bitnamicharts/dremio

Verified Publisher

By VMware

Updated 11 months ago

Bitnami Helm chart for Dremio

Helm
Image
Data science
Databases & storage
1

500K+

bitnamicharts/dremio repository overview

Bitnami Secure Images Helm chart for Dremio

Dremio is an open-source self-service data access tool that provides high-performance queries for interactive analytics on data lakes.

Overview of Dremio

Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/dremio

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository.

Introduction

This chart bootstraps a Dremio deployment on a Kubernetes cluster using the Helm package manager.

Before you begin

  • Kubernetes 1.23+
  • Helm 3.8.0+
  • PV provisioner support in the underlying infrastructure

Installing the Chart

To install the chart with the release name my-release:

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/dremio

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

The command deploys dremio on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Configuration and installation details

This section describes credentials, configuration, and other installation options.

Rolling VS Immutable tags

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

Customizing Dremio configuration files

Dremio has two main configuration files: dremio.conf and core-site.xml. These are automatically generated by the chart using the information provided in the values.yaml file.

It is possible to add custom information in both files

Customizing the dremio.conf file

The dremio.conf file gets overridden using the following parameters:

  • dremio.dremioConf.configOverrides: non-sensitive settings to be applied to all Dremio nodes.
  • dremio.dremioConf.secretConfigOverrides: sensitive settings to be applied to all Dremio nodes.

The parameters above are applied to all Dremio nodes. For more specific node settings, the chart uses the following parameters:

-masterCoordinator.dremioConf.configOverrides: non-sensitive settings to be applied to Dremio master coordinator nodes. -masterCoordinator.dremioConf.secretConfigOverrides: sensitive settings to be applied to Dremio master coordinator nodes. -coordinator.dremioConf.configOverrides: non-sensitive settings to be applied to Dremio coordinator nodes. -coordinator.dremioConf.secretConfigOverrides: sensitive settings to be applied to Dremio coordinator nodes. -executor.common.dremioConf.configOverrides: non-sensitive settings to be applied to Dremio executor nodes. -executor.common.dremioConf.secretConfigOverrides: sensitive settings to be applied to Dremio executor nodes.

Using these parameters, the chart will generate ConfigMaps (with the non-sensitive settings) and Secrets (with the sensitive settings) for each Dremio component. Afterwards, an init-container will merge the information from the ConfigMap and the Secret generating the final dremio.conf file which gets mounted in /opt/bitnami/dremio/conf.

NOTE: The settings in the parameters above must be inserted in YAML format, which will get translated into HOCON-compatible flattened YAML.

In the example below we override the upload path for all Dremio nodes and increase the token expiration time in master-coordinator nodes:

dremio:
  dremioConf:
    configOverrides:
      paths.upload: /tmp/uploads

masterCoordinator:
  dremioConf:
    configOverrides:
      services.coordinator.web.tokens.cache.expiration_minutes: 20

Check the upstream Dremio documentation for the list of allowed settings.

As an alternative, it is possible to provide existing ConfigMaps and Secrets with the dremio.conf configuration. This is done using the *.dremioConf.existingSecret and *.dremioConf.existingConfigmap parameters.

Customizing the core-site.xml file

The core-site.xml file can be customized with the following parameter:

  • dremio.coreSite.appendConfiguration: XML string that gets appended inside the <configuration> section of the core-site.xml file.

In the example below we disable SSL connection to the S3 backend:

dremio:
  coreSite:
    appendConfiguration: |
      <property>
          <name>fs.s3a.connection.ssl.enabled</name>
          <description>Value can either be true or false, set to true to use SSL with a secure Minio server.</description>
          <value>false</value>
      </property>

As an alternative, it is possible to provide an existing Secret with the core-site.xml configuration. This is done using the dremio.coreSite.existingSecret parameter.

Check the upstream Dremio documentation for the list of available settings in the core-site.xml file.

Environment variables inside configuration files

The chart allows adding Dremio configuration settings relative to environment vars. This is done by enclosing the environment variable inside {{ }}. An init container will render the environment variable using the render-template tool. This is useful when having rotating secrets.

For adding extra environment variables for rendering, set the defaultInitContainers.generateConf.extraEnvVars parameter.

