Merge branch 'main' into main

trinodb · Sep 6, 2024 · 74b75ba · 74b75ba
2 parents b3323fd + ac81a3c
commit 74b75ba
Show file tree

Hide file tree

Showing 12 changed files with 94 additions and 21 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,13 +1,13 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.5.0
+  rev: v4.6.0
   hooks:
   - id: trailing-whitespace
     args:
     - --markdown-linebreak-ext=md
   - id: end-of-file-fixer
 - repo: https://github.com/norwoodj/helm-docs
-  rev:  v1.13.1
+  rev:  v1.14.2
   hooks:
   - id: helm-docs-container
     args:

diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ You can then run `helm search repo trino` to see the charts.
 Then you can install chart using:
 
 ```console
-helm install my-trino trino/trino --version 0.25.0
+helm install my-trino trino/trino --version 0.28.0
 ```
 
 Also, you can check the manifests using:
@@ -49,7 +49,7 @@ ct install
 
 To run tests with specific values:
 ```console
-ct install --helm-extra-set-args "--set image.tag=450"
+ct install --helm-extra-set-args "--set image.tag=455"
 ```
 
 Use the `test.sh` script to run a suite of tests, with different chart values.

diff --git a/charts/trino/Chart.yaml b/charts/trino/Chart.yaml
@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.25.0
+version: 0.28.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # Same value as in values.yml#image.tag
-appVersion: "450"
+appVersion: "455"
 
 icon: https://trino.io/assets/trino.png
 

diff --git a/charts/trino/README.md b/charts/trino/README.md
@@ -1,6 +1,6 @@
 # trino
 
-![Version: 0.25.0](https://img.shields.io/badge/Version-0.25.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 450](https://img.shields.io/badge/AppVersion-450-informational?style=flat-square)
+![Version: 0.28.0](https://img.shields.io/badge/Version-0.28.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 455](https://img.shields.io/badge/AppVersion-455-informational?style=flat-square)
 
 Fast distributed SQL query engine for big data analytics that helps you explore your data universe
 
@@ -86,7 +86,17 @@ Fast distributed SQL query engine for big data analytics that helps you explore
 * `accessControl` - object, default: `{}`  
 
   [System access control](https://trino.io/docs/current/security/built-in-system-access-control.html) configuration.
-  Example:
+  Set the type property to either:
+  * `configmap`, and provide the rule file contents in `rules`,
+  * `properties`, and provide configuration properties in `properties`.
+  Properties example:
+  ```yaml
+  type: properties
+  properties: |
+      access-control.name=custom-access-control
+      access-control.custom_key=custom_value
+  ```
+  Config map example:
   ```yaml
    type: configmap
    refreshPeriod: 60s
@@ -222,7 +232,16 @@ Fast distributed SQL query engine for big data analytics that helps you explore
   ```yaml
    - io.airlift=DEBUG
   ```
-* `additionalExchangeManagerProperties` - list, default: `[]`
+* `additionalExchangeManagerProperties` - list, default: `[]`  
+
+  [Exchange manager properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager).
+  Example:
+  ```yaml
+   - exchange.s3.region=object-store-region
+   - exchange.s3.endpoint=your-object-store-endpoint
+   - exchange.s3.aws-access-key=your-access-key
+   - exchange.s3.aws-secret-key=your-secret-key
+  ```
 * `eventListenerProperties` - list, default: `[]`  
 
   [Event listener](https://trino.io/docs/current/develop/event-listener.html#event-listener) properties. To configure multiple event listeners, add them in `coordinator.additionalConfigFiles` and `worker.additionalConfigFiles`, and set the `event-listener.config-files` property in `additionalConfigProperties` to their locations.
@@ -293,8 +312,9 @@ Fast distributed SQL query engine for big data analytics that helps you explore
        imagePullPolicy: IfNotPresent
        command: ['sleep', '1']
   ```
-* `securityContext.runAsUser` - int, default: `1000`
-* `securityContext.runAsGroup` - int, default: `1000`
+* `securityContext` - object, default: `{"runAsGroup":1000,"runAsUser":1000}`  
+
+  [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration. To remove the default, set it to null (or `~`).
 * `containerSecurityContext` - object, default: `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}`  
 
