K3s

Provides relational database backend for three critical databases:

• Jackrabbit (jcr_user): Java Content Repository storing all Pentaho content (reports, dashboards, data sources, transformations, jobs)

• Quartz (pentaho_user): Scheduler managing jobs, triggers, calendars, and execution history

• Hibernate (hibuser): Security configuration, audit logging, user sessions, plus two specialized schemas:

  • pentaho_dilogs: ETL execution logging with job logs, transformation metrics, and step performance data

  • pentaho_operations_mart: Dimensional data mart for platform analytics with dimension and fact tables

• Data persisted through PersistentVolumeClaim to survive restarts

• Automated initialization via ConfigMap-mounted SQL scripts

The hibernate database contains specialized schemas for operational monitoring:

pentaho_dilogs: Captures detailed ETL execution information including job logs, transformation logs, step performance metrics, and error records. Essential for debugging data integration workflows and monitoring pipeline health.

pentaho_operations_mart: A dimensional data mart for analytics on Pentaho usage. Contains dimension tables (DIM_DATE, DIM_TIME, DIM_EXECUTOR) and fact tables (FACT_EXECUTION, FACT_STEP_EXECUTION) for analyzing platform utilization, performance trends, and user activity.

For production deployments, implement regular backups of the repository-data Docker volume. The jackrabbit database is the most critical as it contains all user content. Consider using pg_dump for logical backups or volume snapshots for full recovery options.

If you have deployed an Archive Pentaho Server then copy from:

/opt/pentaho/software/pentaho-server-ee-version

Otherwise download package from the Pentaho Customer Portal.

Documentation Files:

README.md - The main entry point documentation providing project overview, quick start instructions, prerequisites, and general usage information for the K3s deployment workshop.

DEPLOYMENT.md - Detailed deployment guide covering the complete K3s deployment workflow, including pre-requisites, step-by-step instructions, and post-deployment verification procedures.

K3s-INSTALLATION.md - K3s setup and installation instructions covering system preparation, K3s installation, networking configuration, and storage class setup required before deploying Pentaho.

Orchestration & Deployment:

deploy.sh - Automated deployment script that orchestrates the complete K3s deployment workflow including namespace creation, secret generation, manifest application, and service readiness checks.

destroy.sh - Cleanup script that safely removes all K3s resources including deployments, services, persistent volume claims, and namespaces, useful for redeployment or teardown scenarios.

Makefile - Contains convenience command targets for common K3s operations like deploying, destroying, checking status, and viewing logs. Users can run make help to see all available commands.

The docker-build/ directory contains all components needed to build the Pentaho Server container image that will be deployed to K3s:

Documentation Files:

README.md - Complete build documentation covering the Docker image build process, multi-stage build architecture, configuration options, troubleshooting, and best practices for building Pentaho Server images for K3s deployment.

QUICK-START.md - Quick build guide providing step-by-step instructions for users who want to quickly build and test the Pentaho image without reading the complete documentation. Includes common build commands and typical workflows.

ENV-CONFIGURATION.md - Comprehensive configuration reference guide for the .env.example file, detailing all available environment variables, their purposes, default values, and how they affect the Docker build process and resulting image.

Build & Configuration Files:

build.sh - Automated build wrapper script that validates prerequisites, checks for required files (Pentaho ZIP in stagedArtifacts/), detects plugins automatically (PAZ, PIR, PDD), confirms the build with the user, executes docker build, shows image info after build, and optionally pushes to a registry with the -p flag.

.env.example - Configuration template file containing all available environment variables for the Docker build process. Users copy this to .env and customize values for their specific deployment needs including Pentaho version, image tags, and build options.

Dockerfile - Multi-stage build definition using debian:trixie-slim as the base image with OpenJDK 21 JRE. Creates optimized images by separating the build environment from the runtime environment, reducing final image size while maintaining all necessary Pentaho components. The multi-stage approach minimizes security vulnerabilities and improves build efficiency.

test-compose.yml - Local Docker Compose testing environment that allows you to test the built Docker image locally before deploying to K3s. This is useful for validating configuration changes, testing custom plugins, or debugging startup issues without the overhead of a full K3s deployment.

