This is an automated email from the ASF dual-hosted git repository.
adutra pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new a4eca8a15 Helm chart: add support for NoSQL persistence (#3798)
a4eca8a15 is described below
commit a4eca8a15eb14f0fda4b4f17fdc56976809856b5
Author: Alexandre Dutra <[email protected]>
AuthorDate: Tue Feb 17 19:37:43 2026 +0100
Helm chart: add support for NoSQL persistence (#3798)
---
helm/polaris/ci/fixtures/mongodb.yaml | 64 +++++++++++++++++++++++++
helm/polaris/ci/fixtures/nosql-persistence.yaml | 27 +++++++++++
helm/polaris/ci/nosql-persistence-values.yaml | 42 ++++++++++++++++
helm/polaris/helm.md.gotmpl | 1 +
helm/polaris/templates/configmap.yaml | 4 ++
helm/polaris/templates/deployment.yaml | 3 +-
helm/polaris/tests/configmap_test.yaml | 16 +++++++
helm/polaris/tests/deployment_test.yaml | 14 ++++++
helm/polaris/values.yaml | 13 +++++
site/content/in-dev/unreleased/helm.md | 7 ++-
10 files changed, 189 insertions(+), 2 deletions(-)
diff --git a/helm/polaris/ci/fixtures/mongodb.yaml
b/helm/polaris/ci/fixtures/mongodb.yaml
new file mode 100644
index 000000000..6334b0423
--- /dev/null
+++ b/helm/polaris/ci/fixtures/mongodb.yaml
@@ -0,0 +1,64 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: mongodb
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: mongodb
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: mongodb
+ spec:
+ containers:
+ - name: mongodb
+ image: docker.io/mongo:8.2.5
+ ports:
+ - containerPort: 27017
+ resources:
+ limits:
+ memory: "512Mi"
+ readinessProbe:
+ exec:
+ command:
+ - mongosh
+ - --eval
+ - "db.adminCommand('ping')"
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 2
+ failureThreshold: 15
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mongodb
+spec:
+ selector:
+ app.kubernetes.io/name: mongodb
+ ports:
+ - protocol: TCP
+ port: 27017
+ targetPort: 27017
+
diff --git a/helm/polaris/ci/fixtures/nosql-persistence.yaml
b/helm/polaris/ci/fixtures/nosql-persistence.yaml
new file mode 100644
index 000000000..2074a4b10
--- /dev/null
+++ b/helm/polaris/ci/fixtures/nosql-persistence.yaml
@@ -0,0 +1,27 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: polaris-nosql-persistence
+type: Opaque
+stringData:
+ connectionString: "mongodb://mongodb:27017"
+
diff --git a/helm/polaris/ci/nosql-persistence-values.yaml
b/helm/polaris/ci/nosql-persistence-values.yaml
new file mode 100644
index 000000000..5f9227ea6
--- /dev/null
+++ b/helm/polaris/ci/nosql-persistence-values.yaml
@@ -0,0 +1,42 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+image:
+ pullPolicy: Never
+
+authentication:
+ tokenBroker:
+ secret:
+ name: polaris-token-broker
+
+logging:
+ file:
+ enabled: true
+ json: true
+ storage:
+ size: 50Mi
+
+persistence:
+ type: nosql
+ nosql:
+ backend: MongoDb
+ database: polaris
+ secret:
+ name: polaris-nosql-persistence
+ connectionString: connectionString
diff --git a/helm/polaris/helm.md.gotmpl b/helm/polaris/helm.md.gotmpl
index b5bd48108..4e2483870 100644
--- a/helm/polaris/helm.md.gotmpl
+++ b/helm/polaris/helm.md.gotmpl
@@ -127,6 +127,7 @@ fail if these resources are not created beforehand. You can
find some examples i
```bash
kubectl apply --namespace polaris -f helm/polaris/ci/fixtures/
kubectl wait --namespace polaris --for=condition=ready pod
--selector=app.kubernetes.io/name=postgres --timeout=120s
+kubectl wait --namespace polaris --for=condition=ready pod
--selector=app.kubernetes.io/name=mongodb --timeout=120s
```
Below are two sample deployment models for installing the chart: one with a
non-persistent backend and another with a persistent backend.
