From ff930de9710675c29ca1b6df3df65e8212ceada7 Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Fri, 23 Feb 2024 13:45:57 +0800 Subject: [PATCH 1/8] fix: update the console init default config (#1147) Signed-off-by: ericsyh --- charts/sn-platform-slim/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml index 6a52c73ab..175d8b224 100644 --- a/charts/sn-platform-slim/values.yaml +++ b/charts/sn-platform-slim/values.yaml @@ -2051,7 +2051,7 @@ streamnative_console: DEFAULT_ORGANIZATION: "streamnative" # *required*: the instance name to display for the Pulsar clusters in SN console INSTANCE_NAME: "pulsar" - INIT_DEFAULT_ENVIRONMENT: false + INIT_DEFAULT_ENVIRONMENT: true BACKEND_DEFAULT_SUPER_USER_ROLE: "admin" # If you want to enable jwt authentication, please enable the following configuration # BACKEND_DEFAULT_SUPER_USER_ROLE: "pulsar-manager-admin" From b5beedbead52e1866cc90fc856def5bc520f0e2c Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Wed, 28 Feb 2024 15:25:50 +0800 Subject: [PATCH 2/8] update pulsar operator chart limitation (#1145) Signed-off-by: ericsyh --- charts/pulsar-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pulsar-operator/Chart.yaml b/charts/pulsar-operator/Chart.yaml index 19ca0e9db..fc2766291 100644 --- a/charts/pulsar-operator/Chart.yaml +++ b/charts/pulsar-operator/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v1 version: 0.17.9 appVersion: "0.17.10" -kubeVersion: ">= 1.16.0-0 < 1.29.0-0" +kubeVersion: ">= 1.16.0-0" description: Apache Pulsar Operators Helm chart for Kubernetes name: pulsar-operator home: https://streamnative.io From 5b86d7e348f4f736c87a0530194fd1076994144c Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Mon, 4 Mar 2024 14:53:10 +0800 Subject: [PATCH 3/8] update pulsar-operator output note (#1149) * update the operator output note Signed-off-by: ericsyh * update Signed-off-by: ericsyh * update Signed-off-by: ericsyh --------- Signed-off-by: ericsyh --- charts/pulsar-operator/templates/NOTES.txt | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/pulsar-operator/templates/NOTES.txt b/charts/pulsar-operator/templates/NOTES.txt index a1d3e0d79..548c212ea 100644 --- a/charts/pulsar-operator/templates/NOTES.txt +++ b/charts/pulsar-operator/templates/NOTES.txt @@ -1,4 +1,12 @@ StreamNative Operators for Apache Pulsar -The StreamNative Pulsar Operators bring the specific controllers for Kubernetes by providing specific Custom Resource Definition (CRD) which is developed and maintained by StreamNative Inc. -Installing the StreamNative Pulsar Operators means you agreed to and are in compliance with https://streamnative.io/community-licence. \ No newline at end of file +StreamNative now offers a unified approach to managing Pulsar clusters on Kubernetes systems, transitioning from two distinct versions of operators—Pulsar Operators (Basic Version) and StreamNative Operator (Advanced Version)—to a single, consolidated operator, StreamNative Operator, effective from the start of 2024. As part of this change, we will cease the release of new versions of Pulsar Operators, with future updates and enhancements being exclusively available through the StreamNative Operator, accessible only via StreamNative's paid services. + +Apply for trial: +Before installing StreamNative Private Cloud, you need to import a valid license. You can contact StreamNative to apply for a free trial https://streamnative.io/deployment/start-free-trial. + +Quick Start: +Follow our Quick Start guide https://docs.streamnative.io/private/private-cloud-quickstart to quickly provision and manage Pulsar clusters with the StreamNative Private Cloud. + +Upgrade to StreamNative Operator: +Follow the Upgrade guide https://docs.streamnative.io/private/upgrade-from-pulsar-operators to upgrade to the StreamNative Operator easily. \ No newline at end of file From 16d0e370f5938a3578e1e1c8abd26b1173a4a210 Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Tue, 5 Mar 2024 13:40:26 +0800 Subject: [PATCH 4/8] udpate the operator readme (#1150) Signed-off-by: ericsyh --- charts/pulsar-operator/README.md | 142 +++---------------------------- 1 file changed, 10 insertions(+), 132 deletions(-) diff --git a/charts/pulsar-operator/README.md b/charts/pulsar-operator/README.md index 33459dd05..2b8a381a8 100644 --- a/charts/pulsar-operator/README.md +++ b/charts/pulsar-operator/README.md @@ -1,139 +1,17 @@ # StreamNative Pulsar Operators -StreamNative Pulsar Operators bring the specific controllers for Kubernetes by providing specific Custom Resource Definition (CRD) which is developed and maintained by StreamNative Inc. -Installing the StreamNative Pulsar Operators means you agree to and are in compliance with the [StreamNative Community License](https://streamnative.io/community-licence). +> **Note** +> StreamNative now offers a unified approach to managing Pulsar clusters on Kubernetes systems, transitioning from two distinct versions of operators—Pulsar Operators (Basic ? Version) and StreamNative Operator (Advanced Version)—to a single, consolidated operator, StreamNative Operator, effective from the start of 2024. As part of this change, we will cease the release of new versions of Pulsar Operators, with future updates and enhancements being exclusively available through the StreamNative Operator, accessible only via StreamNative's paid services. -## Requirements +## StreamNative Private Cloud -To use the `pulsar-operator` chart to deploy BookKeeper Controller, ZooKeeper Controller, and Pulsar Controller, the followings are required. +StreamNative Private Cloud is an enterprise product which brings specific controllers for Kubernetes by providing specific Custom Resource Definitions (CRDs) that extend the basic Kubernetes orchestration capabilities to support the setup and management of StreamNative components. -- Install [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl) 1.16 or higher, compatible with your cluster (+/- 1 minor release from your cluster). -- Install [`helm`](https://helm.sh/docs/intro/install/) v3 (3.0.2 or higher). -- Prepare a Kubernetes cluster, version 1.16 to 1.25. +## Apply for trial +Before installing StreamNative Operator, you need to import a valid license. You can contact StreamNative to apply for a free trial https://streamnative.io/deployment/start-free-trial. -## Install `pulsar-operator` chart +## Quick Start +Follow our Quick Start guide https://docs.streamnative.io/private/private-cloud-quickstart to quickly provision and manage Pulsar clusters with the StreamNative Private Cloud. -1. Create a Kubernetes namespace. - - ``` - kubectl create namespace pulsar - ``` - -2. Add the `streamnative` repo. - - ``` - helm repo add streamnative https://charts.streamnative.io - helm repo update - ``` - -3. Install the `pulsar-operator` chart. - - ``` - helm install pulsar-operators streamnative/pulsar-operator --namespace pulsar - ``` - -4. Verify that the `pulsar-operator` chart is installed successfully. - - ``` - kubectl get po -n pulsar - ``` - - Expected outputs: - - ``` - NAME READY STATUS RESTARTS AGE - pulsar-operator-bookkeeper-controller-manager-7488dd7c7f-bs5jn 1/1 Running 0 15h - pulsar-operator-pulsar-controller-manager-6f7fcd7799-9tkxt 1/1 Running 0 15h - pulsar-operator-zookeeper-controller-manager-56db9d5649-76dqm 1/1 Running 0 15h - ``` - -5. Provision a Pulsar cluster. - - ``` - kubectl apply -f https://raw.githubusercontent.com/streamnative/charts/master/examples/pulsar-operators/quick-start.yaml - ``` - - Expected outputs: - - ``` - NAME READY STATUS RESTARTS AGE - pulsar-operator-bookkeeper-controller-manager-7488dd7c7f-bs5jn 1/1 Running 0 15h - pulsar-operator-pulsar-controller-manager-6f7fcd7799-9tkxt 1/1 Running 0 15h - pulsar-operator-zookeeper-controller-manager-56db9d5649-76dqm 1/1 Running 0 15h - ``` - -6. Verify that the Pulsar cluster Pods are running. - - ``` - kubectl get po -n pulsar - ``` - - Expected outputs: - - ``` - NAME READY STATUS RESTARTS AGE - bookies-bk-0 1/1 Running 0 2m3s - bookies-bk-1 1/1 Running 0 2m3s - bookies-bk-2 1/1 Running 0 2m3s - bookies-bk-auto-recovery-0 1/1 Running 0 62s - brokers-broker-0 1/1 Running 0 2m4s - brokers-broker-1 1/1 Running 0 2m4s - pulsar-operator-bookkeeper-controller-manager-7488dd7c7f-bs5jn 1/1 Running 0 15h - pulsar-operator-pulsar-controller-manager-6f7fcd7799-9tkxt 1/1 Running 0 15h - pulsar-operator-zookeeper-controller-manager-56db9d5649-76dqm 1/1 Running 0 15h - zookeepers-zk-0 1/1 Running 0 3m17s - zookeepers-zk-1 1/1 Running 0 3m17s - zookeepers-zk-2 1/1 Running 0 3m17s - ``` - -7. Clean up the environment. - - ``` - kubectl