In the following example we add a property in the core-site.xml dependant to AZURE_TOKEN environment variable, which is part of a secret named azure-secret with key token.

dremio:
  coreSite:
    appendConfiguration: |
      <property>
          <name>dremio.azure.key</name>
          <description>The shared access key for the storage account.</description>
          <value>{{ AZURE_TOKEN }}</value>
      </property>

defaultInitContainers:
  generateConf:
    extraEnvVars:
      - name: AZURE_TOKEN
        valueFrom:
          secretKeyRef:
            name: azure-secret
            key: token
Adding extra configuration files

For advanced configurations such as editing files like logback.xml, it is possible to include extra configuration files in the dremio.conf ConfigMap or Secret using the following values:

  • dremio.dremioConf.extraFiles: Adds extra non-sensitive files.
  • dremio.dremioConf.extraSecretFiles: Add extra sensitive files.

In the following example we include a modified version of the logback.xml file:

dremio:
  dremioConf:
    extraFiles:
      logback.xml: |
        <?xml version="1.0" encoding="UTF-8" ?>
        <configuration scan="true" scanPeriod="30 seconds">
          <contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator"/>
          <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
            <encoder>
              <pattern>%date{ISO8601} [%thread] %-5level %logger{36} - %msg%n</pattern>
            </encoder>
          </appender>
        </configuration>

NOTE: Adding dremio.conf in extraFiles or extraSecretFiles fully overwrites the default dremio.conf file generated by the chart

Distributed Storage configuration

The Bitnami Dremio chart natively supports s3 as backend, either using AWS or MinIO(TM). This is configured using dremio.distStorageType, possible values are: aws, minio or other. E.g.:

  • dremio.distStorageType: aws

It is possible to configure other distributed storage backends when setting dremio.distStorageType to other, but these require add extra configuration settings using the *.dremioConf and *.coreSite. In the sections below we detail some example distributed storage backends. Check the upstream Dremio documentation for the required settings in the dremio.conf and core-site.xml files.

MinIO(TM) subchart as storage backend (default)

Set the following parameters for using the embedded subchart:

dremio:
  distStorageType: minio

minio:
  enabled: true
External MinIO(TM) as distributed storage

For configuring an external MinIO(TM) installation, use the externalS3 section (replace the DREMIO_* placeholders)

dremio:
  distStorageType: minio

minio:
  enabled: false

externalS3:
  host: DREMIO_MINIO_HOST
  port: DREMIO_MINIO_PORT
  accessKeyID: DREMIO_ACCESS_KEY_ID
  accessKeySecret: DREMIO_ACCESS_KEY_SECRET
  bucket: DREMIO_BUCKET
AWS as distributed storage using access key authentication

For configuring AWS as distributed storage, use the externalS3 section (replace the DREMIO_* placeholders):

dremio:
  distStorageType: aws

minio:
  enabled: false

externalS3:
  accessKeyID: DREMIO_ACCESS_KEY_ID
  accessKeySecret: DREMIO_ACCESS_KEY_SECRET
  bucket: DREMIO_BUCKET
  region: DREMIO_REGION

If a role needs to be assumed to access s3, append this configuration to your deployment

dremio:
  coreSite:
    appendConfiguration: |
      <property>
        <name>fs.s3a.assumed.role.arn</name>
        <value>ROLE_TO_ASSUME</value>
      </property>
Azure Storage as distributed storage

For configuring Azure Storage as distributed storage following the upstream Dremio documentation, use the dremio.dremioConf and dremio.coreSite parameters (replace the DREMIO_* placeholders):

dremio:
  distStorageType: other
  dremioConf:
    configOverrides:
      paths.dist: "dremioAzureStorage://:///DREMIO_FILE_SYSTEM_NAME/DREMIO_ALTERNATIVE_STORAGE_ROOT_DIRECTORY"
  coreSite:
    appendConfiguration: |
      <property>
          <name>fs.dremioAzureStorage.impl</name>
          <description>FileSystem implementation. Must always be com.dremio.plugins.azure.AzureStorageFileSystem</description>
          <value>com.dremio.plugins.azure.AzureStorageFileSystem</value>
      </property>
      <property>
          <name>dremio.azure.account</name>
          <description>The name of the storage account.</description>
          <value>DREMIO_ACCOUNT_NAME</value>
      </property>
      <property>
          <name>dremio.azure.key</name>
          <description>The shared access key for the storage account.</description>
          <value>DREMIO_ACCESS_KEY</value>
      </property>
      <property>
          <name>dremio.azure.mode</name>
          <description>The storage account type. Value: STORAGE_V2</description>
          <value>STORAGE_V2</value>
      </property>
      <property>
          <name>dremio.azure.secure</name>
          <description>Boolean option to enable SSL connections. Default: True Value: True/False</description>
          <value>True</value>
      </property>

