All notable changes to this project will be documented in this file.
- The lifetime of auto generated TLS certificates is now configurable with the role and roleGroup
config property
requestedSecretLifetime
. This helps reduce frequent Pod restarts (#676). - Run a
containerdebug
process in the background of each Trino container to collect debugging information (#687).
- Fix OIDC endpoint construction in case the
rootPath
does have a trailing slash (#673). - BREAKING: Use distinct ServiceAccounts for the Stacklets, so that multiple Stacklets can be deployed in one namespace. Existing Stacklets will use the newly created ServiceAccounts after restart (#672).
- Added support for Trino 455 (#638).
- The operator can now run on Kubernetes clusters using a non-default cluster domain.
Use the env var
KUBERNETES_CLUSTER_DOMAIN
or the operator Helm chart propertykubernetesClusterDomain
to set a non-default cluster domain (#655).
- Reduce CRD size from
984KB
to131KB
by accepting arbitrary YAML input instead of the underlying schema for the following fields (#631):podOverrides
affinity
- BREAKING: The fields
connection
andhost
onS3Connection
as well asbucketName
onS3Bucket
are now mandatory (#646). - Don't ignore envOverrides (#633).
- Don't print credentials to STDOUT during startup. Ideally we should use config-utils, but that's not easy (see here) (#634).
- Invalid
TrinoCluster
,TrinoCatalog
orAuthenticationClass
objects don't stop the operator from reconciliation (#657)
- Removed support for Trino 414 and 442 (#638).
- BREAKING: Change the username which triggers graceful shutdown from
admin
tograceful-shutdown-user
for more expressiveness (e.g. in the Trino policies). This is a breaking change because users need to ensure that the usergraceful-shutdown-user
has the required permissions to initiate a graceful shutdown (#573). - Bump
stackable-operator
to 0.70.0,product-config
to 0.7.0, and other dependencies (#611).
- Processing of corrupted log events fixed; If errors occur, the error messages are added to the log event (#598).
- Support for version
428
(#609).
- Various documentation of the CRD (#510).
- Helm: support labels in values.yaml (#528).
- Delta Lake connector (#531).
- Support for version
442
(#557). - Add support for OpenID Connect (#501).
- Add
core-site.xml
when configuring HDFS connection (#526).
- Use graceful shutdown for workers (#461, #463, #466, #474).
- Default stackableVersion to operator version (#441).
- Configuration overrides for the JVM security properties, such as DNS caching (#460).
- Support PodDisruptionBudgets (#481).
- Added support for version 428 with new opa authorizer (#491).
- Let controller watch
AuthenticationClasses
(#449).
operator-rs
0.44.0
->0.55.0
(#441, #453, #470, #481, #491).vector
0.26.0
->0.33.0
(#453, #491).- Let secret-operator handle certificate conversion (#470).
- [BREAKING]: Version 428 uses the new OPA authorizer from https://github.com/bloomberg/trino/tree/add-open-policy-agent which requires existing rego rules to be changed (#491).
- Removed support for versions 377, 387, 395, 396, 403 (#491).
- Support for Trino v414 (#423).
- Generate OLM bundle for Release 23.4.0 (#424).
- Set explicit resources on all containers (#434).
- Support arbitrary connectors using the
generic
connector. This allows you to e.g. access your PostgreSQL (#436). - Support
podOverride
(#440).
- Missing CRD defaults for
status.conditions
field (#425). - Fixed always adding
query.max-memory-per-node
with a fixed value of 1GB (which also didn't work with the new resource defaults). Instead let Trino do it's(JVM max memory * 0.3)
thing (#434). - Increase the size limit of the log volume (#445).
operator-rs
0.40.2
->0.44.0
(#419, #445).- Use 0.0.0-dev product images for testing (#421).
- Use testing-tools 0.2.0 (with new trino client version) (#421).
- Added kuttl test suites (#437).
- [BREAKING]: Reworked authentication mechanism: The
clusterConfig.authentication
now requires a list ofAuthenticationClass
references instead of theMultiUser
andLDAP
separation (#434).
- Deploy default and support custom affinities (#391).
- Cluster status conditions (#403)
- Openshift compatibility (#404).
- Extend cluster resources for status and cluster operation (paused, stopped) (#405)
- [BREAKING]: Moved top level config options (TLS, Authentication, Authorization etc.) to new top level field
clusterConfig
(#400). - [BREAKING]: Support specifying Service type by moving
serviceType
(which was an experimental feature) toclusterConfig.listenerClass
. This enables us to later switch non-breaking to usingListenerClasses
for the exposure of Services. This change is breaking, because - for security reasons - we default to thecluster-internal
ListenerClass
. If you need your cluster to be accessible from outside of Kubernetes you need to setclusterConfig.listenerClass
toexternal-unstable
orexternal-stable
(#406). operator-rs
0.31.0
->0.40.2
(#378, #380, #400, #404, #405).- Bumped stackable image versions to
23.4.0-rc2
(#378, #380). - Fragmented
TrinoConfig
(#379). - Enabled logging and log aggregation (#380).
- Use operator-rs
build_rbac_resources
method (#404).
- [BREAKING]: Removed
log_level
fromTrinoConfig
which is now set via the logging framework struct (#380).
- Add support for Google Sheets connector (#337).
- Add support for Black Hole connector (#347).
- Add support for Trino
403-stackable0.1.0
(#358).
