-
Notifications
You must be signed in to change notification settings - Fork 169
/
test-values.yaml
203 lines (184 loc) · 4.31 KB
/
test-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# All custom values belong here during testing.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
server:
workers: 2
config:
https:
enabled: true
keystore:
path: /etc/trino/generated/tls.pem
authenticationType: PASSWORD
coordinatorExtraConfig: |
query.client.timeout=5m
query.execution-policy=phased
autoscaling:
enabled: true
additionalConfigProperties:
- internal-communication.shared-secret=random-value-999
- http-server.authentication.allow-insecure-over-http=true
- http-server.process-forwarded=true
service:
annotations:
custom/name: value
port: 8080
auth:
# created using htpasswd -B -C 10 password.db admin
# every password is admin123
passwordAuth: |
admin:$2y$10$8SWYy3DhcZNfQnpeHOMnD.GOcuKJ/Hqzw8CXSp05YEmXUA.k/4L7a
alice:$2y$10$6XLlfiT7Q0MwJmU61CnP1.BzOImMxfqzULQHbSxAoeqTHn661uoGK
bob:$2y$10$aXfppF9iHtHjuKzbIUY8f.F98IRj2ZGfu2aok0wDgBBnD6hnDZKwK
refreshPeriod: 15s
groups: |
group1:admin,alice,bob
group2:alice
group3:bob
secretMounts:
- name: certificates
secretName: certificates
path: /etc/trino/certificates
coordinator:
deployment:
progressDeadlineSeconds: 500
revisionHistoryLimit: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 50%
jvm:
maxHeapSize: "8G"
gcMethod:
type: "UseG1GC"
g1:
heapRegionSize: "32M"
config:
memory:
heapHeadroomPerNode: "2GB"
query:
maxMemoryPerNode: "2GB"
additionalVolumes:
- name: generated-files
emptyDir: {}
additionalVolumeMounts:
- name: generated-files
mountPath: /etc/trino/generated
readOnly: false
additionalExposedPorts:
https:
servicePort: 8443
name: https
port: 8443
protocol: TCP
worker:
deployment:
progressDeadlineSeconds: 500
revisionHistoryLimit: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 50%
jvm:
maxHeapSize: "8G"
gcMethod:
type: "UseG1GC"
g1:
heapRegionSize: "32M"
config:
memory:
heapHeadroomPerNode: "2GB"
query:
maxMemoryPerNode: "2GB"
commonLabels:
extra-label: extra-value
initContainers:
coordinator:
- name: init-coordinator
image: busybox:1.36
imagePullPolicy: IfNotPresent
command: ['sh', '-c', "cat /etc/trino/certificates/tls.crt /etc/trino/certificates/tls.key > /etc/trino/generated/tls.pem"]
volumeMounts:
- name: certificates
readOnly: true
mountPath: "/etc/trino/certificates"
- name: generated-files
readOnly: false
mountPath: "/etc/trino/generated"
accessControl:
type: configmap
refreshPeriod: 60s
configFile: "rules.json"
rules:
rules.json: |-
{
"catalogs": [
{
"user": "admin",
"catalog": "(tpch|system)",
"allow": "all"
},
{
"group": "group1",
"catalog": "tpch",
"allow": true
},
{
"user": "alice",
"catalog": "jmx",
"allow": "read-only"
},
{
"catalog": "system",
"allow": "none"
}
],
"schemas": [
{
"user": "admin",
"schema": ".*",
"owner": true
},
{
"user": "alice",
"owner": false
}
]
}
jmx:
enabled: true
registryPort: 9080
serverPort: 9081
exporter:
enabled: true
image: bitnami/jmx-exporter:latest
pullPolicy: Always
port: 5556
configProperties: |
startDelaySeconds: 0
hostPort: 127.0.0.1:{{- .Values.jmx.registryPort }}
rules:
- pattern: 'trino.memory*'
- pattern: 'trino.execution<name=QueryManager>*'
serviceMonitor:
enabled: true
labels:
prometheus: default
interval: "30s"
ingress:
enabled: true
hosts:
- host: trino.local
paths:
- path: /
pathType: ImplementationSpecific
networkPolicy:
enabled: true
ingress:
- from:
- podSelector:
matchExpressions:
- key: test
operator: NotIn
values: [network-policy]