diff --git a/helm/polaris/templates/configmap.yaml
b/helm/polaris/templates/configmap.yaml
index 6555f671f..e51294d9c 100644
--- a/helm/polaris/templates/configmap.yaml
+++ b/helm/polaris/templates/configmap.yaml
@@ -50,6 +50,10 @@ data:
{{- /* Persistence */ -}}
{{- $_ = set $map "polaris.persistence.type" .Values.persistence.type -}}
+ {{- if eq .Values.persistence.type "nosql" -}}
+ {{- $_ = set $map "polaris.persistence.nosql.backend"
.Values.persistence.nosql.backend -}}
+ {{- $_ = set $map "quarkus.mongodb.database"
.Values.persistence.nosql.database -}}
+ {{- end -}}
{{- /* File IO */ -}}
{{- $_ = set $map "polaris.file-io.type" .Values.fileIo.type -}}
diff --git a/helm/polaris/templates/deployment.yaml
b/helm/polaris/templates/deployment.yaml
index bd9611a6b..7c1936e08 100644
--- a/helm/polaris/templates/deployment.yaml
+++ b/helm/polaris/templates/deployment.yaml
@@ -76,7 +76,7 @@ spec:
{{- end }}
image: "{{ tpl .Values.image.repository . }}:{{ tpl
.Values.image.tag . | default .Chart.Version }}"
imagePullPolicy: {{ tpl .Values.image.pullPolicy . }}
- {{ if or .Values.storage.secret.name
.Values.persistence.relationalJdbc.secret.name .Values.oidc.client.secret.name
.Values.extraEnv -}}
+ {{ if or .Values.storage.secret.name
.Values.persistence.relationalJdbc.secret.name
.Values.persistence.nosql.secret.name .Values.oidc.client.secret.name
.Values.extraEnv -}}
env:
{{- include "polaris.secretToEnv" (list .Values.storage.secret
"awsAccessKeyId" "polaris.storage.aws.access-key") | indent 12 -}}
{{- include "polaris.secretToEnv" (list .Values.storage.secret
"awsSecretAccessKey" "polaris.storage.aws.secret-key") | indent 12 -}}
@@ -84,6 +84,7 @@ spec:
{{- include "polaris.secretToEnv" (list
.Values.persistence.relationalJdbc.secret "username"
"quarkus.datasource.username") | indent 12 -}}
{{- include "polaris.secretToEnv" (list
.Values.persistence.relationalJdbc.secret "password"
"quarkus.datasource.password") | indent 12 -}}
{{- include "polaris.secretToEnv" (list
.Values.persistence.relationalJdbc.secret "jdbcUrl"
"quarkus.datasource.jdbc.url") | indent 12 -}}
+ {{- include "polaris.secretToEnv" (list
.Values.persistence.nosql.secret "connectionString"
"quarkus.mongodb.connection-string") | indent 12 -}}
{{- include "polaris.secretToEnv" (list .Values.oidc.client.secret
"key" "quarkus.oidc.credentials.secret") | indent 12 -}}
{{- if .Values.extraEnv -}}
{{- tpl (toYaml .Values.extraEnv) . | nindent 12 -}}
diff --git a/helm/polaris/tests/configmap_test.yaml
b/helm/polaris/tests/configmap_test.yaml
index 2d4e5c365..6c3e5b195 100644
--- a/helm/polaris/tests/configmap_test.yaml
+++ b/helm/polaris/tests/configmap_test.yaml
@@ -125,6 +125,22 @@ tests:
asserts:
- matchRegex: { path: 'data["application.properties"]', pattern:
"polaris.persistence.type=relational-jdbc" }
+ - it: should configure nosql persistence with default values
+ set:
+ persistence: { type: "nosql" }
+ asserts:
+ - matchRegex: { path: 'data["application.properties"]', pattern:
"polaris.persistence.type=nosql" }
+ - matchRegex: { path: 'data["application.properties"]', pattern:
"polaris.persistence.nosql.backend=MongoDb" }
+ - matchRegex: { path: 'data["application.properties"]', pattern:
"quarkus.mongodb.database=polaris" }
+
+ - it: should configure nosql persistence with custom values
+ set:
+ persistence: { type: "nosql", nosql: { backend: "InMemory", database:
"db1" } }
+ asserts:
+ - matchRegex: { path: 'data["application.properties"]', pattern:
"polaris.persistence.type=nosql" }
+ - matchRegex: { path: 'data["application.properties"]', pattern:
"polaris.persistence.nosql.backend=InMemory" }
+ - matchRegex: { path: 'data["application.properties"]', pattern:
"quarkus.mongodb.database=db1" }
+
- it: should configure file-io
set:
fileIo.type: "custom"
diff --git a/helm/polaris/tests/deployment_test.yaml
b/helm/polaris/tests/deployment_test.yaml
index 4e89159fd..71c84ac86 100644
--- a/helm/polaris/tests/deployment_test.yaml
+++ b/helm/polaris/tests/deployment_test.yaml
@@ -1263,6 +1263,20 @@ tests:
name: polaris-persistence
key: jdbcUrl
+ - it: should set nosql persistence environment variables
+ template: deployment.yaml
+ set:
+ persistence: { type: "nosql", nosql: { secret: { name:
"polaris-persistence", connectionString: "connectionString" } } }
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: quarkus.mongodb.connection-string
+ valueFrom:
+ secretKeyRef:
+ name: polaris-persistence
+ key: connectionString
+
- it: should configure volume for file logging
template: deployment.yaml
set:
diff --git a/helm/polaris/values.yaml b/helm/polaris/values.yaml
index 41d351c33..281d77cec 100644
--- a/helm/polaris/values.yaml
+++ b/helm/polaris/values.yaml
@@ -601,6 +601,19 @@ persistence:
password: password
# -- The secret key holding the database JDBC connection URL
jdbcUrl: jdbcUrl
+ # The configuration for the NoSQL persistence manager (currently in beta).