Container Startup Scripts:

entrypoint/ - Directory containing container initialization and startup scripts:

• docker-entrypoint.sh - Primary container startup script that executes when the container starts. Handles environment variable processing, configuration file customization from softwareOverride/, database connection validation, health checks, and orchestrates the Pentaho Server startup sequence.

• start-pentaho-docker.sh - Pentaho-specific startup script that manages Tomcat initialization, JVM configuration, memory settings, and starts the Pentaho Server services. This script is called by docker-entrypoint.sh after environment preparation is complete.

Configuration Overlays:

softwareOverride/ - Configuration overlays directory that gets baked into the Docker image during the build process. Files are organized in numbered directories and processed in alphabetical order to ensure proper application sequence:

• 1_drivers/ - PostgreSQL JDBC driver (included by default) for database connectivity. Additional JDBC drivers or data connectors can be placed here.

• 2_repository/ - Database connection configurations for all Pentaho repositories including Jackrabbit (JCR), Quartz (scheduler), and Hibernate (security/audit). Contains a README.md explaining the repository configuration files and their purposes.

• 3_security/ - Empty in this K3s deployment since HashiCorp Vault integration is not used. In production environments, this would contain authentication, authorization, and security configuration files.

• 4_others/ - Modified Tomcat scripts (startup.sh, setenv.sh), server.xml, web.xml, and other application-level configurations. Contains a README.md documenting the custom Tomcat modifications and their purposes.

Staged Artifacts:

stagedArtifacts/ - Staging directory where users place the Pentaho Server installation package (pentaho-server-ee-11.0.0.0-237.zip) before building the Docker image. Contains a README.md with instructions on where to obtain the Pentaho package and how to stage it properly.

The db_init_postgres/ directory contains PostgreSQL initialization scripts that create all required Pentaho repository databases. These scripts are mounted into the PostgreSQL container and execute automatically on first startup:

1_create_jcr_postgresql.sql - Creates the Jackrabbit Content Repository (JCR) database. The JCR stores all Pentaho content including reports, dashboards, data sources, analysis schemas, transformations, jobs, and user files. This is the primary content management system for the Pentaho repository.

2_create_quartz_postgresql.sql - Sets up the Quartz Scheduler database. Quartz manages all scheduled jobs, triggers, and calendars within Pentaho Server, including report generation schedules, ETL job executions, and other automated processes. Contains critical tables like QRTZ6_JOB_DETAILS, QRTZ6_TRIGGERS, and execution history.

3_create_repository_postgresql.sql - Creates the Hibernate Repository database. This stores user authentication data, authorization information, roles, permissions, and other security-related information managed by Pentaho's security subsystem.

4_pentaho_logging_postgresql.sql - Establishes the pentaho_dilogs schema within the Hibernate database for audit and Data Integration (DI) logging. Captures detailed ETL execution information including job logs, transformation logs, step performance metrics, and error records. Essential for debugging data integration workflows and monitoring pipeline health.

5_pentaho_mart_postgresql.sql - Creates the pentaho_operations_mart schema within the Hibernate database. This dimensional data mart stores operational analytics about Pentaho Server usage, including dimension tables (DIM_DATE, DIM_TIME, DIM_EXECUTOR) and fact tables (FACT_EXECUTION, FACT_STEP_EXECUTION) for analyzing platform utilization, performance trends, and user activity patterns.

The manifests/ directory contains all Kubernetes resource definitions organized by functional area. These YAML files define the declarative state of your K3s deployment:

namespace.yaml - Creates the dedicated pentaho namespace to isolate all Pentaho-related resources from other K3s workloads, providing logical separation and resource organization.

configmaps/ - ConfigMap resources for non-sensitive configuration data:

• pentaho-config.yaml - Pentaho Server configuration settings like JVM parameters, Tomcat settings, and application properties

• postgres-init-scripts.yaml - ConfigMap containing the five PostgreSQL initialization scripts from db_init_postgres/ directory, mounted into the PostgreSQL pod

pentaho/ - Pentaho Server Kubernetes resources:

