - secretName: chart-example-tls + hosts: + - chart-example.local + ``` +* `networkPolicy.enabled` - bool, default: `false` + + Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + > [!NOTE] + > - NetworkPolicies cannot block the ingress traffic coming directly + > from the Kubernetes node on which the Pod is running, + > and are thus incompatible with services of type `NodePort`. + > - When using NetworkPolicies together with JMX metrics export, + > additional ingress rules might be required to allow metric scraping. +* `networkPolicy.ingress` - list, default: `[]` + + Additional ingress rules to apply to the Trino pods. + Example: + ```yaml + - from: + - ipBlock: + cidr: 172.17.0.0/16 + except: + - 172.17.1.0/24 + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus + - podSelector: + matchLabels: + role: backend-app + ports: + - protocol: TCP + port: 8080 + - protocol: TCP + port: 5556 + ``` +* `networkPolicy.egress` - list, default: `[]` + + Egress rules to apply to the Trino pods. + Example: + ```yaml + - to: + - podSelector: + matchLabels: + role: log-ingestor + ports: + - protocol: TCP + port: 9999 + ``` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/trino/base/charts/trino/README.md.gotmpl b/trino/base/charts/trino/README.md.gotmpl new file mode 100644 index 0000000..e296f05 --- /dev/null +++ b/trino/base/charts/trino/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesHeader" . }} + +{{- range .Values }} +* `{{ .Key }}` - {{ .Type }}, default: {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}{{ if or .Description .AutoDescription }} {{ end }} +{{- if .Description }} +{{ .Description | nindent 2 }} +{{- else if .AutoDescription }} +{{ .AutoDescription | nindent 2 }} +{{- end }} +{{- end }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/trino/base/charts/trino/templates/NOTES.txt b/trino/base/charts/trino/templates/NOTES.txt new file mode 100644 index 0000000..90930a1 --- /dev/null +++ b/trino/base/charts/trino/templates/NOTES.txt @@ -0,0 +1,10 @@ +Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "trino.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} --selector "app.kubernetes.io/name={{ template "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=coordinator" --output name) + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:8080 +{{- end }} diff --git a/trino/base/charts/trino/templates/_helpers.tpl b/trino/base/charts/trino/templates/_helpers.tpl new file mode 100644 index 0000000..26aa8a6 --- /dev/null +++ b/trino/base/charts/trino/templates/_helpers.tpl @@ -0,0 +1,141 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trino.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trino.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trino.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "trino.coordinator" -}} +{{- if .Values.coordinatorNameOverride }} +{{- .Values.coordinatorNameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "coordinator" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "coordinator" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trino.worker" -}} +{{- if .Values.workerNameOverride }} +{{- .Values.workerNameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "worker" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "worker" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{- define "trino.catalog" -}} +{{ template "trino.fullname" . }}-catalog +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "trino.labels" -}} +helm.sh/chart: {{ include "trino.chart" . }} +{{ include "trino.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.commonLabels }} +{{ tpl (toYaml .Values.commonLabels) . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trino.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trino.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "trino.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "trino.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the proper image name +{{ include "trino.image" . }} + +Code is inspired from bitnami/common + +*/}} +{{- define "trino.image" -}} +{{- $repositoryName := .Values.image.repository -}} +{{- if .Values.image.useRepositoryAsSoleImageReference -}} + {{- printf "%s" $repositoryName -}} +{{- else -}} + {{- $repositoryName := .Values.image.repository -}} + {{- $registryName := .Values.image.registry -}} + {{- $separator := ":" -}} + {{- $termination := (default .Chart.AppVersion .Values.image.tag) | toString -}} + {{- if .Values.image.digest }} + {{- $separator = "@" -}} + {{- $termination = .Values.image.digest | toString -}} + {{- end -}} + {{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} + {{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the file auth secret to use +*/}} +{{- define "trino.fileAuthSecretName" -}} +{{- if and .Values.auth .Values.auth.passwordAuthSecret }} +{{- .Values.auth.passwordAuthSecret | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "file-authentication" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "file-authentication" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/autoscaler.yaml b/trino/base/charts/trino/templates/autoscaler.yaml new file mode 100644 index 0000000..9bc8801 --- /dev/null +++ b/trino/base/charts/trino/templates/autoscaler.yaml @@ -0,0 +1,37 @@ +{{- if .Values.server.autoscaling.enabled -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + minReplicas: {{ .Values.server.workers }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "trino.worker" . }} + metrics: + {{- if .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- if .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.server.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{ if .Values.server.autoscaling.behavior -}} + behavior: + {{- toYaml .Values.server.autoscaling.behavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/configmap-access-control-coordinator.yaml b/trino/base/charts/trino/templates/configmap-access-control-coordinator.yaml new file mode 100644 index 0000000..80e6edb --- /dev/null +++ b/trino/base/charts/trino/templates/configmap-access-control-coordinator.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.accessControl.type "configmap" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.accessControl.rules }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/configmap-access-control-worker.yaml b/trino/base/charts/trino/templates/configmap-access-control-worker.yaml new file mode 100644 index 0000000..7585962 --- /dev/null +++ b/trino/base/charts/trino/templates/configmap-access-control-worker.yaml @@ -0,0 +1,22 @@ +{{- if .Values.worker.gracefulShutdown.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + graceful-shutdown-rules.json: >- + { + "system_information": [ + { + "allow": [ + "write" + ], + "user": "admin" + } + ] + } +{{- end }} diff --git a/trino/base/charts/trino/templates/configmap-catalog.yaml b/trino/base/charts/trino/templates/configmap-catalog.yaml new file mode 100644 index 0000000..74ef1b1 --- /dev/null +++ b/trino/base/charts/trino/templates/configmap-catalog.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.catalogs .Values.additionalCatalogs }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.catalog" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: catalogs +data: +{{- $merged := merge .Values.catalogs .Values.additionalCatalogs }} +{{- range $catalogName, $catalogProperties := $merged }} + {{ $catalogName }}.properties: | + {{- $catalogProperties | nindent 4 }} +{{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/configmap-coordinator.yaml b/trino/base/charts/trino/templates/configmap-coordinator.yaml new file mode 100644 index 0000000..75f62ac --- /dev/null +++ b/trino/base/charts/trino/templates/configmap-coordinator.yaml @@ -0,0 +1,180 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} + node.data-dir={{ .Values.server.node.dataDir }} + plugin.dir={{ .Values.server.node.pluginDir }} + {{- range $configValue := .Values.additionalNodeProperties }} + {{ $configValue }} + {{- end }} + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx{{ .Values.coordinator.jvm.maxHeapSize }} + -XX:+{{ .Values.coordinator.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.coordinator.jvm.gcMethod.g1.heapRegionSize }} + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + {{/* only check the version number if the image is not overriden in any way */}} + {{- with .Values.image -}} + {{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }} + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + {{- end }}{{/* if */}} + {{- end }}{{/* with */}} + {{- range $configValue := .Values.coordinator.