diff --git a/charts/trino/Chart.yaml b/charts/trino/Chart.yaml index ad9d38d..a869bf3 100644 --- a/charts/trino/Chart.yaml +++ b/charts/trino/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "375" +appVersion: "432" description: Fast distributed SQL query engine for big data analytics that helps you explore your data universe home: https://trino.io/ @@ -11,4 +11,4 @@ sources: - https://github.com/trinodb/charts - https://github.com/trinodb/trino/tree/master/core/docker type: application -version: 0.10.0 +version: 0.14.0 diff --git a/charts/trino/README.md b/charts/trino/README.md index 1d30160..4f63c87 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -13,7 +13,7 @@ The following table lists the configurable parameters of the Trino chart and the | ------------------------ | ----------------------- | -------------- | | `image.repository` | | `"trinodb/trino"` | | `image.pullPolicy` | | `"IfNotPresent"` | -| `image.tag` | | `"latest"` | +| `image.tag` | | `432` | | `imagePullSecrets` | | `[{"name": "registry-credentials"}]` | | `server.workers` | | `2` | | `server.node.environment` | | `"production"` | @@ -27,8 +27,6 @@ The following table lists the configurable parameters of the Trino chart and the | `server.config.https.keystore.path` | | `""` | | `server.config.authenticationType` | | `""` | | `server.config.query.maxMemory` | | `"4GB"` | -| `server.config.query.maxMemoryPerNode` | | `"1GB"` | -| `server.config.memory.heapHeadroomPerNode` | | `"1GB"` | | `server.exchangeManager.name` | | `"filesystem"` | | `server.exchangeManager.baseDir` | | `"/tmp/trino-local-file-system-exchange-manager"` | | `server.workerExtraConfig` | | `""` | @@ -44,14 +42,15 @@ The following table lists the configurable parameters of the Trino chart and the | `eventListenerProperties` | | `{}` | | `additionalCatalogs` | | `{}` | | `env` | | `[]` | +| `envFrom` | | `[]` | | `initContainers` | | `{}` | +| `sidecarContainers` | | `{}` | | `securityContext.runAsUser` | | `1000` | | `securityContext.runAsGroup` | | `1000` | +| `shareProcessNamespace.coordinator` | | `false` | +| `shareProcessNamespace.worker` | | `false` | | `service.type` | | `"ClusterIP"` | | `service.port` | | `8080` | -| `nodeSelector` | | `{}` | -| `tolerations` | | `[]` | -| `affinity` | | `{}` | | `auth` | | `{}` | | `serviceAccount.create` | | `false` | | `serviceAccount.name` | | `""` | @@ -60,13 +59,45 @@ The following table lists the configurable parameters of the Trino chart and the | `coordinator.jvm.maxHeapSize` | | `"8G"` | | `coordinator.jvm.gcMethod.type` | | `"UseG1GC"` | | `coordinator.jvm.gcMethod.g1.heapRegionSize` | | `"32M"` | +| `coordinator.config.memory.heapHeadroomPerNode` | | `""` | +| `coordinator.config.query.maxMemoryPerNode` | | `"1GB"` | | `coordinator.additionalJVMConfig` | | `{}` | +| `coordinator.additionalExposedPorts` | | `{}` | | `coordinator.resources` | | `{}` | +| `coordinator.livenessProbe` | | `{}` | +| `coordinator.readinessProbe` | | `{}` | +| `coordinator.nodeSelector` | | `{}` | +| `coordinator.tolerations` | | `[]` | +| `coordinator.affinity` | | `{}` | +| `coordinator.additionalConfigFiles` | | `{}` | +| `coordinator.annotations` | | `{}` | +| `coordinator.labels` | | `{}` | +| `coordinator.secretMounts` | | `[]` | | `worker.jvm.maxHeapSize` | | `"8G"` | | `worker.jvm.gcMethod.type` | | `"UseG1GC"` | | `worker.jvm.gcMethod.g1.heapRegionSize` | | `"32M"` | +| `worker.config.memory.heapHeadroomPerNode` | | `""` | +| `worker.config.query.maxMemoryPerNode` | | `"1GB"` | | `worker.additionalJVMConfig` | | `{}` | +| `worker.additionalExposedPorts` | | `{}` | | `worker.resources` | | `{}` | +| `worker.livenessProbe` | | `{}` | +| `worker.readinessProbe` | | `{}` | +| `worker.nodeSelector` | | `{}` | +| `worker.tolerations` | | `[]` | +| `worker.affinity` | | `{}` | +| `worker.additionalConfigFiles` | | `{}` | +| `worker.annotations` | | `{}` | +| `worker.labels` | | `{}` | +| `worker.secretMounts` | | `[]` | +| `kafka.mountPath` | | `"/etc/trino/schemas"` | +| `kafka.tableDescriptions` | | `{}` | +| `commonLabels` | Labels that get applied to every resource's metadata | `{}` | +| `ingress.enabled` | | `false` | +| `ingress.className` | | `""` | +| `ingress.annotations` | | `{}` | +| `ingress.hosts` | | `[]` | +| `ingress.tls` | | `[]` | diff --git a/charts/trino/templates/autoscaler.yaml b/charts/trino/templates/autoscaler.yaml index 7907d1d..258c165 100644 --- a/charts/trino/templates/autoscaler.yaml +++ b/charts/trino/templates/autoscaler.yaml @@ -3,6 +3,10 @@ apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ template "trino.worker" . }} + {{- if .Values.commonLabels }} + labels: + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} spec: maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} minReplicas: {{ .Values.server.workers }} diff --git a/charts/trino/templates/configmap-catalog.yaml b/charts/trino/templates/configmap-catalog.yaml index b325569..9c1fea6 100644 --- a/charts/trino/templates/configmap-catalog.yaml +++ b/charts/trino/templates/configmap-catalog.yaml @@ -8,6 +8,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} role: catalogs + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} data: tpch.properties: | connector.name=tpch diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml index 102121d..0af61df 100644 --- a/charts/trino/templates/configmap-coordinator.yaml +++ b/charts/trino/templates/configmap-coordinator.yaml @@ -8,6 +8,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: coordinator + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} data: node.properties: | node.environment={{ .Values.server.node.environment }} @@ -19,20 +22,22 @@ data: jvm.config: | -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so -Xmx{{ .Values.coordinator.jvm.maxHeapSize }} -XX:+{{ .Values.coordinator.jvm.gcMethod.type }} -XX:G1HeapRegionSize={{ .Values.coordinator.jvm.gcMethod.g1.heapRegionSize }} - -XX:+UseGCOverheadLimit -XX:+ExplicitGCInvokesConcurrent -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError - -Djdk.attach.allowAttachSelf=true + -XX:-OmitStackTraceInFastThrow -XX:ReservedCodeCacheSize=512M -XX:PerMethodRecompilationCutoff=10000 -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true -Djdk.nio.maxCachedBufferSize=2000000 -XX:+UnlockDiagnosticVMOptions - -XX:+UseAESCTRIntrinsics + # Reduce starvation of threads by GClocker, recommend to set about the number of cpu cores (JDK-8192647) + -XX:GCLockerRetryAllocationCount=32 {{- range $configValue := .Values.coordinator.additionalJVMConfig }} {{ $configValue }} {{- end }} @@ -46,9 +51,10 @@ data: {{- end }} http-server.http.port={{ .Values.service.port }} query.max-memory={{ .Values.server.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} - memory.heap-headroom-per-node={{ .Values.server.config.memory.heapHeadroomPerNode }} - discovery-server.enabled=true + query.max-memory-per-node={{ .Values.coordinator.config.query.maxMemoryPerNode }} +{{- if .Values.coordinator.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.coordinator.config.memory.heapHeadroomPerNode }} +{{- end }} discovery.uri=http://localhost:{{ .Values.service.port }} {{- if .Values.server.config.authenticationType }} http-server.authentication.type={{ .Values.server.config.authenticationType }} @@ -74,7 +80,9 @@ data: exchange-manager.properties: | exchange-manager.name={{ .Values.server.exchangeManager.name }} - exchange.base-directory={{ .Values.server.exchangeManager.baseDir }} + {{ if eq .Values.server.exchangeManager.name "filesystem" }} + exchange.base-directories={{ .Values.server.exchangeManager.baseDir }} + {{- end }} {{- range $configValue := .Values.additionalExchangeManagerProperties }} {{ $configValue }} {{- end }} @@ -89,6 +97,14 @@ data: password-authenticator.properties: | password-authenticator.name=file file.password-file={{ .Values.server.config.path }}/auth/password.db + {{- if .Values.auth.groups }} + group-provider.properties: | + group-provider.name=file + file.group-file={{ .Values.server.config.path }}/auth/group.db + {{- if .Values.auth.refreshPeriod }} + file.refresh-period={{ .Values.auth.refreshPeriod }} + {{- end }} + {{- end }} {{- end }} {{ if .Values.eventListenerProperties }} @@ -98,6 +114,11 @@ data: {{- end }} {{ end }} +{{- range $fileName, $fileContent := .Values.coordinator.additionalConfigFiles }} + {{ $fileName }}: | + {{- $fileContent | nindent 4 }} +{{- end }} + --- {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }} @@ -114,4 +135,18 @@ data: {{- end }} {{- end }}{{- end }} ---- \ No newline at end of file +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: schemas-volume-coordinator + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} + +--- diff --git a/charts/trino/templates/configmap-worker.yaml b/charts/trino/templates/configmap-worker.yaml index 9ba0b8c..03617a9 100644 --- a/charts/trino/templates/configmap-worker.yaml +++ b/charts/trino/templates/configmap-worker.yaml @@ -9,6 +9,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: worker + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} data: node.properties: | node.environment={{ .Values.server.node.environment }} @@ -20,21 +23,22 @@ data: jvm.config: | -server + -agentpath:/usr/lib/trino/bin/libjvmkill.so -Xmx{{ .Values.worker.jvm.maxHeapSize }} -XX:+{{ .Values.worker.jvm.gcMethod.type }} -XX:G1HeapRegionSize={{ .Values.worker.jvm.gcMethod.g1.heapRegionSize }} - -XX:+UseGCOverheadLimit -XX:+ExplicitGCInvokesConcurrent -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError - -Djdk.attach.allowAttachSelf=true - -XX:-UseBiasedLocking + -XX:-OmitStackTraceInFastThrow -XX:ReservedCodeCacheSize=512M -XX:PerMethodRecompilationCutoff=10000 -XX:PerBytecodeRecompilationCutoff=10000 + -Djdk.attach.allowAttachSelf=true -Djdk.nio.maxCachedBufferSize=2000000 -XX:+UnlockDiagnosticVMOptions - -XX:+UseAESCTRIntrinsics + # Reduce starvation of threads by GClocker, recommend to set about the number of cpu cores (JDK-8192647) + -XX:GCLockerRetryAllocationCount=32 {{- range $configValue := .Values.worker.additionalJVMConfig }} {{ $configValue }} {{- end }} @@ -43,8 +47,10 @@ data: coordinator=false http-server.http.port={{ .Values.service.port }} query.max-memory={{ .Values.server.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.server.config.query.maxMemoryPerNode }} - memory.heap-headroom-per-node={{ .Values.server.config.memory.heapHeadroomPerNode }} + query.max-memory-per-node={{ .Values.worker.config.query.maxMemoryPerNode }} + {{- if .Values.worker.config.memory.heapHeadroomPerNode }} + memory.heap-headroom-per-node={{ .Values.worker.config.memory.heapHeadroomPerNode }} + {{- end }} discovery.uri=http://{{ template "trino.fullname" . }}:{{ .Values.service.port }} {{- range $configValue := .Values.additionalConfigProperties }} {{ $configValue }} @@ -53,7 +59,9 @@ data: exchange-manager.properties: | exchange-manager.name={{ .Values.server.exchangeManager.name }} - exchange.base-directory={{ .Values.server.exchangeManager.baseDir }} + {{ if eq .Values.server.exchangeManager.name "filesystem" }} + exchange.base-directories={{ .Values.server.exchangeManager.baseDir }} + {{- end }} {{- range $configValue := .Values.additionalExchangeManagerProperties }} {{ $configValue }} {{- end }} @@ -71,4 +79,22 @@ data: {{- end }} {{ end }} +{{- range $fileName, $fileContent := .Values.worker.additionalConfigFiles }} + {{ $fileName }}: | + {{- $fileContent | nindent 4 }} +{{- end }} + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: schemas-volume-worker + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: worker +data: + {{- range $key, $val := .Values.kafka.tableDescriptions }} + {{ $key }}: {{ $val | quote }} + {{- end }} {{- end }} diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 11dcdd7..0941f9c 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -8,6 +8,9 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: coordinator + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -16,10 +19,20 @@ spec: component: coordinator template: metadata: + {{- if .Values.coordinator.annotations }} + annotations: + {{- tpl (toYaml .Values.coordinator.annotations) . | nindent 8 }} + {{- end }} labels: app: {{ template "trino.name" . }} release: {{ .Release.Name }} component: coordinator + {{- if .Values.coordinator.labels }} + {{- tpl (toYaml .Values.coordinator.labels) . | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "trino.serviceAccountName" . }} {{- with .Values.securityContext }} @@ -27,6 +40,9 @@ spec: runAsUser: {{ .runAsUser }} runAsGroup: {{ .runAsGroup }} {{- end }} + {{- if .Values.shareProcessNamespace.coordinator }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }} + {{- end }} volumes: - name: config-volume configMap: @@ -34,6 +50,9 @@ spec: - name: catalog-volume configMap: name: {{ template "trino.catalog" . }} + - name: schemas-volume + configMap: + name: schemas-volume-coordinator {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }} - name: access-control-volume configMap: @@ -43,16 +62,28 @@ spec: - name: password-volume secret: secretName: trino-password-authentication + items: + - key: password.db + path: password.db + {{- if .Values.auth.groups }} + - key: group.db + path: group.db + {{- end }} {{- end }} - {{- if .Values.initContainers.coordinator }} - initContainers: - {{- tpl (toYaml .Values.initContainers.coordinator) . | nindent 6 }} - {{- end }} {{- range .Values.secretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.initContainers.coordinator }} + initContainers: + {{- tpl (toYaml .Values.initContainers.coordinator) . | nindent 6 }} + {{- end }} imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }} containers: @@ -61,11 +92,15 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} volumeMounts: - mountPath: {{ .Values.server.config.path }} name: config-volume - mountPath: {{ .Values.server.config.path }}/catalog name: catalog-volume + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }} - mountPath: {{ .Values.server.config.path }}/access-control name: access-control-volume @@ -74,29 +109,55 @@ spec: - name: {{ .name }} mountPath: {{ .path }} {{- end }} + {{- range .Values.coordinator.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} {{- if eq .Values.server.config.authenticationType "PASSWORD" }} - mountPath: {{ .Values.server.config.path }}/auth name: password-volume - {{- end }} + {{- end }} ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.coordinator.livenessProbe.initialDelaySeconds | default 20 }} + periodSeconds: {{ .Values.coordinator.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.livenessProbe.successThreshold | default 1 }} readinessProbe: httpGet: path: /v1/info port: http + initialDelaySeconds: {{ .Values.coordinator.readinessProbe.initialDelaySeconds | default 20 }} + periodSeconds: {{ .Values.coordinator.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.coordinator.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.coordinator.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.coordinator.readinessProbe.successThreshold | default 1 }} resources: {{- toYaml .Values.coordinator.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- if .Values.sidecarContainers.coordinator }} + {{- toYaml .Values.sidecarContainers.coordinator | nindent 8 }} + {{- end }} + {{- with .Values.coordinator.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.coordinator.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.coordinator.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml index c591fc6..99a3281 100644 --- a/charts/trino/templates/deployment-worker.yaml +++ b/charts/trino/templates/deployment-worker.yaml @@ -9,8 +9,13 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: worker + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} spec: + {{- if not .Values.server.autoscaling.enabled }} replicas: {{ .Values.server.workers }} + {{- end }} selector: matchLabels: app: {{ template "trino.name" . }} @@ -18,12 +23,30 @@ spec: component: worker template: metadata: + {{- if .Values.worker.annotations }} + annotations: + {{- tpl (toYaml .Values.worker.annotations) . | nindent 8 }} + {{- end }} labels: app: {{ template "trino.name" . }} release: {{ .Release.Name }} component: worker + {{- if .Values.worker.labels }} + {{- tpl (toYaml .Values.worker.labels) . | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "trino.serviceAccountName" . }} + {{- with .Values.securityContext }} + securityContext: + runAsUser: {{ .runAsUser }} + runAsGroup: {{ .runAsGroup }} + {{- end }} + {{- if .Values.shareProcessNamespace.worker }} + shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }} + {{- end }} volumes: - name: config-volume configMap: @@ -31,9 +54,22 @@ spec: - name: catalog-volume configMap: name: {{ template "trino.catalog" . }} + - name: schemas-volume + configMap: + name: schemas-volume-worker + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} {{- if .Values.initContainers.worker }} initContainers: - {{- tpl (toYaml .Values.initContainers.worker) . | nindent 6 }} + {{- tpl (toYaml .Values.initContainers.worker) . | nindent 6 }} {{- end }} imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }} @@ -43,30 +79,64 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- toYaml .Values.env | nindent 12 }} + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} volumeMounts: - mountPath: {{ .Values.server.config.path }} name: config-volume - mountPath: {{ .Values.server.config.path }}/catalog name: catalog-volume + - mountPath: {{ .Values.kafka.mountPath }} + name: schemas-volume + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} + {{- range .Values.worker.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- end }} ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP + {{- range $key, $value := .Values.worker.additionalExposedPorts }} + - name: {{ $value.name }} + containerPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} + livenessProbe: + httpGet: + path: /v1/info + port: http + initialDelaySeconds: {{ .Values.worker.livenessProbe.initialDelaySeconds | default 20 }} + periodSeconds: {{ .Values.worker.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.livenessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.livenessProbe.successThreshold | default 1 }} readinessProbe: httpGet: path: /v1/info port: http + initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds | default 20 }} + periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold | default 6 }} + successThreshold: {{ .Values.worker.readinessProbe.successThreshold | default 1 }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} - {{- with .Values.nodeSelector }} + {{- if .Values.sidecarContainers.worker }} + {{- toYaml .Values.sidecarContainers.worker | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.worker.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.worker.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/trino/templates/ingress.yaml b/charts/trino/templates/ingress.yaml new file mode 100644 index 0000000..b784974 --- /dev/null +++ b/charts/trino/templates/ingress.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "trino.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "trino.coordinator" . }} + labels: + {{- include "trino.labels" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- tpl (toYaml .Values.commonLabels) . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml index 868c229..4c072f8 100644 --- a/charts/trino/templates/secret.yaml +++ b/charts/trino/templates/secret.yaml @@ -7,4 +7,7 @@ metadata: {{- include "trino.labels" . | nindent 4 }} data: password.db: {{ .Values.auth.passwordAuth | b64enc }} + {{- if .Values.auth.groups}} + group.db: {{ .Values.auth.groups | b64enc }} + {{- end }} {{- end }} diff --git a/charts/trino/templates/service.yaml b/charts/trino/templates/service.yaml index bd137ef..cfb0b2f 100644 --- a/charts/trino/templates/service.yaml +++ b/charts/trino/templates/service.yaml @@ -14,6 +14,12 @@ spec: targetPort: http protocol: TCP name: http + {{- range $key, $value := .Values.coordinator.additionalExposedPorts }} + - port: {{ $value.servicePort }} + name: {{ $value.name }} + targetPort: {{ $value.port }} + protocol: {{ $value.protocol }} + {{- end }} selector: app: {{ template "trino.name" . }} release: {{ .Release.Name }} diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 0331e8e..fb0a7f6 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -6,9 +6,11 @@ image: repository: trinodb/trino pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart version. - tag: latest + # Same value as Chart.yaml#appVersion + tag: 