diff --git a/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml b/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml index 5b668896..41b4bf7b 100644 --- a/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml +++ b/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml @@ -1,3 +1,53 @@ +# For now, on K8s 1.35, TrinoCatalogs need to be deployed before the TrinoCluster +# See: https://github.com/stackabletech/trino-operator/issues/854 +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: staging + labels: + trino: trino +spec: + connector: + hive: + metastore: + configMap: hive + s3: + reference: minio +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: lakehouse + labels: + trino: trino +spec: + connector: + iceberg: + metastore: + configMap: hive-iceberg + s3: + reference: minio +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpcds + labels: + trino: trino +spec: + connector: + tpcds: {} +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpch + labels: + trino: trino +spec: + connector: + tpch: {} --- apiVersion: trino.stackable.tech/v1alpha1 kind: TrinoCluster @@ -61,54 +111,6 @@ type: kubernetes.io/opaque stringData: admin: "{{ trinoAdminPassword }}" --- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: staging - labels: - trino: trino -spec: - connector: - hive: - metastore: - configMap: hive - s3: - reference: minio ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: lakehouse - labels: - trino: trino -spec: - connector: - iceberg: - metastore: - configMap: hive-iceberg - s3: - reference: minio ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: tpcds - labels: - trino: trino -spec: - connector: - tpcds: {} ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: tpch - labels: - trino: trino -spec: - connector: - tpch: {} ---- apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster metadata: diff --git a/stacks/end-to-end-security/trino.yaml b/stacks/end-to-end-security/trino.yaml index 56302ca6..13a7f6f3 100644 --- a/stacks/end-to-end-security/trino.yaml +++ b/stacks/end-to-end-security/trino.yaml @@ -1,3 +1,55 @@ +# For now, on K8s 1.35, TrinoCatalogs need to be deployed before the TrinoCluster +# See: https://github.com/stackabletech/trino-operator/issues/854 +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: lakehouse + labels: + trino: trino +spec: + connector: + iceberg: + metastore: + configMap: hive-iceberg + hdfs: + configMap: hdfs + configOverrides: + # HDFS configuration + hive.hdfs.authentication.type: KERBEROS + hive.hdfs.trino.principal: trino/trino.default.svc.cluster.local@KNAB.COM + hive.hdfs.trino.keytab: /stackable/kerberos/keytab + hive.hdfs.impersonation.enabled: "false" + hive.hdfs.wire-encryption.enabled: "true" + # HMS configuration + hive.metastore.authentication.type: KERBEROS + hive.metastore.client.principal: trino/trino.default.svc.cluster.local@KNAB.COM + hive.metastore.client.keytab: /stackable/kerberos/keytab + hive.metastore.service.principal: hive/hive-iceberg.default.svc.cluster.local@KNAB.COM + hive.metastore.thrift.impersonation.enabled: "false" + # By default, Hive views are executed with the RUN AS DEFINER security mode. Set the hive.hive-views.run-as-invoker catalog configuration property to true to use RUN AS INVOKER semantics. + # However, this does *not* work for Iceberg catalogs :/ (I asked on the Trino slack: https://trinodb.slack.com/archives/CJ6UC075E/p1711449384648869) + # hive.hive-views.run-as-invoker: "true" +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpcds + labels: + trino: trino +spec: + connector: + tpcds: {} +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpch + labels: + trino: trino +spec: + connector: + tpch: {} --- apiVersion: trino.stackable.tech/v1alpha1 kind: TrinoCluster @@ -67,56 +119,6 @@ spec: default: replicas: 1 --- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: lakehouse - labels: - trino: trino -spec: - connector: - iceberg: - metastore: - configMap: hive-iceberg - hdfs: - configMap: hdfs - configOverrides: - # HDFS configuration - hive.hdfs.authentication.type: KERBEROS - hive.hdfs.trino.principal: trino/trino.default.svc.cluster.local@KNAB.COM - hive.hdfs.trino.keytab: /stackable/kerberos/keytab - hive.hdfs.impersonation.enabled: "false" - hive.hdfs.wire-encryption.enabled: "true" - # HMS configuration - hive.metastore.authentication.type: KERBEROS - hive.metastore.client.principal: trino/trino.default.svc.cluster.local@KNAB.COM - hive.metastore.client.keytab: /stackable/kerberos/keytab - hive.metastore.service.principal: hive/hive-iceberg.default.svc.cluster.local@KNAB.COM - hive.metastore.thrift.impersonation.enabled: "false" - # By default, Hive views are executed with the RUN AS DEFINER security mode. Set the hive.hive-views.run-as-invoker catalog configuration property to true to use RUN AS INVOKER semantics. - # However, this does *not* work for Iceberg catalogs :/ (I asked on the Trino slack: https://trinodb.slack.com/archives/CJ6UC075E/p1711449384648869) - # hive.hive-views.run-as-invoker: "true" ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: tpcds - labels: - trino: trino -spec: - connector: - tpcds: {} ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: tpch - labels: - trino: trino -spec: - connector: - tpch: {} ---- apiVersion: v1 kind: Secret metadata: diff --git a/stacks/stacks-v2.yaml b/stacks/stacks-v2.yaml index 125034e8..228ad553 100644 --- a/stacks/stacks-v2.yaml +++ b/stacks/stacks-v2.yaml @@ -311,8 +311,10 @@ stacks: - helmChart: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/_templates/postgresql-superset.yaml - plainYaml: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/spark-trino-superset-s3/s3-connection.yaml - plainYaml: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/spark-trino-superset-s3/hive-metastore.yaml - - plainYaml: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/trino-superset-s3/trino.yaml + # For now, on K8s 1.35, the TrinoCatalog needs to be deployed before the TrinoCluster + # See: https://github.com/stackabletech/trino-operator/issues/854 - plainYaml: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/spark-trino-superset-s3/trino-prediction-catalog.yaml + - plainYaml: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/trino-superset-s3/trino.yaml - plainYaml: https://raw.githubusercontent.com/stackabletech/demos/release-25.11/stacks/trino-superset-s3/superset.yaml supportedNamespaces: [] resourceRequests: diff --git a/stacks/trino-iceberg/trino.yaml b/stacks/trino-iceberg/trino.yaml index 56060f75..da3ac3e2 100644 --- a/stacks/trino-iceberg/trino.yaml +++ b/stacks/trino-iceberg/trino.yaml @@ -1,3 +1,39 @@ +# For now, on K8s 1.35, TrinoCatalogs need to be deployed before the TrinoCluster +# See: https://github.com/stackabletech/trino-operator/issues/854 +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: lakehouse + labels: + trino: trino +spec: + connector: + iceberg: + metastore: + configMap: hive-iceberg + s3: + reference: minio +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpcds + labels: + trino: trino +spec: + connector: + tpcds: {} +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: tpch + labels: + trino: trino +spec: + connector: + tpch: {} --- apiVersion: trino.stackable.tech/v1alpha1 kind: TrinoCluster @@ -60,40 +96,6 @@ type: kubernetes.io/opaque stringData: admin: "{{ trinoAdminPassword }}" --- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: lakehouse - labels: - trino: trino -spec: - connector: - iceberg: - metastore: - configMap: hive-iceberg - s3: - reference: minio ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: tpcds - labels: - trino: trino -spec: - connector: - tpcds: {} ---- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: tpch - labels: - trino: trino -spec: - connector: - tpch: {} ---- apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster metadata: diff --git a/stacks/trino-superset-s3/trino.yaml b/stacks/trino-superset-s3/trino.yaml index ba13f3e9..69cc6ebe 100644 --- a/stacks/trino-superset-s3/trino.yaml +++ b/stacks/trino-superset-s3/trino.yaml @@ -1,3 +1,19 @@ +# For now, on K8s 1.35, TrinoCatalogs need to be deployed before the TrinoCluster +# See: https://github.com/stackabletech/trino-operator/issues/854 +--- +apiVersion: trino.stackable.tech/v1alpha1 +kind: TrinoCatalog +metadata: + name: hive + labels: + trino: trino +spec: + connector: + hive: + metastore: + configMap: hive + s3: + reference: minio --- apiVersion: trino.stackable.tech/v1alpha1 kind: TrinoCluster @@ -52,20 +68,6 @@ type: kubernetes.io/opaque stringData: admin: "{{ trinoAdminPassword }}" --- -apiVersion: trino.stackable.tech/v1alpha1 -kind: TrinoCatalog -metadata: - name: hive - labels: - trino: trino -spec: - connector: - hive: - metastore: - configMap: hive - s3: - reference: minio ---- apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster metadata: