streams/streams-manifests
4
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add trino

Browse source
This commit is contained in:
Micke Nordin 2024-10-17 13:29:50 +02:00
parent 42a4400e14
commit 01c82b19c4
Signed by: Micke
GPG key ID: 0DA0A7A5708FE257
30 changed files with 3529 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
trino/base/charts/kustomization.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
- includeCRDs: true
name: all
namespace: trino
releaseName: trino
valuesFile: ./values/values.yaml
version: 0.32.0
helmGlobals:
chartHome: ./charts/

14
trino/base/charts/trino/Chart.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v2
appVersion: "461"
description: Fast distributed SQL query engine for big data analytics that helps you
explore your data universe
home: https://trino.io/
icon: https://trino.io/assets/trino.png
maintainers:
- name: Trino community
name: trino
sources:
- https://github.com/trinodb/charts
- https://github.com/trinodb/trino/tree/master/core/docker
type: application
version: 0.32.0

862
trino/base/charts/trino/README.md Normal file
View file

@ -0,0 +1,862 @@
# trino
![Version: 0.32.0](https://img.shields.io/badge/Version-0.32.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 461](https://img.shields.io/badge/AppVersion-461-informational?style=flat-square)
Fast distributed SQL query engine for big data analytics that helps you explore your data universe
**Homepage:** <https://trino.io/>
## Source Code
* <https://github.com/trinodb/charts>
* <https://github.com/trinodb/trino/tree/master/core/docker>
## Values
* `nameOverride` - string, default: `nil`
Override resource names to avoid name conflicts when deploying multiple releases in the same namespace.
Example:
```yaml
coordinatorNameOverride: trino-coordinator-adhoc
workerNameOverride: trino-worker-adhoc
nameOverride: trino-adhoc
```
* `coordinatorNameOverride` - string, default: `nil`
* `workerNameOverride` - string, default: `nil`
* `image.registry` - string, default: `""`
Image registry, defaults to empty, which results in DockerHub usage
* `image.repository` - string, default: `"trinodb/trino"`
Repository location of the Trino image, typically `organization/imagename`
* `image.tag` - string, default: `""`
Image tag, defaults to the Trino release version specified as `appVersion` from Chart.yaml
* `image.digest` - string, default: `""`
Optional digest value of the image specified as `sha256:abcd...`. A specified value overrides `tag`.
* `image.useRepositoryAsSoleImageReference` - bool, default: `false`
When true, only the content in `repository` is used as image reference
* `image.pullPolicy` - string, default: `"IfNotPresent"`
* `imagePullSecrets` - list, default: `[]`
An optional list of references to secrets in the same namespace to use for pulling images.
Example:
```yaml
imagePullSecrets:
- name: registry-credentials
```
* `server.workers` - int, default: `2`
* `server.node.environment` - string, default: `"production"`
* `server.node.dataDir` - string, default: `"/data/trino"`
* `server.node.pluginDir` - string, default: `"/usr/lib/trino/plugin"`
* `server.log.trino.level` - string, default: `"INFO"`
* `server.config.path` - string, default: `"/etc/trino"`
* `server.config.https.enabled` - bool, default: `false`
* `server.config.https.port` - int, default: `8443`
* `server.config.https.keystore.path` - string, default: `""`
* `server.config.authenticationType` - string, default: `""`
Trino supports multiple [authentication types](https://trino.io/docs/current/security/authentication-types.html): PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS.
* `server.config.query.maxMemory` - string, default: `"4GB"`
* `server.exchangeManager` - object, default: `{}`
Mandatory [exchange manager configuration](https://trino.io/docs/current/admin/fault-tolerant-execution.html#id1). Used to set the name and location(s) of the spooling storage destination. To enable fault-tolerant execution, set the `retry-policy` property in `additionalConfigProperties`. Additional exchange manager configurations can be added to `additionalExchangeManagerProperties`.
Example:
```yaml
server:
exchangeManager:
name: "filesystem"
baseDir: "/tmp/trino-local-file-system-exchange-manager"
additionalConfigProperties:
- retry-policy=TASK
additionalExchangeManagerProperties:
- exchange.sink-buffer-pool-min-size=10
- exchange.sink-buffers-per-partition=2
- exchange.source-concurrent-readers=4
```
* `server.workerExtraConfig` - string, default: `""`
* `server.coordinatorExtraConfig` - string, default: `""`
* `server.autoscaling.enabled` - bool, default: `false`
* `server.autoscaling.maxReplicas` - int, default: `5`
* `server.autoscaling.targetCPUUtilizationPercentage` - int, default: `50`
Target average CPU utilization, represented as a percentage of requested CPU. To disable scaling based on CPU, set to an empty string.
* `server.autoscaling.targetMemoryUtilizationPercentage` - int, default: `80`
Target average memory utilization, represented as a percentage of requested memory. To disable scaling based on memory, set to an empty string.
* `server.autoscaling.behavior` - object, default: `{}`
Configuration for scaling up and down.
Example:
```yaml
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 100
periodSeconds: 15
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15
- type: Pods
value: 4
periodSeconds: 15
selectPolicy: Max
```
* `accessControl` - object, default: `{}`
[System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration.
Set the type property to either:
* `configmap`, and provide the rule file contents in `rules`,
* `properties`, and provide configuration properties in `properties`.
Properties example:
```yaml
type: properties
properties: |
access-control.name=custom-access-control
access-control.custom_key=custom_value
```
Config map example:
```yaml
type: configmap
refreshPeriod: 60s
# Rules file is mounted to /etc/trino/access-control
configFile: "rules.json"
rules:
rules.json: |-
{
"catalogs": [
{
"user": "admin",
"catalog": "(mysql|system)",
"allow": "all"
},
{
"group": "finance|human_resources",
"catalog": "postgres",
"allow": true
},
{
"catalog": "hive",
"allow": "all"
},
{
"user": "alice",
"catalog": "postgresql",
"allow": "read-only"
},
{
"catalog": "system",
"allow": "none"
}
],
"schemas": [
{
"user": "admin",
"schema": ".*",
"owner": true
},
{
"user": "guest",
"owner": false
},
{
"catalog": "default",
"schema": "default",
"owner": true
}
]
}
```
* `resourceGroups` - object, default: `{}`
Resource groups file is mounted to /etc/trino/resource-groups/resource-groups.json
Example:
```yaml
resourceGroupsConfig: |-
{
"rootGroups": [
{
"name": "global",
"softMemoryLimit": "80%",
"hardConcurrencyLimit": 100,
"maxQueued": 100,
"schedulingPolicy": "fair",
"jmxExport": true,
"subGroups": [
{
"name": "admin",
"softMemoryLimit": "30%",
"hardConcurrencyLimit": 20,
"maxQueued": 10
},
{
"name": "finance_human_resources",
"softMemoryLimit": "20%",
"hardConcurrencyLimit": 15,
"maxQueued": 10
},
{
"name": "general",
"softMemoryLimit": "30%",
"hardConcurrencyLimit": 20,
"maxQueued": 10
},
{
"name": "readonly",
"softMemoryLimit": "10%",
"hardConcurrencyLimit": 5,
"maxQueued": 5
}
]
}
],
"selectors": [
{
"user": "admin",
"group": "global.admin"
},
{
"group": "finance|human_resources",
"group": "global.finance_human_resources"
},
{
"user": "alice",
"group": "global.readonly"
},
{
"group": "global.general"
}
]
}
```
* `additionalNodeProperties` - list, default: `[]`
[Additional node properties](https://trino.io/docs/current/installation/deployment.html#log-levels).
Example, assuming the NODE_ID environment variable has been set:
```yaml
- node.id=${NODE_ID}
```
* `additionalConfigProperties` - list, default: `[]`
[Additional config properties](https://trino.io/docs/current/admin/properties.html).
Example:
```yaml
- internal-communication.shared-secret=random-value-999
- http-server.process-forwarded=true
```
* `additionalLogProperties` - list, default: `[]`
[Additional log properties](https://trino.io/docs/current/installation/deployment.html#log-levels).
Example:
```yaml
- io.airlift=DEBUG
```
* `additionalExchangeManagerProperties` - list, default: `[]`
[Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager).
Example:
```yaml
- exchange.s3.region=object-store-region
- exchange.s3.endpoint=your-object-store-endpoint
- exchange.s3.aws-access-key=your-access-key
- exchange.s3.aws-secret-key=your-secret-key
```
* `eventListenerProperties` - list, default: `[]`
[Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations.
Example:
```yaml
- event-listener.name=custom-event-listener
- custom-property1=custom-value1
- custom-property2=custom-value2
```
* `catalogs` - object, default: `{"tpcds":"connector.name=tpcds\ntpcds.splits-per-node=4\n","tpch":"connector.name=tpch\ntpch.splits-per-node=4\n"}`
Configure [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties).
Example:
```yaml
objectstore: |
connector.name=iceberg
iceberg.catalog.type=glue
jmx: |
connector.name=memory
memory: |
connector.name=memory
memory.max-data-per-node=128MB
```
* `additionalCatalogs` - object, default: `{}`
Deprecated, use `catalogs` instead. Configure additional [catalogs](https://trino.io/docs/current/installation/deployment.html#catalog-properties).
* `env` - list, default: `[]`
additional environment variables added to every pod, specified as a list with explicit values
Example:
```yaml
- name: NAME
value: "value"
```
* `envFrom` - list, default: `[]`
additional environment variables added to every pod, specified as a list of either `ConfigMap` or `Secret` references
Example:
```yaml
- secretRef:
name: extra-secret
```
* `initContainers` - object, default: `{}`
Additional [containers that run to completion](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) during pod initialization.
Example:
```yaml
coordinator:
- name: init-coordinator
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
worker:
- name: init-worker
image: busybox:1.28
command: ['sh', '-c', 'echo The worker is running! && sleep 3600']
```
* `sidecarContainers` - object, default: `{}`
Additional [containers that starts before](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) the Trino container and continues to run.
Example:
```yaml
coordinator:
- name: side-coordinator
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sleep', '1']
worker:
- name: side-worker
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: ['sleep', '1']
```
* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}`
[Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`).
* `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}`
[Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration.
* `containerSecurityContext.allowPrivilegeEscalation` - bool, default: `false`
Control whether a process can gain more privileges than its parent process.
* `containerSecurityContext.capabilities.drop` - list, default: `["ALL"]`
A list of the Linux kernel capabilities that are dropped from every container. Valid values are listed in [the capabilities manual page](https://man7.org/linux/man-pages/man7/capabilities.7.html). Ensure # to remove the "CAP_" prefix which the kernel attaches to the names of permissions.
* `shareProcessNamespace.coordinator` - bool, default: `false`
* `shareProcessNamespace.worker` - bool, default: `false`
* `service.annotations` - object, default: `{}`
* `service.type` - string, default: `"ClusterIP"`
* `service.port` - int, default: `8080`
* `service.nodePort` - string, default: `""`
The port the service listens on the host, for the `NodePort` type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port).
* `auth` - object, default: `{}`
Available authentication methods.
Use username and password provided as a [password file](https://trino.io/docs/current/security/password-file.html#file-format):
```yaml
passwordAuth: "username:encrypted-password-with-htpasswd"
```
Set the name of a secret containing this file in the password.db key
```yaml
passwordAuthSecret: "trino-password-authentication"
```
Additionally, set [users' groups](https://trino.io/docs/current/security/group-file.html#file-format):
```yaml
refreshPeriod: 5s
groups: "group_name:user_1,user_2,user_3"
```
* `serviceAccount.create` - bool, default: `false`
Specifies whether a service account should be created
* `serviceAccount.name` - string, default: `""`
The name of the service account to use. If not set and create is true, a name is generated using the fullname template
* `serviceAccount.annotations` - object, default: `{}`
Annotations to add to the service account
* `configMounts` - list, default: `[]`
Allows mounting additional Trino configuration files from Kubernetes config maps on all nodes.
Example:
```yaml
- name: sample-config-mount
configMap: sample-config-map
path: /config-map/sample.json
```
* `secretMounts` - list, default: `[]`
Allows mounting additional Trino configuration files from Kubernetes secrets on all nodes.
Example:
```yaml
- name: sample-secret
secretName: sample-secret
path: /secrets/sample.json
```
* `coordinator.deployment.progressDeadlineSeconds` - int, default: `600`
The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status.
* `coordinator.deployment.revisionHistoryLimit` - int, default: `10`
The number of old ReplicaSets to retain to allow rollback.
* `coordinator.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}`
The deployment strategy to use to replace existing pods with new ones.
* `coordinator.jvm.maxHeapSize` - string, default: `"8G"`
* `coordinator.jvm.gcMethod.type` - string, default: `"UseG1GC"`
* `coordinator.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"`
* `coordinator.config.memory.heapHeadroomPerNode` - string, default: `""`
* `coordinator.config.query.maxMemoryPerNode` - string, default: `"1GB"`
* `coordinator.additionalJVMConfig` - list, default: `[]`
* `coordinator.additionalExposedPorts` - object, default: `{}`
Additional ports configured in the coordinator container and the service.
Example:
```yaml
https:
servicePort: 8443
name: https
port: 8443
protocol: TCP
```
* `coordinator.resources` - object, default: `{}`
It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary.
Example:
```yaml
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
```
* `coordinator.livenessProbe` - object, default: `{}`
[Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) options
Example:
```yaml
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
```
* `coordinator.readinessProbe` - object, default: `{}`
[Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
Example:
```yaml
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
```
* `coordinator.lifecycle` - object, default: `{}`
Coordinator container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/)
Example:
```yaml
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 120"]
```
* `coordinator.terminationGracePeriodSeconds` - int, default: `30`
* `coordinator.nodeSelector` - object, default: `{}`
* `coordinator.tolerations` - list, default: `[]`
* `coordinator.affinity` - object, default: `{}`
* `coordinator.additionalConfigFiles` - object, default: `{}`
Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`.
Example:
```yaml
secret.txt: |
secret-value={{- .Values.someValue }}
```
* `coordinator.additionalVolumes` - list, default: `[]`
One or more additional volumes to add to the coordinator.
Example:
```yaml
- name: extras
emptyDir: {}
```
* `coordinator.additionalVolumeMounts` - list, default: `[]`
One or more additional volume mounts to add to the coordinator.
Example:
- name: extras
mountPath: /usr/share/extras
readOnly: true
* `coordinator.annotations` - object, default: `{}`
* `coordinator.labels` - object, default: `{}`
* `coordinator.configMounts` - list, default: `[]`
Allows mounting additional Trino configuration files from Kubernetes config maps on the coordinator node.
Example:
```yaml
- name: sample-config-mount
configMap: sample-config-mount
path: /config-mount/sample.json
```
* `coordinator.secretMounts` - list, default: `[]`
Allows mounting additional Trino configuration files from Kubernetes secrets on the coordinator node.
Example:
```yaml
- name: sample-secret
secretName: sample-secret
path: /secrets/sample.json
```
* `worker.deployment.progressDeadlineSeconds` - int, default: `600`
The maximum time in seconds for a deployment to make progress before it is considered failed. The deployment controller continues to process failed deployments and a condition with a ProgressDeadlineExceeded reason is surfaced in the deployment status.
* `worker.deployment.revisionHistoryLimit` - int, default: `10`
The number of old ReplicaSets to retain to allow rollback.
* `worker.deployment.strategy` - object, default: `{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"}`
The deployment strategy to use to replace existing pods with new ones.
* `worker.jvm.maxHeapSize` - string, default: `"8G"`
* `worker.jvm.gcMethod.type` - string, default: `"UseG1GC"`
* `worker.jvm.gcMethod.g1.heapRegionSize` - string, default: `"32M"`
