From 6013ca03162143eec4b1934930988798fd61bb54 Mon Sep 17 00:00:00 2001 From: Stacky McStackface <95074132+stackable-bot@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:02:27 +0200 Subject: [PATCH 1/4] chore: Generated commit to update templated files since the last template run up to stackabletech/operator-templating@f169868c570c86ac02953bca396faf5ac4d13e57 (#640) Reference-to: stackabletech/operator-templating@f169868 (@lfrancke: Version bumps) --- .github/workflows/build.yml | 28 ++++++++++++------------- .github/workflows/pr_pre-commit.yaml | 31 ++++++++++++++++++++++++++-- .pre-commit-config.yaml | 27 +++++++++++++++++------- .vscode/launch.json | 19 +++++++++++++++++ deny.toml | 12 +++-------- renovate.json | 2 +- rust-toolchain.toml | 2 +- 7 files changed, 86 insertions(+), 35 deletions(-) create mode 100644 .vscode/launch.json diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 22968241..203c2083 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ env: CARGO_TERM_COLOR: always CARGO_INCREMENTAL: '0' CARGO_PROFILE_DEV_DEBUG: '0' - RUST_TOOLCHAIN_VERSION: "1.80.0" + RUST_TOOLCHAIN_VERSION: "1.80.1" RUSTFLAGS: "-D warnings" RUSTDOCFLAGS: "-D warnings" RUST_LOG: "info" @@ -49,7 +49,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 @@ -118,7 +118,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3 + - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2.0.1 with: command: check ${{ matrix.checks }} @@ -129,7 +129,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt @@ -147,7 +147,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: clippy @@ -182,7 +182,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt @@ -204,7 +204,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 @@ -224,7 +224,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' - name: Install jinja2-cli @@ -267,7 +267,7 @@ jobs: with: version: v3.13.3 - name: Set up cargo - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 @@ -331,8 +331,8 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: recursive - - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - - uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt @@ -351,9 +351,9 @@ jobs: # default value in the makefile if called from this action, but not otherwise (i.e. when called locally). # This is needed for the HELM_REPO variable. - name: Install cosign - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 - name: Install syft - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0 + uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2 - name: Build Docker image and Helm chart run: | # Installing helm and yq on ubicloud-standard-8-arm only @@ -396,7 +396,7 @@ jobs: OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" steps: - name: Install cosign - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml index c4be523c..c7df5b40 100644 --- a/.github/workflows/pr_pre-commit.yaml +++ b/.github/workflows/pr_pre-commit.yaml @@ -4,14 +4,41 @@ name: pre-commit on: pull_request: +env: + CARGO_TERM_COLOR: always + RUST_TOOLCHAIN_VERSION: "1.80.1" + HADOLINT_VERSION: "v2.12.0" + jobs: pre-commit: runs-on: ubuntu-latest steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + fetch-depth: 0 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' + - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a + with: + toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} + components: rustfmt,clippy + - name: Setup Hadolint + shell: bash + run: | + set -euo pipefail + + LOCATION_DIR="$HOME/.local/bin" + LOCATION_BIN="$LOCATION_DIR/hadolint" + + SYSTEM=$(uname -s) + ARCH=$(uname -m) + + mkdir -p "$LOCATION_DIR" + curl -sL -o "${LOCATION_BIN}" "https://github.com/hadolint/hadolint/releases/download/${{ env.HADOLINT_VERSION }}/hadolint-$SYSTEM-$ARCH" + chmod 700 "${LOCATION_BIN}" + + echo "$LOCATION_DIR" >> "$GITHUB_PATH" - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 with: - extra_args: "" # Disable --all-files until we have time to fix druid/stackable/bin/run-druid + extra_args: "--from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9ededdf9..4b1c512f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,11 +1,12 @@ --- exclude: ^(Cargo\.nix|crate-hashes\.json|nix/.*)$ -# See https://pre-commit.com for more information -# See https://pre-commit.com/hooks.html for more hooks +default_language_version: + node: system + repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: 2c9f875913ee60ca25ce70243dc24d5b6415598c # 4.6.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -14,7 +15,7 @@ repos: - id: detect-private-key - repo: https://github.com/doublify/pre-commit-rust - rev: v1.0 + rev: eeee35a89e69d5772bdee97db1a6a898467b686e # 1.0 hooks: - id: fmt args: ["--all", "--", "--check"] @@ -22,19 +23,19 @@ repos: args: ["--all-targets", "--", "-D", "warnings"] - repo: https://github.com/adrienverge/yamllint - rev: v1.35.1 + rev: 81e9f98ffd059efe8aa9c1b1a42e5cce61b640c6 # 1.35.1 hooks: - id: yamllint - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.40.0 + rev: f295829140d25717bc79368d3f966fc1f67a824f # 0.41.0 hooks: - id: markdownlint types: [text] files: \.md(\.j2)*$ - repo: https://github.com/koalaman/shellcheck-precommit - rev: v0.10.0 + rev: 2491238703a5d3415bb2b7ff11388bf775372f29 # 0.10.0 hooks: - id: shellcheck args: ["--severity=info"] @@ -43,13 +44,23 @@ repos: # If you do not, you will need to delete the cached ruff binary shown in the # error message - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.5.1 + rev: f1ebc5730d98440041cc43e4d69829ad598ae1e7 # 0.6.3 hooks: # Run the linter. - id: ruff # Run the formatter. - id: ruff-format + - repo: https://github.com/rhysd/actionlint + rev: 62dc61a45fc95efe8c800af7a557ab0b9165d63b # 1.7.1 + hooks: + - id: actionlint + + - repo: https://github.com/hadolint/hadolint + rev: b3555ba9c2bfd9401e79f2f0da68dd1ae38e10c7 # 2.12.0 + hooks: + - id: hadolint + - repo: local hooks: - id: regenerate-charts diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 00000000..e2a19cfd --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,19 @@ +{ + "version": "0.2.0", + "configurations": [ + { + "type": "lldb", + "request": "launch", + "name": "Debug operator binary", + "cargo": { + "args": ["build"], + "filter": { + "name": "stackable-{[ operator.name }]", + "kind": "bin" + } + }, + "args": ["run"], + "cwd": "${workspaceFolder}" + } + ] +} diff --git a/deny.toml b/deny.toml index 26e7cb74..ba73fa96 100644 --- a/deny.toml +++ b/deny.toml @@ -1,3 +1,4 @@ +[graph] targets = [ { triple = "x86_64-unknown-linux-gnu" }, { triple = "aarch64-unknown-linux-gnu" }, @@ -7,20 +8,13 @@ targets = [ ] [advisories] -vulnerability = "warn" -unmaintained = "allow" -unsound = "warn" -yanked = "warn" -notice = "warn" +yanked = "deny" [bans] multiple-versions = "allow" [licenses] -unlicensed = "deny" -copyleft = "deny" -allow-osi-fsf-free = "neither" -default = "deny" +unused-allowed-license = "allow" confidence-threshold = 1.0 allow = [ "Apache-2.0", diff --git a/renovate.json b/renovate.json index 73ef3bff..de754167 100644 --- a/renovate.json +++ b/renovate.json @@ -3,5 +3,5 @@ "extends": [ "local>stackabletech/.github:renovate-config" ], - "ignorePaths": [".github/workflows/build.yml", ".github/workflows/general_daily_security.yml", ".github/workflows/pr_pre-commit.yaml", ".github/workflows/pr_reviewdog.yaml"] + "ignorePaths": [".github/workflows/build.yml", ".github/workflows/general_daily_security.yml", ".github/workflows/pr_pre-commit.yaml"] } diff --git a/rust-toolchain.toml b/rust-toolchain.toml index c0731f2e..23142f76 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,3 +1,3 @@ # DO NOT EDIT, this file is generated by operator-templating [toolchain] -channel = "1.80.0" +channel = "1.80.1" From de29735e641acb04a6e360d9163053342456afb0 Mon Sep 17 00:00:00 2001 From: Siegfried Weber Date: Wed, 18 Sep 2024 10:53:58 +0200 Subject: [PATCH 2/4] chore: Upgrade the Vector aggregator in the logging tests (#644) --- .../kuttl/logging/01-install-trino-vector-aggregator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/templates/kuttl/logging/01-install-trino-vector-aggregator.yaml b/tests/templates/kuttl/logging/01-install-trino-vector-aggregator.yaml index 382e5a48..699e4c15 100644 --- a/tests/templates/kuttl/logging/01-install-trino-vector-aggregator.yaml +++ b/tests/templates/kuttl/logging/01-install-trino-vector-aggregator.yaml @@ -5,7 +5,7 @@ commands: - script: >- helm install trino-vector-aggregator vector --namespace $NAMESPACE - --version 0.34.0 + --version 0.36.1 --repo https://helm.vector.dev --values trino-vector-aggregator-values.yaml --- From 0bfd303e5c1ffdf7c0064a2a0adf591415c1e26c Mon Sep 17 00:00:00 2001 From: Felix Hennig Date: Wed, 18 Sep 2024 11:59:01 +0100 Subject: [PATCH 3/4] Add descriptions (#641) --- docs/modules/trino/pages/concepts.adoc | 18 ++++++++--- .../pages/getting_started/first_steps.adoc | 18 ++++++++--- .../trino/pages/getting_started/index.adoc | 4 ++- .../pages/getting_started/installation.adoc | 8 +++-- docs/modules/trino/pages/index.adoc | 2 +- .../pages/usage-guide/configuration.adoc | 26 ++++++++++------ .../pages/usage-guide/connect_to_trino.adoc | 8 +++-- .../pages/usage-guide/log_aggregation.adoc | 10 +++--- .../trino/pages/usage-guide/monitoring.adoc | 5 +-- .../trino/pages/usage-guide/query.adoc | 4 ++- docs/modules/trino/pages/usage-guide/s3.adoc | 1 + .../trino/pages/usage-guide/security.adoc | 31 ++++++++++++------- 12 files changed, 91 insertions(+), 44 deletions(-) diff --git a/docs/modules/trino/pages/concepts.adoc b/docs/modules/trino/pages/concepts.adoc index 648cb9c3..0fc8659c 100644 --- a/docs/modules/trino/pages/concepts.adoc +++ b/docs/modules/trino/pages/concepts.adoc @@ -1,11 +1,18 @@ = Concepts +:description: Trino connects to diverse data sources via connectors and catalogs, enabling efficient distributed queries across multiple data stores. +:what-trino-is: https://trino.io/docs/current/overview/use-cases.html#what-trino-is +:trino-connector: https://trino.io/docs/current/connector.html == [[connectors]]Connectors -https://trino.io/docs/current/overview/use-cases.html#what-trino-is[Trino] is a tool designed to efficiently query vast amounts of data using distributed queries. It is not a database with its own storage but rather interacts with many different data stores. Trino connects to these data stores - or data sources - via https://trino.io/docs/current/connector.html[connectors]. +{what-trino-is}[Trino] is a tool designed to efficiently query vast amounts of data using distributed queries. +It is not a database with its own storage but rather interacts with many different data stores. +Trino connects to these data stores - or data sources - via {trino-connector}[connectors]. Each connector enables access to a specific underlying data source such as a Hive warehouse, a PostgreSQL database or a Druid instance. -A Trino cluster