+ nosql:
+ # -- The NoSQL backend to use. Two built-in types are supported: MongoDb
and InMemory.
+ # Only MongoDb is supported for production use.
+ backend: MongoDb
+ # -- The MongoDB database name to use.
+ database: polaris
+ # The secret to pull the MongoDB connection string from.
+ secret:
+ # -- The secret name to pull the MongoDB connection string from.
+ name: ~
+ # -- The secret key holding the MongoDB connection string.
+ connectionString: connectionString
# -- Polaris FileIO configuration.
fileIo:
diff --git a/site/content/in-dev/unreleased/helm.md
b/site/content/in-dev/unreleased/helm.md
index ebdd1b7ed..14215a88a 100644
--- a/site/content/in-dev/unreleased/helm.md
+++ b/site/content/in-dev/unreleased/helm.md
@@ -126,6 +126,7 @@ fail if these resources are not created beforehand. You can
find some examples i
```bash
kubectl apply --namespace polaris -f helm/polaris/ci/fixtures/
kubectl wait --namespace polaris --for=condition=ready pod
--selector=app.kubernetes.io/name=postgres --timeout=120s
+kubectl wait --namespace polaris --for=condition=ready pod
--selector=app.kubernetes.io/name=mongodb --timeout=120s
```
Below are two sample deployment models for installing the chart: one with a
non-persistent backend and another with a persistent backend.
@@ -381,7 +382,11 @@ ct install --namespace polaris --charts ./helm/polaris
| oidc.principalRolesMapper.mappings | list | `[]` | A list of regex mappings
that will be applied to each role name in the identity. This can be used to
transform the role names in the identity into role names as expected by
Polaris. The default Authenticator expects the security identity to expose role
names in the format `POLARIS_ROLE:<role name>`. |
| oidc.principalRolesMapper.rolesClaimPath | string | `nil` | The path to the
claim that contains the principal roles. Nested paths can be expressed using
"/" as a separator, e.g. "polaris/principal_roles" would look for the
"principal_roles" field inside the "polaris" object in the token claims. If not
set, Quarkus looks for roles in standard locations. See
https://quarkus.io/guides/security-oidc-bearer-token-authentication#token-claims-and-security-identity-roles.
|
| oidc.principalRolesMapper.type | string | `"default"` | The
`PrincipalRolesMapper` implementation to use. Only one built-in type is
supported: default. |
-| persistence | object |
`{"relationalJdbc":{"secret":{"jdbcUrl":"jdbcUrl","name":null,"password":"password","username":"username"}},"type":"in-memory"}`
| Polaris persistence configuration. |
+| persistence | object |
`{"nosql":{"backend":"MongoDb","database":"polaris","secret":{"connectionString":"connectionString","name":null}},"relationalJdbc":{"secret":{"jdbcUrl":"jdbcUrl","name":null,"password":"password","username":"username"}},"type":"in-memory"}`
| Polaris persistence configuration. |
+| persistence.nosql.backend | string | `"MongoDb"` | The NoSQL backend to use.
Two built-in types are supported: MongoDb and InMemory. Only MongoDb is
supported for production use. |
+| persistence.nosql.database | string | `"polaris"` | The MongoDB database
name to use. |
+| persistence.nosql.secret.connectionString | string | `"connectionString"` |
The secret key holding the MongoDB connection string. |
+| persistence.nosql.secret.name | string | `nil` | The secret name to pull the
MongoDB connection string from. |
| persistence.relationalJdbc | object |
`{"secret":{"jdbcUrl":"jdbcUrl","name":null,"password":"password","username":"username"}}`
| The configuration for the relational-jdbc persistence manager. |
| persistence.relationalJdbc.secret | object |
`{"jdbcUrl":"jdbcUrl","name":null,"password":"password","username":"username"}`
| The secret name to pull the database connection properties from. |
| persistence.relationalJdbc.secret.jdbcUrl | string | `"jdbcUrl"` | The
secret key holding the database JDBC connection URL |
