Skip to content

Commit

Permalink
feat: add configmap for override files and add secret for users
Browse files Browse the repository at this point in the history
  • Loading branch information
@philipsens
philipsens committed Sep 19, 2023
1 parent 1ae8509 commit 6466839
Show file tree
Hide file tree
Showing 9 changed files with 280 additions and 74 deletions.
2 changes: 1 addition & 1 deletion charts/drill/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: drill
version: 1.1.0
version: 1.2.0
appVersion: 1.21.1
description: Helm Charts for deploying Apache Drill Clusters on Kubernetes
type: application
Expand Down
35 changes: 33 additions & 2 deletions charts/drill/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ Enable autoscaling by editing the autoscale section in `drill/values.yaml` file.
| `resources.limits` | The resources limits for the Drill containers | `""` |
| `resources.requests.memory` | The requested memory for the Drill containers | `""` |
| `resources.requests.cpu` | The requested cpu for the Drill containers | `""` |
| `terminationGracePeriodSeconds` | Number of seconds after which pods are forcefully killed | `60` |
| `terminationGracePeriodSeconds` | Number of seconds after which pods are forcefully killed | `25` |
| `terminationGracePeriodSeconds` | Note: Lower values may cause running queries to fail | |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Set tolerations for pod assignment | `[]` |
Expand All @@ -145,7 +145,7 @@ Enable autoscaling by editing the autoscale section in `drill/values.yaml` file.
| `service.userPort` | User port address. Used between nodes in a Drill cluster. Needed for an external client, such as Tableau, to connect into the cluster nodes. Also needed for the Drill Web UI. | `31010` |
| `service.controlPort` | Control port address. Used between nodes in a Drill cluster. Needed for multi-node installation of Apache Drill. | `31011` |
| `service.dataPort` | Data port address. Used between nodes in a Drill cluster. Needed for multi-node installation of Apache Drill. | `31012` |
| `ingress.enabled` | Enable ingress record generation for Frank! | `false` |
| `ingress.enabled` | Enable ingress record generation for Frank! | `true` |
| `ingress.className` | IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) | `""` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
| `ingress.hosts` | Set hosts for ingress | `[]` |
Expand All @@ -166,3 +166,34 @@ Enable autoscaling by editing the autoscale section in `drill/values.yaml` file.
| `podLabels` | Extra labels for Drill pods | `{}` |
| `podSecurityContext` | Set Drill pod's Security Context | `{}` |
| `securityContext` | Set Drill container's Security Context | `{}` |

