A Helm chart for Nessie.
Homepage: https://projectnessie.org/
$ helm repo add nessie-helm https://charts.projectnessie.org
$ helm repo update
$ helm install --namespace nessie-ns nessie nessie-helm/nessie
From Nessie repo root:
$ helm install --namespace nessie-ns nessie helm/nessie
$ helm uninstall --namespace nessie-ns nessie
Key | Type | Default | Description |
---|---|---|---|
advancedConfig | object | {} |
Advanced configuration. You can pass here any valid Nessie or Quarkus configuration property. Any property that is defined here takes precedence over all the other configuration values generated by this chart. Properties can be passed "flattened" or as nested YAML objects (see examples below). |
affinity | object | {} |
Affinity and anti-affinity for nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity. |
authentication.enabled | bool | false |
Specifies whether authentication for the nessie server should be enabled. |
authentication.oidcAuthServerUrl | string | "http://127.255.0.0:0/auth/realms/unset/" |
Sets the base URL of the OpenID Connect (OIDC) server. Needs to be overridden with authentication.enabled=true |
authentication.oidcClientId | string | "nessie" |
Set the OIDC client ID when authentication.enabled=true. Each application has a client ID that is used to identify the application |
authorization.enabled | bool | false |
Specifies whether authorization for the nessie server should be enabled. |
authorization.rules | object | {} |
The authorization rules when authorization.enabled=true. Example rules can be found at https://projectnessie.org/features/metadata_authorization/#authorization-rules |
autoscaling.enabled | bool | false |
Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using ROCKS version store type. |
autoscaling.maxReplicas | int | 3 |
The maximum number of replicas to maintain. |
autoscaling.minReplicas | int | 1 |
The minimum number of replicas to maintain. |
autoscaling.targetCPUUtilizationPercentage | int | 80 |
Optional; set to zero or empty to disable. |
autoscaling.targetMemoryUtilizationPercentage | string | nil |
Optional; set to zero or empty to disable. |
cassandra.auth | object | {} |
|
cassandra.contactPoints | string | nil |
|
cassandra.keyspace | string | "nessie" |
|
cassandra.localDatacenter | string | nil |
|
dynamodb.region | string | "us-west-2" |
The AWS region to use. |
dynamodb.secret.awsAccessKeyId | string | "aws_access_key_id" |
The secret key storing the AWS secret key id. |
dynamodb.secret.awsSecretAccessKey | string | "aws_secret_access_key" |
The secret key storing the AWS secret access key. |
dynamodb.secret.name | string | "awscreds" |
The secret name to pull AWS credentials from. |
extraEnv | list | [] |
Advanced configuration via Environment Variables. Extra environment variables to add to the Nessie server container. You can pass here any valid EnvVar object: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core This can be useful to get configuration values from Kubernetes secrets or config maps. |
image.pullPolicy | string | "IfNotPresent" |
The image pull policy. |
image.repository | string | "ghcr.io/projectnessie/nessie" |
The image repository to pull from. |
image.tag | string | "" |
Overrides the image tag whose default is the chart version. |
ingress.annotations | object | {} |
Annotations to add to the ingress. |
ingress.enabled | bool | false |
Specifies whether an ingress should be created. |
ingress.hosts | list | [{"host":"chart-example.local","paths":[]}] |
A list of host paths used to configure the ingress. |
ingress.tls | list | [] |
A list of TLS certificates; each entry has a list of hosts in the certificate, along with the secret name used to terminate TLS traffic on port 443. |
logLevel | string | "INFO" |
The default logging level for the nessie server. |
mongodb.connectionString | string | "mongodb://localhost:27017" |
The MongoDB connection string. |
mongodb.name | string | "nessie" |
The MongoDB database name. |
mongodb.secret.name | string | "mongodb-creds" |
The secret name to pull MongoDB credentials from. |
mongodb.secret.password | string | "mongodb_password" |
The secret key storing the MongoDB password. |
mongodb.secret.username | string | "mongodb_username" |
The secret key storing the MongoDB username. |
nodeSelector | object | {} |
Node labels which must match for the nessie pod to be scheduled on that node. See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector. |
