Skip to main content
Version 3.0.0

Ingress — Trino

Trino can expose two hostnames via Ingress: one for the Web UI and another for the Query API / JDBC. Both point to the same service — use the Query API hostname for JDBC connections and CLI clients.

With LDAP enabled, Trino uses HTTPS on port 8443; the Ingress must forward TLS in a way that is compatible with the controller (often TLS passthrough on NGINX).

Ingress vs Gateway API

TDPConfiguration.gateway.ingress and TDPConfiguration.gateway.gatewayApi are mutually exclusive. Enable only one of them.

Prerequisites

  • Ingress Controller installed in the cluster (e.g., NGINX).
  • Hostnames configured in DNS or in /etc/hosts.

HTTP (LDAP disabled)

TDPConfiguration:
  gateway:
    ingress:
      enabled: true

ingress:
  ingressClassName: <ingress-class>
  hosts:
    - host: trino.tdp.local
      paths:
        - path: /
          pathType: Prefix
    - host: trino-ui.tdp.local
      paths:
        - path: /
          pathType: Prefix
  tls: []

HTTPS with LDAP (NGINX passthrough example)

TDPConfiguration:
  gateway:
    ingress:
      enabled: true

ingress:
  ingressClassName: <ingress-class>
  annotations:
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  hosts:
    - host: trino.tdp.local
      paths:
        - path: /
          pathType: Prefix
    - host: trino-ui.tdp.local
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - trino.tdp.local
        - trino-ui.tdp.local
      secretName: <tls-secret-name>

Replace <ingress-class> with the name of the Ingress Controller in the environment (verify with kubectl get ingressclass).

Access

  1. Obtain the external IP of the Ingress Controller:
    Terminal input
    kubectl get svc -A -l app.kubernetes.io/name=ingress-nginx \
      -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}'
  2. Add the hostnames to DNS or to the /etc/hosts file: 
    <INGRESS_IP>   trino.tdp.local
    <INGRESS_IP>   trino-ui.tdp.local
  3. Access:
    • Web UI: http://trino-ui.tdp.local
    • Query API / JDBC: http://trino.tdp.local
    • Use https:// if TLS is configured.

Troubleshooting

IssueLikely causeWhat to check
Ingress not createdTDPConfiguration.gateway.ingress.enabled: false or incorrect ingressClassNameVerify both settings
502 / TLS with LDAPNo passthrough or wrong backendAnnotations and the service/backend port

For additional fields of the Ingress object, run helm show values on the version of the tdp-trino chart you installed.