   [Container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) configuration.
@@ -309,6 +329,9 @@ Fast distributed SQL query engine for big data analytics that helps you explore
 * `service.annotations` - object, default: `{}`
 * `service.type` - string, default: `"ClusterIP"`
 * `service.port` - int, default: `8080`
+* `service.nodePort` - string, default: `""`  
+
+  The port the service listens on the host, for NodePort type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port).
 * `auth` - object, default: `{}`  
 
   Available authentication methods.
@@ -640,6 +663,7 @@ Fast distributed SQL query engine for big data analytics that helps you explore
           value: '$2'
           help: 'ThreadCount (java.lang<type=Threading><>ThreadCount)'
           type: UNTYPED
+* `jmx.exporter.securityContext` - object, default: `{}`
 * `serviceMonitor.enabled` - bool, default: `false`  
 
   Set to true to create resources for the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator).
@@ -668,4 +692,4 @@ Fast distributed SQL query engine for big data analytics that helps you explore
 * `ingress.tls` - list, default: `[]`
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml
@@ -80,14 +80,23 @@ data:
     {{- .Values.server.coordinatorExtraConfig | nindent 4 }}
     {{- end }}
 
-{{- if eq .Values.accessControl.type "configmap" }}
+  {{- if eq .Values.accessControl.type "configmap" }}
   access-control.properties: |
     access-control.name=file
     {{- if .Values.accessControl.refreshPeriod }}
     security.refresh-period={{ .Values.accessControl.refreshPeriod }}
     {{- end }}
     security.config-file={{ .Values.server.config.path }}/access-control/{{ .Values.accessControl.configFile | default "rules.json" }}
-{{- end }}
+  {{- else if eq .Values.accessControl.type "properties" }}
+  access-control.properties: |
+    {{- if .Values.accessControl.properties }}
+    {{- .Values.accessControl.properties | nindent 4 }}
+    {{- else}}
+    {{- fail "accessControl.properties is required when accessControl.type is 'properties'." }}
+    {{- end }}
+  {{- else}}
+  {{- fail "Invalid accessControl.type value. It must be either 'configmap' or 'properties'." }}
+  {{- end }}
 
 {{- if .Values.resourceGroups }}
   resource-groups.properties: |

diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml
@@ -36,8 +36,7 @@ spec:
       serviceAccountName: {{ include "trino.serviceAccountName" . }}
       {{- with .Values.securityContext }}
       securityContext:
-        runAsUser: {{ .runAsUser }}
-        runAsGroup: {{ .runAsGroup }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if .Values.shareProcessNamespace.coordinator }}
       shareProcessNamespace: {{ .Values.shareProcessNamespace.coordinator }}
@@ -206,6 +205,10 @@ spec:
         - name: jmx-exporter
           image: {{ .Values.jmx.exporter.image }}
           imagePullPolicy: {{ .Values.jmx.exporter.pullPolicy }}
+          {{- with .Values.jmx.exporter.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           args:
             - "{{ .Values.jmx.exporter.port }}"
             - /etc/jmx-exporter/jmx-exporter-config.yaml

diff --git a/charts/trino/templates/deployment-worker.yaml b/charts/trino/templates/deployment-worker.yaml
@@ -35,8 +35,7 @@ spec:
       serviceAccountName: {{ include "trino.serviceAccountName" . }}
       {{- with .Values.securityContext }}
       securityContext:
-        runAsUser: {{ .runAsUser }}
-        runAsGroup: {{ .runAsGroup }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if .Values.shareProcessNamespace.worker }}
       shareProcessNamespace: {{ .Values.shareProcessNamespace.worker }}

diff --git a/charts/trino/templates/service.yaml b/charts/trino/templates/service.yaml
@@ -14,6 +14,9 @@ spec:
       targetPort: http
       protocol: TCP
       name: http
+      {{- if .Values.service.nodePort }}
+      nodePort: {{ .Values.service.nodePort }}
+      {{- end }}
     {{- if .Values.jmx.exporter.enabled }}
     - port: {{ .Values.jmx.exporter.port }}
       targetPort: jmx-exporter

diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml
@@ -92,7 +92,17 @@ accessControl: {}
 # control](https://trino.io/docs/current/security/built-in-system-access-control.html)
 # configuration.
 # @raw
-# Example:
+# Set the type property to either:
+# * `configmap`, and provide the rule file contents in `rules`,
+# * `properties`, and provide configuration properties in `properties`.
+# Properties example:
+# ```yaml
+# type: properties
+# properties: |
+#     access-control.name=custom-access-control
+#     access-control.custom_key=custom_value
+# ```
+# Config map example:
 # ```yaml
 #  type: configmap
 #  refreshPeriod: 60s
@@ -208,7 +218,6 @@ resourceGroups: {}
 #      }
 # ```
 
-
 additionalNodeProperties: []
 # additionalNodeProperties -- [Additional node
 # properties](https://trino.io/docs/current/installation/deployment.html#log-levels).
@@ -238,6 +247,16 @@ additionalLogProperties: []
 # ```
 
 additionalExchangeManagerProperties: []
+# additionalExchangeManagerProperties -- [Exchange manager
+# properties](https://trino.io/docs/current/admin/fault-tolerant-execution.html#exchange-manager).
+# @raw
+# Example:
+# ```yaml
+#  - exchange.s3.region=object-store-region
+#  - exchange.s3.endpoint=your-object-store-endpoint
+#  - exchange.s3.aws-access-key=your-access-key
+#  - exchange.s3.aws-secret-key=your-secret-key
+# ```
 
 eventListenerProperties: []
 # eventListenerProperties -- [Event
@@ -327,6 +346,8 @@ sidecarContainers: {}
 #      command: ['sleep', '1']
 # ```
 
+# -- [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) configuration.
+# To remove the default, set it to null (or `~`).
 securityContext:
   runAsUser: 1000
   runAsGroup: 1000
@@ -348,6 +369,8 @@ service:
   annotations: {}
   type: ClusterIP
   port: 8080
+  # service.nodePort -- The port the service listens on the host, for NodePort type. If not set, Kubernetes will [allocate a port automatically](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport-custom-port).
+  nodePort: ""
 
 auth: {}
 # auth -- Available authentication methods.
@@ -739,6 +762,7 @@ jmx:
     pullPolicy: Always
     port: 5556
     configProperties: []
+    securityContext: {}
     # jmx.exporter.configProperties -- JMX Config Properties is mounted to /etc/jmx-exporter/jmx-exporter-config.yaml
     # @raw
     # Example:

diff --git a/test-access-control-properties-values.yaml b/test-access-control-properties-values.yaml
@@ -0,0 +1,7 @@
+# Access Control 'properties' values to test.
+# This is a YAML-formatted file.
+
+accessControl:
+  type: properties
+  properties: |
+    access-control.name=read-only
diff --git a/test-values.yaml b/test-values.yaml
@@ -21,6 +21,9 @@ additionalConfigProperties:
 service:
   annotations:
     custom/name: value
+  type: NodePort
+  port: 8080
+  nodePort: 30080
 
 auth:
   # created using htpasswd -B -C 10 password.db admin

diff --git a/test.sh b/test.sh
@@ -7,6 +7,7 @@ declare -A testCases=(
     [single_node]="--set server.workers=0"
     [complete_values]="--values test-values.yaml"
     [overrides]="--set coordinatorNameOverride=coordinator-overridden,workerNameOverride=worker-overridden,nameOverride=overridden"
+    [access_control_properties_values]="--values test-access-control-properties-values.yaml"
 )
 
 function join_by {
@@ -21,7 +22,7 @@ NAMESPACE=trino-$(LC_ALL=C tr -dc 'a-z0-9' </dev/urandom | head -c 6 || true)
 HELM_EXTRA_SET_ARGS=
 CT_ARGS=(--charts=charts/trino --skip-clean-up --helm-extra-args="--timeout 2m")
 CLEANUP_NAMESPACE=true
-TEST_NAMES=(default single_node complete_values)
+TEST_NAMES=(default single_node complete_values access_control_properties_values)
 
 usage() {
     cat <<EOF 1>&2