podAnnotations | object | {} |
Annotations to apply to nessie pods. |
podSecurityContext | object | {} |
Security context for the nessie pod. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. |
postgres.jdbcUrl | string | "jdbc:postgresql://localhost:5432/my_database" |
The Postgres JDBC connection string. |
postgres.secret.name | string | "postgres-creds" |
The secret name to pull Postgres credentials from. |
postgres.secret.password | string | "postgres_password" |
The secret key storing the Postgres password. |
postgres.secret.username | string | "postgres_username" |
The secret key storing the Postgres username. |
replicaCount | int | 1 |
The number of replicas to deploy (horizontal scaling). Beware that replicas are stateless; don't set this number > 1 when using INMEMORY or ROCKS version store types. |
resources | object | {} |
Configures the resources requests and limits for nessie pods. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. |
rocksdb.selectorLabels | object | {} |
Labels to add to the persistent volume claim spec selector; a persistent volume with matching labels must exist. Leave empty if using dynamic provisioning. |
rocksdb.storageClassName | string | "standard" |
The storage class name of the persistent volume claim to create. |
rocksdb.storageSize | string | "1Gi" |
The size of the persistent volume claim to create. |
securityContext | object | {} |
Security context for the nessie container. See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. |
service.annotations | object | {} |
Annotations to add to the service. |
service.port | int | 19120 |
The port on which the service should listen. |
service.type | string | "ClusterIP" |
The type of service to create. |
serviceAccount.annotations | object | {} |
Annotations to add to the service account. |
serviceAccount.create | bool | true |
Specifies whether a service account should be created. |
serviceAccount.name | string | "" |
The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
serviceMonitor.enabled | bool | true |
Specifies whether a ServiceMonitor for Prometheus operator should be created. |
serviceMonitor.interval | string | "" |
The scrape interval; leave empty to let Prometheus decide. Must be a valid duration, e.g. 1d, 1h30m, 5m, 10s. |
serviceMonitor.labels | object | {} |
Labels for the created ServiceMonitor so that Prometheus operator can properly pick it up. |
tolerations | list | [] |
A list of tolerations to apply to nessie pods. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/. |
tracing.attributes | object | {} |
Resource attributes to identify the nessie service among other tracing sources. See https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/#service. If left empty, traces will be attached to a service named "Nessie"; to change this, provide a service.name attribute here. |
tracing.enabled | bool | false |
Specifies whether tracing for the nessie server should be enabled. |
tracing.endpoint | string | "http://otlp-collector:4317" |
The collector endpoint URL to connect to (required). The endpoint URL must have either the http:// or the https:// scheme. The collector must talk the OpenTelemetry protocol (OTLP) and the port must be its gRPC port (by default 4317). See https://quarkus.io/guides/opentelemetry for more information. |
tracing.sample | string | "all" |
Which requests should be sampled. Valid values are: "all", "none", or a ratio between 0.0 and 1.0 (inclusive). E.g. 0.5 means that 50% of the requests will be sampled. |
versionStoreType | string | "IN_MEMORY" |
Which type of version store to use: IN_MEMORY, ROCKSDB, DYNAMODB, MONGODB, CASSANDRA, JDBC. (Legacy version store types are: INMEMORY, ROCKS, DYNAMO, MONGO, TRANSACTIONAL. If you are using one of these legacy version store types, migrate your existing repositories to the new version store types using the nessie-quarkus-cli tool's export/import functionality.) |
- Make sure you have a Secret in the following form:
> cat $PWD/awscreds
aws_access_key_id=YOURACCESSKEYDATA
aws_secret_access_key=YOURSECRETKEYDATA
-
Create the secret from the given file
kubectl create secret generic awscreds --from-env-file="$PWD/awscreds"
-
Now you can use
DYNAMO
as the version store when installing Nessie viahelm install -n nessie-ns nessie helm/nessie --set versionStoreType=DYNAMO
.
- Providing secrets for MongoDB is strongly recommended, but not enforced.