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + {{- if $coordinatorJmx.enabled }} + -Dcom.sun.management.jmxremote.rmi.port={{- $coordinatorJmx.serverPort }} + {{- end }} + + config.properties: | + coordinator=true + {{- if gt (int .Values.server.workers) 0 }} + node-scheduler.include-coordinator=false + {{- else }} + node-scheduler.include-coordinator=true + {{- end }} + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.coordinator.config.query.maxMemoryPerNode }} + {{- if .Values.coordinator.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.coordinator.config.memory.heapHeadroomPerNode }} + {{- end }} + discovery.uri=http://localhost:{{ .Values.service.port }} + {{- if .Values.server.config.authenticationType }} + http-server.authentication.type={{ .Values.server.config.authenticationType }} + {{- end }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} + {{- if .Values.server.config.https.enabled }} + http-server.https.enabled=true + http-server.https.port={{ .Values.server.config.https.port }} + http-server.https.keystore.path={{ .Values.server.config.https.keystore.path }} + {{- end }} + {{- if $coordinatorJmx.enabled }} + jmx.rmiregistry.port={{- $coordinatorJmx.registryPort }} + jmx.rmiserver.port={{- $coordinatorJmx.serverPort }} + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s + {{- end }} + {{- if .Values.server.coordinatorExtraConfig }} + {{- .Values.server.coordinatorExtraConfig | nindent 4 }} + {{- end }} + +{{- if .Values.accessControl }} + {{- if eq .Values.accessControl.type "configmap" }} + access-control.properties: | + access-control.name=file + {{- if .Values.accessControl.refreshPeriod }} + security.refresh-period={{ .Values.accessControl.refreshPeriod }} + {{- end }} + security.config-file={{ .Values.server.config.path }}/access-control/{{ .Values.accessControl.configFile | default "rules.json" }} + {{- else if eq .Values.accessControl.type "properties" }} + access-control.properties: | + {{- if .Values.accessControl.properties }} + {{- .Values.accessControl.properties | nindent 4 }} + {{- else}} + {{- fail "accessControl.properties is required when accessControl.type is 'properties'." }} + {{- end }} + {{- else}} + {{- fail "Invalid accessControl.type value. It must be either 'configmap' or 'properties'." }} + {{- end }} +{{- end }} + +{{- if .Values.resourceGroups }} + resource-groups.properties: | + resource-groups.configuration-manager=file + resource-groups.config-file={{ .Values.server.config.path }}/resource-groups/resource-groups.json +{{- end }} + +{{- if .Values.server.exchangeManager }} + exchange-manager.properties: | + exchange-manager.name={{ .Values.server.exchangeManager.name }} + exchange.base-directories={{ .Values.server.exchangeManager.baseDir }} + {{- range $configValue := .Values.additionalExchangeManagerProperties }} + {{ $configValue }} + {{- end }} +{{- end }} + + log.properties: | + io.trino={{ .Values.server.log.trino.level }} + {{- range $configValue := .Values.additionalLogProperties }} + {{ $configValue }} + {{- end }} + + {{- if contains "PASSWORD" .Values.server.config.authenticationType }}{{- if not (index .Values.coordinator.additionalConfigFiles "password-authenticator.properties") }} + password-authenticator.properties: | + password-authenticator.name=file + file.password-file={{ .Values.server.config.path }}/auth/password.db + {{- end }}{{- end }} + + {{- if .Values.auth.groups }}{{- if not (index .Values.coordinator.additionalConfigFiles "group-provider.properties") }} + group-provider.properties: | + group-provider.name=file + file.group-file={{ .Values.server.config.path }}/auth/group.db + {{- if .Values.auth.refreshPeriod }} + file.refresh-period={{ .Values.auth.refreshPeriod }} + {{- end }} + {{- end }}{{- end }} + +{{ if .Values.eventListenerProperties }} + event-listener.properties: | + {{- range $configValue := .Values.eventListenerProperties }} + {{ $configValue }} + {{- end }} +{{ end }} + +{{- range $fileName, $fileContent := .Values.coordinator.additionalConfigFiles }} + {{ $fileName }}: | + {{- tpl $fileContent $ | nindent 4 }} +{{- end }} +{{- if .Values.resourceGroups }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + resource-groups.json: |- + {{- .Values.resourceGroups.resourceGroupsConfig | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-schemas-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} diff --git a/trino/base/charts/trino/templates/configmap-jmx-exporter.yaml b/trino/base/charts/trino/templates/configmap-jmx-exporter.yaml new file mode 100644 index 0000000..e11f347 --- /dev/null +++ b/trino/base/charts/trino/templates/configmap-jmx-exporter.yaml @@ -0,0 +1,29 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +{{- if $coordinatorJmx.exporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: jmx +data: + jmx-exporter-config.yaml: |- + {{- tpl $coordinatorJmx.exporter.configProperties . | nindent 4 }} +{{- end }} +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if $workerJmx.exporter.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: jmx +data: + jmx-exporter-config.yaml: |- + {{- tpl $workerJmx.exporter.configProperties . | nindent 4 }} +{{- end }} diff --git a/trino/base/charts/trino/templates/configmap-worker.yaml b/trino/base/charts/trino/templates/configmap-worker.yaml new file mode 100644 index 0000000..21bb271 --- /dev/null +++ b/trino/base/charts/trino/templates/configmap-worker.yaml @@ -0,0 +1,120 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if gt (int .Values.server.workers) 0 }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + node.properties: | + node.environment={{ .Values.server.node.environment }} + node.data-dir={{ .Values.server.node.dataDir }} + plugin.dir={{ .Values.server.node.pluginDir }} + {{- range $configValue := .Values.additionalNodeProperties }} + {{ $configValue }} + {{- end }} + + jvm.config: | + -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so + -Xmx{{ .Values.worker.jvm.maxHeapSize }} + -XX:+{{ .Values.worker.jvm.gcMethod.type }} + -XX:G1HeapRegionSize={{ .Values.worker.jvm.gcMethod.g1.heapRegionSize }} + -XX:+ExplicitGCInvokesConcurrent + -XX:+HeapDumpOnOutOfMemoryError + -XX:+ExitOnOutOfMemoryError + -XX:-OmitStackTraceInFastThrow + -XX:ReservedCodeCacheSize=512M + -XX:PerMethodRecompilationCutoff=10000 + -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true + -Djdk.nio.maxCachedBufferSize=2000000 + # Allow loading dynamic agent used by JOL + -XX:+EnableDynamicAgentLoading + {{/* only check the version number if the image is not overriden in any way */}} + {{- with .Values.image -}} + {{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }} + # https://bugs.openjdk.org/browse/JDK-8329528 + -XX:+UnlockDiagnosticVMOptions + -XX:G1NumCollectionsKeepPinned=10000000 + {{- end }}{{/* if */}} + {{- end }}{{/* with */}} + {{- range $configValue := .Values.worker.additionalJVMConfig }} + {{ $configValue }} + {{- end }} + {{- if $workerJmx.enabled }} + -Dcom.sun.management.jmxremote.rmi.port={{- $workerJmx.serverPort }} + {{- end }} + + config.properties: | + coordinator=false + http-server.http.port={{ .Values.service.port }} + query.max-memory={{ .Values.server.config.query.maxMemory }} + query.max-memory-per-node={{ .Values.worker.config.query.maxMemoryPerNode }} + {{- if .Values.worker.