add annotation to the service object #10
Conversation
| @@ -7,6 +7,10 @@ metadata: | |||
| chart: {{ template "trino.chart" . }} | |||
| release: {{ .Release.Name }} | |||
| heritage: {{ .Release.Service }} | |||
| {{- if .Values.service.annotations }} | |||
There was a problem hiding this comment.
Could you add this with an empty default to the values.yaml file? Otherwise, users might not know that specifying this is possible, without looking into this template.
There was a problem hiding this comment.
@nineinchnick I've been struggling with adding the following annotations for my service type "LoadBalancer":
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-scheme: internal
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
Is this supported yet, if yes/no how to achieve this? Please help me out.
There was a problem hiding this comment.
This PR has not been merged yet.
There was a problem hiding this comment.
It is super basic feature they should've merged this already.
Any takeoffs from this?
There was a problem hiding this comment.
Hi @nineinchnick if you can help me, do you know how can I pass this -> internal-communication.shared-secret=<secret>
My current values.yaml is:
# Default values for trino.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: trinodb/trino
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart version.
tag: latest
imagePullSecrets:
- name: registry-credentials
server:
workers: 2
node:
environment: production
dataDir: /data/trino
pluginDir: /usr/lib/trino/plugin
log:
trino:
level: INFO
config:
path: /etc/trino
http:
port: 8080
https:
enabled: true
port: 8443
keystore:
path: ""
# Trino supports multiple authentication types: PASSWORD, CERTIFICATE, OAUTH2, JWT, KERBEROS
# For more info: https://trino.io/docs/current/security/authentication-types.html
authenticationType: "PASSWORD"
query:
maxMemory: "4GB"
maxMemoryPerNode: "1GB"
memory:
heapHeadroomPerNode: "1GB"
exchangeManager:
name: "filesystem"
baseDir: "/tmp/trino-local-file-system-exchange-manager"
workerExtraConfig: ""
coordinatorExtraConfig: ""
autoscaling:
enabled: true
maxReplicas: 5
# Works on request
targetCPUUtilizationPercentage: 50
accessControl: {}
# type: configmap
# refreshPeriod: 60s
# # Rules file is mounted to /etc/trino/access-control
# configFile: "rules.json"
# rules:
# rules.json: |-
# {
# "catalogs": [
# {
# "user": "admin",
# "catalog": "(mysql|system)",
# "allow": "all"
# },
# {
# "group": "finance|human_resources",
# "catalog": "postgres",
# "allow": true
# },
# {
# "catalog": "hive",
# "allow": "all"
# },
# {
# "user": "alice",
# "catalog": "postgresql",
# "allow": "read-only"
# },
# {
# "catalog": "system",
# "allow": "none"
# }
# ],
# "schemas": [
# {
# "user": "admin",
# "schema": ".*",
# "owner": true
# },
# {
# "user": "guest",
# "owner": false
# },
# {
# "catalog": "default",
# "schema": "default",
# "owner": true
# }
# ]
# }
additionalNodeProperties: {}
additionalConfigProperties: {}
additionalLogProperties: {}
additionalExchangeManagerProperties: {}
eventListenerProperties: {}
additionalCatalogs: {}
# Array of EnvVar (https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#envvar-v1-core)
env: []
initContainers: {}
# coordinator:
# - name: init-coordinator
# image: busybox:1.28
# imagePullPolicy: IfNotPresent
# command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
# worker:
# - name: init-worker
# image: busybox:1.28
# command: ['sh', '-c', 'echo The worker is running! && sleep 3600']
securityContext:
runAsUser: 1000
runAsGroup: 1000
service:
type: LoadBalancer
port: 8080
annotations:
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
nodeSelector: {}
tolerations: []
affinity: {}
auth:
# Set username and password
# https://trino.io/docs/current/security/password-file.html#file-format
passwordAuth: "test:$2y$10$AH8OYQlIp3s8KHn6w6yk/OJfOVnfksuiDAO74hElOr2pVSCzH4g2."
serviceAccount:
# Specifies whether a service account should be created
create: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Annotations to add to the service account
annotations:
secretMounts: []
coordinator:
jvm:
maxHeapSize: "8G"
gcMethod:
type: "UseG1GC"
g1:
heapRegionSize: "32M"
additionalJVMConfig: {}
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
# changed this <-
cpu: 1500m
# changed this <-
memory: 8G
requests:
# changed this <-
cpu: 800m
memory: 2G
livenessProbe: {}
# initialDelaySeconds: 20
# periodSeconds: 10
# timeoutSeconds: 5
# failureThreshold: 6
# successThreshold: 1
readinessProbe: {}
# initialDelaySeconds: 20
# periodSeconds: 10
# timeoutSeconds: 5
# failureThreshold: 6
# successThreshold: 1
worker:
jvm:
maxHeapSize: "8G"
gcMethod:
type: "UseG1GC"
g1:
heapRegionSize: "32M"
additionalJVMConfig: {}
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
# changed this <-
cpu: 1500m
# changed this <-
memory: 8G
requests:
# changed this <-
cpu: 800m
memory: 2G
livenessProbe: {}
# initialDelaySeconds: 20
# periodSeconds: 10
# timeoutSeconds: 5
# failureThreshold: 6
# successThreshold: 1
readinessProbe: {}
# initialDelaySeconds: 20
# periodSeconds: 10
# timeoutSeconds: 5
# failureThreshold: 6
# successThreshold: 1
kafka:
mountPath: "/etc/trino/schemas"
tableDescriptions: {}
There was a problem hiding this comment.
This has nothing to do with this pr. Please ask questions like this on slack.
There was a problem hiding this comment.
@nineinchnick
Actually, I never got an answer to my question on slack, somehow I figured that out on my own.
Also, if possible can you please help me with the following?
I'm trying to use the "Trino Official Helm Chart", I've it all set up and working properly in a k8s cluster with "HTTPS" and "PASSWORD" based authentication "on".
The only thing I can't figure out is, how to pass a "password.db" file instead of "passing a string" as "username:hashed-bcrypt-password-string".
There was a problem hiding this comment.
Please stop hijacking this comment to ask questions not related to this pr. I saw your questions on slack but I don't know the answer. If anyone else does, they'll reply there.
|
Duplicate of #54 |
|
@fikri-marzaq, it looks like #54 supersedes this PR. (just one word difference really). Are you okay if we close this one out in favor of that PR? CC: @hashhar |
this PR aims to add annotations to the service. By adding it, we can add features to the service.
For example, to integrate IAP to the service, we can add this annotations below:
beta.cloud.google.com/backend-config: '{"default": "backend-config-name"}