dremio
Bitnami Helm chart for Dremio
500K+
Dremio is an open-source self-service data access tool that provides high-performance queries for interactive analytics on data lakes.
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/dremio
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository.
This chart bootstraps a Dremio deployment on a Kubernetes cluster using the Helm package manager.
To install the chart with the release name my-release:
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/dremio
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to useREGISTRY_NAME=registry-1.docker.ioandREPOSITORY_NAME=bitnamicharts.
The command deploys dremio on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
This section describes credentials, configuration, and other installation options.
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
Dremio has two main configuration files: dremio.conf and core-site.xml. These are automatically generated by the chart using the information provided in the values.yaml file.
It is possible to add custom information in both files
The dremio.conf file gets overridden using the following parameters:
dremio.dremioConf.configOverrides: non-sensitive settings to be applied to all Dremio nodes.dremio.dremioConf.secretConfigOverrides: sensitive settings to be applied to all Dremio nodes.The parameters above are applied to all Dremio nodes. For more specific node settings, the chart uses the following parameters:
-masterCoordinator.dremioConf.configOverrides: non-sensitive settings to be applied to Dremio master coordinator nodes.
-masterCoordinator.dremioConf.secretConfigOverrides: sensitive settings to be applied to Dremio master coordinator nodes.
-coordinator.dremioConf.configOverrides: non-sensitive settings to be applied to Dremio coordinator nodes.
-coordinator.dremioConf.secretConfigOverrides: sensitive settings to be applied to Dremio coordinator nodes.
-executor.common.dremioConf.configOverrides: non-sensitive settings to be applied to Dremio executor nodes.
-executor.common.dremioConf.secretConfigOverrides: sensitive settings to be applied to Dremio executor nodes.
Using these parameters, the chart will generate ConfigMaps (with the non-sensitive settings) and Secrets (with the sensitive settings) for each Dremio component. Afterwards, an init-container will merge the information from the ConfigMap and the Secret generating the final dremio.conf file which gets mounted in /opt/bitnami/dremio/conf.
NOTE: The settings in the parameters above must be inserted in YAML format, which will get translated into HOCON-compatible flattened YAML.
In the example below we override the upload path for all Dremio nodes and increase the token expiration time in master-coordinator nodes:
dremio:
dremioConf:
configOverrides:
paths.upload: /tmp/uploads
masterCoordinator:
dremioConf:
configOverrides:
services.coordinator.web.tokens.cache.expiration_minutes: 20
Check the upstream Dremio documentation for the list of allowed settings.
As an alternative, it is possible to provide existing ConfigMaps and Secrets with the dremio.conf configuration. This is done using the *.dremioConf.existingSecret and *.dremioConf.existingConfigmap parameters.
The core-site.xml file can be customized with the following parameter:
dremio.coreSite.appendConfiguration: XML string that gets appended inside the <configuration> section of the core-site.xml file.In the example below we disable SSL connection to the S3 backend:
dremio:
coreSite:
appendConfiguration: |
<property>
<name>fs.s3a.connection.ssl.enabled</name>
<description>Value can either be true or false, set to true to use SSL with a secure Minio server.</description>
<value>false</value>
</property>
As an alternative, it is possible to provide an existing Secret with the core-site.xml configuration. This is done using the dremio.coreSite.existingSecret parameter.
Check the upstream Dremio documentation for the list of available settings in the core-site.xml file.
The chart allows adding Dremio configuration settings relative to environment vars. This is done by enclosing the environment variable inside {{ }}. An init container will render the environment variable using the render-template tool. This is useful when having rotating secrets.
For adding extra environment variables for rendering, set the defaultInitContainers.generateConf.extraEnvVars parameter.
