diff --git a/README.md b/README.md index fc5f178..57dd8a8 100644 --- a/README.md +++ b/README.md @@ -25,3 +25,5 @@ Each generated kustomize base gets a file `unhelm-namespace-placeholder.txt` which helps point out these strings. They typically call for specific Kustomize patches. Or use this repo only as examples and maintain your own yaml. + +To set a different namespace, use a line prefixed `# unhelm-namespace: [namespace name]`. diff --git a/cockroachdb.ystack.values.yaml b/cockroachdb.ystack.values.yaml index 59d731f..2e46303 100644 --- a/cockroachdb.ystack.values.yaml +++ b/cockroachdb.ystack.values.yaml @@ -17,3 +17,10 @@ tls: selfSigner: enabled: false caProvided: false + +statefulset: + replicas: 1 + conf: + single-node: true + serviceAccount: + create: false diff --git a/cockroachdb/ystack/cockroachdb/templates/job.init.yaml b/cockroachdb/ystack/cockroachdb/templates/job.init.yaml index b3f7c97..d339b7c 100644 --- a/cockroachdb/ystack/cockroachdb/templates/job.init.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/job.init.yaml @@ -6,7 +6,7 @@ metadata: name: cockroachdb-init namespace: "unhelm-namespace-placeholder" labels: - helm.sh/chart: cockroachdb-11.0.3 + helm.sh/chart: cockroachdb-11.2.2 app.kubernetes.io/name: cockroachdb app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/managed-by: "Helm" @@ -22,11 +22,19 @@ spec: app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/component: init spec: + securityContext: + seccompProfile: + type: "RuntimeDefault" + runAsGroup: 1000 + runAsUser: 1000 + fsGroup: 1000 + runAsNonRoot: true restartPolicy: OnFailure terminationGracePeriodSeconds: 0 + serviceAccountName: default containers: - name: cluster-init - image: "cockroachdb/cockroach:v23.1.4" + image: "cockroachdb/cockroach:v23.1.12" imagePullPolicy: "IfNotPresent" # Run the command in an `while true` loop because this Job is bound # to come up before the CockroachDB Pods (due to the time needed to @@ -64,3 +72,7 @@ spec: initCluster; env: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] diff --git a/cockroachdb/ystack/cockroachdb/templates/poddisruptionbudget.yaml b/cockroachdb/ystack/cockroachdb/templates/poddisruptionbudget.yaml index 10742d0..4882b2b 100644 --- a/cockroachdb/ystack/cockroachdb/templates/poddisruptionbudget.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/poddisruptionbudget.yaml @@ -6,7 +6,7 @@ metadata: name: cockroachdb-budget namespace: "unhelm-namespace-placeholder" labels: - helm.sh/chart: cockroachdb-11.0.3 + helm.sh/chart: cockroachdb-11.2.2 app.kubernetes.io/name: cockroachdb app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/managed-by: "Helm" diff --git a/cockroachdb/ystack/cockroachdb/templates/service.discovery.yaml b/cockroachdb/ystack/cockroachdb/templates/service.discovery.yaml index eb136a5..49c66cc 100644 --- a/cockroachdb/ystack/cockroachdb/templates/service.discovery.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/service.discovery.yaml @@ -10,7 +10,7 @@ metadata: name: cockroachdb namespace: "unhelm-namespace-placeholder" labels: - helm.sh/chart: cockroachdb-11.0.3 + helm.sh/chart: cockroachdb-11.2.2 app.kubernetes.io/name: cockroachdb app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/managed-by: "Helm" diff --git a/cockroachdb/ystack/cockroachdb/templates/service.public.yaml b/cockroachdb/ystack/cockroachdb/templates/service.public.yaml index 48be8bd..e0411ce 100644 --- a/cockroachdb/ystack/cockroachdb/templates/service.public.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/service.public.yaml @@ -9,7 +9,7 @@ metadata: name: cockroachdb-public namespace: "unhelm-namespace-placeholder" labels: - helm.sh/chart: cockroachdb-11.0.3 + helm.sh/chart: cockroachdb-11.2.2 app.kubernetes.io/name: cockroachdb app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/managed-by: "Helm" diff --git a/cockroachdb/ystack/cockroachdb/templates/serviceMonitor.yaml b/cockroachdb/ystack/cockroachdb/templates/serviceMonitor.yaml index b246a5f..322e2b5 100644 --- a/cockroachdb/ystack/cockroachdb/templates/serviceMonitor.