diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 1fb706187..3c8467b98 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -101,9 +101,8 @@ jobs: export BUILD_TAG=helm-ci-$(date +%s) echo BUILD_TAG=${BUILD_TAG} >> ${GITHUB_ENV} eval $(minikube -p minikube docker-env) - ./gradlew :polaris-quarkus-server:assemble \ + ./gradlew assemble \ -Dquarkus.container-image.build=true \ - -Dquarkus.container-image.name=polaris-testing \ -Dquarkus.container-image.tag=${BUILD_TAG} minikube image ls @@ -116,7 +115,8 @@ jobs: - name: Run chart-testing (install) if: steps.list-changed.outputs.changed == 'true' run: | - ct install --target-branch ${{ github.event.repository.default_branch }} \ + ct install --debug \ --namespace polaris-ns \ - --helm-extra-set-args "--set=image.repository=apache/polaris-testing --set=image.tag=${BUILD_TAG}" \ - --debug --charts ./helm/polaris + --target-branch ${{ github.event.repository.default_branch }} \ + --helm-extra-set-args "--set=image.tag=${BUILD_TAG} --set=bootstrap.image.tag=${BUILD_TAG}" \ + --charts ./helm/polaris diff --git a/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/EclipseLinkPolarisMetaStoreManagerFactory.java b/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/EclipseLinkPolarisMetaStoreManagerFactory.java index 3767a0645..3c29d4f64 100644 --- a/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/EclipseLinkPolarisMetaStoreManagerFactory.java +++ b/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/EclipseLinkPolarisMetaStoreManagerFactory.java @@ -31,6 +31,8 @@ import org.apache.polaris.core.persistence.PolarisMetaStoreManager; import org.apache.polaris.core.persistence.PolarisMetaStoreSession; import org.apache.polaris.core.storage.PolarisStorageIntegrationProvider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * The implementation of Configuration interface for configuring the {@link PolarisMetaStoreManager} @@ -42,6 +44,9 @@ public class EclipseLinkPolarisMetaStoreManagerFactory extends LocalPolarisMetaStoreManagerFactory { + private static final Logger LOGGER = + LoggerFactory.getLogger(EclipseLinkPolarisMetaStoreManagerFactory.class); + @Inject EclipseLinkConfiguration eclipseLinkConfiguration; @Inject PolarisStorageIntegrationProvider storageIntegrationProvider; diff --git a/helm/polaris/README.md b/helm/polaris/README.md index 3230cc172..ef1430dd3 100644 --- a/helm/polaris/README.md +++ b/helm/polaris/README.md @@ -45,41 +45,114 @@ A Helm chart for Polaris. ### Optional -When using a custom `persistence.xml`, a Kubernetes Secret must be created for `.persistenceConfigSecret`. Below is a sample command: +When using a custom `persistence.xml`, a Kubernetes Secret must be created for it. Below is a sample command: ```bash kubectl create secret generic polaris-secret -n polaris --from-file=persistence.xml ``` ### From local directory (for development purposes) -From Polaris repo root: +The below instructions assume Minikube is running and Helm is installed. + +If necessary, load the Docker images into Minikube: + +```bash +eval $(minikube -p minikube docker-env) + +./gradlew clean :polaris-quarkus-server:build :polaris-quarkus-admin:build \ + -x check \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.tag=unstable +``` + +Then create and populate the namespace: + +```bash +kubectl create namespace polaris +kubectl apply --namespace polaris -f helm/polaris/fixtures/ +``` + +Finally, install the chart. From Polaris repo root: + +```bash +helm upgrade --install --namespace polaris polaris helm/polaris \ + --set image.tag=unstable \ + --set bootstrap.image.tag=unstable \ + --debug \ + --values helm/polaris/ci/simple-values.yaml +``` + +You can also run `ct` (chart-testing): ```bash -$ helm install polaris helm/polaris --namespace polaris --create-namespace +ct lint --charts helm/polaris +ct install --helm-extra-set-args "--set=image.tag=unstable --set bootstrap.image.tag=unstable" \ + --debug \ + --namespace polaris \ + --charts ./helm/polaris ``` ### Uninstalling the chart ```bash -$ helm uninstall --namespace polaris polaris +helm uninstall --namespace polaris polaris ``` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| advancedConfig | object | `{}` | Advanced configuration. You can pass here any valid Polaris or Quarkus configuration property. Any property that is defined here takes precedence over all the other configuration values generated by this chart. Properties can be passed "flattened" or as nested YAML objects (see examples below). Note: values should be strings; avoid using numbers, booleans, or other types. | | affinity | object | `{}` | Affinity and anti-affinity for polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. | +| authentication.authenticator.type | string | `"default"` | | +| authentication.tokenBroker.maxTokenGeneration | string | `"PT1H"` | | +| authentication.tokenBroker.secret.name | string | `nil` | | +| authentication.tokenBroker.secret.privateKey | string | `"private.pem"` | | +| authentication.tokenBroker.secret.publicKey | string | `"public.pem"` | | +| authentication.tokenBroker.secret.secretKey | string | `"secret"` | | +| authentication.tokenBroker.type | string | `"rsa-key-pair"` | | +| authentication.tokenService.type | string | `"default"` | | | autoscaling.enabled | bool | `false` | Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using in-memory version store type. | | autoscaling.maxReplicas | int | `3` | The maximum number of replicas to maintain. | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to maintain. | | autoscaling.targetCPUUtilizationPercentage | int | `80` | Optional; set to zero or empty to disable. | | autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Optional; set to zero or empty to disable. | -| bootstrapExtraEnv | list | `[]` | Extra environment variables to add to the bootstrap metastore manager job (see `extraEnv` for an example) | -| bootstrapMetastoreManager | bool | `false` | Configures whether to enable the bootstrap metastore manager job | +| bootstrap | object | `{"credentials":[],"enabled":false,"extraEnv":[],"image":{"configDir":"/deployments/config","pullPolicy":"IfNotPresent","repository":"apache/polaris-admin-tool","tag":"latest"},"realms":[]}` | Configures whether to enable the bootstrap metastore manager job | +| bootstrap.credentials | list | `[]` | The credentials to create during the bootstrap. If you don't provide credentials for the root principal of each realm to bootstrap, random credentials will be generated. Each entry in the array must be of the form: realm,userName,clientId,clientSecret | +| bootstrap.extraEnv | list | `[]` | Extra environment variables to add to the bootstrap metastore manager job (see `extraEnv` for an example) | +| bootstrap.image | object | `{"configDir":"/deployments/config","pullPolicy":"IfNotPresent","repository":"apache/polaris-admin-tool","tag":"latest"}` | The image configuration for the bootstrap metastore manager job. | +| bootstrap.image.configDir | string | `"/deployments/config"` | The path to the directory where the application.properties file, and other configuration files, if any, should be mounted. | +| bootstrap.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. | +| bootstrap.image.repository | string | `"apache/polaris-admin-tool"` | The image repository to pull from. | +| bootstrap.image.tag | string | `"latest"` | The image tag. | +| bootstrap.realms | list | `[]` | The names of the realms to bootstrap. | | configMapLabels | object | `{}` | Additional Labels to apply to polaris configmap. | +| containerSecurityContext | object | `{}` | Security context for the polaris container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | +| cors.accessControlAllowCredentials | bool | `true` | | +| cors.accessControlMaxAge | int | `600` | | +| cors.allowedHeaders[0] | string | `"*"` | | +| cors.allowedMethods[0] | string | `"PATCH"` | | +| cors.allowedMethods[1] | string | `"POST"` | | +| cors.allowedMethods[2] | string | `"DELETE"` | | +| cors.allowedMethods[3] | string | `"GET"` | | +| cors.allowedMethods[4] | string | `"PUT"` | | +| cors.allowedOrigins[0] | string | `"http://localhost:8080"` | | +| cors.exposedHeaders[0] | string | `"*"` | | | extraEnv | list | `[]` | Advanced configuration via Environment Variables. Extra environment variables to add to the Polaris server container. You can pass here any valid EnvVar object: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core This can be useful to get configuration values from Kubernetes secrets or config maps. | +| extraInitContainers | list | `[]` | Add additional init containers to the polaris pod(s) See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/. | +| extraServices | list | `[]` | Additional service definitions. All service definitions always select all Polaris pods. Use this if you need to expose specific ports with different configurations, e.g. expose polaris-http with an alternate LoadBalancer service instead of ClusterIP. | +| extraVolumeMounts | list | `[]` | Extra volume mounts to add to the polaris container. See https://kubernetes.io/docs/concepts/storage/volumes/. | +| extraVolumes | list | `[]` | Extra volumes to add to the polaris pod. See https://kubernetes.io/docs/concepts/storage/volumes/. | +| features.defaults.ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING | bool | `false` | | +| features.defaults.SUPPORTED_CATALOG_STORAGE_TYPES[0] | string | `"S3"` | | +| features.defaults.SUPPORTED_CATALOG_STORAGE_TYPES[1] | string | `"GCS"` | | +| features.defaults.SUPPORTED_CATALOG_STORAGE_TYPES[2] | string | `"AZURE"` | | +| features.defaults.SUPPORTED_CATALOG_STORAGE_TYPES[3] | string | `"FILE"` | | +| features.realmOverrides | object | `{}` | | +| fileIo.type | string | `"default"` | | +| image.configDir | string | `"/deployments/config"` | The path to the directory where the application.properties file, and other configuration files, if any, should be mounted. | | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. | -| image.repository | string | `"localhost:5001/polaris"` | The image repository to pull from. | +| image.repository | string | `"apache/polaris"` | The image repository to pull from. | | image.tag | string | `"latest"` | The image tag. | | imagePullSecrets | list | `[]` | References to secrets in the same namespace to use for pulling any of the images used by this chart. Each entry is a LocalObjectReference to an existing secret in the namespace. The secret must contain a .dockerconfigjson key with a base64-encoded Docker configuration file. See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ for more information. | | ingress.annotations | object | `{}` | Annotations to add to the ingress. | @@ -94,30 +167,81 @@ $ helm uninstall --namespace polaris polaris | livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. | | livenessProbe.terminationGracePeriodSeconds | int | `30` | Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1. | | livenessProbe.timeoutSeconds | int | `10` | Number of seconds after which the probe times out. Minimum value is 1. | +| logging | object | `{"categories":{"org.apache.iceberg.rest":"INFO","org.apache.polaris":"INFO"},"console":{"enabled":true,"format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"threshold":"ALL"},"file":{"enabled":false,"fileName":"polaris.log","format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"logsDir":"/deployments/logs","rotation":{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"},"storage":{"className":"standard","selectorLabels":{},"size":"512Gi"},"threshold":"ALL"},"level":"INFO","mdc":{},"requestIdHeaderName":"request_id"}` | Logging configuration. | +| logging.categories | object | `{"org.apache.iceberg.rest":"INFO","org.apache.polaris":"INFO"}` | Configuration for specific log categories. | +| logging.console | object | `{"enabled":true,"format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"threshold":"ALL"}` | Configuration for the console appender. | +| logging.console.enabled | bool | `true` | Whether to enable the console appender. | +| logging.console.