In the following example we add a property in the core-site.xml dependant to AZURE_TOKEN environment variable, which is part of a secret named azure-secret with key token.
dremio:
coreSite:
appendConfiguration: |
<property>
<name>dremio.azure.key</name>
<description>The shared access key for the storage account.</description>
<value>{{ AZURE_TOKEN }}</value>
</property>
defaultInitContainers:
generateConf:
extraEnvVars:
- name: AZURE_TOKEN
valueFrom:
secretKeyRef:
name: azure-secret
key: token
For advanced configurations such as editing files like logback.xml, it is possible to include extra configuration files in the dremio.conf ConfigMap or Secret using the following values:
dremio.dremioConf.extraFiles: Adds extra non-sensitive files.dremio.dremioConf.extraSecretFiles: Add extra sensitive files.In the following example we include a modified version of the logback.xml file:
dremio:
dremioConf:
extraFiles:
logback.xml: |
<?xml version="1.0" encoding="UTF-8" ?>
<configuration scan="true" scanPeriod="30 seconds">
<contextListener class="ch.qos.logback.classic.jul.LevelChangePropagator"/>
<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%date{ISO8601} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
</configuration>
NOTE: Adding
dremio.confinextraFilesorextraSecretFilesfully overwrites the default dremio.conf file generated by the chart
The Bitnami Dremio chart natively supports s3 as backend, either using AWS or MinIO(TM). This is configured using dremio.distStorageType, possible values are: aws, minio or other. E.g.:
dremio.distStorageType: awsIt is possible to configure other distributed storage backends when setting dremio.distStorageType to other, but these require add extra configuration settings using the *.dremioConf and *.coreSite. In the sections below we detail some example distributed storage backends. Check the upstream Dremio documentation for the required settings in the dremio.conf and core-site.xml files.
Set the following parameters for using the embedded subchart:
dremio:
distStorageType: minio
minio:
enabled: true
For configuring an external MinIO(TM) installation, use the externalS3 section (replace the DREMIO_* placeholders)
dremio:
distStorageType: minio
minio:
enabled: false
externalS3:
host: DREMIO_MINIO_HOST
port: DREMIO_MINIO_PORT
accessKeyID: DREMIO_ACCESS_KEY_ID
accessKeySecret: DREMIO_ACCESS_KEY_SECRET
bucket: DREMIO_BUCKET
For configuring AWS as distributed storage, use the externalS3 section (replace the DREMIO_* placeholders):
dremio:
distStorageType: aws
minio:
enabled: false
externalS3:
accessKeyID: DREMIO_ACCESS_KEY_ID
accessKeySecret: DREMIO_ACCESS_KEY_SECRET
bucket: DREMIO_BUCKET
region: DREMIO_REGION
If a role needs to be assumed to access s3, append this configuration to your deployment
dremio:
coreSite:
appendConfiguration: |
<property>
<name>fs.s3a.assumed.role.arn</name>
<value>ROLE_TO_ASSUME</value>
</property>
For configuring Azure Storage as distributed storage following the upstream Dremio documentation, use the dremio.dremioConf and dremio.coreSite parameters (replace the DREMIO_* placeholders):
dremio:
distStorageType: other
dremioConf:
configOverrides:
paths.dist: "dremioAzureStorage://:///DREMIO_FILE_SYSTEM_NAME/DREMIO_ALTERNATIVE_STORAGE_ROOT_DIRECTORY"
coreSite:
appendConfiguration: |
<property>
<name>fs.dremioAzureStorage.impl</name>
<description>FileSystem implementation. Must always be com.dremio.plugins.azure.AzureStorageFileSystem</description>
<value>com.dremio.plugins.azure.AzureStorageFileSystem</value>
</property>
<property>
<name>dremio.azure.account</name>
<description>The name of the storage account.</description>
<value>DREMIO_ACCOUNT_NAME</value>
</property>
<property>
