Skip to content

Commit

Permalink
Add envFrom and remove lookup
Browse files Browse the repository at this point in the history
  • Loading branch information
willmostly authored and nineinchnick committed Dec 10, 2024
1 parent fa1f5a8 commit 706f94c
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 50 deletions.
16 changes: 8 additions & 8 deletions charts/gateway/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,15 @@ A Helm chart for Trino Gateway
imagePullSecrets:
- name: registry-credentials
```
* `dataStoreSecret` - object, default: `{"key":"","name":""}`
* `envFrom` - list, default: `[]`

Provide configuration for the Trino Gateway `dataStore` in `dataStoreSecret`. This node can be left undefined if `dataStore` is defined under the config node. For production deployments sensitive values should be stored in a Secret
* `backendStateSecret` - object, default: `{"key":"","name":""}`

Provide configuration for the Trino Gateway `backendState` in `backendStateSecret`. This should be used with health check configurations that require backend credentials. This node can be left undefined if `dataStore` is defined under the config node.
* `authenticationSecret` - object, default: `{"key":"","name":""}`

Provide configuration for the Trino Gateway authentication configuration in `authenticationSecret`. This node can be left undefined if `dataStore` is defined under the config node.
A list of secrets and configmaps to mount into the init container as environment variables.
Example:
```yaml
envFrom:
- secretRef:
name: password-secret
```
* `config.serverConfig."node.environment"` - string, default: `"test"`
* `config.serverConfig."http-server.http.port"` - int, default: `8080`
* `config.dataStore.jdbcUrl` - string, default: `"jdbc:postgresql://localhost:5432/gateway"`
Expand Down
8 changes: 2 additions & 6 deletions charts/gateway/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,6 @@ spec:
template:
metadata:
annotations:
# Include the version of trino-gateway-configuration as an input to the
# deployment checksum. This causes pods to restart on helm update
# whether the chart `config` is updated or if one of the configuration
# secrets is updated. Helm template must be run with the
# --dry-run=server option to prevent a nil pointer.
checksum/config: {{ (coalesce (lookup "v1" "Secret" .Release.Namespace "trino-gateway-configuration").metadata (dict "resourceVersion" "0")).resourceVersion | sha256sum}}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand All @@ -44,6 +38,8 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
{{- toYaml .Values.command | nindent 12}}
envFrom:
{{- toYaml .Values.envFrom | nindent 12}}
ports:
- name: request
containerPort: {{ index .Values "config" "serverConfig" "http-server.http.port" }}
Expand Down
17 changes: 1 addition & 16 deletions charts/gateway/templates/secrets.yaml
Original file line number Diff line number Diff line change
@@ -1,22 +1,7 @@
{{ $dataStoreDict := dict}}
{{ if .Values.dataStoreSecret.name }}
{{ $dataStoreDict = (index (lookup "v1" "Secret" .Release.Namespace .Values.dataStoreSecret.name).data .Values.dataStoreSecret.key) | b64dec | fromYaml }}
{{ end }}
{{ $backendStateDict := dict }}
{{ if .Values.backendStateSecret.name }}
{{ $backendStateDict = (index (lookup "v1" "Secret" .Release.Namespace .Values.backendStateSecret.name).data .Values.backendStateSecret.key) | b64dec | fromYaml }}
{{ end }}
{{ $authenticationDict := dict }}
{{ if .Values.authenticationSecret.name }}
# {{.Values.authenticationSecret.name }} #
# {{ index (lookup "v1" "Secret" .Release.Namespace .Values.authenticationSecret.name).data .Values.authenticationSecret.key }} #
{{ $authenticationDict = (index (lookup "v1" "Secret" .Release.Namespace .Values.authenticationSecret.name).data .Values.authenticationSecret.key) | b64dec | fromYaml }}
{{ end }}

apiVersion: v1
kind: Secret
metadata:
name: trino-gateway-configuration
type: "Opaque"
data:
config.yaml: "{{toYaml (merge .Values.config $authenticationDict $dataStoreDict $backendStateDict ) | b64enc}}"
config.yaml: "{{toYaml .Values.config | b64enc}}"
28 changes: 9 additions & 19 deletions charts/gateway/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,15 @@ image:
# ```
imagePullSecrets: []

# -- Provide configuration for the Trino Gateway `dataStore` in `dataStoreSecret`. This node can
# be left undefined if `dataStore` is defined under the config node. For production deployments
# sensitive values should be stored in a Secret
dataStoreSecret:
name: ""
key: ""

# -- Provide configuration for the Trino Gateway `backendState` in `backendStateSecret`. This should
# be used with health check configurations that require backend credentials. This node can
# be left undefined if `dataStore` is defined under the config node.
backendStateSecret:
name: ""
key: ""

# -- Provide configuration for the Trino Gateway authentication configuration in `authenticationSecret`.
# This node can be left undefined if `dataStore` is defined under the config node.
authenticationSecret:
name: ""
key: ""
# -- A list of secrets and configmaps to mount into the init container as environment variables.
# @raw
# Example:
# ```yaml
# envFrom:
# - secretRef:
# name: password-secret
# ```
envFrom: []

config:
serverConfig:
Expand Down
37 changes: 37 additions & 0 deletions tests/gateway/test-values-with-env.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
replicaCount: 1

image:
# -- Repository location of the Trino Gateway image, typically `organization/imagename`
repository: "trinodb/trino-gateway"
pullPolicy: IfNotPresent

config:
serverConfig:
node.environment: test
http-server.http.port: 8080
dataStore:
# The connection details for the backend database for Trino Gateway and Trino query history
jdbcUrl: jdbc:postgresql://gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local:5432/gateway
user: "${ENV:PG_USER}"
password: "${ENV:PG_PASSWORD}"
driver: org.postgresql.Driver
clusterStatsConfiguration:
monitorType: INFO_API
modules:
- io.trino.gateway.ha.module.HaGatewayProviderModule
- io.trino.gateway.ha.module.ClusterStateListenerModule
- io.trino.gateway.ha.module.ClusterStatsMonitorModule
managedApps:
- io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor

envFrom:
- secretRef:
name: db-credentials

resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
6 changes: 5 additions & 1 deletion tests/gateway/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@ set -euo pipefail

declare -A testCases=(
[complete_values]="--values test-values.yaml"
[env_from]="--values test-values-with-env.yaml"
)

declare -A testCaseCharts=(
[complete_values]="../../charts/gateway"
[env_from]="../../charts/gateway"
)

function join_by {
Expand All @@ -28,7 +30,7 @@ CT_ARGS=(
--helm-extra-args="--timeout 2m"
)
CLEANUP_NAMESPACE=true
TEST_NAMES=(complete_values)
TEST_NAMES=(complete_values env_from)

usage() {
cat <<EOF 1>&2
Expand Down Expand Up @@ -87,6 +89,8 @@ helm upgrade --install ${DB_INSTALLATION_NAME} oci://registry-1.docker.io/bitnam
--set primary.persistence.enabled=false
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgresql --timeout=300s -n "$DB_NAMESPACE"

kubectl --namespace "$NAMESPACE" create secret generic db-credentials --from-literal=PG_USER='gateway' --from-literal=PG_PASSWORD='pass0000'

result=0
for test_name in "${TEST_NAMES[@]}"; do
echo 1>&2 ""
Expand Down

0 comments on commit 706f94c

Please sign in to comment.