delete -f https://raw.githubusercontent.com/streamnative/charts/master/examples/pulsar-operators/quick-start.yaml - helm uninstall pulsar-operators -n pulsar - kubectl delete ns pulsar - ``` - -## More Resources - -### StreamNative Pulsar Operators examples - -* [Install Pulsar Operator with OLM](https://raw.githubusercontent.com/streamnative/charts/master/examples/pulsar-operators/olm-subscription.yaml) -* [Set a pre-defined Kubernetes Storage Class](https://raw.githubusercontent.com/streamnative/charts/master/examples/pulsar-operators/storage.yaml) -* [Provision Pulsar Proxy](https://raw.githubusercontent.com/streamnative/charts/master/examples/pulsar-operators/proxy.yaml) -* [Enable the KoP](https://raw.githubusercontent.com/streamnative/charts/master/examples/pulsar-operators/kop.yaml) - -### StreamNative Pulsar Operator Tutorial -* [StreamNative Pulsar Operator Tutorial Part 1](https://yuweisung.medium.com/streamnative-pulsar-operator-tutorial-part-1-7fbbbb07397e) -* [StreamNative Pulsar Operator Tutorial Part 2](https://yuweisung.medium.com/streamnative-pulsar-operator-tutorial-part-2-8dd030ac1b7c) -* [StreamNative Pulsar Operator Tutorial Part 3](https://yuweisung.medium.com/streamnative-pulsar-operator-tutorial-part-3-2bb2cf67d0a0) - -## Note -1. As Helm won't upgrade CRD when doing `helm upgrade`, please manually apply the pulsar-operator [CRDs](https://github.com/streamnative/charts/tree/master/charts/pulsar-operator/crds) before upgrading pulsar-operator chart version. - -2. When upgrading the CRD from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1` we might get exceptions like: - - ``` - The CustomResourceDefinition "pulsarbrokers.pulsar.streamnative.io" is invalid: spec.preserveUnknownFields: Invalid value: true: must be false in order to use defaults in the schema - ``` - This is caused by a [controller-gen bug](https://github.com/kubernetes-sigs/controller-tools/issues/476), which makes `preserveUnknownFields: false` missing from the generated CRD even if adding `preserveUnknownFields=false` option. So we can manually patch the CRD wheing getting such exception like below and reapply again: - ``` - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.0 - creationTimestamp: null - name: pulsarbrokers.pulsar.streamnative.io - spec: - group: pulsar.streamnative.io - preserveUnknownFields: false - ``` - -## Versioning Convention - -`version`: The version of the chart. It will be changed only when there are some changes to the chart or the `appVersion` bumps a new version. - -`appVersion`: The version of the application image that the chart contains. It will be changed only when the operator image bumps a new version. - -`kubeVersion`: The range of compatible Kubernetes versions. \ No newline at end of file +## Upgrade to StreamNative Operator +Follow the Upgrade guide https://docs.streamnative.io/private/upgrade-from-pulsar-operators to upgrade to the StreamNative Operator easily. \ No newline at end of file From 5d32eb344c2085213c947f88cd65cac17b3b9a17 Mon Sep 17 00:00:00 2001 From: Donglai Fu Date: Tue, 5 Mar 2024 14:43:19 +0800 Subject: [PATCH 5/8] fix `clusterRole` typo (#1151) fix typo --- .../templates/bookkeeper-operator/operator_rbac.yaml | 2 +- .../templates/pulsar-operator/operator_rbac.yaml | 2 +- .../templates/zookeeper-operator/operator_rbac.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/pulsar-operator/templates/bookkeeper-operator/operator_rbac.yaml b/charts/pulsar-operator/templates/bookkeeper-operator/operator_rbac.yaml index faf805447..d0b5cea14 100644 --- a/charts/pulsar-operator/templates/bookkeeper-operator/operator_rbac.yaml +++ b/charts/pulsar-operator/templates/bookkeeper-operator/operator_rbac.yaml @@ -234,7 +234,7 @@ kind: {{ template "pulsar.bookkeeperRoleBindingKind" . }} apiVersion: rbac.authorization.k8s.io/v1 metadata: name: '{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.rbac.name }}-operator' - {{- if not .Values.bookkeeper.serviceAccount.cluserRole }} + {{- if not .Values.bookkeeper.serviceAccount.clusterRole }} namespace: {{ template "pulsar.namespace" . }} {{- end }} subjects: diff --git a/charts/pulsar-operator/templates/pulsar-operator/operator_rbac.yaml b/charts/pulsar-operator/templates/pulsar-operator/operator_rbac.yaml index 5ce276c11..e69d6207f 100644 --- a/charts/pulsar-operator/templates/pulsar-operator/operator_rbac.yaml +++ b/charts/pulsar-operator/templates/pulsar-operator/operator_rbac.yaml @@ -288,7 +288,7 @@ kind: {{ template "pulsar.operatorRoleBindingKind" . }} apiVersion: rbac.authorization.k8s.io/v1 metadata: name: '{{ template "pulsar.fullname" . }}-{{ .Values.pulsar.rbac.name }}-operator' - {{- if not .Values.pulsar.serviceAccount.cluserRole }} + {{- if not .Values.pulsar.serviceAccount.clusterRole }} namespace: {{ template "pulsar.namespace" . }} {{- end }} subjects: diff --git a/charts/pulsar-operator/templates/zookeeper-operator/operator_rbac.yaml b/charts/pulsar-operator/templates/zookeeper-operator/operator_rbac.yaml index 3a40c028a..2421b2f6d 100644 --- a/charts/pulsar-operator/templates/zookeeper-operator/operator_rbac.yaml +++ b/charts/pulsar-operator/templates/zookeeper-operator/operator_rbac.yaml @@ -202,7 +202,7 @@ kind: {{ template "pulsar.zookeeperRoleBindingKind" . }} apiVersion: rbac.authorization.k8s.io/v1 metadata: name: '{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.rbac.name }}-operator' - {{- if not .Values.zookeeper.serviceAccount.cluserRole }} + {{- if not .Values.zookeeper.serviceAccount.clusterRole }} namespace: {{ template "pulsar.namespace" . }} {{- end }} subjects: From 5b027f4241e94d54ab61c4ebd02b05801873711e Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Wed, 6 Mar 2024 21:08:49 +0800 Subject: [PATCH 6/8] fix: remove legacy pulsar chart (#1148) remove legacy pulsar chart Signed-off-by: ericsyh --- .github/workflows/pulsar.yml | 90 - .github/workflows/pulsar_upgrade.yml | 49 - charts/pulsar/.helmignore | 22 - charts/pulsar/Chart.yaml | 32 - charts/pulsar/README.md | 213 -- charts/pulsar/conf/autorecovery/log4j2.yaml | 164 -- charts/pulsar/conf/bookie/log4j2.yaml | 164 -- charts/pulsar/conf/broker/log4j2.yaml | 170 -- charts/pulsar/conf/grafana/grafana.ini | 494 ---- charts/pulsar/conf/proxy/log4j2.yaml | 164 -- charts/pulsar/conf/toolset/log4j2.yaml | 164 -- charts/pulsar/conf/zookeeper/log4j2.yaml | 164 -- charts/pulsar/requirements.yaml | 28 - charts/pulsar/templates/_helpers.tpl | 101 - .../alert-manager/alertmanager-configmap.yaml | 35 - .../alert-manager/alertmanager-service.yaml | 46 - .../alertmanager-statefulset.yaml | 116 - .../templates/bookkeeper/_autorecovery.tpl | 109 - .../templates/bookkeeper/_bookkeeper.tpl | 239 -- .../bookkeeper-autorecovery-configmap.yaml | 34 - .../bookkeeper-autorecovery-service.yaml | 38 - .../bookkeeper-autorecovery-statefulset.yaml | 175 -- .../bookkeeper-cluster-initialize.yaml | 108 - .../bookkeeper-cluster-role-binding.yaml | 59 - .../bookkeeper/bookkeeper-configmap.yaml | 50 - .../templates/bookkeeper/bookkeeper-pdb.yaml | 37 - .../bookkeeper/bookkeeper-role-binding.yaml | 59 - .../bookkeeper-service-account.yaml | 33 - .../bookkeeper/bookkeeper-service.yaml | 49 - .../bookkeeper/bookkeeper-statefulset.yaml | 263 --- .../bookkeeper/bookkeeper-storageclass.yaml | 102 - charts/pulsar/templates/broker/_broker.tpl | 587 ----- charts/pulsar/templates/broker/_functions.tpl | 21 - .../broker/broker-cluster-role-binding.yaml | 81 - .../templates/broker/broker-configmap.yaml | 236 -- .../broker/broker-istio-gateway.yaml | 44 - .../broker/broker-istio-serviceentries.yaml | 41 - .../broker/broker-istio-virtualservice.yaml | 60 - .../pulsar/templates/broker/broker-pdb.yaml | 37 - .../templates/broker/broker-role-binding.yaml | 68 - .../broker/broker-service-account.yaml | 36 - .../broker/broker-service-ingress.yaml | 63 - .../templates/broker/broker-service.yaml | 67 - .../templates/broker/broker-statefulset.yaml | 412 ---- .../broker/function-mesh-configmap.yaml | 33 - .../function-worker-configfile-configmap.yaml | 168 -- .../broker/function-worker-configmap.yaml | 32 - .../control-center/_control_center.tpl | 85 - .../control-center-ingress.yaml | 118 - .../ingress-controller-configmap.yaml | 51 - .../ingress-controller-deployment.yaml | 121 - .../ingress-controller-rbac.yaml | 168 -- .../ingress-controller-service.yaml | 58 - .../pulsar/templates/detector/_detector.tpl | 13 - .../detector/pulsar-detector-pdb.yaml | 37 - .../pulsar-detector-service-account.yaml | 33 - .../detector/pulsar-detector-service.yaml | 45 - .../detector/pulsar-detector-statefulset.yaml | 120 - .../templates/external-dns/_external_dns.tpl | 8 - .../external-dns/external-dns-rbac.yaml | 70 - .../templates/external-dns/external-dns.yaml | 87 - .../function-worker/_function_worker.tpl | 163 -- .../function-worker-cluster-role-binding.yaml | 68 - .../function-worker-role-binding.yaml | 68 - .../function-worker-service-account.yaml | 33 - .../function-worker-service.yaml | 43 - .../function-worker-statefulset.yaml | 196 -- charts/pulsar/templates/grafana/_grafana.tpl | 16 - .../grafana/grafana-admin-secret.yaml | 35 - .../grafana/grafana-azuread-secret.yaml | 33 - .../templates/grafana/grafana-configmap.yaml | 40 - .../templates/grafana/grafana-deployment.yaml | 150 -- .../templates/grafana/grafana-service.yaml | 52 - .../grafana/grafana-statefulset.yaml | 187 -- .../grafana/grafana-storageclass.yaml | 37 - .../image-puller/_daemonset-helper.yaml | 161 -- .../templates/image-puller/daemonset.yaml | 39 - charts/pulsar/templates/image-puller/job.yaml | 64 - .../pulsar/templates/image-puller/rbac.yaml | 85 - charts/pulsar/templates/namespace.yaml | 25 - .../node-exporter/node-exporter.yaml | 90 - .../templates/oauth2/oauth2-secret.yaml | 31 - charts/pulsar/templates/presto/_presto.tpl | 65 - .../presto/presto-coordinator-configmap.yaml | 282 --- .../presto-coordinator-statefulset.yaml | 282 --- .../presto/presto-service-ingress.yaml | 67 - .../templates/presto/presto-service.yaml | 48 - .../presto/presto-worker-configmap.yaml | 252 -- .../presto/presto-worker-service.yaml | 41 - .../presto/presto-worker-statefulset.yaml | 252 -- .../templates/prometheus/_prometheus.tpl | 146 -- .../prometheus/prometheus-configmap.yaml | 151 -- .../templates/prometheus/prometheus-pvc.yaml | 44 - .../prometheus/prometheus-service.yaml | 44 - .../prometheus/prometheus-statefulset.yaml | 183 -- .../prometheus/prometheus-storageclass.yaml | 40 - .../prometheus/pulsar-operators-rbac.yaml | 174 -- charts/pulsar/templates/proxy/_proxy.tpl | 395 ---- charts/pulsar/templates/proxy/_websocket.tpl | 51 - .../templates/proxy/proxy-configmap.yaml | 104 - charts/pulsar/templates/proxy/proxy-pdb.yaml | 37 - .../proxy/proxy-service-account.yaml | 33 - .../proxy/proxy-service-ingress.yaml | 104 - .../pulsar/templates/proxy/proxy-service.yaml | 88 - .../templates/proxy/proxy-statefulset.yaml | 346 --- .../templates/proxy/websocket-configmap.yaml | 84 - .../templates/pulsar-cluster-initialize.yaml | 110 - .../pulsar-manager/_pulsar_manager.tpl | 162 -- .../pulsar-manager-backend-service.yaml | 41 - .../pulsar-manager-configmap.yaml | 108 - .../pulsar-manager-initialize.yaml | 66 - .../pulsar-manager/pulsar-manager-pvc.yaml | 44 - .../pulsar-manager-service.yaml | 49 - .../pulsar-manager-statefulset.yaml | 172 -- .../pulsar-manager-storageclass.yaml | 37 - charts/pulsar/templates/tls/_tls.tpl | 10 - charts/pulsar/templates/tls/keytool.yaml | 123 - .../tls/tls-cert-internal-issuer.yaml | 67 - .../templates/tls/tls-cert-public-issuer.yaml | 61 - .../templates/tls/tls-certs-internal.yaml | 382 ---- .../templates/tls/tls-certs-public.yaml | 75 - charts/pulsar/templates/toolset/_toolset.tpl | 265 --- .../templates/toolset/toolset-configmap.yaml | 102 - .../templates/toolset/toolset-service.yaml | 34 - .../toolset/toolset-statefulset.yaml | 132 -- .../templates/zookeeper/_backup_restore.tpl | 24 - .../pulsar/templates/zookeeper/_zookeeper.tpl | 258 --- .../templates/zookeeper/gen-zk-conf.yaml | 85 - .../zookeeper-backup-clusterrolebinding.yaml | 68 - .../zookeeper/zookeeper-backup-configmap.yaml | 61 - .../zookeeper-backup-rolebinding.yaml | 68 - .../zookeeper/zookeeper-backup-service.yaml | 45 - .../zookeeper-backup-serviceaccount.yaml | 33 - .../zookeeper-backup-statefulset.yaml | 242 -- .../zookeeper/zookeeper-configmap.yaml | 59 - .../templates/zookeeper/zookeeper-pdb.yaml | 38 - .../zookeeper-restore-clusterrolebinding.yaml | 68 - .../zookeeper-restore-configmap.yaml | 42 - .../zookeeper-restore-rolebinding.yaml | 68 - .../zookeeper-restore-serviceaccount.yaml | 33 - .../zookeeper/zookeeper-service.yaml | 49 - .../zookeeper/zookeeper-statefulset.yaml | 262 --- .../zookeeper/zookeeper-storageclass.yaml | 107 - charts/pulsar/values.yaml | 2035 ----------------- examples/pulsar/values-cs.yaml | 45 - examples/pulsar/values-jwt-asymmetric.yaml | 37 - examples/pulsar/values-jwt-symmetric.yaml | 37 - examples/pulsar/values-kop-tls-istio.yaml | 55 - examples/pulsar/values-local-cluster.yaml | 37 - examples/pulsar/values-migrate.yaml | 34 - examples/pulsar/values-minikube.yaml | 50 - examples/pulsar/values-no-persistence.yaml | 28 - examples/pulsar/values-oauth2.yaml | 46 - examples/pulsar/values-one-node.yaml | 54 - examples/pulsar/values-pulsar.yaml | 50 - examples/pulsar/values-tls.yaml | 37 - 156 files changed, 17695 deletions(-) delete mode 100644 .github/workflows/pulsar.yml delete mode 100644 .github/workflows/pulsar_upgrade.yml delete mode 100644 charts/pulsar/.helmignore delete mode 100644 charts/pulsar/Chart.yaml delete mode 100644 charts/pulsar/README.md delete mode 100644 charts/pulsar/conf/autorecovery/log4j2.yaml delete mode 100644 charts/pulsar/conf/bookie/log4j2.yaml delete mode 100644 charts/pulsar/conf/broker/log4j2.yaml delete mode 100644 charts/pulsar/conf/grafana/grafana.ini delete mode 100644 charts/pulsar/conf/proxy/log4j2.yaml delete mode 100644 charts/pulsar/conf/toolset/log4j2.yaml delete mode 100644 charts/pulsar/conf/zookeeper/log4j2.yaml delete mode 100644 charts/pulsar/requirements.yaml delete mode 100644 charts/pulsar/templates/_helpers.tpl delete mode 100644 charts/pulsar/templates/alert-manager/alertmanager-configmap.yaml delete mode 100644 charts/pulsar/templates/alert-manager/alertmanager-service.yaml delete mode 100644 charts/pulsar/templates/alert-manager/alertmanager-statefulset.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/_autorecovery.tpl delete mode 100644 charts/pulsar/templates/bookkeeper/_bookkeeper.tpl delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-configmap.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-service.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-statefulset.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-cluster-initialize.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-cluster-role-binding.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-configmap.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-pdb.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-role-binding.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-service-account.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-service.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-statefulset.yaml delete mode 100644 charts/pulsar/templates/bookkeeper/bookkeeper-storageclass.yaml delete mode 100644 charts/pulsar/templates/broker/_broker.tpl delete mode 100644 charts/pulsar/templates/broker/_functions.tpl delete mode 100644 charts/pulsar/templates/broker/broker-cluster-role-binding.yaml delete mode 100644 charts/pulsar/templates/broker/broker-configmap.yaml delete mode 100644 charts/pulsar/templates/broker/broker-istio-gateway.yaml delete mode 100644 charts/pulsar/templates/broker/broker-istio-serviceentries.yaml delete mode 100644 charts/pulsar/templates/broker/broker-istio-virtualservice.yaml delete mode 100644 charts/pulsar/templates/broker/broker-pdb.yaml delete mode 100644 charts/pulsar/templates/broker/broker-role-binding.yaml delete mode 100644 charts/pulsar/templates/broker/broker-service-account.yaml delete mode 100644 charts/pulsar/templates/broker/broker-service-ingress.yaml delete mode 100644 charts/pulsar/templates/broker/broker-service.yaml delete mode 100644 charts/pulsar/templates/broker/broker-statefulset.yaml delete mode 100644 charts/pulsar/templates/broker/function-mesh-configmap.yaml delete mode 100644 charts/pulsar/templates/broker/function-worker-configfile-configmap.yaml delete mode 100644 charts/pulsar/templates/broker/function-worker-configmap.yaml delete mode 100644 charts/pulsar/templates/control-center/_control_center.tpl delete mode 100644 charts/pulsar/templates/control-center/control-center-ingress.yaml delete mode 100644 charts/pulsar/templates/control-center/ingress-controller-configmap.yaml delete mode 100644 charts/pulsar/templates/control-center/ingress-controller-deployment.yaml delete mode 100644 charts/pulsar/templates/control-center/ingress-controller-rbac.yaml delete mode 100644 charts/pulsar/templates/control-center/ingress-controller-service.yaml delete mode 100644 charts/pulsar/templates/detector/_detector.tpl delete mode 100644 charts/pulsar/templates/detector/pulsar-detector-pdb.yaml delete