This is an automated email from the ASF dual-hosted git repository.
yzheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new d82fcf44a (feat): Helm: add priority class name support for helm
(#3310)
d82fcf44a is described below
commit d82fcf44acb8f215545d35a9cdd470e1ffbe8dc6
Author: Yong Zheng <[email protected]>
AuthorDate: Fri Dec 26 11:12:42 2025 -0600
(feat): Helm: add priority class name support for helm (#3310)
* Add priority class name support for helm
* Update changelog
---
CHANGELOG.md | 1 +
helm/polaris/README.md | 3 ++-
helm/polaris/templates/deployment.yaml | 3 +++
helm/polaris/tests/deployment_test.yaml | 15 +++++++++++++++
helm/polaris/values.yaml | 3 +++
.../configuring-helm.md | 22 ++++++++++++++++++++++
site/content/in-dev/unreleased/helm.md | 1 +
7 files changed, 47 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4bcb28bbf..e94137de5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -59,6 +59,7 @@ request adding CHANGELOG notes for breaking (!) changes and
possibly other secti
- Support credential vending for federated catalogs.
`ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING` (default: true) was added to
toggle this feature.
- Enhanced catalog federation with SigV4 authentication support, additional
authentication types for credential vending, and location-based access
restrictions to block credential vending for remote tables outside allowed
location lists.
- Added `topologySpreadConstraints` support in Helm chart.
+- Added `priorityClassName` support in Helm chart.
- Added support for including principal name in subscoped credentials.
`INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL` (default: false) can be used
to toggle this feature. If enabled, cached credentials issued to one principal
will no longer be available for others.
### Changes
diff --git a/helm/polaris/README.md b/helm/polaris/README.md
index e1f7fd7db..7f20b936e 100644
--- a/helm/polaris/README.md
+++ b/helm/polaris/README.md
@@ -30,7 +30,7 @@ weight: 675
helm-docs --chart-search-root=helm
-->
-
+
A Helm chart for Apache Polaris (incubating).
@@ -387,6 +387,7 @@ ct install --namespace polaris --charts ./helm/polaris
| podLabels | object | `{}` | Additional Labels to apply to polaris pods. |
| podSecurityContext | object |
`{"fsGroup":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | Security
context for the polaris pod. See
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. |
| podSecurityContext.fsGroup | int | `10001` | GID 10001 is compatible with
Polaris OSS default images; change this if you are using a different image. |
+| priorityClassName | string | `nil` | Priority class name for polaris pods.
See
https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority
|
| rateLimiter | object |
`{"tokenBucket":{"requestsPerSecond":9999,"type":"default","window":"PT10S"},"type":"no-op"}`
| Polaris rate limiter configuration. |
| rateLimiter.tokenBucket | object |
`{"requestsPerSecond":9999,"type":"default","window":"PT10S"}` | The
configuration for the default rate limiter, which uses the token bucket
algorithm with one bucket per realm. |
| rateLimiter.tokenBucket.requestsPerSecond | int | `9999` | The maximum
number of requests per second allowed for each realm. |
diff --git a/helm/polaris/templates/deployment.yaml
b/helm/polaris/templates/deployment.yaml
index c4b02efcb..bd9611a6b 100644
--- a/helm/polaris/templates/deployment.yaml
+++ b/helm/polaris/templates/deployment.yaml
@@ -57,6 +57,9 @@ spec:
{{- end }}
{{- end }}
serviceAccountName: {{ include "polaris.serviceAccountName" . }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ tpl .Values.priorityClassName . | quote}}
+ {{- end }}
{{- if .Values.podSecurityContext }}
securityContext:
{{- tpl (toYaml .Values.podSecurityContext) . | nindent 8 }}
diff --git a/helm/polaris/tests/deployment_test.yaml
b/helm/polaris/tests/deployment_test.yaml
index 5b5fea0c1..4e89159fd 100644
--- a/helm/polaris/tests/deployment_test.yaml
+++ b/helm/polaris/tests/deployment_test.yaml
@@ -260,6 +260,21 @@ tests:
path: spec.template.spec.serviceAccountName
value: polaris-sa
+ # spec.template.spec.priorityClassName
+ - it: should not set priorityClassName by default
+ template: deployment.yaml
+ asserts:
+ - notExists:
+ path: spec.template.spec.priorityClassName
+ - it: should set custom priorityClassName
+ template: deployment.yaml
+ set:
+ priorityClassName: polaris-high-priority
+ asserts:
+ - equal:
+ path: spec.template.spec.priorityClassName
+ value: polaris-high-priority
+
# spec.template.spec.securityContext
- it: should set securityContext by default
template: deployment.yaml
diff --git a/helm/polaris/values.yaml b/helm/polaris/values.yaml
index f3ba7ee6f..33e55945e 100644
--- a/helm/polaris/values.yaml
+++ b/helm/polaris/values.yaml
@@ -269,6 +269,9 @@ autoscaling:
# -- Optional; set to zero or empty to disable.
targetMemoryUtilizationPercentage:
+# -- Priority class name for polaris pods. See
https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority
+priorityClassName: ~
+
# -- Node labels which must match for the polaris pod to be scheduled on that
node. See
https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector.
nodeSelector:
{}
diff --git
a/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-helm.md
b/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-helm.md
index a7f3aea40..a6f365e4e 100644
---
a/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-helm.md
+++
b/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-helm.md
@@ -62,6 +62,28 @@ resources:
Adjust these values based on expected workload and available cluster resources.
+## Pod Priority
+
+In a production environment, it is advisable to set a `priorityClassName` for
the Polaris pods. This ensures that the Kubernetes scheduler gives them higher
priority over less critical workloads, and helps prevent them from being
evicted from a node that is running out of resources.
+
+First, a `PriorityClass` must be created in the cluster. For example:
+
+```yaml
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: polaris-high-priority
+value: 1000000
+globalDefault: false
+description: "This priority class should be used for Polaris service pods
only."
+```
+
+Then, the `priorityClassName` can be set in the `values.yaml` file:
+
+```yaml
+priorityClassName: "polaris-high-priority"
+```
+
## Authentication
In a multi-replica production environment, all Polaris pods must share the
same token signing keys. The default chart generates random keys for each pod,
which will cause token validation failures.
diff --git a/site/content/in-dev/unreleased/helm.md
b/site/content/in-dev/unreleased/helm.md
index 5e89609cf..88afeed10 100644
--- a/site/content/in-dev/unreleased/helm.md
+++ b/site/content/in-dev/unreleased/helm.md
@@ -373,6 +373,7 @@ ct install --namespace polaris --charts ./helm/polaris
| podLabels | object | `{}` | Additional Labels to apply to polaris pods. |
| podSecurityContext | object |
`{"fsGroup":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | Security
context for the polaris pod. See
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. |
| podSecurityContext.fsGroup | int | `10001` | GID 10001 is compatible with
Polaris OSS default images; change this if you are using a different image. |
+| priorityClassName | string | `nil` | Priority class name for polaris pods.
See
https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority
|
| rateLimiter | object |
`{"tokenBucket":{"requestsPerSecond":9999,"type":"default","window":"PT10S"},"type":"no-op"}`
| Polaris rate limiter configuration. |
| rateLimiter.tokenBucket | object |
`{"requestsPerSecond":9999,"type":"default","window":"PT10S"}` | The
configuration for the default rate limiter, which uses the token bucket
algorithm with one bucket per realm. |
| rateLimiter.tokenBucket.requestsPerSecond | int | `9999` | The maximum
number of requests per second allowed for each realm. |