- Make sure you have a Secret in the following form:
> cat $PWD/mongodb-creds
mongodb_username=YOUR_USERNAME
mongodb_password=YOUR_PASSWORD
-
Create the secret from the given file
kubectl create secret generic mongodb-creds --from-env-file="$PWD/mongodb-creds"
-
The
mongodb-creds
secret will now be picked up when you useMONGO
as the version store when installing Nessie viahelm install -n nessie-ns nessie helm/nessie --set versionStoreType=MONGO
.
- Make sure you have a Secret in the following form:
> cat $PWD/postgres-creds
postgres_username=YOUR_USERNAME
postgres_password=YOUR_PASSWORD
-
Create the secret from the given file
kubectl create secret generic postgres-creds --from-env-file="$PWD/postgres-creds"
-
Now you can use
TRANSACTIONAL
as the version store when installing Nessie viahelm install -n nessie-ns nessie helm/nessie --set versionStoreType=TRANSACTIONAL
.
- Install Minikube as described in https://minikube.sigs.k8s.io/docs/start/
- Install Helm as described in https://helm.sh/docs/intro/install/
- Start Minikube cluster:
minikube start
- Create K8s Namespace:
kubectl create namespace nessie-ns
- Install Nessie Helm chart:
helm install nessie -n nessie-ns helm/nessie
This is broadly following the example from https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/
-
Start Minikube cluster:
minikube start
-
Enable NGINX Ingress controller:
minikube addons enable ingress
-
Verify Ingress controller is running:
kubectl get pods -n ingress-nginx
-
Create K8s Namespace:
kubectl create namespace nessie-ns
-
Install Nessie Helm chart with Ingress enabled:
helm install nessie -n nessie-ns helm/nessie \ --set ingress.enabled=true \ --set ingress.hosts[0].host='chart-example.local' \ --set ingress.hosts[0].paths[0]='/'
-
Verify that the IP address is set:
kubectl get ingress -n nessie-ns NAME CLASS HOSTS ADDRESS PORTS AGE nessie nginx * 192.168.49.2 80 4m35s
-
Use the IP from the above output and add it to
/etc/hosts
viaecho "192.168.49.2 chart-example.local" | sudo tee /etc/hosts
-
Verify that
curl chart-example.local
works
- Start Minikube cluster:
minikube start
- Create K8s Namespace:
kubectl create namespace nessie-ns
- Install cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
- Install Jaeger Operator:
kubectl create namespace observability
kubectl apply -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.42.0/jaeger-operator.yaml -n observability
If the above command fails with "failed to call webhook [...] connection refused", then cert-manager was not yet ready. Wait a few seconds and try again.
- Create a Jaeger instance in Nessie's namespace:
kubectl apply -n nessie-ns -f - <<EOF
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: jaeger
EOF
If the above command fails with "failed to call webhook [...] connection refused", then the Jaeger Operator was not yet ready. Wait a few seconds and try again.
- Install Nessie Helm chart with OpenTelemetry Collector enabled:
helm install nessie -n nessie-ns helm/nessie \
--set tracing.enabled=true \
--set tracing.endpoint=http://jaeger-collector:4317
- Forward ports to Jaeger UI and Nessie UI:
kubectl port-forward -n nessie-ns service/nessie 19120:19120 &
kubectl port-forward -n nessie-ns service/jaeger-query 16686:16686 &
- Open the following URLs in your browser:
- Nessie UI (to generate some traces): http://localhost:19120
- Jaeger UI (to retrieve the traces): http://localhost:16686/search
To kill the port forwarding processes, run:
killall -9 kubectl
You can modify Nessie's code and deploy it to Minikube.
Once you've satisfied with your changes, build the project with:
./gradlew :nessie-quarkus:quarkusBuild
Then build the Docker image and deploy it as follows:
eval $(minikube docker-env)
docker build -f ./tools/dockerbuild/docker/Dockerfile-jvm -t nessie-test:latest ./servers/quarkus-server
Then deploy Nessie with the custom Docker image:
helm install nessie -n nessie-ns helm/nessie \
--set image.repository=nessie-test \
--set image.tag=latest
helm uninstall --namespace nessie-ns nessie
minikube delete