comprises two roles: the Coordinator, responsible for managing and monitoring work loads, and the Worker, which is responsible for executing specific tasks that together make up a work load. The workers fetch data from the connectors, execute tasks and share intermediate results. The coordinator collects and consolidates these results for the end-user. +A Trino cluster comprises two roles: the Coordinator, responsible for managing and monitoring work loads, and the Worker, which is responsible for executing specific tasks that together make up a work load. +The workers fetch data from the connectors, execute tasks and share intermediate results. +The coordinator collects and consolidates these results for the end-user. == [[catalogs]]Catalogs @@ -24,9 +31,12 @@ Currently, the following connectors are supported: == Catalog references -Within Stackable a `TrinoCatalog` consists of one or more (mandatory or optional) components which are specific to that catalog. A catalog should be re-usable within multiple Trino clusters. Catalogs are referenced by Trino clusters with labels and label selectors: this is consistent with the Kubernetes paradigm and keeps the definitions simple and flexible. +Within Stackable a `TrinoCatalog` consists of one or more (mandatory or optional) components which are specific to that catalog. +A catalog should be re-usable within multiple Trino clusters. +Catalogs are referenced by Trino clusters with labels and label selectors: this is consistent with the Kubernetes paradigm and keeps the definitions simple and flexible. -The following diagram illustrates this. Two Trino catalogs - each an instance of a particular connector - are declared with labels that used to match them to a Trino cluster: +The following diagram illustrates this. +Two Trino catalogs - each an instance of a particular connector - are declared with labels that used to match them to a Trino cluster: image::catalogs.drawio.svg[A TrinoCluster referencing two catalogs by label matching] diff --git a/docs/modules/trino/pages/getting_started/first_steps.adoc b/docs/modules/trino/pages/getting_started/first_steps.adoc index f82f8c4f..759550f2 100644 --- a/docs/modules/trino/pages/getting_started/first_steps.adoc +++ b/docs/modules/trino/pages/getting_started/first_steps.adoc @@ -1,10 +1,13 @@ = First steps +:description: Deploy and verify a Trino cluster with Stackable Operator. Access via CLI or web interface, and clean up after testing. -After going through the xref:getting_started/installation.adoc[] section and having installed all the operators, you will now deploy a Trino cluster and the required dependencies. Afterwards you can <<_verify_that_it_works, verify that it works>> by running some queries against Trino or visit the Trino web interface. +After going through the xref:getting_started/installation.adoc[] section and having installed all the operators, you will now deploy a Trino cluster and the required dependencies. +Afterwards you can <<_verify_that_it_works, verify that it works>> by running some queries against Trino or visit the Trino web interface. == Setup Trino -A working Trino cluster and its web interface require only the commons, secret and listener operators to work. Simple tests are possible without an external data source (e.g. PostgreSQL, Hive or S3), as internal data can be used. +A working Trino cluster and its web interface require only the commons, secret and listener operators to work. +Simple tests are possible without an external data source (e.g. PostgreSQL, Hive or S3), as internal data can be used. Create a file named `trino.yaml` with the following content: @@ -54,7 +57,9 @@ include::example$getting_started/code/getting_started.sh[tag=port-forwarding] === Access the Trino cluster via CLI tool -We use the https://trino.io/download.html[Trino CLI tool] to access the Trino cluster. This link points to the latest Trino version. In this guide we keep Trino cluster and client versions in sync and download the CLI tool from the https://repo.stackable.tech/[Stackable repository]: +We use the https://trino.io/download.html[Trino CLI tool] to access the Trino cluster. +This link points to the latest Trino version. +In this guide we keep Trino cluster and client versions in sync and download the CLI tool from the https://repo.stackable.tech/[Stackable repository]: [source,bash] ---- @@ -100,9 +105,12 @@ Congratulations, you set up your first Stackable Trino cluster successfully. === Access the Trino web interface -With the port-forward still active, you can connect to the Trino web interface. Enter `https://localhost:8443/ui` in your browser and login with the username `admin`. Since no authentication is enabled you do not need to enter a password. +With the port-forward still active, you can connect to the Trino web interface. +Enter `https://localhost:8443/ui` in your browser and login with the username `admin`. +Since no authentication is enabled you do not need to enter a password. -WARNING: Your browser will probably show a security risk warning because it does not trust the self generated TLS certificates. Just ignore that and continue. +WARNING: Your browser will probably show a security risk warning because it does not trust the self generated TLS certificates. +Just ignore that and continue. After logging in you should see the Trino web interface: diff --git a/docs/modules/trino/pages/getting_started/index.adoc