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | +| logging.console.json | bool | `false` | Whether to log in JSON format. | +| logging.console.threshold | string | `"ALL"` | The log level of the console appender. | +| logging.file | object | `{"enabled":false,"fileName":"polaris.log","format":"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n","json":false,"logsDir":"/deployments/logs","rotation":{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"},"storage":{"className":"standard","selectorLabels":{},"size":"512Gi"},"threshold":"ALL"}` | Configuration for the file appender. | +| logging.file.enabled | bool | `false` | Whether to enable the file appender. | +| logging.file.fileName | string | `"polaris.log"` | The log file name. | +| logging.file.format | string | `"%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n"` | The log format to use. Ignored if JSON format is enabled. See https://quarkus.io/guides/logging#logging-format for details. | +| logging.file.json | bool | `false` | Whether to log in JSON format. | +| logging.file.logsDir | string | `"/deployments/logs"` | The local directory where log files are stored. The persistent volume claim will be mounted here. | +| logging.file.rotation | object | `{"fileSuffix":null,"maxBackupIndex":5,"maxFileSize":"100Mi"}` | Log rotation configuration. | +| logging.file.rotation.fileSuffix | string | `nil` | An optional suffix to append to the rotated log files. If present, the rotated log files will be grouped in time buckets, and each bucket will contain at most maxBackupIndex files. The suffix must be in a date-time format that is understood by DateTimeFormatter. If the suffix ends with .gz or .zip, the rotated files will also be compressed using the corresponding algorithm. | +| logging.file.rotation.maxBackupIndex | int | `5` | The maximum number of backup files to keep. | +| logging.file.rotation.maxFileSize | string | `"100Mi"` | The maximum size of the log file before it is rotated. Should be expressed as a Kubernetes quantity. | +| logging.file.storage | object | `{"className":"standard","selectorLabels":{},"size":"512Gi"}` | The log storage configuration. A persistent volume claim will be created using these settings. | +| logging.file.storage.className | string | `"standard"` | The storage class name of the persistent volume claim to create. | +| logging.file.storage.selectorLabels | object | `{}` | Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning. | +| logging.file.storage.size | string | `"512Gi"` | The size of the persistent volume claim to create. | +| logging.file.threshold | string | `"ALL"` | The log level of the file appender. | +| logging.level | string | `"INFO"` | The log level of the root category, which is used as the default log level for all categories. | +| logging.mdc | object | `{}` | Configuration for MDC (Mapped Diagnostic Context). Values specified here will be added to the log context of all incoming requests and can be used in log patterns. | +| logging.requestIdHeaderName | string | `"request_id"` | The header name to use for the request ID. | +| managementService | object | `{"annotations":{},"clusterIP":"None","externalTrafficPolicy":null,"internalTrafficPolicy":null,"ports":[{"name":"polaris-mgmt","port":8182}],"sessionAffinity":null,"trafficDistribution":null,"type":"ClusterIP"}` | Management service settings. These settings are used to configure liveness and readiness probes, and to configure the dedicated headless service that will expose health checks and metrics, e.g. for metrics scraping and service monitoring. | +| managementService.annotations | object | `{}` | Annotations to add to the service. | +| managementService.ports | list | `[{"name":"polaris-mgmt","port":8182}]` | The ports the management service will listen on. At least one port is required; the first port implicitly becomes the HTTP port that the application will use for serving management requests. By default, it's 8182. Note: port names must be unique and no more than 15 characters long. | +| managementService.ports[0] | object | `{"name":"polaris-mgmt","port":8182}` | The name of the management port. Required. | +| managementService.ports[0].port | int | `8182` | The port the management service listens on. By default, the management interface is exposed on HTTP port 8182. | +| managementService.type | string | `"ClusterIP"` | The type of service to create. | +| metrics.enabled | bool | `true` | Specifies whether metrics for the polaris server should be enabled. | +| metrics.tags | object | `{}` | Additional tags (dimensional labels) to add to the metrics. | | nodeSelector | object | `{}` | Node labels which must match for the polaris pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. | -| persistenceConfigSecret | string | `nil` | The secret name to pull persistence.xml from (ensure the key name is 'persistence.xml') | +| persistence.eclipseLink.persistenceUnit | string | `"polaris"` | The persistence unit name to use. Only required if persistenceConfigSecret is set. | +| persistence.eclipseLink.secret | object | `{"key":"persistence.xml","name":null}` | The secret name to pull persistence.xml from. If not provided, the default persistence.xml will be used. | +| persistence.type | string | `"eclipse-link"` | | | podAnnotations | object | `{}` | Annotations to apply to polaris pods. | | podLabels | object | `{}` | Additional Labels to apply to polaris pods. | | podSecurityContext | object | `{}` | Security context for the polaris pod. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | -| polarisServerConfig | object | `{"authenticator":{"class":"org.apache.polaris.service.auth.TestInlineBearerTokenPolarisAuthenticator"},"callContextResolver":{"type":"default"},"cors":{"allowed-credentials":true,"allowed-headers":["*"],"allowed-methods":["PATCH","POST","DELETE","GET","PUT"],"allowed-origins":["http://localhost:8080"],"allowed-timing-origins":["http://localhost:8080"],"exposed-headers":["*"],"preflight-max-age":600},"defaultRealms":["default-realm"],"featureConfiguration":{"ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING":false,"SUPPORTED_CATALOG_STORAGE_TYPES":["S3","GCS","AZURE","FILE"]},"io":{"factoryType":"default"},"logging":{"appenders":[{"logFormat":"%-5p [%d{ISO8601} - %-6r] [%t] [%X{aid}%X{sid}%X{tid}%X{wid}%X{oid}%X{srv}%X{job}%X{rid}] %c{30}: %m %kvp%n%ex","threshold":"ALL","type":"console"}],"level":"INFO","loggers":{"org.apache.iceberg.rest":"DEBUG","org.apache.polaris":"DEBUG"}},"maxRequestBodyBytes":-1,"metaStoreManager":{"type":"in-memory"},"oauth2":{"type":"test"},"rateLimiter":{"type":"no-op"},"realmContextResolver":{"type":"default"},"server":{"adminConnectors":[{"port":8182,"type":"http"}],"applicationConnectors":[{"port":8181,"type":"http"}],"maxThreads":200,"minThreads":10,"requestLog":{"appenders":[{"type":"console"}]}}}` | Configures for polaris-server.yml | +| rateLimiter.tokenBucket.requestsPerSecond | int | `1000` | | +| rateLimiter.tokenBucket.type | string | `"default"` | | +| rateLimiter.tokenBucket.window | string | `"PT10S"` | | +| rateLimiter.type | string | `"no-op"` | | | readinessProbe | object | `{"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10}` | Configures the readiness probe for polaris pods. | | readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. | | readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness probes are initiated. Minimum value is 0. | | readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the probe. Minimum value is 1. | | readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. | | readinessProbe.timeoutSeconds | int | `10` | Number of seconds after which the probe times out. Minimum value is 1. | +| realmContext.realms[0] | string | `"default-realm"` | | +| realmContext.type | string | `"default"` | | | replicaCount | int | `1` | The number of replicas to deploy (horizontal scaling). Beware that replicas are stateless; don't set this number > 1 when using in-memory meta store manager. | | resources | object | `{}` | Configures the resources requests and limits for polaris pods. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. | | revisionHistoryLimit | string | `nil` | The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10). | -| securityContext | object | `{}` | Security context for the polaris container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. | +| service | object | `{"annotations":{},"clusterIP":"","externalTrafficPolicy":"Cluster","internalTrafficPolicy":"Cluster","ports":[{"name":"polaris-http","port":8181}],"sessionAffinity":"None","trafficDistribution":"PreferClose","type":"ClusterIP"}` | Polaris main service settings. | | service.annotations | object | `{}` | Annotations to add to the service. | -| service.ports | object | `{"polaris-metrics":8182,"polaris-service":8181}` | The ports the service will listen on. Two ports are required: one for the Polaris service and one for the metrics API. Note: port names must be unique and no more than 15 characters long. | +| service.clusterIP | string | `""` | You can specify your own cluster IP address If you define a Service that has the .spec.clusterIP set to "None" then Kubernetes does not assign an IP address. Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is called a headless service. See https://kubernetes.io/docs/concepts/services-networking/service/#headless-services | +| service.internalTrafficPolicy | string | `"Cluster"` | The traffic policy fields control how traffic from internal and external sources are routed respectively. Valid values are Cluster and Local. Set the field to Cluster to route traffic to all ready endpoints. Set the field to Local to only route to ready node-local endpoints. If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy | +| service.ports | list | `[{"name":"polaris-http","port":8181}]` | The ports the service will listen on. At least one port is required; the first port implicitly becomes the HTTP port that the application will use for serving API requests. By default, it's 8181. Note: port names must be unique and no more than 15 characters long. | | service.sessionAffinity | string | `"None"` | The session affinity for the service. Valid values are: None, ClientIP. ClientIP enables sticky sessions based on the client's IP address. This is generally beneficial to Polaris deployments, but some testing may be required in order to make sure that the load is distributed evenly among the pods. Also, this setting affects only internal clients, not external ones. If Ingress is enabled, it is recommended to set sessionAffinity to None. | +| service.trafficDistribution | string | `"PreferClose"` | The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences such as routing to topologically closer endpoints. Valid values are: PreferClose | | service.type | string | `"ClusterIP"` | The type of service to create. | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | +| serviceMonitor.enabled | bool | `true` | Specifies whether a ServiceMonitor for Prometheus operator should be created. | +| serviceMonitor.interval | string | `""` | The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s. | +| serviceMonitor.labels | object | `{}` | Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up. | +| serviceMonitor.metricRelabelings | list | `[]` | Relabeling rules to apply to metrics. Ref https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config. | +| storage | object | `{"aws":{"accessKey":null,"secretKey":null},"gcp":{"lifespan":"PT1H","token":null}}` | Storage credentials for the server. If the following properties are unset, default credentials will be used. | +| tasks.maxConcurrentTasks | int | `100` | | +| tasks.maxQueuedTasks | int | `1000` | | | tolerations | list | `[]` | A list of tolerations to apply to polaris pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/. | -| toolsImage.pullPolicy | string | `"IfNotPresent"` | The image pull policy. | -| toolsImage.repository | string | `"registry.access.redhat.com/ubi9/openjdk-21"` | The image repository to pull from (must have jar binary included). | -| toolsImage.tag | string | `"latest"` | The image tag. | \ No newline at end of file +| tracing.attributes | object | `{}` | Resource attributes to identify the polaris service among other tracing sources. See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. If left empty, traces will be attached to a service named "Polaris"; to change this, provide a service.name attribute here. | +| tracing.enabled | bool | `false` | Specifies whether tracing for the polaris server should be enabled. | +| tracing.endpoint | string | `"http://otlp-collector:4317"` | The collector endpoint URL to connect to (required). The endpoint URL must have either the http:// or the https:// scheme. The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). See https://quarkus.io/guides/opentelemetry for more information. | +| tracing.sample | string | `"1.0d"` | Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and "1.0d" (inclusive). E.g. "0.5d" means that 50% of the requests will be sampled. | \ No newline at end of file diff --git a/helm/polaris/README.md.gotmpl b/helm/polaris/README.md.gotmpl index 43a5f2be0..5d4829b9e 100644 --- a/helm/polaris/README.md.gotmpl +++ b/helm/polaris/README.md.gotmpl @@ -49,23 +49,57 @@ ### Optional -When using a custom `persistence.xml`, a Kubernetes Secret must be created for `.persistenceConfigSecret`. Below is a sample command: +When using a custom `persistence.xml`, a Kubernetes Secret must be created for it. Below is a sample command: ```bash kubectl create secret generic polaris-secret -n polaris --from-file=persistence.xml ``` ### From local directory (for development purposes) -From Polaris repo root: +The below instructions assume Minikube is running and Helm is installed. + +If necessary, load the Docker images into Minikube: + +```bash +eval $(minikube -p minikube docker-env) + +./gradlew clean :polaris-quarkus-server:build :polaris-quarkus-admin:build \ + -x check \ + -Dquarkus.container-image.build=true \ + -Dquarkus.container-image.tag=unstable +``` + +Then create and populate the namespace: + +```bash +kubectl create namespace polaris +kubectl apply --namespace polaris -f helm/polaris/fixtures/ +``` + +Finally, install the chart. From Polaris repo root: + +```bash +helm upgrade --install --namespace polaris polaris helm/polaris \ + --set image.tag=unstable \ + --set bootstrap.image.tag=unstable \ + --debug \ + --values helm/polaris/ci/simple-values.yaml +``` + +You can also run `ct` (chart-testing): ```bash -$ helm install polaris helm/polaris --namespace polaris --create-namespace +ct lint --charts helm/polaris +ct install --helm-extra-set-args "--set=image.tag=unstable --set bootstrap.image.tag=unstable" \ + --debug \ + --namespace polaris \ + --charts ./helm/polaris ``` ### Uninstalling the chart ```bash -$ helm uninstall --namespace polaris polaris +helm uninstall --namespace polaris polaris ``` {{ template "chart.valuesSection" . }} \ No newline at end of file diff --git a/helm/polaris/ci/fixtures/token-broker.yaml b/helm/polaris/ci/fixtures/token-broker.yaml new file mode 100644 index 000000000..5a10fbc08 --- /dev/null +++ b/helm/polaris/ci/fixtures/token-broker.yaml @@ -0,0 +1,59 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +apiVersion: v1 +kind: Secret +metadata: + name: polaris-token-broker +type: Opaque +stringData: + private.pem: |- + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDiae5jQnQ+Dt8Optpa4fLNuUfI + 37Sy29JPfn22CkGNo54SJi8NtR38Q958Bx9B+30IZPm3KtZGPC38Tm78/C508h7/Bd0jO7S3/UuQ + rYlg9H8gC59j14fE5cKEiKCvHrNK35Act9LrfhwEoGBs7G+90KD3SBIWzoc4vS8AB/ey09kRN3+M + dQ/DuRrafRgEx8ecq0x4KPggrmvworVVm1ya+H2JNKUQ+uQugmwxeRDE1GuJrgNnn4+ajueEnGdc + ohgz067AgZExzoyRlujJXBuL6JRtOSbEYVpNV1laVdA8UJ2b5I1PiNnVvx1m4gFi/Cela479EO6t + +AC+a1ez+MxTAgMBAAECggEAA1QiXJQ4CEeIsPrz/90NiEe+je34Bp8jtuZ5q6j38MCkjMjB7VYp + 1DEdPr6OD5bGbk6puy8mik7NMEXo7NA6UJ7UpNQtvZxdmkzfhQeAGwxNKCfzlnCvPs5P70ng7uIp + KaMix8FOGQc4GztOX5uUQvqjuy70kSBFLajeXYZAdoEOu+E3QDaCUqiJlK3cRAJhg39Br+XfOHDp + cBdhlbxqQKZHWqDR010XUNoQpMHXWTu/e779Xze9uAvmYw98YGtCW8JB5AqjnqAmCZFaktKYw5Z3 + IHZCA9hTVngk0WTanuIeTlB2bbl0df+87xHfim2yDuXEkTfAOCug/Qpf+pEhfQKBgQD9M14a1MQ2 + Omf9f7X401Ig32e2YfX6sW73THB8Lupz9MCBZxNFCZlzVl55bL2o2vOROEeaneGdboqASW+1ph6e + QbdipiYAfHsG/mvkysqH/plo8QT69GUlzs2yt5zdmFjvkwaZmRmbB6Gjg2sSHKBt3YjTPbdmpuKV + oLvpmaslvQKBgQDk6r+4CGTZwfKYcrTNqJYPdOwfaVjSCulm0wHRw3PvJEi5Eb5qNaJbNICLl5FD + wkOAg33CZ+9h9FJnPd2IbBUBUGcNL5sGNZZNMH16LuFlRYKGgYxjlOjktOC5OXXa7iqkwMqf1dFf + GYU/wHGXYamUKOlinA9rFmbQCUNJL6mzTwKBgQC5Ky/O/3rfDaevRA6YgjK1x6vZPZreU5SLVmOM + 7eKYGo4OFIuLGZIXPzqoIlYxfq5RrY7wDDZLI+Q2HX6MoYgSxIyQoGF6SY7PdpEBKS0kd5VJobm6 + rbCrDapw4MbfZ+LiketpuQV40wPqyNkszbKlpjXCBohxkepy8rF6DN+VIQKBgFYHFnedx/DB316F + NQdYxNQYN6hyWavN5/r5b2SaVFZZx26tiWa2s0YdS/WpxzC0r9N7FubZUm/4doNQD5H2NEqjIacl + 7dd+ifaGM5GYTqJVZgEQbGb8Di3s/8r8Ghtlh+cUgNFidGWN3LKhqs6eKDGC0np5dZ3j9E1YPc4i + OF8nAoGAYeFjfXBXKQhQXItTlL5NMd+yNvMGJDOvNYOn90acZrDld8GvqHI9A1kQf2IuYfA8Yfxg + O2lpCWjiPAsAC3W5BMhfkzjxpikW6YLpXXx7wpDzNAUBAuhEHlmFSMOoa4CIBnN2+6Zw8PSsKnrI + 49N28pje/ZyABaY7SYP3fcJY17o= + -----END PRIVATE KEY----- + public.pem: |- + -----BEGIN PUBLIC KEY----- + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mnuY0J0Pg7fDqbaWuHyzblHyN+0stvS + T359tgpBjaOeEiYvDbUd/EPefAcfQft9CGT5tyrWRjwt/E5u/PwudPIe/wXdIzu0t/1LkK2JYPR/ + IAufY9eHxOXChIigrx6zSt+QHLfS634cBKBgbOxvvdCg90gSFs6HOL0vAAf3stPZETd/jHUPw7ka + 2n0YBMfHnKtMeCj4IK5r8KK1VZtcmvh9iTSlEPrkLoJsMXkQxNRria4DZ5+Pmo7nhJxnXKIYM9Ou + wIGRMc6MkZboyVwbi+iUbTkmxGFaTVdZWlXQPFCdm+SNT4jZ1b8dZuIBYvwnpWuO/RDurfgAvmtX + s/jMUwIDAQAB + -----END PUBLIC KEY----- diff --git a/helm/polaris/ci/persistence-values.yaml b/helm/polaris/ci/persistence-values.yaml index 5317f6f4a..e975e6318 100644 --- a/helm/polaris/ci/persistence-values.yaml +++ b/helm/polaris/ci/persistence-values.yaml @@ -20,10 +20,26 @@ image: pullPolicy: Never -persistenceConfigSecret: polaris-persistence +authentication: + tokenBroker: + secret: + name: polaris-token-broker -polarisServerConfig: - metaStoreManager: - type: eclipse-link - persistence-unit: polaris - conf-file: /eclipselink-config/conf.jar!/persistence.xml +logging: + file: + enabled: true + json: true + storage: + size: 50Mi + +persistence: + type: eclipse-link + eclipseLink: + secret: + name: polaris-persistence + +bootstrap: + enabled: true + realms: ["realm1", "realm2"] + image: + pullPolicy: Never diff --git a/helm/polaris/templates/_helpers.tpl b/helm/polaris/templates/_helpers.tpl index 3514deb61..4069ff722 100644 --- a/helm/polaris/templates/_helpers.tpl +++ b/helm/polaris/templates/_helpers.tpl @@ -42,6 +42,29 @@ {{- end }} {{- end }} +{{/* + Create a default fully qualified app name, with a custom suffix. Useful when the name will + have a suffix appended to it, such as for the management service name. +*/}} +{{- define "polaris.fullnameWithSuffix" -}} +{{- $global := index . 0 }} +{{- $suffix := index . 1 }} +{{- if not (hasPrefix "-" $suffix) }} +{{- $suffix = printf "-%s" $suffix }} +{{- end }} +{{- $length := int (sub 63 (len $suffix)) }} +{{- if $global.Values.fullnameOverride }} +{{- $global.Values.fullnameOverride | trunc $length }}{{ $suffix }} +{{- else }} +{{- $name := default $global.Chart.Name $global.Values.nameOverride }} +{{- if contains $name $global.Release.Name }} +{{- $global.Release.Name | trunc $length }}{{ $suffix }} +{{- else }} +{{- printf "%s-%s" $global.Release.Name $name | trunc $length }}{{ $suffix }} +{{- end }} +{{- end }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} @@ -79,3 +102,198 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Merges the advanced configuration into the destination map. +*/}} +{{- define "polaris.mergeAdvancedConfig" -}} +{{- $advConfig := index . 0 -}} +{{- $prefix := index . 1 -}} +{{- $dest := index . 2 -}} +{{- range $key, $val := $advConfig -}} +{{- $name := ternary $key (print $prefix "." $key) (eq $prefix "") -}} +{{- if kindOf $val | eq "map" -}} +{{- list $val $name $dest | include "polaris.mergeAdvancedConfig" -}} +{{- else -}} +{{- $_ := set $dest $name $val -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Prints the configuration option to the destination configmap entry. See confimap.yaml. +Any nil values will be printed as empty config options; otherwise, the value will be evaluated +as a template against the global context, then printed. Furthermore, if the value contains +line breaks, they will be escaped and a multi-line option will be printed. +*/}} +{{- define "polaris.appendConfigOption" -}} +{{- $key := index . 0 -}} +{{- $value := index . 1 -}} +{{- $global := index . 2 -}} +{{- $valAsString := "" -}} +{{- if ne $value nil -}} +{{- $valAsString = tpl (toString $value) $global -}} +{{- if contains "\r\n" $valAsString -}} +{{- $valAsString = $valAsString | nindent 4 | replace "\r\n" "\\\r\n" -}} +{{- else if contains "\n" $valAsString -}} +{{- $valAsString = $valAsString | nindent 4 | replace "\n" "\\\n" -}} +{{- end -}} +{{- end -}} +{{ print $key "=" $valAsString }} +{{- end -}} + +{{/* +Convert a dict into a string formed by a comma-separated list of key-value pairs: key1=value1,key2=value2, ... +*/}} +{{- define "polaris.dictToString" -}} +{{- $list := list -}} +{{- range $k, $v := . -}} +{{- $list = append $list (printf "%s=%s" $k $v) -}} +{{- end -}} +{{ join "," $list }} +{{- end -}} + +{{/* +Prints the config volume definition for deployments and jobs. +*/}} +{{- define "polaris.configVolume" -}} +- name: config-volume + projected: + sources: + - configMap: + name: {{ include "polaris.fullname" . }} + items: + - key: application.properties + path: application.properties + {{- if .Values.authentication.tokenBroker.secret.name }} + - secret: + name: {{ tpl .Values.authentication.tokenBroker.secret.name . }} + items: + {{- if eq .Values.authentication.tokenBroker.type "rsa-key-pair" }} + - key: {{ tpl .Values.authentication.tokenBroker.secret.publicKey . }} + path: public.pem + - key: {{ tpl .Values.authentication.tokenBroker.secret.privateKey . }} + path: private.pem + {{- end }} + {{- if eq .Values.authentication.tokenBroker.type "symmetric-key" }} + - key: {{ tpl .Values.authentication.tokenBroker.secret.secretKey . }} + path: symmetric.key + {{- end }} + {{- end }} + {{- if and ( eq .Values.persistence.type "eclipse-link" ) .Values.persistence.eclipseLink.secret.name }} + - secret: + name: {{ tpl .Values.persistence.eclipseLink.secret.name . }} + items: + - key: {{ tpl .Values.persistence.eclipseLink.secret.key . }} + path: persistence.xml + {{- end }} +{{- end -}} + +{{/* +Converts a Kubernetes quantity to a number (int64 if possible or float64 otherwise). +It handles raw numbers as well as quantities with suffixes +like m, k, M, G, T, P, E, ki, Mi, Gi, Ti, Pi, Ei. +It also handles scientific notation. +Quantities should be positive, so negative values, zero, or any unparseable number +will result in a failure. +https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ +*/}} +{{- define "polaris.quantity" -}} +{{- $quantity := . -}} +{{- $n := $quantity | float64 -}} +{{- if kindIs "string" $quantity -}} +{{- if hasSuffix "m" $quantity -}} +{{- $n = divf (trimSuffix "m" $quantity | float64) 1000.0 -}} +{{- else if hasSuffix "k" $quantity -}} +{{- $n = trimSuffix "k" $quantity | int64 | mul 1000 -}} +{{- else if hasSuffix "M" $quantity -}} +{{- $n = trimSuffix "M" $quantity | int64 | mul 1000000 -}} +{{- else if hasSuffix "G" $quantity -}} +{{- $n = trimSuffix "G" $quantity | int64 | mul 1000000000 -}} +{{- else if hasSuffix "T" $quantity -}} +{{- $n = trimSuffix "T" $quantity | int64 | mul 1000000000000 -}} +{{- else if hasSuffix "P" $quantity -}} +{{- $n = trimSuffix "P" $quantity | int64 | mul 1000000000000000 -}} +{{- else if hasSuffix "E" $quantity -}} +{{- $n = trimSuffix "E" $quantity | int64 | mul 1000000000000000000 -}} +{{- else if hasSuffix "ki" $quantity -}} +{{- $n = trimSuffix "ki" $quantity | int64 | mul 1024 -}} +{{- else if hasSuffix "Mi" $quantity -}} +{{- $n = trimSuffix "Mi" $quantity | int64 | mul 1048576 -}} +{{- else if hasSuffix "Gi" $quantity -}} +{{- $n = trimSuffix "Gi" $quantity | int64 | mul 1073741824 -}} +{{- else if hasSuffix "Ti" $quantity -}} +{{- $n = trimSuffix "Ti" $quantity | int64 | mul 1099511627776 -}} +{{- else if hasSuffix "Pi" $quantity -}} +{{- $n = trimSuffix "Pi" $quantity | int64 | mul 1125899906842624 -}} +{{- else if hasSuffix "Ei" $quantity -}} +{{- $n = trimSuffix "Ei" $quantity | int64 | mul 1152921504606846976 -}} +{{- end -}} +{{- end -}} +{{- if le ($n | float64) 0.0 -}} +{{- fail (print "invalid quantity: " $quantity) -}} +{{- end -}} +{{- if kindIs "float64" $n -}} +{{- printf "%f" $n -}} +{{- else -}} +{{- printf "%v" $n -}} +{{- end -}} +{{- end -}} + +{{/* +Prints the ports section of the container spec. Also validates all port names and numbers to ensure +that they are consistent and that there are no overlaps. +*/}} +{{- define "polaris.containerPorts" -}} +ports: +{{- $ports := dict -}} + +{{- /* Main service ports */ -}} +{{- range $i, $port := .Values.service.ports -}} +{{- if hasKey $ports $port.name -}} +{{- fail (printf "service.ports[%d]: port name already taken: %v" $i $port.name) -}} +{{- end -}} +{{- $portNumber := coalesce $port.targetPort $port.port -}} +{{- if has $portNumber (values $ports) -}} +{{- fail (printf "service.ports[%d]: port number already taken: %v" $i $portNumber) -}} +{{- end -}} +{{- $_ := set $ports $port.name $portNumber }} +- name: {{ $port.name }} + containerPort: {{ coalesce $port.targetPort $port.port }} + protocol: {{ $port.protocol | default "TCP" }} +{{- end -}} + +{{- /* Management service ports */ -}} +{{- range $i, $port := .Values.managementService.ports -}} +{{- if hasKey $ports $port.name -}} +{{- fail (printf "managementService.ports[%d]: port name already taken: %v" $i $port.name) -}} +{{- end -}} +{{- $portNumber := coalesce $port.targetPort $port.port -}} +{{- if has $portNumber (values $ports) -}} +{{- fail (printf "managementService.ports[%d]: port number already taken: %v" $i $portNumber) -}} +{{- end -}} +{{- $_ := set $ports $port.name $portNumber }} +- name: {{ $port.name }} + containerPort: {{ coalesce $port.targetPort $port.port }} + protocol: {{ $port.protocol | default "TCP" }} +{{- end -}} + +{{- /* Extra service ports */ -}} +{{- range $i, $svc := .Values.extraServices -}} +{{- range $j, $port := $svc.ports -}} +{{- $portNumber := coalesce $port.targetPort $port.port -}} +{{- if hasKey $ports $port.name -}} +{{- if ne $portNumber (get $ports $port.name) -}} +{{- fail (printf "extraServices[%d].ports[%d]: wrong port number for port %s, expected %v, got %v" $i $j $port.name (get $ports $port.name) $portNumber) -}} +{{- end -}} +{{- else if has $portNumber (values $ports) -}} +{{- fail (printf "extraServices[%d].ports[%d]: port number already taken: %v" $i $j $portNumber) -}} +{{- end -}} +{{- $_ := set $ports $port.name $portNumber }} +- name: {{ $port.name }} + containerPort: {{ coalesce $port.targetPort $port.port }} + protocol: {{ $port.protocol | default "TCP" }} +{{- end -}} +{{- end -}} + +{{- end -}} diff --git a/helm/polaris/templates/configmap.yaml b/helm/polaris/templates/configmap.yaml index 97bc983e5..3cb1c91c1 100644 --- a/helm/polaris/templates/configmap.yaml +++ b/helm/polaris/templates/configmap.yaml @@ -28,5 +28,140 @@ metadata: {{- tpl (toYaml .Values.configMapLabels) . | nindent 4 }} {{- end }} data: - polaris-server.yml: |- -{{ toYaml .Values.polarisServerConfig | indent 4 }} \ No newline at end of file + application.properties: |- + {{- $map := dict -}} + + {{- /* Realm Context */ -}} + {{- $_ := set $map "polaris.realm-context.type" .Values.realmContext.type -}} + {{- $_ = set $map "polaris.realm-context.realms" (join "," .Values.realmContext.realms) -}} + + {{- /* Features */ -}} + {{- range $k, $v := .Values.features.defaults -}} + {{- $_ = set $map (printf "polaris.features.defaults.\"%s\"" $k) (toJson $v) -}} + {{- end -}} + {{- range $realm, $overrides := .Values.features.realmOverrides -}} + {{- range $k, $v := $overrides -}} + {{- $_ = set $map (printf "polaris.config.realm-overrides.\"%s\".