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/serviceMonitor.yaml @@ -6,7 +6,7 @@ metadata: name: cockroachdb namespace: "unhelm-namespace-placeholder" labels: - helm.sh/chart: cockroachdb-11.0.3 + helm.sh/chart: cockroachdb-11.2.2 app.kubernetes.io/name: cockroachdb app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/managed-by: "Helm" diff --git a/cockroachdb/ystack/cockroachdb/templates/statefulset.yaml b/cockroachdb/ystack/cockroachdb/templates/statefulset.yaml index db90f1b..3db3bf3 100644 --- a/cockroachdb/ystack/cockroachdb/templates/statefulset.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/statefulset.yaml @@ -6,14 +6,14 @@ metadata: name: cockroachdb namespace: "unhelm-namespace-placeholder" labels: - helm.sh/chart: cockroachdb-11.0.3 + helm.sh/chart: cockroachdb-11.2.2 app.kubernetes.io/name: cockroachdb app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/component: cockroachdb spec: serviceName: cockroachdb - replicas: 3 + replicas: 1 updateStrategy: type: RollingUpdate podManagementPolicy: "Parallel" @@ -29,6 +29,7 @@ spec: app.kubernetes.io/instance: "cockroachdb" app.kubernetes.io/component: cockroachdb spec: + serviceAccountName: default affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -54,7 +55,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: db - image: "cockroachdb/cockroach:v23.1.4" + image: "cockroachdb/cockroach:v23.1.12" imagePullPolicy: "IfNotPresent" args: - shell @@ -115,10 +116,24 @@ spec: initialDelaySeconds: 10 periodSeconds: 5 failureThreshold: 2 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true volumes: - name: datadir persistentVolumeClaim: claimName: datadir + securityContext: + seccompProfile: + type: "RuntimeDefault" + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + runAsNonRoot: true volumeClaimTemplates: - metadata: name: datadir diff --git a/cockroachdb/ystack/cockroachdb/templates/tests/client.yaml b/cockroachdb/ystack/cockroachdb/templates/tests/client.yaml index 0e5b435..4574b47 100644 --- a/cockroachdb/ystack/cockroachdb/templates/tests/client.yaml +++ b/cockroachdb/ystack/cockroachdb/templates/tests/client.yaml @@ -11,7 +11,7 @@ spec: restartPolicy: Never containers: - name: client-test - image: "cockroachdb/cockroach:v23.1.4" + image: "cockroachdb/cockroach:v23.1.12" imagePullPolicy: "IfNotPresent" command: - /cockroach/cockroach diff --git a/cockroachdb/ystack/unhelm-namespace-placeholder.txt b/cockroachdb/ystack/unhelm-namespace-placeholder.txt index 67590fd..f4800fb 100644 --- a/cockroachdb/ystack/unhelm-namespace-placeholder.txt +++ b/cockroachdb/ystack/unhelm-namespace-placeholder.txt @@ -10,7 +10,7 @@ Note the following instances of namespace strings that Kustomize won't replace value: cockroachdb.unhelm-namespace-placeholder.svc.cluster.local - name: COCKROACH_CHANNEL value: kubernetes-helm - image: cockroachdb/cockroach:v23.1.4 + image: cockroachdb/cockroach:v23.1.12 imagePullPolicy: IfNotPresent livenessProbe: -- @@ -36,4 +36,4 @@ Note the following instances of namespace strings that Kustomize won't replace - "26257" - -e - SHOW DATABASES; - image: cockroachdb/cockroach:v23.1.4 + image: cockroachdb/cockroach:v23.1.12 diff --git a/redpanda.minimal.values.yaml b/redpanda.minimal.values.yaml index 63cc58a..123edb5 100644 --- a/redpanda.minimal.values.yaml +++ b/redpanda.minimal.values.yaml @@ -1,5 +1,7 @@ # yaml-language-server: $schema=https://github.com/redpanda-data/helm-charts/raw/redpanda-4.0.32/charts/redpanda/values.schema.json # unhelm-template-repo: https://charts.redpanda.com +# unhelm-namespace: kafka + image: repository: docker.redpanda.com/redpandadata/redpanda # sha256 is disallowed here by the json schema diff --git a/redpanda/minimal/redpanda/templates/configmap.yaml b/redpanda/minimal/redpanda/templates/configmap.yaml index 24fcd9e..5c82664 100644 --- a/redpanda/minimal/redpanda/templates/configmap.yaml +++ b/redpanda/minimal/redpanda/templates/configmap.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: redpanda - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda @@ -64,13 +64,13 @@ data: port: 33145 seed_servers: - host: - address: redpanda-0.redpanda.unhelm-namespace-placeholder.svc.cluster.local. + address: redpanda-0.redpanda.kafka.svc.cluster.local. port: 33145 - host: - address: redpanda-1.redpanda.unhelm-namespace-placeholder.svc.cluster.local. + address: redpanda-1.redpanda.kafka.svc.cluster.local. port: 33145 - host: - address: redpanda-2.redpanda.unhelm-namespace-placeholder.svc.cluster.local. + address: redpanda-2.redpanda.kafka.svc.cluster.local. port: 33145 schema_registry: schema_registry_api: diff --git a/redpanda/minimal/redpanda/templates/poddisruptionbudget.yaml b/redpanda/minimal/redpanda/templates/poddisruptionbudget.yaml index 0342d59..a2d6b5d 100644 --- a/redpanda/minimal/redpanda/templates/poddisruptionbudget.yaml +++ b/redpanda/minimal/redpanda/templates/poddisruptionbudget.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: redpanda - namespace: unhelm-namespace-placeholder + namespace: kafka labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda diff --git a/redpanda/minimal/redpanda/templates/secrets.yaml b/redpanda/minimal/redpanda/templates/secrets.yaml index 2a8eba1..78d706b 100644 --- a/redpanda/minimal/redpanda/templates/secrets.yaml +++ b/redpanda/minimal/redpanda/templates/secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: redpanda-sts-lifecycle - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda @@ -17,7 +17,7 @@ stringData: #!/usr/bin/env bash # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="http://${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local:9644" + CURL_URL="http://${SERVICE_NAME}.redpanda.kafka.svc.cluster.local:9644" # commands used throughout CURL_NODE_ID_CMD="curl --silent --fail ${CURL_URL}/v1/node_config" diff --git a/redpanda/minimal/redpanda/templates/service.internal.yaml b/redpanda/minimal/redpanda/templates/service.internal.yaml index 86c2542..d32fbac 100644 --- a/redpanda/minimal/redpanda/templates/service.internal.yaml +++ b/redpanda/minimal/redpanda/templates/service.internal.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Service metadata: name: redpanda - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: monitoring.redpanda.com/enabled: "false" app.kubernetes.io/component: redpanda diff --git a/redpanda/minimal/redpanda/templates/statefulset.yaml b/redpanda/minimal/redpanda/templates/statefulset.yaml index e4cea6b..b13d430 100644 --- a/redpanda/minimal/redpanda/templates/statefulset.yaml +++ b/redpanda/minimal/redpanda/templates/statefulset.yaml @@ -29,7 +29,7 @@ spec: app.kubernetes.io/component: redpanda-statefulset redpanda.com/poddisruptionbudget: redpanda annotations: - checksum/config: 3d72e1348bc6b82ebfb04ace04181c2f1e0b6105339fc4b9cdb9e02fd494c817 + checksum/config: 1ea38287095928598ef2a1a2ee5d4cfc96ddc3a21b5d1e62e047bb6a0818777a spec: terminationGracePeriodSeconds: 90 securityContext: @@ -52,9 +52,9 @@ spec: fieldRef: fieldPath: metadata.name - name: ADVERTISED_KAFKA_ADDRESSES - value: '{"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092} {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092} {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092}' + value: '{"address":"$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092} {"address":"$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092} {"address":"$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092}' - name: ADVERTISED_HTTP_ADDRESSES - value: '{"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082} {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082} {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082}' + value: '{"address":"$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082} {"address":"$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082} {"address":"$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082}' - name: KUBERNETES_NODE_NAME valueFrom: fieldRef: @@ -126,7 +126,7 @@ spec: - -c - | set -e - RESULT=$(curl --silent --fail -k "http://${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644/v1/status/ready") + RESULT=$(curl --silent --fail -k "http://${SERVICE_NAME}.redpanda.kafka.svc.cluster.local.:9644/v1/status/ready") echo $RESULT echo $RESULT | grep ready initialDelaySeconds: 1 @@ -138,7 +138,7 @@ spec: command: - /bin/sh - -c - - curl --silent --fail -k "http://${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644/v1/status/ready" + - curl --silent --fail -k "http://${SERVICE_NAME}.redpanda.kafka.svc.cluster.local.:9644/v1/status/ready" initialDelaySeconds: 10 failureThreshold: 3 periodSeconds: 10 @@ -153,8 +153,8 @@ spec: - -c - | set -x - rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644 - rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644 | grep 'Healthy:.*true' + rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.kafka.svc.cluster.local.:9644 + rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.kafka.svc.cluster.local.:9644 | grep 'Healthy:.*true' initialDelaySeconds: 1 failureThreshold: 3 periodSeconds: 10 @@ -167,7 +167,7 @@ spec: - --memory=2048M - --reserve-memory=205M - --default-log-level=info - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.:33145 + - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.kafka.svc.cluster.local.:33145 - --overprovisioned ports: - name: admin diff --git a/redpanda/minimal/redpanda/templates/tests/test-api-status.yaml b/redpanda/minimal/redpanda/templates/tests/test-api-status.yaml index 093559a..f7b0029 100644 --- a/redpanda/minimal/redpanda/templates/tests/test-api-status.yaml +++ b/redpanda/minimal/redpanda/templates/tests/test-api-status.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Pod metadata: name: "redpanda-test-api-status" - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda @@ -29,7 +29,7 @@ spec: - -c - | until rpk cluster info \ - --brokers redpanda-0.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9093 + --brokers redpanda-0.redpanda.kafka.svc.cluster.local.:9093 do sleep 2 done volumeMounts: diff --git a/redpanda/minimal/redpanda/templates/tests/test-kafka-produce-consume.yaml b/redpanda/minimal/redpanda/templates/tests/test-kafka-produce-consume.yaml index 09782cb..6fa00bb 100644 --- a/redpanda/minimal/redpanda/templates/tests/test-kafka-produce-consume.yaml +++ b/redpanda/minimal/redpanda/templates/tests/test-kafka-produce-consume.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Pod metadata: name: redpanda-test-kafka-produce-consume - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda @@ -24,7 +24,7 @@ spec: image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 env: - name: REDPANDA_BROKERS - value: "redpanda.unhelm-namespace-placeholder.svc.cluster.local:9093" + value: "redpanda.kafka.svc.cluster.local:9093" - name: POD_NAME valueFrom: fieldRef: diff --git a/redpanda/minimal/redpanda/templates/tests/test-pandaproxy-status.yaml b/redpanda/minimal/redpanda/templates/tests/test-pandaproxy-status.yaml index 6601cdd..1e622de 100644 --- a/redpanda/minimal/redpanda/templates/tests/test-pandaproxy-status.yaml +++ b/redpanda/minimal/redpanda/templates/tests/test-pandaproxy-status.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Pod metadata: name: "redpanda-test-pandaproxy-status" - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda diff --git a/redpanda/minimal/redpanda/templates/tests/test-schemaregistry-status.yaml b/redpanda/minimal/redpanda/templates/tests/test-schemaregistry-status.yaml index e1fe596..82eef63 100644 --- a/redpanda/minimal/redpanda/templates/tests/test-schemaregistry-status.yaml +++ b/redpanda/minimal/redpanda/templates/tests/test-schemaregistry-status.