From 3cbd6f64ce135953896588107c73d18a76882d2a Mon Sep 17 00:00:00 2001 From: Sergey Kuprikov Date: Fri, 6 Sep 2024 15:34:54 +0300 Subject: [PATCH] Moving access-control ConfigMap to a separate file Moving the access control ConfigMap to a separate file will prevent the coordinator from restarting when changing access control rules if a refreshPeriod is specified. --- .../templates/configmap-access-control.yaml | 14 ++++++++++++++ .../trino/templates/configmap-coordinator.yaml | 17 ----------------- .../trino/templates/deployment-coordinator.yaml | 11 +++++++---- 3 files changed, 21 insertions(+), 21 deletions(-) create mode 100644 charts/trino/templates/configmap-access-control.yaml diff --git a/charts/trino/templates/configmap-access-control.yaml b/charts/trino/templates/configmap-access-control.yaml new file mode 100644 index 00000000..80e6edbc --- /dev/null +++ b/charts/trino/templates/configmap-access-control.yaml @@ -0,0 +1,14 @@ +{{- if eq .Values.accessControl.type "configmap" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "trino.fullname" . }}-access-control-volume-coordinator + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} + app.kubernetes.io/component: coordinator +data: + {{- range $key, $val := .Values.accessControl.rules }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml index 9711c9ee..0adc966f 100644 --- a/charts/trino/templates/configmap-coordinator.yaml +++ b/charts/trino/templates/configmap-coordinator.yaml @@ -146,23 +146,6 @@ data: {{ $fileName }}: | {{- $fileContent | nindent 4 }} {{- end }} - ---- - -{{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "trino.fullname" . }}-access-control-volume-coordinator - namespace: {{ .Release.Namespace }} - labels: - {{- include "trino.labels" . | nindent 4 }} - app.kubernetes.io/component: coordinator -data: - {{- range $key, $val := .Values.accessControl.rules }} - {{ $key }}: {{ $val | quote }} - {{- end }} -{{- end }}{{- end }} {{- if .Values.resourceGroups }} --- apiVersion: v1 diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 9b068db4..2c345e4a 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -17,6 +17,9 @@ spec: template: metadata: annotations: + {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }} + checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control.yaml") . | sha256sum }} + {{- end }} checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }} checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }} {{- if .Values.coordinator.annotations }} @@ -48,11 +51,11 @@ spec: - name: schemas-volume configMap: name: {{ template "trino.fullname" . }}-schemas-volume-coordinator - {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }} + {{- if eq .Values.accessControl.type "configmap" }} - name: access-control-volume configMap: name: {{ template "trino.fullname" . }}-access-control-volume-coordinator - {{- end }}{{- end }} + {{- end }} {{- if .Values.resourceGroups }} - name: resource-groups-volume configMap: @@ -124,10 +127,10 @@ spec: name: catalog-volume - mountPath: {{ .Values.kafka.mountPath }} name: schemas-volume - {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }} + {{- if eq .Values.accessControl.type "configmap" }} - mountPath: {{ .Values.server.config.path }}/access-control name: access-control-volume - {{- end }}{{- end }} + {{- end }} {{- if .Values.resourceGroups }} - mountPath: {{ .Values.server.config.path }}/resource-groups name: resource-groups-volume