\"%s\"" $realm $k) (toJson $v) -}} + {{- end -}} + {{- end -}} + + {{- /* Persistence */ -}} + {{- $_ = set $map "polaris.persistence.type" .Values.persistence.type -}} + {{- if and ( eq .Values.persistence.type "eclipse-link" ) .Values.persistence.eclipseLink.secret.name -}} + {{- $_ = set $map "polaris.persistence.eclipselink.persistence-unit" .Values.persistence.eclipseLink.persistenceUnit -}} + {{- $_ = set $map "polaris.persistence.eclipselink.configuration-file" (printf "%s/persistence.xml" .Values.image.configDir ) -}} + {{- end -}} + + {{- /* File IO */ -}} + {{- $_ = set $map "polaris.file-io.type" .Values.fileIo.type -}} + + {{- /* Storage */ -}} + {{- if .Values.storage.aws.accessKey -}} + {{- $_ = set $map "polaris.storage.aws.access-key" .Values.storage.aws.accessKey -}} + {{- end -}} + {{- if .Values.storage.aws.secretKey -}} + {{- $_ = set $map "polaris.storage.aws.secret-key" .Values.storage.aws.secretKey -}} + {{- end -}} + {{- if .Values.storage.gcp.token -}} + {{- $_ = set $map "polaris.storage.gcp.token" .Values.storage.gcp.token -}} + {{- end -}} + {{- if .Values.storage.gcp.lifespan -}} + {{- $_ = set $map "polaris.storage.gcp.lifespan" .Values.storage.gcp.lifespan -}} + {{- end -}} + + {{- /* Authentication */ -}} + {{- $_ = set $map "polaris.authentication.authenticator.type" .Values.authentication.authenticator.type -}} + {{- $_ = set $map "polaris.authentication.token-service.type" .Values.authentication.tokenService.type -}} + {{- $_ = set $map "polaris.authentication.token-broker.type" .Values.authentication.tokenBroker.type -}} + {{- $_ = set $map "polaris.authentication.token-broker.max-token-generation" .Values.authentication.tokenBroker.maxTokenGeneration -}} + {{- if .Values.authentication.tokenBroker.secret.name }} + {{- if eq .Values.authentication.tokenBroker.type "rsa-key-pair" -}} + {{- $_ = set $map "polaris.authentication.token-broker.rsa-key-pair.public-key-file" (printf "%s/public.pem" .Values.image.configDir ) -}} + {{- $_ = set $map "polaris.authentication.token-broker.rsa-key-pair.private-key-file" (printf "%s/private.pem" .Values.image.configDir ) -}} + {{- end -}} + {{- if eq .Values.authentication.tokenBroker.type "symmetric-key" -}} + {{- $_ = set $map "polaris.authentication.token-broker.symmetric-key.file" (printf "%s/symmetric.key" .Values.image.configDir ) -}} + {{- end -}} + {{- end -}} + + {{- /* HTTP ports */ -}} + {{- $_ = set $map "quarkus.http.port" (get (first .Values.service.ports) "port") -}} + {{- $_ = set $map "quarkus.management.port" (get (first .Values.managementService.ports) "port") -}} + + {{- /* Logging */ -}} + {{- $_ = set $map "quarkus.log.level" .Values.logging.level -}} + {{- if .Values.logging.console.enabled -}} + {{- $_ = set $map "quarkus.log.console.enable" "true" -}} + {{- $_ = set $map "quarkus.log.console.level" .Values.logging.console.threshold -}} + {{- if .Values.logging.console.json -}} + {{- $_ = set $map "quarkus.log.console.json" "true" -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.console.format" .Values.logging.console.format -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.console.enable" "false" -}} + {{- end -}} + {{- if .Values.logging.file.enabled -}} + {{- $_ = set $map "quarkus.log.file.enable" "true" -}} + {{- $_ = set $map "quarkus.log.file.level" .Values.logging.file.threshold -}} + {{- $_ = set $map "quarkus.log.file.path" (printf "%s/%s" .Values.logging.file.logsDir .Values.logging.file.fileName) -}} + {{- $_ = set $map "quarkus.log.file.rotation.max-file-size" (include "polaris.quantity" .Values.logging.file.rotation.maxFileSize) -}} + {{- $_ = set $map "quarkus.log.file.rotation.max-backup-index" .Values.logging.file.rotation.maxBackupIndex -}} + {{- if .Values.logging.file.rotation.fileSuffix -}} + {{- $_ = set $map "quarkus.log.file.rotation.file-suffix" .Values.logging.file.rotation.fileSuffix -}} + {{- end -}} + {{- if .Values.logging.file.json -}} + {{- $_ = set $map "quarkus.log.file.json" "true" -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.file.format" .Values.logging.file.format -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.log.file.enable" "false" -}} + {{- end -}} + {{- $categories := dict -}} + {{- list .Values.logging.categories "" $categories | include "polaris.mergeAdvancedConfig" -}} + {{- range $k, $v := $categories -}} + {{- $_ = set $map (printf "quarkus.log.category.\"%s\".level" $k) $v -}} + {{- end -}} + {{- $_ = set $map "polaris.log.request-id-header-name" .Values.logging.requestIdHeaderName -}} + {{- range $k, $v := .Values.logging.mdc -}} + {{- $_ = set $map (printf "polaris.log.mdc.\"%s\"" $k) $v -}} + {{- end -}} + + {{- /* Telemetry */ -}} + {{- if .Values.tracing.enabled -}} + {{- $_ = set $map "quarkus.otel.exporter.otlp.endpoint" .Values.tracing.endpoint -}} + {{- if .Values.tracing.attributes -}} + {{- $_ = set $map "quarkus.otel.resource.attributes" (include "polaris.dictToString" .Values.tracing.attributes) -}} + {{- end -}} + {{- if .Values.tracing.sample -}} + {{ if eq .Values.tracing.sample "all" -}} + {{- $_ = set $map "quarkus.otel.traces.sampler" "parentbased_always_on" -}} + {{- else if eq .Values.tracing.sample "none" -}} + {{- $_ = set $map "quarkus.otel.traces.sampler" "always_off" -}} + {{- else -}} + {{- $_ = set $map "quarkus.otel.traces.sampler" "parentbased_traceidratio" -}} + {{- $_ = set $map "quarkus.otel.traces.sampler.arg" .Values.tracing.sample -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.otel.sdk.disabled" true -}} + {{- end -}} + + {{- /* Metrics */ -}} + {{- if .Values.metrics.enabled -}} + {{- range $name, $value := .Values.metrics.tags -}} + {{- $_ = set $map (print "polaris.metrics.tags." $name) $value -}} + {{- end -}} + {{- else -}} + {{- $_ = set $map "quarkus.micrometer.enabled" "false" -}} + {{- end -}} + + {{- /* Advanced Configuration (must be done last since it can override any of the settings above) */ -}} + {{- list .Values.advancedConfig "" $map | include "polaris.mergeAdvancedConfig" }} + + {{- /* Print the resulting configmap; each configuration option is templatized */ -}} + {{- $global := . -}} + {{- range $k, $v := $map }} + {{ include "polaris.appendConfigOption" (list $k $v $global) }} + {{- end }} diff --git a/helm/polaris/templates/deployment.yaml b/helm/polaris/templates/deployment.yaml index 9d688e6ac..a603429f7 100644 --- a/helm/polaris/templates/deployment.yaml +++ b/helm/polaris/templates/deployment.yaml @@ -49,23 +49,6 @@ spec: {{- tpl (toYaml .Values.podLabels) . | nindent 8 }} {{- end }} spec: - {{- if and .Values.persistenceConfigSecret (index .Values.polarisServerConfig.metaStoreManager "conf-file") }} - initContainers: - - name: init-config - image: "{{ tpl .Values.toolsImage.repository . }}:{{ tpl .Values.toolsImage.tag . }}" - imagePullPolicy: {{ tpl .Values.toolsImage.pullPolicy . }} - command: ["jar"] - args: ["-cf", "/eclipselink-config/conf.jar", "-C", "/secret", "persistence.xml"] - {{- if .Values.securityContext}} - securityContext: - {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} - {{- end }} - volumeMounts: - - name: eclipselink-config-volume - mountPath: /eclipselink-config - - name: secret-volume - mountPath: /secret - {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} @@ -77,11 +60,15 @@ spec: securityContext: {{- tpl (toYaml .Values.podSecurityContext) . | nindent 8 }} {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- tpl (toYaml .Values.extraInitContainers) . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} - {{- if .Values.securityContext}} + {{- if .Values.containerSecurityContext }} securityContext: - {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} + {{- tpl (toYaml .Values.containerSecurityContext) . | nindent 12 }} {{- end }} image: "{{ tpl .Values.image.repository . }}:{{ tpl .Values.image.tag . | default .Chart.Version }}" imagePullPolicy: {{ tpl .Values.image.pullPolicy . }} @@ -91,22 +78,24 @@ spec: {{- end }} volumeMounts: - name: config-volume - mountPath: /app/config/polaris-server.yml - subPath: polaris-server.yml - {{- if and .Values.persistenceConfigSecret (index .Values.polarisServerConfig.metaStoreManager "conf-file") }} - - name: eclipselink-config-volume - mountPath: /eclipselink-config + mountPath: {{ trimSuffix "/" .Values.image.configDir }} + readOnly: true + {{- if .Values.logging.file.enabled }} + - name: logs-storage + mountPath: {{ .Values.logging.file.logsDir }} + readOnly: false {{- end }} - ports: - {{- range $portName, $portNumber := .Values.service.ports }} - - name: {{ $portName }} - containerPort: {{ $portNumber }} - protocol: TCP + - name: temp-dir + mountPath: /tmp + readOnly: false + {{- if .Values.extraVolumeMounts }} + {{- tpl (toYaml .Values.extraVolumeMounts) . | nindent 12 }} {{- end }} + {{- include "polaris.containerPorts" . | trim | nindent 10 }} livenessProbe: httpGet: path: /q/health/live - port: "polaris-metrics" + port: {{ get (first .Values.managementService.ports) "name" }} scheme: HTTP initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} @@ -117,7 +106,7 @@ spec: readinessProbe: httpGet: path: /q/health/ready - port: "polaris-metrics" + port: {{ get (first .Values.managementService.ports) "name" }} scheme: HTTP initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} @@ -129,15 +118,16 @@ spec: {{- tpl (toYaml .Values.resources) . | nindent 12 }} {{- end }} volumes: - - name: config-volume - configMap: - name: {{ include "polaris.fullname" . }} - {{- if and .Values.persistenceConfigSecret (index .Values.polarisServerConfig.metaStoreManager "conf-file") }} - - name: eclipselink-config-volume + {{- include "polaris.configVolume" . | nindent 8 }} + {{- if .Values.logging.file.enabled }} + - name: logs-storage + persistentVolumeClaim: + claimName: {{ include "polaris.fullnameWithSuffix" (list . "logs") }} + {{- end }} + - name: temp-dir emptyDir: {} - - name: secret-volume - secret: - secretName: {{ tpl .Values.persistenceConfigSecret . }} + {{- if .Values.extraVolumes }} + {{- tpl (toYaml .Values.extraVolumes) . | nindent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: diff --git a/helm/polaris/templates/ingress.yaml b/helm/polaris/templates/ingress.yaml index 7495be5b5..f1909cc62 100644 --- a/helm/polaris/templates/ingress.yaml +++ b/helm/polaris/templates/ingress.yaml @@ -19,7 +19,7 @@ {{- if .Values.ingress.enabled }} {{- $fullName := include "polaris.fullname" . }} -{{- $svcPort := index .Values.service.ports "polaris-service" }} +{{- $svcPort := get (first .Values.service.ports) "port" }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/helm/polaris/templates/job.yaml b/helm/polaris/templates/job.yaml index 5dc54b2bb..18a3b8db1 100644 --- a/helm/polaris/templates/job.yaml +++ b/helm/polaris/templates/job.yaml @@ -17,7 +17,7 @@ under the License. */}} -{{- if .Values.bootstrapMetastoreManager }} +{{- if .Values.bootstrap.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -43,23 +43,6 @@ spec: {{- tpl (toYaml .Values.podLabels) . | nindent 8 }} {{- end }} spec: - {{- if and .Values.persistenceConfigSecret (index .Values.polarisServerConfig.metaStoreManager "conf-file") }} - initContainers: - - name: init-config - image: "{{ tpl .Values.toolsImage.repository . }}:{{ tpl .Values.toolsImage.tag . }}" - imagePullPolicy: {{ tpl .Values.toolsImage.pullPolicy . }} - command: ["jar"] - args: ["-cf", "/eclipselink-config/conf.jar", "-C", "/secret", "persistence.xml"] - {{- if .Values.securityContext}} - securityContext: - {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} - {{- end }} - volumeMounts: - - name: eclipselink-config-volume - mountPath: /eclipselink-config - - name: secret-volume - mountPath: /secret - {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} @@ -67,47 +50,50 @@ spec: {{- end }} {{- end }} serviceAccountName: {{ include "polaris.serviceAccountName" . }} - {{- if .Values.podSecurityContext}} + {{- if .Values.podSecurityContext }} securityContext: {{- tpl (toYaml .Values.podSecurityContext) . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} - {{- if .Values.securityContext}} + {{- if .Values.containerSecurityContext }} securityContext: - {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} + {{- tpl (toYaml .Values.containerSecurityContext) . | nindent 12 }} {{- end }} - image: "{{ tpl .Values.image.repository . }}:{{ tpl .Values.image.tag . | default .Chart.Version }}" - imagePullPolicy: {{ tpl .Values.image.pullPolicy . }} - command: ["/app/bin/polaris-service"] - args: ["bootstrap", "/app/config/polaris-server.yml"] - {{- if .Values.bootstrapExtraEnv }} + image: "{{ tpl .Values.bootstrap.image.repository . }}:{{ tpl .Values.bootstrap.image.tag . | default .Chart.Version }}" + imagePullPolicy: {{ tpl .Values.bootstrap.image.pullPolicy . }} + args: + - "bootstrap" + {{- range $realm := .Values.bootstrap.realms }} + - --realm={{ $realm }} + {{- end }} + {{- range $credential := .Values.bootstrap.credentials }} + - --credential={{ $credential }} + {{- end }} env: - {{- tpl (toYaml .Values.bootstrapExtraEnv) . | nindent 12 }} - {{- end }} + {{- if .Values.bootstrap.extraEnv }} + {{- tpl (toYaml .Values.bootstrap.extraEnv) . | nindent 12 }} + {{- end }} + - name: "quarkus.log.file.enable" + value: "false" volumeMounts: - name: config-volume - mountPath: /app/config/polaris-server.yml - subPath: polaris-server.yml - {{- if and .Values.persistenceConfigSecret (index .Values.polarisServerConfig.metaStoreManager "conf-file") }} - - name: eclipselink-config-volume - mountPath: /eclipselink-config - {{- end }} + mountPath: {{ trimSuffix "/" .Values.bootstrap.image.configDir }} + readOnly: true + - name: temp-dir + mountPath: /tmp + readOnly: false {{- if .Values.resources }} resources: {{- tpl (toYaml .Values.resources) . | nindent 12 }} {{- end }} restartPolicy: Never volumes: - - name: config-volume - configMap: - name: {{ include "polaris.fullname" . }} - {{- if and .Values.persistenceConfigSecret (index .Values.polarisServerConfig.metaStoreManager "conf-file") }} - - name: eclipselink-config-volume + {{- include "polaris.configVolume" . | nindent 8 }} + - name: temp-dir emptyDir: {} - - name: secret-volume - secret: - secretName: {{ tpl .Values.persistenceConfigSecret . }} + {{- if .Values.extraVolumes }} + {{- tpl (toYaml .Values.extraVolumes) . | nindent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: diff --git a/helm/polaris/templates/service-extra.yaml b/helm/polaris/templates/service-extra.yaml new file mode 100644 index 000000000..b08f1b06c --- /dev/null +++ b/helm/polaris/templates/service-extra.yaml @@ -0,0 +1,69 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +{{- range $i, $svc := .Values.extraServices }} +{{- if not $svc.nameSuffix }} +{{- fail (printf "extraServices[%d]: missing required nameSuffix" $i) }} +{{- else if eq $svc.nameSuffix "-mgmt" }} +{{- fail (printf "extraServices[%d]: invalid nameSuffix" $i) }} +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "polaris.fullnameWithSuffix" (list . $svc.nameSuffix) }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "polaris.labels" $ | nindent 4 }} + {{- with $svc.