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Pod metadata: name: "redpanda-test-schemaregistry-status" - namespace: "unhelm-namespace-placeholder" + namespace: "kafka" labels: app.kubernetes.io/component: redpanda app.kubernetes.io/instance: redpanda @@ -31,21 +31,21 @@ spec: $* } - schemaCurl http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/schemas/types + schemaCurl http://redpanda.kafka.svc.cluster.local.:8081/schemas/types curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ -X POST -H 'Content-Type:application/vnd.schemaregistry.v1+json' \ -d '{"schema":"{\"type\":\"record\",\"name\":\"sensor_sample\",\"fields\":[{\"name\":\"timestamp\",\"type\":\"long\",\"logicalType\":\"timestamp-millis\"},{\"name\":\"identifier\",\"type\":\"string\",\"logicalType\":\"uuid\"},{\"name\":\"value\",\"type\":\"long\"}]}"}' \ - http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects/sensor-value/versions + http://redpanda.kafka.svc.cluster.local.:8081/subjects/sensor-value/versions - schemaCurl http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/schemas/ids/1 + schemaCurl http://redpanda.kafka.svc.cluster.local.:8081/schemas/ids/1 - schemaCurl http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects + schemaCurl http://redpanda.kafka.svc.cluster.local.:8081/subjects schemaCurl -X DELETE \ - http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects/sensor-value/versions/1 + http://redpanda.kafka.svc.cluster.local.:8081/subjects/sensor-value/versions/1 schemaCurl -X DELETE \ - http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects/sensor-value/versions/1?permanent=true + http://redpanda.kafka.svc.cluster.local.:8081/subjects/sensor-value/versions/1?permanent=true volumeMounts: volumes: diff --git a/redpanda/minimal/unhelm-namespace-placeholder.txt b/redpanda/minimal/unhelm-namespace-placeholder.txt deleted file mode 100644 index 8bdc7a6..0000000 --- a/redpanda/minimal/unhelm-namespace-placeholder.txt +++ /dev/null @@ -1,151 +0,0 @@ - -Note the following instances of namespace strings that Kustomize won't replace -============================================================================= - - rpc_server: - address: 0.0.0.0 - port: 33145 - seed_servers: - - host: - address: redpanda-0.redpanda.unhelm-namespace-placeholder.svc.cluster.local. - port: 33145 - - host: - address: redpanda-1.redpanda.unhelm-namespace-placeholder.svc.cluster.local. - port: 33145 - - host: - address: redpanda-2.redpanda.unhelm-namespace-placeholder.svc.cluster.local. - port: 33145 - schema_registry: - schema_registry_api: - - name: internal - address: 0.0.0.0 --- -stringData: - common.sh: |- - #!/usr/bin/env bash - - # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="http://${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local:9644" - - # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail ${CURL_URL}/v1/node_config" - - CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' --- - - start - - --smp=1 - - --memory=2048M - - --reserve-memory=205M - - --default-log-level=info - - --advertise-rpc-addr=$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.:33145 - - --overprovisioned - env: - - name: SERVICE_NAME - valueFrom: - fieldRef: --- - livenessProbe: - exec: - command: - - /bin/sh - - -c - - curl --silent --fail -k "http://${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644/v1/status/ready" - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - name: redpanda - ports: --- - command: - - /bin/sh - - -c - - | - set -x - rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644 - rpk cluster health --api-urls ${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644 | grep 'Healthy:.*true' - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - resources: --- - command: - - /bin/sh - - -c - - | - set -e - RESULT=$(curl --silent --fail -k "http://${SERVICE_NAME}.