<name>dremio.azure.key</name>
<description>The shared access key for the storage account.</description>
<value>DREMIO_ACCESS_KEY</value>
</property>
<property>
<name>dremio.azure.mode</name>
<description>The storage account type. Value: STORAGE_V2</description>
<value>STORAGE_V2</value>
</property>
<property>
<name>dremio.azure.secure</name>
<description>Boolean option to enable SSL connections. Default: True Value: True/False</description>
<value>True</value>
</property>
minio:
enabled: false
For configuring Google Cloud Storage as distributed storage following the upstream Dremio documentation, use the dremio.dremioConf and dremio.coreSite parameters (replace the DREMIO_* placeholders):
dremio:
distStorageType: other
dremioConf:
configOverrides:
paths.dist: "dremiogcs:///DREMIO_BUCKET_NAME/DREMIO_BUCKET_FOLDER"
coreSite:
appendConfiguration: |
<property>
<name>dremio.gcs.whitelisted.buckets</name>
<description>GCS bucket to use for distributed storage</description>
<value>DREMIO_BUCKET_NAME</value>
</property>
<property>
<name>fs.dremiogcs.impl</name>
<description>The FileSystem implementation. Must be set to com.dremio.plugins.gcs.GoogleBucketFileSystem</description>
<value>com.dremio.plugins.gcs.GoogleBucketFileSystem</value>
</property>
<property>
<name>dremio.gcs.use_keyfile</name>
<description>Do not use the key file</description>
<value>false</value>
</property>
minio:
enabled: false
This chart can be integrated with Prometheus by setting metrics.enabled to true. This will deploy a sidecar container with jmx_exporter in all pods and a metrics service, which can be configured under the metrics.service section. This metrics service will have the necessary annotations to be automatically scraped by Prometheus.
It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the Bitnami Prometheus helm chart or the Bitnami Kube Prometheus helm chart to easily have a working Prometheus in your cluster.
The chart can deploy ServiceMonitor objects for integration with Prometheus Operator installations. To do so, set the value metrics.serviceMonitor.enabled=true. Ensure that the Prometheus Operator CustomResourceDefinitions are installed in the cluster or it will fail with the following error:
no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
Install the Bitnami Kube Prometheus helm chart for having the necessary CRDs and the Prometheus Operator.
When the dremio.auth.enabled parameter is set to true, the chart will create a Job that automatically bootstraps a user using Dremio internal authentication mechanisms. The user is customized with the following parameters:
dremio.auth.username: Bootstrap usernamedremio.auth.password: Bootstrap passworddremio.auth.email: Bootstrap emaildremio.auth.firstName: Bootstrap first namedremio.auth.lastName: Bootstrap last nameAlso, it is possible to provide the password using an existing secret with the dremio.auth.existingSecret value.
Other authentication mechanisms can be configured using the dremioConf and coreSite values. You could check upstream Dremio documentation for all the available options.
You may want to have Dremio connect to an external zookeeper rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the externalZookeeper parameter. You should also disable the Zookeeper installation with the zookeeper.enabled option. Here is an example:
zookeper.enabled=false
externalZookeeper.hosts[0]=myexternalhost
externalZookeeper.port=2181
TLS support for the Web interface can be enabled in the chart by specifying the dremio.tls.enabled=truewhile creating a release. Two possible options are available:
To provide your own secret set the dremio.tls.existingSecret value. It is possible to use PEM or JKS.