minio:
  enabled: false
Google Cloud Storage as distributed storage

For configuring Google Cloud Storage as distributed storage following the upstream Dremio documentation, use the dremio.dremioConf and dremio.coreSite parameters (replace the DREMIO_* placeholders):

dremio:
  distStorageType: other
  dremioConf:
    configOverrides:
      paths.dist: "dremiogcs:///DREMIO_BUCKET_NAME/DREMIO_BUCKET_FOLDER"
  coreSite:
    appendConfiguration: |
      <property>
        <name>dremio.gcs.whitelisted.buckets</name>
        <description>GCS bucket to use for distributed storage</description>
        <value>DREMIO_BUCKET_NAME</value>
      </property>
      <property>
        <name>fs.dremiogcs.impl</name>
        <description>The FileSystem implementation. Must be set to com.dremio.plugins.gcs.GoogleBucketFileSystem</description>
        <value>com.dremio.plugins.gcs.GoogleBucketFileSystem</value>
      </property>
      <property>
        <name>dremio.gcs.use_keyfile</name>
        <description>Do not use the key file</description>
        <value>false</value>
      </property>

minio:
  enabled: false
Prometheus metrics

This chart can be integrated with Prometheus by setting metrics.enabled to true. This will deploy a sidecar container with jmx_exporter in all pods and a metrics service, which can be configured under the metrics.service section. This metrics service will have the necessary annotations to be automatically scraped by Prometheus.

Prometheus requirements

It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the Bitnami Prometheus helm chart or the Bitnami Kube Prometheus helm chart to easily have a working Prometheus in your cluster.

Integration with Prometheus Operator

The chart can deploy ServiceMonitor objects for integration with Prometheus Operator installations. To do so, set the value metrics.serviceMonitor.enabled=true. Ensure that the Prometheus Operator CustomResourceDefinitions are installed in the cluster or it will fail with the following error:

no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"

Install the Bitnami Kube Prometheus helm chart for having the necessary CRDs and the Prometheus Operator.

User authentication

When the dremio.auth.enabled parameter is set to true, the chart will create a Job that automatically bootstraps a user using Dremio internal authentication mechanisms. The user is customized with the following parameters:

  • dremio.auth.username: Bootstrap username
  • dremio.auth.password: Bootstrap password
  • dremio.auth.email: Bootstrap email
  • dremio.auth.firstName: Bootstrap first name
  • dremio.auth.lastName: Bootstrap last name

Also, it is possible to provide the password using an existing secret with the dremio.auth.existingSecret value.

Other authentication mechanisms can be configured using the dremioConf and coreSite values. You could check upstream Dremio documentation for all the available options.

External Zookeeper support

You may want to have Dremio connect to an external zookeeper rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the externalZookeeper parameter. You should also disable the Zookeeper installation with the zookeeper.enabled option. Here is an example:

zookeper.enabled=false
externalZookeeper.hosts[0]=myexternalhost
externalZookeeper.port=2181
Securing traffic using TLS

TLS support for the Web interface can be enabled in the chart by specifying the dremio.tls.enabled=truewhile creating a release. Two possible options are available:

  • Provide your own secret with the PEM or JKS certificates
  • Have the chart auto-generate the certificates.
Providing your own TLS secret

To provide your own secret set the dremio.tls.existingSecret value. It is possible to use PEM or JKS.

To use PEM Certs:

  • dremio.tls.usePemCerts=true: Use PEM certificates instead of a JKS file.
  • dremio.tls.certFilename: Certificate filename. Defaults to tls.crt.
  • dremio.tls.certKeyFilename: Certificate key filename. Defaults to tls.key

To use JKS keystore:

  • dremio.tls.usePemCerts=false: Use JKS file.
  • dremio.tls.keystoreFilename: Certificate filename. Defaults to dremio.jks.

