Skip to content

Latest commit

 

History

History
284 lines (223 loc) · 15.1 KB

README.md

File metadata and controls

284 lines (223 loc) · 15.1 KB
Raw

Nessie Helm chart

Version: 0.64.0 Type: application

A Helm chart for Nessie.

Homepage: https://projectnessie.org/

Maintainers

Source Code

Installation

From Helm repo

$ helm repo add nessie-helm https://charts.projectnessie.org
$ helm repo update
$ helm install --namespace nessie-ns nessie nessie-helm/nessie

From local directory (for development purposes)

From Nessie repo root:

$ helm install --namespace nessie-ns nessie helm/nessie

Uninstalling the chart

$ helm uninstall --namespace nessie-ns nessie

Values

Key Type Default Description
advancedConfig object {} Advanced configuration. You can pass here any valid Nessie or Quarkus configuration property. Any property that is defined here takes precedence over all the other configuration values generated by this chart. Properties can be passed "flattened" or as nested YAML objects (see examples below).
affinity object {} Affinity and anti-affinity for nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity.
authentication.enabled bool false Specifies whether authentication for the nessie server should be enabled.
authentication.oidcAuthServerUrl string "http://127.255.0.0:0/auth/realms/unset/" Sets the base URL of the OpenID Connect (OIDC) server. Needs to be overridden with authentication.enabled=true
authentication.oidcClientId string "nessie" Set the OIDC client ID when authentication.enabled=true. Each application has a client ID that is used to identify the application
authorization.enabled bool false Specifies whether authorization for the nessie server should be enabled.
authorization.rules object {} The authorization rules when authorization.enabled=true. Example rules can be found at https://projectnessie.org/features/metadata_authorization/#authorization-rules
autoscaling.enabled bool false Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using ROCKS version store type.
autoscaling.maxReplicas int 3 The maximum number of replicas to maintain.
autoscaling.minReplicas int 1 The minimum number of replicas to maintain.
autoscaling.targetCPUUtilizationPercentage int 80 Optional; set to zero or empty to disable.
autoscaling.targetMemoryUtilizationPercentage string nil Optional; set to zero or empty to disable.
cassandra.auth object {}
cassandra.contactPoints string nil
cassandra.keyspace string "nessie"
cassandra.localDatacenter string nil
dynamodb.region string "us-west-2" The AWS region to use.
dynamodb.secret.awsAccessKeyId string "aws_access_key_id" The secret key storing the AWS secret key id.
dynamodb.secret.awsSecretAccessKey string "aws_secret_access_key" The secret key storing the AWS secret access key.
dynamodb.secret.name string "awscreds" The secret name to pull AWS credentials from.
extraEnv list [] Advanced configuration via Environment Variables. Extra environment variables to add to the Nessie server container. You can pass here any valid EnvVar object: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core This can be useful to get configuration values from Kubernetes secrets or config maps.
image.pullPolicy string "IfNotPresent" The image pull policy.
image.repository string "ghcr.io/projectnessie/nessie" The image repository to pull from.
image.tag string "" Overrides the image tag whose default is the chart version.
ingress.annotations object {} Annotations to add to the ingress.
ingress.enabled bool false Specifies whether an ingress should be created.
ingress.hosts list [{"host":"chart-example.local","paths":[]}] A list of host paths used to configure the ingress.
ingress.tls list [] A list of TLS certificates; each entry has a list of hosts in the certificate, along with the secret name used to terminate TLS traffic on port 443.
logLevel string "INFO" The default logging level for the nessie server.
mongodb.connectionString string "mongodb://localhost:27017" The MongoDB connection string.
mongodb.name string "nessie" The MongoDB database name.
mongodb.secret.name string "mongodb-creds" The secret name to pull MongoDB credentials from.
mongodb.secret.password string "mongodb_password" The secret key storing the MongoDB password.
mongodb.secret.username string "mongodb_username" The secret key storing the MongoDB username.
nodeSelector object {} Node labels which must match for the nessie pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector.
podAnnotations object {} Annotations to apply to nessie pods.
podSecurityContext object {} Security context for the nessie pod. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
postgres.jdbcUrl string "jdbc:postgresql://localhost:5432/my_database" The Postgres JDBC connection string.
postgres.secret.name string "postgres-creds" The secret name to pull Postgres credentials from.
postgres.secret.password string "postgres_password" The secret key storing the Postgres password.
postgres.secret.username string "postgres_username" The secret key storing the Postgres username.
replicaCount int 1 The number of replicas to deploy (horizontal scaling). Beware that replicas are stateless; don't set this number > 1 when using INMEMORY or ROCKS version store types.
resources object {} Configures the resources requests and limits for nessie pods. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'.
rocksdb.selectorLabels object {} Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning.
rocksdb.storageClassName string "standard" The storage class name of the persistent volume claim to create.
rocksdb.storageSize string "1Gi" The size of the persistent volume claim to create.
securityContext object {} Security context for the nessie container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.
service.annotations object {} Annotations to add to the service.
service.port int 19120 The port on which the service should listen.
service.type string "ClusterIP" The type of service to create.
serviceAccount.annotations object {} Annotations to add to the service account.
serviceAccount.create bool true Specifies whether a service account should be created.
serviceAccount.name string "" The name of the service account to use. If not set and create is true, a name is generated using the fullname template.
serviceMonitor.enabled bool true Specifies whether a ServiceMonitor for Prometheus operator should be created.
serviceMonitor.interval string "" The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s.
serviceMonitor.labels object {} Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up.
tolerations list [] A list of tolerations to apply to nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/.
tracing.attributes object {} Resource attributes to identify the nessie service among other tracing sources. See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. If left empty, traces will be attached to a service named "Nessie"; to change this, provide a service.name attribute here.
tracing.enabled bool false Specifies whether tracing for the nessie server should be enabled.
tracing.endpoint string "http://otlp-collector:4317" The collector endpoint URL to connect to (required). The endpoint URL must have either the http:// or the https:// scheme. The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). See https://quarkus.io/guides/opentelemetry for more information.
tracing.sample string "all" Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and 1.0 (inclusive). E.g. 0.5 means that 50% of the requests will be sampled.
versionStoreType string "IN_MEMORY" Which type of version store to use: IN_MEMORY, ROCKSDB, DYNAMODB, MONGODB, CASSANDRA, JDBC. (Legacy version store types are: INMEMORY, ROCKS, DYNAMO, MONGO, TRANSACTIONAL. If you are using one of these legacy version store types, migrate your existing repositories to the new version store types using the nessie-quarkus-cli tool's export/import functionality.)