To use PEM Certs:
dremio.tls.usePemCerts=true: Use PEM certificates instead of a JKS file.dremio.tls.certFilename: Certificate filename. Defaults to tls.crt.dremio.tls.certKeyFilename: Certificate key filename. Defaults to tls.keyTo use JKS keystore:
dremio.tls.usePemCerts=false: Use JKS file.dremio.tls.keystoreFilename: Certificate filename. Defaults to dremio.jks.In the following example we will use PEM certificates. First, create the secret with the certificates files:
kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem
Then, use the following parameters:
dremio.tls.enabled="true"
dremio.tls.existingSecret="certificates-tls-secret"
dremio.tls.usePemCerts="true"
dremio.tls.certFilename="cert.pem"
dremio.tls.certKeyFilename="cert.key"
It is also possible to rely on the chart certificate auto-generation capabilities. The chart supports two different ways to auto-generate the required certificates:
dremio.tls.autoGenerated.enabled to true and dremio.tls.autoGenerated.engine to helm.dremio.tls.autoGenerated.enabled to true and dremio.tls.autoGenerated.engine to cert-manager. Please note it's supported to use an existing Issuer/ClusterIssuer for issuing the TLS certificates by setting the dremio.tls.autoGenerated.certManager.existingIssuer and dremio.tls.autoGenerated.certManager.existingIssuerKind parameters.This chart provides support for exposing Dremio using the Gateway API and its HTTPRoute resource. If you have a Gateway controller installed on your cluster, such as APISIX, Contour, Envoy Gateway, NGINX Gateway Fabric or Kong Ingress Controller you can utilize the Gateway controller to serve your application. To enable Gateway API integration, set httpRoute.enabled to true.
The Gateway to be used can be customized by setting the httpRoute.parentRefs parameter. By default, it will reference a Gateway named gateway in the same namespace as the release.
You can specify the list of hostnames to be mapped to the deployment using the httpRoute.hostnames parameter. Additionally, you can customize the rules used to route the traffic to the service by modifying the httpRoute.matches and httpRoute.filters parameters or adding new rules using the httpRoute.extraRules parameter.
This chart also supports creating a BackendTLSPolicy to define the SNI the Gateway should use to connect to the Dremio backend pods and how the certificate served by these pods should be verified. To do so, set the backendTLSPolicy.enabled parameter to true. Please note it's required to secure traffic using TLS as explained in the Securing traffic using TLS section to be able to use this feature.
This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as nginx-ingress-controller or contour you can utilize it to serve your application. To enable Ingress integration, set ingress.enabled to true.
The most common scenario is to have one host name mapped to the deployment. In this case, the ingress.hostname property can be used to set the host name. The ingress.tls parameter can be used to add the TLS configuration for this host.
However, it is also possible to have more than one host. To facilitate this, the ingress.extraHosts parameter (if available) can be set with the host names specified as an array. The ingress.extraTLS parameter (if available) can also be used to add the TLS configuration for extra hosts.
NOTE: For each host specified in the
ingress.extraHostsparameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but this annotation reference document lists the annotations supported by many popular Ingress controllers.
Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.
Learn more about Ingress controllers.
This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases:
In the first two cases, a certificate and a key are needed. Files are expected in .pem format.
Here is an example of a certificate file:
NOTE: There may be more than one certificate if there is a certificate chain.
-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
...
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
-----END CERTIFICATE-----
Here is an example of a certificate key:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
...
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
-----END RSA PRIVATE KEY-----
certificate and key parameters for a given *.ingress.secrets entry.INGRESS_HOSTNAME-tls (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the *.ingress.hostname parameter).*.ingress.annotations the corresponding ones for cert-manager.*.ingress.tls and *.ingress.selfSigned to true.The charts deploys a default executor using the configuration inside the executor.common section. It is possible to define extra group of executor nodes using the executor.engines parameter. Each element inside the executor.engines array has the following parameters:
-name: Name of the group of executors (engine).
-overrides: Perform overrides over the parameters in the executor.common section.
In the following example we define an extra group of executors,
Note: the README for this chart is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at https://techdocs.broadcom.com/us/en/vmware-tanzu/bitnami-secure-images/bitnami-secure-images/services/bsi-app-doc/apps-charts-dremio-index.html
Content type
Image
Digest
sha256:0969f628f…
Size
7.8 kB
Last updated
11 months ago
docker pull bitnamicharts/dremio:sha256-b65528d92f8266c2bc6e297d81b55486766d3d3f06e126c6fd478105a25da913Pulls:
1,834
Last week