Merge pull request #857 from lsst-sqre/tickets/DM-46295

[DM-46295] Upgrade Strimzi in the Roundtable cluster
lsst-sqre · Sep 12, 2024 · 1a70801 · 1a70801
2 parents 8f5e02b + f149ae7
commit 1a70801
Show file tree

Hide file tree

Showing 19 changed files with 627 additions and 694 deletions.
diff --git a/deployments/events/resources/demo-user.yaml b/deployments/events/resources/demo-user.yaml
@@ -1,4 +1,5 @@
-apiVersion: kafka.strimzi.io/v1beta1
+---
+apiVersion: kafka.strimzi.io/v1beta2
 kind: KafkaUser
 metadata:
   name: demo

diff --git a/deployments/events/resources/kafka.yaml b/deployments/events/resources/kafka.yaml
@@ -1,139 +1,133 @@
-apiVersion: kafka.strimzi.io/v1beta1
+---
+apiVersion: kafka.strimzi.io/v1beta2
 kind: Kafka
 metadata:
   name: events
 spec:
   kafka:
-    version: 2.3.0
+    version: 3.2.0
     replicas: 3
+    listeners:
+    - name: tls
+      port: 9093
+      type: internal
+      tls: true
+      authentication:
+        type: tls
+    config:
+      auto.create.topics.enable: "false"
+      offsets.topic.replication.factor: 3
+      transaction.state.log.replication.factor: 3
+      transaction.state.log.min.isr: 2
+      log.message.format.version: 2.3
+    storage:
+      type: persistent-claim
+      size: 100Gi
+      class: faster
+    authorization:
+      type: simple
+    jvmOptions:
+      "-Xmx": 512M
+      "-Xms": 512M
     resources:
-      requests:
-        memory: 2Gi
-        cpu: "500m"
       limits:
         memory: 4Gi
-        cpu: "1"
+        cpu: 1
+      requests:
+        memory: 2Gi
+        cpu: 500m
+    metricsConfig:
+      type: jmxPrometheusExporter
+      valueFrom:
+        configMapKeyRef:
+          key: events-kafka-jmx-exporter-configuration.yaml
+          name: events-kafka-jmx-exporter-configuration
     template:
       pod:
-        # Schedule Kafka broker pods on nodes labeled "dedicated: events"
-        # and tolerate the taint NoExecute dedicated=events.
-        tolerations:
-          - key: "dedicated"
-            operator: "Equal"
-            value: "events"
-            effect: "NoExecute"
         affinity:
           nodeAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
               nodeSelectorTerms:
-                - matchExpressions:
-                    - key: "dedicated"
-                      operator: "In"
-                      values:
-                      - "events"
+              - matchExpressions:
+                - key: dedicated
+                  operator: In
+                  values:
+                  - events
           podAntiAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
-              - labelSelector:
-                  matchExpressions:
-                    - key: "strimzi.io/name"
-                      operator: "In"
-                      values:
-                        - "events-kafka"
-                topologyKey: "kubernetes.io/hostname"
+            - labelSelector:
+                matchExpressions:
+                - key: strimzi.io/name
+                  operator: In
+                  values:
+                  - events-kafka
+              topologyKey: kubernetes.io/hostname
+        tolerations:
+        - effect: NoExecute
+          key: dedicated
+          operator: Equal
+          value: events
       persistentVolumeClaim:
         metadata:
           annotations:
-            # https://argoproj.github.io/argo-cd/user-guide/compare-options/
             argocd.argoproj.io/compare-options: IgnoreExtraneous
             argocd.argoproj.io/sync-options: Prune=false
-    # https://strimzi.io/docs/latest/#ref-jvm-options-deployment-configuration-kafka
-    # The recommendation is to keep the minimum (Xms) the same as the maximum
-    # (Xmx). Expect the usage to be 4.5x this value; hence the 3 to 4 Gi
-    # Kubernetes limit.
-    jvmOptions:
-      -Xms: 512M
-      -Xmx: 512M
-    listeners:
-      # Enable the TLS listener (encrypted) on 9093 with mutual TLS
-      # authentication
-      # https://strimzi.io/docs/latest/#assembly-kafka-broker-listener-authentication-deployment-configuration-kafka
-      tls:
-        authentication:
-          type: tls
-    authorization:
-      # Users can access topics based on ACLs
-      # https://strimzi.io/docs/latest/#ref-kafka-authorization-deployment-configuration-kafka
-      # ACLs are configured on KafkaUser resources
-      type: simple
-    config:
-      auto.create.topics.enable: "false"
-      offsets.topic.replication.factor: 3
-      transaction.state.log.replication.factor: 3
-      transaction.state.log.min.isr: 2
-      log.message.format.version: "2.3"
+  zookeeper:
+    replicas: 3
     storage:
-      # Use an SSD persistent volume for Kafka pods
       type: persistent-claim
+      size: 50Gi
       class: faster