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.worker.config.memory.heapHeadroomPerNode }} + {{- end }} + discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} + {{- range $configValue := .Values.additionalConfigProperties }} + {{ $configValue }} + {{- end }} + {{- if $workerJmx.enabled }} + jmx.rmiregistry.port={{- $workerJmx.registryPort }} + jmx.rmiserver.port={{- $workerJmx.serverPort }} + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s + {{- end }} + {{- if .Values.server.workerExtraConfig }} + {{- .Values.server.workerExtraConfig | nindent 4 }} + {{- end }} + +{{- if .Values.worker.gracefulShutdown.enabled }} + access-control.properties: | + access-control.name=file + security.config-file={{ .Values.server.config.path }}/access-control/graceful-shutdown-rules.json +{{- end }} + +{{- if .Values.server.exchangeManager }} + exchange-manager.properties: | + exchange-manager.name={{ .Values.server.exchangeManager.name }} + exchange.base-directories={{ .Values.server.exchangeManager.baseDir }} + {{- range $configValue := .Values.additionalExchangeManagerProperties }} + {{ $configValue }} + {{- end }} +{{- end }} + + log.properties: | + io.trino={{ .Values.server.log.trino.level }} + {{- range $configValue := .Values.additionalLogProperties }} + {{ $configValue }} + {{- end }} + +{{ if .Values.eventListenerProperties }} + event-listener.properties: | + {{- range $configValue := .Values.eventListenerProperties }} + {{ $configValue }} + {{- end }} +{{ end }} + +{{- range $fileName, $fileContent := .Values.worker.additionalConfigFiles }} + {{ $fileName }}: | + {{- tpl $fileContent $ | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-schemas-volume-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/deployment-coordinator.yaml b/trino/base/charts/trino/templates/deployment-coordinator.yaml new file mode 100644 index 0000000..297d16c --- /dev/null +++ b/trino/base/charts/trino/templates/deployment-coordinator.yaml @@ -0,0 +1,247 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 4 }} + {{- end }} +spec: + progressDeadlineSeconds: {{ .Values.coordinator.deployment.progressDeadlineSeconds }} + revisionHistoryLimit: {{ .Values.coordinator.deployment.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.coordinator.deployment.strategy | nindent 4 }} + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: coordinator + template: + metadata: + annotations: + {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }} + {{- end }} + {{- if or .Values.catalogs .Values.additionalCatalogs }} + checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} + {{- end }} + checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }} + {{- if .Values.coordinator.annotations }} + {{- tpl (toYaml .Values.coordinator.annotations) . | nindent 8 }} + {{- end }} + + labels: + {{- include "trino.labels" . | nindent 8 }} + app.kubernetes.io/component: coordinator + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace.coordinator }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "trino.coordinator" . }} + {{- if or .Values.catalogs .Values.additionalCatalogs }} + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + {{- end }} + - name: schemas-volume + configMap: + name: {{ template "trino.fullname" . }}-schemas-volume-coordinator + {{- if eq .Values.accessControl.type "configmap" }} + - name: access-control-volume + configMap: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + {{- end }} + {{- if .Values.resourceGroups }} + - name: resource-groups-volume + configMap: + name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator + {{- end }} + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret .Values.auth.groups }} + - name: file-authentication-volume + secret: + secretName: {{ template "trino.fileAuthSecretName" . }} + items: + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - key: password.db + path: password.db + {{- end }} + {{- if .Values.auth.groups }} + - key: group.db + path: group.db + {{- end }} + {{- end }} + {{- if $coordinatorJmx.exporter.enabled }} + - name: jmx-exporter-config-volume + configMap: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.coordinator.configMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- with .Values.coordinator.additionalVolumes }} + {{- . | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.initContainers.coordinator }} + initContainers: + {{- tpl (toYaml .Values.initContainers.coordinator) . | nindent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.coordinator.terminationGracePeriodSeconds }} + containers: + - name: {{ .Chart.Name }}-coordinator + image: {{ include "trino.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + env: + {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + {{- if or .Values.catalogs .Values.additionalCatalogs }} + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume + {{- end }} + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- if eq .Values.accessControl.type "configmap" }} + - mountPath: {{ .Values.server.config.path }}/access-control + name: access-control-volume + {{- end }} + {{- if .Values.resourceGroups }} + - mountPath: {{ .Values.server.config.path }}/resource-groups + name: resource-groups-volume + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.coordinator.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret .Values.auth.groups }} + - mountPath: {{ .Values.server.config.path }}/auth + name: file-authentication-volume + {{- end }} + {{- with .Values.coordinator.additionalVolumeMounts }} + {{- . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + {{- if $coordinatorJmx.enabled }} + - name: jmx-registry + containerPort: {{ $coordinatorJmx.registryPort }} + protocol: TCP + - name: jmx-server + containerPort: {{ $coordinatorJmx.serverPort }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.coordinator.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.coordinator.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.livenessProbe.successThreshold | default 1 }} + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: {{ .Values.coordinator.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.coordinator.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.readinessProbe.successThreshold | default 1 }} + lifecycle: + {{- toYaml .Values.coordinator.lifecycle | nindent 12 }} + resources: + {{- toYaml .Values.coordinator.resources | nindent 12 }} + {{- if $coordinatorJmx.exporter.enabled }} + - name: jmx-exporter + image: {{ $coordinatorJmx.exporter.image }} + imagePullPolicy: {{ $coordinatorJmx.exporter.pullPolicy }} + securityContext: + {{- toYaml $coordinatorJmx.exporter.securityContext | nindent 12 }} + args: + - "{{ $coordinatorJmx.exporter.port }}" + - /etc/jmx-exporter/jmx-exporter-config.yaml + volumeMounts: + - mountPath: /etc/jmx-exporter/ + name: jmx-exporter-config-volume + resources: + {{- toYaml $coordinatorJmx.exporter.resources | nindent 12 }} + ports: + - name: jmx-exporter + containerPort: {{ $coordinatorJmx.exporter.port }} + protocol: TCP + {{- end }} + {{- if .Values.sidecarContainers.coordinator }} + {{- toYaml .Values.sidecarContainers.coordinator | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/trino/base/charts/trino/templates/deployment-worker.yaml b/trino/base/charts/trino/templates/deployment-worker.yaml new file mode 100644 index 0000000..c7ad8eb --- /dev/null +++ b/trino/base/charts/trino/templates/deployment-worker.yaml @@ -0,0 +1,245 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- if gt (int .Values.server.workers) 0 }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "trino.worker" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 4 }} + {{- end }} +spec: + progressDeadlineSeconds: {{ .Values.worker.deployment.progressDeadlineSeconds }} + revisionHistoryLimit: {{ .Values.worker.deployment.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.worker.deployment.strategy | nindent 4 }} + {{- if not .Values.server.autoscaling.enabled }} + replicas: {{ .Values.server.workers }} + {{- end }} + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + template: + metadata: + annotations: + {{- if or .Values.catalogs .Values.additionalCatalogs }} + checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} + {{- end }} + checksum/worker-config: {{ include (print $.Template.BasePath "/configmap-worker.yaml") . | sha256sum }} + {{- if .Values.worker.gracefulShutdown.enabled }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-worker.