b/docs/modules/trino/pages/getting_started/index.adoc index 949f73c7..1bec0f95 100644 --- a/docs/modules/trino/pages/getting_started/index.adoc +++ b/docs/modules/trino/pages/getting_started/index.adoc @@ -1,6 +1,8 @@ = Getting started +:description: Get started with Trino on Kubernetes using the Stackable Operator. Follow steps for installation, setup, and resource recommendations. -This guide will get you started with Trino using the Stackable Operator. It will guide you through the installation of the operator and its dependencies and setting up your first Trino cluster. +This guide will get you started with Trino using the Stackable Operator. +It will guide you through the installation of the operator and its dependencies and setting up your first Trino cluster. == Prerequisites diff --git a/docs/modules/trino/pages/getting_started/installation.adoc b/docs/modules/trino/pages/getting_started/installation.adoc index 043bc45b..32bc4496 100644 --- a/docs/modules/trino/pages/getting_started/installation.adoc +++ b/docs/modules/trino/pages/getting_started/installation.adoc @@ -1,4 +1,5 @@ = Installation +:description: Install the Stackable Operator for Trino using stackablectl or Helm. Includes optional setup for Hive, S3, and OPA integration. On this page you will install the Stackable Operator for Trino as well as the commons, secret and listener operator which are required by all Stackable Operators. @@ -50,8 +51,8 @@ include::example$getting_started/code/getting_started.sh[tag=helm-install-operat == Optional installation steps -Some Trino connectors like `hive` or `iceberg` work together with the Apache Hive metastore and S3 buckets. For these -components extra steps are required. +Some Trino connectors like `hive` or `iceberg` work together with the Apache Hive metastore and S3 buckets. +For these components extra steps are required. * a Stackable Hive metastore * an accessible S3 bucket @@ -70,7 +71,8 @@ Please refer to the S3 provider. === Hive operator -Please refer to the xref:hive:index.adoc[Hive Operator] docs. Both Hive and Trino need the same S3 authentication. +Please refer to the xref:hive:index.adoc[Hive Operator] docs. +Both Hive and Trino need the same S3 authentication. === OPA operator diff --git a/docs/modules/trino/pages/index.adoc b/docs/modules/trino/pages/index.adoc index d304451f..0281825d 100644 --- a/docs/modules/trino/pages/index.adoc +++ b/docs/modules/trino/pages/index.adoc @@ -1,5 +1,5 @@ = Stackable Operator for Trino -:description: The Stackable operator for Trino is a Kubernetes operator that can manage Trino clusters. Learn about its features, resources, dependencies and demos, and see the list of supported Trino versions. +:description: Manage Trino clusters on Kubernetes with the Stackable operator, featuring resource management, demos, and support for custom Trino versions. :keywords: Stackable operator, Trino, Kubernetes, k8s, operator, data science, data exploration :trino: https://trino.io/ :github: https://github.com/stackabletech/trino-operator/ diff --git a/docs/modules/trino/pages/usage-guide/configuration.adoc b/docs/modules/trino/pages/usage-guide/configuration.adoc index 6902dfc6..750eb04c 100644 --- a/docs/modules/trino/pages/usage-guide/configuration.adoc +++ b/docs/modules/trino/pages/usage-guide/configuration.adoc @@ -1,4 +1,5 @@ = Configuration +:description: Configure Trino clusters with properties, environment variables, and resource requests. Customize settings for performance and storage efficiently. The cluster definition also supports overriding configuration properties and environment variables, either per role or per role group, where the more specific override (role group) has precedence over the less specific one (role). @@ -8,11 +9,11 @@ IMPORTANT: Do not override port numbers. This will lead to faulty installations. For a role or role group, at the same level of `config`, you can specify `configOverrides` for: -- `config.properties` -- `node.properties` -- `log.properties` -- `password-authenticator.properties` -- `security.properties` +* `config.properties` +* `node.properties` +* `log.properties` +* `password-authenticator.properties` +* `security.properties` For a list of possible configuration properties consult the https://trino.io/docs/current/admin/properties.html[Trino Properties Reference]. @@ -46,9 +47,13 @@ All override property values must be strings. The properties will be passed on w === The security.properties file -The `security.properties` file is used to configure JVM security properties. It is very seldom that users need to tweak any of these, but there is one use-case that stands out, and that users need to be aware of: the JVM DNS cache. +The `security.properties` file is used to configure JVM security properties. +It is very seldom that users need to tweak any of these, but there is one use-case that stands out, and that users need to be aware of: the JVM DNS cache. -The JVM manages it's own cache of successfully resolved host names as well as a cache of host names that cannot be resolved. Some products of the Stackable platform are very sensible to the contents of these caches and their performance is heavily affected by them. As of version 414, Trino performs poorly if the positive cache is disabled. To cache resolved host names, and thus speeding up queries you can configure the TTL of entries in the positive cache like this: +The JVM manages it's own cache