All notable changes to this project will be documented in this file.
- Fix OIDC endpoint construction in case the
rootPathdoes have a trailing slash (#673). - BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart (#672).
- Added support for Trino 455 (#638).
- The operator can now run on Kubernetes clusters using a non-default cluster domain.
Use the env var
KUBERNETES_CLUSTER_DOMAINor the operator Helm chart propertykubernetesClusterDomainto set a non-default cluster domain (#655).
- Reduce CRD size from
984KBto131KBby accepting arbitrary YAML input instead of the underlying schema for the following fields (#631):podOverridesaffinity
- BREAKING: The fields
connectionandhostonS3Connectionas well asbucketNameonS3Bucketare now mandatory (#646). - Don't ignore envOverrides (#633).
- Don't print credentials to STDOUT during startup. Ideally we should use config-utils, but that's not easy (see here) (#634).
- Invalid
TrinoCluster,TrinoCatalogorAuthenticationClassobjects don't stop the operator from reconciliation (#657)
- Removed support for Trino 414 and 442 (#638).
- BREAKING: Change the username which triggers graceful shutdown from
admintograceful-shutdown-userfor more expressiveness (e.g. in the Trino policies). This is a breaking change because users need to ensure that the usergraceful-shutdown-userhas the required permissions to initiate a graceful shutdown (#573). - Bump
stackable-operatorto 0.70.0,product-configto 0.7.0, and other dependencies (#611).
- Processing of corrupted log events fixed; If errors occur, the error messages are added to the log event (#598).
- Support for version
428(#609).
- Various documentation of the CRD (#510).
- Helm: support labels in values.yaml (#528).
- Delta Lake connector (#531).
- Support for version
442(#557). - Add support for OpenID Connect (#501).
- Add
core-site.xmlwhen configuring HDFS connection (#526).
- Use graceful shutdown for workers (#461, #463, #466, #474).
- Default stackableVersion to operator version (#441).
- Configuration overrides for the JVM security properties, such as DNS caching (#460).
- Support PodDisruptionBudgets (#481).
- Added support for version 428 with new opa authorizer (#491).
- Let controller watch
AuthenticationClasses(#449).
operator-rs0.44.0->0.55.0(#441, #453, #470, #481, #491).vector0.26.0->0.33.0(#453, #491).- Let secret-operator handle certificate conversion (#470).
- [BREAKING]: Version 428 uses the new OPA authorizer from https://github.com/bloomberg/trino/tree/add-open-policy-agent which requires existing rego rules to be changed (#491).
- Removed support for versions 377, 387, 395, 396, 403 (#491).
- Support for Trino v414 (#423).
- Generate OLM bundle for Release 23.4.0 (#424).
- Set explicit resources on all containers (#434).
- Support arbitrary connectors using the
genericconnector. This allows you to e.g. access your PostgreSQL (#436). - Support
podOverride(#440).
- Missing CRD defaults for
status.conditionsfield (#425). - Fixed always adding
query.max-memory-per-nodewith a fixed value of 1GB (which also didn't work with the new resource defaults). Instead let Trino do it's(JVM max memory * 0.3)thing (#434). - Increase the size limit of the log volume (#445).
operator-rs0.40.2->0.44.0(#419, #445).- Use 0.0.0-dev product images for testing (#421).
- Use testing-tools 0.2.0 (with new trino client version) (#421).
- Added kuttl test suites (#437).
- [BREAKING]: Reworked authentication mechanism: The
clusterConfig.authenticationnow requires a list ofAuthenticationClassreferences instead of theMultiUserandLDAPseparation (#434).
- Deploy default and support custom affinities (#391).
- Cluster status conditions (#403)
- Openshift compatibility (#404).
- Extend cluster resources for status and cluster operation (paused, stopped) (#405)
- [BREAKING]: Moved top level config options (TLS, Authentication, Authorization etc.) to new top level field
clusterConfig(#400). - [BREAKING]: Support specifying Service type by moving
serviceType(which was an experimental feature) toclusterConfig.listenerClass. This enables us to later switch non-breaking to usingListenerClassesfor the exposure of Services. This change is breaking, because - for security reasons - we default to thecluster-internalListenerClass. If you need your cluster to be accessible from outside of Kubernetes you need to setclusterConfig.listenerClasstoexternal-unstableorexternal-stable(#406). operator-rs0.31.0->0.40.2(#378, #380, #400, #404, #405).- Bumped stackable image versions to
23.4.0-rc2(#378, #380). - Fragmented
TrinoConfig(#379). - Enabled logging and log aggregation (#380).
- Use operator-rs
build_rbac_resourcesmethod (#404).
- [BREAKING]: Removed
log_levelfromTrinoConfigwhich is now set via the logging framework struct (#380).
- Add support for Google Sheets connector (#337).
- Add support for Black Hole connector (#347).
- Add support for Trino
403-stackable0.1.0(#358).
- Updated stackable image versions (#340).
operator-rs0.25.0->0.30.2(#344, #360, #364).- LDAP integration tests create all resources in their namespace and not some in the default namespace (#344).