* `worker.config.memory.heapHeadroomPerNode` - string, default: `""`
* `worker.config.query.maxMemoryPerNode` - string, default: `"1GB"`
* `worker.additionalJVMConfig` - list, default: `[]`
* `worker.additionalExposedPorts` - object, default: `{}`
Additional container ports configured in all worker pods.
Example:
```yaml
https:
servicePort: 8443
name: https
port: 8443
protocol: TCP
```
* `worker.resources` - object, default: `{}`
It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary.
Example:
```yaml
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
```
* `worker.livenessProbe` - object, default: `{}`
[Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
Example:
```yaml
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
```
* `worker.readinessProbe` - object, default: `{}`
[Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
Example:
```yaml
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
```
* `worker.lifecycle` - object, default: `{}`
Worker container [lifecycle events](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) Setting `worker.lifecycle` conflicts with `worker.gracefulShutdown`.
Example:
```yaml
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 120"]
```
* `worker.gracefulShutdown` - object, default: `{"enabled":false,"gracePeriodSeconds":120}`
Configure [graceful shutdown](https://trino.io/docs/current/admin/graceful-shutdown.html) in order to ensure that workers terminate without affecting running queries, given a sufficient grace period. When enabled, the value of `worker.terminationGracePeriodSeconds` must be at least two times greater than the configured `gracePeriodSeconds`. Enabling `worker.gracefulShutdown` conflicts with `worker.lifecycle`. When a custom `worker.lifecycle` configuration needs to be used, graceful shutdown must be configured manually.
Example:
```yaml
gracefulShutdown:
enabled: true
gracePeriodSeconds: 120
```
* `worker.terminationGracePeriodSeconds` - int, default: `30`
* `worker.nodeSelector` - object, default: `{}`
* `worker.tolerations` - list, default: `[]`
* `worker.affinity` - object, default: `{}`
* `worker.additionalConfigFiles` - object, default: `{}`
Additional config files placed in the default configuration directory. Supports templating the files' contents with `tpl`.
Example:
```yaml
secret.txt: |
secret-value={{- .Values.someValue }}
```
* `worker.additionalVolumes` - list, default: `[]`
One or more additional volume mounts to add to all workers.
Example:
```yaml
- name: extras
emptyDir: {}
```
* `worker.additionalVolumeMounts` - list, default: `[]`
One or more additional volume mounts to add to all workers.
Example:
```yaml
- name: extras
mountPath: /usr/share/extras
readOnly: true
```
* `worker.annotations` - object, default: `{}`
* `worker.labels` - object, default: `{}`
* `worker.configMounts` - list, default: `[]`
Allows mounting additional Trino configuration files from Kubernetes config maps on all worker nodes.
Example:
```yaml
- name: sample-config-mount
configMap: sample-config-mount
path: /config-mount/sample.json
```
* `worker.secretMounts` - list, default: `[]`
Allows mounting additional Trino configuration files from Kubernetes secrets on all worker nodes.
Example:
```yaml
- name: sample-secret
secretName: sample-secret
path: /secrets/sample.json
```
* `kafka.mountPath` - string, default: `"/etc/trino/schemas"`
* `kafka.tableDescriptions` - object, default: `{}`
Custom kafka table descriptions that will be mounted in mountPath.
Example:
```yaml
testschema.json: |-
{
"tableName": "testtable",
"schemaName": "testschema",
"topicName": "testtopic",
"key": {
"dataFormat": "json",
"fields": [
{
"name": "_key",
"dataFormat": "VARCHAR",
"type": "VARCHAR",
"hidden": "false"
}
]
},
"message": {
"dataFormat": "json",
"fields": [
{
"name": "id",
"mapping": "id",
"type": "BIGINT"
},
{
"name": "test_field",
"mapping": "test_field",
"type": "VARCHAR"
}
]
}
}
```
* `jmx.enabled` - bool, default: `false`
Set to true to enable the RMI server to expose Trino's [JMX metrics](https://trino.io/docs/current/admin/jmx.html).
* `jmx.registryPort` - int, default: `9080`
* `jmx.serverPort` - int, default: `9081`
* `jmx.exporter.enabled` - bool, default: `false`
Set to true to export JMX Metrics via HTTP for [Prometheus](https://github.com/prometheus/jmx_exporter) consumption
* `jmx.exporter.image` - string, default: `"bitnami/jmx-exporter:latest"`
* `jmx.exporter.pullPolicy` - string, default: `"Always"`
* `jmx.exporter.port` - int, default: `5556`
* `jmx.exporter.configProperties` - string, default: `""`
The string value is templated using `tpl`. The JMX config properties file is mounted to `/etc/jmx-exporter/jmx-exporter-config.yaml`.
Example:
```yaml
configProperties: |-
hostPort: localhost:{{- .Values.jmx.registryPort }}
startDelaySeconds: 0
ssl: false
lowercaseOutputName: false
lowercaseOutputLabelNames: false
includeObjectNames: ["java.lang:type=Threading"]
autoExcludeObjectNameAttributes: true
excludeObjectNameAttributes:
"java.lang:type=OperatingSystem":
- "ObjectName"
"java.lang:type=Runtime":
- "ClassPath"
- "SystemProperties"
rules:
- pattern: 'java\.lang<type=Threading><(.*)>ThreadCount: (.*)'
name: java_lang_Threading_ThreadCount
value: '$2'
help: 'ThreadCount (java.lang<type=Threading><>ThreadCount)'
type: UNTYPED
```
* `jmx.exporter.securityContext` - object, default: `{}`
* `jmx.exporter.resources` - object, default: `{}`
It is recommended not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, use the following example, and adjust it as necessary.
Example:
```yaml
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
```
* `jmx.coordinator` - object, default: `{}`
Override JMX configurations for the Trino coordinator.
Example
```yaml
coordinator:
enabled: true
exporter:
enable: true
configProperties: |-
hostPort: localhost:{{- .Values.jmx.registryPort }}
startDelaySeconds: 0
ssl: false
```
* `jmx.worker` - object, default: `{}`
Override JMX configurations for the Trino workers.
Example
```yaml
worker:
enabled: true
exporter:
enable: true
```
* `serviceMonitor.enabled` - bool, default: `false`
Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator).
* `serviceMonitor.labels` - object, default: `{"prometheus":"kube-prometheus"}`
Labels for serviceMonitor, so that Prometheus can select it
* `serviceMonitor.interval` - string, default: `"30s"`
The serviceMonitor web endpoint interval
* `serviceMonitor.coordinator` - object, default: `{}`
Override ServiceMonitor configurations for the Trino coordinator.
Example
```yaml
coordinator:
enabled: true
labels:
prometheus: my-prometheus
```
* `serviceMonitor.worker` - object, default: `{}`
Override ServiceMonitor configurations for the Trino workers.
Example
```yaml
worker:
enabled: true
labels:
prometheus: my-prometheus
```
* `commonLabels` - object, default: `{}`
Labels that get applied to every resource's metadata
* `ingress.enabled` - bool, default: `false`
* `ingress.className` - string, default: `""`
* `ingress.annotations` - object, default: `{}`
* `ingress.hosts` - list, default: `[]`
[Ingress rules](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules).
Example:
```yaml
- host: trino.example.com
paths:
- path: /
pathType: ImplementationSpecific
```
* `ingress.tls` - list, default: `[]`
Ingress [TLS](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) configuration.
Example:
```yaml
- secretName: chart-example-tls
hosts:
- chart-example.local
```
* `networkPolicy.enabled` - bool, default: `false`
Set to true to enable Trino pod protection with a [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). By default, the NetworkPolicy will only allow Trino pods to communicate with each other.
> [!NOTE]
> - NetworkPolicies cannot block the ingress traffic coming directly
> from the Kubernetes node on which the Pod is running,
> and are thus incompatible with services of type `NodePort`.
> - When using NetworkPolicies together with JMX metrics export,
> additional ingress rules might be required to allow metric scraping.
* `networkPolicy.ingress` - list, default: `[]`
Additional ingress rules to apply to the Trino pods.
Example:
```yaml
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: prometheus
- podSelector:
matchLabels:
role: backend-app
ports:
- protocol: TCP
port: 8080
- protocol: TCP
port: 5556
```
* `networkPolicy.egress` - list, default: `[]`
Egress rules to apply to the Trino pods.
Example:
```yaml
- to:
- podSelector:
matchLabels:
role: log-ingestor
ports:
- protocol: TCP
port: 9999
```
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