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ $svc.type }} + selector: + {{- include "polaris.selectorLabels" $ | nindent 4 }} + ports: + {{- range $svc.ports }} + - name: {{ .name }} + port: {{ .port }} + {{- if .targetPort }} + targetPort: {{ .targetPort }} + {{- end }} + {{- if .nodePort }} + nodePort: {{ .nodePort }} + {{- end }} + protocol: {{ default "TCP" .protocol }} + {{- end }} + {{- if $svc.sessionAffinity }} + sessionAffinity: {{ $svc.sessionAffinity }} + {{- end }} + {{- if $svc.clusterIP }} + clusterIP: {{ $svc.clusterIP }} + {{- end }} + {{- if and $svc.externalTrafficPolicy (or (eq $svc.type "LoadBalancer") (eq $svc.type "NodePort")) }} + externalTrafficPolicy: {{ $svc.externalTrafficPolicy }} + {{- end }} + {{- if $svc.internalTrafficPolicy }} + internalTrafficPolicy: {{ $svc.internalTrafficPolicy }} + {{- end }} + {{- if and $svc.trafficDistribution (ge (int $.Capabilities.KubeVersion.Minor) 31) }} + trafficDistribution: {{ $svc.trafficDistribution }} + {{- end }} +{{- end }} diff --git a/helm/polaris/templates/service-mgmt.yaml b/helm/polaris/templates/service-mgmt.yaml new file mode 100644 index 000000000..4843458b4 --- /dev/null +++ b/helm/polaris/templates/service-mgmt.yaml @@ -0,0 +1,61 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "polaris.fullnameWithSuffix" (list . "mgmt") }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris.labels" . | nindent 4 }} + {{- with .Values.managementService.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.managementService.type }} + selector: + {{- include "polaris.selectorLabels" . | nindent 4 }} + ports: + {{- range .Values.managementService.ports }} + - name: {{ .name }} + port: {{ .port }} + {{- if .targetPort }} + targetPort: {{ .targetPort }} + {{- end }} + {{- if .nodePort }} + nodePort: {{ .nodePort }} + {{- end }} + protocol: {{ default "TCP" .protocol }} + {{- end }} + {{- if .Values.managementService.sessionAffinity }} + sessionAffinity: {{ .Values.managementService.sessionAffinity }} + {{- end }} + {{- if .Values.managementService.clusterIP }} + clusterIP: {{ .Values.managementService.clusterIP }} + {{- end }} + {{- if and .Values.managementService.externalTrafficPolicy (or (eq .Values.managementService.type "LoadBalancer") (eq .Values.managementService.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.managementService.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.managementService.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.managementService.internalTrafficPolicy }} + {{- end }} + {{- if and .Values.managementService.trafficDistribution (ge (int $.Capabilities.KubeVersion.Minor) 31) }} + trafficDistribution: {{ .Values.managementService.trafficDistribution }} + {{- end }} \ No newline at end of file diff --git a/helm/polaris/templates/service.yaml b/helm/polaris/templates/service.yaml index 628cd4716..6bde527ef 100644 --- a/helm/polaris/templates/service.yaml +++ b/helm/polaris/templates/service.yaml @@ -24,19 +24,38 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "polaris.labels" . | nindent 4 }} - {{- if .Values.service.annotations }} + {{- with .Values.service.annotations }} annotations: - {{- tpl (toYaml .Values.service.annotations) . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: type: {{ .Values.service.type }} selector: {{- include "polaris.selectorLabels" . | nindent 4 }} ports: - {{- range $portName, $portNumber := .Values.service.ports }} - - port: {{ $portNumber }} - targetPort: {{ $portNumber }} - protocol: TCP - name: {{ $portName }} + {{- range .Values.service.ports }} + - name: {{ .name }} + port: {{ .port }} + {{- if .targetPort }} + targetPort: {{ .targetPort }} + {{- end }} + {{- if .nodePort }} + nodePort: {{ .nodePort }} + {{- end }} + protocol: {{ default "TCP" .protocol }} {{- end }} + {{- if .Values.service.sessionAffinity }} sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and .Values.service.externalTrafficPolicy (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.trafficDistribution (ge (int .Capabilities.KubeVersion.Minor) 31) }} + trafficDistribution: {{ .Values.service.trafficDistribution }} + {{- end }} diff --git a/helm/polaris/templates/servicemonitor.yaml b/helm/polaris/templates/servicemonitor.yaml new file mode 100644 index 000000000..e8eca1fde --- /dev/null +++ b/helm/polaris/templates/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "polaris.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{ toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ get (first .Values.managementService.ports) "port" }} + scheme: http + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + path: /q/metrics + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "polaris.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/polaris/templates/storage.yaml b/helm/polaris/templates/storage.yaml new file mode 100644 index 000000000..ded3f9cf3 --- /dev/null +++ b/helm/polaris/templates/storage.yaml @@ -0,0 +1,40 @@ +{{/** + + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +**/}} + +{{- if .Values.logging.file.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "polaris.fullnameWithSuffix" (list . "logs") }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + storageClassName: {{ .Values.logging.file.storage.className }} + resources: + requests: + storage: "{{ .Values.logging.file.storage.size }}" +{{- if .Values.logging.file.storage.selectorLabels }} + selector: + matchLabels: + {{- toYaml .Values.logging.file.storage.selectorLabels | nindent 6 }} +{{- end }} +{{- end }} diff --git a/helm/polaris/templates/tests/test-connection.yaml b/helm/polaris/templates/tests/test-connection.yaml index d60b9726a..fef843dea 100644 --- a/helm/polaris/templates/tests/test-connection.yaml +++ b/helm/polaris/templates/tests/test-connection.yaml @@ -35,5 +35,7 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "polaris.fullname" . }}:{{ index .Values.service.ports "polaris-metrics" }}/q/health'] + args: + - --spider + - '{{ include "polaris.fullnameWithSuffix" (list . "mgmt") }}:{{ get (first .Values.managementService.ports) "port" }}/q/health/ready' restartPolicy: Never \ No newline at end of file diff --git a/helm/polaris/tests/configmap_test.yaml b/helm/polaris/tests/configmap_test.yaml index 859ae1992..9fa20bc32 100644 --- a/helm/polaris/tests/configmap_test.yaml +++ b/helm/polaris/tests/configmap_test.yaml @@ -78,213 +78,3 @@ tests: path: metadata.labels content: app.kubernetes.io/component: polaris - - # data - ## there is an auto newline for logFormat in the config map - ## auto newline of long string is reported in https://github.com/helm/helm/issues/5568 and due to https://github.com/go-yaml/yaml/issues/166 - - it: should set config map default data - asserts: - - equal: - path: data - value: - polaris-server.yml: |- - authenticator: - class: org.apache.polaris.service.auth.TestInlineBearerTokenPolarisAuthenticator - callContextResolver: - type: default - cors: - allowed-credentials: true - allowed-headers: - - '*' - allowed-methods: - - PATCH - - POST - - DELETE - - GET - - PUT - allowed-origins: - - http://localhost:8080 - allowed-timing-origins: - - http://localhost:8080 - exposed-headers: - - '*' - preflight-max-age: 600 - defaultRealms: - - default-realm - featureConfiguration: - ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING: false - SUPPORTED_CATALOG_STORAGE_TYPES: - - S3 - - GCS - - AZURE - - FILE - io: - factoryType: default - logging: - appenders: - - logFormat: '%-5p [%d{ISO8601} - %-6r] [%t] [%X{aid}%X{sid}%X{tid}%X{wid}%X{oid}%X{srv}%X{job}%X{rid}] - %c{30}: %m %kvp%n%ex' - threshold: ALL - type: console - level: INFO - loggers: - org.apache.iceberg.rest: DEBUG - org.apache.polaris: DEBUG - maxRequestBodyBytes: -1 - metaStoreManager: - type: in-memory - oauth2: - type: test - rateLimiter: - type: no-op - realmContextResolver: - type: default - server: - adminConnectors: - - port: 8182 - type: http - applicationConnectors: - - port: 8181 - type: http - maxThreads: 200 - minThreads: 10 - requestLog: - appenders: - - type: console - - it: should set config map data (auto sorted) - set: - polarisServerConfig: - server: - maxThreads: 200 - minThreads: 10 - applicationConnectors: - - type: http - port: 8181 - adminConnectors: - - type: http - port: 8182 - requestLog: - appenders: - - type: console - featureConfiguration: - ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING: false - SUPPORTED_CATALOG_STORAGE_TYPES: - - S3 - callContextResolver: - type: default - realmContextResolver: - type: default - defaultRealms: - - default-realm - metaStoreManager: - type: eclipse-link - persistence-unit: polaris - conf-file: /eclipselink-config/conf.jar!/persistence.xml - io: - factoryType: default - oauth2: - type: default - tokenBroker: - type: symmetric-key - secret: polaris - authenticator: - class: org.apache.polaris.service.auth.DefaultPolarisAuthenticator - cors: - allowed-origins: - - http://localhost:8080 - allowed-timing-origins: - - http://localhost:8080 - allowed-methods: - - PATCH - - POST - - DELETE - - GET - - PUT - allowed-headers: - - "*" - exposed-headers: - - "*" - preflight-max-age: 600 - allowed-credentials: true - logging: - level: INFO - loggers: - org.apache.iceberg.rest: INFO - org.apache.polaris: INFO - appenders: - - type: console - threshold: ALL - logFormat: "%-5p [%d{ISO8601} - %-6r] [%t] [%X{aid}%X{sid}%X{tid}%X{wid}%X{oid}%X{srv}%X{job}%X{rid}] %c{30}: %m %kvp%n%ex" - maxRequestBodyBytes: -1 - rateLimiter: - type: no-op - asserts: - - equal: - path: data - value: - polaris-server.yml: |- - authenticator: - class: org.apache.polaris.service.auth.DefaultPolarisAuthenticator - callContextResolver: - type: default - cors: - allowed-credentials: true - allowed-headers: - - '*' - allowed-methods: - - PATCH - - POST - - DELETE - - GET - - PUT - allowed-origins: - - http://localhost:8080 - allowed-timing-origins: - - http://localhost:8080 - exposed-headers: - - '*' - preflight-max-age: 600 - defaultRealms: - - default-realm - featureConfiguration: - ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING: false - SUPPORTED_CATALOG_STORAGE_TYPES: - - S3 - io: - factoryType: default - logging: - appenders: - - logFormat: '%-5p [%d{ISO8601} - %-6r] [%t] [%X{aid}%X{sid}%X{tid}%X{wid}%X{oid}%X{srv}%X{job}%X{rid}] - %c{30}: %m %kvp%n%ex' - threshold: ALL - type: console - level: INFO - loggers: - org.apache.iceberg.rest: INFO - org.apache.polaris: INFO - maxRequestBodyBytes: -1 - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - persistence-unit: polaris - type: eclipse-link - oauth2: - type: default - rateLimiter: - type: no-op - realmContextResolver: - type: default - server: - adminConnectors: - - port: 8182 - type: http - applicationConnectors: - - port: 8181 - type: http - maxThreads: 200 - minThreads: 10 - requestLog: - appenders: - - type: console - tokenBroker: - secret: polaris - type: symmetric-key diff --git a/helm/polaris/tests/deployment_test.yaml b/helm/polaris/tests/deployment_test.yaml index 161f27383..360daefe2 100644 --- a/helm/polaris/tests/deployment_test.yaml +++ b/helm/polaris/tests/deployment_test.yaml @@ -175,37 +175,6 @@ tests: content: foo: bar - # spec.template.spec.initContainers - - it: should not set initContainers by default - asserts: - - notExists: - path: spec.template.spec.initContainers - - it: should set initContainers if persistence is enabled - set: - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - toolsImage: - repository: test-repo - pullPolicy: Always - asserts: - - exists: - path: spec.template.spec.initContainers - - contains: - path: spec.template.spec.initContainers - content: - name: init-config - image: test-repo:latest - imagePullPolicy: Always - command: [ "jar" ] - args: [ "-cf", "/eclipselink-config/conf.jar", "-C", "/secret", "persistence.xml" ] - volumeMounts: - - name: eclipselink-config-volume - mountPath: /eclipselink-config - - name: secret-volume - mountPath: /secret - # spec.template.spec.imagePullSecrets - it: should not set imagePullSecrets by default asserts: @@ -291,7 +260,7 @@ tests: path: spec.template.spec.containers[0].securityContext - it: should set container securityContext set: - securityContext: + containerSecurityContext: runAsUser: 1000 asserts: - isSubset: @@ -299,30 +268,6 @@ tests: content: runAsUser: 1000 - # spec.template.spec.containers[0].securityContext - - it: should not set initContainer securityContext by default - set: - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - asserts: - - notExists: - path: spec.template.spec.initContainers[0].securityContext - - it: should set initContainer securityContext - set: - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - securityContext: - runAsUser: 1000 - asserts: - - isSubset: - path: spec.template.spec.initContainers[0].securityContext - content: - runAsUser: 1000 - # spec.template.spec.containers[0].image - it: should set container image set: @@ -384,58 +329,70 @@ tests: asserts: - lengthEqual: path: spec.template.spec.volumes - count: 1 + count: 2 # config-volume + temp-dir - lengthEqual: path: spec.template.spec.containers[0].volumeMounts - count: 1 + count: 2 # config-volume + temp-dir - contains: path: spec.template.spec.containers[0].volumeMounts content: name: config-volume - mountPath: /app/config/polaris-server.yml - subPath: polaris-server.yml + mountPath: /deployments/config + readOnly: true - it: should set persistence volumes if persistence is enabled set: - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml + persistence: + type: eclipse-link + eclipseLink: + secret: + name: polaris-persistence-secret asserts: - lengthEqual: path: spec.template.spec.volumes - count: 3 + count: 2 - lengthEqual: path: spec.template.spec.containers[0].volumeMounts count: 2 - contains: path: spec.template.spec.volumes content: - name: eclipselink-config-volume - emptyDir: { } - - contains: - path: spec.template.spec.volumes - content: - name: secret-volume - secret: - secretName: polaris-persistence-secret - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: eclipselink-config-volume - mountPath: /eclipselink-config + name: config-volume + projected: + sources: + - configMap: + items: + - key: application.properties + path: application.properties + name: polaris-release + - secret: + items: + - key: persistence.xml + path: persistence.xml + name: polaris-persistence-secret - it: should evaluate template expressions in persistence secret name set: - persistenceConfigSecret: '{{ .Release.Name }}-persistence-secret' - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml + persistence: + type: eclipse-link + eclipseLink: + secret: + name: "{{ .Release.Name }}-persistence-secret" asserts: - contains: path: spec.template.spec.volumes content: - name: secret-volume - secret: - secretName: polaris-release-persistence-secret + name: config-volume + projected: + sources: + - configMap: + items: + - key: application.properties + path: application.properties + name: polaris-release + - secret: + items: + - key: persistence.xml + path: persistence.xml + name: polaris-release-persistence-secret # spec.template.spec.containers[0].ports - it: should set container ports by default @@ -446,13 +403,13 @@ tests: - contains: path: spec.template.spec.containers[0].ports content: - name: polaris-service + name: polaris-http containerPort: 8181 protocol: TCP - contains: path: spec.template.spec.containers[0].ports content: - name: polaris-metrics + name: polaris-mgmt containerPort: 8182 protocol: TCP diff --git a/helm/polaris/tests/ingress_test.yaml b/helm/polaris/tests/ingress_test.yaml index ba296fd66..d9613bf54 100644 --- a/helm/polaris/tests/ingress_test.yaml +++ b/helm/polaris/tests/ingress_test.yaml @@ -45,7 +45,7 @@ tests: kind: Ingress apiVersion: networking.k8s.io/v1 - # metadata.name (with with ingress enabled) + # metadata.name (with ingress enabled) - it: should set ingress name set: ingress.enabled: true diff --git a/helm/polaris/tests/job_test.yaml b/helm/polaris/tests/job_test.yaml index 4c83e7e27..78a48739a 100644 --- a/helm/polaris/tests/job_test.yaml +++ b/helm/polaris/tests/job_test.yaml @@ -39,23 +39,23 @@ tests: not: true - it: should create job when enabled set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - containsDocument: kind: Job apiVersion: batch/v1 - # metadata.name (with bootstrapMetastoreManager enabled) + # metadata.name (with bootstrap.enabled true) - it: should set job name set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - equal: path: metadata.name value: polaris-release - it: should set job name with override set: - bootstrapMetastoreManager: true + bootstrap.enabled: true nameOverride: polaris-override asserts: - equal: @@ -63,26 +63,26 @@ tests: value: polaris-release-polaris-override - it: should set job name with full override set: - bootstrapMetastoreManager: true + bootstrap.enabled: true fullnameOverride: polaris-override asserts: - equal: path: metadata.name value: polaris-override - # metadata.namespace (with bootstrapMetastoreManager enabled) + # metadata.namespace (with bootstrap.enabled true) - it: should set job namespace set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - equal: path: metadata.namespace value: polaris-ns - # metadata.labels (with bootstrapMetastoreManager enabled) + # metadata.labels (with bootstrap.enabled true) - it: should set job default labels set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - isSubset: path: metadata.labels @@ -94,7 +94,7 @@ tests: helm.sh/chart: polaris-1.2.3 - it: should set podLabels in job labels set: - bootstrapMetastoreManager: true + bootstrap.enabled: true podLabels: app.kubernetes.io/component: polaris asserts: @@ -103,26 +103,26 @@ tests: content: app.kubernetes.io/component: polaris - # metadata.annotations (with bootstrapMetastoreManager enabled) + # metadata.annotations (with bootstrap.enabled true) - it: should set job annotations set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - equal: path: metadata.annotations value: "helm.sh/hook": post-install - # spec.template.metadata.annotations (with bootstrapMetastoreManager enabled) + # spec.template.metadata.annotations (with bootstrap.enabled true) - it: should not set pod annotations by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.metadata.annotations - it: should set pod annotations set: - bootstrapMetastoreManager: true + bootstrap.enabled: true podAnnotations: foo: bar asserts: @@ -131,10 +131,10 @@ tests: content: foo: bar - # spec.template.metadata.labels (with bootstrapMetastoreManager enabled) + # spec.template.metadata.labels (with bootstrap.enabled true) - it: should set pod labels set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - isSubset: path: spec.template.metadata.labels @@ -143,7 +143,7 @@ tests: app.kubernetes.io/instance: polaris-release - it: should set podLabels in pod labels set: - bootstrapMetastoreManager: true + bootstrap.enabled: true podLabels: app.kubernetes.io/component: polaris asserts: @@ -152,50 +152,16 @@ tests: content: app.kubernetes.io/component: polaris - # spec.template.spec.initContainers (with bootstrapMetastoreManager enabled) - - it: should not set initContainers by default - set: - bootstrapMetastoreManager: true - asserts: - - notExists: - path: spec.template.spec.initContainers - - it: should set initContainers if persistence is enabled - set: - bootstrapMetastoreManager: true - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - toolsImage: - repository: test-repo - pullPolicy: Always - asserts: - - exists: - path: spec.template.spec.initContainers - - contains: - path: spec.template.spec.initContainers - content: - name: init-config - image: test-repo:latest - imagePullPolicy: Always - command: [ "jar" ] - args: [ "-cf", "/eclipselink-config/conf.jar", "-C", "/secret", "persistence.xml" ] - volumeMounts: - - name: eclipselink-config-volume - mountPath: /eclipselink-config - - name: secret-volume - mountPath: /secret - - # spec.template.spec.imagePullSecrets (with bootstrapMetastoreManager enabled) + # spec.template.spec.imagePullSecrets (with bootstrap.enabled true) - it: should not set imagePullSecrets by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.imagePullSecrets - it: should set imagePullSecrets set: - bootstrapMetastoreManager: true + bootstrap.enabled: true imagePullSecrets: - test-secret asserts: @@ -204,17 +170,17 @@ tests: content: name: test-secret - # spec.template.spec.serviceAccountName (with bootstrapMetastoreManager enabled) + # spec.template.spec.serviceAccountName (with bootstrap.enabled true) - it: should set default service account name set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - equal: path: spec.template.spec.serviceAccountName value: polaris-release - it: should set service account name when serviceAccount.create is true set: - bootstrapMetastoreManager: true + bootstrap.enabled: true serviceAccount: create: true asserts: @@ -223,7 +189,7 @@ tests: value: polaris-release - it: should set custom service account name when serviceAccount.create is true set: - bootstrapMetastoreManager: true + bootstrap.enabled: true serviceAccount: create: true name: polaris-sa @@ -233,7 +199,7 @@ tests: value: polaris-sa - it: should set service account name to default when serviceAccount.create is false set: - bootstrapMetastoreManager: true + bootstrap.enabled: true serviceAccount: create: false asserts: @@ -242,7 +208,7 @@ tests: value: default - it: should set custom service account name when serviceAccount.create is false set: - bootstrapMetastoreManager: true + bootstrap.enabled: true serviceAccount: create: false name: polaris-sa @@ -251,16 +217,16 @@ tests: path: spec.template.spec.serviceAccountName value: polaris-sa - # spec.template.spec.securityContext (with bootstrapMetastoreManager enabled) + # spec.template.spec.securityContext (with bootstrap.enabled true) - it: should not set securityContext by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.securityContext - it: should set securityContext set: - bootstrapMetastoreManager: true + bootstrap.enabled: true podSecurityContext: runAsUser: 1000 asserts: @@ -269,26 +235,26 @@ tests: content: runAsUser: 1000 - # spec.template.spec.containers (with bootstrapMetastoreManager enabled) + # spec.template.spec.containers (with bootstrap.enabled true) - it: should set container name set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - equal: path: spec.template.spec.containers[0].name value: polaris - # spec.template.spec.containers[0].securityContext (with bootstrapMetastoreManager enabled) + # spec.template.spec.containers[0].securityContext (with bootstrap.enabled true) - it: should not set container securityContext by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.containers[0].securityContext - it: should set container securityContext set: - bootstrapMetastoreManager: true - securityContext: + bootstrap.enabled: true + containerSecurityContext: runAsUser: 1000 asserts: - isSubset: @@ -296,147 +262,63 @@ tests: content: runAsUser: 1000 - # spec.template.spec.containers[0].securityContext (with bootstrapMetastoreManager enabled) - - it: should not set initContainer securityContext by default - set: - bootstrapMetastoreManager: true - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - asserts: - - notExists: - path: spec.template.spec.initContainers[0].securityContext - - it: should set initContainer securityContext - set: - bootstrapMetastoreManager: true - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - securityContext: - runAsUser: 1000 - asserts: - - isSubset: - path: spec.template.spec.initContainers[0].securityContext - content: - runAsUser: 1000 - - # spec.template.spec.containers[0].image (with bootstrapMetastoreManager enabled) + # spec.template.spec.containers[0].image (with bootstrap.enabled true) - it: should set container image set: - bootstrapMetastoreManager: true - image: - repository: test-repo - tag: test-tag + bootstrap: + enabled: true + image: + repository: test-repo + tag: test-tag asserts: - equal: path: spec.template.spec.containers[0].image value: test-repo:test-tag - it: should set container image with template set: - bootstrapMetastoreManager: true - image: - repository: test-repo-{{ .Chart.Version }} - tag: test-tag-{{ .Release.Name }} + bootstrap: + enabled: true + image: + repository: test-repo-{{ .Chart.Version }} + tag: test-tag-{{ .Release.Name }} asserts: - equal: path: spec.template.spec.containers[0].image value: test-repo-1.2.3:test-tag-polaris-release - it: should set container image with chart version if no tag provided set: - bootstrapMetastoreManager: true - image: - repository: test-repo - tag: "" + bootstrap: + enabled: true + image: + repository: test-repo + tag: "" asserts: - equal: path: spec.template.spec.containers[0].image value: test-repo:1.2.3 - # spec.template.spec.containers[0].imagePullPolicy (with bootstrapMetastoreManager enabled) + # spec.template.spec.containers[0].imagePullPolicy (with bootstrap.enabled true) - it: should set container pull policy set: - bootstrapMetastoreManager: true - image: - pullPolicy: Always + bootstrap: + enabled: true + image: + pullPolicy: Always asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always - # spec.template.spec.containers[0].volumeMounts + spec.template.spec.volumes (with bootstrapMetastoreManager enabled) - - it: should not set persistence volumes by default - set: - bootstrapMetastoreManager: true - asserts: - - lengthEqual: - path: spec.template.spec.volumes - count: 1 - - lengthEqual: - path: spec.template.spec.containers[0].volumeMounts - count: 1 - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: config-volume - mountPath: /app/config/polaris-server.yml - subPath: polaris-server.yml - - it: should set persistence volumes if persistence is enabled - set: - bootstrapMetastoreManager: true - persistenceConfigSecret: polaris-persistence-secret - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - asserts: - - lengthEqual: - path: spec.template.spec.volumes - count: 3 - - lengthEqual: - path: spec.template.spec.containers[0].volumeMounts - count: 2 - - contains: - path: spec.template.spec.volumes - content: - name: eclipselink-config-volume - emptyDir: { } - - contains: - path: spec.template.spec.volumes - content: - name: secret-volume - secret: - secretName: polaris-persistence-secret - - contains: - path: spec.template.spec.containers[0].volumeMounts - content: - name: eclipselink-config-volume - mountPath: /eclipselink-config - - it: should evaluate template expressions in persistence secret name - set: - bootstrapMetastoreManager: true - persistenceConfigSecret: '{{ .Release.Name }}-persistence-secret' - polarisServerConfig: - metaStoreManager: - conf-file: /eclipselink-config/conf.jar!