Nessie Catalog¶

If you are already using Nessie Catalog to manage your Iceberg tables, the Denodo Embedded MPP can integrate with as an external Metastore. This allows you to leverage Nessie for your data lake tables and access them directly from Denodo.

To connect to a Nessie Catalog, you must define a new catalog within your Denodo Embedded MPP configuration.

The recommended method for defining new catalogs is by using the presto.catalog property in your values.yaml file. This approach simplifies management and upgrades. Once configured, this new catalog will be accessible from the From MPP Catalogs tab in the Denodo Embedded MPP data source.

Create Nessie Views From MPP Catalog¶

The recommended way to connect to Nessie is using Iceberg REST Catalog. This allows users to leverage OAuth 2.0 authentication by setting the iceberg.rest.auth.oauth2.credential property, which automates refresh token handling and token expiration management, eliminating the need for manual token workflows.

Here is an example of an Iceberg Rest catalog named nessie configured to connect to a Nessie Catalog within your values.yaml:

  catalog:
    nessie: |-
     connector.name=iceberg
     iceberg.catalog.type=rest
     iceberg.catalog.warehouse=/tmp
     iceberg.rest.uri=http://<host>:<port>/iceberg
     iceberg.rest.auth.type=OAUTH2
     iceberg.rest.auth.oauth2.uri=<OAUTH2 server endpoint URI>
     iceberg.rest.auth.oauth2.credential=${ENV:OAUTH2_CREDENTIAL}
     hive.s3.path-style-access=true

     hive.pushdown-filter-enabled=true
     hive.parquet-batch-read-optimization-enabled=true

You can configure the OAUTH2 credential by adding new environment variables to the definition of the Kubernetes Secret mpp-credentials. This secret is used to manage credentials for the Denodo Embedded MPP deployment. You can check more about mpp-credentials configuration in the MPP Deployment page.

The following command demonstrates how to define a new environment variable named OAUTH2_CREDENTIAL within the secret:

kubectl create secret generic mpp-credentials --from-literal=OAUTH2_CREDENTIAL=<credential>

Once you have defined the environment variable in the secret, you can reference it within your values.yaml file or catalog properties file using the following syntax:

nessie: |-
  .
  .
  iceberg.rest.auth.oauth2.credential=${ENV:OAUTH2_CREDENTIAL}
  .
  .

As an alternative to using values.yaml, you can define a new catalog by creating a separate properties file directly in the presto/conf/catalog/ folder of the Denodo Embedded MPP Helm chart (e.g., presto/conf/catalog/nessie.properties). The file name, nessie in this example, will become the catalog name in Embedded MPP.

kubectl create secret generic mpp-credentials
--from-literal=METASTORE_DB_PASSWORD=hive
--from-literal=AWS_ACCESS_KEY_ID=awsaccesskeyid
--from-literal=AWS_SECRET_ACCESS_KEY=awssecretaccesskey

objectStorage:
  aws:
    securityCredentials:
      enabled: true