of successfully resolved host names as well as a cache of host names that cannot be resolved. +Some products of the Stackable platform are very sensible to the contents of these caches and their performance is heavily affected by them. +As of version 414, Trino performs poorly if the positive cache is disabled. +To cache resolved host names, and thus speeding up queries you can configure the TTL of entries in the positive cache like this: [source,yaml] ---- @@ -124,7 +129,9 @@ workers: capacity: 3Gi ---- -In the above example, all Trino workers in the default group will store data (the location of the property `--data-dir`) on a `3Gi` volume. Additional role groups not specifying any resources will inherit the config provided on the role level (`2Gi` volume). This works the same for memory or CPU requests. +In the above example, all Trino workers in the default group will store data (the location of the property `--data-dir`) on a `3Gi` volume. +Additional role groups not specifying any resources will inherit the config provided on the role level (`2Gi` volume). +This works the same for memory or CPU requests. By default, in case nothing is configured in the custom resource for a certain role group, each Pod will have a `2Gi` large local volume mount for the data location containing mainly logs. @@ -168,4 +175,5 @@ spec: capacity: '1Gi' ---- -WARNING: The default values are _most likely_ not sufficient to run a proper cluster in production. Please adapt according to your requirements. +WARNING: The default values are _most likely_ not sufficient to run a proper cluster in production. +Please adapt according to your requirements. diff --git a/docs/modules/trino/pages/usage-guide/connect_to_trino.adoc b/docs/modules/trino/pages/usage-guide/connect_to_trino.adoc index 3c367c4c..692e3937 100644 --- a/docs/modules/trino/pages/usage-guide/connect_to_trino.adoc +++ b/docs/modules/trino/pages/usage-guide/connect_to_trino.adoc @@ -1,4 +1,5 @@ = Connecting to Trino +:description: Learn how to connect to Trino using trino-cli, DBeaver, or Python. Includes setup for SSL/TLS, OpenID Connect, and basic authentication. :trino-jdbc: https://trino.io/docs/current/client/jdbc.html :starburst-odbc: https://docs.starburst.io/data-consumer/clients/odbc.html @@ -29,7 +30,9 @@ The `--insecure` flag ignores the server TLS certificate and is required in this $ java -jar ~/Downloads/trino-cli-403-executable.jar --server https://85.215.195.29:8443 --user admin --password --insecure ---- -TIP: In case you are using OpenID connect, use `--external-authentication` instead of `--password`. A browser window will be opened, which might require you to log in. Please note that you still need to pass the `--user` argument because of https://github.com/trinodb/trino/issues/11547[this Trino issue]. +TIP: In case you are using OpenID connect, use `--external-authentication` instead of `--password`. +A browser window will be opened, which might require you to log in. +Please note that you still need to pass the `--user` argument because of https://github.com/trinodb/trino/issues/11547[this Trino issue]. == Connect with DBeaver @@ -53,7 +56,8 @@ image::connect-with-dbeaver-3.png[] As the last step you can click on _Finish_ and start using the Trino connection. -TIP: In case you are using OpenID connect, set the `externalAuthentication` property to `true` and don't provide and username or password. A browser window will be opened, which might require you to log in. +TIP: In case you are using OpenID connect, set the `externalAuthentication` property to `true` and don't provide and username or password. +A browser window will be opened, which might require you to log in. == Connect with Python diff --git a/docs/modules/trino/pages/usage-guide/log_aggregation.adoc b/docs/modules/trino/pages/usage-guide/log_aggregation.adoc index c279b572..951fddec 100644 --- a/docs/modules/trino/pages/usage-guide/log_aggregation.adoc +++ b/docs/modules/trino/pages/usage-guide/log_aggregation.adoc @@ -1,7 +1,7 @@ = Log aggregation +:description: The logs can be forwarded to a Vector log aggregator by providing a discovery ConfigMap for the aggregator and by enabling the log agent -The logs can be forwarded to a Vector log aggregator by providing a discovery -ConfigMap for the aggregator and by enabling the log agent: +The logs can be forwarded to a Vector log aggregator by providing a discovery ConfigMap for the aggregator and by enabling the log agent: [source,yaml] ---- @@ -19,7 +19,7 @@ spec: level: INFO ---- -Currently, the logs are collected only for `server.log`. Logging for `http-request.log` is disabled by default. +Currently, the logs are collected only for `server.log`. +Logging for `http-request.log` is disabled by default. -Further information on how to configure logging, can be found in -xref:concepts:logging.adoc[]. +Further information on how to configure logging, can be found in xref:concepts:logging.adoc[]. diff --git a/docs/modules/trino/pages/usage-guide/monitoring.adoc b/docs/modules/trino/pages/usage-guide/monitoring.adoc index 56a6a0e3..ad96afe8 100644 --- a/docs/modules/trino/pages/usage-guide/monitoring.adoc +++ b/docs/modules/trino/pages/usage-guide/monitoring.adoc @@ -1,4 +1,5 @@ = Monitoring +:description: The managed Trino instances are automatically configured to export Prometheus metrics. -The managed Trino instances are automatically configured to export Prometheus