From 0b0396fbf14b21e2342871d7b676e5d668fa4706 Mon Sep 17 00:00:00 2001 From: Will Morrison Date: Thu, 21 Nov 2024 13:42:29 -0500 Subject: [PATCH] Add envFrom and remove lookup --- charts/gateway/README.md | 16 +++++----- charts/gateway/templates/deployment.yaml | 8 ++--- charts/gateway/templates/secrets.yaml | 17 +---------- charts/gateway/values.yaml | 28 ++++++------------ tests/gateway/test-values-with-env.yaml | 37 ++++++++++++++++++++++++ tests/gateway/test.sh | 6 +++- 6 files changed, 62 insertions(+), 50 deletions(-) create mode 100644 tests/gateway/test-values-with-env.yaml diff --git a/charts/gateway/README.md b/charts/gateway/README.md index 1f70c0c1..3d8ec2c7 100644 --- a/charts/gateway/README.md +++ b/charts/gateway/README.md @@ -28,15 +28,15 @@ A Helm chart for Trino Gateway imagePullSecrets: - name: registry-credentials ``` -* `dataStoreSecret` - object, default: `{"key":"","name":""}` +* `envFrom` - list, default: `[]` - Provide configuration for the Trino Gateway `dataStore` in `dataStoreSecret`. This node can be left undefined if `dataStore` is defined under the config node. For production deployments sensitive values should be stored in a Secret -* `backendStateSecret` - object, default: `{"key":"","name":""}` - - Provide configuration for the Trino Gateway `backendState` in `backendStateSecret`. This should be used with health check configurations that require backend credentials. This node can be left undefined if `dataStore` is defined under the config node. -* `authenticationSecret` - object, default: `{"key":"","name":""}` - - Provide configuration for the Trino Gateway authentication configuration in `authenticationSecret`. This node can be left undefined if `dataStore` is defined under the config node. + A list of secrets and configmaps to mount into the init container as environment variables. + Example: + ```yaml + envFrom: + - secretRef: + name: password-secret + ``` * `config.serverConfig."node.environment"` - string, default: `"test"` * `config.serverConfig."http-server.http.port"` - int, default: `8080` * `config.dataStore.jdbcUrl` - string, default: `"jdbc:postgresql://localhost:5432/gateway"` diff --git a/charts/gateway/templates/deployment.yaml b/charts/gateway/templates/deployment.yaml index c2412a6c..8ca31952 100644 --- a/charts/gateway/templates/deployment.yaml +++ b/charts/gateway/templates/deployment.yaml @@ -14,12 +14,6 @@ spec: template: metadata: annotations: - # Include the version of trino-gateway-configuration as an input to the - # deployment checksum. This causes pods to restart on helm update - # whether the chart `config` is updated or if one of the configuration - # secrets is updated. Helm template must be run with the - # --dry-run=server option to prevent a nil pointer. - checksum/config: {{ (coalesce (lookup "v1" "Secret" .Release.Namespace "trino-gateway-configuration").metadata (dict "resourceVersion" "0")).resourceVersion | sha256sum}} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -44,6 +38,8 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} command: {{- toYaml .Values.command | nindent 12}} + envFrom: + {{- toYaml .Values.envFrom | nindent 12}} ports: - name: request containerPort: {{ index .Values "config" "serverConfig" "http-server.http.port" }} diff --git a/charts/gateway/templates/secrets.yaml b/charts/gateway/templates/secrets.yaml index aab1d575..da3bba6e 100644 --- a/charts/gateway/templates/secrets.yaml +++ b/charts/gateway/templates/secrets.yaml @@ -1,22 +1,7 @@ -{{ $dataStoreDict := dict}} -{{ if .Values.dataStoreSecret.name }} -{{ $dataStoreDict = (index (lookup "v1" "Secret" .Release.Namespace .Values.dataStoreSecret.name).data .Values.dataStoreSecret.key) | b64dec | fromYaml }} -{{ end }} -{{ $backendStateDict := dict }} -{{ if .Values.backendStateSecret.name }} -{{ $backendStateDict = (index (lookup "v1" "Secret" .Release.Namespace .Values.backendStateSecret.name).data .Values.backendStateSecret.key) | b64dec | fromYaml }} -{{ end }} -{{ $authenticationDict := dict }} -{{ if .Values.authenticationSecret.name }} -# {{.Values.authenticationSecret.name }} # -# {{ index (lookup "v1" "Secret" .Release.Namespace .Values.authenticationSecret.name).data .Values.authenticationSecret.key }} # -{{ $authenticationDict = (index (lookup "v1" "Secret" .Release.Namespace .Values.authenticationSecret.name).data .Values.authenticationSecret.key) | b64dec | fromYaml }} -{{ end }} - apiVersion: v1 kind: Secret metadata: name: trino-gateway-configuration type: "Opaque" data: - config.yaml: "{{toYaml (merge .Values.config $authenticationDict $dataStoreDict $backendStateDict ) | b64enc}}" + config.yaml: "{{toYaml .Values.config | b64enc}}" diff --git a/charts/gateway/values.yaml b/charts/gateway/values.yaml index 06adfbe2..1a79e0fb 100644 --- a/charts/gateway/values.yaml +++ b/charts/gateway/values.yaml @@ -20,25 +20,15 @@ image: # ``` imagePullSecrets: [] -# -- Provide configuration for the Trino Gateway `dataStore` in `dataStoreSecret`. This node can -# be left undefined if `dataStore` is defined under the config node. For production deployments -# sensitive values should be stored in a Secret -dataStoreSecret: - name: "" - key: "" - -# -- Provide configuration for the Trino Gateway `backendState` in `backendStateSecret`. This should -# be used with health check configurations that require backend credentials. This node can -# be left undefined if `dataStore` is defined under the config node. -backendStateSecret: - name: "" - key: "" - -# -- Provide configuration for the Trino Gateway authentication configuration in `authenticationSecret`. -# This node can be left undefined if `dataStore` is defined under the config node. -authenticationSecret: - name: "" - key: "" +# -- A list of secrets and configmaps to mount into the init container as environment variables. +# @raw +# Example: +# ```yaml +# envFrom: +# - secretRef: +# name: password-secret +# ``` +envFrom: [] config: serverConfig: diff --git a/tests/gateway/test-values-with-env.yaml b/tests/gateway/test-values-with-env.yaml new file mode 100644 index 00000000..c58a470a --- /dev/null +++ b/tests/gateway/test-values-with-env.yaml @@ -0,0 +1,37 @@ +replicaCount: 1 + +image: + # -- Repository location of the Trino Gateway image, typically `organization/imagename` + repository: "trinodb/trino-gateway" + pullPolicy: IfNotPresent + +config: + serverConfig: + node.environment: test + http-server.http.port: 8080 + dataStore: + # The connection details for the backend database for Trino Gateway and Trino query history + jdbcUrl: jdbc:postgresql://gateway-backend-db-postgresql.postgres-gateway.svc.cluster.local:5432/gateway + user: "${ENV:PG_USER}" + password: "${ENV:PG_PASSWORD}" + driver: org.postgresql.Driver + clusterStatsConfiguration: + monitorType: INFO_API + modules: + - io.trino.gateway.ha.module.HaGatewayProviderModule + - io.trino.gateway.ha.module.ClusterStateListenerModule + - io.trino.gateway.ha.module.ClusterStatsMonitorModule + managedApps: + - io.trino.gateway.ha.clustermonitor.ActiveClusterMonitor + +envFrom: + - secretRef: + name: db-credentials + +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi diff --git a/tests/gateway/test.sh b/tests/gateway/test.sh index 3c804377..5cef6755 100755 --- a/tests/gateway/test.sh +++ b/tests/gateway/test.sh @@ -4,10 +4,12 @@ set -euo pipefail declare -A testCases=( [complete_values]="--values test-values.yaml" + [env_from]="--values test-values-with-env.yaml" ) declare -A testCaseCharts=( [complete_values]="../../charts/gateway" + [env_from]="../../charts/gateway" ) function join_by { @@ -28,7 +30,7 @@ CT_ARGS=( --helm-extra-args="--timeout 2m" ) CLEANUP_NAMESPACE=true -TEST_NAMES=(complete_values) +TEST_NAMES=(complete_values env_from) usage() { cat <&2 @@ -87,6 +89,8 @@ helm upgrade --install ${DB_INSTALLATION_NAME} oci://registry-1.docker.io/bitnam --set primary.persistence.enabled=false kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=postgresql --timeout=300s -n "$DB_NAMESPACE" +kubectl --namespace "$NAMESPACE" create secret generic db-credentials --from-literal=PG_USER='gateway' --from-literal=PG_PASSWORD='pass0000' + result=0 for test_name in "${TEST_NAMES[@]}"; do echo 1>&2 ""