### Drill configuration

| Name | Description | Value |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `drill.overrideConfiguration.existingConfigMap` | The name of the configmap, containing configuration files to override | `""` |
| `drill.overrideConfiguration.drill` | Multiline value for drill-override.conf | `drill.exec: {
http.enabled: true,
impersonation: {
enabled: true,
max_chained_user_hops: 3
},
security: {
auth.mechanisms: ["PLAIN"]
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam4j",
pam_profiles: [ "sudo", "login" ]
}
}` |
| `drill.overrideConfiguration.drillMetastore` | Multiline value for drill-metastore-override.conf | `""` |
| `drill.overrideConfiguration.drillOnYarn` | Multiline value for drill-on-yarn-override.conf | `""` |
| `drill.overrideConfiguration.drillSqlLine` | Multiline value for drill-sqlline-override.conf | `""` |
| `drill.overrideConfiguration.storagePlugins` | Multiline value for storage-plugins-override.conf Can also be configured in the Web UI and saved by persistent ZooKeeper | `""` |
| `drill.authentication.existingSecret` | Name of the secret containing a passwd file | `""` |
| `drill.authentication.users` | Users to create on the system | `[]` |
| `drill.authentication.users.name` | Username for the user | `""` |
| `drill.authentication.users.password` | Password for the user | `""` |
| `drill.authentication.users.admin` | Configures if the user should be admin | `""` |
27 changes: 21 additions & 6 deletions charts/drill/templates/configmap.override.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{{/*
ConfigMap for generating a context.xml including all connections
ConfigMap for generating override.conf files
*/}}
{{- if (not .Values.drill.overrideConfiguration.existingConfigMap) -}}
apiVersion: v1
kind: ConfigMap
metadata:
Expand All @@ -12,9 +13,23 @@ data:
drill.exec: {
cluster-id: "{{ include "drill.fullname" . }}",
zk.connect: "{{ include "zookeeper.fullname" . }}:2181",
http: {
enabled: true,
port: 8047
}
http.port: 8047
}
{{- toString .Values.drill.overrideConfiguration.drill | nindent 4 }}
{{- with .Values.drill.overrideConfiguration.drillMetastore }}
drill-metastore-override.conf: |-
{{- toString . | nindent 4 }}
{{- end }}
{{- with .Values.drill.overrideConfiguration.drillOnYarn}}
drill-on-yarn.conf: |-
{{- toString . | nindent 4 }}
{{- end }}
{{- with .Values.drill.overrideConfiguration.drillSqlLine }}
drill-sqlline-override.conf: |-
{{- toString . | nindent 4 }}
{{- end }}
{{- with .Values.drill.overrideConfiguration.storagePlugins }}
storage-plugins-override.conf: |-
{{- toString . | nindent 4 }}
{{- end }}
{{- end -}}
4 changes: 3 additions & 1 deletion charts/drill/templates/ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{{/*
Create an ingress for the service
*/}}
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "drill.fullname" . -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
Expand Down Expand Up @@ -52,8 +53,9 @@ spec:
service:
name: {{ $fullName }}
port:
name: web
name: http
{{- else }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
37 changes: 37 additions & 0 deletions charts/drill/templates/secret.users.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
{{/*
ConfigMap for generating a /etc/passwd
*/}}
{{- if (not .Values.drill.authentication.existingSecret) -}}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "drill.fullname" . }}-users
labels:
{{- include "drill.labels" . | nindent 4 }}
stringData:
passwd: |-
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
drilluser:x:999:999::/var/lib/drill:/bin/sh
{{- range $index, $user := .Values.drill.authentication.users }}
{{ $user.name }}:{{ bcrypt $user.password }}:{{ add 1000 $index }}:{{ ternary 999 (add 1000 $index) (default false $user.admin) }}::/:/bin/bash
{{- end }}
{{- end -}}
1 change: 1 addition & 0 deletions charts/drill/templates/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
{{ template "drill.metadata" . }}
spec:
sessionAffinity: ClientIP
ports:
- name: http
port: {{ .Values.service.webPort }}
Expand Down
38 changes: 19 additions & 19 deletions charts/drill/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,6 @@ spec:
- /bin/bash
- -c
- "/opt/drill/bin/drillbit.sh start; tail -f /var/lib/drill/log/drillbit.out"
{{/* command:*/}}
{{/* - /bin/bash*/}}
{{/* - -c*/}}
{{/* - "sleep 9 && /opt/drill/bin/drillbit.sh restart && /opt/drill/bin/drill-embedded"*/}}
ports:
- containerPort: 8047
name: web
Expand All @@ -74,34 +70,38 @@ spec:
{{/* - /opt/drill/bin/drillbit.sh*/}}
{{/* - status*/}}
lifecycle:
{{/* postStart:*/}}
{{/* exec:*/}}
{{/* command:*/}}
{{/* - /opt/drill/bin/drillbit.sh*/}}
{{/* - start*/}}
preStop:
exec:
command:
- /opt/drill/bin/drillbit.sh
- stop # TODO: implement graceful_stop
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- if .Values.drill.drillConf.override }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /opt/drill/conf/drill-override.conf
- mountPath: /opt/drill/conf/
name: {{ template "drill.fullname" . }}-override
subPath: drill-override.conf
{{ end }}
- mountPath: /etc/passwd
name: {{ template "drill.fullname" . }}-users
subPath: passwd
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.drill.drillConf.override }}
volumes:
- name: {{ template "drill.fullname" . }}-override
configMap:
{{- if .Values.drill.overrideConfiguration.existingConfigMap }}
name: {{ .Values.drill.overrideConfiguration.existingConfigMap }}
{{- else }}
name: {{ template "drill.fullname" . }}-override
{{ end }}
{{- end }}
- name: {{ template "drill.fullname" . }}-users
secret:
{{- if .Values.drill.authentication.existingSecret }}
secretName: {{ .Values.drill.authentication.existingSecret }}
{{- else }}
secretName: {{ template "drill.fullname" . }}-users
{{- end }}
initContainers:
- name: zk-available
- name: zookeeper-available
image: busybox
command: [ 'sh', '-c', 'until nc -z {{ include "zookeeper.fullname" . }} 2181; do echo Waiting for ZK to come up; sleep 5; done; ' ]
command: [ 'sh', '-c', 'until nc -z {{ include "zookeeper.fullname" . }} 2181; do echo Waiting for ZooKeeper to come up; sleep 5; done; ' ]
Loading

0 comments on commit 6466839

Please sign in to comment.