mode 100644 charts/pulsar/templates/detector/pulsar-detector-service-account.yaml delete mode 100644 charts/pulsar/templates/detector/pulsar-detector-service.yaml delete mode 100644 charts/pulsar/templates/detector/pulsar-detector-statefulset.yaml delete mode 100644 charts/pulsar/templates/external-dns/_external_dns.tpl delete mode 100644 charts/pulsar/templates/external-dns/external-dns-rbac.yaml delete mode 100644 charts/pulsar/templates/external-dns/external-dns.yaml delete mode 100644 charts/pulsar/templates/function-worker/_function_worker.tpl delete mode 100644 charts/pulsar/templates/function-worker/function-worker-cluster-role-binding.yaml delete mode 100644 charts/pulsar/templates/function-worker/function-worker-role-binding.yaml delete mode 100644 charts/pulsar/templates/function-worker/function-worker-service-account.yaml delete mode 100644 charts/pulsar/templates/function-worker/function-worker-service.yaml delete mode 100644 charts/pulsar/templates/function-worker/function-worker-statefulset.yaml delete mode 100644 charts/pulsar/templates/grafana/_grafana.tpl delete mode 100644 charts/pulsar/templates/grafana/grafana-admin-secret.yaml delete mode 100644 charts/pulsar/templates/grafana/grafana-azuread-secret.yaml delete mode 100644 charts/pulsar/templates/grafana/grafana-configmap.yaml delete mode 100644 charts/pulsar/templates/grafana/grafana-deployment.yaml delete mode 100644 charts/pulsar/templates/grafana/grafana-service.yaml delete mode 100644 charts/pulsar/templates/grafana/grafana-statefulset.yaml delete mode 100644 charts/pulsar/templates/grafana/grafana-storageclass.yaml delete mode 100644 charts/pulsar/templates/image-puller/_daemonset-helper.yaml delete mode 100644 charts/pulsar/templates/image-puller/daemonset.yaml delete mode 100644 charts/pulsar/templates/image-puller/job.yaml delete mode 100644 charts/pulsar/templates/image-puller/rbac.yaml delete mode 100644 charts/pulsar/templates/namespace.yaml delete mode 100644 charts/pulsar/templates/node-exporter/node-exporter.yaml delete mode 100644 charts/pulsar/templates/oauth2/oauth2-secret.yaml delete mode 100644 charts/pulsar/templates/presto/_presto.tpl delete mode 100644 charts/pulsar/templates/presto/presto-coordinator-configmap.yaml delete mode 100644 charts/pulsar/templates/presto/presto-coordinator-statefulset.yaml delete mode 100644 charts/pulsar/templates/presto/presto-service-ingress.yaml delete mode 100644 charts/pulsar/templates/presto/presto-service.yaml delete mode 100644 charts/pulsar/templates/presto/presto-worker-configmap.yaml delete mode 100644 charts/pulsar/templates/presto/presto-worker-service.yaml delete mode 100644 charts/pulsar/templates/presto/presto-worker-statefulset.yaml delete mode 100644 charts/pulsar/templates/prometheus/_prometheus.tpl delete mode 100644 charts/pulsar/templates/prometheus/prometheus-configmap.yaml delete mode 100644 charts/pulsar/templates/prometheus/prometheus-pvc.yaml delete mode 100644 charts/pulsar/templates/prometheus/prometheus-service.yaml delete mode 100644 charts/pulsar/templates/prometheus/prometheus-statefulset.yaml delete mode 100644 charts/pulsar/templates/prometheus/prometheus-storageclass.yaml delete mode 100644 charts/pulsar/templates/prometheus/pulsar-operators-rbac.yaml delete mode 100644 charts/pulsar/templates/proxy/_proxy.tpl delete mode 100644 charts/pulsar/templates/proxy/_websocket.tpl delete mode 100644 charts/pulsar/templates/proxy/proxy-configmap.yaml delete mode 100644 charts/pulsar/templates/proxy/proxy-pdb.yaml delete mode 100644 charts/pulsar/templates/proxy/proxy-service-account.yaml delete mode 100644 charts/pulsar/templates/proxy/proxy-service-ingress.yaml delete mode 100644 charts/pulsar/templates/proxy/proxy-service.yaml delete mode 100644 charts/pulsar/templates/proxy/proxy-statefulset.yaml delete mode 100644 charts/pulsar/templates/proxy/websocket-configmap.yaml delete mode 100644 charts/pulsar/templates/pulsar-cluster-initialize.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/_pulsar_manager.tpl delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-backend-service.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-configmap.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-initialize.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-pvc.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-service.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-statefulset.yaml delete mode 100644 charts/pulsar/templates/pulsar-manager/pulsar-manager-storageclass.yaml delete mode 100644 charts/pulsar/templates/tls/_tls.tpl delete mode 100644 charts/pulsar/templates/tls/keytool.yaml delete mode 100644 charts/pulsar/templates/tls/tls-cert-internal-issuer.yaml delete mode 100644 charts/pulsar/templates/tls/tls-cert-public-issuer.yaml delete mode 100644 charts/pulsar/templates/tls/tls-certs-internal.yaml delete mode 100644 charts/pulsar/templates/tls/tls-certs-public.yaml delete mode 100644 charts/pulsar/templates/toolset/_toolset.tpl delete mode 100644 charts/pulsar/templates/toolset/toolset-configmap.yaml delete mode 100644 charts/pulsar/templates/toolset/toolset-service.yaml delete mode 100644 charts/pulsar/templates/toolset/toolset-statefulset.yaml delete mode 100644 charts/pulsar/templates/zookeeper/_backup_restore.tpl delete mode 100644 charts/pulsar/templates/zookeeper/_zookeeper.tpl delete mode 100644 charts/pulsar/templates/zookeeper/gen-zk-conf.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-backup-clusterrolebinding.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-backup-configmap.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-backup-rolebinding.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-backup-service.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-backup-serviceaccount.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-backup-statefulset.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-configmap.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-pdb.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-restore-clusterrolebinding.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-restore-configmap.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-restore-rolebinding.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-restore-serviceaccount.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-service.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-statefulset.yaml delete mode 100644 charts/pulsar/templates/zookeeper/zookeeper-storageclass.yaml delete mode 100644 charts/pulsar/values.yaml delete mode 100644 examples/pulsar/values-cs.yaml delete mode 100644 examples/pulsar/values-jwt-asymmetric.yaml delete mode 100644 examples/pulsar/values-jwt-symmetric.yaml delete mode 100644 examples/pulsar/values-kop-tls-istio.yaml delete mode 100644 examples/pulsar/values-local-cluster.yaml delete mode 100644 examples/pulsar/values-migrate.yaml delete mode 100644 examples/pulsar/values-minikube.yaml delete mode 100644 examples/pulsar/values-no-persistence.yaml delete mode 100644 examples/pulsar/values-oauth2.yaml delete mode 100644 examples/pulsar/values-one-node.yaml delete mode 100644 examples/pulsar/values-pulsar.yaml delete mode 100644 examples/pulsar/values-tls.yaml diff --git a/.github/workflows/pulsar.yml b/.github/workflows/pulsar.yml deleted file mode 100644 index 583e9601a..000000000 --- a/.github/workflows/pulsar.yml +++ /dev/null @@ -1,90 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -name: Precommit - Pulsar Helm Chart -on: - pull_request: - branches: - - '*' - paths: - - 'charts/local-storage-provisioner/**' - - 'charts/pulsar/**' - - '.github/workflows/pulsar**' -jobs: - lint-test: - strategy: - fail-fast: false - matrix: - include: - - name: "Basic Installation" - values: .ci/clusters/values-local-pv.yaml - - name: "ZK TLS Only" - values: .ci/clusters/values-zk-tls.yaml - - name: "BK TLS Only" - values: .ci/clusters/values-bk-tls.yaml - - name: "ZK & BK TLS Only" - values: .ci/clusters/values-zkbk-tls.yaml - - name: "TLS Installation" - values: .ci/clusters/values-tls.yaml - - name: "Broker & Proxy TLS Installation" - values: .ci/clusters/values-broker-tls.yaml - - name: "Advertise Broker IP Address" - values: .ci/clusters/values-broker-ip.yaml - - name: "JWT Secret Key Installation" - values: .ci/clusters/values-jwt-symmetric.yaml - env-symmetric: true - - name: "JWT Public/Private Key Installation" - values: .ci/clusters/values-jwt-asymmetric.yaml - env-symmetric: false - - name: "Pulsar Function" - values: .ci/clusters/values-function.yaml - env-function: true - - name: "Service Account" - values: .ci/clusters/values-service-account.yaml - - name: "Service Account Disabled" - values: .ci/clusters/values-sa-disabled.yaml - - name: "Use Pulsar Image" - values: .ci/clusters/values-pulsar-image.yaml - - name: "Use SN Image" - values: .ci/clusters/values-sn-image.yaml - name: ${{ matrix.name }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Fetch history - run: git fetch --prune --unshallow - - - name: Lint chart - id: lint - uses: helm/chart-testing-action@v1.0.0 - with: - command: lint - - - name: Install chart - if: steps.lint.outputs.changed == 'true' # Only build a kind cluster if there are chart changes to test. - env: - SYMMETRIC: ${{ matrix.env-symmetric }} - FUNCTION: ${{ matrix.env-function }} - run: | - .ci/chart_test.sh ${{ matrix.values }} - - name: Setup tmate session - if: failure() - uses: mxschmitt/action-tmate@v3 \ No newline at end of file diff --git a/.github/workflows/pulsar_upgrade.yml b/.github/workflows/pulsar_upgrade.yml deleted file mode 100644 index 04a9ee951..000000000 --- a/.github/workflows/pulsar_upgrade.yml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -name: Precommit - Pulsar Helm Chart (Upgrade From The Apache Charts) -on: - push: - branches: - - '*' - pull_request: - branches: - - '*' - paths: - - 'charts/pulsar/**' - - '.github/workflows/pulsar**' -jobs: - upgrade-test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Fetch Apache Charts - uses: actions/checkout@v2 - with: - repository: apache/pulsar-helm-chart - ref: 'pulsar-2.9.4' - path: 'apache-charts' - - - name: Run chart-testing (upgrade) - env: - UPGRADE: true - K8S_VERSION: v1.20.15 - run: .ci/chart_test.sh .ci/clusters/values-upgrade.yaml ${PWD}/apache-charts diff --git a/charts/pulsar/.helmignore b/charts/pulsar/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/pulsar/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/pulsar/Chart.yaml b/charts/pulsar/Chart.yaml deleted file mode 100644 index fe30a7840..000000000 --- a/charts/pulsar/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -apiVersion: v1 -appVersion: "2.10" -kubeVersion: ">= 1.19.0-0 <= 1.25.0-0" -description: Apache Pulsar Helm chart for Kubernetes -name: pulsar -version: 2.10.0 -home: https://streamnative.io -sources: -- https://github.com/streamnative/charts/pulsar -icon: https://raw.githubusercontent.com/streamnative/charts/master/static/logo.svg -maintainers: -- name: StreamNative Support - email: support@streamnative.io diff --git a/charts/pulsar/README.md b/charts/pulsar/README.md deleted file mode 100644 index 932b9d1b1..000000000 --- a/charts/pulsar/README.md +++ /dev/null @@ -1,213 +0,0 @@ - -# Apache Pulsar Helm Chart (Deprecated) - -> **Note** -> -> This Apache Pulsar Helm Chart has been deprecated and we recommend using [streamnative/sn-platform](https://github.com/streamnative/charts/tree/master/charts/sn-platform) to provision and manage the Apache Pulsar on Kubernetes. - -This is the officially supported Helm Chart for installing Apache Pulsar on Kubernetes. - -## Features - -This Helm Chart includes all the components of Apache Pulsar for a complete experience. - -- [x] Pulsar core components: - - [x] ZooKeeper - - [x] Bookies - - [x] Brokers - - [x] Functions - - [x] Proxies -- [x] Management & monitoring components: - - [x] Pulsar Manager - - [x] Prometheus - - [x] Grafana - -It includes support for: - -- [x] Security - - [x] Automatically provisioned TLS certs, using [Jetstack](https://www.jetstack.io/)'s [cert-manager](https://cert-manager.io/docs/) - - [x] self-signed - - [x] [Let's Encrypt](https://letsencrypt.org/) - - [x] TLS Encryption - - [x] Proxy - - [x] Broker - - [x] Toolset - - [x] Bookie - - [x] ZooKeeper - - [x] Authentication - - [x] JWT - - [ ] Mutal TLS - - [ ] Kerberos - - [x] Authorization -- [x] Storage - - [x] Non-persistence storage - - [x] Persistence Volume - - [x] Local Persistent Volumes - - [ ] Tiered Storage -- [x] Functions - - [x] Kubernetes Runtime - - [x] Process Runtime - - [x] Thread Runtime -- [x] Operations - - [x] Independent Image Versions for all components, enabling controlled upgrades - -## Environment setup - -Before proceeding to deploying Pulsar, you need to prepare your environment. - -### Tools - -- Install `helm` on your computer. For details, see [here](https://helm.sh/docs/intro/install/). -- Install `kubectl` on your computer. For details, see [here](https://kubernetes.io/docs/tasks/tools/#kubectl). - -## Add Apache Pulsar Chart to local Helm repository - -To add this chart to your local Helm repository, execute this command. - -```bash -helm repo add streamnative https://charts.streamnative.io -``` - -## Prepare Kubernetes clusters - -To use this chart, you need a Kubernetes cluster whose version is 1.14 or higher, due to the usage of certain Kubernetes features. - -We provide some instructions to guide you through the preparation for the [Google Kubernetes Engine (GKE)](../../docs/pulsar/install/gke.md). - -## Deploy Pulsar to Kubernetes - -1. Clone this repository and switch to the target directory. - - ```bash - git clone https://github.com/streamnative/charts.git - cd charts - ``` - -2. Run `prepare_helm_release.sh` to create required Kubernetes resources for installing this Helm chart. - - - A Kubernetes namespace for installing the Pulsar release (if `-c` is specified) - - Create the JWT secret keys and tokens for three superusers: `broker-admin`, `proxy-admin`, and `admin`. - By default, it generates the asymmetric pubic/private key pair. You can choose to generate symmetric secret key by specifying `--symmetric` in the following command. - - `proxy-admin` role is used for proxies to communicate to brokers. - - `broker-admin` role is used for inter-broker communications. - - `admin` role is used by the admin tools. - - ```bash - ./scripts/pulsar/prepare_helm_release.sh -n -k -c - ``` - -3. Add Loki Helm Charts repository and update charts. - - ```bash - helm repo add loki https://grafana.github.io/loki/charts - helm dependency update charts/pulsar - ``` - -4. Use the Pulsar Helm charts to install Apache Pulsar. - - > **Note** - > Please specify `--set initialize=true` when installing a release at the first time. `initialize=true` will start initialize jobs to initialize the cluster metadata for both BookKeeper and Pulsar clusters. - - ```bash - helm install --set initialize=true streamnative/pulsar - ``` - -5. Access the Pulsar cluster. - - The default values will create a `ClusterIP` for the proxy that you can use to interact with the cluster. To find the IP address of proxy use: - - ```bash - kubectl get service -n - ``` - -## Customize the deployment - -We provide a [detailed guideline](../../docs/pulsar/install/deployment.md) for you to customize the Helm Chart for a production-ready deployment. - -You can also checkout out the example values file for different deployments. - -- [Deploy ZooKeeper only](examples/pulsar/values-cs.yaml) -- [Deploy a Pulsar cluster with an external configuration store](../../examples/pulsar/values-cs.yaml) -- [Deploy a Pulsar cluster with local persistent volume](../../examples/pulsar/values-local-pv.yaml) -- [Deploy a Pulsar cluster to Minikube](../../examples/pulsar/values-minikube.yaml) -- [Deploy a Pulsar cluster with no persistence](../../examples/pulsar/values-no-persistence.yaml) -- [Deploy a Pulsar cluster with TLS encryption](../../examples/pulsar/values-tls.yaml) -- [Deploy a Pulsar cluster with JWT authentication using symmetric key](../../examples/pulsar/values-jwt-symmetric.yaml) -- [Deploy a Pulsar cluster with JWT authentication using asymmetric key](../../examples/pulsar/values-jwt-asymmetric.yaml) -- [Deploy a Pulsar cluster with KoP, Istio, and TLS encryption](../../examples/pulsar/values-kop-tls-istio.yaml) - -## Deploy Function Worker - -To deploy function worker service, we can update the value.yaml to enable function worker by -```yaml -components: - # functions - functions: true -``` -Then upgrade the chart -``` -helm upgrade -f /path/to/pulsar/value/file.yaml $RELEASE_NAME $PULSAR_CHART -``` - -Function worker can also be deployed as separate Kubernetes Statefulset for stability and process power. -Enabling it by: -```yaml -functions: - useDedicatedRunner: true -``` -Then upgrade the chart -``` -helm upgrade -f /path/to/pulsar/value/file.yaml $RELEASE_NAME $PULSAR_CHART -``` - -When migrating function worker from run with broker mode to standalone mode, if using **KubernetesRuntimeFactory** then functions will be spin up as independent Statefulset -and you don't need to worry about the upgrade interrupting the running function. If using **ThreadRuntimeFactory** or **ProcessRuntimeFactory** -then the function should resume working once the function worker is up and running. - -For authentication, if enabled authentication and vault function worker will mount the same token broker use to do intra broker communication. -For authorization, it'll have the same permission granted to broker super user role. - -After running function worker in standalone mode, admin operation related to function should add --admin-url