432 -imagePullSecrets: [] +imagePullSecrets: + - name: registry-credentials server: workers: 2 @@ -33,9 +35,6 @@ server: authenticationType: "" query: maxMemory: "4GB" - maxMemoryPerNode: "1GB" - memory: - heapHeadroomPerNode: "1GB" exchangeManager: name: "filesystem" baseDir: "/tmp/trino-local-file-system-exchange-manager" @@ -109,9 +108,12 @@ eventListenerProperties: {} additionalCatalogs: {} -# Array of EnvVar (https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#envvar-v1-core) +# Array of EnvVar (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvar-v1-core) env: [] +# Array of EnvFromSource (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envfromsource-v1-core) +envFrom: [] + initContainers: {} # coordinator: # - name: init-coordinator @@ -123,24 +125,38 @@ initContainers: {} # image: busybox:1.28 # command: ['sh', '-c', 'echo The worker is running! && sleep 3600'] +sidecarContainers: {} +# coordinator: +# - name: side-coordinator +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] +# worker: +# - name: side-worker +# image: busybox:1.28 +# imagePullPolicy: IfNotPresent +# command: ['sleep', '1'] + securityContext: runAsUser: 1000 runAsGroup: 1000 +shareProcessNamespace: + coordinator: false + worker: false + service: type: ClusterIP port: 8080 -nodeSelector: {} - -tolerations: [] - -affinity: {} - auth: {} # Set username and password # https://trino.io/docs/current/security/password-file.html#file-format # passwordAuth: "username:encrypted-password-with-htpasswd" + # Set users' groups + # https://trino.io/docs/current/security/group-file.html#file-format + # refreshPeriod: 5s + # groups: "group_name:user_1,user_2,user_3" serviceAccount: # Specifies whether a service account should be created @@ -152,6 +168,9 @@ serviceAccount: annotations: {} secretMounts: [] + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json coordinator: jvm: @@ -161,8 +180,16 @@ coordinator: g1: heapRegionSize: "32M" + config: + memory: + heapHeadroomPerNode: "" + query: + maxMemoryPerNode: "1GB" + additionalJVMConfig: {} + additionalExposedPorts: {} + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -175,6 +202,36 @@ coordinator: # cpu: 100m # memory: 128Mi + livenessProbe: {} + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + readinessProbe: {} + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + + annotations: {} + + labels: {} + + secretMounts: [] + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + worker: jvm: maxHeapSize: "8G" @@ -183,8 +240,16 @@ worker: g1: heapRegionSize: "32M" + config: + memory: + heapHeadroomPerNode: "" + query: + maxMemoryPerNode: "1GB" + additionalJVMConfig: {} + additionalExposedPorts: {} + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -196,3 +261,84 @@ worker: # requests: # cpu: 100m # memory: 128Mi + + livenessProbe: {} + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + readinessProbe: {} + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # failureThreshold: 6 + # successThreshold: 1 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + additionalConfigFiles: {} + + annotations: {} + + labels: {} + + secretMounts: [] + # - name: sample-secret + # secretName: sample-secret + # path: /secrets/sample.json + +kafka: + mountPath: "/etc/trino/schemas" + tableDescriptions: {} + # Custom kafka table descriptions that will be mounted in mountPath + # testschema.json: |- + # { + # "tableName": "testtable", + # "schemaName": "testschema", + # "topicName": "testtopic", + # "key": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "_key", + # "dataFormat": "VARCHAR", + # "type": "VARCHAR", + # "hidden": "false" + # } + # ] + # }, + # "message": { + # "dataFormat": "json", + # "fields": [ + # { + # "name": "id", + # "mapping": "id", + # "type": "BIGINT" + # }, + # { + # "name": "test_field", + # "mapping": "test_field", + # "type": "VARCHAR" + # } + # ] + # } + # } +commonLabels: {} # Labels that get applied to every resource's metadata +ingress: + enabled: false + className: "" + annotations: {} + hosts: [] + # - host: trino.example.com + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local