- Updated stackable image versions (#340).
operator-rs
0.25.0
->0.30.2
(#344, #360, #364).- LDAP integration tests create all resources in their namespace and not some in the default namespace (#344).
- Don't run init container as root and avoid chmod and chowning (#353).
- [BREAKING]: Use Product image selection instead of version.
spec.version
has been replaced byspec.image
(#356). - [BREAKING]: Removed tools image for init container and replaced with Trino product image. This means the latest stackable version has to be used in the product image selection (#357)
- [BREAKING]: Use
user
andpassword
Secret keys for LDAP bind credentials Secrets, instead of env var names (#362) - Adapted examples and tests to Hive CRD changes (#364).
- Hive catalog now properly handles hive clusters with replicas > 1 (#348).
- Role group selectors are now applied to the generated StatefulSets (#360).
- LDAP bind credentials resolution from SecretClasses now works correctly (#367).
operator-rs
0.22.0
->0.25.0
(#306).
- Port 8080 missing from Coordinator service if client TLS is disabled (#311).
- Add support for Trino
395-stackable0.1.0
and396-stackable0.1.0
(#292). - Add support for Iceberg connector (#286).
- Add support for TPCH connector and TPCDS connector (#293).
- Fix not adding
configOverwrites
specified in aTrinoCatalog
to the catalog (#289).
- BREAKING: TrinoClusters must specify a
catalogLabelSelector
. Previously all TrinoCatalogs within the same namespace where used whencatalogLabelSelector
was not specified, which is unwanted behavior (#277).
- Add support for connecting to HDFS (#263).
- Add support for Hive 3.1.3 (#243).
- PVCs for data storage, cpu and memory limits are now configurable (#270).
- Add temporary attribute to support using ClusterIP instead of NodePort service type (#272).
- BREAKING: TrinoCatalogs now have their own CRD object and get referenced by the TrinoCluster according to ADR19 and ADR20 (#263).
- Include chart name when installing with a custom release name (#233, #234).
operator-rs
0.21.1
->0.22.0
(#235).- Internal and client TLS now configurable instead of defaulting to "tls" secret class (#244).
- S3 TLS properly supported (#244).
- Introduced global
config
forTLS
settings (#244).
- Add missing role to read S3Connection objects (#263).
- Disable Hive connector setting that disallow dropping tables. This check is now done by normal Trino authorization (e.g. OPA) (#263).
- Reconciliation errors are now reported as Kubernetes events (#149).
- Use cli argument
watch-namespace
/ env varWATCH_NAMESPACE
to specify a single namespace to watch (#157). - Moved tests from integration tests repo to operator repo (#211).
- Added
internal-communication.shared-secret
property which is read from (operator created secret). Must be set from Trino version 378 (#224).
operator-rs
0.10.0
->0.21.1
(#149, #157, #183, #193, #206).- BREAKING: The operator now writes a
ConfigMap
for Rego rules instead of the custom resource for the obsolete regorule-operator. This means that the rego rule operator is not required anymore for authorization and opa-operator tag >=0.9.0
(#157). - BREAKING:
OpaConfigMapName
in CRD toopa
using theOpaConfig
from operator-rs (#186). - Trino version to 377 (#193).
- Opa rego example adapted to the new
trino-opa-authorizer
(#193). - BREAKING: Configuration of S3 adapted to ADR016 (#200).
- BREAKING: Specifying the product version has been changed to adhere to ADR018 instead of just specifying the product version you will now have to add the Stackable image version as well, so version: 3.1.0 becomes (for example) version: 3.1.0-stackable0 (#211)
stackable-regorule-crd
dependency (#157).- BREAKING:
nodeEnvironment
from CRD. Will default to themetadata.name
field (can be overriden) (#183). - BREAKING: Removed
authorization
module from CRD and code and provided the opa bundle viaConfigMap
directly instead of generating it (#186). - Possibly BREAKING: Removed
query.max-total-memory-per-node
config parameter (#193).
- Fixed
stackable/data
write permission failure in managed cloud (#142). - Replaced hardcoded references in init container command to
stackable/keystore
(#142).
- Monitoring scraping label
prometheus.io/scrape: true
(#118).
- BREAKING: CRD changes. The
spec.opa
andspec.hive
renamed tospec.opaConfigMapName
andspec.hiveConfigMapName
which only accept a String (#131). - BREAKING: In case the namespace is omitted, the operator defaults to the
TrinoCluster
namespace instead ofdefault
(#95). - User authentication now provided via secret instead of custom resource (#81).
- User authentication not exposed in configmap anymore (#81).
- TLS certificates / keystore now retrieved via secret-operator (#81).
- The Trino version is now a string instead of enum (#81).
operator-rs
0.4.0
→0.10.0
(#81, #95, #118).stackable-regorule-crd
0.2.0
→0.6.0
(#81, #118).- Improvements to setting up (easy) insecure clusters (#131)
operator-rs
0.3.0
→0.4.0
(#32).stackable-hive-crd
0.1.0
→0.2.0
(#32).stackable-regorule-crd
0.1.0
→0.2.0
(#32).stackable-opa-crd
0.4.1
→0.5.0
(#32).- Adapted pod image and container command to docker image (#32).
- Adapted documentation to represent new workflow with docker images (#32).
- Switched to operator-rs tag 0.3.0 (#21)