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.worker.annotations }} + {{- tpl (toYaml .Values.worker.annotations) . | nindent 8 }} + {{- end }} + labels: + {{- include "trino.labels" . | nindent 8 }} + app.kubernetes.io/component: worker + trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }} + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace.worker }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "trino.worker" . }} + {{- if or .Values.catalogs .Values.additionalCatalogs }} + - name: catalog-volume + configMap: + name: {{ template "trino.catalog" . }} + {{- end }} + - name: schemas-volume + configMap: + name: {{ template "trino.fullname" . }}-schemas-volume-worker + {{- if $workerJmx.exporter.enabled }} + - name: jmx-exporter-config-volume + configMap: + name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker + {{- end }} + {{- if .Values.worker.gracefulShutdown.enabled }} + - name: access-control-volume + configMap: + name: {{ template "trino.fullname" . }}-access-control-volume-worker + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.worker.configMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- with .Values.worker.additionalVolumes }} + {{- . | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.initContainers.worker }} + initContainers: + {{- tpl (toYaml .Values.initContainers.worker) . | nindent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets}} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if and .Values.worker.gracefulShutdown.enabled (gt (mulf 2.0 .Values.worker.gracefulShutdown.gracePeriodSeconds) .Values.worker.terminationGracePeriodSeconds) }} + {{- fail "The user must set the `worker.terminationGracePeriodSeconds` to a value of at least two times the configured `gracePeriodSeconds`." }} + {{- else }} + terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-worker + image: {{ include "trino.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + env: + {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.server.config.path }} + name: config-volume + {{- if or .Values.catalogs .Values.additionalCatalogs }} + - mountPath: {{ .Values.server.config.path }}/catalog + name: catalog-volume + {{- end }} + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- if .Values.worker.gracefulShutdown.enabled }} + - mountPath: {{ .Values.server.config.path }}/access-control + name: access-control-volume + {{- end }} + {{- range .Values.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.worker.configMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- with .Values.worker.additionalVolumeMounts }} + {{- . | toYaml | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + {{- if $workerJmx.enabled }} + - name: jmx-registry + containerPort: {{ $workerJmx.registryPort }} + protocol: TCP + - name: jmx-server + containerPort: {{ $workerJmx.serverPort }} + protocol: TCP + {{- end }} + {{- range $key, $value := .Values.worker.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.worker.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.livenessProbe.successThreshold | default 1 }} + readinessProbe: + exec: + command: [/usr/lib/trino/bin/health-check] + initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds | default 10 }} + periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.readinessProbe.successThreshold | default 1 }} + lifecycle: + {{- if .Values.worker.lifecycle }} + {{- if .Values.worker.gracefulShutdown.enabled }} + {{- fail "The `worker.lifecycle` configuration conflicts with `worker.gracefulShutdown`. Either disable `worker.gracefulShutdown` and apply the related configurations manually, or remove `worker.lifecycle`." }} + {{- end }} + {{- toYaml .Values.worker.lifecycle | nindent 12 }} + {{- else if .Values.worker.gracefulShutdown.enabled }} + preStop: + exec: + command: + - /bin/sh + - -c + - >- + curl -v -X PUT + -d '"SHUTTING_DOWN"' + -H 'Content-type: application/json' + -H 'X-Trino-User: admin' + http://localhost:{{- .Values.service.port -}}/v1/info/state + {{- end }} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + {{- if $workerJmx.exporter.enabled }} + - name: jmx-exporter + image: {{ $workerJmx.exporter.image }} + imagePullPolicy: {{ $workerJmx.exporter.pullPolicy }} + securityContext: + {{- toYaml $workerJmx.exporter.securityContext | nindent 12 }} + args: + - "{{ $workerJmx.exporter.port }}" + - /etc/jmx-exporter/jmx-exporter-config.yaml + volumeMounts: + - mountPath: /etc/jmx-exporter/ + name: jmx-exporter-config-volume + resources: + {{- toYaml $workerJmx.exporter.resources | nindent 12 }} + ports: + - name: jmx-exporter + containerPort: {{ $workerJmx.exporter.port }} + protocol: TCP + {{- end }} + {{- if .Values.sidecarContainers.worker }} + {{- toYaml .Values.sidecarContainers.worker | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/ingress.yaml b/trino/base/charts/trino/templates/ingress.yaml new file mode 100644 index 0000000..33543d7 --- /dev/null +++ b/trino/base/charts/trino/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "trino.coordinator" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "trino.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/networkpolicy.yaml b/trino/base/charts/trino/templates/networkpolicy.yaml new file mode 100644 index 0000000..592c882 --- /dev/null +++ b/trino/base/charts/trino/templates/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.networkPolicy.enabled }} +{{- if eq "NodePort" .Values.service.type}} +{{- fail "NetworkPolicy enforcement is not supported with NodePort services, as traffic reaches the Pod through the node itself, bypassing pod-level network controls." }} +{{- end }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: network-policy +spec: + podSelector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + trino.io/network-policy-protection: enabled + policyTypes: + - Ingress + {{- with .Values.networkPolicy.egress }} + - Egress + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 14 }} + trino.io/network-policy-protection: enabled + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + {{- with .Values.networkPolicy.ingress }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/secret.yaml b/trino/base/charts/trino/templates/secret.yaml new file mode 100644 index 0000000..dd48f90 --- /dev/null +++ b/trino/base/charts/trino/templates/secret.yaml @@ -0,0 +1,16 @@ +{{- if or .Values.auth.passwordAuth .Values.auth.groups }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "trino.fileAuthSecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +data: +{{- if .Values.auth.passwordAuth }} + password.db: {{ .Values.auth.passwordAuth | b64enc }} +{{- end }} +{{- if .Values.auth.groups}} + group.db: {{ .Values.auth.groups | b64enc }} +{{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/service-coordinator.yaml b/trino/base/charts/trino/templates/service-coordinator.yaml new file mode 100644 index 0000000..46a6a0d --- /dev/null +++ b/trino/base/charts/trino/templates/service-coordinator.yaml @@ -0,0 +1,36 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + {{- if $coordinatorJmx.exporter.enabled }} + - port: {{ $coordinatorJmx.exporter.port }} + targetPort: jmx-exporter + protocol: TCP + name: jmx-exporter + {{- end }} + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - port: {{ $value.servicePort }} + name: {{ $value.name }} + targetPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + selector: + {{- include "trino.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: coordinator diff --git a/trino/base/charts/trino/templates/service-worker.yaml b/trino/base/charts/trino/templates/service-worker.yaml new file mode 100644 index 0000000..97fec58 --- /dev/null +++ b/trino/base/charts/trino/templates/service-worker.yaml @@ -0,0 +1,27 @@ +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "trino.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + clusterIP: None + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if $workerJmx.exporter.enabled }} + - port: {{$workerJmx.exporter.port }} + targetPort: jmx-exporter + protocol: TCP + name: jmx-exporter + {{- end }} + selector: + {{- include "trino.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: worker diff --git a/trino/base/charts/trino/templates/serviceaccount.yaml b/trino/base/charts/trino/templates/serviceaccount.yaml new file mode 100644 index 0000000..a61c072 --- /dev/null +++ b/trino/base/charts/trino/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trino.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/trino/base/charts/trino/templates/servicemonitor-coordinator.yaml b/trino/base/charts/trino/templates/servicemonitor-coordinator.yaml new file mode 100644 index 0000000..e7fe53e --- /dev/null +++ b/trino/base/charts/trino/templates/servicemonitor-coordinator.yaml @@ -0,0 +1,24 @@ +{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if $coordinatorServiceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "trino.