-as proxy knows how to redirect the request to function worker. - -## Upgrading - -Once your Pulsar Chart is installed, configuration changes and chart updates should be done using the `helm upgrade` command. - -If you are updating images used by the Pulsar Chart, you can specify `imagePuller.hook.enabled` to enable a Helm hook to pull images before -deploying a newer Helm release. The `imagePuller` ensures all the images are pulled to all Kubernetes hosts before deploying the Helm release. - -```bash -helm repo add streamnative https://charts.streamnative.io/ -helm repo update -helm get values > pulsar.yaml -helm upgrade -f pulsar.yaml \ - [--set imagePuller.hook.enabled=true] \ - streamnative/pulsar -``` - -## Uninstall Pulsar Chart - -To uninstall the Pulsar Chart, execute the following command. - -```bash -helm uninstall -``` - -For the purposes of continuity, these charts have some Kubernetes objects that are not removed when performing `helm uninstall`. -These items we require you to *conciously* remove them, as they affect re-deployment should you choose to. - -* PVCs for stateful data, which you must *consciously* remove - - ZooKeeper: This is your metadata. - - BookKeeper: This is your data. - - Prometheus: This is your metrics data, which can be safely removed. -* Secrets, if generated by our [prepare release script](https://github.com/streamnative/charts/blob/master/scripts/pulsar/prepare_helm_release.sh). They contain secret keys, tokens, etc. You can use [cleanup release script](https://github.com/streamnative/charts/blob/master/scripts/pulsar/cleanup_helm_release.sh) to remove these secrets and tokens as needed. - -## Migration - -If you want to migrate from [apache/pulsar-helm-chart](https://github.com/apache/pulsar-helm-chart) to the streamantive/charts, -you can use the [values-migrate.yaml](../../examples/pulsar/values-migrate.yaml) to upgrade your cluster for migrating to the streamnative/charts. - -```bash -helm upgrade --set namespace= --set initialize=false --values example/pulsar/values-migrate.yaml streamnative/pulsar --version -``` diff --git a/charts/pulsar/conf/autorecovery/log4j2.yaml b/charts/pulsar/conf/autorecovery/log4j2.yaml deleted file mode 100644 index 34826740c..000000000 --- a/charts/pulsar/conf/autorecovery/log4j2.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -Configuration: - status: INFO - monitorInterval: 30 - name: pulsar - packages: io.prometheus.client.log4j2 - - Properties: - Property: - - name: "pulsar.log.dir" - value: "logs" - - name: "pulsar.log.file" - value: "pulsar.log" - - name: "pulsar.log.appender" - value: "RoutingAppender" - - name: "pulsar.log.root.level" - value: "info" - - name: "pulsar.log.level" - value: "info" - - name: "pulsar.routing.appender.default" - value: "Console" - - # Example: logger-filter script - Scripts: - ScriptFile: - name: filter.js - language: JavaScript - path: ./conf/log4j2-scripts/filter.js - charset: UTF-8 - - Appenders: - - # Console - Console: - name: Console - target: SYSTEM_OUT - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - - # Rolling file appender configuration - RollingFile: - name: RollingFile - fileName: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}" - filePattern: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}-%d{MM-dd-yyyy}-%i.log.gz" - immediateFlush: false - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: 1 GB - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - Prometheus: - name: Prometheus - - # Routing - Routing: - name: RoutingAppender - Routes: - pattern: "$${ctx:function}" - Route: - - - Routing: - name: InstanceRoutingAppender - Routes: - pattern: "$${ctx:instance}" - Route: - - - RollingFile: - name: "Rolling-${ctx:function}" - fileName : "${sys:pulsar.log.dir}/functions/${ctx:function}/${ctx:functionname}-${ctx:instance}.log" - filePattern : "${sys:pulsar.log.dir}/functions/${sys:pulsar.log.file}-${ctx:instance}-%d{MM-dd-yyyy}-%i.log.gz" - PatternLayout: - Pattern: "%d{ABSOLUTE} %level{length=5} [%thread] [instance: %X{instance}] %logger{1} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: "20MB" - # Trigger every day at midnight that also scan - # roll-over strategy that deletes older file - CronTriggeringPolicy: - schedule: "0 0 0 * * ?" - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - Loggers: - - # Default root logger configuration - Root: - level: "${sys:pulsar.log.root.level}" - additivity: true - AppenderRef: - - ref: "${sys:pulsar.log.appender}" - level: "${sys:pulsar.log.level}" - - ref: Prometheus - level: info - - Logger: - - name: org.apache.bookkeeper.bookie.BookieShell - level: info - additivity: false - AppenderRef: - - ref: Console - - - name: verbose - level: info - additivity: false - AppenderRef: - - ref: Console - - # Logger to inject filter script -# - name: org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl -# level: debug -# additivity: false -# AppenderRef: -# ref: "${sys:pulsar.log.appender}" -# ScriptFilter: -# onMatch: ACCEPT -# onMisMatch: DENY -# ScriptRef: -# ref: filter.js diff --git a/charts/pulsar/conf/bookie/log4j2.yaml b/charts/pulsar/conf/bookie/log4j2.yaml deleted file mode 100644 index 34826740c..000000000 --- a/charts/pulsar/conf/bookie/log4j2.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -Configuration: - status: INFO - monitorInterval: 30 - name: pulsar - packages: io.prometheus.client.log4j2 - - Properties: - Property: - - name: "pulsar.log.dir" - value: "logs" - - name: "pulsar.log.file" - value: "pulsar.log" - - name: "pulsar.log.appender" - value: "RoutingAppender" - - name: "pulsar.log.root.level" - value: "info" - - name: "pulsar.log.level" - value: "info" - - name: "pulsar.routing.appender.default" - value: "Console" - - # Example: logger-filter script - Scripts: - ScriptFile: - name: filter.js - language: JavaScript - path: ./conf/log4j2-scripts/filter.js - charset: UTF-8 - - Appenders: - - # Console - Console: - name: Console - target: SYSTEM_OUT - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - - # Rolling file appender configuration - RollingFile: - name: RollingFile - fileName: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}" - filePattern: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}-%d{MM-dd-yyyy}-%i.log.gz" - immediateFlush: false - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: 1 GB - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - Prometheus: - name: Prometheus - - # Routing - Routing: - name: RoutingAppender - Routes: - pattern: "$${ctx:function}" - Route: - - - Routing: - name: InstanceRoutingAppender - Routes: - pattern: "$${ctx:instance}" - Route: - - - RollingFile: - name: "Rolling-${ctx:function}" - fileName : "${sys:pulsar.log.dir}/functions/${ctx:function}/${ctx:functionname}-${ctx:instance}.log" - filePattern : "${sys:pulsar.log.dir}/functions/${sys:pulsar.log.file}-${ctx:instance}-%d{MM-dd-yyyy}-%i.log.gz" - PatternLayout: - Pattern: "%d{ABSOLUTE} %level{length=5} [%thread] [instance: %X{instance}] %logger{1} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: "20MB" - # Trigger every day at midnight that also scan - # roll-over strategy that deletes older file - CronTriggeringPolicy: - schedule: "0 0 0 * * ?" - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - Loggers: - - # Default root logger configuration - Root: - level: "${sys:pulsar.log.root.level}" - additivity: true - AppenderRef: - - ref: "${sys:pulsar.log.appender}" - level: "${sys:pulsar.log.level}" - - ref: Prometheus - level: info - - Logger: - - name: org.apache.bookkeeper.bookie.BookieShell - level: info - additivity: false - AppenderRef: - - ref: Console - - - name: verbose - level: info - additivity: false - AppenderRef: - - ref: Console - - # Logger to inject filter script -# - name: org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl -# level: debug -# additivity: false -# AppenderRef: -# ref: "${sys:pulsar.log.appender}" -# ScriptFilter: -# onMatch: ACCEPT -# onMisMatch: DENY -# ScriptRef: -# ref: filter.js diff --git a/charts/pulsar/conf/broker/log4j2.yaml b/charts/pulsar/conf/broker/log4j2.yaml deleted file mode 100644 index 353c030fd..000000000 --- a/charts/pulsar/conf/broker/log4j2.