/persistence.xml - asserts: - - contains: - path: spec.template.spec.volumes - content: - name: secret-volume - secret: - secretName: polaris-release-persistence-secret - - # spec.template.spec.containers[0].resources (with bootstrapMetastoreManager enabled) + # spec.template.spec.containers[0].resources (with bootstrap.enabled true) - it: should not set container resources by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.containers[0].resources - it: should set container resources set: - bootstrapMetastoreManager: true + bootstrap.enabled: true resources: requests: cpu: 100m @@ -455,19 +337,14 @@ tests: cpu: 200m memory: 256Mi - # spec.template.spec.containers[0].env (with bootstrapMetastoreManager enabled) - - it: should not set container env by default - set: - bootstrapMetastoreManager: true - asserts: - - notExists: - path: spec.template.spec.containers[0].env + # spec.template.spec.containers[0].env (with bootstrap.enabled true) - it: should set container env set: - bootstrapMetastoreManager: true - bootstrapExtraEnv: - - name: foo - value: bar + bootstrap: + enabled: true + extraEnv: + - name: foo + value: bar asserts: - contains: path: spec.template.spec.containers[0].env @@ -475,16 +352,16 @@ tests: name: foo value: bar - # spec.template.spec.nodeSelector (with bootstrapMetastoreManager enabled) + # spec.template.spec.nodeSelector (with bootstrap.enabled true) - it: should not set nodeSelector by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.nodeSelector - it: should set nodeSelector set: - bootstrapMetastoreManager: true + bootstrap.enabled: true nodeSelector: disktype: ssd asserts: @@ -493,16 +370,16 @@ tests: value: disktype: ssd - # spec.template.spec.affinity (with bootstrapMetastoreManager enabled) + # spec.template.spec.affinity (with bootstrap.enabled true) - it: should not set affinity by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.affinity - it: should set affinity set: - bootstrapMetastoreManager: true + bootstrap.enabled: true affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -527,16 +404,16 @@ tests: - zone1 - zone2 - # spec.template.spec.tolerations (with bootstrapMetastoreManager enabled) + # spec.template.spec.tolerations (with bootstrap.enabled true) - it: should not set tolerations by default set: - bootstrapMetastoreManager: true + bootstrap.enabled: true asserts: - notExists: path: spec.template.spec.tolerations - it: should set tolerations set: - bootstrapMetastoreManager: true + bootstrap.enabled: true tolerations: - key: "key" operator: "Equal" diff --git a/helm/polaris/tests/quantity_test.yaml b/helm/polaris/tests/quantity_test.yaml new file mode 100644 index 000000000..497eb8ae1 --- /dev/null +++ b/helm/polaris/tests/quantity_test.yaml @@ -0,0 +1,98 @@ +## +## Copyright (C) 2024 Dremio +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## + +templates: + - configmap.yaml + +tests: + - it: should convert quantity 12345 + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"12345\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=12345" } } ] + - it: should convert quantity 12345.3456 + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"12345.3456\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=12345.3456" } } ] + - it: should convert quantity 123451234512345 + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"123451234512345\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=123451234512345" } } ] + - it: should convert quantity 1m + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1m\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=0.001" } } ] + - it: should convert quantity 100m + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"100m\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=0.1" } } ] + - it: should convert quantity 1000m + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1000m\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1" } } ] + - it: should convert quantity 10000m + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"10000m\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=10" } } ] + - it: should convert quantity 1k + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1k\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1000" } } ] + - it: should convert quantity 1ki + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1ki\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1024" } } ] + - it: should convert quantity 100k + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"100k\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=100000" } } ] + - it: should convert quantity 100ki + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"100ki\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=102400" } } ] + - it: should convert quantity 1M + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1M\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1000000" } } ] + - it: should convert quantity 1Mi + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1Mi\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1048576" } } ] + - it: should convert quantity 1G + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1G\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1000000000" } } ] + - it: should convert quantity 1Gi + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1Gi\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1073741824" } } ] + - it: should convert quantity 1T + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1T\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1000000000000" } } ] + - it: should convert quantity 1Ti + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1Ti\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1099511627776" } } ] + - it: should convert quantity 1P + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1P\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1000000000000000" } } ] + - it: should convert quantity 1Pi + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1Pi\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1125899906842624" } } ] + - it: should convert quantity 1E + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1E\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1000000000000000000" } } ] + - it: should convert quantity 1Ei + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1Ei\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=1152921504606846976" } } ] + - it: should fail on invalid quantity + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"invalid\" }}" }} + asserts: [ { failedTemplate: { errorMessage: "invalid quantity: invalid" } } ] + - it: should fail on zero quantity + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"0\" }}" }} + asserts: [ { failedTemplate: { errorMessage: "invalid quantity: 0" } } ] + - it: should fail on negative quantity + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"-1\" }}" }} + asserts: [ { failedTemplate: { errorMessage: "invalid quantity: -1" } } ] + - it: should convert quantity in scientific notation 123e2 + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"123e2\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=12300" } } ] + - it: should convert quantity in scientific notation 1.23e2 + set: { advancedConfig: { test: "{{ include \"polaris.quantity\" \"1.23e2\" }}" }} + asserts: [ { matchRegex: { path: "data[\"application.properties\"]", pattern: "test=123" } } ] diff --git a/helm/polaris/tests/service_monitor_test.yaml b/helm/polaris/tests/service_monitor_test.yaml new file mode 100644 index 000000000..b160540cf --- /dev/null +++ b/helm/polaris/tests/service_monitor_test.yaml @@ -0,0 +1,55 @@ +## +## Copyright (C) 2024 Dremio +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## + +release: + name: polaris + namespace: polaris-ns + +capabilities: + apiVersions: + - monitoring.coreos.com/v1 + +templates: + - servicemonitor.yaml + +tests: + - it: should create ServiceMonitor if enabled + set: { serviceMonitor: { enabled: true } } + asserts: [ { containsDocument: { kind: ServiceMonitor, apiVersion: monitoring.coreos.com/v1, name: polaris, namespace: polaris-ns } } ] + - it: should not create ServiceMonitor if disabled + set: { serviceMonitor: { enabled: false } } + asserts: [ { containsDocument: { kind: ServiceMonitor, apiVersion: monitoring.coreos.com/v1, name: polaris, namespace: polaris-ns }, not: true } ] + - it: should add metrics relabelings + set: + serviceMonitor: + enabled: true + metricRelabelings: + - source_labels: [ __meta_kubernetes_namespace ] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace + asserts: + - equal: + path: spec.endpoints[ 0].metricRelabelings + value: + - source_labels: [ __meta_kubernetes_namespace ] + separator: ; + regex: (.*) + target_label: namespace + replacement: $1 + action: replace \ No newline at end of file diff --git a/helm/polaris/tests/service_test.yaml b/helm/polaris/tests/service_test.yaml index b7e3057ab..e4fefc62b 100644 --- a/helm/polaris/tests/service_test.yaml +++ b/helm/polaris/tests/service_test.yaml @@ -114,32 +114,24 @@ tests: - equal: path: spec.ports value: - - port: 8182 - targetPort: 8182 - protocol: TCP - name: polaris-metrics - port: 8181 - targetPort: 8181 protocol: TCP - name: polaris-service + name: polaris-http - it: should set service ports set: service: ports: - polaris-service: 18181 - polaris-metrics: 18182 + - port: 18181 + targetPort: 18181 + name: polaris-http asserts: - equal: path: spec.ports value: - - port: 18182 - targetPort: 18182 - protocol: TCP - name: polaris-metrics - port: 18181 targetPort: 18181 protocol: TCP - name: polaris-service + name: polaris-http # spec.sessionAffinity - it: should set service default session affinity diff --git a/helm/polaris/values.yaml b/helm/polaris/values.yaml index c365bf081..5746623f5 100644 --- a/helm/polaris/values.yaml +++ b/helm/polaris/values.yaml @@ -28,14 +28,9 @@ image: pullPolicy: IfNotPresent # -- The image tag. tag: "latest" - -toolsImage: - # -- The image repository to pull from (must have jar binary included). - repository: registry.access.redhat.com/ubi9/openjdk-21 - # -- The image pull policy. - pullPolicy: IfNotPresent - # -- The image tag. - tag: "latest" + # -- The path to the directory where the application.properties file, and other configuration + # files, if any, should be mounted. + configDir: /deployments/config # -- References to secrets in the same namespace to use for pulling any of the images used by this # chart. Each entry is a LocalObjectReference to an existing secret in the namespace. The secret @@ -74,7 +69,7 @@ podSecurityContext: # fsGroup: 2000 # -- Security context for the polaris container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. -securityContext: +containerSecurityContext: {} # capabilities: # drop: @@ -83,18 +78,22 @@ securityContext: # runAsNonRoot: true # runAsUser: 1000 -# Polaris service settings. +# -- Polaris main service settings. service: # -- The type of service to create. type: ClusterIP - # -- The ports the service will listen on. Two ports are required: one for the Polaris service and - # one for the metrics API. + # -- The ports the service will listen on. + # At least one port is required; the first port implicitly becomes the HTTP port that the + # application will use for serving API requests. By default, it's 8181. # Note: port names must be unique and no more than 15 characters long. ports: - # polaris-server: The port the Polaris server listens on for API requests. - polaris-service: 8181 - # polaris-metrics: The port the Polaris server listens on for metrics API requests (health checks, metrics, etc.). - polaris-metrics: 8182 + - name: polaris-http + port: 8181 + # targetPort: 8181 + # nodePort: 30000 + # protocol: TCP + # - name: polaris-https + # port: 18181 # -- The session affinity for the service. Valid values are: None, ClientIP. # ClientIP enables sticky sessions based on the client's IP address. # This is generally beneficial to Polaris deployments, but some testing may be @@ -102,9 +101,73 @@ service: # Also, this setting affects only internal clients, not external ones. # If Ingress is enabled, it is recommended to set sessionAffinity to None. sessionAffinity: None + # -- You can specify your own cluster IP address + # If you define a Service that has the .spec.clusterIP set to "None" then Kubernetes does not assign an IP address. + # Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is + # called a headless service. + # See https://kubernetes.io/docs/concepts/services-networking/service/#headless-services + clusterIP: "" + # -- The traffic policy fields control how traffic from internal and external sources are routed respectively. + # Valid values are Cluster and Local. + # Set the field to Cluster to route traffic to all ready endpoints. + # Set the field to Local to only route to ready node-local endpoints. + # If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy + internalTrafficPolicy: Cluster + externalTrafficPolicy: Cluster + # -- The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. + # While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences + # such as routing to topologically closer endpoints. + # Valid values are: PreferClose + trafficDistribution: PreferClose + # -- Annotations to add to the service. + annotations: {} + +# -- Management service settings. These settings are used to configure liveness and readiness probes, +# and to configure the dedicated headless service that will expose health checks and metrics, e.g. +# for metrics scraping and service monitoring. +managementService: + # -- The type of service to create. + type: ClusterIP + # -- The ports the management service will listen on. + # At least one port is required; the first port implicitly becomes the HTTP port that the + # application will use for serving management requests. By default, it's 8182. + # Note: port names must be unique and no more than 15 characters long. + ports: + # -- The name of the management port. Required. + - name: polaris-mgmt + # -- The port the management service listens on. By default, the management interface is exposed + # on HTTP port 8182. + port: 8182 + # targetPort: polaris-service + # nodePort: 30000 + clusterIP: None + sessionAffinity: ~ + internalTrafficPolicy: ~ + externalTrafficPolicy: ~ + trafficDistribution: ~ # -- Annotations to add to the service. annotations: {} +# -- Additional service definitions. All service definitions always select all Polaris pods. Use +# this if you need to expose specific ports with different configurations, e.g. expose polaris-http +# with an alternate LoadBalancer service instead of ClusterIP. +extraServices: [] + # - # -- The suffix to append to the service name. Required. It must be unique. If it does not + # # start with a hyphen, a hyphen will be inserted between the base service name and the suffix. + # nameSuffix: "ext" + # # -- The type of service to create. + # type: LoadBalancer + # # -- The ports the service will listen on. + # ports: + # - name: polaris-http + # number: 8181 + # sessionAffinity: None + # clusterIP: "" + # internalTrafficPolicy: Cluster + # externalTrafficPolicy: Cluster + # trafficDistribution: PreferClose + # annotations: {} + # Polaris Ingress settings. # These settings generate an Ingress resource that routes