metrics. See -xref:operators:monitoring.adoc[] for more details. +The managed Trino instances are automatically configured to export Prometheus metrics. +See xref:operators:monitoring.adoc[] for more details. diff --git a/docs/modules/trino/pages/usage-guide/query.adoc b/docs/modules/trino/pages/usage-guide/query.adoc index fddf85a5..1d9b9baa 100644 --- a/docs/modules/trino/pages/usage-guide/query.adoc +++ b/docs/modules/trino/pages/usage-guide/query.adoc @@ -1,6 +1,8 @@ = Testing Trino with Hive and S3 +:description: Test Trino with Hive and S3 by creating a schema and table for Iris data in Parquet format, then querying the dataset. -Create a schema and a table for the Iris data located in S3 and query data. This assumes to have the Iris data set in the `PARQUET` format available in the S3 bucket which can be downloaded https://www.kaggle.com/gpreda/iris-dataset/version/2?select=iris.parquet[here]. +Create a schema and a table for the Iris data located in S3 and query data. +This assumes to have the Iris data set in the `PARQUET` format available in the S3 bucket which can be downloaded https://www.kaggle.com/gpreda/iris-dataset/version/2?select=iris.parquet[here]. == Create schema [source,sql] diff --git a/docs/modules/trino/pages/usage-guide/s3.adoc b/docs/modules/trino/pages/usage-guide/s3.adoc index 5a4888f3..142cc99d 100644 --- a/docs/modules/trino/pages/usage-guide/s3.adoc +++ b/docs/modules/trino/pages/usage-guide/s3.adoc @@ -1,4 +1,5 @@ = Connecting Trino to S3 +:description: Configure S3 connections in Trino either inline within the TrinoCatalog or via an external S3Connection resource for centralized management. You can specify S3 connection details directly inside the TrinoCatalog specification or by referring to an external S3Connection custom resource. This mechanism used used across the whole Stackable Data Platform, read the xref:concepts:s3.adoc[S3 concepts page] to learn more. diff --git a/docs/modules/trino/pages/usage-guide/security.adoc b/docs/modules/trino/pages/usage-guide/security.adoc index 58335ec3..2c8d6bca 100644 --- a/docs/modules/trino/pages/usage-guide/security.adoc +++ b/docs/modules/trino/pages/usage-guide/security.adoc @@ -1,4 +1,5 @@ = Security +:description: The Trino operator supports secure authentication (Password, LDAP, OAuth2), authorization via OPA, and TLS encryption for secure cluster communications. This page covers <> and <>. @@ -14,23 +15,25 @@ The Trino operator currently supports the following `PASSWORD` authenticators. ==== File -The https://trino.io/docs/current/security/password-file.html[file based authentication] can be defined as follows. First create a secret with your users: +The https://trino.io/docs/current/security/password-file.html[file based authentication] can be defined as follows. +First create a secret with your users: [source,yaml] ---- include::example$usage-guide/trino-file-auth-snippet.yaml[tag=secret] ---- -This contains username and password pairs as shown in the previous snippet. The username and password combinations are provided in the `stringData` field. +This contains username and password pairs as shown in the previous snippet. +The username and password combinations are provided in the `stringData` field. -The Secret is referenced in an `AuthenticationClass`. +The Secret is referenced in an AuthenticationClass. [source,yaml] ---- include::example$usage-guide/trino-file-auth-snippet.yaml[tag=authentication_class] ---- -Then reference the `AuthenticationClass` in your TrinoCluster definition: +Then reference the AuthenticationClass in your TrinoCluster definition: [source,yaml] ---- @@ -39,15 +42,18 @@ include::example$usage-guide/trino-file-auth-snippet.yaml[tag=trino] Multiple authentication classes with different user secrets can be provided. -The operator never reads secrets directly, but mounts them directly into the `Pod`. Volume mount names can not exceed *63* characters due to Kubernetes restrictions. +The operator never reads secrets directly, but mounts them directly into the Pod. +Volume mount names can not exceed *63* characters due to Kubernetes restrictions. -For uniqueness, the volume mount name is internally build up of the name of the `AuthenticationClass`. This means the `AuthenticationClass` name must not exceed *63* characters. +For uniqueness, the volume mount name is internally build up of the name of the AuthenticationClass. +This means the AuthenticationClass name must not exceed *63* characters. IMPORTANT: Due to Kubernetes restrictions, the name of the AuthenticationClass must not exceed *63* characters. -Changes to the referenced user `Secret` (e.g. adding or removing a user) are updated in Trino without restarts but after a small delay. This heavily depends on Kubernetes and may take a couple of minutes. +Changes to the referenced user Secret (e.g. adding or removing a user) are updated in Trino without restarts but after a small delay. +This heavily depends on Kubernetes and may take a couple of minutes. -Adding or removing an `AuthenticationClass` will however result in a `Pod` restart. +Adding or removing an AuthenticationClass will however result in a Pod restart. ==== LDAP @@ -159,7 +165,8 @@ For secure connections the following steps must be taken: If authentication is enabled, https://trino.io/docs/current/security/tls.html[TLS] for the coordinator as well as a shared secret for https://trino.io/docs/current/security/internal-communication.html[internal