Trino

A namespaced resource that defines the complete configuration and serves as the source of truth for the state of a specific deployed Trino service.

TrinoClassName

The name of the class to associate with this resource. A service cannot be deployed without an existing TrinoClass.

spec:
  trinoClassName: default

Instance

The section that describes the resources of the service being created. It must pass validation against the sizingPolicy of the corresponding class.

spec:
  instance:
    memory:
      size: 2Gi
    cpu:
      cores: 2
      coreFraction: 50%

Supported Trino Versions

The only supported version is Trino 480.

Our images for running Trino containers are based on the distroless architecture.

External Connections

For Trino to operate, external connections to a Metastore and an Object Storage must be configured. Connection parameters are defined in the externalConnections section of the Trino resource.

Metastore Connection

Trino supports Hive Metastore Service (HMS) as its external metastore. Connection parameters can be supplied in two modes.

Secret Mode (recommended):

metaStore:
  type: HMS
  hms:
    mode: Secret
    secretName: hms-secret

In this mode:

• HMS credentials are stored in a Kubernetes Secret.
• secretName must match an existing Secret in the same namespace.
• Prevents credential exposure in the resource spec.

The Secret must contain the following keys:

Plain Text Mode:

metaStore:
  type: HMS
  hms:
    mode: Plain
    hosts: ["my-hms.hms"]
    port: 9083

In this mode:

• hosts — list of Hive Metastore hostnames or IP addresses.
• port — Thrift port (default: 9083).
• username — optional; used only when HMS impersonation is enabled.

Object Store Configuration (S3-compatible)

Trino requires access to an S3-compatible object storage to work alongside Hive Metastore:

objectStore:
  type: S3
  s3:
    endpoint: minio.minio:9000
    region: us-east-1
    usePathStyle: true
    credentials:
      mode: Plain
      accessKey: access-key-here
      secretKey: secret-key-here

Configuration parameters:

• endpoint — address of the S3 service.
• region — region in AWS format.
• usePathStyle — enables path-style URL addressing.

Two credential modes are available:

• Plain — access and secret keys are specified directly in the Trino resource.
• Secret — reference to a Kubernetes Secret containing the authorization keys (recommended).

When using Secret mode, the Secret must contain the following keys:

Status

The status of the Managed Trino service is reflected in the Trino resource. The Conditions structure unambiguously shows the current state of the service.

Significant condition types:

• LastValidConfigurationApplied — an aggregating condition that shows whether the last valid configuration has been successfully applied at least once.
• ConfigurationValid — shows whether the configuration has passed all validations defined in the associated TrinoClass.
• ScaledToLastValidConfiguration — shows whether the number of running replicas matches the desired configuration.
• Available — shows whether more than half of the requested service replicas are running and accepting connections.

conditions:
  - lastTransitionTime: '2025-09-22T23:20:36Z'
    observedGeneration: 2
    status: 'True'
    type: Available
  - lastTransitionTime: '2025-09-22T14:38:04Z'
    observedGeneration: 2
    status: 'True'
    type: ConfigurationValid
  - lastTransitionTime: '2025-09-22T14:38:47Z'
    observedGeneration: 2
    status: 'True'
    type: LastValidConfigurationApplied
  - lastTransitionTime: '2025-09-22T23:20:36Z'
    observedGeneration: 2
    status: 'True'
    type: ScaledToLastValidConfiguration

A False status indicates a problem at some stage or an incomplete state synchronization. In this case, a reason and message field will be present with a description.

---
- lastTransitionTime: '2025-09-23T14:53:33Z'
  message: Syncing
  observedGeneration: 1
  reason: Syncing
  status: 'False'
  type: LastValidConfigurationApplied
- lastTransitionTime: '2025-09-23T14:54:58Z'
  message: Not all the instances are running still waiting for 1 to become ready
  observedGeneration: 1
  reason: ScalingInProgress
  status: 'False'
  type: ScaledToLastValidConfiguration
---

Usage Examples

Basic Usage

1. Create a namespace named trino.
2. Create the required Secrets before applying the Trino resource:

kubectl apply -f hms-secret.yaml
kubectl apply -f s3-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: hms-secret
  namespace: trino
type: Opaque
stringData:
  uri: "thrift://hms-primary.hive-metastore.svc.cluster.local:9083"
  username: ""  # empty string if impersonation is not needed

apiVersion: v1
kind: Secret
metadata:
  name: s3-secret
  namespace: trino
type: Opaque
stringData:
  accessKey: access-key-here
  secretKey: secret-key-here

3. Apply the Trino resource:

kubectl apply -f managed-services_v1alpha1_trino.yaml

apiVersion: managed-services.deckhouse.io/v1alpha1
kind: Trino
metadata:
  name: trino-sample
  namespace: trino
spec:
  trinoClassName: default
  instance:
    memory:
      size: "2Gi"
    cpu:
      cores: 2
      coreFraction: "50%"
  externalConnections:
    metaStore:
      type: HMS
      hms:
        mode: Secret
        secretName: hms-secret
    objectStore:
      type: S3
      s3:
        endpoint: "https://s3.example.com"
        region: us-east-1
        usePathStyle: true
        credentials:
          mode: Secret
          secretName: s3-secret

4. Wait until the service is ready and all conditions are True:

kubectl get trino trino-sample -n trino -o wide -w

5. Use the curl or any JDBC-compatible client to connect via the service d8ms-trn-trino-sample on port 8080.

curl -s -X POST http://d8ms-trn-trino-sample:8080/v1/statement \
  -H "X-Trino-User: admin" \
  -H "Content-Type: application/json" \
  -d 'SELECT 1 AS result'