25
trino/base/charts/trino/README.md.gotmpl Normal file
View file

@ -0,0 +1,25 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesHeader" . }}
{{- range .Values }}
* `{{ .Key }}` - {{ .Type }}, default: {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}{{ if or .Description .AutoDescription }} {{ end }}
{{- if .Description }}
{{ .Description | nindent 2 }}
{{- else if .AutoDescription }}
{{ .AutoDescription | nindent 2 }}
{{- end }}
{{- end }}
{{ template "helm-docs.versionFooter" . }}

10
trino/base/charts/trino/templates/NOTES.txt Normal file
View file

@ -0,0 +1,10 @@
Get the application URL by running these commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "trino.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} --selector "app.kubernetes.io/name={{ template "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=coordinator" --output name)
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:8080
{{- end }}

141
trino/base/charts/trino/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,141 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "trino.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "trino.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if hasPrefix .Release.Name $name }}
{{- $name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "trino.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "trino.coordinator" -}}
{{- if .Values.coordinatorNameOverride }}
{{- .Values.coordinatorNameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if hasPrefix .Release.Name $name }}
{{- printf "%s-%s" $name "coordinator" | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s-%s" .Release.Name $name "coordinator" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "trino.worker" -}}
{{- if .Values.workerNameOverride }}
{{- .Values.workerNameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if hasPrefix .Release.Name $name }}
{{- printf "%s-%s" $name "worker" | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s-%s" .Release.Name $name "worker" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "trino.catalog" -}}
{{ template "trino.fullname" . }}-catalog
{{- end -}}
{{/*
Common labels
*/}}
{{- define "trino.labels" -}}
helm.sh/chart: {{ include "trino.chart" . }}
{{ include "trino.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.commonLabels }}
{{ tpl (toYaml .Values.commonLabels) . }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "trino.selectorLabels" -}}
app.kubernetes.io/name: {{ include "trino.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "trino.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "trino.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Return the proper image name
{{ include "trino.image" . }}
Code is inspired from bitnami/common
*/}}
{{- define "trino.image" -}}
{{- $repositoryName := .Values.image.repository -}}
{{- if .Values.image.useRepositoryAsSoleImageReference -}}
{{- printf "%s" $repositoryName -}}
{{- else -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $registryName := .Values.image.registry -}}
{{- $separator := ":" -}}
{{- $termination := (default .Chart.AppVersion .Values.image.tag) | toString -}}
{{- if .Values.image.digest }}
{{- $separator = "@" -}}
{{- $termination = .Values.image.digest | toString -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- else -}}
{{- printf "%s%s%s" $repositoryName $separator $termination -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the file auth secret to use
*/}}
{{- define "trino.fileAuthSecretName" -}}
{{- if and .Values.auth .Values.auth.passwordAuthSecret }}
{{- .Values.auth.passwordAuthSecret | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if hasPrefix .Release.Name $name }}
{{- printf "%s-%s" $name "file-authentication" | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s-%s" .Release.Name $name "file-authentication" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

37
trino/base/charts/trino/templates/autoscaler.yaml Normal file
View file

@ -0,0 +1,37 @@
{{- if .Values.server.autoscaling.enabled -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "trino.worker" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
spec:
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
minReplicas: {{ .Values.server.workers }}
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "trino.worker" . }}
metrics:
{{- if .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.server.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.server.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{ if .Values.server.autoscaling.behavior -}}
behavior:
{{- toYaml .Values.server.autoscaling.behavior | nindent 4 }}
{{- end }}
{{- end }}

14
trino/base/charts/trino/templates/configmap-access-control-coordinator.yaml Normal file
View file

@ -0,0 +1,14 @@
{{- if eq .Values.accessControl.type "configmap" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: coordinator
data:
{{- range $key, $val := .Values.accessControl.rules }}
{{ $key }}: {{ $val | quote }}
{{- end }}
{{- end }}

22
trino/base/charts/trino/templates/configmap-access-control-worker.yaml Normal file
View file

@ -0,0 +1,22 @@
{{- if .Values.worker.gracefulShutdown.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-access-control-volume-worker
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: worker
data:
graceful-shutdown-rules.json: >-
{
"system_information": [
{
"allow": [
"write"
],
"user": "admin"
}
]
}
{{- end }}

16
trino/base/charts/trino/templates/configmap-catalog.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if or .Values.catalogs .Values.additionalCatalogs }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.catalog" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: catalogs
data:
{{- $merged := merge .Values.catalogs .Values.additionalCatalogs }}
{{- range $catalogName, $catalogProperties := $merged }}
{{ $catalogName }}.properties: |
{{- $catalogProperties | nindent 4 }}
{{- end }}
{{- end }}

180
trino/base/charts/trino/templates/configmap-coordinator.yaml Normal file
View file

@ -0,0 +1,180 @@
{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.coordinator" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: coordinator
data:
node.properties: |
node.environment={{ .Values.server.node.environment }}
node.data-dir={{ .Values.server.node.dataDir }}
plugin.dir={{ .Values.server.node.pluginDir }}
{{- range $configValue := .Values.additionalNodeProperties }}
{{ $configValue }}
{{- end }}
jvm.config: |
-server
-agentpath:/usr/lib/trino/bin/libjvmkill.so
-Xmx{{ .Values.coordinator.jvm.maxHeapSize }}
-XX:+{{ .Values.coordinator.jvm.gcMethod.type }}
-XX:G1HeapRegionSize={{ .Values.coordinator.jvm.gcMethod.g1.heapRegionSize }}
-XX:+ExplicitGCInvokesConcurrent
-XX:+HeapDumpOnOutOfMemoryError
-XX:+ExitOnOutOfMemoryError
-XX:-OmitStackTraceInFastThrow
-XX:ReservedCodeCacheSize=512M
-XX:PerMethodRecompilationCutoff=10000
-XX:PerBytecodeRecompilationCutoff=10000
-Djdk.attach.allowAttachSelf=true
-Djdk.nio.maxCachedBufferSize=2000000
# Allow loading dynamic agent used by JOL
-XX:+EnableDynamicAgentLoading
{{/* only check the version number if the image is not overriden in any way */}}
{{- with .Values.image -}}
{{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }}
# https://bugs.openjdk.org/browse/JDK-8329528
-XX:+UnlockDiagnosticVMOptions
-XX:G1NumCollectionsKeepPinned=10000000
{{- end }}{{/* if */}}
{{- end }}{{/* with */}}
{{- range $configValue := .Values.coordinator.additionalJVMConfig }}
{{ $configValue }}
{{- end }}
{{- if $coordinatorJmx.enabled }}
-Dcom.sun.management.jmxremote.rmi.port={{- $coordinatorJmx.serverPort }}
{{- end }}
config.properties: |
coordinator=true
{{- if gt (int .Values.server.workers) 0 }}
node-scheduler.include-coordinator=false
{{- else }}
node-scheduler.include-coordinator=true
{{- end }}
http-server.http.port={{ .Values.service.port }}
query.max-memory={{ .Values.server.config.query.maxMemory }}
query.max-memory-per-node={{ .Values.coordinator.config.query.maxMemoryPerNode }}
{{- if .Values.coordinator.config.memory.heapHeadroomPerNode }}
memory.heap-headroom-per-node={{ .Values.coordinator.config.memory.heapHeadroomPerNode }}
{{- end }}
discovery.uri=http://localhost:{{ .Values.service.port }}
{{- if .Values.server.config.authenticationType }}
http-server.authentication.type={{ .Values.server.config.authenticationType }}
{{- end }}
{{- range $configValue := .Values.additionalConfigProperties }}
{{ $configValue }}
{{- end }}
{{- if .Values.server.config.https.enabled }}
http-server.https.enabled=true
http-server.https.port={{ .Values.server.config.https.port }}
http-server.https.keystore.path={{ .Values.server.config.https.keystore.path }}
{{- end }}
{{- if $coordinatorJmx.enabled }}
jmx.rmiregistry.port={{- $coordinatorJmx.registryPort }}
jmx.rmiserver.port={{- $coordinatorJmx.serverPort }}
{{- end }}
{{- if .Values.worker.gracefulShutdown.enabled }}
shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s
{{- end }}
{{- if .Values.server.coordinatorExtraConfig }}
{{- .Values.server.coordinatorExtraConfig | nindent 4 }}
{{- end }}
{{- if .Values.accessControl }}
{{- if eq .Values.accessControl.type "configmap" }}
access-control.properties: |
access-control.name=file
{{- if .Values.accessControl.refreshPeriod }}
security.refresh-period={{ .Values.accessControl.refreshPeriod }}
{{- end }}
security.config-file={{ .Values.server.config.path }}/access-control/{{ .Values.accessControl.configFile | default "rules.json" }}
{{- else if eq .Values.accessControl.type "properties" }}
access-control.properties: |
{{- if .Values.accessControl.properties }}
{{- .Values.accessControl.properties | nindent 4 }}
{{- else}}
{{- fail "accessControl.properties is required when accessControl.type is 'properties'." }}
{{- end }}
{{- else}}
{{- fail "Invalid accessControl.type value. It must be either 'configmap' or 'properties'." }}
{{- end }}
{{- end }}
{{- if .Values.resourceGroups }}
resource-groups.properties: |
resource-groups.configuration-manager=file
resource-groups.config-file={{ .Values.server.config.path }}/resource-groups/resource-groups.json
{{- end }}
{{- if .Values.server.exchangeManager }}
exchange-manager.properties: |
exchange-manager.name={{ .Values.server.exchangeManager.name }}
exchange.base-directories={{ .Values.server.exchangeManager.baseDir }}
{{- range $configValue := .Values.additionalExchangeManagerProperties }}
{{ $configValue }}
{{- end }}
{{- end }}
log.properties: |
io.trino={{ .Values.server.log.trino.level }}
{{- range $configValue := .Values.additionalLogProperties }}
{{ $configValue }}
{{- end }}
{{- if contains "PASSWORD" .Values.server.config.authenticationType }}{{- if not (index .Values.coordinator.additionalConfigFiles "password-authenticator.properties") }}
password-authenticator.properties: |
password-authenticator.name=file
file.password-file={{ .Values.server.config.path }}/auth/password.db
{{- end }}{{- end }}
{{- if .Values.auth.groups }}{{- if not (index .Values.coordinator.additionalConfigFiles "group-provider.properties") }}
group-provider.properties: |
group-provider.name=file
file.group-file={{ .Values.server.config.path }}/auth/group.db
{{- if .Values.auth.refreshPeriod }}
file.refresh-period={{ .Values.auth.refreshPeriod }}
{{- end }}
{{- end }}{{- end }}
{{ if .Values.eventListenerProperties }}
event-listener.properties: |
{{- range $configValue := .Values.eventListenerProperties }}
{{ $configValue }}
{{- end }}
{{ end }}
{{- range $fileName, $fileContent := .Values.coordinator.additionalConfigFiles }}
{{ $fileName }}: |
{{- tpl $fileContent $ | nindent 4 }}
{{- end }}
{{- if .Values.resourceGroups }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: coordinator
data:
resource-groups.json: |-
{{- .Values.resourceGroups.resourceGroupsConfig | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-schemas-volume-coordinator
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: coordinator
data:
{{- range $key, $val := .Values.kafka.tableDescriptions }}
{{ $key }}: {{ $val | quote }}
{{- end }}