communications] (this is base64 and not encrypted) must be configured. -Securing the Trino cluster will disable all HTTP ports and disable the web interface on the HTTP port as well. In the definition below the authentication is directed to use the `trino-users` secret and TLS communication will use a certificate signed by the Secret Operator (indicated by `autoTls`). +Securing the Trino cluster will disable all HTTP ports and disable the web interface on the HTTP port as well. +In the definition below the authentication is directed to use the `trino-users` secret and TLS communication will use a certificate signed by the Secret Operator (indicated by `autoTls`). [source,yaml] ---- @@ -203,7 +210,8 @@ CLI callout: === Via internal TLS -Internal TLS is for encrypted and authenticated communications between coordinators and workers. Since this applies to all the data send and processed between the processes, this may reduce the performance significantly. +Internal TLS is for encrypted and authenticated communications between coordinators and workers. +Since this applies to all the data send and processed between the processes, this may reduce the performance significantly. [source,yaml] ---- @@ -216,7 +224,8 @@ include::example$usage-guide/trino-secure-internal-tls.yaml[] <4> The `Secret` containing user and password combinations in plaintext <5> TLS mechanism -Since Trino has internal and external communications running over a single port, this will enable the HTTPS port but not expose it. Cluster access is only possible via HTTP. +Since Trino has internal and external communications running over a single port, this will enable the HTTPS port but not expose it. +Cluster access is only possible via HTTP. [source] ---- From aebbb7b102351744ccc1a0136ecd432d5db68df4 Mon Sep 17 00:00:00 2001 From: Stacky McStackface <95074132+stackable-bot@users.noreply.github.com> Date: Wed, 18 Sep 2024 15:37:47 +0200 Subject: [PATCH 4/4] chore: Generated commit to update templated files since the last template run up to stackabletech/operator-templating@932368c8bb74fd94234e8e5cfd6506df879cc131 (#645) Reference-to: stackabletech/operator-templating@932368c (Update docker user and various dockerfile improvements) --- .github/actionlint.yaml | 5 + .github/workflows/build.yml | 21 ++-- .github/workflows/pr_pre-commit.yaml | 2 + .pre-commit-config.yaml | 4 +- docker/Dockerfile | 177 +++++++++++++++++++++++---- 5 files changed, 174 insertions(+), 35 deletions(-) create mode 100644 .github/actionlint.yaml diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 00000000..8337548a --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,5 @@ +--- +self-hosted-runner: + # Ubicloud machines we are using + labels: + - ubicloud-standard-8-arm diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 203c2083..45f49b3c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,18 +88,18 @@ jobs: TRIGGER: ${{ github.event_name }} GITHUB_REF: ${{ github.ref }} run: | - if [[ $TRIGGER == "pull_request" ]]; then + if [[ "$TRIGGER" == "pull_request" ]]; then echo "exporting test as target helm repo: ${{ env.TEST_REPO_HELM_URL }}" - echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ ( $TRIGGER == "push" || $TRIGGER == "schedule" || $TRIGGER == "workflow_dispatch" ) && $GITHUB_REF == "refs/heads/main" ]]; then + echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" + elif [[ ( "$TRIGGER" == "push" || "$TRIGGER" == "schedule" || "$TRIGGER" == "workflow_dispatch" ) && "$GITHUB_REF" == "refs/heads/main" ]]; then echo "exporting dev as target helm repo: ${{ env.DEV_REPO_HELM_URL }}" - echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ $TRIGGER == "push" && $GITHUB_REF == refs/tags/* ]]; then + echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" + elif [[ "$TRIGGER" == "push" && $GITHUB_REF == refs/tags/* ]]; then echo "exporting stable as target helm repo: ${{ env.STABLE_REPO_HELM_URL }}" - echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> $GITHUB_OUTPUT + echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> "$GITHUB_OUTPUT" else echo "Unknown trigger and ref combination encountered, skipping publish step: $TRIGGER $GITHUB_REF" - echo "helm_repo=skip" >> $GITHUB_OUTPUT + echo "helm_repo=skip" >> "$GITHUB_OUTPUT" fi run_cargodeny: @@ -265,7 +265,7 @@ jobs: - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: - version: v3.13.3 + version: v3.16.1 - name: Set up cargo uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a with: @@ -310,6 +310,7 @@ jobs: matrix: runner: ["ubuntu-latest", "ubicloud-standard-8-arm"] runs-on: ${{ matrix.runner }} + timeout-minutes: 120 permissions: id-token: write env: @@ -379,7 +380,7 @@ jobs: - id: printtag name: Output image name and tag if: ${{ !github.event.pull_request.head.repo.fork }} - run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT + run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" create_manifest_list: name: Build and publish manifest list @@ -437,4 +438,4 @@ jobs: ARCH_FOR_PREFLIGHT="$(arch | sed -e 's#x86_64#amd64#' | sed -e 's#aarch64#arm64#')" ./preflight-linux-amd64 check container "$IMAGE_TAG" --platform "${ARCH_FOR_PREFLIGHT}" > preflight.out - name: "Passed?" - run: '[ "$(cat preflight.out | jq -r .passed)" == true ]' + run: '[ "$(jq -r .passed < preflight.out)" == true ]' diff --git a/.github/workflows/pr_pre-commit.yaml b/.github/workflows/pr_pre-commit.yaml index