Moving access-control ConfigMap to a separate file

Moving the access control ConfigMap to a separate file will prevent the coordinator from restarting when changing access control rules if a refreshPeriod is specified.
trinodb · Sep 6, 2024 · 3cbd6f6 · 3cbd6f6
1 parent ac81a3c
commit 3cbd6f6
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 21 deletions.
diff --git a/charts/trino/templates/configmap-access-control.yaml b/charts/trino/templates/configmap-access-control.yaml
@@ -0,0 +1,14 @@
+{{- if eq .Values.accessControl.type "configmap" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "trino.labels" . | nindent 4 }}
+ app.kubernetes.io/component: coordinator
+data:
+ {{- range $key, $val := .Values.accessControl.rules }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end }}
+{{- end }}
diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml
@@ -146,23 +146,6 @@ data:
  {{ $fileName }}: |
  {{- $fileContent | nindent 4 }}
 {{- end }}
-
----
-
-{{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
- namespace: {{ .Release.Namespace }}
- labels:
- {{- include "trino.labels" . | nindent 4 }}
- app.kubernetes.io/component: coordinator
-data:
- {{- range $key, $val := .Values.accessControl.rules }}
- {{ $key }}: {{ $val | quote }}
- {{- end }}
-{{- end }}{{- end }}
 {{- if .Values.resourceGroups }}
 ---
 apiVersion: v1

diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml
@@ -17,6 +17,9 @@ spec:
  template:
  metadata:
  annotations:
+ {{- if and (eq .Values.accessControl.type "configmap") (not .Values.accessControl.refreshPeriod) }}
+ checksum/access-control-config: {{ include (print $.Template.BasePath "/configmap-access-control.yaml") . | sha256sum }}
+ {{- end }}
  checksum/catalog-config: {{ include (print $.Template.BasePath "/configmap-catalog.yaml") . | sha256sum }}
  checksum/coordinator-config: {{ include (print $.Template.BasePath "/configmap-coordinator.yaml") . | sha256sum }}
  {{- if .Values.coordinator.annotations }}
@@ -48,11 +51,11 @@ spec:
  - name: schemas-volume
  configMap:
  name: {{ template "trino.fullname" . }}-schemas-volume-coordinator
- {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }}
+ {{- if eq .Values.accessControl.type "configmap" }}
  - name: access-control-volume
  configMap:
  name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
- {{- end }}{{- end }}
+ {{- end }}
  {{- if .Values.resourceGroups }}
  - name: resource-groups-volume
  configMap:
@@ -124,10 +127,10 @@ spec:
  name: catalog-volume
  - mountPath: {{ .Values.kafka.mountPath }}
  name: schemas-volume
- {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }}
+ {{- if eq .Values.accessControl.type "configmap" }}
  - mountPath: {{ .Values.server.config.path }}/access-control
  name: access-control-volume
- {{- end }}{{- end }}
+ {{- end }}
  {{- if .Values.resourceGroups }}
  - mountPath: {{ .Values.server.config.path }}/resource-groups
  name: resource-groups-volume