• deployment.yaml - Defines the Pentaho Server deployment including container specifications, resource requests/limits, environment variables, volume mounts, readiness/liveness probes, and replica count

• service.yaml - ClusterIP service exposing Pentaho Server on port 8080 within the cluster, providing stable internal DNS and load balancing

postgres/ - PostgreSQL database Kubernetes resources:

• deployment.yaml - Defines the PostgreSQL 15 deployment with container specifications, persistent volume claims for data storage, initialization script mounting, and database configuration

• service.yaml - ClusterIP service exposing PostgreSQL on port 5432 within the cluster for Pentaho Server database connections

secrets/ - Sensitive credential storage:

• secrets.yaml - Kubernetes Secret resource containing base64-encoded credentials for PostgreSQL (postgres_password, pentaho_user, pentaho_password) and JDBC connection strings. This file is gitignored for security.

storage/ - Persistent storage definitions:

• pvc.yaml - PersistentVolumeClaim definitions for both PostgreSQL data (postgres-pvc) and Pentaho solutions/data (pentaho-pvc), using K3s's local-path storage class for persistent data across pod restarts

ingress/ - External access configuration:

• ingress.yaml - Traefik Ingress resource defining external HTTP/HTTPS routing rules to expose Pentaho Server outside the K3s cluster, including hostname, path routing, and TLS configuration if applicable

The scripts/ directory contains operational and maintenance utilities for managing the K3s Pentaho deployment:

Database Management:

backup-postgres.sh - Automated PostgreSQL backup utility that creates compressed dumps of all Pentaho databases (jackrabbit, quartz, hibernate) using kubectl exec to run pg_dump inside the PostgreSQL pod. Backups are timestamped and compressed with gzip for efficient storage.

restore-postgres.sh - Database restoration utility to recover Pentaho databases from backup files. Useful for disaster recovery, environment cloning, or migrating data between K3s clusters. Handles decompression and restoration via kubectl exec and psql.

Monitoring & Validation:

health-check.sh - Health check script that verifies both PostgreSQL and Pentaho Server are running and responding correctly. Checks pod status, readiness probes, and performs basic connectivity tests.

monitor-resources.sh - Resource monitoring utility that tracks CPU, memory, and storage usage across all Pentaho pods using kubectl top and resource metrics, helping identify resource constraints or optimization opportunities.

monitor-postgres.sh - PostgreSQL-specific monitoring script that checks database connection counts, active queries, table sizes, and database health metrics via SQL queries executed in the PostgreSQL pod.

validate-deployment.sh - Comprehensive deployment validation script that confirms all K3s resources are properly created, pods are running, services are accessible, persistent volumes are bound, and the entire deployment is operational.

verify-k3s.sh - K3s infrastructure verification script that checks K3s installation, node status, storage classes, Traefik ingress controller, and core K3s components before attempting Pentaho deployment.

The softwareOverride/ directory provides a powerful mechanism to customize Pentaho Server without modifying the core installation. Files are copied into the Pentaho installation during container startup, processed in alphabetical order by directory name.

1. Docker Image Build: The deployment uses a custom-built Pentaho Server container image:

The build.sh script:

• Validates prerequisites and required files

• Detects plugins automatically (PAZ, PIR, PDD)

• Executes multi-stage Docker build

• Optionally pushes to K3s image store

2. Configuration Management:

• .env file contains deployment-specific settings (versions, credentials, JVM memory)

• softwareOverride/ directory provides configuration overlays processed in numbered order

• PostgreSQL JDBC driver included by default, with option to upgrade

• Custom Tomcat scripts for container startup optimization

This unified script handles the complete deployment process for Pentaho Server on K3s, including:

• Docker image import into K3s container runtime

• Kubernetes resource creation (namespace, secrets, configmaps, storage)

• PostgreSQL database deployment

• Pentaho Server deployment

• Ingress configuration

• Health checks and status reporting

Prerequisites:

• K3s installed and running

• Docker image built: pentaho/pentaho-server:11.0.0.0-237

• kubectl configured to access K3s cluster

• sudo access for K3s containerd operations