external traffic to the Polaris service # using the "polaris-service" port described above. @@ -213,6 +276,36 @@ readinessProbe: # -- Number of seconds after which the probe times out. Minimum value is 1. timeoutSeconds: 10 +# -- Advanced configuration. +# You can pass here any valid Polaris or Quarkus configuration property. +# Any property that is defined here takes precedence over all the other configuration values generated by this chart. +# Properties can be passed "flattened" or as nested YAML objects (see examples below). +# Note: values should be strings; avoid using numbers, booleans, or other types. +advancedConfig: +# # Disable access log: +# quarkus.http.access-log.enabled: "true" +# # Reverse Proxy Settings +# # ---------------------- +# # +# # These config options are mentioned only for documentation purposes. Consult the +# # Quarkus documentation for "Running behind a reverse proxy" and configure those +# # depending on your actual needs. +# +# # See https://quarkus.io/guides/http-reference#reverse-proxy +# +# # Do NOT enable these option unless your reverse proxy (for example istio or nginx) +# # is properly setup to set these headers but also filter those from incoming requests. +# +# quarkus: +# http: +# proxy: +# proxy-address-forwarding: "true" +# allow-x-forwarded: "true" +# enable-forwarded-host: "true" +# enable-forwarded-prefix: "true" +# trusted-proxies: "127.0.0.1" + {} + # -- Advanced configuration via Environment Variables. # Extra environment variables to add to the Polaris server container. # You can pass here any valid EnvVar object: @@ -233,170 +326,240 @@ extraEnv: # name: aws-secret # key: secret_access_key -# -- Configures whether to enable the bootstrap metastore manager job -bootstrapMetastoreManager: false - -# -- Extra environment variables to add to the bootstrap metastore manager job (see `extraEnv` for an example) -bootstrapExtraEnv: [] - -# -- The secret name to pull persistence.xml from (ensure the key name is 'persistence.xml') -persistenceConfigSecret: ~ - -# -- Configures for polaris-server.yml -polarisServerConfig: - server: - # Maximum number of threads. - maxThreads: 200 +# -- Extra volumes to add to the polaris pod. See https://kubernetes.io/docs/concepts/storage/volumes/. +extraVolumes: [] + # - name: extra-volume + # emptyDir: {} - # Minimum number of thread to keep alive. - minThreads: 10 - applicationConnectors: - # HTTP-specific options. - - type: http +# -- Extra volume mounts to add to the polaris container. See https://kubernetes.io/docs/concepts/storage/volumes/. +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /usr/share/extra-volume - # The port on which the HTTP server listens for service requests. - port: 8181 +# -- Add additional init containers to the polaris pod(s) See https://kubernetes.io/docs/concepts/workloads/pods/init-containers/. +extraInitContainers: [] + # - name: your-image-name + # image: your-image + # imagePullPolicy: Always + # command: ['sh', '-c', 'echo "hello world"'] - adminConnectors: - - type: http - port: 8182 - - # The hostname of the interface to which the HTTP server socket wil be found. If omitted, the - # socket will listen on all interfaces. - # bindHost: localhost - - # ssl: - # keyStore: ./example.keystore - # keyStorePassword: example - # - # keyStoreType: JKS # (optional, JKS is default) - - # HTTP request log settings - requestLog: - appenders: - # Settings for logging to stdout. - - type: console - - # # Settings for logging to a file. - # - type: file - - # # The file to which statements will be logged. - # currentLogFilename: ./logs/request.log - - # # When the log file rolls over, the file will be archived to requests-2012-03-15.log.gz, - # # requests.log will be truncated, and new statements written to it. - # archivedLogFilenamePattern: ./logs/requests-%d.log.gz - - # # The maximum number of log files to archive. - # archivedFileCount: 14 - - # # Enable archiving if the request log entries go to the their own file - # archive: true +# -- Configures whether to enable the bootstrap metastore manager job +bootstrap: + enabled: false + # -- The names of the realms to bootstrap. + realms: [] + # -- The credentials to create during the bootstrap. If you don't provide credentials for the + # root principal of each realm to bootstrap, random credentials will be generated. + # Each entry in the array must be of the form: realm,userName,clientId,clientSecret + credentials: [] + # - realm1,root,root,s3cr3t + # - realm2,root,root,s3cr3t + # -- The image configuration for the bootstrap metastore manager job. + image: + # -- The image repository to pull from. + repository: apache/polaris-admin-tool + # -- The image pull policy. + pullPolicy: IfNotPresent + # -- The image tag. + tag: "latest" + # -- The path to the directory where the application.properties file, and other configuration + # files, if any, should be mounted. + configDir: /deployments/config + # -- Extra environment variables to add to the bootstrap metastore manager job (see `extraEnv` for an example) + extraEnv: [] + +tracing: + # -- Specifies whether tracing for the polaris server should be enabled. + enabled: false + # -- The collector endpoint URL to connect to (required). + # The endpoint URL must have either the http:// or the https:// scheme. + # The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). + # See https://quarkus.io/guides/opentelemetry for more information. + endpoint: "http://otlp-collector:4317" + # -- Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and + # "1.0d" (inclusive). E.g. "0.5d" means that 50% of the requests will be sampled. + sample: "1.0d" + # -- Resource attributes to identify the polaris service among other tracing sources. + # See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. + # If left empty, traces will be attached to a service named "Polaris"; to change this, provide a service.name attribute here. + attributes: + {} + # service.name: my-polaris + +metrics: + # -- Specifies whether metrics for the polaris server should be enabled. + enabled: true + # -- Additional tags (dimensional labels) to add to the metrics. + tags: + {} + # service: polaris + # environment: production + +serviceMonitor: + # -- Specifies whether a ServiceMonitor for Prometheus operator should be created. + enabled: true + # -- The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s. + interval: "" + # -- Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up. + labels: + {} + # release: prometheus + # -- Relabeling rules to apply to metrics. Ref https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config. + metricRelabelings: [] + # - source_labels: [ __meta_kubernetes_namespace ] + # separator: ; + # regex: (.*) + # target_label: namespace + # replacement: $1 + # action: replace + +# -- Logging configuration. +logging: + # -- The log level of the root category, which is used as the default log level for all categories. + level: INFO + # -- The header name to use for the request ID. + requestIdHeaderName: request_id + # -- Configuration for the console appender. + console: + # -- Whether to enable the console appender. + enabled: true + # -- The log level of the console appender. + threshold: ALL + # -- Whether to log in JSON format. + json: false + # -- The log format to use. Ignored if JSON format is enabled. See + # https://quarkus.io/guides/logging#logging-format for details. + format: "%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n" + # -- Configuration for the file appender. + file: + # -- Whether to enable the file appender. + enabled: false + # -- The log level of the file appender. + threshold: ALL + # -- Whether to log in JSON format. + json: false + # -- The log format to use. Ignored if JSON format is enabled. See + # https://quarkus.io/guides/logging#logging-format for details. + format: "%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] [%X{requestId},%X{realmId}] [%X{traceId},%X{parentId},%X{spanId},%X{sampled}] (%t) %s%e%n" + # -- The local directory where log files are stored. The persistent volume claim will be mounted + # here. + logsDir: /deployments/logs + # -- The log file name. + fileName: polaris.log + # -- Log rotation configuration. + rotation: + # -- The maximum size of the log file before it is rotated. Should be expressed as a Kubernetes quantity. + maxFileSize: 100Mi + # -- The maximum number of backup files to keep. + maxBackupIndex: 5 + # -- An optional suffix to append to the rotated log files. If present, the rotated log files + # will be grouped in time buckets, and each bucket will contain at most maxBackupIndex files. + # The suffix must be in a date-time format that is understood by DateTimeFormatter. If the + # suffix ends with .gz or .zip, the rotated files will also be compressed using the + # corresponding algorithm. + fileSuffix: ~ # .yyyy-MM-dd.gz + # -- The log storage configuration. A persistent volume claim will be created using these + # settings. + storage: + # -- The storage class name of the persistent volume claim to create. + className: standard + # -- The size of the persistent volume claim to create. + size: 512Gi + # -- Labels to add to the persistent volume claim spec selector; a persistent volume with + # matching labels must exist. Leave empty if using dynamic provisioning. + selectorLabels: {} + # app.kubernetes.io/name: polaris + # app.kubernetes.io/instance: RELEASE-NAME + # -- Configuration for specific log categories. + categories: + org.apache.polaris: INFO + org.apache.iceberg.rest: INFO + # Useful to debug configuration issues: + # io.smallrye.config: DEBUG + # -- Configuration for MDC (Mapped Diagnostic Context). Values specified here will be added to the + # log context of all incoming requests and can be used in log patterns. + mdc: + # aid=polaris + # sid=polaris-service + {} + +realmContext: + type: default + realms: + - default-realm - featureConfiguration: +features: + defaults: ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING: false SUPPORTED_CATALOG_STORAGE_TYPES: - S3 - GCS - AZURE - FILE - - callContextResolver: + realmOverrides: {} + # my-realm: + # ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING: true + +persistence: + type: eclipse-link # in-memory + eclipseLink: + # -- The secret name to pull persistence.xml from. + # If not provided, the default persistence.xml will be used. + secret: + name: ~ + key: persistence.xml + # -- The persistence unit name to use. Only required if persistenceConfigSecret is set. + persistenceUnit: polaris + +fileIo: + type: default + +# -- Storage credentials for the server. If the following properties are unset, default credentials will be used. +storage: + aws: + accessKey: ~ + secretKey: ~ + gcp: + token: ~ + lifespan: PT1H + +authentication: + authenticator: type: default - - realmContextResolver: + tokenService: type: default + tokenBroker: + type: rsa-key-pair # symmetric-key + maxTokenGeneration: PT1H + secret: + name: ~ + publicKey: public.pem + privateKey: private.pem + secretKey: secret + +cors: + allowedOrigins: + - http://localhost:8080 + allowedMethods: + - PATCH + - POST + - DELETE + - GET + - PUT + allowedHeaders: + - "*" + exposedHeaders: + - "*" + accessControlMaxAge: 600 + accessControlAllowCredentials: true + +rateLimiter: + type: no-op + tokenBucket: + type: default + requestsPerSecond: 1000 + window: PT10S - defaultRealms: - - default-realm - - metaStoreManager: - type: in-memory - # uncomment below to use eclipse-link as metastore - # type: eclipse-link - # persistence-unit: polaris - # conf-file: /eclipselink-config/conf.jar!/persistence.xml - - io: - factoryType: default - - # TODO - avoid duplicating token broker config - oauth2: - type: test - # type: default # - uncomment to support Auth0 JWT tokens -# tokenBroker: -# type: symmetric-key -# secret: polaris - - authenticator: - class: org.apache.polaris.service.auth.TestInlineBearerTokenPolarisAuthenticator - # class: org.apache.polaris.service.auth.DefaultPolarisAuthenticator # - uncomment to support Auth0 JWT tokens - # tokenBroker: - # type: symmetric-key - # secret: polaris - - cors: - allowed-origins: - - http://localhost:8080 - allowed-timing-origins: - - http://localhost:8080 - allowed-methods: - - PATCH - - POST - - DELETE - - GET - - PUT - allowed-headers: - - "*" - exposed-headers: - - "*" - preflight-max-age: 600 - allowed-credentials: true - - # Logging settings. - - logging: - - # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. - level: INFO - - # Logger-specific levels. - loggers: - org.apache.iceberg.rest: DEBUG - org.apache.polaris: DEBUG - - appenders: - - - type: console - # If true, write log statements to stdout. - # enabled: true - # Do not display log statements below this threshold to stdout. - threshold: ALL - # Custom Logback PatternLayout with threadname. - logFormat: "%-5p [%d{ISO8601} - %-6r] [%t] [%X{aid}%X{sid}%X{tid}%X{wid}%X{oid}%X{srv}%X{job}%X{rid}] %c{30}: %m %kvp%n%ex" - - # # Settings for logging to a file. - # - type: file - # # If true, write log statements to a file. - # # enabled: true - # # Do not write log statements below this threshold to the file. - # threshold: ALL - # layout: - # type: polaris - # flattenKeyValues: false - # includeKeyValues: true - - # # The file to which statements will be logged. - # currentLogFilename: ./logs/polaris.log - # # When the log file rolls over, the file will be archived to polaris-2012-03-15.log.gz, - # # polaris.log will be truncated, and new statements written to it. - # archivedLogFilenamePattern: ./logs/polaris-%d.log.gz - # # The maximum number of log files to archive. - # archivedFileCount: 14 - - # Limits the size of request bodies sent to Polaris. -1 means no limit. - maxRequestBodyBytes: -1 - - # Optional, not specifying a "rateLimiter" section also means no rate limiter - rateLimiter: - type: no-op +tasks: + maxConcurrentTasks: 100 + maxQueuedTasks: 1000