29
trino/base/charts/trino/templates/configmap-jmx-exporter.yaml Normal file
View file

@ -0,0 +1,29 @@
{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}}
{{- if $coordinatorJmx.exporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: jmx
data:
jmx-exporter-config.yaml: |-
{{- tpl $coordinatorJmx.exporter.configProperties . | nindent 4 }}
{{- end }}
{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}}
{{- if $workerJmx.exporter.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: jmx
data:
jmx-exporter-config.yaml: |-
{{- tpl $workerJmx.exporter.configProperties . | nindent 4 }}
{{- end }}

120
trino/base/charts/trino/templates/configmap-worker.yaml Normal file
View file

@ -0,0 +1,120 @@
{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}}
{{- if gt (int .Values.server.workers) 0 }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.worker" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: worker
data:
node.properties: |
node.environment={{ .Values.server.node.environment }}
node.data-dir={{ .Values.server.node.dataDir }}
plugin.dir={{ .Values.server.node.pluginDir }}
{{- range $configValue := .Values.additionalNodeProperties }}
{{ $configValue }}
{{- end }}
jvm.config: |
-server
-agentpath:/usr/lib/trino/bin/libjvmkill.so
-Xmx{{ .Values.worker.jvm.maxHeapSize }}
-XX:+{{ .Values.worker.jvm.gcMethod.type }}
-XX:G1HeapRegionSize={{ .Values.worker.jvm.gcMethod.g1.heapRegionSize }}
-XX:+ExplicitGCInvokesConcurrent
-XX:+HeapDumpOnOutOfMemoryError
-XX:+ExitOnOutOfMemoryError
-XX:-OmitStackTraceInFastThrow
-XX:ReservedCodeCacheSize=512M
-XX:PerMethodRecompilationCutoff=10000
-XX:PerBytecodeRecompilationCutoff=10000
-Djdk.attach.allowAttachSelf=true
-Djdk.nio.maxCachedBufferSize=2000000
# Allow loading dynamic agent used by JOL
-XX:+EnableDynamicAgentLoading
{{/* only check the version number if the image is not overriden in any way */}}
{{- with .Values.image -}}
{{- if and (eq .repository "trinodb/trino") (not .useRepositoryAsSoleImageReference) (not .registry) (not .digest) (gt (default $.Chart.AppVersion .tag | int ) 447 ) }}
# https://bugs.openjdk.org/browse/JDK-8329528
-XX:+UnlockDiagnosticVMOptions
-XX:G1NumCollectionsKeepPinned=10000000
{{- end }}{{/* if */}}
{{- end }}{{/* with */}}
{{- range $configValue := .Values.worker.additionalJVMConfig }}
{{ $configValue }}
{{- end }}
{{- if $workerJmx.enabled }}
-Dcom.sun.management.jmxremote.rmi.port={{- $workerJmx.serverPort }}
{{- end }}
config.properties: |
coordinator=false
http-server.http.port={{ .Values.service.port }}
query.max-memory={{ .Values.server.config.query.maxMemory }}
query.max-memory-per-node={{ .Values.worker.config.query.maxMemoryPerNode }}
{{- if .Values.worker.config.memory.heapHeadroomPerNode }}
memory.heap-headroom-per-node={{ .Values.worker.config.memory.heapHeadroomPerNode }}
{{- end }}
discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }}
{{- range $configValue := .Values.additionalConfigProperties }}
{{ $configValue }}
{{- end }}
{{- if $workerJmx.enabled }}
jmx.rmiregistry.port={{- $workerJmx.registryPort }}
jmx.rmiserver.port={{- $workerJmx.serverPort }}
{{- end }}
{{- if .Values.worker.gracefulShutdown.enabled }}
shutdown.grace-period={{- .Values.worker.gracefulShutdown.gracePeriodSeconds -}}s
{{- end }}
{{- if .Values.server.workerExtraConfig }}
{{- .Values.server.workerExtraConfig | nindent 4 }}
{{- end }}
{{- if .Values.worker.gracefulShutdown.enabled }}
access-control.properties: |
access-control.name=file
security.config-file={{ .Values.server.config.path }}/access-control/graceful-shutdown-rules.json
{{- end }}
{{- if .Values.server.exchangeManager }}
exchange-manager.properties: |
exchange-manager.name={{ .Values.server.exchangeManager.name }}
exchange.base-directories={{ .Values.server.exchangeManager.baseDir }}
{{- range $configValue := .Values.additionalExchangeManagerProperties }}
{{ $configValue }}
{{- end }}
{{- end }}
log.properties: |
io.trino={{ .Values.server.log.trino.level }}
{{- range $configValue := .Values.additionalLogProperties }}
{{ $configValue }}
{{- end }}
{{ if .Values.eventListenerProperties }}
event-listener.properties: |
{{- range $configValue := .Values.eventListenerProperties }}
{{ $configValue }}
{{- end }}
{{ end }}
{{- range $fileName, $fileContent := .Values.worker.additionalConfigFiles }}
{{ $fileName }}: |
{{- tpl $fileContent $ | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "trino.fullname" . }}-schemas-volume-worker
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: worker
data:
{{- range $key, $val := .Values.kafka.tableDescriptions }}
{{ $key }}: {{ $val | quote }}
{{- end }}
{{- end }}

247
trino/base/charts/trino/templates/deployment-coordinator.yaml Normal file
View file

