From 9032de258fea76b0fab3539bc67b2118a80b20ca Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Tue, 15 Jul 2025 11:03:15 +0200 Subject: [PATCH 1/3] adapt listenerclass --- stacks/end-to-end-security/superset.yaml | 2 +- stacks/end-to-end-security/trino.yaml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/stacks/end-to-end-security/superset.yaml b/stacks/end-to-end-security/superset.yaml index b5f0c431..7c4bb637 100644 --- a/stacks/end-to-end-security/superset.yaml +++ b/stacks/end-to-end-security/superset.yaml @@ -15,7 +15,7 @@ spec: clientCredentialsSecret: superset-keycloak-client userRegistrationRole: Gamma_extended nodes: - config: + roleConfig: listenerClass: external-unstable roleGroups: default: diff --git a/stacks/end-to-end-security/trino.yaml b/stacks/end-to-end-security/trino.yaml index 6a2485c1..2c86348d 100644 --- a/stacks/end-to-end-security/trino.yaml +++ b/stacks/end-to-end-security/trino.yaml @@ -7,7 +7,6 @@ spec: image: productVersion: "476" clusterConfig: - listenerClass: external-unstable tls: serverSecretClass: tls catalogLabelSelector: @@ -23,6 +22,8 @@ spec: configMapName: opa package: trino coordinators: + roleConfig: + listenerClass: external-unstable podOverrides: &podOverrides spec: containers: @@ -88,7 +89,7 @@ spec: hive.hdfs.wire-encryption.enabled: "true" # HMS configuration hive.metastore.authentication.type: KERBEROS - hive.metastore.client.principal: trino/trino.default.svc.cluster.local@KNAB.COM + hive.metastore.client.principal: trino/trino-coordinator.default.svc.cluster.local@KNAB.COM hive.metastore.client.keytab: /stackable/kerberos/keytab hive.metastore.service.principal: hive/hive-iceberg.default.svc.cluster.local@KNAB.COM hive.metastore.thrift.impersonation.enabled: "false" From 401d7fc8c3b3e6e3f361c9e53ed993fb3a3f562b Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Tue, 15 Jul 2025 16:43:34 +0200 Subject: [PATCH 2/3] revert prinicpal change --- stacks/end-to-end-security/trino.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks/end-to-end-security/trino.yaml b/stacks/end-to-end-security/trino.yaml index 2c86348d..36d4a266 100644 --- a/stacks/end-to-end-security/trino.yaml +++ b/stacks/end-to-end-security/trino.yaml @@ -89,7 +89,7 @@ spec: hive.hdfs.wire-encryption.enabled: "true" # HMS configuration hive.metastore.authentication.type: KERBEROS - hive.metastore.client.principal: trino/trino-coordinator.default.svc.cluster.local@KNAB.COM + hive.metastore.client.principal: trino/trino.default.svc.cluster.local@KNAB.COM hive.metastore.client.keytab: /stackable/kerberos/keytab hive.metastore.service.principal: hive/hive-iceberg.default.svc.cluster.local@KNAB.COM hive.metastore.thrift.impersonation.enabled: "false" From ebee3ca4d642fa0a7ee9439ad2f63ad887c23612 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Tue, 15 Jul 2025 16:43:46 +0200 Subject: [PATCH 3/3] adapt hive url --- demos/end-to-end-security/create-spark-report.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/end-to-end-security/create-spark-report.yaml b/demos/end-to-end-security/create-spark-report.yaml index 6e394403..79b32e9b 100644 --- a/demos/end-to-end-security/create-spark-report.yaml +++ b/demos/end-to-end-security/create-spark-report.yaml @@ -70,7 +70,7 @@ data: spark.kerberos.principal: spark/spark.default.svc.cluster.local@KNAB.COM spark.sql.catalog.lakehouse: org.apache.iceberg.spark.SparkCatalog spark.sql.catalog.lakehouse.type: hive - spark.sql.catalog.lakehouse.uri: thrift://hive-iceberg:9083 + spark.sql.catalog.lakehouse.uri: thrift://hive-iceberg-metastore:9083 spark.sql.defaultCatalog: lakehouse spark.sql.extensions: org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions job: