From b9dc3a8a91fc1958fb514f4f2c6da1f6c0761734 Mon Sep 17 00:00:00 2001 From: Serverless QE Robot Date: Sat, 9 Nov 2024 19:54:05 -0500 Subject: [PATCH] :open_file_folder: Update openshift specific files. --- .ko.yaml | 2 +- Makefile | 78 + OWNERS | 25 +- .../200-controller/100-config-tracing.yaml | 59 - .../200-controller/500-controller.yaml | 2 - .../200-webhook/500-webhook.yaml | 2 - .../200-controller/500-controller.yaml | 2 - .../post-install/500-post-install-job.yaml | 2 - .../500-storage-version-migrator.yaml | 2 - .../reconciler/broker/namespaced_broker.go | 1 + data-plane/config/broker/500-dispatcher.yaml | 7 +- data-plane/config/broker/500-receiver.yaml | 2 - data-plane/config/channel/500-dispatcher.yaml | 7 +- data-plane/config/channel/500-receiver.yaml | 2 - data-plane/config/sink/500-receiver.yaml | 2 - data-plane/config/source/500-dispatcher.yaml | 7 +- hack/update-checksums.sh | 1 - openshift/ci-operator/build-image/Dockerfile | 26 + .../knative-images/event_display/Dockerfile | 34 + .../knative-images/heartbeats/Dockerfile | 34 + .../kafka-controller/Dockerfile | 34 + .../kafka-source-controller/Dockerfile | 34 + .../knative-images/migrate/Dockerfile | 34 + .../knative-images/post-install/Dockerfile | 34 + .../knative-images/webhook-kafka/Dockerfile | 34 + .../committed-offset/Dockerfile | 34 + .../Dockerfile | 34 + .../event-sender/Dockerfile | 34 + .../knative-test-images/eventshub/Dockerfile | 34 + .../kafka-consumer/Dockerfile | 34 + .../logs-exporter/Dockerfile | 34 + .../knative-test-images/print/Dockerfile | 34 + .../recordevents/Dockerfile | 34 + .../request-sender/Dockerfile | 34 + .../knative-test-images/watch-cm/Dockerfile | 34 + .../wathola-fetcher/Dockerfile | 34 + .../wathola-forwarder/Dockerfile | 34 + .../wathola-receiver/Dockerfile | 34 + .../wathola-sender/Dockerfile | 34 + openshift/ci-operator/source-image/Dockerfile | 7 + .../static-images/dispatcher/Dockerfile | 49 + .../dispatcher/hermetic/Dockerfile | 55 + .../dispatcher/hermetic/Dockerfile.deps | 34 + .../static-images/receiver/Dockerfile | 51 + .../receiver/hermetic/Dockerfile | 55 + .../receiver/hermetic/Dockerfile.deps | 34 + openshift/e2e-common.sh | 201 + openshift/e2e-conformance-tests.sh | 18 + openshift/e2e-rekt-encryption-auth-tests.sh | 18 + openshift/e2e-rekt-tests.sh | 18 + openshift/e2e-tests.sh | 18 + openshift/generate.sh | 19 + openshift/images.yaml | 21 + .../knative-eventing-encryption-auth.yaml | 5 + openshift/knative-eventing.yaml | 29 + openshift/patches/100-ko-baseimage.patch | 8 + ...ses-different-post-install-job-names.patch | 12 + .../namespaced_broker_copy_trustedca_cm.patch | 12 + .../patches/rekt-serviceaccounts-delete.patch | 20 + .../remove_broker_dispatcher_limits.patch | 13 + .../remove_channel_dispatcher_limits.patch | 22 + ...ecksum_generation_for_config_tracing.patch | 12 + .../patches/remove_dispatcher_limits.patch | 28 + openshift/patches/remove_ram_percentage.patch | 13 + .../patches/remove_seccomp_profile.patch | 133 + ...p_namespaced_broker_propagation_test.patch | 13 + openshift/patches/use_quay_images.patch | 31 + openshift/project.yaml | 3 + .../artifacts/eventing-kafka-broker.yaml | 687 ++ .../artifacts/eventing-kafka-channel.yaml | 682 ++ .../artifacts/eventing-kafka-controller.yaml | 3059 +++++++++ .../eventing-kafka-post-install.yaml | 307 + .../artifacts/eventing-kafka-sink.yaml | 420 ++ .../artifacts/eventing-kafka-source.yaml | 428 ++ .../eventing-kafka-tls-networking.yaml | 149 + .../release/artifacts/eventing-kafka.yaml | 5583 +++++++++++++++++ openshift/release/create-release-branch.sh | 29 + openshift/release/generate-release.sh | 68 + openshift/release/mirror-upstream-branches.sh | 37 + openshift/release/resolve.sh | 44 + openshift/release/update-to-head.sh | 51 + test/e2e_new/broker_test.go | 2 + test/scripts/first-event-delay.sh | 6 +- test/upgrade/postupgrade.go | 1 + .../reconciler-test/pkg/feature/feature.go | 9 + 85 files changed, 13349 insertions(+), 108 deletions(-) create mode 100644 Makefile delete mode 100644 control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml create mode 100755 openshift/ci-operator/build-image/Dockerfile create mode 100755 openshift/ci-operator/knative-images/event_display/Dockerfile create mode 100755 openshift/ci-operator/knative-images/heartbeats/Dockerfile create mode 100755 openshift/ci-operator/knative-images/kafka-controller/Dockerfile create mode 100755 openshift/ci-operator/knative-images/kafka-source-controller/Dockerfile create mode 100755 openshift/ci-operator/knative-images/migrate/Dockerfile create mode 100755 openshift/ci-operator/knative-images/post-install/Dockerfile create mode 100755 openshift/ci-operator/knative-images/webhook-kafka/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/committed-offset/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/consumer-group-lag-provider-test/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/event-sender/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/eventshub/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/kafka-consumer/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/logs-exporter/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/print/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/recordevents/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/request-sender/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/watch-cm/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/wathola-fetcher/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/wathola-forwarder/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/wathola-receiver/Dockerfile create mode 100755 openshift/ci-operator/knative-test-images/wathola-sender/Dockerfile create mode 100755 openshift/ci-operator/source-image/Dockerfile create mode 100644 openshift/ci-operator/static-images/dispatcher/Dockerfile create mode 100644 openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile create mode 100644 openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile.deps create mode 100644 openshift/ci-operator/static-images/receiver/Dockerfile create mode 100644 openshift/ci-operator/static-images/receiver/hermetic/Dockerfile create mode 100644 openshift/ci-operator/static-images/receiver/hermetic/Dockerfile.deps create mode 100755 openshift/e2e-common.sh create mode 100755 openshift/e2e-conformance-tests.sh create mode 100755 openshift/e2e-rekt-encryption-auth-tests.sh create mode 100755 openshift/e2e-rekt-tests.sh create mode 100755 openshift/e2e-tests.sh create mode 100755 openshift/generate.sh create mode 100755 openshift/images.yaml create mode 100644 openshift/knative-eventing-encryption-auth.yaml create mode 100644 openshift/knative-eventing.yaml create mode 100644 openshift/patches/100-ko-baseimage.patch create mode 100644 openshift/patches/SO-uses-different-post-install-job-names.patch create mode 100644 openshift/patches/namespaced_broker_copy_trustedca_cm.patch create mode 100644 openshift/patches/rekt-serviceaccounts-delete.patch create mode 100644 openshift/patches/remove_broker_dispatcher_limits.patch create mode 100644 openshift/patches/remove_channel_dispatcher_limits.patch create mode 100644 openshift/patches/remove_checksum_generation_for_config_tracing.patch create mode 100644 openshift/patches/remove_dispatcher_limits.patch create mode 100644 openshift/patches/remove_ram_percentage.patch create mode 100644 openshift/patches/remove_seccomp_profile.patch create mode 100644 openshift/patches/skip_namespaced_broker_propagation_test.patch create mode 100644 openshift/patches/use_quay_images.patch create mode 100644 openshift/project.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-broker.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-channel.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-controller.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-post-install.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-sink.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-source.yaml create mode 100644 openshift/release/artifacts/eventing-kafka-tls-networking.yaml create mode 100644 openshift/release/artifacts/eventing-kafka.yaml create mode 100755 openshift/release/create-release-branch.sh create mode 100755 openshift/release/generate-release.sh create mode 100755 openshift/release/mirror-upstream-branches.sh create mode 100755 openshift/release/resolve.sh create mode 100755 openshift/release/update-to-head.sh diff --git a/.ko.yaml b/.ko.yaml index b1075a3cd3..2f054a22cb 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -1,2 +1,2 @@ # Use :nonroot base image for all containers -defaultBaseImage: gcr.io/distroless/static:nonroot +defaultBaseImage: registry.access.redhat.com/ubi8/ubi-minimal:latest diff --git a/Makefile b/Makefile new file mode 100644 index 0000000000..3ddb586995 --- /dev/null +++ b/Makefile @@ -0,0 +1,78 @@ +# This file is needed by kubebuilder but all functionality should exist inside +# the hack/ files. + +CGO_ENABLED=0 +GOOS=linux +# Ignore errors if there are no images. +CONTROL_PLANE_IMAGES=./control-plane/cmd/kafka-controller ./control-plane/cmd/webhook-kafka ./control-plane/cmd/post-install +TEST_IMAGES=$(shell find ./test/cmd ./test/test_images ./vendor/knative.dev/reconciler-test/cmd ./vendor/knative.dev/eventing/test/test_images -mindepth 1 -maxdepth 1 -type d 2> /dev/null) +BRANCH= +TEST= +IMAGE= +TEST_IMAGE_TAG ?= latest + +# Guess location of openshift/release repo. NOTE: override this if it is not correct. +OPENSHIFT=${CURDIR}/../../github.com/openshift/release + +# Build and install commands. +install: + for img in $(CONTROL_PLANE_IMAGES); do \ + go install $$img ; \ + done +.PHONY: install + +test-install: + for img in $(TEST_IMAGES); do \ + go install $$img ; \ + done +.PHONY: test-install + +test-e2e: + openshift/e2e-tests.sh +.PHONY: test-e2e + +test-conformance: + openshift/e2e-conformance-tests.sh +.PHONY: test-conformance + +test-reconciler: + openshift/e2e-rekt-tests.sh +.PHONY: test-reconciler + +test-reconciler-keda: + INSTALL_KEDA="true" openshift/e2e-rekt-tests.sh +.PHONY: test-reconciler-keda + +test-reconciler-encryption-auth: + openshift/e2e-rekt-encryption-auth-tests.sh +.PHONY: test-reconciler + +# Requires ko 0.2.0 or newer. +# Target used by github actions. +test-images: + for img in $(TEST_IMAGES); do \ + KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko build --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -B $$img || \ + KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko resolve --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -RBf $$img || exit $?; \ + done +.PHONY: test-images + +test-image-single: + KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko build --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -B test/test_images/$(IMAGE) || \ + KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko resolve --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -RBf test/test_images/$(IMAGE) +.PHONY: test-image-single + +# Run make DOCKER_REPO_OVERRIDE= test-e2e-local if test images are available +# in the given repository. Make sure you first build and push them there by running `make test-images`. +# Run make BRANCH= test-e2e-local if test images from the latest CI +# build for this branch should be used. Example: `make BRANCH=knative-v0.14.2 test-e2e-local`. +# If neither DOCKER_REPO_OVERRIDE nor BRANCH are defined the tests will use test images +# from the last nightly build. +# If TEST is defined then only the single test will be run. +test-e2e-local: + ./openshift/e2e-tests-local.sh $(TEST) +.PHONY: test-e2e-local + +# Generate an aggregated knative release yaml file, as well as a CI file with replaced image references +generate-release: + ./openshift/release/generate-release.sh $(RELEASE) +.PHONY: generate-release diff --git a/OWNERS b/OWNERS index f7b7aa9049..694f96bf23 100644 --- a/OWNERS +++ b/OWNERS @@ -1,13 +1,18 @@ -# Sponsored by the Event Delivery WG -# At least one WG lead from https://github.com/knative/community/blob/master/working-groups/WORKING-GROUPS.md#event-delivery -# must be in the "approvers" list. +# The OWNERS file is used by prow to automatically merge approved PRs. + approvers: -- technical-oversight-committee -- knative-release-leads -- eventing-writers -- eventing-kafka-broker-approvers +- alanfx +- aliok +- creydr +- lberk +- matzew +- mgencur +- pierDipi +- warrenvw reviewers: -- eventing-writers -- eventing-kafka-broker-approvers -- eventing-kafka-broker-reviewers +- aliok +- creydr +- lberk +- matzew +- pierDipi diff --git a/control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml b/control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml deleted file mode 100644 index c0e280d1c3..0000000000 --- a/control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2019 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: knative-eventing - labels: - app.kubernetes.io/version: devel - knative.dev/config-propagation: original - knative.dev/config-category: eventing - annotations: - knative.dev/example-checksum: "4002b4c2" -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # This may be "zipkin" or "stackdriver", the default is "none" - backend: "none" - - # URL to zipkin collector where traces are sent. - # This must be specified when backend is "zipkin" - zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - - # Enable zipkin debug mode. This allows all spans to be sent to the server - # bypassing sampling. - debug: "false" - - # Percentage (0-1) of requests to trace - sample-rate: "0.1" diff --git a/control-plane/config/eventing-kafka-broker/200-controller/500-controller.yaml b/control-plane/config/eventing-kafka-broker/200-controller/500-controller.yaml index 58133f2dc2..57ac761294 100644 --- a/control-plane/config/eventing-kafka-broker/200-controller/500-controller.yaml +++ b/control-plane/config/eventing-kafka-broker/200-controller/500-controller.yaml @@ -195,6 +195,4 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault restartPolicy: Always diff --git a/control-plane/config/eventing-kafka-broker/200-webhook/500-webhook.yaml b/control-plane/config/eventing-kafka-broker/200-webhook/500-webhook.yaml index 2fd93ed6d2..f22cddd391 100644 --- a/control-plane/config/eventing-kafka-broker/200-webhook/500-webhook.yaml +++ b/control-plane/config/eventing-kafka-broker/200-webhook/500-webhook.yaml @@ -89,8 +89,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault ports: - name: https-webhook diff --git a/control-plane/config/eventing-kafka-source/200-controller/500-controller.yaml b/control-plane/config/eventing-kafka-source/200-controller/500-controller.yaml index f8f63db84b..cf07073afc 100644 --- a/control-plane/config/eventing-kafka-source/200-controller/500-controller.yaml +++ b/control-plane/config/eventing-kafka-source/200-controller/500-controller.yaml @@ -112,6 +112,4 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault restartPolicy: Always diff --git a/control-plane/config/post-install/500-post-install-job.yaml b/control-plane/config/post-install/500-post-install-job.yaml index cf3a7b06ee..ebcd304262 100644 --- a/control-plane/config/post-install/500-post-install-job.yaml +++ b/control-plane/config/post-install/500-post-install-job.yaml @@ -51,5 +51,3 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault diff --git a/control-plane/config/post-install/500-storage-version-migrator.yaml b/control-plane/config/post-install/500-storage-version-migrator.yaml index eb3c5abb38..5ab9c39c2d 100644 --- a/control-plane/config/post-install/500-storage-version-migrator.yaml +++ b/control-plane/config/post-install/500-storage-version-migrator.yaml @@ -51,5 +51,3 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault diff --git a/control-plane/pkg/reconciler/broker/namespaced_broker.go b/control-plane/pkg/reconciler/broker/namespaced_broker.go index d8b4a0a230..dab36bf7c1 100644 --- a/control-plane/pkg/reconciler/broker/namespaced_broker.go +++ b/control-plane/pkg/reconciler/broker/namespaced_broker.go @@ -412,6 +412,7 @@ func (r *NamespacedReconciler) configMapsFromSystemNamespace(broker *eventing.Br "config-tracing", "config-features", "kafka-config-logging", + "config-openshift-trusted-cabundle", } resources := make([]unstructured.Unstructured, 0, len(configMaps)) for _, name := range configMaps { diff --git a/data-plane/config/broker/500-dispatcher.yaml b/data-plane/config/broker/500-dispatcher.yaml index 27d9ecc444..9540f412a3 100644 --- a/data-plane/config/broker/500-dispatcher.yaml +++ b/data-plane/config/broker/500-dispatcher.yaml @@ -121,16 +121,13 @@ spec: - name: WAIT_STARTUP_SECONDS value: "8" - name: JAVA_TOOL_OPTIONS - value: "-XX:+CrashOnOutOfMemoryError -XX:InitialRAMPercentage=70.0 -XX:MinRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0" + value: "-XX:+CrashOnOutOfMemoryError" resources: requests: cpu: 1000m # 600Mi for virtual replicas + 100Mi overhead memory: 700Mi - limits: - cpu: 2000m - memory: 1000Mi livenessProbe: failureThreshold: 3 @@ -158,8 +155,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault volumes: - name: config-kafka-broker-data-plane configMap: diff --git a/data-plane/config/broker/500-receiver.yaml b/data-plane/config/broker/500-receiver.yaml index 46dadb5535..4a88d62c4e 100644 --- a/data-plane/config/broker/500-receiver.yaml +++ b/data-plane/config/broker/500-receiver.yaml @@ -165,8 +165,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault volumes: - name: kafka-broker-brokers-triggers configMap: diff --git a/data-plane/config/channel/500-dispatcher.yaml b/data-plane/config/channel/500-dispatcher.yaml index 763a4cb234..b10154145e 100644 --- a/data-plane/config/channel/500-dispatcher.yaml +++ b/data-plane/config/channel/500-dispatcher.yaml @@ -121,16 +121,13 @@ spec: - name: WAIT_STARTUP_SECONDS value: "8" - name: JAVA_TOOL_OPTIONS - value: "-XX:+CrashOnOutOfMemoryError -XX:InitialRAMPercentage=70.0 -XX:MinRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0" + value: "-XX:+CrashOnOutOfMemoryError" resources: requests: cpu: 1000m # 600Mi for virtual replicas + 100Mi overhead memory: 700Mi - limits: - cpu: 2000m - memory: 1000Mi livenessProbe: failureThreshold: 3 @@ -158,8 +155,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault volumes: - name: config-kafka-channel-data-plane configMap: diff --git a/data-plane/config/channel/500-receiver.yaml b/data-plane/config/channel/500-receiver.yaml index f3e8f9d07c..fbb31f0313 100644 --- a/data-plane/config/channel/500-receiver.yaml +++ b/data-plane/config/channel/500-receiver.yaml @@ -166,8 +166,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault volumes: - name: kafka-channel-channels-subscriptions configMap: diff --git a/data-plane/config/sink/500-receiver.yaml b/data-plane/config/sink/500-receiver.yaml index 6a7ed65d0b..e29d2ba988 100644 --- a/data-plane/config/sink/500-receiver.yaml +++ b/data-plane/config/sink/500-receiver.yaml @@ -165,8 +165,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault volumes: - name: kafka-sink-sinks configMap: diff --git a/data-plane/config/source/500-dispatcher.yaml b/data-plane/config/source/500-dispatcher.yaml index 5c1a832d5a..65857cea9c 100644 --- a/data-plane/config/source/500-dispatcher.yaml +++ b/data-plane/config/source/500-dispatcher.yaml @@ -121,16 +121,13 @@ spec: - name: WAIT_STARTUP_SECONDS value: "8" - name: JAVA_TOOL_OPTIONS - value: "-XX:+CrashOnOutOfMemoryError -XX:InitialRAMPercentage=70.0 -XX:MinRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0" + value: "-XX:+CrashOnOutOfMemoryError" resources: requests: cpu: 1000m # 600Mi for virtual replicas + 100Mi overhead memory: 700Mi - limits: - cpu: 2000m - memory: 1000Mi livenessProbe: failureThreshold: 3 @@ -158,8 +155,6 @@ spec: capabilities: drop: - ALL - seccompProfile: - type: RuntimeDefault volumes: - name: config-kafka-source-data-plane configMap: diff --git a/hack/update-checksums.sh b/hack/update-checksums.sh index dbd572b5bd..e283f983b9 100755 --- a/hack/update-checksums.sh +++ b/hack/update-checksums.sh @@ -26,7 +26,6 @@ fi source $(dirname $0)/../vendor/knative.dev/hack/library.sh -go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-logging.yaml go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-kafka-leader-election.yaml go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-kafka-features.yaml diff --git a/openshift/ci-operator/build-image/Dockerfile b/openshift/ci-operator/build-image/Dockerfile new file mode 100755 index 0000000000..deaa531992 --- /dev/null +++ b/openshift/ci-operator/build-image/Dockerfile @@ -0,0 +1,26 @@ +# DO NOT EDIT! Generated Dockerfile. + +FROM registry.ci.openshift.org/ocp/4.17:cli-artifacts as tools + +# Dockerfile to bootstrap build and test in openshift-ci +FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 as builder + +ARG TARGETARCH + +COPY --from=tools /usr/share/openshift/linux_$TARGETARCH/oc.rhel8 /usr/bin/oc + +RUN ln -s /usr/bin/oc /usr/bin/kubectl + +RUN yum install -y httpd-tools + +RUN wget https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \ + chmod 700 ./get-helm-3 + +RUN ./get-helm-3 --version v3.11.3 --no-sudo && helm version + +RUN GOFLAGS='' go install github.com/mikefarah/yq/v3@latest +RUN GOFLAGS='' go install -tags="exclude_graphdriver_btrfs containers_image_openpgp" github.com/containers/skopeo/cmd/skopeo@v1.16.1 + +# go install creates $GOPATH/.cache with root permissions, we delete it here +# to avoid permission issues with the runtime users +RUN rm -rf $GOPATH/.cache diff --git a/openshift/ci-operator/knative-images/event_display/Dockerfile b/openshift/ci-operator/knative-images/event_display/Dockerfile new file mode 100755 index 0000000000..fe8903e129 --- /dev/null +++ b/openshift/ci-operator/knative-images/event_display/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/cmd/event_display. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/cmd/event_display +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/cmd/event_display + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/event_display + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-event-display-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-event-display-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Event Display" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Event Display" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Event Display" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Event Display" \ + io.openshift.tags="event-display" + +ENTRYPOINT ["/usr/bin/event_display"] diff --git a/openshift/ci-operator/knative-images/heartbeats/Dockerfile b/openshift/ci-operator/knative-images/heartbeats/Dockerfile new file mode 100755 index 0000000000..4a2af058f4 --- /dev/null +++ b/openshift/ci-operator/knative-images/heartbeats/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/cmd/heartbeats. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/cmd/heartbeats +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/cmd/heartbeats + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/heartbeats + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-heartbeats-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-heartbeats-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Heartbeats" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Heartbeats" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Heartbeats" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Heartbeats" \ + io.openshift.tags="heartbeats" + +ENTRYPOINT ["/usr/bin/heartbeats"] diff --git a/openshift/ci-operator/knative-images/kafka-controller/Dockerfile b/openshift/ci-operator/knative-images/kafka-controller/Dockerfile new file mode 100755 index 0000000000..1b6f84ae86 --- /dev/null +++ b/openshift/ci-operator/knative-images/kafka-controller/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for control-plane/cmd/kafka-controller. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/control-plane/cmd/kafka-controller +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./control-plane/cmd/kafka-controller + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/kafka-controller + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-kafka-controller-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-kafka-controller-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Kafka Controller" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Kafka Controller" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Kafka Controller" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Kafka Controller" \ + io.openshift.tags="kafka-controller" + +ENTRYPOINT ["/usr/bin/kafka-controller"] diff --git a/openshift/ci-operator/knative-images/kafka-source-controller/Dockerfile b/openshift/ci-operator/knative-images/kafka-source-controller/Dockerfile new file mode 100755 index 0000000000..75bd36c0b5 --- /dev/null +++ b/openshift/ci-operator/knative-images/kafka-source-controller/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for control-plane/cmd/kafka-source-controller. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/control-plane/cmd/kafka-source-controller +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./control-plane/cmd/kafka-source-controller + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/kafka-source-controller + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-kafka-source-controller-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-kafka-source-controller-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Kafka Source Controller" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Kafka Source Controller" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Kafka Source Controller" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Kafka Source Controller" \ + io.openshift.tags="kafka-source-controller" + +ENTRYPOINT ["/usr/bin/kafka-source-controller"] diff --git a/openshift/ci-operator/knative-images/migrate/Dockerfile b/openshift/ci-operator/knative-images/migrate/Dockerfile new file mode 100755 index 0000000000..67e1e21749 --- /dev/null +++ b/openshift/ci-operator/knative-images/migrate/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/migrate + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-migrate-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-migrate-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Migrate" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Migrate" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Migrate" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Migrate" \ + io.openshift.tags="migrate" + +ENTRYPOINT ["/usr/bin/migrate"] diff --git a/openshift/ci-operator/knative-images/post-install/Dockerfile b/openshift/ci-operator/knative-images/post-install/Dockerfile new file mode 100755 index 0000000000..ae588ab69e --- /dev/null +++ b/openshift/ci-operator/knative-images/post-install/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for control-plane/cmd/post-install. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/control-plane/cmd/post-install +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./control-plane/cmd/post-install + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/post-install + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-post-install-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-post-install-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Post Install" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Post Install" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Post Install" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Post Install" \ + io.openshift.tags="post-install" + +ENTRYPOINT ["/usr/bin/post-install"] diff --git a/openshift/ci-operator/knative-images/webhook-kafka/Dockerfile b/openshift/ci-operator/knative-images/webhook-kafka/Dockerfile new file mode 100755 index 0000000000..edc07a2a82 --- /dev/null +++ b/openshift/ci-operator/knative-images/webhook-kafka/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for control-plane/cmd/webhook-kafka. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/control-plane/cmd/webhook-kafka +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./control-plane/cmd/webhook-kafka + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/webhook-kafka + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-webhook-kafka-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-webhook-kafka-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Webhook Kafka" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Webhook Kafka" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Webhook Kafka" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Webhook Kafka" \ + io.openshift.tags="webhook-kafka" + +ENTRYPOINT ["/usr/bin/webhook-kafka"] diff --git a/openshift/ci-operator/knative-test-images/committed-offset/Dockerfile b/openshift/ci-operator/knative-test-images/committed-offset/Dockerfile new file mode 100755 index 0000000000..8c72553695 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/committed-offset/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for test/test_images/committed-offset. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/test/test_images/committed-offset +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./test/test_images/committed-offset + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/committed-offset + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-test-test-images-committed-offset-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-test-test-images-committed-offset-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Committed Offset" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Committed Offset" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Committed Offset" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Test Test Images Committed Offset" \ + io.openshift.tags="test-test-images-committed-offset" + +ENTRYPOINT ["/usr/bin/committed-offset"] diff --git a/openshift/ci-operator/knative-test-images/consumer-group-lag-provider-test/Dockerfile b/openshift/ci-operator/knative-test-images/consumer-group-lag-provider-test/Dockerfile new file mode 100755 index 0000000000..b012b1f8f3 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/consumer-group-lag-provider-test/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for test/test_images/consumer-group-lag-provider-test. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/test/test_images/consumer-group-lag-provider-test +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./test/test_images/consumer-group-lag-provider-test + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/consumer-group-lag-provider-test + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-test-test-images-consumer-group-lag-provider-test-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-test-test-images-consumer-group-lag-provider-test-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Consumer Group Lag Provider Test" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Consumer Group Lag Provider Test" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Consumer Group Lag Provider Test" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Test Test Images Consumer Group Lag Provider Test" \ + io.openshift.tags="test-test-images-consumer-group-lag-provider-test" + +ENTRYPOINT ["/usr/bin/consumer-group-lag-provider-test"] diff --git a/openshift/ci-operator/knative-test-images/event-sender/Dockerfile b/openshift/ci-operator/knative-test-images/event-sender/Dockerfile new file mode 100755 index 0000000000..914546ddb7 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/event-sender/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/event-sender. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/event-sender +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/event-sender + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/event-sender + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-event-sender-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-event-sender-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Event Sender" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Event Sender" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Event Sender" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Event Sender" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-event-sender" + +ENTRYPOINT ["/usr/bin/event-sender"] diff --git a/openshift/ci-operator/knative-test-images/eventshub/Dockerfile b/openshift/ci-operator/knative-test-images/eventshub/Dockerfile new file mode 100755 index 0000000000..58cc4d7c84 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/eventshub/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/reconciler-test/cmd/eventshub. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/reconciler-test/cmd/eventshub +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/reconciler-test/cmd/eventshub + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/eventshub + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-eventshub-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-eventshub-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Eventshub" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Eventshub" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Eventshub" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Eventshub" \ + io.openshift.tags="eventshub" + +ENTRYPOINT ["/usr/bin/eventshub"] diff --git a/openshift/ci-operator/knative-test-images/kafka-consumer/Dockerfile b/openshift/ci-operator/knative-test-images/kafka-consumer/Dockerfile new file mode 100755 index 0000000000..9388647b40 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/kafka-consumer/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for test/test_images/kafka-consumer. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/test/test_images/kafka-consumer +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./test/test_images/kafka-consumer + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/kafka-consumer + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-test-test-images-kafka-consumer-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-test-test-images-kafka-consumer-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Kafka Consumer" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Kafka Consumer" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Test Test Images Kafka Consumer" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Test Test Images Kafka Consumer" \ + io.openshift.tags="test-test-images-kafka-consumer" + +ENTRYPOINT ["/usr/bin/kafka-consumer"] diff --git a/openshift/ci-operator/knative-test-images/logs-exporter/Dockerfile b/openshift/ci-operator/knative-test-images/logs-exporter/Dockerfile new file mode 100755 index 0000000000..61aee54c9f --- /dev/null +++ b/openshift/ci-operator/knative-test-images/logs-exporter/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for test/cmd/logs-exporter. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/test/cmd/logs-exporter +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./test/cmd/logs-exporter + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/logs-exporter + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-logs-exporter-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-logs-exporter-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Logs Exporter" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Logs Exporter" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Logs Exporter" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Logs Exporter" \ + io.openshift.tags="logs-exporter" + +ENTRYPOINT ["/usr/bin/logs-exporter"] diff --git a/openshift/ci-operator/knative-test-images/print/Dockerfile b/openshift/ci-operator/knative-test-images/print/Dockerfile new file mode 100755 index 0000000000..2b2321847f --- /dev/null +++ b/openshift/ci-operator/knative-test-images/print/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/print. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/print +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/print + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/print + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-print-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-print-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Print" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Print" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Print" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Print" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-print" + +ENTRYPOINT ["/usr/bin/print"] diff --git a/openshift/ci-operator/knative-test-images/recordevents/Dockerfile b/openshift/ci-operator/knative-test-images/recordevents/Dockerfile new file mode 100755 index 0000000000..ffae04ca9b --- /dev/null +++ b/openshift/ci-operator/knative-test-images/recordevents/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/recordevents. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/recordevents +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/recordevents + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/recordevents + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-recordevents-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-recordevents-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Recordevents" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Recordevents" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Recordevents" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Recordevents" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-recordevents" + +ENTRYPOINT ["/usr/bin/recordevents"] diff --git a/openshift/ci-operator/knative-test-images/request-sender/Dockerfile b/openshift/ci-operator/knative-test-images/request-sender/Dockerfile new file mode 100755 index 0000000000..28c97b57e2 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/request-sender/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/request-sender. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/request-sender +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/request-sender + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/request-sender + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-request-sender-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-request-sender-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Request Sender" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Request Sender" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Request Sender" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Request Sender" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-request-sender" + +ENTRYPOINT ["/usr/bin/request-sender"] diff --git a/openshift/ci-operator/knative-test-images/watch-cm/Dockerfile b/openshift/ci-operator/knative-test-images/watch-cm/Dockerfile new file mode 100755 index 0000000000..c172886d2c --- /dev/null +++ b/openshift/ci-operator/knative-test-images/watch-cm/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for test/cmd/watch-cm. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/test/cmd/watch-cm +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./test/cmd/watch-cm + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/watch-cm + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-watch-cm-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-watch-cm-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Watch Cm" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Watch Cm" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Watch Cm" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Watch Cm" \ + io.openshift.tags="watch-cm" + +ENTRYPOINT ["/usr/bin/watch-cm"] diff --git a/openshift/ci-operator/knative-test-images/wathola-fetcher/Dockerfile b/openshift/ci-operator/knative-test-images/wathola-fetcher/Dockerfile new file mode 100755 index 0000000000..38d99132b2 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/wathola-fetcher/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/wathola-fetcher. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/wathola-fetcher +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/wathola-fetcher + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/wathola-fetcher + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-fetcher-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-fetcher-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Fetcher" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Fetcher" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Fetcher" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Fetcher" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-wathola-fetcher" + +ENTRYPOINT ["/usr/bin/wathola-fetcher"] diff --git a/openshift/ci-operator/knative-test-images/wathola-forwarder/Dockerfile b/openshift/ci-operator/knative-test-images/wathola-forwarder/Dockerfile new file mode 100755 index 0000000000..607ba57e4a --- /dev/null +++ b/openshift/ci-operator/knative-test-images/wathola-forwarder/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/wathola-forwarder. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/wathola-forwarder +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/wathola-forwarder + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/wathola-forwarder + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-forwarder-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-forwarder-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Forwarder" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Forwarder" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Forwarder" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Forwarder" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-wathola-forwarder" + +ENTRYPOINT ["/usr/bin/wathola-forwarder"] diff --git a/openshift/ci-operator/knative-test-images/wathola-receiver/Dockerfile b/openshift/ci-operator/knative-test-images/wathola-receiver/Dockerfile new file mode 100755 index 0000000000..4fb10c0111 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/wathola-receiver/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/wathola-receiver. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/wathola-receiver +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/wathola-receiver + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/wathola-receiver + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-receiver-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-receiver-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Receiver" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Receiver" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Receiver" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Receiver" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-wathola-receiver" + +ENTRYPOINT ["/usr/bin/wathola-receiver"] diff --git a/openshift/ci-operator/knative-test-images/wathola-sender/Dockerfile b/openshift/ci-operator/knative-test-images/wathola-sender/Dockerfile new file mode 100755 index 0000000000..21872f7465 --- /dev/null +++ b/openshift/ci-operator/knative-test-images/wathola-sender/Dockerfile @@ -0,0 +1,34 @@ +# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/test/test_images/wathola-sender. +ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.22-openshift-4.17 +ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal + +FROM $GO_BUILDER as builder + +WORKDIR /go/src/vendor/knative.dev/eventing/test/test_images/wathola-sender +COPY . . + +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=strictfipsruntime + +RUN go build -tags strictfipsruntime -o /usr/bin/main ./vendor/knative.dev/eventing/test/test_images/wathola-sender + +FROM $GO_RUNTIME + +ARG VERSION=knative-nightly + +COPY --from=builder /usr/bin/main /usr/bin/wathola-sender + +USER 65532 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-sender-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-vendor-knative.dev-eventing-test-test-images-wathola-sender-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Sender" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Sender" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Sender" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Vendor Knative.Dev Eventing Test Test Images Wathola Sender" \ + io.openshift.tags="vendor-knative.dev-eventing-test-test-images-wathola-sender" + +ENTRYPOINT ["/usr/bin/wathola-sender"] diff --git a/openshift/ci-operator/source-image/Dockerfile b/openshift/ci-operator/source-image/Dockerfile new file mode 100755 index 0000000000..0bc58d0cd0 --- /dev/null +++ b/openshift/ci-operator/source-image/Dockerfile @@ -0,0 +1,7 @@ +# DO NOT EDIT! Generated Dockerfile. + +FROM src + +RUN chmod +x vendor/k8s.io/code-generator/generate-groups.sh || true +RUN chmod +x vendor/knative.dev/pkg/hack/generate-knative.sh || true +RUN chmod +x vendor/k8s.io/code-generator/generate-internal-groups.sh || true diff --git a/openshift/ci-operator/static-images/dispatcher/Dockerfile b/openshift/ci-operator/static-images/dispatcher/Dockerfile new file mode 100644 index 0000000000..de88d80660 --- /dev/null +++ b/openshift/ci-operator/static-images/dispatcher/Dockerfile @@ -0,0 +1,49 @@ +# +# Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM registry.access.redhat.com/ubi8/openjdk-21 as builder + +WORKDIR /build + +USER root + +COPY /data-plane/pom.xml . +COPY /data-plane/.editorconfig . +COPY /data-plane/core/pom.xml core/pom.xml +COPY /data-plane/receiver/pom.xml receiver/pom.xml +COPY /data-plane/receiver-loom/pom.xml receiver-loom/pom.xml +COPY /data-plane/dispatcher/pom.xml dispatcher/pom.xml +COPY /data-plane/dispatcher-loom/pom.xml dispatcher-loom/pom.xml +COPY /data-plane/contract/pom.xml contract/pom.xml + +# Install dependencies. Note: don't build a single submodule (receiver or dispatcher) since it just slows down +# consecutive builds. +RUN mvn install -am -DskipTests -Drelease -Dlicense.skip -Deditorconfig.skip --no-transfer-progress + +COPY /data-plane/ . + +RUN mvn package -pl=dispatcher-loom -Drelease -am -DskipTests -Deditorconfig.skip --no-transfer-progress + +RUN mkdir /app && cp /build/dispatcher-loom/target/dispatcher-loom-1.0-SNAPSHOT.jar /app/app.jar + +# We use the generated JDK from the "builder" image, so we can just go with the ubi-minimal +FROM registry.access.redhat.com/ubi8/openjdk-21-runtime as running + +USER 185 + +COPY --from=builder /app /app + +ENTRYPOINT ["java", "-jar", "/app/app.jar"] diff --git a/openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile b/openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile new file mode 100644 index 0000000000..59f14c8b56 --- /dev/null +++ b/openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile @@ -0,0 +1,55 @@ +# +# Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ARG JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21 +ARG JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime +ARG DEPS_IMAGE +ARG VERSION="" + +FROM $DEPS_IMAGE AS deps + +FROM $JAVA_BUILDER AS builder + +USER root + +WORKDIR /build + +COPY --from=deps /third_party/maven/ /third_party/maven/ + +COPY /data-plane . + +RUN mvn -Dmaven.repo.local=/third_party/maven --offline package -pl=dispatcher-loom -Drelease -am -DskipTests --no-transfer-progress + +RUN mkdir /app && cp /build/dispatcher-loom/target/dispatcher-loom-1.0-SNAPSHOT.jar /app/app.jar + +FROM $JAVA_RUNTIME AS running + +USER 185 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-dispatcher-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Dispatcher" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Dispatcher" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Dispatcher" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Dispatcher" \ + io.openshift.tags=dispatcher + +COPY --from=builder /app /app + +ENTRYPOINT ["java", "-jar", "/app/app.jar"] diff --git a/openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile.deps b/openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile.deps new file mode 100644 index 0000000000..601484a834 --- /dev/null +++ b/openshift/ci-operator/static-images/dispatcher/hermetic/Dockerfile.deps @@ -0,0 +1,34 @@ +# +# Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ARG JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21 + +FROM $JAVA_BUILDER + +USER root + +WORKDIR /build + +COPY /data-plane/pom.xml . +COPY /data-plane/core/pom.xml core/pom.xml +COPY /data-plane/receiver/pom.xml receiver/pom.xml +COPY /data-plane/receiver-loom/pom.xml receiver-loom/pom.xml +COPY /data-plane/dispatcher/pom.xml dispatcher/pom.xml +COPY /data-plane/dispatcher-loom/pom.xml dispatcher-loom/pom.xml +COPY /data-plane/contract/pom.xml contract/pom.xml + +RUN mvn package dependency:go-offline -Drelease -DskipTests -Dmaven.repo.local=/third_party/maven +RUN find /third_party/maven/ -path "*_remote.repositories" | xargs -I{} rm {} diff --git a/openshift/ci-operator/static-images/receiver/Dockerfile b/openshift/ci-operator/static-images/receiver/Dockerfile new file mode 100644 index 0000000000..084444eef1 --- /dev/null +++ b/openshift/ci-operator/static-images/receiver/Dockerfile @@ -0,0 +1,51 @@ +# +# Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FROM registry.access.redhat.com/ubi8/openjdk-21 as builder + +WORKDIR /build + +USER root + +COPY /data-plane/pom.xml . +COPY /data-plane/.editorconfig . +COPY /data-plane/core/pom.xml core/pom.xml +COPY /data-plane/receiver/pom.xml receiver/pom.xml +COPY /data-plane/receiver-loom/pom.xml receiver-loom/pom.xml +COPY /data-plane/dispatcher/pom.xml dispatcher/pom.xml +COPY /data-plane/dispatcher-loom/pom.xml dispatcher-loom/pom.xml +COPY /data-plane/contract/pom.xml contract/pom.xml +COPY /data-plane/mvnw . +COPY /data-plane/.mvn/wrapper .mvn/wrapper + +# Install dependencies. Note: don't build a single submodule (receiver or dispatcher) since it just slows down +# consecutive builds. +RUN mvn install -am -DskipTests -Drelease -Dlicense.skip -Deditorconfig.skip --no-transfer-progress + +COPY /data-plane/ . + +RUN mvn package -pl=receiver-loom -Drelease -am -DskipTests -Deditorconfig.skip --no-transfer-progress + +RUN mkdir /app && cp /build/receiver-loom/target/receiver-loom-1.0-SNAPSHOT.jar /app/app.jar + +# We use the generated JDK from the "builder" image, so we can just go with the ubi-minimal +FROM registry.access.redhat.com/ubi8/openjdk-21-runtime as running + +USER 185 + +COPY --from=builder /app /app + +ENTRYPOINT ["java", "-jar", "/app/app.jar"] diff --git a/openshift/ci-operator/static-images/receiver/hermetic/Dockerfile b/openshift/ci-operator/static-images/receiver/hermetic/Dockerfile new file mode 100644 index 0000000000..c48f2ad6e5 --- /dev/null +++ b/openshift/ci-operator/static-images/receiver/hermetic/Dockerfile @@ -0,0 +1,55 @@ +# +# Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ARG JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21 +ARG JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime +ARG DEPS_IMAGE +ARG VERSION="" + +FROM $DEPS_IMAGE AS deps + +FROM $JAVA_BUILDER AS builder + +USER root + +WORKDIR /build + +COPY --from=deps /third_party/maven/ /third_party/maven/ + +COPY /data-plane . + +RUN mvn -Dmaven.repo.local=/third_party/maven --offline package -pl=receiver-loom -Drelease -am -DskipTests --no-transfer-progress + +RUN mkdir /app && cp /build/receiver-loom/target/receiver-loom-1.0-SNAPSHOT.jar /app/app.jar + +FROM $JAVA_RUNTIME AS running + +USER 185 + +LABEL \ + com.redhat.component="openshift-serverless-1-eventing-kafka-broker-receiver-rhel8-container" \ + name="openshift-serverless-1/eventing-kafka-broker-receiver-rhel8" \ + version=$VERSION \ + summary="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Receiver" \ + maintainer="serverless-support@redhat.com" \ + description="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Receiver" \ + io.k8s.display-name="Red Hat OpenShift Serverless 1 Eventing Kafka Broker Receiver" \ + io.k8s.description="Red Hat OpenShift Serverless Eventing Kafka Broker Receiver" \ + io.openshift.tags=receiver + +COPY --from=builder /app /app + +ENTRYPOINT ["java", "-jar", "/app/app.jar"] diff --git a/openshift/ci-operator/static-images/receiver/hermetic/Dockerfile.deps b/openshift/ci-operator/static-images/receiver/hermetic/Dockerfile.deps new file mode 100644 index 0000000000..601484a834 --- /dev/null +++ b/openshift/ci-operator/static-images/receiver/hermetic/Dockerfile.deps @@ -0,0 +1,34 @@ +# +# Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +ARG JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21 + +FROM $JAVA_BUILDER + +USER root + +WORKDIR /build + +COPY /data-plane/pom.xml . +COPY /data-plane/core/pom.xml core/pom.xml +COPY /data-plane/receiver/pom.xml receiver/pom.xml +COPY /data-plane/receiver-loom/pom.xml receiver-loom/pom.xml +COPY /data-plane/dispatcher/pom.xml dispatcher/pom.xml +COPY /data-plane/dispatcher-loom/pom.xml dispatcher-loom/pom.xml +COPY /data-plane/contract/pom.xml contract/pom.xml + +RUN mvn package dependency:go-offline -Drelease -DskipTests -Dmaven.repo.local=/third_party/maven +RUN find /third_party/maven/ -path "*_remote.repositories" | xargs -I{} rm {} diff --git a/openshift/e2e-common.sh b/openshift/e2e-common.sh new file mode 100755 index 0000000000..4a30b42328 --- /dev/null +++ b/openshift/e2e-common.sh @@ -0,0 +1,201 @@ +#!/usr/bin/env bash + +if [[ -n "${ARTIFACT_DIR:-}" ]]; then + BUILD_NUMBER=${BUILD_NUMBER:-$(head -c 128 < /dev/urandom | base64 | fold -w 8 | head -n 1)} + ARTIFACTS="${ARTIFACT_DIR}/build-${BUILD_NUMBER}" + export ARTIFACTS + mkdir -p "${ARTIFACTS}" +fi + +export EVENTING_NAMESPACE="${EVENTING_NAMESPACE:-knative-eventing}" +export SYSTEM_NAMESPACE=$EVENTING_NAMESPACE +export TRACING_NAMESPACE=$EVENTING_NAMESPACE +export KNATIVE_DEFAULT_NAMESPACE=$EVENTING_NAMESPACE + +export SKIP_GENERATE_RELEASE=${SKIP_GENERATE_RELEASE:-false} + +export INSTALL_KEDA="${INSTALL_KEDA:-false}" + +default_test_image_template=$( + cat <<-END +{{- with .Name }} +{{- if eq . "event-sender"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_EVENT_SENDER{{end -}} +{{- if eq . "heartbeats"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_HEARTBEATS{{end -}} +{{- if eq . "eventshub"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_EVENTSHUB{{end -}} +{{- if eq . "recordevents"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_RECORDEVENTS{{end -}} +{{- if eq . "print"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_PRINT{{end -}} +{{- if eq . "performance"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_PERFORMANCE{{end -}} +{{- if eq . "committed-offset"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_COMMITTED_OFFSET{{end -}} +{{- if eq . "consumer-group-lag-provider-test"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_CONSUMER_GROUP_LAG_PROVIDER_TEST{{end -}} +{{- if eq . "kafka-consumer"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_KAFKA_CONSUMER{{end -}} +{{- if eq . "partitions-replication-verifier"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_PARTITIONS_REPLICATION_VERIFIER{{end -}} +{{- if eq . "request-sender"}}$KNATIVE_EVENTING_KAFKA_BROKER_TEST_REQUEST_SENDER{{end -}} +{{end -}} +END +) + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +export TEST_IMAGE_TEMPLATE=${TEST_IMAGE_TEMPLATE:-$default_test_image_template} + +# shellcheck disable=SC1090 +source "${SCRIPT_DIR}/../test/e2e-common.sh" + +# Loops until duration (car) is exceeded or command (cdr) returns non-zero +function timeout() { + SECONDS=0 + TIMEOUT=$1 + shift + while eval $*; do + sleep 5 + [[ $SECONDS -gt $TIMEOUT ]] && echo "ERROR: Timed out" && return 1 + done + return 0 +} + +function install_serverless() { + header "Installing Serverless Operator" + + cat <. For exponential policy, backoff delay is backoffDelay*2^." + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + retryAfterMax: + description: "RetryAfterMax provides an optional upper bound on the duration specified in a \"Retry-After\" header when calculating backoff times for retrying 429 and 503 response codes. Setting the value to zero (\"PT0S\") can be used to opt-out of respecting \"Retry-After\" header values altogether. This value only takes effect if \"Retry\" is configured, and also depends on specific implementations (Channels, Sources, etc.) choosing to provide this capability. \n Note: This API is EXPERIMENTAL and might be changed at anytime. While this experimental feature is in the Alpha/Beta stage, you must provide a valid value to opt-in for supporting \"Retry-After\" headers. When the feature becomes Stable/GA \"Retry-After\" headers will be respected by default, and you can choose to specify \"PT0S\" to opt-out of supporting \"Retry-After\" headers. For more details: https://github.com/knative/eventing/issues/5811 \n More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601" + type: string + timeout: + description: "Timeout is the timeout of each single request. The value must be greater than 0. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5148" + type: string + initialOffset: + description: InitialOffset is the Initial Offset for the consumer group. should be earliest or latest + type: string + net: + type: object + properties: + sasl: + type: object + properties: + enable: + type: boolean + password: + description: Password is the Kubernetes secret containing the SASL password. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + type: + description: Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256) + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + user: + description: User is the Kubernetes secret containing the SASL username. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + tls: + type: object + properties: + caCert: + description: CACert is the Kubernetes secret containing the server CA cert. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + cert: + description: Cert is the Kubernetes secret containing the client certificate. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + enable: + type: boolean + key: + description: Key is the Kubernetes secret containing the client key. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + ordering: + description: Ordering is the type of the consumer verticle. Should be ordered or unordered. By default, it is ordered. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the sink. + type: string + topics: + description: Topic topics to consume messages from + type: array + items: + type: string + status: + description: KafkaSourceStatus defines the observed state of KafkaSource. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + description: CloudEventAttributes specifies the attributes that a Source uses as part of its CloudEvents. + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + claims: + description: Claims consumed by this KafkaSource instance + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + consumers: + description: Total number of consumers actually running in the consumer group. + type: integer + format: int32 + maxAllowedVReplicas: + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + placements: + type: array + items: + type: object + properties: + podName: + description: PodName is the name of the pod where the resource is placed + type: string + vreplicas: + description: VReplicas is the number of virtual replicas assigned to in the pod + type: integer + format: int32 + selector: + description: Use for labelSelectorPath when scaling Kafka source + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + subresources: + status: {} + scale: + # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. + specReplicasPath: .spec.consumers + # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. + statusReplicasPath: .status.consumers + # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector + labelSelectorPath: .status.selector + additionalPrinterColumns: + - name: Topics + type: string + jsonPath: ".spec.topics" + - name: BootstrapServers + type: string + jsonPath: ".spec.bootstrapServers" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: v1 + served: true + storage: false + schema: + openAPIV3Schema: + description: KafkaSource is the Schema for the kafkasources API. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSourceSpec defines the desired state of the KafkaSource. + type: object + required: + - bootstrapServers + - topics + properties: + bootstrapServers: + description: Bootstrap servers are the Kafka servers the consumer will connect to. + type: array + items: + type: string + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + additionalProperties: + type: string + consumerGroup: + description: ConsumerGroupID is the consumer group ID. + type: string + consumers: + description: "Number of desired consumers running in the consumer group. Defaults to 1. \n This is a pointer to distinguish between explicit zero and not specified." + type: integer + format: int32 + delivery: + description: Delivery contains the delivery spec for this source + type: object + properties: + backoffDelay: + description: "BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^." + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + retryAfterMax: + description: "RetryAfterMax provides an optional upper bound on the duration specified in a \"Retry-After\" header when calculating backoff times for retrying 429 and 503 response codes. Setting the value to zero (\"PT0S\") can be used to opt-out of respecting \"Retry-After\" header values altogether. This value only takes effect if \"Retry\" is configured, and also depends on specific implementations (Channels, Sources, etc.) choosing to provide this capability. \n Note: This API is EXPERIMENTAL and might be changed at anytime. While this experimental feature is in the Alpha/Beta stage, you must provide a valid value to opt-in for supporting \"Retry-After\" headers. When the feature becomes Stable/GA \"Retry-After\" headers will be respected by default, and you can choose to specify \"PT0S\" to opt-out of supporting \"Retry-After\" headers. For more details: https://github.com/knative/eventing/issues/5811 \n More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601" + type: string + timeout: + description: "Timeout is the timeout of each single request. The value must be greater than 0. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5148" + type: string + initialOffset: + description: InitialOffset is the Initial Offset for the consumer group. should be earliest or latest + type: string + net: + type: object + properties: + sasl: + type: object + properties: + enable: + type: boolean + password: + description: Password is the Kubernetes secret containing the SASL password. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + type: + description: Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256) + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + user: + description: User is the Kubernetes secret containing the SASL username. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + tls: + type: object + properties: + caCert: + description: CACert is the Kubernetes secret containing the server CA cert. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + cert: + description: Cert is the Kubernetes secret containing the client certificate. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + enable: + type: boolean + key: + description: Key is the Kubernetes secret containing the client key. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + ordering: + description: Ordering is the type of the consumer verticle. Should be ordered or unordered. By default, it is ordered. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the sink. + type: string + topics: + description: Topic topics to consume messages from + type: array + items: + type: string + status: + description: KafkaSourceStatus defines the observed state of KafkaSource. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + description: CloudEventAttributes specifies the attributes that a Source uses as part of its CloudEvents. + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + claims: + description: Claims consumed by this KafkaSource instance + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + consumers: + description: Total number of consumers actually running in the consumer group. + type: integer + format: int32 + maxAllowedVReplicas: + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + placements: + type: array + items: + type: object + properties: + podName: + description: PodName is the name of the pod where the resource is placed + type: string + vreplicas: + description: VReplicas is the number of virtual replicas assigned to in the pod + type: integer + format: int32 + selector: + description: Use for labelSelectorPath when scaling Kafka source + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + subresources: + status: {} + scale: + # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. + specReplicasPath: .spec.consumers + # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. + statusReplicasPath: .status.consumers + # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector + labelSelectorPath: .status.selector + additionalPrinterColumns: + - name: Topics + type: string + jsonPath: ".spec.topics" + - name: BootstrapServers + type: string + jsonPath: ".spec.bootstrapServers" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + categories: + - all + - knative + - eventing + - sources + kind: KafkaSource + plural: kafkasources + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The role is needed for the aggregated role source-observer in knative-eventing to provide readonly access to "Sources". +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventing-kafka-source-observer + labels: + app.kubernetes.io/version: nightly + duck.knative.dev/source: "true" +rules: + - apiGroups: + - "sources.knative.dev" + resources: + - "kafkasources" + verbs: + - get + - list + - watch +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-source-defaults + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "b6ed351d" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # autoscalingClass is the autoscaler class name to use. + # valid value: keda.autoscaling.knative.dev + # autoscalingClass: "" + + # minScale is the minimum number of replicas to scale down to. + # minScale: "1" + + # maxScale is the maximum number of replicas to scale up to. + # maxScale: "1" + + # pollingInterval is the interval in seconds KEDA uses to poll metrics. + # pollingInterval: "30" + + # cooldownPeriod is the period of time in seconds KEDA waits until it scales down. + # cooldownPeriod: "300" + + # kafkaLagThreshold is the lag (ie. number of messages in a partition) threshold for KEDA to scale up sources. + # kafkaLagThreshold: "10" +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-channel-config + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkachannels.messaging.knative.dev + labels: + app.kubernetes.io/version: nightly + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" +spec: + group: messaging.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'KafkaChannel is a resource representing a Channel that is backed by a topic of an Apache Kafka cluster.' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + numPartitions: + description: NumPartitions is the number of partitions of a Kafka topic. By default, it is set to 1. + type: integer + format: int32 + default: 1 + replicationFactor: + description: ReplicationFactor is the replication factor of a Kafka topic. By default, it is set to 1. + type: integer + maximum: 32767 + default: 1 + retentionDuration: + description: RetentionDuration is the retention time for events in a Kafka Topic represented as an ISO-8601 Duration. By default it is set to 168 hours, which is the precise form of 7 days. + type: string + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: replyCACerts is the CA certs to trust for the reply. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: SubscriberCACerts is the CA certs to trust for the subscriber. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + status: + description: Status represents the current state of the KafkaChannel. This data may be out of date. + type: object + properties: + address: + type: object + required: + - url + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Kafka Sink is Addressable. It exposes the endpoints as URIs to get events delivered into the Kafka topic. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. + type: string + deadLetterSinkCACerts: + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + kind: KafkaChannel + plural: kafkachannels + singular: kafkachannel + categories: + - all + - knative + - messaging + - channel + shortNames: + - kc + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: kafka-webhook + namespace: knative-eventing + +--- +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/version: nightly + knative.dev/crd-install: "true" + name: consumers.internal.kafka.eventing.knative.dev +spec: + group: internal.kafka.eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: { } + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flesh out the + # schema for each version at this time + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Subscriber + type: string + jsonPath: .status.subscriberUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + kind: Consumer + plural: consumers + singular: consumer + scope: Namespaced +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/version: nightly + knative.dev/crd-install: "true" + name: consumergroups.internal.kafka.eventing.knative.dev +spec: + group: internal.kafka.eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + scale: + # specReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Spec.Replicas. + specReplicasPath: .spec.replicas + # statusReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Replicas. + statusReplicasPath: .status.replicas + # labelSelectorPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Selector + labelSelectorPath: .status.selector + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flesh out the + # schema for each version at this time + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Subscriber + type: string + jsonPath: .status.subscriberUri + - name: Replicas + type: string + jsonPath: .spec.replicas + - name: Ready Replicas + type: string + jsonPath: .status.replicas + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + kind: ConsumerGroup + plural: consumergroups + singular: consumergroup + scope: Namespaced +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-autoscaler + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + class: "keda.autoscaling.knative.dev" + min-scale: "0" + max-scale: "50" + polling-interval: "10" + cooldown-period: "30" + lag-threshold: "100" +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-descheduler + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + predicates: |+ + [] + priorities: |+ + [ + {"Name": "RemoveWithEvenPodSpreadPriority", + "Weight": 10, + "Args": "{\"MaxSkew\": 2}"}, + {"Name": "RemoveWithAvailabilityZonePriority", + "Weight": 10, + "Args": "{\"MaxSkew\": 2}"}, + {"Name": "RemoveWithHighestOrdinalPriority", + "Weight": 2} + ] +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-features + namespace: knative-eventing + annotations: + knative.dev/example-checksum: "cf3393de" +data: + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # Controls whether the dispatcher should use the rate limiter based on the number of virtual replicas. + # 1. Enabled: The rate limiter is applied. + # 2. Disabled: The rate limiter is not applied. + dispatcher-rate-limiter: "disabled" + # Controls whether the dispatcher should record additional metrics. + # 1. Enabled: The metrics are recorded. + # 2. Disabled: The metrics are not recorded. + dispatcher-ordered-executor-metrics: "disabled" + # Controls whether the controller should autoscale consumer resources with KEDA + # 1. Enabled: KEDA autoscaling of consumers will be setup. + # 2. Disabled: KEDA autoscaling of consumers will not be setup. + controller-autoscaler-keda: "disabled" + # The Go text/template used to generate consumergroup ID for triggers. + # The template can reference the trigger Kubernetes metadata only. + triggers-consumergroup-template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" + # The Go text/template used to generate topics for Brokers. + # The template can reference the broker Kubernetes metadata only. + brokers-topic-template: "knative-broker-{{ .Namespace }}-{{ .Name }}" + # The Go text/template used to generate topics for Channels. + # The template can reference the channel Kubernetes metadata only. + channels-topic-template: "knative-channel-{{ .Namespace }}-{{ .Name }}" + dispatcher-rate-limiter: "disabled" + dispatcher-ordered-executor-metrics: "disabled" + controller-autoscaler-keda: "disabled" + triggers-consumergroup-template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" + brokers-topic-template: "knative-broker-{{ .Namespace }}-{{ .Name }}" + channels-topic-template: "knative-messaging-kafka.{{ .Namespace }}.{{ .Name }}" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/version: nightly + name: config-kafka-leader-election + namespace: knative-eventing + annotations: + knative.dev/example-checksum: "96896b00" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # leaseDuration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + leaseDuration: "15s" + + # renewDeadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renewDeadline: "10s" + + # retryPeriod is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retryPeriod: "2s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + leaseDuration: "15s" + renewDeadline: "10s" + retryPeriod: "2s" + map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.source.Reconciler: kafka-controller.knative.dev.eventing-kafka.pkg.source.reconciler.source.reconciler + map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.channel.Reconciler: kafkachannel-controller.