@ -0,0 +1,247 @@
{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "trino.coordinator" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: coordinator
trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }}
{{- if .Values.coordinator.labels }}
{{- tpl (toYaml .Values.coordinator.labels) . | nindent 4 }}
{{- end }}
spec:
progressDeadlineSeconds: {{ .Values.coordinator.deployment.progressDeadlineSeconds }}
revisionHistoryLimit: {{ .Values.coordinator.deployment.revisionHistoryLimit }}
strategy:
{{- toYaml .Values.coordinator.deployment.strategy | nindent 4 }}
selector:
matchLabels:
{{- include "trino.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: coordinator
template:
metadata:
annotations:
{{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }}
checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-coordinator.yaml") . | sha256sum }}
{{- end }}
{{- if or .Values.catalogs .Values.additionalCatalogs }}
checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }}
{{- end }}
checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }}
{{- if .Values.coordinator.annotations }}
{{- tpl (toYaml .Values.coordinator.annotations) . | nindent 8 }}
{{- end }}
labels:
{{- include "trino.labels" . | nindent 8 }}
app.kubernetes.io/component: coordinator
trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }}
{{- if .Values.coordinator.labels }}
{{- tpl (toYaml .Values.coordinator.labels) . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "trino.serviceAccountName" . }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.shareProcessNamespace.coordinator }}
shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ template "trino.coordinator" . }}
{{- if or .Values.catalogs .Values.additionalCatalogs }}
- name: catalog-volume
configMap:
name: {{ template "trino.catalog" . }}
{{- end }}
- name: schemas-volume
configMap:
name: {{ template "trino.fullname" . }}-schemas-volume-coordinator
{{- if eq .Values.accessControl.type "configmap" }}
- name: access-control-volume
configMap:
name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
{{- end }}
{{- if .Values.resourceGroups }}
- name: resource-groups-volume
configMap:
name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator
{{- end }}
{{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret .Values.auth.groups }}
- name: file-authentication-volume
secret:
secretName: {{ template "trino.fileAuthSecretName" . }}
items:
{{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }}
- key: password.db
path: password.db
{{- end }}
{{- if .Values.auth.groups }}
- key: group.db
path: group.db
{{- end }}
{{- end }}
{{- if $coordinatorJmx.exporter.enabled }}
- name: jmx-exporter-config-volume
configMap:
name: {{ template "trino.fullname" . }}-jmx-exporter-config-coordinator
{{- end }}
{{- range .Values.configMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.coordinator.configMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.secretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- range .Values.coordinator.secretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- with .Values.coordinator.additionalVolumes }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.initContainers.coordinator }}
initContainers:
{{- tpl (toYaml .Values.initContainers.coordinator) . | nindent 6 }}
{{- end }}
{{- if .Values.imagePullSecrets}}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.coordinator.terminationGracePeriodSeconds }}
containers:
- name: {{ .Chart.Name }}-coordinator
image: {{ include "trino.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
env:
{{- toYaml .Values.env | nindent 12 }}
envFrom:
{{- toYaml .Values.envFrom | nindent 12 }}
volumeMounts:
- mountPath: {{ .Values.server.config.path }}
name: config-volume
{{- if or .Values.catalogs .Values.additionalCatalogs }}
- mountPath: {{ .Values.server.config.path }}/catalog
name: catalog-volume
{{- end }}
- mountPath: {{ .Values.kafka.mountPath }}
name: schemas-volume
{{- if eq .Values.accessControl.type "configmap" }}
- mountPath: {{ .Values.server.config.path }}/access-control
name: access-control-volume
{{- end }}
{{- if .Values.resourceGroups }}
- mountPath: {{ .Values.server.config.path }}/resource-groups
name: resource-groups-volume
{{- end }}
{{- range .Values.configMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- range .Values.coordinator.configMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- range .Values.secretMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- range .Values.coordinator.secretMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret .Values.auth.groups }}
- mountPath: {{ .Values.server.config.path }}/auth
name: file-authentication-volume
{{- end }}
{{- with .Values.coordinator.additionalVolumeMounts }}
{{- . | toYaml | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if $coordinatorJmx.enabled }}
- name: jmx-registry
containerPort: {{ $coordinatorJmx.registryPort }}
protocol: TCP
- name: jmx-server
containerPort: {{ $coordinatorJmx.serverPort }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.coordinator.additionalExposedPorts }}
- name: {{ $value.name }}
containerPort: {{ $value.port }}
protocol: {{ $value.protocol }}
{{- end }}
livenessProbe:
httpGet:
path: /v1/info
port: http
initialDelaySeconds: {{ .Values.coordinator.livenessProbe.initialDelaySeconds | default 30 }}
periodSeconds: {{ .Values.coordinator.livenessProbe.periodSeconds | default 10 }}
timeoutSeconds: {{ .Values.coordinator.livenessProbe.timeoutSeconds | default 5 }}
failureThreshold: {{ .Values.coordinator.livenessProbe.failureThreshold | default 6 }}
successThreshold: {{ .Values.coordinator.livenessProbe.successThreshold | default 1 }}
readinessProbe:
exec:
command: [/usr/lib/trino/bin/health-check]
initialDelaySeconds: {{ .Values.coordinator.readinessProbe.initialDelaySeconds | default 10 }}
periodSeconds: {{ .Values.coordinator.readinessProbe.periodSeconds | default 10 }}
timeoutSeconds: {{ .Values.coordinator.readinessProbe.timeoutSeconds | default 5 }}
failureThreshold: {{ .Values.coordinator.readinessProbe.failureThreshold | default 6 }}
successThreshold: {{ .Values.coordinator.readinessProbe.successThreshold | default 1 }}
lifecycle:
{{- toYaml .Values.coordinator.lifecycle | nindent 12 }}
resources:
{{- toYaml .Values.coordinator.resources | nindent 12 }}
{{- if $coordinatorJmx.exporter.enabled }}
- name: jmx-exporter
image: {{ $coordinatorJmx.exporter.image }}
imagePullPolicy: {{ $coordinatorJmx.exporter.pullPolicy }}
securityContext:
{{- toYaml $coordinatorJmx.exporter.securityContext | nindent 12 }}
args:
- "{{ $coordinatorJmx.exporter.port }}"
- /etc/jmx-exporter/jmx-exporter-config.yaml
volumeMounts:
- mountPath: /etc/jmx-exporter/
name: jmx-exporter-config-volume
resources:
{{- toYaml $coordinatorJmx.exporter.resources | nindent 12 }}
ports:
- name: jmx-exporter
containerPort: {{ $coordinatorJmx.exporter.port }}
protocol: TCP
{{- end }}
{{- if .Values.sidecarContainers.coordinator }}
{{- toYaml .Values.sidecarContainers.coordinator | nindent 8 }}
{{- end }}
{{- with .Values.coordinator.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coordinator.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.coordinator.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

245
trino/base/charts/trino/templates/deployment-worker.yaml Normal file
View file