- Don't run init container as root and avoid chmod and chowning (#353).
- [BREAKING]: Use Product image selection instead of version.
spec.versionhas been replaced byspec.image(#356). - [BREAKING]: Removed tools image for init container and replaced with Trino product image. This means the latest stackable version has to be used in the product image selection (#357)
- [BREAKING]: Use
userandpasswordSecret keys for LDAP bind credentials Secrets, instead of env var names (#362) - Adapted examples and tests to Hive CRD changes (#364).
- Hive catalog now properly handles hive clusters with replicas > 1 (#348).
- Role group selectors are now applied to the generated StatefulSets (#360).
- LDAP bind credentials resolution from SecretClasses now works correctly (#367).
operator-rs0.22.0->0.25.0(#306).
- Port 8080 missing from Coordinator service if client TLS is disabled (#311).
- Add support for Trino
395-stackable0.1.0and396-stackable0.1.0(#292). - Add support for Iceberg connector (#286).
- Add support for TPCH connector and TPCDS connector (#293).
- Fix not adding
configOverwritesspecified in aTrinoCatalogto the catalog (#289).
- BREAKING: TrinoClusters must specify a
catalogLabelSelector. Previously all TrinoCatalogs within the same namespace where used whencatalogLabelSelectorwas not specified, which is unwanted behavior (#277).
- Add support for connecting to HDFS (#263).
- Add support for Hive 3.1.3 (#243).
- PVCs for data storage, cpu and memory limits are now configurable (#270).
- Add temporary attribute to support using ClusterIP instead of NodePort service type (#272).
- BREAKING: TrinoCatalogs now have their own CRD object and get referenced by the TrinoCluster according to ADR19 and ADR20 (#263).
- Include chart name when installing with a custom release name (#233, #234).
operator-rs0.21.1->0.22.0(#235).- Internal and client TLS now configurable instead of defaulting to "tls" secret class (#244).
- S3 TLS properly supported (#244).
- Introduced global
configforTLSsettings (#244).
- Add missing role to read S3Connection objects (#263).
- Disable Hive connector setting that disallow dropping tables. This check is now done by normal Trino authorization (e.g. OPA) (#263).
- Reconciliation errors are now reported as Kubernetes events (#149).
- Use cli argument
watch-namespace/ env varWATCH_NAMESPACEto specify a single namespace to watch (#157). - Moved tests from integration tests repo to operator repo (#211).
- Added
internal-communication.shared-secretproperty which is read from (operator created secret). Must be set from Trino version 378 (#224).
operator-rs0.10.0->0.21.1(#149, #157, #183, #193, #206).- BREAKING: The operator now writes a
ConfigMapfor Rego rules instead of the custom resource for the obsolete regorule-operator. This means that the rego rule operator is not required anymore for authorization and opa-operator tag >=0.9.0(#157). - BREAKING:
OpaConfigMapNamein CRD toopausing theOpaConfigfrom operator-rs (#186). - Trino version to 377 (#193).
- Opa rego example adapted to the new
trino-opa-authorizer(#193). - BREAKING: Configuration of S3 adapted to ADR016 (#200).
- BREAKING: Specifying the product version has been changed to adhere to ADR018 instead of just specifying the product version you will now have to add the Stackable image version as well, so version: 3.1.0 becomes (for example) version: 3.1.0-stackable0 (#211)
stackable-regorule-crddependency (#157).- BREAKING:
nodeEnvironmentfrom CRD. Will default to themetadata.namefield (can be overriden) (#183). - BREAKING: Removed
authorizationmodule from CRD and code and provided the opa bundle viaConfigMapdirectly instead of generating it (#186). - Possibly BREAKING: Removed
query.max-total-memory-per-nodeconfig parameter (#193).
- Fixed
stackable/datawrite permission failure in managed cloud (#142). - Replaced hardcoded references in init container command to
stackable/keystore(#142).
- Monitoring scraping label
prometheus.io/scrape: true(#118).
- BREAKING: CRD changes. The
spec.opaandspec.hiverenamed tospec.opaConfigMapNameandspec.hiveConfigMapNamewhich only accept a String (#131). - BREAKING: In case the namespace is omitted, the operator defaults to the
TrinoClusternamespace instead ofdefault(#95). - User authentication now provided via secret instead of custom resource (#81).
- User authentication not exposed in configmap anymore (#81).
- TLS certificates / keystore now retrieved via secret-operator (#81).
- The Trino version is now a string instead of enum (#81).
operator-rs0.4.0→0.10.0(#81, #95, #118).stackable-regorule-crd0.2.0→0.6.0(#81, #118).- Improvements to setting up (easy) insecure clusters (#131)
operator-rs0.3.0→0.4.0(#32).stackable-hive-crd0.1.0→0.2.0(#32).stackable-regorule-crd0.1.0→0.2.0(#32).stackable-opa-crd0.4.1→0.5.0(#32).- Adapted pod image and container command to docker image (#32).
- Adapted documentation to represent new workflow with docker images (#32).
- Switched to operator-rs tag 0.3.0 (#21)