-      size: 100Gi
-      deleteClaim: false
-    metrics:
-      lowercaseOutputName: true
-  zookeeper:
-    replicas: 3
+    jvmOptions:
+      "-Xmx": 512M
+      "-Xms": 512M
     resources:
-      requests:
-        memory: 2Gi
-        cpu: "500m"
       limits:
         memory: 3Gi
-        cpu: "1"
+        cpu: 1
+      requests:
+        memory: 2Gi
+        cpu: 500m
     template:
       pod:
-        # Schedule Kafka broker pods on nodes labeled "dedicated: events"
-        # and tolerate the taint NoExecute dedicated=events.
-        # (this is the same as Kafka broker scheduling; above)
-        tolerations:
-          - key: "dedicated"
-            operator: "Equal"
-            value: "events"
-            effect: "NoExecute"
         affinity:
           nodeAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
               nodeSelectorTerms:
-                - matchExpressions:
-                    - key: "dedicated"
-                      operator: "In"
-                      values:
-                      - "events"
+              - matchExpressions:
+                - key: dedicated
+                  operator: In
+                  values:
+                  - events
           podAntiAffinity:
             requiredDuringSchedulingIgnoredDuringExecution:
-              - labelSelector:
-                  matchExpressions:
-                    - key: "strimzi.io/name"
-                      operator: "In"
-                      values:
-                        - "events-zookeeper"
-                topologyKey: "kubernetes.io/hostname"
+            - labelSelector:
+                matchExpressions:
+                - key: strimzi.io/name
+                  operator: In
+                  values:
+                  - events-zookeeper
+              topologyKey: kubernetes.io/hostname
+        tolerations:
+        - effect: NoExecute
+          key: dedicated
+          operator: Equal
+          value: events
       persistentVolumeClaim:
         metadata:
           annotations:
-            # https://argoproj.github.io/argo-cd/user-guide/compare-options/
             argocd.argoproj.io/compare-options: IgnoreExtraneous
             argocd.argoproj.io/sync-options: Prune=false
-    # https://strimzi.io/docs/latest/#ref-jvm-options-deployment-configuration-kafka
-    jvmOptions:
-      -Xms: 512M
-      -Xmx: 512M
-    storage:
-      # Use an SSD persistent volume for zookeeper pods
-      type: persistent-claim
-      class: faster
-      size: 50Gi
-      deleteClaim: false
   entityOperator:
     topicOperator:
       watchedNamespace: events
     userOperator:
       watchedNamespace: events
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: events-kafka-jmx-exporter-configuration
+data:
+  events-kafka-jmx-exporter-configuration.yaml: |
+    lowercaseOutputName: true
diff --git a/deployments/events/resources/ltdevents-topics.yaml b/deployments/events/resources/ltdevents-topics.yaml
@@ -1,13 +1,12 @@
 ---
-apiVersion: kafka.strimzi.io/v1beta1
+apiVersion: kafka.strimzi.io/v1beta2
 kind: KafkaTopic
 metadata:
-  name: "ltd.events"
+  name: ltd.events
   labels:
     strimzi.io/cluster: events
 spec:
   partitions: 8
   replicas: 3
   config:
-    # http://kafka.apache.org/documentation/#topicconfigs
-    retention.ms: 2592000000 # 30 days
+    retention.ms: 2592000000
diff --git a/deployments/events/resources/ltdevents-user.yaml b/deployments/events/resources/ltdevents-user.yaml
@@ -1,4 +1,5 @@
-apiVersion: kafka.strimzi.io/v1beta1
+---
+apiVersion: kafka.strimzi.io/v1beta2
 kind: KafkaUser
 metadata:
   name: kafkauser-ltdevents
@@ -10,16 +11,15 @@ spec:
   authorization:
     type: simple
     acls:
-      # Produce ltd.events
-      - resource:
-          type: topic
-          name: "ltd.events"
-          patternType: literal
-        operation: "Write"
-        type: allow
-      - resource:
-          type: topic
-          name: "ltd.events"
-          patternType: literal
-        operation: "Describe"
-        type: allow
+    - resource:
+        type: topic
+        name: ltd.events
+        patternType: literal
+      operation: Write
+      type: allow
+    - resource:
+        type: topic
+        name: ltd.events
+        patternType: literal
+      operation: Describe
+      type: allow
diff --git a/deployments/events/resources/ook-topics.yaml b/deployments/events/resources/ook-topics.yaml
@@ -1,13 +1,12 @@
 ---
-apiVersion: kafka.strimzi.io/v1beta1
+apiVersion: kafka.strimzi.io/v1beta2
 kind: KafkaTopic
 metadata:
-  name: "ook.ingest"
+  name: ook.ingest
   labels:
     strimzi.io/cluster: events
 spec:
   partitions: 16
   replicas: 3
   config:
-    # http://kafka.apache.org/documentation/#topicconfigs
-    retention.ms: 604800000 # 7 days
+    retention.ms: 604800000