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.controller.reconciler +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-scheduler + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + predicates: |+ + [ + {"Name": "PodFitsResources"}, + {"Name": "NoMaxResourceCount", + "Args": "{\"NumPartitions\": 100}"} + ] + priorities: |+ + [ + {"Name": "AvailabilityZonePriority", + "Weight": 10, + "Args": "{\"MaxSkew\": 2}"}, + {"Name": "LowestOrdinalPriority", + "Weight": 2}, + {"Name": "EvenPodSpread", + "Weight": 2, + "Args": "{\"MaxSkew\": 2}"} + ] +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-config-logging + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + config.xml: | + + + + + + + true + 1000 + + + + + +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-namespaced-broker-resources + namespace: knative-eventing +data: + resources: |+ + [ + ] +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-kafka-addressable-resolver + labels: + app.kubernetes.io/version: nightly + duck.knative.dev/addressable: "true" +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - eventing.knative.dev + resources: + - kafkasinks + - kafkasinks/status + verbs: + - get + - list + - watch + + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + - kafkachannels/status + verbs: + - get + - list + - watch +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-channelable-manipulator + labels: + app.kubernetes.io/version: nightly + duck.knative.dev/channelable: "true" +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + - kafkachannels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kafka-controller + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - delete + - apiGroups: + - "" + resources: + - configmaps + - services + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - update + - get + - watch + - apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - get + - list + - create + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - patch + - create + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create + - delete + + # for namespaced brokers, we need to be able to manage additional resources within the user namespaces + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - rolebindings + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - clusterrolebindings + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - get + - list + - watch + - update + - create + - delete + # To grant NamespacedBroker permissions to create OIDC tokens + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + + # Scheduler permissions + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "apps" + resources: + - statefulsets + - statefulsets/scale + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + + # Internal APIs + - apiGroups: + - "internal.kafka.eventing.knative.dev" + resources: + - "consumers" + - "consumers/status" + - "consumergroups" + - "consumergroups/status" + verbs: + - create + - get + - list + - watch + - patch + - update + - delete + - apiGroups: + - "internal.kafka.eventing.knative.dev" + resources: + - "consumers/finalizers" + - "consumergroups/finalizers" + verbs: + - update + - delete + # Eventing resources and statuses we care about + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/status" + - "triggers" + - "triggers/status" + - "kafkasinks" + - "kafkasinks/status" + - "eventpolicies" + - "eventpolicies/status" + verbs: + - list + - get + - watch + - patch + - update + + # eventing.knative.dev resources and finalizers we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers/finalizers" + - "triggers/finalizers" + - "kafkasinks/finalizers" + verbs: + - update + + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks" + - "jobsinks/status" + verbs: + - get + - list + - watch + + # resources needed to grant eventtype autocreate rbac to namespaced data plane component + - apiGroups: + - "eventing.knative.dev" + resources: + - "eventtypes" + verbs: + - get + - list + - watch + - create + + # messaging.knative.dev resources and finalizers we care about. + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + - kafkachannels/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - messaging.knative.dev + resources: + - subscriptions + - subscriptions/status + verbs: + - get + - list + - watch + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels/finalizers + verbs: + - update + + # sources.knative.dev resources and finalizers we care about. + - apiGroups: + - sources.knative.dev + resources: + - kafkasources + - kafkasources/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - sources.knative.dev + resources: + - kafkasources/finalizers + verbs: + - update + + - apiGroups: + - keda.sh + resources: + - scaledobjects + - scaledobjects/finalizers + - scaledobjects/status + - triggerauthentications + - triggerauthentications/status + verbs: + - get + - list + - watch + - update + - create + - delete + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kafka-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kafka-controller + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: kafka-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: kafka-controller + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kafka-controller-addressable-resolver + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: kafka-controller + namespace: knative-eventing +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: addressable-resolver +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-controller + namespace: knative-eventing + labels: + app: kafka-controller + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-controller + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-controller + template: + metadata: + name: kafka-controller + labels: + app: kafka-controller + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-controller + app.kubernetes.io/name: knative-eventing + spec: + securityContext: + runAsNonRoot: true + serviceAccountName: kafka-controller + + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-controller + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-controller + topologyKey: kubernetes.io/hostname + weight: 100 + + containers: + - name: controller + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-kafka-controller:knative-nightly + imagePullPolicy: IfNotPresent + env: + - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE + value: knative-eventing + - name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAMESPACE + value: knative-eventing + - name: SINK_DATA_PLANE_CONFIG_MAP_NAMESPACE + value: knative-eventing + + - name: BROKER_CONTRACT_CONFIG_MAP_NAME + value: kafka-broker-brokers-triggers + - name: CHANNEL_CONTRACT_CONFIG_MAP_NAME + value: kafka-channel-channels-subscriptions + - name: SINK_CONTRACT_CONFIG_MAP_NAME + value: kafka-sink-sinks + + - name: BROKER_DATA_PLANE_CONFIG_CONFIG_MAP_NAME + value: config-kafka-broker-data-plane + - name: SINK_DATA_PLANE_CONFIG_CONFIG_MAP_NAME + value: config-kafka-sink-data-plane + - name: CHANNEL_DATA_PLANE_CONFIG_CONFIG_MAP_NAME + value: config-kafka-channel-data-plane + + - name: BROKER_CONTRACT_CONFIG_MAP_FORMAT + value: json + - name: CHANNEL_CONTRACT_CONFIG_MAP_FORMAT + value: json + - name: SINK_CONTRACT_CONFIG_MAP_FORMAT + value: json + - name: CONSUMER_CONTRACT_CONFIG_MAP_FORMAT + value: json + + - name: BROKER_INGRESS_NAME + value: kafka-broker-ingress + - name: CHANNEL_INGRESS_NAME + value: kafka-channel-ingress + - name: SINK_INGRESS_NAME + value: kafka-sink-ingress + + - name: BROKER_GENERAL_CONFIG_MAP_NAME + value: kafka-broker-config + - name: CHANNEL_GENERAL_CONFIG_MAP_NAME + value: kafka-channel-config + - name: SINK_GENERAL_CONFIG_MAP_NAME + value: kafka-broker-config + + - name: BROKER_INGRESS_POD_PORT + value: "8080" + - name: CHANNEL_INGRESS_POD_PORT + value: "8080" + - name: SINK_INGRESS_POD_PORT + value: "8080" + + - name: BROKER_INGRESS_POD_TLS_PORT + value: "8443" + - name: CHANNEL_INGRESS_POD_TLS_PORT + value: "8443" + - name: SINK_INGRESS_POD_TLS_PORT + value: "8443" + + - name: BROKER_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CHANNEL_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SINK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + - name: BROKER_DEFAULT_BACKOFF_DELAY_MS + value: "1000" # 1 second + - name: CHANNEL_DEFAULT_BACKOFF_DELAY_MS + value: "1000" # 1 second + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + # How often (in seconds) the autoscaler tries to scale down the statefulset. + - name: AUTOSCALER_REFRESH_PERIOD + value: '100' + + # The number of virtual replicas each adapter pod can handle. + - name: POD_CAPACITY + value: '20' + + - name: SCHEDULER_CONFIG + value: 'config-kafka-scheduler' + + - name: DESCHEDULER_CONFIG + value: 'config-kafka-descheduler' + + - name: AUTOSCALER_CONFIG + value: 'config-kafka-autoscaler' + + - name: CONFIG_LEADERELECTION_NAME + value: config-kafka-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ENABLE_SARAMA_LOGGER + value: "false" + - name: ENABLE_SARAMA_DEBUG_LOGGER + value: "false" + - name: ENABLE_SARAMA_CLIENT_POOL + value: "true" + + ports: + - containerPort: 9090 + name: metrics + resources: + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + restartPolicy: Always +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kafka-webhook-eventing + labels: + app.kubernetes.io/version: nightly +rules: + # For watching logging configuration and getting certs. + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + + # For getting our Deployment so we can decorate with ownerref. + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "get" + + - apiGroups: + - "apps" + resources: + - "deployments/finalizers" + verbs: + - update + + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: &everything + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: *everything + + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + + # Eventing resources care about + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + verbs: + - list + - get + - watch + + # messaging.knative.dev resources and finalizers we care about. + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + verbs: + - get + - list + + # Necessary for conversion webhook. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "create", "update", "patch", "watch"] + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kafka-webhook-eventing + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kafka-webhook-eventing + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: kafka-webhook-eventing + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: kafka-webhook-eventing + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: defaulting.webhook.kafka.eventing.knative.dev + labels: + app.kubernetes.io/version: nightly +webhooks: + - admissionReviewVersions: [ "v1", "v1beta1" ] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: defaulting.webhook.kafka.eventing.knative.dev + timeoutSeconds: 2 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: pods.defaulting.webhook.kafka.eventing.knative.dev + labels: + app.kubernetes.io/version: nightly +webhooks: + # Dispatcher pods webhook config. + - admissionReviewVersions: [ "v1", "v1beta1" ] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: pods.defaulting.webhook.kafka.eventing.knative.dev + timeoutSeconds: 2 + reinvocationPolicy: IfNeeded + matchPolicy: Equivalent + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: knative-eventing + objectSelector: + matchLabels: + app.kubernetes.io/kind: kafka-dispatcher +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: kafka-webhook-eventing-certs + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +# The data is populated at install time. +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.kafka.eventing.knative.dev + labels: + app.kubernetes.io/version: nightly +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.webhook.kafka.eventing.knative.dev + timeoutSeconds: 2 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-webhook-eventing + namespace: knative-eventing + labels: + app: kafka-webhook-eventing + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-webhook-eventing + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-webhook-eventing + template: + metadata: + labels: + app: kafka-webhook-eventing + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-webhook-eventing + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-webhook-eventing + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: kafka-webhook-eventing + securityContext: + runAsNonRoot: true + + containers: + - name: kafka-webhook-eventing + terminationMessagePolicy: FallbackToLogsOnError + + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-webhook-kafka:knative-nightly + + resources: + requests: + cpu: 20m + memory: 20Mi + limits: + cpu: 200m + memory: 200Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: config-kafka-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: WEBHOOK_NAME + value: kafka-webhook-eventing + - name: WEBHOOK_PORT + value: "8443" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + ports: + - name: https-webhook + containerPort: 8443 + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 20 + + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 + +--- +apiVersion: v1 +kind: Service +metadata: + name: kafka-webhook-eventing + namespace: knative-eventing + labels: + app: kafka-webhook-eventing + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-webhook-eventing + app.kubernetes.io/name: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + selector: + app: kafka-webhook-eventing diff --git a/openshift/release/artifacts/eventing-kafka-post-install.yaml b/openshift/release/artifacts/eventing-kafka-post-install.yaml new file mode 100644 index 0000000000..f2c23e6cba --- /dev/null +++ b/openshift/release/artifacts/eventing-kafka-post-install.yaml @@ -0,0 +1,307 @@ +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-controller-post-install + labels: + app.kubernetes.io/version: nightly +rules: [] +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-controller-post-install + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-storage-version-migrator + labels: + app.kubernetes.io/version: nightly +rules: + # Storage version upgrader needs to be able to patch CRDs. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + - "customresourcedefinitions/status" + verbs: + - "get" + - "list" + - "update" + - "patch" + - "watch" + # Our own resources we care about. + - apiGroups: + - "sources.knative.dev" + resources: + - "kafkasources" + - "kafkasources/finalizers" + - "kafkasources/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "messaging.knative.dev" + resources: + - "kafkachannels" + - "kafkachannels/finalizers" + - "kafkachannels/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "kafkasinks" + - "kafkasinks/finalizers" + - "kafkasinks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "list" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-storage-version-migrator + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-storage-version-migrator + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-storage-version-migrator + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-storage-version-migrator + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-controller-post-install + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-controller-post-install + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-controller-post-install + apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: kafka-controller-post-install + namespace: knative-eventing + labels: + app: kafka-controller-post-install + app.kubernetes.io/version: nightly +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: kafka-controller-post-install + app.kubernetes.io/version: nightly + sidecar.istio.io/inject: "false" + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: knative-kafka-controller-post-install + restartPolicy: OnFailure + containers: + - name: post-install + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-post-install:knative-nightly + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CHANNEL_GENERAL_CONFIG_MAP_NAME + value: kafka-channel-config + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: knative-kafka-storage-version-migrator + namespace: knative-eventing + labels: + app: "knative-kafka-storage-version-migrator" + app.kubernetes.io/version: nightly +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: "knative-kafka-storage-version-migrator" + app.kubernetes.io/version: nightly + sidecar.istio.io/inject: "false" + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: knative-kafka-storage-version-migrator + restartPolicy: OnFailure + containers: + - name: migrate + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-migrate:knative-nightly + env: + - name: IGNORE_NOT_FOUND + value: "true" + args: + - "kafkasources.sources.knative.dev" + - "kafkachannels.messaging.knative.dev" + - "kafkasinks.eventing.knative.dev" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL diff --git a/openshift/release/artifacts/eventing-kafka-sink.yaml b/openshift/release/artifacts/eventing-kafka-sink.yaml new file mode 100644 index 0000000000..76f3a5c24f --- /dev/null +++ b/openshift/release/artifacts/eventing-kafka-sink.yaml @@ -0,0 +1,420 @@ +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-sink-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "a8ce4acb" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # All configurations in this ConfigMap are globally applied to each + # resource and there is no way to change them on a per-resource basis, + # unless otherwise specified. + + # Producer configuration are documented in https://kafka.apache.org/documentation/#producerconfigs + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.serializer` and `value.serializer`. + config-kafka-sink-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + + # Available Vertx HTTPServerOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html. + # + # Each receiver pod creates a single HTTP server. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-sink-httpserver.properties: | + idleTimeout=0 + config-kafka-sink-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + buffer.memory=33554432 + # compression.type=snappy + retries=2147483647 + batch.size=16384 + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=600000 + delivery.timeout.ms=120000 + linger.ms=0 + max.block.ms=60000 + max.request.size=1048576 + partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner + receive.buffer.bytes=-1 + request.timeout.ms=2000 + enable.idempotence=false + max.in.flight.requests.per.connection=5 + metadata.max.age.ms=300000 + # metric.reporters="" + metrics.num.samples=2 + metrics.recording.level=INFO + metrics.sample.window.ms=30000 + reconnect.backoff.max.ms=1000 + reconnect.backoff.ms=50 + retry.backoff.ms=100 + # transaction.timeout.ms=60000 + # transactional.id=null + config-kafka-sink-httpserver.properties: | + idleTimeout=0 +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-sink-data-plane + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + # needed for eventtype autocreate + - apiGroups: + - "eventing.knative.dev" + resources: + - eventtypes + verbs: + - get + - list + - watch + - create + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-sink-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-sink-data-plane + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-sink-data-plane + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-sink-data-plane + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-sink-receiver + namespace: knative-eventing + labels: + app: kafka-sink-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-sink-receiver + template: + metadata: + name: kafka-sink-receiver + labels: + app: kafka-sink-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-sink-receiver + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-sink-receiver + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-sink-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-sink-receiver + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-receiver:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-sink-data-plane + readOnly: true + - mountPath: /etc/sinks + name: kafka-sink-sinks + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-sink-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + - mountPath: /etc/features + name: config-features + readOnly: true + - mountPath: /etc/receiver-tls-secret + name: sink-receiver-tls-secret + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-sink-receiver" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-sink-producer.properties + - name: HTTPSERVER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-sink-httpserver.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/sinks/data + - name: LIVENESS_PROBE_PATH + value: /healthz + - name: READINESS_PROBE_PATH + value: /readyz + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + - name: CONFIG_FEATURES_PATH + value: "/etc/features" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + resources: + requests: + cpu: 200m + memory: 450Mi + livenessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /healthz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /readyz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: kafka-sink-sinks + configMap: + name: kafka-sink-sinks + - name: config-kafka-sink-data-plane + configMap: + name: config-kafka-sink-data-plane + - name: cache + emptyDir: { } + - name: kafka-sink-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + - name: config-features + configMap: + name: config-features + - name: sink-receiver-tls-secret + secret: + secretName: kafka-sink-ingress-server-tls + optional: true + restartPolicy: Always +--- + +apiVersion: v1 +kind: Service +metadata: + name: kafka-sink-ingress + namespace: knative-eventing + labels: + app: kafka-sink-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + app: kafka-sink-receiver + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: http-container + port: 8080 + protocol: TCP + targetPort: 8080 + - name: https-container + port: 8443 + protocol: TCP + targetPort: 8443 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 +--- diff --git a/openshift/release/artifacts/eventing-kafka-source.yaml b/openshift/release/artifacts/eventing-kafka-source.yaml new file mode 100644 index 0000000000..8e123b3a3a --- /dev/null +++ b/openshift/release/artifacts/eventing-kafka-source.yaml @@ -0,0 +1,428 @@ +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-source-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "8157ecb1" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # All configurations in this ConfigMap are globally applied to each + # resource and there is no way to change them on a per-resource basis, + # unless otherwise specified. + + # Consumer configuration are documented in https://kafka.apache.org/documentation/#consumerconfigs. + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.deserializer` and `value.deserializer`. + config-kafka-source-consumer.properties: | + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + + # Available Vertx WebClientOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/ext/web/client/WebClientOptions.html. + # + # Each egress resource (KafkaSource, Trigger, Subscription) creates an HTTP client in each pod where the resource is + # scheduled, meaning that a client isn't shared across multiple resources to provide better isolation. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-source-webclient.properties: | + idleTimeout=10000 + config-kafka-source-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + buffer.memory=33554432 + # compression.type=snappy + retries=2147483647 + batch.size=16384 + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=600000 + delivery.timeout.ms=120000 + linger.ms=0 + max.block.ms=60000 + max.request.size=1048576 + partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner + receive.buffer.bytes=-1 + request.timeout.ms=2000 + enable.idempotence=false + max.in.flight.requests.per.connection=5 + metadata.max.age.ms=300000 + # metric.reporters="" + metrics.num.samples=2 + metrics.recording.level=INFO + metrics.sample.window.ms=30000 + reconnect.backoff.max.ms=1000 + reconnect.backoff.ms=50 + retry.backoff.ms=100 + # transaction.timeout.ms=60000 + # transactional.id=null + config-kafka-source-consumer.properties: | + cloudevent.invalid.transformer.enabled=true + cloudevent.invalid.kind.plural=kafkasources + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + heartbeat.interval.ms=3000 + max.partition.fetch.bytes=65536 + session.timeout.ms=10000 + # ssl.key.password= + # ssl.keystore.location= + # ssl.keystore.password= + # ssl.truststore.location= + # ssl.truststore.password= + allow.auto.create.topics=true + auto.offset.reset=earliest + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=540000 + default.api.timeout.ms=2000 + enable.auto.commit=false + exclude.internal.topics=true + fetch.max.bytes=52428800 + isolation.level=read_uncommitted + max.poll.interval.ms=300000 + max.poll.records=50 + partition.assignment.strategy=org.apache.kafka.clients.consumer.StickyAssignor + receive.buffer.bytes=65536 + request.timeout.ms=2000 + # sasl.client.callback.handler.class= + # sasl.jaas.config= + # sasl.kerberos.service.name= + # sasl.login.callback.handler.class + # sasl.login.class + # sasl.mechanism + security.protocol=PLAINTEXT + send.buffer.bytes=131072 + # ssl.enabled.protocols= + # ssl.keystore.type= + # ssl.protocol= + # ssl.provider= + auto.commit.interval.ms=5000 + check.crcs=true + # client.rack= + fetch.max.wait.ms=500 + # interceptor.classes= + metadata.max.age.ms=600000 + # metrics.reporters= + # metrics.num.samples= + # metrics.recording.level=INFO + # metrics.sample.window.ms= + reconnect.backoff.max.ms=1000 + retry.backoff.ms=100 + # sasl.kerberos.kinit.cmd= + # sasl.kerberos.min.time.before.relogin= + # sasl.kerberos.ticket.renew.jitter= + # sasl.login.refresh.buffer.seconds= + # sasl.login.refresh.min.period.seconds= + # sasl.login.refresh.window.factor + # sasl.login.refresh.window.jitter + # security.providers + # ssl.cipher.suites + # ssl.endpoint.identification.algorithm + # ssl.keymanager.algorithm + # ssl.secure.random.implementation + # ssl.trustmanager.algorithm + config-kafka-source-webclient.properties: | + idleTimeout=10000 + maxPoolSize=100 +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-source-data-plane + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-source-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-source-data-plane + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-source-data-plane + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-source-data-plane + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-source-dispatcher + namespace: knative-eventing + labels: + app: kafka-source-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-source-dispatcher + app.kubernetes.io/name: knative-eventing +spec: + serviceName: kafka-source-dispatcher + podManagementPolicy: "Parallel" + selector: + matchLabels: + app: kafka-source-dispatcher + template: + metadata: + name: kafka-source-dispatcher + labels: + app: kafka-source-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-dispatcher + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/kind: kafka-dispatcher + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-source-dispatcher + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-source-dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-source-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-source-dispatcher + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-dispatcher:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-source-data-plane + readOnly: true + - mountPath: /etc/contract-resources + name: contract-resources + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-source-dispatcher" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-source-producer.properties + - name: CONSUMER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-source-consumer.properties + - name: WEBCLIENT_CONFIG_FILE_PATH + value: /etc/config/config-kafka-source-webclient.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/contract-resources/data + - name: EGRESSES_INITIAL_CAPACITY + value: "20" + - name: INSTANCE_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + + resources: + requests: + cpu: 1000m + # 600Mi for virtual replicas + 100Mi overhead + memory: 700Mi + + livenessProbe: + failureThreshold: 3 + tcpSocket: + port: 9090 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 9090 + path: /metrics + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: config-kafka-source-data-plane + configMap: + name: config-kafka-source-data-plane + - name: cache + emptyDir: { } + - name: kafka-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + restartPolicy: Always + dnsConfig: + options: + - name: single-request-reopen diff --git a/openshift/release/artifacts/eventing-kafka-tls-networking.yaml b/openshift/release/artifacts/eventing-kafka-tls-networking.yaml new file mode 100644 index 0000000000..81a29f451a --- /dev/null +++ b/openshift/release/artifacts/eventing-kafka-tls-networking.yaml @@ -0,0 +1,149 @@ +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kafka-broker-ingress-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: kafka-broker-ingress-server-tls + + secretTemplate: + labels: + app.kubernetes.io/component: kafka-broker-receiver + app.kubernetes.io/name: knative-eventing + + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + + dnsNames: + - kafka-broker-ingress.knative-eventing.svc.cluster.local + - kafka-broker-ingress.knative-eventing.svc + + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kafka-channel-ingress-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: kafka-channel-ingress-server-tls + + secretTemplate: + labels: + app.kubernetes.io/component: kafka-channel-receiver + app.kubernetes.io/name: knative-eventing + + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + + dnsNames: + - kafka-channel-ingress.knative-eventing.svc.cluster.local + - kafka-channel-ingress.knative-eventing.svc + + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- +# Copyright 2023 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kafka-sink-ingress-server-tls + namespace: knative-eventing +spec: + # Secret names are always required. + secretName: kafka-sink-ingress-server-tls + + secretTemplate: + labels: + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing + + # Use 0m0s so that we don't run into https://github.com/cert-manager/cert-manager/issues/6408 on the operator + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - local + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + rotationPolicy: Always + + dnsNames: + - kafka-sink-ingress.knative-eventing.svc.cluster.local + - kafka-sink-ingress.knative-eventing.svc + + issuerRef: + name: knative-eventing-ca-issuer + kind: ClusterIssuer + group: cert-manager.io + diff --git a/openshift/release/artifacts/eventing-kafka.yaml b/openshift/release/artifacts/eventing-kafka.yaml new file mode 100644 index 0000000000..d7d64910cd --- /dev/null +++ b/openshift/release/artifacts/eventing-kafka.yaml @@ -0,0 +1,5583 @@ +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-broker-config + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + default.topic.partitions: "10" + default.topic.replication.factor: "3" + bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkasinks.eventing.knative.dev + labels: + duck.knative.dev/addressable: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: nightly +spec: + group: eventing.knative.dev + names: + kind: KafkaSink + plural: kafkasinks + singular: kafkasink + categories: + - all + - knative + - eventing + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: { } + schema: + openAPIV3Schema: + description: 'Kafka Sink is Addressable, it receives events and send them to a Kafka topic.' + type: object + properties: + spec: + description: 'Spec defines the desired state of the Kafka Sink.' + type: object + required: + - topic + - bootstrapServers + properties: + topic: + description: 'Topic name to send events.' + type: string + numPartitions: + description: 'Number of topic partitions. + If not specified the topic isn''t automatically created, and the system supposes that + the topic is already present.' + type: integer + format: int32 + replicationFactor: + description: 'Topic replication factor. + If not specified the topic isn''t automatically created, and the system supposes that + the topic is already present.' + type: integer + format: int32 + bootstrapServers: + description: 'A list of host/port pairs to use for establishing the initial connection to the Kafka cluster.' + type: array + minLength: 1 + items: + type: string + contentMode: + description: | + CloudEvent content mode of Kafka messages sent to the topic. + Possible values: [binary, structured] (default: binary) + - https://github.com/cloudevents/spec/blob/v1.0/spec.md#message + - https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#32-binary-content-mode + - https://github.com/cloudevents/spec/blob/v1.0/kafka-protocol-binding.md#33-structured-content-mode + type: string + enum: + - binary + - structured + default: binary + auth: + description: 'Auth configurations' + type: object + properties: + secret: + description: 'Auth secret' + type: object + properties: + ref: + # TODO add format in description (?) + description: | + Secret reference. + type: object + required: + - name + properties: + name: + description: 'Secret name' + type: string + status: + description: 'Status represents the current state of the KafkaSink. This data may be out of date.' + type: object + properties: + address: + description: Kafka Sink is Addressable. It exposes the endpoint as an URI to get events delivered into the Kafka topic. + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Kafka Sink is Addressable. It exposes the endpoints as URIs to get events delivered into the Kafka topic. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: 'Annotations is additional Status fields for the Resource + to save some additional State as well as convey more information + to the user. This is roughly akin to Annotations on any k8s resource, + just the reconciler conveying richer information outwards.' + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s + current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition + transitioned from one status to another. We use VolatileTime + in place of metav1.Time to exclude this from creating + equality.Semantic differences (all other things held + constant).' + type: string + message: + description: 'A human readable message indicating details + about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of + this type of condition. When this is not specified, + it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, + Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the ''Generation'' of the Service + that was last processed by the controller.' + type: integer + format: int64 + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" +# conversion: +# strategy: Webhook +# webhook: +# conversionReviewVersions: [ "v1alpha1" ] +# clientConfig: +# service: +# name: eventing-kafka-webhook +# namespace: knative-eventing +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/version: nightly + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + annotations: + registry.knative.dev/eventTypes: | + [ + { "type": "dev.knative.kafka.event" } + ] + name: kafkasources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + description: KafkaSource is the Schema for the kafkasources API. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSourceSpec defines the desired state of the KafkaSource. + type: object + required: + - bootstrapServers + - topics + properties: + bootstrapServers: + description: Bootstrap servers are the Kafka servers the consumer will connect to. + type: array + items: + type: string + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + additionalProperties: + type: string + consumerGroup: + description: ConsumerGroupID is the consumer group ID. + type: string + consumers: + description: "Number of desired consumers running in the consumer group. Defaults to 1. \n This is a pointer to distinguish between explicit zero and not specified." + type: integer + format: int32 + delivery: + description: Delivery contains the delivery spec for this source + type: object + properties: + backoffDelay: + description: "BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^." + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + retryAfterMax: + description: "RetryAfterMax provides an optional upper bound on the duration specified in a \"Retry-After\" header when calculating backoff times for retrying 429 and 503 response codes. Setting the value to zero (\"PT0S\") can be used to opt-out of respecting \"Retry-After\" header values altogether. This value only takes effect if \"Retry\" is configured, and also depends on specific implementations (Channels, Sources, etc.) choosing to provide this capability. \n Note: This API is EXPERIMENTAL and might be changed at anytime. While this experimental feature is in the Alpha/Beta stage, you must provide a valid value to opt-in for supporting \"Retry-After\" headers. When the feature becomes Stable/GA \"Retry-After\" headers will be respected by default, and you can choose to specify \"PT0S\" to opt-out of supporting \"Retry-After\" headers. For more details: https://github.com/knative/eventing/issues/5811 \n More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601" + type: string + timeout: + description: "Timeout is the timeout of each single request. The value must be greater than 0. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5148" + type: string + initialOffset: + description: InitialOffset is the Initial Offset for the consumer group. should be earliest or latest + type: string + net: + type: object + properties: + sasl: + type: object + properties: + enable: + type: boolean + password: + description: Password is the Kubernetes secret containing the SASL password. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + type: + description: Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256) + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + user: + description: User is the Kubernetes secret containing the SASL username. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + tls: + type: object + properties: + caCert: + description: CACert is the Kubernetes secret containing the server CA cert. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + cert: + description: Cert is the Kubernetes secret containing the client certificate. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + enable: + type: boolean + key: + description: Key is the Kubernetes secret containing the client key. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + ordering: + description: Ordering is the type of the consumer verticle. Should be ordered or unordered. By default, it is ordered. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the sink. + type: string + topics: + description: Topic topics to consume messages from + type: array + items: + type: string + status: + description: KafkaSourceStatus defines the observed state of KafkaSource. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + description: CloudEventAttributes specifies the attributes that a Source uses as part of its CloudEvents. + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + claims: + description: Claims consumed by this KafkaSource instance + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + consumers: + description: Total number of consumers actually running in the consumer group. + type: integer + format: int32 + maxAllowedVReplicas: + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + placements: + type: array + items: + type: object + properties: + podName: + description: PodName is the name of the pod where the resource is placed + type: string + vreplicas: + description: VReplicas is the number of virtual replicas assigned to in the pod + type: integer + format: int32 + selector: + description: Use for labelSelectorPath when scaling Kafka source + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + subresources: + status: {} + scale: + # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. + specReplicasPath: .spec.consumers + # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. + statusReplicasPath: .status.consumers + # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector + labelSelectorPath: .status.selector + additionalPrinterColumns: + - name: Topics + type: string + jsonPath: ".spec.topics" + - name: BootstrapServers + type: string + jsonPath: ".spec.bootstrapServers" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: v1 + served: true + storage: false + schema: + openAPIV3Schema: + description: KafkaSource is the Schema for the kafkasources API. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSourceSpec defines the desired state of the KafkaSource. + type: object + required: + - bootstrapServers + - topics + properties: + bootstrapServers: + description: Bootstrap servers are the Kafka servers the consumer will connect to. + type: array + items: + type: string + ceOverrides: + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. + type: object + properties: + extensions: + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. + type: object + additionalProperties: + type: string + consumerGroup: + description: ConsumerGroupID is the consumer group ID. + type: string + consumers: + description: "Number of desired consumers running in the consumer group. Defaults to 1. \n This is a pointer to distinguish between explicit zero and not specified." + type: integer + format: int32 + delivery: + description: Delivery contains the delivery spec for this source + type: object + properties: + backoffDelay: + description: "BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^." + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + retryAfterMax: + description: "RetryAfterMax provides an optional upper bound on the duration specified in a \"Retry-After\" header when calculating backoff times for retrying 429 and 503 response codes. Setting the value to zero (\"PT0S\") can be used to opt-out of respecting \"Retry-After\" header values altogether. This value only takes effect if \"Retry\" is configured, and also depends on specific implementations (Channels, Sources, etc.) choosing to provide this capability. \n Note: This API is EXPERIMENTAL and might be changed at anytime. While this experimental feature is in the Alpha/Beta stage, you must provide a valid value to opt-in for supporting \"Retry-After\" headers. When the feature becomes Stable/GA \"Retry-After\" headers will be respected by default, and you can choose to specify \"PT0S\" to opt-out of supporting \"Retry-After\" headers. For more details: https://github.com/knative/eventing/issues/5811 \n More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601" + type: string + timeout: + description: "Timeout is the timeout of each single request. The value must be greater than 0. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 \n Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5148" + type: string + initialOffset: + description: InitialOffset is the Initial Offset for the consumer group. should be earliest or latest + type: string + net: + type: object + properties: + sasl: + type: object + properties: + enable: + type: boolean + password: + description: Password is the Kubernetes secret containing the SASL password. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + type: + description: Type of saslType, defaults to plain (vs SCRAM-SHA-512 or SCRAM-SHA-256) + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + user: + description: User is the Kubernetes secret containing the SASL username. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + tls: + type: object + properties: + caCert: + description: CACert is the Kubernetes secret containing the server CA cert. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + cert: + description: Cert is the Kubernetes secret containing the client certificate. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + enable: + type: boolean + key: + description: Key is the Kubernetes secret containing the client key. + type: object + properties: + secretKeyRef: + description: The Secret key to select from. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + ordering: + description: Ordering is the type of the consumer verticle. Should be ordered or unordered. By default, it is ordered. + type: string + sink: + description: Sink is a reference to an object that will resolve to a uri to use as the sink. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + required: + - kind + - name + properties: + address: + description: Address points to a specific Address Name. + type: string + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + description: CACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. If set, these CAs are appended to the set of CAs provided by the Addressable target, if any. + type: string + audience: + description: Audience is the OIDC audience for the sink. + type: string + topics: + description: Topic topics to consume messages from + type: array + items: + type: string + status: + description: KafkaSourceStatus defines the observed state of KafkaSource. + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + ceAttributes: + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. + type: array + items: + description: CloudEventAttributes specifies the attributes that a Source uses as part of its CloudEvents. + type: object + properties: + source: + description: Source is the CloudEvents source attribute. + type: string + type: + description: Type refers to the CloudEvent type attribute. + type: string + claims: + description: Claims consumed by this KafkaSource instance + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + consumers: + description: Total number of consumers actually running in the consumer group. + type: integer + format: int32 + maxAllowedVReplicas: + type: integer + format: int32 + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + placements: + type: array + items: + type: object + properties: + podName: + description: PodName is the name of the pod where the resource is placed + type: string + vreplicas: + description: VReplicas is the number of virtual replicas assigned to in the pod + type: integer + format: int32 + selector: + description: Use for labelSelectorPath when scaling Kafka source + type: string + sinkCACerts: + description: SinkCACerts are Certification Authority (CA) certificates in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. + type: string + sinkUri: + description: SinkURI is the current active sink URI that has been configured for the Source. + type: string + sinkAudience: + description: SinkAudience is the OIDC audience of the sink. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + subresources: + status: {} + scale: + # specReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Spec.Replicas. + specReplicasPath: .spec.consumers + # statusReplicasPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Replicas. + statusReplicasPath: .status.consumers + # labelSelectorPath defines the JSONPath inside of a custom resource that corresponds to Scale.Status.Selector + labelSelectorPath: .status.selector + additionalPrinterColumns: + - name: Topics + type: string + jsonPath: ".spec.topics" + - name: BootstrapServers + type: string + jsonPath: ".spec.bootstrapServers" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + categories: + - all + - knative + - eventing + - sources + kind: KafkaSource + plural: kafkasources + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing +--- +# Copyright 2019 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The role is needed for the aggregated role source-observer in knative-eventing to provide readonly access to "Sources". +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eventing-kafka-source-observer + labels: + app.kubernetes.io/version: nightly + duck.knative.dev/source: "true" +rules: + - apiGroups: + - "sources.knative.dev" + resources: + - "kafkasources" + verbs: + - get + - list + - watch +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-source-defaults + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "b6ed351d" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # autoscalingClass is the autoscaler class name to use. + # valid value: keda.autoscaling.knative.dev + # autoscalingClass: "" + + # minScale is the minimum number of replicas to scale down to. + # minScale: "1" + + # maxScale is the maximum number of replicas to scale up to. + # maxScale: "1" + + # pollingInterval is the interval in seconds KEDA uses to poll metrics. + # pollingInterval: "30" + + # cooldownPeriod is the period of time in seconds KEDA waits until it scales down. + # cooldownPeriod: "300" + + # kafkaLagThreshold is the lag (ie. number of messages in a partition) threshold for KEDA to scale up sources. + # kafkaLagThreshold: "10" +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-channel-config + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + bootstrap.servers: "my-cluster-kafka-bootstrap.kafka:9092" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kafkachannels.messaging.knative.dev + labels: + app.kubernetes.io/version: nightly + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" +spec: + group: messaging.knative.dev + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: 'KafkaChannel is a resource representing a Channel that is backed by a topic of an Apache Kafka cluster.' + type: object + properties: + spec: + description: Spec defines the desired state of the Channel. + type: object + properties: + numPartitions: + description: NumPartitions is the number of partitions of a Kafka topic. By default, it is set to 1. + type: integer + format: int32 + default: 1 + replicationFactor: + description: ReplicationFactor is the replication factor of a Kafka topic. By default, it is set to 1. + type: integer + maximum: 32767 + default: 1 + retentionDuration: + description: RetentionDuration is the retention time for events in a Kafka Topic represented as an ISO-8601 Duration. By default it is set to 168 hours, which is the precise form of 7 days. + type: string + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery + subscribers: + description: This is the list of subscriptions for this subscribable. + type: array + items: + type: object + properties: + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + CACerts: + type: string + audience: + description: Audience is the OIDC audience for the deadLetterSink. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true # This is necessary to enable experimental features in the delivery + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + name: + description: The name of the subscription + type: string + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + replyCACerts: + description: replyCACerts is the CA certs to trust for the reply. + type: string + replyAudience: + description: ReplyAudience is the OIDC audience for the replyUri. + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + subscriberCACerts: + description: SubscriberCACerts is the CA certs to trust for the subscriber. + type: string + subscriberAudience: + description: SubscriberAudience is the OIDC audience for the subscriberUri. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + status: + description: Status represents the current state of the KafkaChannel. This data may be out of date. + type: object + properties: + address: + type: object + required: + - url + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + addresses: + description: Kafka Sink is Addressable. It exposes the endpoints as URIs to get events delivered into the Kafka topic. + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + CACerts: + type: string + audience: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + policies: + description: List of applied EventPolicies + type: array + items: + type: object + properties: + apiVersion: + description: The API version of the applied EventPolicy. This indicates, which version of EventPolicy is supported by the resource. + type: string + name: + description: The name of the applied EventPolicy + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. + type: string + deadLetterSinkCACerts: + type: string + deadLetterSinkAudience: + description: OIDC audience of the dead letter sink. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + auth: + description: Auth provides the relevant information for OIDC authentication. + type: object + properties: + serviceAccountName: + description: ServiceAccountName is the name of the generated service account used for this components OIDC authentication. + type: string + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + kind: KafkaChannel + plural: kafkachannels + singular: kafkachannel + categories: + - all + - knative + - messaging + - channel + shortNames: + - kc + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: kafka-webhook + namespace: knative-eventing + +--- +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/version: nightly + knative.dev/crd-install: "true" + name: consumers.internal.kafka.eventing.knative.dev +spec: + group: internal.kafka.eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: { } + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flesh out the + # schema for each version at this time + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Subscriber + type: string + jsonPath: .status.subscriberUri + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + kind: Consumer + plural: consumers + singular: consumer + scope: Namespaced +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/version: nightly + knative.dev/crd-install: "true" + name: consumergroups.internal.kafka.eventing.knative.dev +spec: + group: internal.kafka.eventing.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + scale: + # specReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Spec.Replicas. + specReplicasPath: .spec.replicas + # statusReplicasPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Replicas. + statusReplicasPath: .status.replicas + # labelSelectorPath defines the JSONPath inside a custom resource that corresponds to Scale.Status.Selector + labelSelectorPath: .status.selector + schema: + openAPIV3Schema: + type: object + # this is a work around so we don't need to flesh out the + # schema for each version at this time + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - name: Subscriber + type: string + jsonPath: .status.subscriberUri + - name: Replicas + type: string + jsonPath: .spec.replicas + - name: Ready Replicas + type: string + jsonPath: .status.replicas + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + names: + kind: ConsumerGroup + plural: consumergroups + singular: consumergroup + scope: Namespaced +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-autoscaler + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + class: "keda.autoscaling.knative.dev" + min-scale: "0" + max-scale: "50" + polling-interval: "10" + cooldown-period: "30" + lag-threshold: "100" +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-descheduler + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + predicates: |+ + [] + priorities: |+ + [ + {"Name": "RemoveWithEvenPodSpreadPriority", + "Weight": 10, + "Args": "{\"MaxSkew\": 2}"}, + {"Name": "RemoveWithAvailabilityZonePriority", + "Weight": 10, + "Args": "{\"MaxSkew\": 2}"}, + {"Name": "RemoveWithHighestOrdinalPriority", + "Weight": 2} + ] +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-features + namespace: knative-eventing + annotations: + knative.dev/example-checksum: "cf3393de" +data: + _example: |- + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # Controls whether the dispatcher should use the rate limiter based on the number of virtual replicas. + # 1. Enabled: The rate limiter is applied. + # 2. Disabled: The rate limiter is not applied. + dispatcher-rate-limiter: "disabled" + # Controls whether the dispatcher should record additional metrics. + # 1. Enabled: The metrics are recorded. + # 2. Disabled: The metrics are not recorded. + dispatcher-ordered-executor-metrics: "disabled" + # Controls whether the controller should autoscale consumer resources with KEDA + # 1. Enabled: KEDA autoscaling of consumers will be setup. + # 2. Disabled: KEDA autoscaling of consumers will not be setup. + controller-autoscaler-keda: "disabled" + # The Go text/template used to generate consumergroup ID for triggers. + # The template can reference the trigger Kubernetes metadata only. + triggers-consumergroup-template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" + # The Go text/template used to generate topics for Brokers. + # The template can reference the broker Kubernetes metadata only. + brokers-topic-template: "knative-broker-{{ .Namespace }}-{{ .Name }}" + # The Go text/template used to generate topics for Channels. + # The template can reference the channel Kubernetes metadata only. + channels-topic-template: "knative-channel-{{ .Namespace }}-{{ .Name }}" + dispatcher-rate-limiter: "disabled" + dispatcher-ordered-executor-metrics: "disabled" + controller-autoscaler-keda: "disabled" + triggers-consumergroup-template: "knative-trigger-{{ .Namespace }}-{{ .Name }}" + brokers-topic-template: "knative-broker-{{ .Namespace }}-{{ .Name }}" + channels-topic-template: "knative-messaging-kafka.{{ .Namespace }}.{{ .Name }}" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/version: nightly + name: config-kafka-leader-election + namespace: knative-eventing + annotations: + knative.dev/example-checksum: "96896b00" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # leaseDuration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + leaseDuration: "15s" + + # renewDeadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renewDeadline: "10s" + + # retryPeriod is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retryPeriod: "2s" + + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + leaseDuration: "15s" + renewDeadline: "10s" + retryPeriod: "2s" + map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.source.Reconciler: kafka-controller.knative.dev.eventing-kafka.pkg.source.reconciler.source.reconciler + map-lease-prefix.kafka-broker-controller.knative.dev.eventing-kafka-broker.control-plane.pkg.reconciler.channel.Reconciler: kafkachannel-controller.knative.dev.eventing-kafka.pkg.channel.consolidated.reconciler.controller.reconciler +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-scheduler + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + predicates: |+ + [ + {"Name": "PodFitsResources"}, + {"Name": "NoMaxResourceCount", + "Args": "{\"NumPartitions\": 100}"} + ] + priorities: |+ + [ + {"Name": "AvailabilityZonePriority", + "Weight": 10, + "Args": "{\"MaxSkew\": 2}"}, + {"Name": "LowestOrdinalPriority", + "Weight": 2}, + {"Name": "EvenPodSpread", + "Weight": 2, + "Args": "{\"MaxSkew\": 2}"} + ] +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-config-logging + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +data: + config.xml: | + + + + + + + true + 1000 + + + + + +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-namespaced-broker-resources + namespace: knative-eventing +data: + resources: |+ + [ + ] +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: knative-kafka-addressable-resolver + labels: + app.kubernetes.io/version: nightly + duck.knative.dev/addressable: "true" +# Do not use this role directly. These rules will be added to the "addressable-resolver" role. +rules: + - apiGroups: + - eventing.knative.dev + resources: + - kafkasinks + - kafkasinks/status + verbs: + - get + - list + - watch + + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + - kafkachannels/status + verbs: + - get + - list + - watch +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-channelable-manipulator + labels: + app.kubernetes.io/version: nightly + duck.knative.dev/channelable: "true" +# Do not use this role directly. These rules will be added to the "channelable-manipulator" role. +rules: + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + - kafkachannels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kafka-controller + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - delete + - apiGroups: + - "" + resources: + - configmaps + - services + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - update + - get + - watch + - apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - get + - list + - create + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - patch + - create + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create + - delete + + # for namespaced brokers, we need to be able to manage additional resources within the user namespaces + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - rolebindings + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - clusterrolebindings + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - get + - list + - watch + - update + - create + - delete + # To grant NamespacedBroker permissions to create OIDC tokens + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + + # Scheduler permissions + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "apps" + resources: + - statefulsets + - statefulsets/scale + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + + # Internal APIs + - apiGroups: + - "internal.kafka.eventing.knative.dev" + resources: + - "consumers" + - "consumers/status" + - "consumergroups" + - "consumergroups/status" + verbs: + - create + - get + - list + - watch + - patch + - update + - delete + - apiGroups: + - "internal.kafka.eventing.knative.dev" + resources: + - "consumers/finalizers" + - "consumergroups/finalizers" + verbs: + - update + - delete + # Eventing resources and statuses we care about + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/status" + - "triggers" + - "triggers/status" + - "kafkasinks" + - "kafkasinks/status" + - "eventpolicies" + - "eventpolicies/status" + verbs: + - list + - get + - watch + - patch + - update + + # eventing.knative.dev resources and finalizers we care about. + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers/finalizers" + - "triggers/finalizers" + - "kafkasinks/finalizers" + verbs: + - update + + - apiGroups: + - "sinks.knative.dev" + resources: + - "jobsinks" + - "jobsinks/status" + verbs: + - get + - list + - watch + + # resources needed to grant eventtype autocreate rbac to namespaced data plane component + - apiGroups: + - "eventing.knative.dev" + resources: + - "eventtypes" + verbs: + - get + - list + - watch + - create + + # messaging.knative.dev resources and finalizers we care about. + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + - kafkachannels/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - messaging.knative.dev + resources: + - subscriptions + - subscriptions/status + verbs: + - get + - list + - watch + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels/finalizers + verbs: + - update + + # sources.knative.dev resources and finalizers we care about. + - apiGroups: + - sources.knative.dev + resources: + - kafkasources + - kafkasources/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - sources.knative.dev + resources: + - kafkasources/finalizers + verbs: + - update + + - apiGroups: + - keda.sh + resources: + - scaledobjects + - scaledobjects/finalizers + - scaledobjects/status + - triggerauthentications + - triggerauthentications/status + verbs: + - get + - list + - watch + - update + - create + - delete + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kafka-controller + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kafka-controller + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: kafka-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: kafka-controller + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kafka-controller-addressable-resolver + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: kafka-controller + namespace: knative-eventing +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: addressable-resolver +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-controller + namespace: knative-eventing + labels: + app: kafka-controller + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-controller + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-controller + template: + metadata: + name: kafka-controller + labels: + app: kafka-controller + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-controller + app.kubernetes.io/name: knative-eventing + spec: + securityContext: + runAsNonRoot: true + serviceAccountName: kafka-controller + + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-controller + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-controller + topologyKey: kubernetes.io/hostname + weight: 100 + + containers: + - name: controller + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-kafka-controller:knative-nightly + imagePullPolicy: IfNotPresent + env: + - name: BROKER_DATA_PLANE_CONFIG_MAP_NAMESPACE + value: knative-eventing + - name: CHANNEL_DATA_PLANE_CONFIG_MAP_NAMESPACE + value: knative-eventing + - name: SINK_DATA_PLANE_CONFIG_MAP_NAMESPACE + value: knative-eventing + + - name: BROKER_CONTRACT_CONFIG_MAP_NAME + value: kafka-broker-brokers-triggers + - name: CHANNEL_CONTRACT_CONFIG_MAP_NAME + value: kafka-channel-channels-subscriptions + - name: SINK_CONTRACT_CONFIG_MAP_NAME + value: kafka-sink-sinks + + - name: BROKER_DATA_PLANE_CONFIG_CONFIG_MAP_NAME + value: config-kafka-broker-data-plane + - name: SINK_DATA_PLANE_CONFIG_CONFIG_MAP_NAME + value: config-kafka-sink-data-plane + - name: CHANNEL_DATA_PLANE_CONFIG_CONFIG_MAP_NAME + value: config-kafka-channel-data-plane + + - name: BROKER_CONTRACT_CONFIG_MAP_FORMAT + value: json + - name: CHANNEL_CONTRACT_CONFIG_MAP_FORMAT + value: json + - name: SINK_CONTRACT_CONFIG_MAP_FORMAT + value: json + - name: CONSUMER_CONTRACT_CONFIG_MAP_FORMAT + value: json + + - name: BROKER_INGRESS_NAME + value: kafka-broker-ingress + - name: CHANNEL_INGRESS_NAME + value: kafka-channel-ingress + - name: SINK_INGRESS_NAME + value: kafka-sink-ingress + + - name: BROKER_GENERAL_CONFIG_MAP_NAME + value: kafka-broker-config + - name: CHANNEL_GENERAL_CONFIG_MAP_NAME + value: kafka-channel-config + - name: SINK_GENERAL_CONFIG_MAP_NAME + value: kafka-broker-config + + - name: BROKER_INGRESS_POD_PORT + value: "8080" + - name: CHANNEL_INGRESS_POD_PORT + value: "8080" + - name: SINK_INGRESS_POD_PORT + value: "8080" + + - name: BROKER_INGRESS_POD_TLS_PORT + value: "8443" + - name: CHANNEL_INGRESS_POD_TLS_PORT + value: "8443" + - name: SINK_INGRESS_POD_TLS_PORT + value: "8443" + + - name: BROKER_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CHANNEL_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SINK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + - name: BROKER_DEFAULT_BACKOFF_DELAY_MS + value: "1000" # 1 second + - name: CHANNEL_DEFAULT_BACKOFF_DELAY_MS + value: "1000" # 1 second + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + # How often (in seconds) the autoscaler tries to scale down the statefulset. + - name: AUTOSCALER_REFRESH_PERIOD + value: '100' + + # The number of virtual replicas each adapter pod can handle. + - name: POD_CAPACITY + value: '20' + + - name: SCHEDULER_CONFIG + value: 'config-kafka-scheduler' + + - name: DESCHEDULER_CONFIG + value: 'config-kafka-descheduler' + + - name: AUTOSCALER_CONFIG + value: 'config-kafka-autoscaler' + + - name: CONFIG_LEADERELECTION_NAME + value: config-kafka-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ENABLE_SARAMA_LOGGER + value: "false" + - name: ENABLE_SARAMA_DEBUG_LOGGER + value: "false" + - name: ENABLE_SARAMA_CLIENT_POOL + value: "true" + + ports: + - containerPort: 9090 + name: metrics + resources: + requests: + cpu: 100m + memory: 100Mi + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + restartPolicy: Always +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kafka-webhook-eventing + labels: + app.kubernetes.io/version: nightly +rules: + # For watching logging configuration and getting certs. + - apiGroups: + - "" + resources: + - "configmaps" + verbs: + - "get" + - "list" + - "watch" + + # For manipulating certs into secrets. + - apiGroups: + - "" + resources: + - "secrets" + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + + # For getting our Deployment so we can decorate with ownerref. + - apiGroups: + - "apps" + resources: + - "deployments" + verbs: + - "get" + + - apiGroups: + - "apps" + resources: + - "deployments/finalizers" + verbs: + - update + + # For actually registering our webhook. + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: &everything + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + + # For leader election + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: *everything + + # finalizers are needed for the owner reference of the webhook + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" + + # Eventing resources care about + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + verbs: + - list + - get + - watch + + # messaging.knative.dev resources and finalizers we care about. + - apiGroups: + - messaging.knative.dev + resources: + - kafkachannels + verbs: + - get + - list + + # Necessary for conversion webhook. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "create", "update", "patch", "watch"] + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kafka-webhook-eventing + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kafka-webhook-eventing + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: kafka-webhook-eventing + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: kafka-webhook-eventing + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: defaulting.webhook.kafka.eventing.knative.dev + labels: + app.kubernetes.io/version: nightly +webhooks: + - admissionReviewVersions: [ "v1", "v1beta1" ] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: defaulting.webhook.kafka.eventing.knative.dev + timeoutSeconds: 2 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: pods.defaulting.webhook.kafka.eventing.knative.dev + labels: + app.kubernetes.io/version: nightly +webhooks: + # Dispatcher pods webhook config. + - admissionReviewVersions: [ "v1", "v1beta1" ] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: pods.defaulting.webhook.kafka.eventing.knative.dev + timeoutSeconds: 2 + reinvocationPolicy: IfNeeded + matchPolicy: Equivalent + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: knative-eventing + objectSelector: + matchLabels: + app.kubernetes.io/kind: kafka-dispatcher +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: kafka-webhook-eventing-certs + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +# The data is populated at install time. +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.kafka.eventing.knative.dev + labels: + app.kubernetes.io/version: nightly +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: kafka-webhook-eventing + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.webhook.kafka.eventing.knative.dev + timeoutSeconds: 2 +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-webhook-eventing + namespace: knative-eventing + labels: + app: kafka-webhook-eventing + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-webhook-eventing + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-webhook-eventing + template: + metadata: + labels: + app: kafka-webhook-eventing + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-webhook-eventing + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-webhook-eventing + topologyKey: kubernetes.io/hostname + weight: 100 + + serviceAccountName: kafka-webhook-eventing + securityContext: + runAsNonRoot: true + + containers: + - name: kafka-webhook-eventing + terminationMessagePolicy: FallbackToLogsOnError + + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-webhook-kafka:knative-nightly + + resources: + requests: + cpu: 20m + memory: 20Mi + limits: + cpu: 200m + memory: 200Mi + + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: config-kafka-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: METRICS_DOMAIN + value: knative.dev/eventing + - name: WEBHOOK_NAME + value: kafka-webhook-eventing + - name: WEBHOOK_PORT + value: "8443" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + ports: + - name: https-webhook + containerPort: 8443 + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 20 + + # Our webhook should gracefully terminate by lame ducking first, set this to a sufficiently + # high value that we respect whatever value it has configured for the lame duck grace period. + terminationGracePeriodSeconds: 300 + +--- +apiVersion: v1 +kind: Service +metadata: + name: kafka-webhook-eventing + namespace: knative-eventing + labels: + app: kafka-webhook-eventing + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-webhook-eventing + app.kubernetes.io/name: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + selector: + app: kafka-webhook-eventing +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-controller-post-install + labels: + app.kubernetes.io/version: nightly +rules: [] +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-controller-post-install + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-storage-version-migrator + labels: + app.kubernetes.io/version: nightly +rules: + # Storage version upgrader needs to be able to patch CRDs. + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + - "customresourcedefinitions/status" + verbs: + - "get" + - "list" + - "update" + - "patch" + - "watch" + # Our own resources we care about. + - apiGroups: + - "sources.knative.dev" + resources: + - "kafkasources" + - "kafkasources/finalizers" + - "kafkasources/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "messaging.knative.dev" + resources: + - "kafkachannels" + - "kafkachannels/finalizers" + - "kafkachannels/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "kafkasinks" + - "kafkasinks/finalizers" + - "kafkasinks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "list" +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-storage-version-migrator + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-storage-version-migrator + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-storage-version-migrator + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-storage-version-migrator + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-controller-post-install + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-controller-post-install + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-controller-post-install + apiGroup: rbac.authorization.k8s.io +--- +# Copyright 2022 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: kafka-controller-post-install + namespace: knative-eventing + labels: + app: kafka-controller-post-install + app.kubernetes.io/version: nightly +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: kafka-controller-post-install + app.kubernetes.io/version: nightly + sidecar.istio.io/inject: "false" + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: knative-kafka-controller-post-install + restartPolicy: OnFailure + containers: + - name: post-install + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-post-install:knative-nightly + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CHANNEL_GENERAL_CONFIG_MAP_NAME + value: kafka-channel-config + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: knative-kafka-storage-version-migrator + namespace: knative-eventing + labels: + app: "knative-kafka-storage-version-migrator" + app.kubernetes.io/version: nightly +spec: + ttlSecondsAfterFinished: 600 + backoffLimit: 10 + template: + metadata: + labels: + app: "knative-kafka-storage-version-migrator" + app.kubernetes.io/version: nightly + sidecar.istio.io/inject: "false" + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: knative-kafka-storage-version-migrator + restartPolicy: OnFailure + containers: + - name: migrate + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-migrate:knative-nightly + env: + - name: IGNORE_NOT_FOUND + value: "true" + args: + - "kafkasources.sources.knative.dev" + - "kafkachannels.messaging.knative.dev" + - "kafkasinks.eventing.knative.dev" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-source-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "8157ecb1" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # All configurations in this ConfigMap are globally applied to each + # resource and there is no way to change them on a per-resource basis, + # unless otherwise specified. + + # Consumer configuration are documented in https://kafka.apache.org/documentation/#consumerconfigs. + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.deserializer` and `value.deserializer`. + config-kafka-source-consumer.properties: | + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + + # Available Vertx WebClientOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/ext/web/client/WebClientOptions.html. + # + # Each egress resource (KafkaSource, Trigger, Subscription) creates an HTTP client in each pod where the resource is + # scheduled, meaning that a client isn't shared across multiple resources to provide better isolation. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-source-webclient.properties: | + idleTimeout=10000 + config-kafka-source-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + buffer.memory=33554432 + # compression.type=snappy + retries=2147483647 + batch.size=16384 + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=600000 + delivery.timeout.ms=120000 + linger.ms=0 + max.block.ms=60000 + max.request.size=1048576 + partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner + receive.buffer.bytes=-1 + request.timeout.ms=2000 + enable.idempotence=false + max.in.flight.requests.per.connection=5 + metadata.max.age.ms=300000 + # metric.reporters="" + metrics.num.samples=2 + metrics.recording.level=INFO + metrics.sample.window.ms=30000 + reconnect.backoff.max.ms=1000 + reconnect.backoff.ms=50 + retry.backoff.ms=100 + # transaction.timeout.ms=60000 + # transactional.id=null + config-kafka-source-consumer.properties: | + cloudevent.invalid.transformer.enabled=true + cloudevent.invalid.kind.plural=kafkasources + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + heartbeat.interval.ms=3000 + max.partition.fetch.bytes=65536 + session.timeout.ms=10000 + # ssl.key.password= + # ssl.keystore.location= + # ssl.keystore.password= + # ssl.truststore.location= + # ssl.truststore.password= + allow.auto.create.topics=true + auto.offset.reset=earliest + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=540000 + default.api.timeout.ms=2000 + enable.auto.commit=false + exclude.internal.topics=true + fetch.max.bytes=52428800 + isolation.level=read_uncommitted + max.poll.interval.ms=300000 + max.poll.records=50 + partition.assignment.strategy=org.apache.kafka.clients.consumer.StickyAssignor + receive.buffer.bytes=65536 + request.timeout.ms=2000 + # sasl.client.callback.handler.class= + # sasl.jaas.config= + # sasl.kerberos.service.name= + # sasl.login.callback.handler.class + # sasl.login.class + # sasl.mechanism + security.protocol=PLAINTEXT + send.buffer.bytes=131072 + # ssl.enabled.protocols= + # ssl.keystore.type= + # ssl.protocol= + # ssl.provider= + auto.commit.interval.ms=5000 + check.crcs=true + # client.rack= + fetch.max.wait.ms=500 + # interceptor.classes= + metadata.max.age.ms=600000 + # metrics.reporters= + # metrics.num.samples= + # metrics.recording.level=INFO + # metrics.sample.window.ms= + reconnect.backoff.max.ms=1000 + retry.backoff.ms=100 + # sasl.kerberos.kinit.cmd= + # sasl.kerberos.min.time.before.relogin= + # sasl.kerberos.ticket.renew.jitter= + # sasl.login.refresh.buffer.seconds= + # sasl.login.refresh.min.period.seconds= + # sasl.login.refresh.window.factor + # sasl.login.refresh.window.jitter + # security.providers + # ssl.cipher.suites + # ssl.endpoint.identification.algorithm + # ssl.keymanager.algorithm + # ssl.secure.random.implementation + # ssl.trustmanager.algorithm + config-kafka-source-webclient.properties: | + idleTimeout=10000 + maxPoolSize=100 +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-source-data-plane + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-source-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-source-data-plane + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-source-data-plane + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-source-data-plane + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-source-dispatcher + namespace: knative-eventing + labels: + app: kafka-source-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-source-dispatcher + app.kubernetes.io/name: knative-eventing +spec: + serviceName: kafka-source-dispatcher + podManagementPolicy: "Parallel" + selector: + matchLabels: + app: kafka-source-dispatcher + template: + metadata: + name: kafka-source-dispatcher + labels: + app: kafka-source-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-dispatcher + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/kind: kafka-dispatcher + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-source-dispatcher + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-source-dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-source-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-source-dispatcher + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-dispatcher:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-source-data-plane + readOnly: true + - mountPath: /etc/contract-resources + name: contract-resources + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-source-dispatcher" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-source-producer.properties + - name: CONSUMER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-source-consumer.properties + - name: WEBCLIENT_CONFIG_FILE_PATH + value: /etc/config/config-kafka-source-webclient.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/contract-resources/data + - name: EGRESSES_INITIAL_CAPACITY + value: "20" + - name: INSTANCE_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + + resources: + requests: + cpu: 1000m + # 600Mi for virtual replicas + 100Mi overhead + memory: 700Mi + + livenessProbe: + failureThreshold: 3 + tcpSocket: + port: 9090 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 9090 + path: /metrics + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: config-kafka-source-data-plane + configMap: + name: config-kafka-source-data-plane + - name: cache + emptyDir: { } + - name: kafka-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + restartPolicy: Always + dnsConfig: + options: + - name: single-request-reopen +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-broker-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "57a32008" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # All configurations in this ConfigMap are globally applied to each + # resource and there is no way to change them on a per-resource basis, + # unless otherwise specified. + + # Producer configuration are documented in https://kafka.apache.org/documentation/#producerconfigs + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.serializer` and `value.serializer`. + config-kafka-broker-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + + # Consumer configuration are documented in https://kafka.apache.org/documentation/#consumerconfigs. + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.deserializer` and `value.deserializer`. + config-kafka-broker-consumer.properties: | + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + + # Available Vertx HTTPServerOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html. + # + # Each receiver pod creates a single HTTP server. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-broker-httpserver.properties: | + idleTimeout=0 + + # Available Vertx WebClientOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/ext/web/client/WebClientOptions.html. + # + # Each egress resource (KafkaSource, Trigger, Subscription) creates an HTTP client in each pod where the resource is + # scheduled, meaning that a client isn't shared across multiple resources to provide better isolation. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-broker-webclient.properties: | + idleTimeout=10000 + config-kafka-broker-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + buffer.memory=33554432 + # compression.type=snappy + retries=2147483647 + batch.size=16384 + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=600000 + delivery.timeout.ms=120000 + linger.ms=0 + max.block.ms=60000 + max.request.size=1048576 + partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner + receive.buffer.bytes=-1 + request.timeout.ms=2000 + enable.idempotence=false + max.in.flight.requests.per.connection=5 + metadata.max.age.ms=300000 + # metric.reporters="" + metrics.num.samples=2 + metrics.recording.level=INFO + metrics.sample.window.ms=30000 + reconnect.backoff.max.ms=1000 + reconnect.backoff.ms=50 + retry.backoff.ms=100 + # transaction.timeout.ms=60000 + # transactional.id=null + config-kafka-broker-consumer.properties: | + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + heartbeat.interval.ms=3000 + max.partition.fetch.bytes=65536 + session.timeout.ms=10000 + # ssl.key.password= + # ssl.keystore.location= + # ssl.keystore.password= + # ssl.truststore.location= + # ssl.truststore.password= + allow.auto.create.topics=true + auto.offset.reset=latest + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=540000 + default.api.timeout.ms=2000 + enable.auto.commit=false + exclude.internal.topics=true + fetch.max.bytes=52428800 + isolation.level=read_uncommitted + max.poll.interval.ms=300000 + max.poll.records=50 + partition.assignment.strategy=org.apache.kafka.clients.consumer.StickyAssignor + receive.buffer.bytes=65536 + request.timeout.ms=2000 + # sasl.client.callback.handler.class= + # sasl.jaas.config= + # sasl.kerberos.service.name= + # sasl.login.callback.handler.class + # sasl.login.class + # sasl.mechanism + security.protocol=PLAINTEXT + send.buffer.bytes=131072 + # ssl.enabled.protocols= + # ssl.keystore.type= + # ssl.protocol= + # ssl.provider= + auto.commit.interval.ms=5000 + check.crcs=true + # client.rack= + fetch.max.wait.ms=500 + # interceptor.classes= + metadata.max.age.ms=600000 + # metrics.reporters= + # metrics.num.samples= + # metrics.recording.level=INFO + # metrics.sample.window.ms= + reconnect.backoff.max.ms=1000 + retry.backoff.ms=100 + # sasl.kerberos.kinit.cmd= + # sasl.kerberos.min.time.before.relogin= + # sasl.kerberos.ticket.renew.jitter= + # sasl.login.refresh.buffer.seconds= + # sasl.login.refresh.min.period.seconds= + # sasl.login.refresh.window.factor + # sasl.login.refresh.window.jitter + # security.providers + # ssl.cipher.suites + # ssl.endpoint.identification.algorithm + # ssl.keymanager.algorithm + # ssl.secure.random.implementation + # ssl.trustmanager.algorithm + config-kafka-broker-webclient.properties: | + idleTimeout=10000 + maxPoolSize=100 + config-kafka-broker-httpserver.properties: | + idleTimeout=0 +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-broker-data-plane + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + # needed for eventtype autocreate + - apiGroups: + - "eventing.knative.dev" + resources: + - eventtypes + verbs: + - get + - list + - watch + - create +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-broker-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-broker-data-plane + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-broker-data-plane + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-broker-data-plane + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-broker-dispatcher + namespace: knative-eventing + labels: + app: kafka-broker-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-broker-dispatcher + app.kubernetes.io/name: knative-eventing +spec: + serviceName: kafka-broker-dispatcher + podManagementPolicy: "Parallel" + selector: + matchLabels: + app: kafka-broker-dispatcher + template: + metadata: + name: kafka-broker-dispatcher + labels: + app: kafka-broker-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-broker-dispatcher + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/kind: kafka-dispatcher + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-broker-dispatcher + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-broker-dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-broker-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-broker-dispatcher + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-dispatcher:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-broker-data-plane + readOnly: true + - mountPath: /etc/contract-resources + name: contract-resources + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-broker-dispatcher" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-broker-producer.properties + - name: CONSUMER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-broker-consumer.properties + - name: WEBCLIENT_CONFIG_FILE_PATH + value: /etc/config/config-kafka-broker-webclient.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/contract-resources/data + - name: EGRESSES_INITIAL_CAPACITY + value: "20" + - name: INSTANCE_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + + resources: + requests: + cpu: 1000m + # 600Mi for virtual replicas + 100Mi overhead + memory: 700Mi + + livenessProbe: + failureThreshold: 3 + tcpSocket: + port: 9090 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 9090 + path: /metrics + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: config-kafka-broker-data-plane + configMap: + name: config-kafka-broker-data-plane + - name: cache + emptyDir: { } + - name: kafka-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + restartPolicy: Always + dnsConfig: + options: + - name: single-request-reopen +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-broker-receiver + namespace: knative-eventing + labels: + app: kafka-broker-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-broker-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-broker-receiver + template: + metadata: + name: kafka-broker-receiver + labels: + app: kafka-broker-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-broker-receiver + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-broker-receiver + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-broker-receiver + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-broker-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-broker-receiver + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-receiver:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-broker-data-plane + readOnly: true + - mountPath: /etc/brokers-triggers + name: kafka-broker-brokers-triggers + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-broker-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + - mountPath: /etc/features + name: config-features + readOnly: true + - mountPath: /etc/receiver-tls-secret + name: broker-receiver-tls-secret + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-broker-receiver" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-broker-producer.properties + - name: HTTPSERVER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-broker-httpserver.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/brokers-triggers/data + - name: LIVENESS_PROBE_PATH + value: /healthz + - name: READINESS_PROBE_PATH + value: /readyz + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + - name: CONFIG_FEATURES_PATH + value: "/etc/features" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + resources: + requests: + cpu: 200m + memory: 450Mi + livenessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /healthz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /readyz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: kafka-broker-brokers-triggers + configMap: + name: kafka-broker-brokers-triggers + - name: config-kafka-broker-data-plane + configMap: + name: config-kafka-broker-data-plane + - name: cache + emptyDir: { } + - name: kafka-broker-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + - name: config-features + configMap: + name: config-features + - name: broker-receiver-tls-secret + secret: + secretName: kafka-broker-ingress-server-tls + optional: true + + restartPolicy: Always +--- + +apiVersion: v1 +kind: Service +metadata: + name: kafka-broker-ingress + namespace: knative-eventing + labels: + app: kafka-broker-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-broker-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + app: kafka-broker-receiver + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-container + port: 8080 + protocol: TCP + targetPort: 8080 + - name: https-container + port: 8443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 +--- +--- +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-channel-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "6ce544b6" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # All configurations in this ConfigMap are globally applied to each + # resource and there is no way to change them on a per-resource basis, + # unless otherwise specified. + + # Producer configuration are documented in https://kafka.apache.org/documentation/#producerconfigs + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.serializer` and `value.serializer`. + config-kafka-channel-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + + # Consumer configuration are documented in https://kafka.apache.org/documentation/#consumerconfigs. + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.deserializer` and `value.deserializer`. + config-kafka-channel-consumer.properties: | + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + + # Available Vertx HTTPServerOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html. + # + # Each receiver pod creates a single HTTP server. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-channel-httpserver.properties: | + idleTimeout=0 + + # Available Vertx WebClientOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/ext/web/client/WebClientOptions.html. + # + # Each egress resource (KafkaSource, Trigger, Subscription) creates an HTTP client in each pod where the resource is + # scheduled, meaning that a client isn't shared across multiple resources to provide better isolation. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-channel-webclient.properties: | + idleTimeout=10000 + config-kafka-channel-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + buffer.memory=33554432 + # compression.type=snappy + retries=2147483647 + batch.size=16384 + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=600000 + delivery.timeout.ms=120000 + linger.ms=0 + max.block.ms=60000 + max.request.size=1048576 + partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner + receive.buffer.bytes=-1 + request.timeout.ms=2000 + enable.idempotence=false + max.in.flight.requests.per.connection=5 + metadata.max.age.ms=300000 + # metric.reporters="" + metrics.num.samples=2 + metrics.recording.level=INFO + metrics.sample.window.ms=30000 + reconnect.backoff.max.ms=1000 + reconnect.backoff.ms=50 + retry.backoff.ms=100 + # transaction.timeout.ms=60000 + # transactional.id=null + config-kafka-channel-consumer.properties: | + key.deserializer=org.apache.kafka.common.serialization.StringDeserializer + value.deserializer=io.cloudevents.kafka.CloudEventDeserializer + fetch.min.bytes=1 + heartbeat.interval.ms=3000 + max.partition.fetch.bytes=65536 + session.timeout.ms=10000 + # ssl.key.password= + # ssl.keystore.location= + # ssl.keystore.password= + # ssl.truststore.location= + # ssl.truststore.password= + allow.auto.create.topics=true + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=540000 + default.api.timeout.ms=2000 + enable.auto.commit=false + exclude.internal.topics=true + fetch.max.bytes=52428800 + isolation.level=read_uncommitted + max.poll.interval.ms=300000 + max.poll.records=50 + partition.assignment.strategy=org.apache.kafka.clients.consumer.StickyAssignor + receive.buffer.bytes=65536 + request.timeout.ms=2000 + # sasl.client.callback.handler.class= + # sasl.jaas.config= + # sasl.kerberos.service.name= + # sasl.login.callback.handler.class + # sasl.login.class + # sasl.mechanism + security.protocol=PLAINTEXT + send.buffer.bytes=131072 + # ssl.enabled.protocols= + # ssl.keystore.type= + # ssl.protocol= + # ssl.provider= + auto.commit.interval.ms=5000 + check.crcs=true + # client.rack= + fetch.max.wait.ms=500 + # interceptor.classes= + metadata.max.age.ms=600000 + # metrics.reporters= + # metrics.num.samples= + # metrics.recording.level=INFO + # metrics.sample.window.ms= + reconnect.backoff.max.ms=1000 + retry.backoff.ms=100 + # sasl.kerberos.kinit.cmd= + # sasl.kerberos.min.time.before.relogin= + # sasl.kerberos.ticket.renew.jitter= + # sasl.login.refresh.buffer.seconds= + # sasl.login.refresh.min.period.seconds= + # sasl.login.refresh.window.factor + # sasl.login.refresh.window.jitter + # security.providers + # ssl.cipher.suites + # ssl.endpoint.identification.algorithm + # ssl.keymanager.algorithm + # ssl.secure.random.implementation + # ssl.trustmanager.algorithm + config-kafka-channel-webclient.properties: | + idleTimeout=10000 + maxPoolSize=100 + config-kafka-channel-httpserver.properties: | + idleTimeout=0 +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-channel-data-plane + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + # needed for eventtype autocreate + - apiGroups: + - "eventing.knative.dev" + resources: + - eventtypes + verbs: + - get + - list + - watch + - create +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-channel-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-channel-data-plane + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-channel-data-plane + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-channel-data-plane + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-channel-dispatcher + namespace: knative-eventing + labels: + app: kafka-channel-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-dispatcher + app.kubernetes.io/name: knative-eventing +spec: + serviceName: kafka-channel-dispatcher + podManagementPolicy: "Parallel" + selector: + matchLabels: + app: kafka-channel-dispatcher + template: + metadata: + name: kafka-channel-dispatcher + labels: + app: kafka-channel-dispatcher + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-dispatcher + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/kind: kafka-dispatcher + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-channel-dispatcher + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-channel-dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-channel-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-channel-dispatcher + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-dispatcher:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-channel-data-plane + readOnly: true + - mountPath: /etc/contract-resources + name: contract-resources + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-channel-dispatcher" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-channel-producer.properties + - name: CONSUMER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-channel-consumer.properties + - name: WEBCLIENT_CONFIG_FILE_PATH + value: /etc/config/config-kafka-channel-webclient.