@ -0,0 +1,245 @@
{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}}
{{- if gt (int .Values.server.workers) 0 }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "trino.worker" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: worker
trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }}
{{- if .Values.worker.labels }}
{{- tpl (toYaml .Values.worker.labels) . | nindent 4 }}
{{- end }}
spec:
progressDeadlineSeconds: {{ .Values.worker.deployment.progressDeadlineSeconds }}
revisionHistoryLimit: {{ .Values.worker.deployment.revisionHistoryLimit }}
strategy:
{{- toYaml .Values.worker.deployment.strategy | nindent 4 }}
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.workers }}
{{- end }}
selector:
matchLabels:
{{- include "trino.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: worker
template:
metadata:
annotations:
{{- if or .Values.catalogs .Values.additionalCatalogs }}
checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }}
{{- end }}
checksum/worker-config: {{ include (print $.Template.BasePath "/configmap-worker.yaml") . | sha256sum }}
{{- if .Values.worker.gracefulShutdown.enabled }}
checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control-worker.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.worker.annotations }}
{{- tpl (toYaml .Values.worker.annotations) . | nindent 8 }}
{{- end }}
labels:
{{- include "trino.labels" . | nindent 8 }}
app.kubernetes.io/component: worker
trino.io/network-policy-protection: {{ ternary "enabled" "disabled" .Values.networkPolicy.enabled }}
{{- if .Values.worker.labels }}
{{- tpl (toYaml .Values.worker.labels) . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "trino.serviceAccountName" . }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.shareProcessNamespace.worker }}
shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ template "trino.worker" . }}
{{- if or .Values.catalogs .Values.additionalCatalogs }}
- name: catalog-volume
configMap:
name: {{ template "trino.catalog" . }}
{{- end }}
- name: schemas-volume
configMap:
name: {{ template "trino.fullname" . }}-schemas-volume-worker
{{- if $workerJmx.exporter.enabled }}
- name: jmx-exporter-config-volume
configMap:
name: {{ template "trino.fullname" . }}-jmx-exporter-config-worker
{{- end }}
{{- if .Values.worker.gracefulShutdown.enabled }}
- name: access-control-volume
configMap:
name: {{ template "trino.fullname" . }}-access-control-volume-worker
{{- end }}
{{- range .Values.configMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.worker.configMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.secretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- range .Values.worker.secretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- with .Values.worker.additionalVolumes }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.initContainers.worker }}
initContainers:
{{- tpl (toYaml .Values.initContainers.worker) . | nindent 6 }}
{{- end }}
{{- if .Values.imagePullSecrets}}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if and .Values.worker.gracefulShutdown.enabled (gt (mulf 2.0 .Values.worker.gracefulShutdown.gracePeriodSeconds) .Values.worker.terminationGracePeriodSeconds) }}
{{- fail "The user must set the `worker.terminationGracePeriodSeconds` to a value of at least two times the configured `gracePeriodSeconds`." }}
{{- else }}
terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-worker
image: {{ include "trino.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
env:
{{- toYaml .Values.env | nindent 12 }}
envFrom:
{{- toYaml .Values.envFrom | nindent 12 }}
volumeMounts:
- mountPath: {{ .Values.server.config.path }}
name: config-volume
{{- if or .Values.catalogs .Values.additionalCatalogs }}
- mountPath: {{ .Values.server.config.path }}/catalog
name: catalog-volume
{{- end }}
- mountPath: {{ .Values.kafka.mountPath }}
name: schemas-volume
{{- if .Values.worker.gracefulShutdown.enabled }}
- mountPath: {{ .Values.server.config.path }}/access-control
name: access-control-volume
{{- end }}
{{- range .Values.configMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- range .Values.worker.configMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- range .Values.secretMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- range .Values.worker.secretMounts }}
- name: {{ .name }}
mountPath: {{ .path }}
{{- end }}
{{- with .Values.worker.additionalVolumeMounts }}
{{- . | toYaml | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- if $workerJmx.enabled }}
- name: jmx-registry
containerPort: {{ $workerJmx.registryPort }}
protocol: TCP
- name: jmx-server
containerPort: {{ $workerJmx.serverPort }}
protocol: TCP
{{- end }}
{{- range $key, $value := .Values.worker.additionalExposedPorts }}
- name: {{ $value.name }}
containerPort: {{ $value.port }}
protocol: {{ $value.protocol }}
{{- end }}
livenessProbe:
httpGet:
path: /v1/info
port: http
initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds | default 30 }}
periodSeconds: {{ .Values.worker.livenessProbe.periodSeconds | default 10 }}
timeoutSeconds: {{ .Values.worker.livenessProbe.timeoutSeconds | default 5 }}
failureThreshold: {{ .Values.worker.livenessProbe.failureThreshold | default 6 }}
successThreshold: {{ .Values.worker.livenessProbe.successThreshold | default 1 }}
readinessProbe:
exec:
command: [/usr/lib/trino/bin/health-check]
initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds | default 10 }}
periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds | default 10 }}
timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds | default 5 }}
failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold | default 6 }}
successThreshold: {{ .Values.worker.readinessProbe.successThreshold | default 1 }}
lifecycle:
{{- if .Values.worker.lifecycle }}
{{- if .Values.worker.gracefulShutdown.enabled }}
{{- fail "The `worker.lifecycle` configuration conflicts with `worker.gracefulShutdown`. Either disable `worker.gracefulShutdown` and apply the related configurations manually, or remove `worker.lifecycle`." }}
{{- end }}
{{- toYaml .Values.worker.lifecycle | nindent 12 }}
{{- else if .Values.worker.gracefulShutdown.enabled }}
preStop:
exec:
command:
- /bin/sh
- -c
- >-
curl -v -X PUT
-d '"SHUTTING_DOWN"'
-H 'Content-type: application/json'
-H 'X-Trino-User: admin'
http://localhost:{{- .Values.service.port -}}/v1/info/state
{{- end }}
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
{{- if $workerJmx.exporter.enabled }}
- name: jmx-exporter
image: {{ $workerJmx.exporter.image }}
imagePullPolicy: {{ $workerJmx.exporter.pullPolicy }}
securityContext:
{{- toYaml $workerJmx.exporter.securityContext | nindent 12 }}
args:
- "{{ $workerJmx.exporter.port }}"
- /etc/jmx-exporter/jmx-exporter-config.yaml
volumeMounts:
- mountPath: /etc/jmx-exporter/
name: jmx-exporter-config-volume
resources:
{{- toYaml $workerJmx.exporter.resources | nindent 12 }}
ports:
- name: jmx-exporter
containerPort: {{ $workerJmx.exporter.port }}
protocol: TCP
{{- end }}
{{- if .Values.sidecarContainers.worker }}
{{- toYaml .Values.sidecarContainers.worker | nindent 8 }}
{{- end }}
{{- with .Values.worker.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.worker.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

38
trino/base/charts/trino/templates/ingress.yaml Normal file
View file

@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "trino.coordinator" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
annotations:
{{- toYaml .Values.ingress.annotations | nindent 4 }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ include "trino.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end }}

37
trino/base/charts/trino/templates/networkpolicy.yaml Normal file
View file

@ -0,0 +1,37 @@
{{- if .Values.networkPolicy.enabled }}
{{- if eq "NodePort" .Values.service.type}}
{{- fail "NetworkPolicy enforcement is not supported with NodePort services, as traffic reaches the Pod through the node itself, bypassing pod-level network controls." }}
{{- end }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "trino.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: network-policy
spec:
podSelector:
matchLabels:
{{- include "trino.selectorLabels" . | nindent 6 }}
trino.io/network-policy-protection: enabled
policyTypes:
- Ingress
{{- with .Values.networkPolicy.egress }}
- Egress
egress:
{{- toYaml . | nindent 4 }}
{{- end }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "trino.selectorLabels" . | nindent 14 }}
trino.io/network-policy-protection: enabled
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: {{ .Release.Namespace }}
{{- with .Values.networkPolicy.ingress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

16
trino/base/charts/trino/templates/secret.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if or .Values.auth.passwordAuth .Values.auth.groups }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "trino.fileAuthSecretName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
data:
{{- if .Values.auth.passwordAuth }}
password.db: {{ .Values.auth.passwordAuth | b64enc }}
{{- end }}
{{- if .Values.auth.groups}}
group.db: {{ .Values.auth.groups | b64enc }}
{{- end }}
{{- end }}

36
trino/base/charts/trino/templates/service-coordinator.yaml Normal file
View file

@ -0,0 +1,36 @@
{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "trino.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: coordinator
annotations:
{{- toYaml .Values.service.annotations | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
{{- if $coordinatorJmx.exporter.enabled }}
- port: {{ $coordinatorJmx.exporter.port }}
targetPort: jmx-exporter
protocol: TCP
name: jmx-exporter
{{- end }}
{{- range $key, $value := .Values.coordinator.additionalExposedPorts }}
- port: {{ $value.servicePort }}
name: {{ $value.name }}
targetPort: {{ $value.port }}
protocol: {{ $value.protocol }}
{{- end }}
selector:
{{- include "trino.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: coordinator

27
trino/base/charts/trino/templates/service-worker.yaml Normal file
View file

@ -0,0 +1,27 @@
{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "trino.fullname" . }}-worker
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: worker
annotations:
{{- toYaml .Values.service.annotations | nindent 4 }}
spec:
clusterIP: None
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
{{- if $workerJmx.exporter.enabled }}
- port: {{$workerJmx.exporter.port }}
targetPort: jmx-exporter
protocol: TCP
name: jmx-exporter
{{- end }}
selector:
{{- include "trino.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: worker

13
trino/base/charts/trino/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "trino.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

24
trino/base/charts/trino/templates/servicemonitor-coordinator.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}}
{{- if $coordinatorServiceMonitor.enabled -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "trino.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
{{- if $coordinatorServiceMonitor.labels }}
{{- toYaml $coordinatorServiceMonitor.labels | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "trino.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: coordinator
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- port: jmx-exporter
interval: {{ $coordinatorServiceMonitor.interval }}
{{- end }}

24
trino/base/charts/trino/templates/servicemonitor-worker.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}}
{{- if $workerServiceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "trino.fullname" . }}-worker
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
{{- if $workerServiceMonitor.labels }}
{{- toYaml $workerServiceMonitor.labels | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "trino.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: worker
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- port: jmx-exporter
interval: {{ $workerServiceMonitor.interval }}
{{- end }}