Using secrets

Providing secrets for Dynamo Version Store

  • Make sure you have a Secret in the following form:
> cat $PWD/awscreds
aws_access_key_id=YOURACCESSKEYDATA
aws_secret_access_key=YOURSECRETKEYDATA

  • Create the secret from the given file kubectl create secret generic awscreds --from-env-file="$PWD/awscreds"

  • Now you can use DYNAMO as the version store when installing Nessie via helm install -n nessie-ns nessie helm/nessie --set versionStoreType=DYNAMO.

Providing secrets for MongoDB

  • Providing secrets for MongoDB is strongly recommended, but not enforced.
  • Make sure you have a Secret in the following form:
> cat $PWD/mongodb-creds
mongodb_username=YOUR_USERNAME
mongodb_password=YOUR_PASSWORD

  • Create the secret from the given file kubectl create secret generic mongodb-creds --from-env-file="$PWD/mongodb-creds"

  • The mongodb-creds secret will now be picked up when you use MONGO as the version store when installing Nessie via helm install -n nessie-ns nessie helm/nessie --set versionStoreType=MONGO.

Providing secrets for Transactional Version Store

  • Make sure you have a Secret in the following form:
> cat $PWD/postgres-creds
postgres_username=YOUR_USERNAME
postgres_password=YOUR_PASSWORD

  • Create the secret from the given file kubectl create secret generic postgres-creds --from-env-file="$PWD/postgres-creds"

  • Now you can use TRANSACTIONAL as the version store when installing Nessie via helm install -n nessie-ns nessie helm/nessie --set versionStoreType=TRANSACTIONAL.

Dev installation

Ingress with Minikube

This is broadly following the example from https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/

  • Start Minikube cluster: minikube start

  • Enable NGINX Ingress controller: minikube addons enable ingress

  • Verify Ingress controller is running: kubectl get pods -n ingress-nginx

  • Create K8s Namespace: kubectl create namespace nessie-ns

  • Install Nessie Helm chart with Ingress enabled:

    helm install nessie -n nessie-ns helm/nessie \
  --set ingress.enabled=true \
  --set ingress.hosts[0].host='chart-example.local' \
  --set ingress.hosts[0].paths[0]='/'

  • Verify that the IP address is set:

    kubectl get ingress -n nessie-ns
NAME     CLASS   HOSTS   ADDRESS        PORTS   AGE
nessie   nginx   *       192.168.49.2   80      4m35s

  • Use the IP from the above output and add it to /etc/hosts via echo "192.168.49.2 chart-example.local" | sudo tee /etc/hosts

  • Verify that curl chart-example.local works

OpenTelemetry Collector with Minikube

  • Start Minikube cluster: minikube start
  • Create K8s Namespace: kubectl create namespace nessie-ns
  • Install cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
  • Install Jaeger Operator:
kubectl create namespace observability
kubectl apply -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.42.0/jaeger-operator.yaml -n observability

If the above command fails with "failed to call webhook [...] connection refused", then cert-manager was not yet ready. Wait a few seconds and try again.

  • Create a Jaeger instance in Nessie's namespace:
kubectl apply -n nessie-ns -f - <<EOF
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
  name: jaeger
EOF

If the above command fails with "failed to call webhook [...] connection refused", then the Jaeger Operator was not yet ready. Wait a few seconds and try again.

  • Install Nessie Helm chart with OpenTelemetry Collector enabled:
helm install nessie -n nessie-ns helm/nessie \
  --set tracing.enabled=true \
  --set tracing.endpoint=http://jaeger-collector:4317
  • Forward ports to Jaeger UI and Nessie UI:
kubectl port-forward -n nessie-ns service/nessie 19120:19120 &
kubectl port-forward -n nessie-ns service/jaeger-query 16686:16686 &

To kill the port forwarding processes, run:

killall -9 kubectl

Custom Docker images for Nessie with Minikube

You can modify Nessie's code and deploy it to Minikube.

Once you've satisfied with your changes, build the project with:

./gradlew :nessie-quarkus:quarkusBuild

Then build the Docker image and deploy it as follows:

eval $(minikube docker-env)
docker build -f ./tools/dockerbuild/docker/Dockerfile-jvm -t nessie-test:latest ./servers/quarkus-server

Then deploy Nessie with the custom Docker image:

helm install nessie -n nessie-ns helm/nessie \
  --set image.repository=nessie-test \
  --set image.tag=latest

Stop/Uninstall everything in Dev

helm uninstall --namespace nessie-ns nessie
minikube delete