In the following example we will use PEM certificates. First, create the secret with the certificates files:

kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem

Then, use the following parameters:

dremio.tls.enabled="true"
dremio.tls.existingSecret="certificates-tls-secret"
dremio.tls.usePemCerts="true"
dremio.tls.certFilename="cert.pem"
dremio.tls.certKeyFilename="cert.key"
Auto-generation of TLS certificates

It is also possible to rely on the chart certificate auto-generation capabilities. The chart supports two different ways to auto-generate the required certificates:

  • Using Helm capabilities. Enable this feature by setting dremio.tls.autoGenerated.enabled to true and dremio.tls.autoGenerated.engine to helm.
  • Relying on CertManager (please note it's required to have CertManager installed in your K8s cluster). Enable this feature by setting dremio.tls.autoGenerated.enabled to true and dremio.tls.autoGenerated.engine to cert-manager. Please note it's supported to use an existing Issuer/ClusterIssuer for issuing the TLS certificates by setting the dremio.tls.autoGenerated.certManager.existingIssuer and dremio.tls.autoGenerated.certManager.existingIssuerKind parameters.
Gateway API

This chart provides support for exposing Dremio using the Gateway API and its HTTPRoute resource. If you have a Gateway controller installed on your cluster, such as APISIX, Contour, Envoy Gateway, NGINX Gateway Fabric or Kong Ingress Controller you can utilize the Gateway controller to serve your application. To enable Gateway API integration, set httpRoute.enabled to true. The Gateway to be used can be customized by setting the httpRoute.parentRefs parameter. By default, it will reference a Gateway named gateway in the same namespace as the release.

You can specify the list of hostnames to be mapped to the deployment using the httpRoute.hostnames parameter. Additionally, you can customize the rules used to route the traffic to the service by modifying the httpRoute.matches and httpRoute.filters parameters or adding new rules using the httpRoute.extraRules parameter.

This chart also supports creating a BackendTLSPolicy to define the SNI the Gateway should use to connect to the Dremio backend pods and how the certificate served by these pods should be verified. To do so, set the backendTLSPolicy.enabled parameter to true. Please note it's required to secure traffic using TLS as explained in the Securing traffic using TLS section to be able to use this feature.

Ingress

This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as nginx-ingress-controller or contour you can utilize it to serve your application. To enable Ingress integration, set ingress.enabled to true.

The most common scenario is to have one host name mapped to the deployment. In this case, the ingress.hostname property can be used to set the host name. The ingress.tls parameter can be used to add the TLS configuration for this host.

However, it is also possible to have more than one host. To facilitate this, the ingress.extraHosts parameter (if available) can be set with the host names specified as an array. The ingress.extraTLS parameter (if available) can also be used to add the TLS configuration for extra hosts.

NOTE: For each host specified in the ingress.extraHosts parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but this annotation reference document lists the annotations supported by many popular Ingress controllers.

Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.

Learn more about Ingress controllers.

Configure TLS Secrets for use with Ingress

This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases:

  • Generate certificate secrets based on chart parameters.
  • Enable externally generated certificates.
  • Manage application certificates via an external service (like cert-manager).
  • Create self-signed certificates within the chart (if supported).

In the first two cases, a certificate and a key are needed. Files are expected in .pem format.

Here is an example of a certificate file:

NOTE: There may be more than one certificate if there is a certificate chain.

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
...
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
-----END CERTIFICATE-----

Here is an example of a certificate key:

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
...
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
-----END RSA PRIVATE KEY-----
  • If using Helm to manage the certificates based on the parameters, copy these values into the certificate and key parameters for a given *.ingress.secrets entry.
  • If managing TLS secrets separately, it is necessary to create a TLS secret with name INGRESS_HOSTNAME-tls (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the *.ingress.hostname parameter).
  • If your cluster has a cert-manager add-on to automate the management and issuance of TLS certificates, add to *.ingress.annotations the corresponding ones for cert-manager.
  • If using self-signed certificates created by Helm, set both *.ingress.tls and *.ingress.selfSigned to true.
Dremio Executor configuration

The charts deploys a default executor using the configuration inside the executor.common section. It is possible to define extra group of executor nodes using the executor.engines parameter. Each element inside the executor.engines array has the following parameters:

-name: Name of the group of executors (engine). -overrides: Perform overrides over the parameters in the executor.common section.

In the following example we define an extra group of executors,

Note: the README for this chart is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at https://techdocs.broadcom.com/us/en/vmware-tanzu/bitnami-secure-images/bitnami-secure-images/services/bsi-app-doc/apps-charts-dremio-index.html

Tag summary

Content type

Image

Digest

sha256:0969f628f

Size

7.8 kB

Last updated

11 months ago

docker pull bitnamicharts/dremio:sha256-b65528d92f8266c2bc6e297d81b55486766d3d3f06e126c6fd478105a25da913

This week's pulls

Pulls:

1,834

Last week

Bitnami