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9644/v1/status/ready") - echo $RESULT - echo $RESULT | grep ready - failureThreshold: 120 - initialDelaySeconds: 1 - periodSeconds: 10 --- - - name: SERVICE_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ADVERTISED_KAFKA_ADDRESSES - value: '{"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092} - {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092} - {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":9093};{"address":"$(SERVICE_NAME)","name":"default","port":31092}' - - name: ADVERTISED_HTTP_ADDRESSES - value: '{"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082} - {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082} - {"address":"$(SERVICE_NAME).redpanda.unhelm-namespace-placeholder.svc.cluster.local.","name":"internal","port":8082};{"address":"$(SERVICE_NAME)","name":"default","port":30082}' - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 --- - - "120" - - bash - - -c - - | - until rpk cluster info \ - --brokers redpanda-0.redpanda.unhelm-namespace-placeholder.svc.cluster.local.:9093 - do sleep 2 - done - image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 - name: redpanda - volumeMounts: --- - - -c - - | - set -e - env: - - name: REDPANDA_BROKERS - value: redpanda.unhelm-namespace-placeholder.svc.cluster.local:9093 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 --- - schemaCurl () { - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ - $* - } - - schemaCurl http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/schemas/types - - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ - -X POST -H 'Content-Type:application/vnd.schemaregistry.v1+json' \ - -d '{"schema":"{\"type\":\"record\",\"name\":\"sensor_sample\",\"fields\":[{\"name\":\"timestamp\",\"type\":\"long\",\"logicalType\":\"timestamp-millis\"},{\"name\":\"identifier\",\"type\":\"string\",\"logicalType\":\"uuid\"},{\"name\":\"value\",\"type\":\"long\"}]}"}' \ - http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects/sensor-value/versions - - schemaCurl http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/schemas/ids/1 - - schemaCurl http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects - - schemaCurl -X DELETE \ - http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects/sensor-value/versions/1 - - schemaCurl -X DELETE \ - http://redpanda.unhelm-namespace-placeholder.svc.cluster.local.:8081/subjects/sensor-value/versions/1?permanent=true - command: - - /bin/bash - - -c - image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 - name: redpanda diff --git a/unhelm.sh b/unhelm.sh index 208b292..b9fe826 100755 --- a/unhelm.sh +++ b/unhelm.sh @@ -13,14 +13,20 @@ export HELM_REPOSITORY_CONFIG="$HDIR/repositories.yaml" VALUES=$1 IREPO="# unhelm-template-repo:" +INAMESPACE="# unhelm-namespace:" +IVERSION="# unhelm-version:" +DEFAULT_NAMESPACE=unhelm-namespace-placeholder CHART=$(echo $VALUES | cut -d'.' -f1) NAME=$(echo $VALUES | cut -d'.' -f2) ! grep "^$IREPO" $VALUES && echo "Failed to find \"$IREPO \" in $VALUES" && exit 1 REPO=$(cat $VALUES | grep "^$IREPO" | cut -d' ' -f3) echo "=> repo=$REPO chart=$CHART name=$NAME" +NAMESPACE="$(cat $VALUES | grep "^$INAMESPACE" | cut -d' ' -f3 || echo $DEFAULT_NAMESPACE)" +VERSION="$(cat $VALUES | grep "^$IVERSION" | cut -d' ' -f3 || echo '')" +[ -z "$VERSION" ] || VERSION="--version $VERSION" -ORIGIN=$(echo $REPO | sed 's|.*://||' | sed 's|/$||' | sed 's|/|-|') +ORIGIN=$(echo $REPO | sed 's|.*://||' | sed 's|/$||' | sed 's|/|-|g') helm repo add $ORIGIN $REPO helm repo update @@ -39,12 +45,16 @@ resources: EOF helm template $CHART $ORIGIN/$CHART -f $VALUES \ - --namespace unhelm-namespace-placeholder \ + $VERSION \ + --namespace $NAMESPACE \ --output-dir $BASE \ | sed "s|wrote $BASE/|- ./|" \ | sort | uniq \ | tee -a $BASE/kustomization.yaml +[ "$NAMESPACE" != "$DEFAULT_NAMESPACE" ] && { +echo "=> Custom namespace: $NAMESPACE" +} || { echo "=> Looking for namespace references" mkdir -p .namespace-test @@ -63,6 +73,7 @@ Note the following instances of namespace strings that Kustomize won't replace ============================================================================= EOF -kustomize build .namespace-test | grep -C 5 unhelm-namespace-placeholder >> $NSINFO || true -cat $NSINFO | grep unhelm-namespace-placeholder | wc -l || true +kustomize build .namespace-test | grep -C 5 $NAMESPACE >> $NSINFO || true +cat $NSINFO | grep $NAMESPACE | wc -l || true echo "=> Done" +}