46
trino/base/charts/trino/templates/tests/test-connection.yaml Normal file
View file

@ -0,0 +1,46 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ include "trino.fullname" . }}-test-connection
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: connection
annotations:
"helm.sh/hook": test
spec:
containers:
- name: cli
image: {{ include "trino.image" . }}
command: ['trino']
args:
{{- if .Values.server.config.https.enabled }}
# port must match coordinator.additionalExposedPorts
- trino://{{ include "trino.fullname" . }}.{{ .Release.Namespace }}:8443?SSL=true&SSLVerification=FULL&SSLTrustStorePath=/etc/trino/certificates/tls.crt
{{- else }}
- trino://{{ include "trino.fullname" . }}:{{ .Values.service.port }}
{{- end }}
- --user=admin
{{- if eq .Values.server.config.authenticationType "PASSWORD" }}
- --password
{{- end }}
- --debug
- --execute=SELECT 1
- --no-progress
{{- if eq .Values.server.config.authenticationType "PASSWORD" }}
env:
- name: TRINO_PASSWORD
# must match test-values.yaml
value: admin123
{{- end }}
{{- if .Values.server.config.https.enabled }}
volumeMounts:
- name: certificates
readOnly: true
mountPath: "/etc/trino/certificates"
volumes:
- name: certificates
secret:
secretName: certificates
{{- end }}
restartPolicy: Never

120
trino/base/charts/trino/templates/tests/test-graceful-shutdown.yaml Normal file
View file

@ -0,0 +1,120 @@
{{- if .Values.worker.gracefulShutdown.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "trino.fullname" . }}-pod-manager
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: graceful-shutdown
annotations:
"helm.sh/hook": test
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": hook-succeeded
rules:
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods/log" ]
verbs: [ "get" ]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "trino.fullname" . }}-pod-manager-sa
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: graceful-shutdown
annotations:
"helm.sh/hook": test
"helm.sh/hook-weight": "0"
"helm.sh/hook-delete-policy": hook-succeeded
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "trino.fullname" . }}-pod-manager-binding
namespace: {{ .Release.Namespace }}
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: graceful-shutdown
annotations:
"helm.sh/hook": test
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
subjects:
- kind: ServiceAccount
name: {{ include "trino.fullname" . }}-pod-manager-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "trino.fullname" . }}-pod-manager
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "trino.fullname" . }}-test-graceful-shutdown
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: graceful-shutdown
annotations:
"helm.sh/hook": test
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
serviceAccountName: {{ include "trino.fullname" . }}-pod-manager-sa
initContainers:
- name: get-worker-pod
image: bitnami/kubectl:latest
command: [ "sh", "-c" ]
args:
- >-
kubectl get pods
--selector="app.kubernetes.io/name={{ include "trino.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=worker"
--output=jsonpath="{.items[0].metadata.name}"
--namespace={{ .Release.Namespace }}
> /pods/worker-pod.txt
volumeMounts:
- mountPath: /pods
name: worker-pod
containers:
- name: check-logs
image: bitnami/kubectl:latest
command: [ "sh", "-c" ]
args:
- >-
WORKER_POD=$(cat /pods/worker-pod.txt) &&
kubectl logs ${WORKER_POD}
--follow
--container=trino-worker
--namespace={{ .Release.Namespace }}
| grep --max-count=1 "Shutdown requested"
volumeMounts:
- mountPath: /pods
name: worker-pod
- name: trigger-graceful-shutdown
image: bitnami/kubectl:latest
command: [ "sh", "-c" ]
args:
- >-
sleep 5 &&
WORKER_POD=$(cat /pods/worker-pod.txt) &&
kubectl delete pod
${WORKER_POD}
--namespace={{ .Release.Namespace }}
volumeMounts:
- mountPath: /pods
name: worker-pod
restartPolicy: Never
volumes:
- name: worker-pod
emptyDir: {}
{{- end }}

99
trino/base/charts/trino/templates/tests/test-jmx.yaml Normal file
View file

@ -0,0 +1,99 @@
{{- $coordinatorJmx := merge .Values.jmx.coordinator (omit .Values.jmx "coordinator" "worker") -}}
{{- $workerJmx := merge .Values.jmx.worker (omit .Values.jmx "coordinator" "worker") -}}
{{- $coordinatorServiceMonitor := merge .Values.serviceMonitor.coordinator (omit .Values.serviceMonitor "coordinator" "worker") -}}
{{- $workerServiceMonitor := merge .Values.serviceMonitor.worker (omit .Values.serviceMonitor "coordinator" "worker") -}}
{{- if or $coordinatorJmx.exporter.enabled $coordinatorServiceMonitor.enabled $workerJmx.exporter.enabled $workerServiceMonitor.enabled -}}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "trino.fullname" . }}-test-jmx
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: jmx
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": hook-succeeded
spec:
containers:
{{- if $coordinatorJmx.exporter.enabled }}
- name: trino-jmx-coordinator
image: {{ include "trino.image" . }}
command: ["/bin/bash", "-c"]
args:
- curl -s {{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ $coordinatorJmx.exporter.port }}/metrics | grep -q trino
{{- end }}
{{- if $workerJmx.exporter.port }}
- name: trino-jmx-worker
image: {{ include "trino.image" . }}
command: ["/bin/bash", "-c"]
args:
- curl -s {{ include "trino.fullname" . }}-worker.{{ .Release.Namespace }}:{{ $workerJmx.exporter.port }}/metrics | grep -q trino
{{- end }}
{{- if $coordinatorServiceMonitor.enabled }}
- name: service-monitor-coordinator
image: python:3-slim
command: [ "python", "/tests/test.py" ]
args: ["{{ include "trino.fullname" . }}"]
volumeMounts:
- name: tests
mountPath: /tests
{{- end }}
{{- if $workerServiceMonitor.enabled }}
- name: service-monitor-worker
image: python:3-slim
command: ["python", "/tests/test.py"]
args: ["{{ include "trino.fullname" . }}-worker"]
volumeMounts:
- name: tests
mountPath: /tests
{{- end }}
volumes:
- name: tests
configMap:
name: {{ include "trino.fullname" . }}-test-jmx
restartPolicy: Never
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "trino.fullname" . }}-test-jmx
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: jmx
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": hook-succeeded
data:
test.py: |
from urllib.request import urlopen
from urllib.error import URLError, HTTPError
import json
import logging
import sys
import time
logger = logging.getLogger(__name__)
target_service = sys.argv[1]
url = f"http://prometheus-operator-kube-p-prometheus:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{target_service}/0&state=active"
while True:
try:
with urlopen(url) as response:
data = json.load(response)
except (URLError, HTTPError) as e:
logger.warning("Error fetching targets, Prometheus service might not be ready: ", e)
time.sleep(2) # Retry after 2 seconds
continue
try:
service_name = data["data"]["activeTargets"][0]["discoveredLabels"]["__meta_kubernetes_service_name"]
except (KeyError, IndexError) as e:
logger.warning("Invalid Prometheus response: ", e)
time.sleep(2) # Retry after 2 seconds
continue
if service_name == target_service:
logger.info(f"Found expected service '{service_name}' in Prometheus targets!")
break
{{- end }}

28
trino/base/charts/trino/templates/tests/test-networkpolicy.yaml Normal file
View file

@ -0,0 +1,28 @@
{{- if .Values.networkPolicy.enabled }}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "trino.fullname" . }}-test-networkpolicy
labels:
{{- include "trino.labels" . | nindent 4 }}
app.kubernetes.io/component: test
test: network-policy
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": hook-succeeded
spec:
containers:
- name: check-connection
image: {{ include "trino.image" . }}
command: [ "/bin/bash", "-c" ]
args:
- >-
curl
{{ include "trino.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}
--head
--fail
--connect-timeout 10
--max-time 10
2>&1 | grep -q "timed out"
restartPolicy: Never
{{- end }}

1032
trino/base/charts/trino/values.yaml Normal file
View file

File diff suppressed because it is too large Load diff

10
trino/base/charts/values/values.yaml Normal file
View file

@ -0,0 +1,10 @@
image:
tag: "461"
server:
workers: 3
coordinator:
jvm:
maxHeapSize: "8G"
worker:
jvm:
maxHeapSize: "8G"

5
trino/overlays/test/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base/