c7df5b40..5050dc05 100644 --- a/.github/workflows/pr_pre-commit.yaml +++ b/.github/workflows/pr_pre-commit.yaml @@ -16,6 +16,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 + submodules: recursive - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' @@ -39,6 +40,7 @@ jobs: chmod 700 "${LOCATION_BIN}" echo "$LOCATION_DIR" >> "$GITHUB_PATH" + - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 with: extra_args: "--from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4b1c512f..f30ef3ab 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -66,13 +66,13 @@ repos: - id: regenerate-charts name: regenerate-charts language: system - entry: make regenerate-charts + entry: nix-shell --run 'make regenerate-charts' stages: [commit, merge-commit, manual] pass_filenames: false - id: cargo-test name: cargo-test language: system - entry: cargo test + entry: nix-shell --run 'cargo test' stages: [commit, merge-commit, manual] pass_filenames: false diff --git a/docker/Dockerfile b/docker/Dockerfile index 2e3a0e5c..a271c1ca 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,40 +1,171 @@ +# syntax=docker/dockerfile:1.10.0@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5 +# NOTE: The syntax directive needs to be the first line in a Dockerfile + # ============= # This file is automatically generated from the templates in stackabletech/operator-templating # DON'T MANUALLY EDIT THIS FILE # ============= -FROM oci.stackable.tech/sdp/ubi9-rust-builder AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal AS operator +# https://docs.docker.com/build/checks/#fail-build-on-check-violations +# check=error=true + +# We want to automatically use the latest. We also don't tag our images with a version. +# hadolint ignore=DL3007 +FROM oci.stackable.tech/sdp/ubi9-rust-builder:latest AS builder + + +# We want to automatically use the latest. +# hadolint ignore=DL3007 +FROM registry.access.redhat.com/ubi9/ubi-minimal:latest AS operator ARG VERSION ARG RELEASE="1" -LABEL name="Stackable Operator for Trino" \ - maintainer="info@stackable.tech" \ - vendor="Stackable GmbH" \ - version="${VERSION}" \ - release="${RELEASE}" \ - summary="Deploy and manage Trino clusters." \ - description="Deploy and manage Trino clusters." - -# Update image and install kerberos client libraries -# install_weak_deps in microdnf does not support the literal "False" as dnf does -# https://github.com/rpm-software-management/microdnf/blob/a600c62f29262d71a6259b70dc220df65a2ab9b5/dnf/dnf-main.c#L176-L189 -RUN microdnf update -y --setopt=install_weak_deps=0 \ - && microdnf install -y --setopt=install_weak_deps=0 \ - krb5-libs \ - libkadm5 \ - && microdnf clean all \ - && rm -rf /var/cache/yum +# These are chosen at random and are this high on purpose to have very little chance to clash with an existing user or group on the host system +ARG STACKABLE_USER_GID="574654813" +ARG STACKABLE_USER_UID="782252253" + +# These labels have mostly been superceded by the OpenContainer spec annotations below but it doesn't hurt to include them +# http://label-schema.org/rc1/ +LABEL name="Stackable Operator for Trino" +LABEL maintainer="info@stackable.tech" +LABEL vendor="Stackable GmbH" +LABEL version="${VERSION}" +LABEL release="${RELEASE}" +LABEL summary="Deploy and manage Trino clusters." +LABEL description="Deploy and manage Trino clusters." + +# Overwriting/Pinning UBI labels +# https://github.com/projectatomic/ContainerApplicationGenericLabels +LABEL vcs-ref="" +LABEL distribution-scope="public" +LABEL url="https://stackable.tech" +ARG TARGETARCH +LABEL architecture="${TARGETARCH}" +LABEL com.redhat.component="" +# It complains about it being an invalid label but RedHat uses it and we want to override it and it works.... +# hadolint ignore=DL3048 +LABEL com.redhat.license_terms="" +LABEL io.buildah.version="" +LABEL io.openshift.expose-services="" + +# https://github.com/opencontainers/image-spec/blob/036563a4a268d7c08b51a08f05a02a0fe74c7268/annotations.md#annotations +LABEL org.opencontainers.image.authors="info@stackable.tech" +LABEL org.opencontainers.image.url="https://stackable.tech" +LABEL org.opencontainers.image.vendor="Stackable GmbH" +LABEL org.opencontainers.image.licenses="OSL-3.0" +LABEL org.opencontainers.image.documentation="https://docs.stackable.tech/home/stable/trino/" +LABEL org.opencontainers.image.version="${VERSION}" +LABEL org.opencontainers.image.revision="${RELEASE}" +LABEL org.opencontainers.image.title="Stackable Operator for Trino" +LABEL org.opencontainers.image.description="Deploy and manage Trino clusters." + +# https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata +# https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md +LABEL io.openshift.tags="ubi9,stackable,sdp,trino" +LABEL io.k8s.description="Deploy and manage Trino clusters." +LABEL io.k8s.display-name="Stackable Operator for Trino" + +COPY <> /stackable/.bashrc + +echo -e "if [ -f ~/.bashrc ]; then\n\tsource ~/.bashrc\nfi" >> /stackable/.profile + +chown ${STACKABLE_USER_UID}:0 /stackable/.bashrc +chown ${STACKABLE_USER_UID}:0 /stackable/.profile + +# All files and folders owned by root to support running as arbitrary users +# This is best practice as all container users will belong to the root group (0) +# This is not very relevant for the operator images but this makes it consistent with `docker-images` +chown -R ${STACKABLE_USER_UID}:0 /stackable +chmod -R g=u /stackable +EOF + +COPY <