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if $coordinatorServiceMonitor.labels }} + {{- toYaml $coordinatorServiceMonitor.labels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: coordinator + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: jmx-exporter + interval: {{ $coordinatorServiceMonitor.interval }} +{{- end }} diff --git a/trino/base/charts/trino/templates/servicemonitor-worker.yaml b/trino/base/charts/trino/templates/servicemonitor-worker.yaml new file mode 100644 index 0000000..a6e8257 --- /dev/null +++ b/trino/base/charts/trino/templates/servicemonitor-worker.yaml @@ -0,0 +1,24 @@ +{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if $workerServiceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "trino.fullname" . }}-worker + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if $workerServiceMonitor.labels }} + {{- toYaml $workerServiceMonitor.labels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "trino.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: worker + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: jmx-exporter + interval: {{ $workerServiceMonitor.interval }} +{{- end }} diff --git a/trino/base/charts/trino/templates/tests/test-connection.yaml b/trino/base/charts/trino/templates/tests/test-connection.yaml new file mode 100644 index 0000000..4e4a5f2 --- /dev/null +++ b/trino/base/charts/trino/templates/tests/test-connection.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-connection + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: connection + annotations: + "helm.sh/hook": test +spec: + containers: + - name: cli + image: {{ include "trino.image" . }} + command: ['trino'] + args: + {{- if .Values.server.config.https.enabled }} + # port must match coordinator.additionalExposedPorts + - trino://{{ include "trino.fullname" . }}.{{ .Release.Namespace }}:8443?SSL=true&SSLVerification=FULL&SSLTrustStorePath=/etc/trino/certificates/tls.crt + {{- else }} + - trino://{{ include "trino.fullname" . }}:{{ .Values.service.port }} + {{- end }} + - --user=admin + {{- if eq .Values.server.config.authenticationType "PASSWORD" }} + - --password + {{- end }} + - --debug + - --execute=SELECT 1 + - --no-progress + {{- if eq .Values.server.config.authenticationType "PASSWORD" }} + env: + - name: TRINO_PASSWORD + # must match test-values.yaml + value: admin123 + {{- end }} + {{- if .Values.server.config.https.enabled }} + volumeMounts: + - name: certificates + readOnly: true + mountPath: "/etc/trino/certificates" + volumes: + - name: certificates + secret: + secretName: certificates + {{- end }} + restartPolicy: Never diff --git a/trino/base/charts/trino/templates/tests/test-graceful-shutdown.yaml b/trino/base/charts/trino/templates/tests/test-graceful-shutdown.yaml new file mode 100644 index 0000000..79d9353 --- /dev/null +++ b/trino/base/charts/trino/templates/tests/test-graceful-shutdown.yaml @@ -0,0 +1,120 @@ +{{- if .Values.worker.gracefulShutdown.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "trino.fullname" . }}-pod-manager + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: graceful-shutdown + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded +rules: + - apiGroups: [ "" ] + resources: [ "pods" ] + verbs: [ "get", "list", "delete" ] + - apiGroups: [ "" ] + resources: [ "pods/log" ] + verbs: [ "get" ] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trino.fullname" . }}-pod-manager-sa + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: graceful-shutdown + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "trino.fullname" . }}-pod-manager-binding + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: graceful-shutdown + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded +subjects: + - kind: ServiceAccount + name: {{ include "trino.fullname" . }}-pod-manager-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "trino.fullname" . }}-pod-manager + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-graceful-shutdown + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: graceful-shutdown + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + serviceAccountName: {{ include "trino.fullname" . }}-pod-manager-sa + initContainers: + - name: get-worker-pod + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + kubectl get pods + --selector="app.kubernetes.io/name={{ include "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=worker" + --output=jsonpath="{.items[0].metadata.name}" + --namespace={{ .Release.Namespace }} + > /pods/worker-pod.txt + volumeMounts: + - mountPath: /pods + name: worker-pod + containers: + - name: check-logs + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + WORKER_POD=$(cat /pods/worker-pod.txt) && + kubectl logs ${WORKER_POD} + --follow + --container=trino-worker + --namespace={{ .Release.Namespace }} + | grep --max-count=1 "Shutdown requested" + volumeMounts: + - mountPath: /pods + name: worker-pod + - name: trigger-graceful-shutdown + image: bitnami/kubectl:latest + command: [ "sh", "-c" ] + args: + - >- + sleep 5 && + WORKER_POD=$(cat /pods/worker-pod.txt) && + kubectl delete pod + ${WORKER_POD} + --namespace={{ .Release.Namespace }} + volumeMounts: + - mountPath: /pods + name: worker-pod + restartPolicy: Never + volumes: + - name: worker-pod + emptyDir: {} + +{{- end }} diff --git a/trino/base/charts/trino/templates/tests/test-jmx.yaml b/trino/base/charts/trino/templates/tests/test-jmx.yaml new file mode 100644 index 0000000..a968cc8 --- /dev/null +++ b/trino/base/charts/trino/templates/tests/test-jmx.yaml @@ -0,0 +1,99 @@ +{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}} +{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}} +{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}} +{{- if or $coordinatorJmx.exporter.enabled $coordinatorServiceMonitor.enabled $workerJmx.exporter.enabled $workerServiceMonitor.enabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-jmx + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: jmx + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + containers: + {{- if $coordinatorJmx.exporter.enabled }} + - name: trino-jmx-coordinator + image: {{ include "trino.image" . }} + command: ["/bin/bash", "-c"] + args: + - curl -s {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ $coordinatorJmx.exporter.port }}/metrics | grep -q trino + {{- end }} + {{- if $workerJmx.exporter.port }} + - name: trino-jmx-worker + image: {{ include "trino.image" . }} + command: ["/bin/bash", "-c"] + args: + - curl -s {{ include "trino.fullname" . }}-worker.{{ .Release.Namespace }}:{{ $workerJmx.exporter.port }}/metrics | grep -q trino + {{- end }} + {{- if $coordinatorServiceMonitor.enabled }} + - name: service-monitor-coordinator + image: python:3-slim + command: [ "python", "/tests/test.py" ] + args: ["{{ include "trino.fullname" . }}"] + volumeMounts: + - name: tests + mountPath: /tests + {{- end }} + {{- if $workerServiceMonitor.enabled }} + - name: service-monitor-worker + image: python:3-slim + command: ["python", "/tests/test.py"] + args: ["{{ include "trino.fullname" . }}-worker"] + volumeMounts: + - name: tests + mountPath: /tests + {{- end }} + volumes: + - name: tests + configMap: + name: {{ include "trino.fullname" . }}-test-jmx + restartPolicy: Never +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "trino.fullname" . }}-test-jmx + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: jmx + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +data: + test.py: | + from urllib.request import urlopen + from urllib.error import URLError, HTTPError + import json + import logging + import sys + import time + + logger = logging.getLogger(__name__) + target_service = sys.argv[1] + url = f"http://prometheus-operator-kube-p-prometheus:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{target_service}/0&state=active" + while True: + try: + with urlopen(url) as response: + data = json.load(response) + except (URLError, HTTPError) as e: + logger.warning("Error fetching targets, Prometheus service might not be ready: ", e) + time.sleep(2) # Retry after 2 seconds + continue + + try: + service_name = data["data"]["activeTargets"][0]["discoveredLabels"]["__meta_kubernetes_service_name"] + except (KeyError, IndexError) as e: + logger.warning("Invalid Prometheus response: ", e) + time.sleep(2) # Retry after 2 seconds + continue + + if service_name == target_service: + logger.info(f"Found expected service '{service_name}' in Prometheus targets!") + break +{{- end }} diff --git a/trino/base/charts/trino/templates/tests/test-networkpolicy.yaml b/trino/base/charts/trino/templates/tests/test-networkpolicy.yaml new file mode 100644 index 0000000..2d7455f --- /dev/null +++ b/trino/base/charts/trino/templates/tests/test-networkpolicy.yaml @@ -0,0 +1,28 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "trino.fullname" . }}-test-networkpolicy + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: test + test: network-policy + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + containers: + - name: check-connection + image: {{ include "trino.image" . }} + command: [ "/bin/bash", "-c" ] + args: + - >- + curl + {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }} + --head + --fail + --connect-timeout 10 + --max-time 10 + 2>&1 | grep -q "timed out" + restartPolicy: Never +{{- end }} diff --git a/trino/base/charts/trino/values.yaml b/trino/base/charts/trino/values.yaml new file mode 100644 index 0000000..660b8e4 --- /dev/null +++ b/trino/base/charts/trino/values.yaml @@ -0,0 +1,1032 @@ +# Default values for trino. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Override resource names to avoid name conflicts when deploying multiple +# releases in the same namespace. +# @raw +# Example: +# ```yaml +# coordinatorNameOverride: trino-coordinator-adhoc +# workerNameOverride: trino-worker-adhoc +# nameOverride: trino-adhoc +# ``` +nameOverride: +coordinatorNameOverride: +workerNameOverride: + +image: + # -- Image registry, defaults to empty, which results in DockerHub usage + registry: "" + # -- Repository location of the Trino image, typically `organization/imagename` + repository: trinodb/trino + # -- Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml + tag: "" + # -- Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`. + digest: "" + # -- When true, only the content in `repository` is used as image reference + useRepositoryAsSoleImageReference: false + pullPolicy: IfNotPresent + +# -- An optional list of references to secrets in the same namespace to use for pulling images. +# @raw +# Example: +# ```yaml +# imagePullSecrets: +# - name: registry-credentials +# ``` +imagePullSecrets: [] + +server: + workers: 2 + node: + environment: production + dataDir: /data/trino + pluginDir: /usr/lib/trino/plugin + log: + trino: + level: INFO + config: + path: /etc/trino + https: + enabled: false + port: 8443 + keystore: + path: "" + # -- Trino supports multiple [authentication + # types](https://trino.io/docs/current/security/authentication-types.html): + # PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS. + authenticationType: "" + query: + maxMemory: "4GB" + exchangeManager: {} + # server.exchangeManager -- Mandatory [exchange manager + # configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). + # Used to set the name and location(s) of the spooling storage destination. To enable fault-tolerant execution, + # set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be + # added to `additionalExchangeManagerProperties`. + # @raw + # Example: + # ```yaml + # server: + # exchangeManager: + # name: "filesystem" + # baseDir: "/tmp/trino-local-file-system-exchange-manager" + # additionalConfigProperties: + # - retry-policy=TASK + # additionalExchangeManagerProperties: + # - exchange.sink-buffer-pool-min-size=10 + # - exchange.sink-buffers-per-partition=2 + # - exchange.source-concurrent-readers=4 + # ``` + + workerExtraConfig: "" + coordinatorExtraConfig: "" + autoscaling: + enabled: false + maxReplicas: 5 + # -- Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, + # set to an empty string. + targetCPUUtilizationPercentage: 50 + # -- Target average memory utilization, represented as a percentage of requested memory. To disable scaling + # based on memory, set to an empty string. + targetMemoryUtilizationPercentage: 80 + behavior: {} + # server.autoscaling.behavior -- Configuration for scaling up and down. + # @raw + # Example: + # ```yaml + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # scaleUp: + # stabilizationWindowSeconds: 0 + # policies: + # - type: Percent + # value: 100 + # periodSeconds: 15 + # - type: Pods + # value: 4 + # periodSeconds: 15 + # selectPolicy: Max + # ``` + +accessControl: {} +# accessControl -- [System access +# control](https://trino.io/docs/current/security/built-in-system-access-control.html) +# configuration. +# @raw +# Set the type property to either: +# * `configmap`, and provide the rule file contents in `rules`, +# * `properties`, and provide configuration properties in `properties`. +# Properties example: +# ```yaml +# type: properties +# properties: | +# access-control.name=custom-access-control +# access-control.custom_key=custom_value +# ``` +# Config map example: +# ```yaml +# type: configmap +# refreshPeriod: 60s +# # Rules file is mounted to /etc/trino/access-control +# configFile: "rules.json" +# rules: +# rules.json: |- +# { +# "catalogs": [ +# { +# "user": "admin", +# "catalog": "(mysql|system)", +# "allow": "all" +# }, +# { +# "group": "finance|human_resources", +# "catalog": "postgres", +# "allow": true +# }, +# { +# "catalog": "hive", +# "allow": "all" +# }, +# { +# "user": "alice", +# "catalog": "postgresql", +# "allow": "read-only" +# }, +# { +# "catalog": "system", +# "allow": "none" +# } +# ], +# "schemas": [ +# { +# "user": "admin", +# "schema": ".*", +# "owner": true +# }, +# { +# "user": "guest", +# "owner": false +# }, +# { +# "catalog": "default", +# "schema": "default", +# "owner": true +# } +# ] +# } +# ``` + +resourceGroups: {} +# resourceGroups -- Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json +# @raw +# Example: +# ```yaml +# resourceGroupsConfig: |- +# { +# "rootGroups": [ +# { +# "name": "global", +# "softMemoryLimit": "80%", +# "hardConcurrencyLimit": 100, +# "maxQueued": 100, +# "schedulingPolicy": "fair", +# "jmxExport": true, +# "subGroups": [ +# { +# "name": "admin", +# "softMemoryLimit": "30%", +# "hardConcurrencyLimit": 20, +# "maxQueued": 10 +# }, +# { +# "name": "finance_human_resources", +# "softMemoryLimit": "20%", +# "hardConcurrencyLimit": 15, +# "maxQueued": 10 +# }, +# { +# "name": "general", +# "softMemoryLimit": "30%", +# "hardConcurrencyLimit": 20, +# "maxQueued": 10 +# }, +# { +# "name": "readonly", +# "softMemoryLimit": "10%", +# "hardConcurrencyLimit": 5, +# "maxQueued": 5 +# } +# ] +# } +# ], +# "selectors": [ +# { +# "user": "admin", +# "group": "global.admin" +# }, +# { +# "group": "finance|human_resources", +# "group": "global.finance_human_resources" +# }, +# { +# "user": "alice", +# "group": "global.readonly" +# }, +# { +# "group": "global.general" +# } +# ] +# } +# ``` + +additionalNodeProperties: [] +# additionalNodeProperties -- [Additional node +# properties](https://trino.io/docs/current/installation/deployment.html#log-levels). +# @raw +# Example, assuming the NODE_ID environment variable has been set: +# ```yaml +# - node.id=${NODE_ID} +# ``` + +additionalConfigProperties: [] +# additionalConfigProperties -- [Additional config +# properties](https://trino.io/docs/current/admin/properties.html). +# @raw +# Example: +# ```yaml +# - internal-communication.shared-secret=random-value-999 +# - http-server.process-forwarded=true +# ``` + +additionalLogProperties: [] +# additionalLogProperties -- [Additional log +# properties](https://trino.io/docs/current/installation/deployment.html#log-levels). +# @raw +# Example: +# ```yaml +# - io.airlift=DEBUG +# ``` + +additionalExchangeManagerProperties: [] +# additionalExchangeManagerProperties -- [Exchange manager +# properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager). +# @raw +# Example: +# ```yaml +# - exchange.s3.region=object-store-region +# - exchange.s3.endpoint=your-object-store-endpoint +# - exchange.s3.aws-access-key=your-access-key +# - exchange.s3.aws-secret-key=your-secret-key +# ``` + +eventListenerProperties: [] +# eventListenerProperties -- [Event +# listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) +# properties. To configure multiple event listeners, add them in +# `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and +# set the `event-listener.config-files` property in +# `additionalConfigProperties` to their locations. +# @raw +# Example: +# ```yaml +# - event-listener.name=custom-event-listener +# - custom-property1=custom-value1 +# - custom-property2=custom-value2 +# ``` + +catalogs: + tpch: | + connector.name=tpch + tpch.splits-per-node=4 + tpcds: | + connector.name=tpcds + tpcds.splits-per-node=4 +# catalogs -- Configure +# [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). +# @raw +# Example: +# ```yaml +# objectstore: | +# connector.name=iceberg +# iceberg.catalog.type=glue +# jmx: | +# connector.name=memory +# memory: | +# connector.name=memory +# memory.max-data-per-node=128MB +# ``` + +additionalCatalogs: {} +# additionalCatalogs -- Deprecated, use `catalogs` instead. Configure additional +# [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties). + +env: [] +# env -- additional environment variables added to every pod, specified as a list with explicit values +# @raw +# Example: +# ```yaml +# - name: NAME +# value: "value" +# ``` + +envFrom: [] +# envFrom -- additional environment variables added to every pod, specified as a list of either `ConfigMap` +# or `Secret` references +# @raw +# Example: +# ```yaml +# - secretRef: +# name: extra-secret +# ``` + +initContainers: {} +# initContainers -- Additional [containers that run to +# completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) +# during pod initialization. +# @raw +# Example: +# ```yaml +# coordinator: +# - name: init-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] +# worker: +# - name: init-worker +# image: busybox:1.28 +# command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] +# ``` + +sidecarContainers: {} +# sidecarContainers -- Additional [containers that starts +# before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) +# the Trino container and continues to run. +# @raw +# Example: +# ```yaml +# coordinator: +# - name: side-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# worker: +# - name: side-worker +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# ``` + +# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. +# To remove the default, set it to null (or `~`). +securityContext: + runAsUser: 1000 + runAsGroup: 1000 + +# -- [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration. +containerSecurityContext: + # -- Control whether a process can gain more privileges than its parent process. + allowPrivilegeEscalation: false + capabilities: + # -- A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in + # [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove + # the "CAP_" prefix which the kernel attaches to the names of permissions. + drop: + - ALL + +shareProcessNamespace: + coordinator: false + worker: false + +service: + annotations: {} + type: ClusterIP + port: 8080 + # service.nodePort -- The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will + # [allocate a port + # automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port). + nodePort: "" + +auth: {} +# auth -- Available authentication methods. +# @raw +# Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format): +# ```yaml +# passwordAuth: "username:encrypted-password-with-htpasswd" +# ``` +# Set the name of a secret containing this file in the password.db key +# ```yaml +# passwordAuthSecret: "trino-password-authentication" +# ``` +# Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format): +# ```yaml +# refreshPeriod: 5s +# groups: "group_name:user_1,user_2,user_3" +# ``` + +serviceAccount: + # -- Specifies whether a service account should be created + create: false + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # -- Annotations to add to the service account + annotations: {} + +configMounts: [] +# configMounts -- Allows mounting additional Trino configuration files from +# Kubernetes config maps on all nodes. +# @raw +# Example: +# ```yaml +# - name: sample-config-mount +# configMap: sample-config-map +# path: /config-map/sample.json +# ``` + +secretMounts: [] +# secretMounts -- Allows mounting additional Trino configuration files from +# Kubernetes secrets on all nodes. +# @raw +# Example: +# ```yaml +# - name: sample-secret +# secretName: sample-secret +# path: /secrets/sample.json +# ``` + +coordinator: + deployment: + progressDeadlineSeconds: 600 + # coordinator.deployment.progressDeadlineSeconds -- The maximum time in seconds for a deployment to make progress before it + # is considered failed. The deployment controller continues to + # process failed deployments and a condition with a ProgressDeadlineExceeded + # reason is surfaced in the deployment status. + + revisionHistoryLimit: 10 + # coordinator.deployment.revisionHistoryLimit -- The number of old ReplicaSets to retain to allow rollback. + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + # coordinator.deployment.strategy -- The deployment strategy to use to replace existing pods with new ones. + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + + config: + memory: + heapHeadroomPerNode: "" + query: + maxMemoryPerNode: "1GB" + + additionalJVMConfig: [] + + additionalExposedPorts: {} + # coordinator.additionalExposedPorts -- Additional ports configured in the coordinator container and the service. + # @raw + # Example: + # ```yaml + # https: + # servicePort: 8443 + # name: https + # port: 8443 + # protocol: TCP + # ``` + + resources: {} + # coordinator.resources -- It is recommended not to specify default resources + # and to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + + livenessProbe: {} + # coordinator.livenessProbe -- [Liveness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # options + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + readinessProbe: {} + # coordinator.readinessProbe -- [Readiness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + + lifecycle: {} + # coordinator.lifecycle -- Coordinator container [lifecycle + # events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + # @raw + # Example: + # ```yaml + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 120"] + # ``` + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + # coordinator.additionalConfigFiles -- Additional config files placed in the default configuration directory. + # Supports templating the files' contents with `tpl`. + # @raw + # Example: + # ```yaml + # secret.txt: | + # secret-value={{- .Values.someValue }} + # ``` + + additionalVolumes: [] + # coordinator.additionalVolumes -- One or more additional volumes to add to the coordinator. + # @raw + # Example: + # ```yaml + # - name: extras + # emptyDir: {} + # ``` + + additionalVolumeMounts: [] + # coordinator.additionalVolumeMounts -- One or more additional volume mounts to add to the coordinator. + # @raw + # Example: + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + + annotations: {} + + labels: {} + + configMounts: [] + # coordinator.configMounts -- Allows mounting additional Trino configuration + # files from Kubernetes config maps on the coordinator node. + # @raw + # Example: + # ```yaml + # - name: sample-config-mount + # configMap: sample-config-mount + # path: /config-mount/sample.json + # ``` + + secretMounts: [] + # coordinator.secretMounts -- Allows mounting additional Trino configuration + # files from Kubernetes secrets on the coordinator node. + # @raw + # Example: + # ```yaml + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + # ``` + +worker: + deployment: + progressDeadlineSeconds: 600 + # worker.deployment.progressDeadlineSeconds -- The maximum time in seconds for a deployment to make progress before it + # is considered failed. The deployment controller continues to + # process failed deployments and a condition with a ProgressDeadlineExceeded + # reason is surfaced in the deployment status. + + revisionHistoryLimit: 10 + # worker.deployment.revisionHistoryLimit -- The number of old ReplicaSets to retain to allow rollback. + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + # worker.deployment.strategy -- The deployment strategy to use to replace existing pods with new ones. + + jvm: + maxHeapSize: "8G" + gcMethod: + type: "UseG1GC" + g1: + heapRegionSize: "32M" + + config: + memory: + heapHeadroomPerNode: "" + query: + maxMemoryPerNode: "1GB" + + additionalJVMConfig: [] + + additionalExposedPorts: {} + # worker.additionalExposedPorts -- Additional container ports configured in all worker pods. + # @raw + # Example: + # ```yaml + # https: + # servicePort: 8443 + # name: https + # port: 8443 + # protocol: TCP + # ``` + + resources: {} + # worker.resources -- It is recommended not to specify default resources and + # to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + + livenessProbe: {} + # worker.livenessProbe -- [Liveness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + readinessProbe: {} + # worker.readinessProbe -- [Readiness + # probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + # @raw + # Example: + # ```yaml + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + # ``` + + lifecycle: {} + # worker.lifecycle -- Worker container [lifecycle + # events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) + # + # Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`. + # + # @raw + # Example: + # ```yaml + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 120"] + # ``` + + gracefulShutdown: + enabled: false + gracePeriodSeconds: 120 + # worker.gracefulShutdown -- Configure [graceful + # shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate + # without affecting running queries, given a sufficient grace period. When enabled, the value of + # `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. + # Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration + # needs to be used, graceful shutdown must be configured manually. + # + # @raw + # Example: + # ```yaml + # gracefulShutdown: + # enabled: true + # gracePeriodSeconds: 120 + # ``` + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + # worker.additionalConfigFiles -- Additional config files placed in the default configuration directory. + # Supports templating the files' contents with `tpl`. + # @raw + # Example: + # ```yaml + # secret.txt: | + # secret-value={{- .Values.someValue }} + # ``` + + additionalVolumes: [] + # worker.additionalVolumes -- One or more additional volume mounts to add to all workers. + # @raw + # Example: + # ```yaml + # - name: extras + # emptyDir: {} + # ``` + + additionalVolumeMounts: [] + # worker.additionalVolumeMounts -- One or more additional volume mounts to add to all workers. + # @raw + # Example: + # ```yaml + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + # ``` + + annotations: {} + + labels: {} + + configMounts: [] + # worker.configMounts -- Allows mounting additional Trino configuration + # files from Kubernetes config maps on all worker nodes. + # @raw + # Example: + # ```yaml + # - name: sample-config-mount + # configMap: sample-config-mount + # path: /config-mount/sample.json + # ``` + + secretMounts: [] + # worker.secretMounts -- Allows mounting additional Trino configuration + # files from Kubernetes secrets on all worker nodes. + # @raw + # Example: + # ```yaml + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + # ``` + +kafka: + mountPath: "/etc/trino/schemas" + tableDescriptions: {} + # kafka.tableDescriptions -- Custom kafka table descriptions that will be mounted in mountPath. + # @raw + # Example: + # ```yaml + # testschema.json: |- + # { + # "tableName": "testtable", + # "schemaName": "testschema", + # "topicName": "testtopic", + # "key": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "_key", + # "dataFormat": "VARCHAR", + # "type": "VARCHAR", + # "hidden": "false" + # } + # ] + # }, + # "message": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "id", + # "mapping": "id", + # "type": "BIGINT" + # }, + # { + # "name": "test_field", + # "mapping": "test_field", + # "type": "VARCHAR" + # } + # ] + # } + # } + # ``` + +jmx: + # -- Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html). + enabled: false + registryPort: 9080 + serverPort: 9081 + exporter: + # jmx.exporter.enabled -- Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption + enabled: false + image: bitnami/jmx-exporter:latest + pullPolicy: Always + port: 5556 + configProperties: "" + # jmx.exporter.configProperties -- The string value is templated using `tpl`. The JMX config properties file + # is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`. + # @raw + # Example: + # ```yaml + # configProperties: |- + # hostPort: localhost:{{- .Values.jmx.registryPort }} + # startDelaySeconds: 0 + # ssl: false + # lowercaseOutputName: false + # lowercaseOutputLabelNames: false + # includeObjectNames: ["java.lang:type=Threading"] + # autoExcludeObjectNameAttributes: true + # excludeObjectNameAttributes: + # "java.lang:type=OperatingSystem": + # - "ObjectName" + # "java.lang:type=Runtime": + # - "ClassPath" + # - "SystemProperties" + # rules: + # - pattern: 'java\.lang<(.*)>ThreadCount: (.*)' + # name: java_lang_Threading_ThreadCount + # value: '$2' + # help: 'ThreadCount (java.lang<>ThreadCount)' + # type: UNTYPED + # ``` + securityContext: {} + resources: {} + # jmx.exporter.resources -- It is recommended not to specify default resources + # and to leave this as a conscious choice for the user. This also increases + # chances charts run on environments with little resources, such as Minikube. + # If you do want to specify resources, use the following example, and adjust + # it as necessary. + # @raw + # Example: + # ```yaml + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # ``` + coordinator: {} + # jmx.coordinator -- Override JMX configurations for the Trino coordinator. + # @raw + # Example + # ```yaml + # coordinator: + # enabled: true + # exporter: + # enable: true + # configProperties: |- + # hostPort: localhost:{{- .Values.jmx.registryPort }} + # startDelaySeconds: 0 + # ssl: false + # ``` + worker: {} + # jmx.worker -- Override JMX configurations for the Trino workers. + # @raw + # Example + # ```yaml + # worker: + # enabled: true + # exporter: + # enable: true + # ``` + +serviceMonitor: + # serviceMonitor.enabled -- Set to true to create resources for the + # [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). + enabled: false + # serviceMonitor.labels -- Labels for serviceMonitor, so that Prometheus can select it + labels: + prometheus: kube-prometheus + # serviceMonitor.interval -- The serviceMonitor web endpoint interval + interval: "30s" + coordinator: {} + # serviceMonitor.coordinator -- Override ServiceMonitor configurations for the Trino coordinator. + # @raw + # Example + # ```yaml + # coordinator: + # enabled: true + # labels: + # prometheus: my-prometheus + # ``` + worker: {} + # serviceMonitor.worker -- Override ServiceMonitor configurations for the Trino workers. + # @raw + # Example + # ```yaml + # worker: + # enabled: true + # labels: + # prometheus: my-prometheus + # ``` + +# -- Labels that get applied to every resource's metadata +commonLabels: {} + +ingress: + enabled: false + className: "" + annotations: {} + hosts: [] + # ingress.hosts -- [Ingress + # rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules). + # @raw + # Example: + # ```yaml + # - host: trino.example.com + # paths: + # - path: / + # pathType: ImplementationSpecific + # ``` + tls: [] + # ingress.tls -- Ingress + # [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) + # configuration. + # @raw + # Example: + # ```yaml + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # ``` + +networkPolicy: + # networkPolicy.enabled -- Set to true to enable Trino pod protection with a + # [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). + # By default, the NetworkPolicy will only allow Trino pods to communicate with each other. + # @raw + # > [!NOTE] + # > - NetworkPolicies cannot block the ingress traffic coming directly + # > from the Kubernetes node on which the Pod is running, + # > and are thus incompatible with services of type `NodePort`. + # > - When using NetworkPolicies together with JMX metrics export, + # > additional ingress rules might be required to allow metric scraping. + enabled: false + # networkPolicy.ingress -- Additional ingress rules to apply to the Trino pods. + # @raw + # Example: + # ```yaml + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: prometheus + # - podSelector: + # matchLabels: + # role: backend-app + # ports: + # - protocol: TCP + # port: 8080 + # - protocol: TCP + # port: 5556 + # ``` + ingress: [] + # networkPolicy.egress -- Egress rules to apply to the Trino pods. + # @raw + # Example: + # ```yaml + # - to: + # - podSelector: + # matchLabels: + # role: log-ingestor + # ports: + # - protocol: TCP + # port: 9999 + # ``` + egress: [] diff --git a/trino/base/charts/values/values.yaml b/trino/base/charts/values/values.yaml new file mode 100644 index 0000000..3e56d49 --- /dev/null +++ b/trino/base/charts/values/values.yaml @@ -0,0 +1,10 @@ +image: + tag: "461" +server: + workers: 3 +coordinator: + jvm: + maxHeapSize: "8G" +worker: + jvm: + maxHeapSize: "8G" diff --git a/trino/overlays/test/kustomization.yaml b/trino/overlays/test/kustomization.yaml new file mode 100644 index 0000000..92301c5 --- /dev/null +++ b/trino/overlays/test/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base/ +