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/contract-resources/data + - name: EGRESSES_INITIAL_CAPACITY + value: "20" + - name: INSTANCE_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + + resources: + requests: + cpu: 1000m + # 600Mi for virtual replicas + 100Mi overhead + memory: 700Mi + + livenessProbe: + failureThreshold: 3 + tcpSocket: + port: 9090 + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 9090 + path: /metrics + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: config-kafka-channel-data-plane + configMap: + name: config-kafka-channel-data-plane + - name: cache + emptyDir: { } + - name: kafka-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + restartPolicy: Always + dnsConfig: + options: + - name: single-request-reopen +--- +--- + +# Copyright 2021 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-channel-receiver + namespace: knative-eventing + labels: + app: kafka-channel-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-channel-receiver + template: + metadata: + name: kafka-channel-receiver + labels: + app: kafka-channel-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-receiver + app.kubernetes.io/name: knative-eventing + app.kubernetes.io/kind: kafka-receiver + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-channel-receiver + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-channel-receiver + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-channel-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-channel-receiver + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-receiver:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-channel-data-plane + readOnly: true + - mountPath: /etc/channels-subscriptions + name: kafka-channel-channels-subscriptions + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-channel-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + - mountPath: /etc/features + name: config-features + readOnly: true + - mountPath: /etc/receiver-tls-secret + name: channel-receiver-tls-secret + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-channel-receiver" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-channel-producer.properties + - name: HTTPSERVER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-channel-httpserver.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/channels-subscriptions/data + - name: LIVENESS_PROBE_PATH + value: /healthz + - name: READINESS_PROBE_PATH + value: /readyz + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + - name: CONFIG_FEATURES_PATH + value: "/etc/features" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + resources: + requests: + cpu: 200m + memory: 450Mi + livenessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /healthz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /readyz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: kafka-channel-channels-subscriptions + configMap: + name: kafka-channel-channels-subscriptions + - name: config-kafka-channel-data-plane + configMap: + name: config-kafka-channel-data-plane + - name: cache + emptyDir: { } + - name: kafka-channel-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + - name: config-features + configMap: + name: config-features + - name: channel-receiver-tls-secret + secret: + secretName: kafka-channel-ingress-server-tls + optional: true + restartPolicy: Always +--- + +apiVersion: v1 +kind: Service +metadata: + name: kafka-channel-ingress + namespace: knative-eventing + labels: + app: kafka-channel-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-channel-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + app: kafka-channel-receiver + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-container + port: 8080 + protocol: TCP + targetPort: 8080 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 +--- +--- +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kafka-sink-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly + annotations: + knative.dev/example-checksum: "a8ce4acb" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # All configurations in this ConfigMap are globally applied to each + # resource and there is no way to change them on a per-resource basis, + # unless otherwise specified. + + # Producer configuration are documented in https://kafka.apache.org/documentation/#producerconfigs + # Some configurations might be forced by the actual code to make sure we respect the Knative Eventing + # delivery constraints, for example, `key.serializer` and `value.serializer`. + config-kafka-sink-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + + # Available Vertx HTTPServerOptions are documented in + # https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html. + # + # Each receiver pod creates a single HTTP server. + # + # The mapping is the following: + # for each method starting with `set` there is a property that can be set with the name that follows the `set` + # prefix starting with a lowercase letter. + # For example, there is a method called `setIdleTimeout` and the associated property is `idleTimeout`. + config-kafka-sink-httpserver.properties: | + idleTimeout=0 + config-kafka-sink-producer.properties: | + key.serializer=org.apache.kafka.common.serialization.StringSerializer + value.serializer=io.cloudevents.kafka.CloudEventSerializer + acks=all + buffer.memory=33554432 + # compression.type=snappy + retries=2147483647 + batch.size=16384 + client.dns.lookup=use_all_dns_ips + connections.max.idle.ms=600000 + delivery.timeout.ms=120000 + linger.ms=0 + max.block.ms=60000 + max.request.size=1048576 + partitioner.class=org.apache.kafka.clients.producer.internals.DefaultPartitioner + receive.buffer.bytes=-1 + request.timeout.ms=2000 + enable.idempotence=false + max.in.flight.requests.per.connection=5 + metadata.max.age.ms=300000 + # metric.reporters="" + metrics.num.samples=2 + metrics.recording.level=INFO + metrics.sample.window.ms=30000 + reconnect.backoff.max.ms=1000 + reconnect.backoff.ms=50 + retry.backoff.ms=100 + # transaction.timeout.ms=60000 + # transactional.id=null + config-kafka-sink-httpserver.properties: | + idleTimeout=0 +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-kafka-sink-data-plane + labels: + app.kubernetes.io/version: nightly +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + # needed for eventtype autocreate + - apiGroups: + - "eventing.knative.dev" + resources: + - eventtypes + verbs: + - get + - list + - watch + - create + +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: knative-kafka-sink-data-plane + namespace: knative-eventing + labels: + app.kubernetes.io/version: nightly +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-kafka-sink-data-plane + labels: + app.kubernetes.io/version: nightly +subjects: + - kind: ServiceAccount + name: knative-kafka-sink-data-plane + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: knative-kafka-sink-data-plane + apiGroup: rbac.authorization.k8s.io +--- +--- + +# Copyright 2020 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kafka-sink-receiver + namespace: knative-eventing + labels: + app: kafka-sink-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + app: kafka-sink-receiver + template: + metadata: + name: kafka-sink-receiver + labels: + app: kafka-sink-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing + spec: + # To avoid node becoming SPOF, spread our replicas to different nodes and zones. + topologySpreadConstraints: + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kafka-sink-receiver + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: kafka-sink-receiver + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: knative-kafka-sink-data-plane + securityContext: + runAsNonRoot: true + containers: + - name: kafka-sink-receiver + image: registry.ci.openshift.org/openshift/knative-eventing-kafka-broker-receiver:knative-nightly + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: config-kafka-sink-data-plane + readOnly: true + - mountPath: /etc/sinks + name: kafka-sink-sinks + readOnly: true + - mountPath: /tmp + name: cache + - mountPath: /etc/logging + name: kafka-sink-config-logging + readOnly: true + - mountPath: /etc/tracing + name: config-tracing + readOnly: true + - mountPath: /etc/features + name: config-features + readOnly: true + - mountPath: /etc/receiver-tls-secret + name: sink-receiver-tls-secret + readOnly: true + ports: + - containerPort: 9090 + name: http-metrics + protocol: TCP + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + env: + - name: SERVICE_NAME + value: "kafka-sink-receiver" + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INGRESS_PORT + value: "8080" + - name: INGRESS_TLS_PORT + value: "8443" + - name: PRODUCER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-sink-producer.properties + - name: HTTPSERVER_CONFIG_FILE_PATH + value: /etc/config/config-kafka-sink-httpserver.properties + - name: DATA_PLANE_CONFIG_FILE_PATH + value: /etc/sinks/data + - name: LIVENESS_PROBE_PATH + value: /healthz + - name: READINESS_PROBE_PATH + value: /readyz + - name: METRICS_PATH + value: /metrics + - name: METRICS_PORT + value: "9090" + - name: METRICS_PUBLISH_QUANTILES + value: "false" + - name: METRICS_JVM_ENABLED + value: "false" + - name: CONFIG_TRACING_PATH + value: "/etc/tracing" + - name: CONFIG_FEATURES_PATH + value: "/etc/features" + # https://github.com/fabric8io/kubernetes-client/issues/2212 + - name: HTTP2_DISABLE + value: "true" + # This should be set according to initial delay seconds + - name: WAIT_STARTUP_SECONDS + value: "8" + - name: JAVA_TOOL_OPTIONS + value: "-XX:+CrashOnOutOfMemoryError" + resources: + requests: + cpu: 200m + memory: 450Mi + livenessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /healthz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + port: 8080 + path: /readyz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /dev/temination-log + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + volumes: + - name: kafka-sink-sinks + configMap: + name: kafka-sink-sinks + - name: config-kafka-sink-data-plane + configMap: + name: config-kafka-sink-data-plane + - name: cache + emptyDir: { } + - name: kafka-sink-config-logging + configMap: + name: kafka-config-logging + - name: config-tracing + configMap: + name: config-tracing + - name: config-features + configMap: + name: config-features + - name: sink-receiver-tls-secret + secret: + secretName: kafka-sink-ingress-server-tls + optional: true + restartPolicy: Always +--- + +apiVersion: v1 +kind: Service +metadata: + name: kafka-sink-ingress + namespace: knative-eventing + labels: + app: kafka-sink-receiver + app.kubernetes.io/version: nightly + app.kubernetes.io/component: kafka-sink-receiver + app.kubernetes.io/name: knative-eventing +spec: + selector: + app: kafka-sink-receiver + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: http-container + port: 8080 + protocol: TCP + targetPort: 8080 + - name: https-container + port: 8443 + protocol: TCP + targetPort: 8443 + - name: https + port: 443 + protocol: TCP + targetPort: 8443 + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 +--- diff --git a/openshift/release/create-release-branch.sh b/openshift/release/create-release-branch.sh new file mode 100755 index 0000000000..e7a2f1d602 --- /dev/null +++ b/openshift/release/create-release-branch.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Usage: create-release-branch.sh v0.4.1 release-0.4 + +set -ex # Exit immediately on error. + +release=$1 +target=$2 + +# Fetch the latest tags and checkout a new branch from the wanted tag. +git fetch upstream -v --tags +git checkout -b "$target" "$release" + +# Remove GH Action hooks from upstream +rm -rf .github/workflows +git commit -sm ":fire: remove unneeded workflows" .github/ + +# Copy the openshift extra files from the OPENSHIFT/main branch. +git fetch openshift main +git checkout openshift/main -- .github/workflows openshift OWNERS Makefile + +git apply openshift/patches/* + +# Generate our OCP artifacts +tag=${target/release-/} +yq write --inplace openshift/project.yaml project.tag "knative-$tag" +make generate-release +git add . +git commit -m "Add openshift specific files." diff --git a/openshift/release/generate-release.sh b/openshift/release/generate-release.sh new file mode 100755 index 0000000000..efc8a25ef8 --- /dev/null +++ b/openshift/release/generate-release.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source $(dirname $0)/resolve.sh + +GITHUB_ACTIONS=true $(dirname $0)/../../hack/update-codegen.sh +git apply openshift/patches/rekt-serviceaccounts-delete.patch + +# Eventing core will bring the config tracing ConfigMap, so remove it from heret +rm -f control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml + +release=$(yq r openshift/project.yaml project.tag) +tag=$release +release=${release/knative-/} + +echo "Release: $release" + +./openshift/generate.sh + +artifacts_dir="openshift/release/artifacts/" +rm -rf $artifacts_dir +mkdir -p $artifacts_dir + +image_prefix="registry.ci.openshift.org/openshift/knative-eventing-kafka-broker" + +eventing_kafka_controller="${artifacts_dir}eventing-kafka-controller.yaml" +eventing_kafka_post_install="${artifacts_dir}eventing-kafka-post-install.yaml" + +eventing_kafka_source="${artifacts_dir}eventing-kafka-source.yaml" +eventing_kafka_broker="${artifacts_dir}eventing-kafka-broker.yaml" +eventing_kafka_channel="${artifacts_dir}eventing-kafka-channel.yaml" +eventing_kafka_sink="${artifacts_dir}eventing-kafka-sink.yaml" + +eventing_kafka_tls_networking="${artifacts_dir}eventing-kafka-tls-networking.yaml" + +eventing_kafka="${artifacts_dir}eventing-kafka.yaml" + +# the Broker Control Plane parts +resolve_resources control-plane/config/eventing-kafka-broker/100-broker $eventing_kafka_controller "$image_prefix" "$tag" +resolve_resources control-plane/config/eventing-kafka-broker/100-sink $eventing_kafka_controller "$image_prefix" "$tag" +resolve_resources control-plane/config/eventing-kafka-broker/100-source $eventing_kafka_controller "$image_prefix" "$tag" +resolve_resources control-plane/config/eventing-kafka-broker/100-channel $eventing_kafka_controller "$image_prefix" "$tag" +resolve_resources control-plane/config/eventing-kafka-broker/100-kafka-internal $eventing_kafka_controller "$image_prefix" "$tag" +resolve_resources control-plane/config/eventing-kafka-broker/200-controller $eventing_kafka_controller "$image_prefix" "$tag" +resolve_resources control-plane/config/eventing-kafka-broker/200-webhook $eventing_kafka_controller "$image_prefix" "$tag" + +# the Broker Data Plane folders +resolve_resources data-plane/config/broker $eventing_kafka_broker "$image_prefix" "$tag" +resolve_resources data-plane/config/sink $eventing_kafka_sink "$image_prefix" "$tag" +resolve_resources data-plane/config/source $eventing_kafka_source "$image_prefix" "$tag" +resolve_resources data-plane/config/channel $eventing_kafka_channel "$image_prefix" "$tag" + +# TLS resources +resolve_resources data-plane/config/broker-tls $eventing_kafka_tls_networking "$image_prefix" "$tag" +resolve_resources data-plane/config/channel-tls $eventing_kafka_tls_networking "$image_prefix" "$tag" +resolve_resources data-plane/config/sink-tls $eventing_kafka_tls_networking "$image_prefix" "$tag" + +# Post-install jobs +resolve_resources control-plane/config/post-install $eventing_kafka_post_install "$image_prefix" "$tag" + +# One file with everything +cat $eventing_kafka_controller >> $eventing_kafka +cat $eventing_kafka_post_install >> $eventing_kafka +cat $eventing_kafka_source >> $eventing_kafka +cat $eventing_kafka_broker >> $eventing_kafka +cat $eventing_kafka_channel >> $eventing_kafka +cat $eventing_kafka_sink >> $eventing_kafka diff --git a/openshift/release/mirror-upstream-branches.sh b/openshift/release/mirror-upstream-branches.sh new file mode 100755 index 0000000000..4c91c6afd9 --- /dev/null +++ b/openshift/release/mirror-upstream-branches.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +# Usage: openshift/release/mirror-upstream-branches.sh +# This should be run from the basedir of the repo with no arguments + + +set -ex +readonly TMPDIR=$(mktemp -d knativeEventingBranchingCheckXXXX -p /tmp/) + +git fetch upstream --tags +git fetch openshift --tags + +# We need to seed this with a few releases that, otherwise, would make +# the processing regex less clear with more anomalies +cat >> "$TMPDIR"/midstream_branches < "$TMPDIR"/upstream_branches +git branch --list -a "openshift/release-v1.*" | cut -f3 -d'/' | cut -f2 -d'v' | cut -f1,2 -d'.' >> "$TMPDIR"/midstream_branches + +sort -o "$TMPDIR"/midstream_branches "$TMPDIR"/midstream_branches +sort -o "$TMPDIR"/upstream_branches "$TMPDIR"/upstream_branches +comm -32 "$TMPDIR"/upstream_branches "$TMPDIR"/midstream_branches > "$TMPDIR"/new_branches + +UPSTREAM_BRANCH=$(cat "$TMPDIR"/new_branches) +if [ -z "$UPSTREAM_BRANCH" ]; then + echo "no new branch, exiting" + exit 0 +fi +echo "found upstream branch: $UPSTREAM_BRANCH" +readonly UPSTREAM_TAG="knative-v$UPSTREAM_BRANCH.0" +readonly MIDSTREAM_BRANCH="release-v$UPSTREAM_BRANCH" +openshift/release/create-release-branch.sh "$UPSTREAM_TAG" "$MIDSTREAM_BRANCH" +# we would check the error code, but we 'set -e', so assume we're fine +git push openshift "$MIDSTREAM_BRANCH" diff --git a/openshift/release/resolve.sh b/openshift/release/resolve.sh new file mode 100755 index 0000000000..464141f21d --- /dev/null +++ b/openshift/release/resolve.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +function resolve_resources() { + echo $@ + + local dir=$1 + local resolved_file_name=$2 + local image_prefix=$3 + local image_tag=$4 + local override=${5:-false} + local image_name=${6:-""} + + local version=${release/release-/} + + echo "Writing resolved yaml to $resolved_file_name ${version}" + + for yaml in "$dir"/*.yaml; do + echo "Resolving ${yaml}" + + # 1. Prefix test image references with test- + # 2. Rewrite image references + # 3. Remove comment lines + # 4. Remove empty lines + + if $override; then + sed -i -e "s+\(.* image: \)\(knative.dev\)\(.*/\)\(test/\)\(.*\)+\1\2 \3\4test-\5+g" \ + -e "s+ko://++" \ + -e "s+app.kubernetes.io/version: devel+app.kubernetes.io/version: ${release}+" \ + -e "s+\(.* image: \)\(knative.dev\)\(.*/\)\(.*\)+\1${image_prefix}-test-\4:${image_tag}+g" \ + -e "s+\(.* image: \)\({{ \.image }}\)\(.*\)+\1${image_prefix}-test-${image_name}:${image_tag}+g" \ + "$yaml" + else + echo "---" >>"$resolved_file_name" + sed -e "s+\(.* image: \)\(knative.dev\)\(.*/\)\(test/\)\(.*\)+\1\2 \3\4test-\5+g" \ + -e "s+ko://++" \ + -e "s+kafka.eventing.knative.dev/release: devel+kafka.eventing.knative.dev/release: ${release}+" \ + -e "s+app.kubernetes.io/version: devel+app.kubernetes.io/version: ${release}+" \ + -e "s+\${KNATIVE_KAFKA_DISPATCHER_IMAGE}+${image_prefix}-dispatcher:${image_tag}+" \ + -e "s+\${KNATIVE_KAFKA_RECEIVER_IMAGE}+${image_prefix}-receiver:${image_tag}+" \ + -e "s+\(.* image: \)\(knative.dev\)\(.*/\)\(.*\)+\1${image_prefix}-\4:${image_tag}+g" \ + "$yaml" >>"$resolved_file_name" + fi + done +} diff --git a/openshift/release/update-to-head.sh b/openshift/release/update-to-head.sh new file mode 100755 index 0000000000..b3693ebbbc --- /dev/null +++ b/openshift/release/update-to-head.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +# Synchs the REPO_BRANCH branch to main and then triggers CI +# Usage: update-to-head.sh + +set -e +REPO_NAME="eventing-kafka-broker" +REPO_OWNER_NAME="openshift-knative" +REPO_BRANCH="release-next" +REPO_BRANCH_CI="${REPO_BRANCH}-ci" + +# Check if there's an upstream release we need to mirror downstream +openshift/release/mirror-upstream-branches.sh + +# Reset REPO_BRANCH to upstream/main. +git fetch upstream main +git checkout upstream/main -B ${REPO_BRANCH} + +# Update openshift's main and take all needed files from there. +git fetch openshift main +git checkout openshift/main openshift OWNERS Makefile +git checkout openshift/main .konflux .tekton || true + +# Remove GH Action hooks from upstream +rm -rf .github/workflows +git commit -sm ":fire: remove unneeded workflows" .github/ + +# Generate our OCP artifacts +git apply -v openshift/patches/* +make generate-release +git add . +git commit -m ":open_file_folder: Update openshift specific files." +git push -f openshift ${REPO_BRANCH} + +# Trigger CI +git checkout ${REPO_BRANCH} -B ${REPO_BRANCH_CI} +date > ci +git add ci +git commit -m ":robot: Triggering CI on branch '${REPO_BRANCH}' after synching to upstream/main" +git push -f openshift ${REPO_BRANCH_CI} + +if hash hub 2>/dev/null; then + # Test if there is already a sync PR in + COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/${REPO_OWNER_NAME}/${REPO_NAME}/pulls --flat \ + | grep -c ":robot: Triggering CI on branch '${REPO_BRANCH}' after synching to upstream/main") || true + if [ "$COUNT" = "0" ]; then + hub pull-request --no-edit -l "kind/sync-fork-to-upstream,approved,lgtm" -b ${REPO_OWNER_NAME}/${REPO_NAME}:${REPO_BRANCH} -h ${REPO_OWNER_NAME}/${REPO_NAME}:${REPO_BRANCH_CI} + fi +else + echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually." +fi diff --git a/test/e2e_new/broker_test.go b/test/e2e_new/broker_test.go index 219fceac99..8e9eacb717 100644 --- a/test/e2e_new/broker_test.go +++ b/test/e2e_new/broker_test.go @@ -207,6 +207,8 @@ func TestBrokerCannotReachKafkaCluster(t *testing.T) { } func TestNamespacedBrokerResourcesPropagation(t *testing.T) { + t.Skip("We propagate service monitors in Serverless Operator so this test won't work for now") + ctx, env := global.Environment( knative.WithKnativeNamespace(system.Namespace()), knative.WithLoggingConfig, diff --git a/test/scripts/first-event-delay.sh b/test/scripts/first-event-delay.sh index 09ad366bba..5e77c37ccb 100755 --- a/test/scripts/first-event-delay.sh +++ b/test/scripts/first-event-delay.sh @@ -72,7 +72,7 @@ spec: spec: containers: - name: event-display - image: ko://knative.dev/eventing/cmd/event_display + image: quay.io/openshift-knative/knative-eventing-sources-event-display:v0.13.2 --- apiVersion: sources.knative.dev/v1 kind: SinkBinding @@ -114,7 +114,7 @@ spec: spec: containers: - name: single-heartbeat - image: ko://knative.dev/eventing/cmd/heartbeats + image: quay.io/openshift-knative/knative-eventing-sources-heartbeats:v0.13.2 args: - --period=1 env: @@ -155,7 +155,7 @@ function wait_for_cloudevent { } function create { - app foo$i | ko resolve ${KO_FLAGS} -Bf - | kubectl apply -f - + app foo$i | kubectl apply -f - } function run { diff --git a/test/upgrade/postupgrade.go b/test/upgrade/postupgrade.go index 1a2ec29a75..2be40b58a5 100644 --- a/test/upgrade/postupgrade.go +++ b/test/upgrade/postupgrade.go @@ -38,6 +38,7 @@ func VerifyPostInstallTest() pkgupgrade.Operation { } func verifyPostInstall(t *testing.T) { + t.Skip("SO uses different names") t.Parallel() const ( diff --git a/vendor/knative.dev/reconciler-test/pkg/feature/feature.go b/vendor/knative.dev/reconciler-test/pkg/feature/feature.go index 7a7d410423..d59ae5e761 100644 --- a/vendor/knative.dev/reconciler-test/pkg/feature/feature.go +++ b/vendor/knative.dev/reconciler-test/pkg/feature/feature.go @@ -252,6 +252,15 @@ func DeleteResources(ctx context.Context, t T, refs []corev1.ObjectReference) er return false, fmt.Errorf("failed to get resource %+v %s/%s: %w", resource, ref.Namespace, ref.Name, err) } + // Repeat deleting service accounts. + // Workaround for https://issues.redhat.com/browse/OCPBUGS-35731 + if resource.Resource == "serviceaccounts" { + err = dc.Resource(resource).Namespace(ref.Namespace).Delete(ctx, ref.Name, metav1.DeleteOptions{}) + if err != nil && !apierrors.IsNotFound(err) { + t.Logf("Warning, failed to delete %s/%s of GVR: %+v: %v", ref.Namespace, ref.Name, resource, err) + } + } + lastResource = ref t.Logf("Resource %+v %s/%s still present", resource, ref.Namespace, ref.Name) return false, nil