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -Configuration: - status: INFO - monitorInterval: 30 - name: pulsar - packages: io.prometheus.client.log4j2 - - Properties: - Property: - - name: "pulsar.log.dir" - value: "logs" - - name: "pulsar.log.file" - value: "pulsar.log" - - name: "pulsar.log.appender" - value: "RoutingAppender" - - name: "pulsar.log.root.level" - value: "info" - - name: "pulsar.log.level" - value: "info" - - name: "pulsar.routing.appender.default" - value: "Console" - - # Example: logger-filter script - Scripts: - ScriptFile: - name: filter.js - language: JavaScript - path: ./conf/log4j2-scripts/filter.js - charset: UTF-8 - - Appenders: - - # Console - Console: - name: Console - target: SYSTEM_OUT - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - - # Rolling file appender configuration - RollingFile: - name: RollingFile - fileName: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}" - filePattern: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}-%d{MM-dd-yyyy}-%i.log.gz" - immediateFlush: false - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: 1 GB - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - Prometheus: - name: Prometheus - - # Routing - Routing: - name: RoutingAppender - Routes: - pattern: "$${ctx:function}" - Route: - - - Routing: - name: InstanceRoutingAppender - Routes: - pattern: "$${ctx:instance}" - Route: - - - RollingFile: - name: "Rolling-${ctx:function}" - fileName : "${sys:pulsar.log.dir}/functions/${ctx:function}/${ctx:functionname}-${ctx:instance}.log" - filePattern : "${sys:pulsar.log.dir}/functions/${sys:pulsar.log.file}-${ctx:instance}-%d{MM-dd-yyyy}-%i.log.gz" - PatternLayout: - Pattern: "%d{ABSOLUTE} %level{length=5} [%thread] [instance: %X{instance}] %logger{1} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: "20MB" - # Trigger every day at midnight that also scan - # roll-over strategy that deletes older file - CronTriggeringPolicy: - schedule: "0 0 0 * * ?" - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - Loggers: - - # Default root logger configuration - Root: - level: "${sys:pulsar.log.root.level}" - additivity: true - AppenderRef: - - ref: "${sys:pulsar.log.appender}" - level: "${sys:pulsar.log.level}" - - ref: Prometheus - level: info - - Logger: - - name: org.apache.bookkeeper.bookie.BookieShell - level: info - additivity: false - AppenderRef: - - ref: Console - - - name: io.streamnative.pulsar.broker.authorization.AuthorizationProviderVault - level: warn - additivity: false - AppenderRef: - - ref: Console - - - name: verbose - level: info - additivity: false - AppenderRef: - - ref: Console - - # Logger to inject filter script -# - name: org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl -# level: debug -# additivity: false -# AppenderRef: -# ref: "${sys:pulsar.log.appender}" -# ScriptFilter: -# onMatch: ACCEPT -# onMisMatch: DENY -# ScriptRef: -# ref: filter.js diff --git a/charts/pulsar/conf/grafana/grafana.ini b/charts/pulsar/conf/grafana/grafana.ini deleted file mode 100644 index bdd2b03db..000000000 --- a/charts/pulsar/conf/grafana/grafana.ini +++ /dev/null @@ -1,494 +0,0 @@ -# -# Copyright (c) 2018 Sijie. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -##################### Grafana Configuration Example ##################### -# -# Everything has defaults so you only need to uncomment things you want to -# change - -# possible values : production, development -;app_mode = production - -# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty -;instance_name = ${HOSTNAME} - -#################################### Paths #################################### -[paths] -# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) -data = /var/lib/grafana/pulsar/data - -# Temporary files in `data` directory older than given duration will be removed -;temp_data_lifetime = 24h - -# Directory where grafana can store logs -# logs = /var/lib/grafana/pulsar/logs - -# Directory where grafana will automatically scan and look for plugins -plugins = /var/lib/grafana/pulsar/plugins - -# folder that contains provisioning config files that grafana will apply on startup and while running. -provisioning = /var/lib/grafana/pulsar_provisioning - -#################################### Server #################################### -[server] -# Protocol (http, https, socket) -;protocol = http - -# The ip address to bind to, empty will bind to all interfaces -;http_addr = - -# The http port to use -# http_port = - -# The public facing domain name used to access grafana from a browser -domain = {{ GRAFANA_DOMAIN }} -serve_from_sub_path = {{ GRAFANA_SERVE_FROM_SUB_PATH }} - -# Redirect to correct domain if host header does not match domain -# Prevents DNS rebinding attacks -;enforce_domain = false - -# The full public facing url you use in browser, used for redirects and emails -# If you use reverse proxy and sub path specify full url (with sub path) -root_url = {{ GRAFANA_ROOT_URL }} - -# Log web requests -;router_logging = false - -# the path relative working path -;static_root_path = public - -# enable gzip -;enable_gzip = false - -# https certs & key file -;cert_file = -;cert_key = - -# Unix socket path -;socket = - -#################################### Database #################################### -[database] -# You can configure the database connection by specifying type, host, name, user and password -# as separate properties or as on string using the url properties. - -# Either "mysql", "postgres" or "sqlite3", it's your choice -;type = sqlite3 -;host = 127.0.0.1:3306 -;name = grafana -;user = root -# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -;password = - -# Use either URL or the previous fields to configure the database -# Example: mysql://user:secret@host:port/database -;url = - -# For "postgres" only, either "disable", "require" or "verify-full" -;ssl_mode = disable - -# For "sqlite3" only, path relative to data_path setting -;path = grafana.db - -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -log_queries = - -#################################### Session #################################### -[session] -# Either "memory", "file", "redis", "mysql", "postgres", default is "file" -;provider = file - -# Provider config options -# memory: not have any config yet -# file: session dir path, is relative to grafana data_path -# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` -# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` -# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable -;provider_config = sessions - -# Session cookie name -;cookie_name = grafana_sess - -# If you use session in https only, default is false -;cookie_secure = false - -# Session life time, default is 86400 -;session_life_time = 86400 - -#################################### Data proxy ########################### -[dataproxy] - -# This enables data proxy logging, default is false -;logging = false - -#################################### Analytics #################################### -[analytics] -# Server reporting, sends usage counters to stats.grafana.org every 24 hours. -# No ip addresses are being tracked, only simple counters to track -# running instances, dashboard and error counts. It is very helpful to us. -# Change this option to false to disable reporting. -;reporting_enabled = true - -# Set to false to disable all checks to https://grafana.net -# for new vesions (grafana itself and plugins), check is used -# in some UI views to notify that grafana or plugin update exists -# This option does not cause any auto updates, nor send any information -# only a GET request to http://grafana.com to get latest versions -check_for_updates = true - -# Google Analytics universal tracking code, only enabled if you specify an id here -;google_analytics_ua_id = - -#################################### Security #################################### -[security] -# default admin user, created on startup -admin_user = {{ GRAFANA_ADMIN_USER }} - -# default admin password, can be changed before first start of grafana, or in profile settings -admin_password = {{ GRAFANA_ADMIN_PASSWORD }} - -# used for signing -;secret_key = SW2YcwTIb9zpOOhoPsMm - -# Auto-login remember days -;login_remember_days = 7 -;cookie_username = grafana_user -;cookie_remember_name = grafana_remember - -# disable gravatar profile images -;disable_gravatar = false - -# data source proxy whitelist (ip_or_domain:port separated by spaces) -;data_source_proxy_whitelist = - -# disable protection against brute force login attempts -;disable_brute_force_login_protection = false - -#################################### Snapshots ########################### -[snapshots] -# snapshot sharing options -;external_enabled = true -;external_snapshot_url = https://snapshots-origin.raintank.io -;external_snapshot_name = Publish to snapshot.raintank.io - -# remove expired snapshot -;snapshot_remove_expired = true - -#################################### Dashboards History ################## -[dashboards] -# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 -;versions_to_keep = 20 - -#################################### Users ############################### -[users] -# disable user signup / registration -;allow_sign_up = true - -# Allow non admin users to create organizations -;allow_org_create = true - -# Set to true to automatically assign new users to the default organization (id 1) -;auto_assign_org = true - -# Default role new users will be automatically assigned (if disabled above is set to true) -;auto_assign_org_role = Viewer - -# Background text for the user field on the login page -;login_hint = email or username - -# Default UI theme ("dark" or "light") -;default_theme = dark - -# External user management, these options affect the organization users view -;external_manage_link_url = -;external_manage_link_name = -;external_manage_info = - -# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard. -;viewers_can_edit = false - -[auth] -# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false -;disable_login_form = false - -# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false -;disable_signout_menu = false - -# URL to redirect the user to after sign out -;signout_redirect_url = - -#################################### Anonymous Auth ########################## -[auth.anonymous] -# enable anonymous access -;enabled = false - -# specify organization name that should be used for unauthenticated users -;org_name = Main Org. - -# specify role for unauthenticated users -;org_role = Viewer - -#################################### Github Auth ########################## -[auth.github] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://github.com/login/oauth/authorize -;token_url = https://github.com/login/oauth/access_token -;api_url = https://api.github.com/user -;team_ids = -;allowed_organizations = - -#################################### Google Auth ########################## -[auth.google] -;enabled = false -;allow_sign_up = true -;client_id = some_client_id -;client_secret = some_client_secret -;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email -;auth_url = https://accounts.google.com/o/oauth2/auth -;token_url = https://accounts.google.com/o/oauth2/token -;api_url = https://www.googleapis.com/oauth2/v1/userinfo -;allowed_domains = - -#################################### Generic OAuth ########################## -[auth.generic_oauth] -;enabled = false -;name = OAuth -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://foo.bar/login/oauth/authorize -;token_url = https://foo.bar/login/oauth/access_token -;api_url = https://foo.bar/user -;team_ids = -;allowed_organizations = -;tls_skip_verify_insecure = false -;tls_client_cert = -;tls_client_key = -;tls_client_ca = - -#################################### Grafana.com Auth #################### -[auth.grafana_com] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email -;allowed_organizations = - -#################################### Auth Proxy ########################## -[auth.proxy] -;enabled = false -;header_name = X-WEBAUTH-USER -;header_property = username -;auto_sign_up = true -;ldap_sync_ttl = 60 -;whitelist = 192.168.1.1, 192.168.2.1 - -#################################### Basic Auth ########################## -[auth.basic] -;enabled = true - -#################################### Auth LDAP ########################## -[auth.ldap] -;enabled = false -;config_file = /etc/grafana/ldap.toml -;allow_sign_up = true - -#################################### SMTP / Emailing ########################## -[smtp] -;enabled = false -;host = localhost:25 -;user = -# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" -;password = -;cert_file = -;key_file = -;skip_verify = false -;from_address = admin@grafana.localhost -;from_name = Grafana -# EHLO identity in SMTP dialog (defaults to instance_name) -;ehlo_identity = dashboard.example.com - -[emails] -;welcome_email_on_sign_up = false - -#################################### Logging ########################## -[log] -# Either "console", "file", "syslog". Default is console and file -# Use space to separate multiple modes, e.g. "console file" -mode = console - -# Either "debug", "info", "warn", "error", "critical", default is "info" -;level = info - -# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug -;filters = - -# For "console" mode only -[log.console] -;level = - -# log line format, valid options are text, console and json -;format = console - -# For "file" mode only -[log.file] -level = info - -# log line format, valid options are text, console and json -format = text - -# This enables automated log rotate(switch of following options), default is true -;log_rotate = true - -# Max line number of single file, default is 1000000 -;max_lines = 1000000 - -# Max size shift of single file, default is 28 means 1 << 28, 256MB -;max_size_shift = 28 - -# Segment log daily, default is true -;daily_rotate = true - -# Expired days of log file(delete after max days), default is 7 -;max_days = 7 - -[log.syslog] -;level = - -# log line format, valid options are text, console and json -;format = text - -# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. -;network = -;address = - -# Syslog facility. user, daemon and local0 through local7 are valid. -;facility = - -# Syslog tag. By default, the process' argv[0] is used. -;tag = - -#################################### Alerting ############################ -[alerting] -# Disable alerting engine & UI features -;enabled = true -# Makes it possible to turn off alert rule execution but alerting UI is visible -;execute_alerts = true - -# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state) -;error_or_timeout = alerting - -# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok) -;nodata_or_nullvalues = no_data - -# Alert notifications can include images, but rendering many images at the same time can overload the server -# This limit will protect the server from render overloading and make sure notifications are sent out quickly -;concurrent_render_limit = 5 - -#################################### Explore ############################# -[explore] -# Enable the Explore section -;enabled = false - -#################################### Internal Grafana Metrics ########################## -# Metrics available at HTTP API Url /metrics -[metrics] -# Disable / Enable internal metrics -;enabled = true - -# Publish interval -;interval_seconds = 10 - -# Send internal metrics to Graphite -[metrics.graphite] -# Enable by setting the address setting (ex localhost:2003) -;address = -;prefix = prod.grafana.%(instance_name)s. - -#################################### Distributed tracing ############ -[tracing.jaeger] -# Enable by setting the address sending traces to jaeger (ex localhost:6831) -;address = localhost:6831 -# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) -;always_included_tag = tag1:value1 -# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote -;sampler_type = const -# jaeger samplerconfig param -# for "const" sampler, 0 or 1 for always false/true respectively -# for "probabilistic" sampler, a probability between 0 and 1 -# for "rateLimiting" sampler, the number of spans per second -# for "remote" sampler, param is the same as for "probabilistic" -# and indicates the initial sampling rate before the actual one -# is received from the mothership -;sampler_param = 1 - -#################################### Grafana.com integration ########################## -# Url used to import dashboards directly from Grafana.com -[grafana_com] -url = https://grafana.com - -#################################### External image storage ########################## -[external_image_storage] -# Used for uploading images to public servers so they can be included in slack/email messages. -# you can choose between (s3, webdav, gcs, azure_blob, local) -;provider = - -[external_image_storage.s3] -;bucket = -;region = -;path = -;access_key = -;secret_key = - -[external_image_storage.webdav] -;url = -;public_url = -;username = -;password = - -[external_image_storage.gcs] -;key_file = -;bucket = -;path = - -[external_image_storage.azure_blob] -;account_name = -;account_key = -;container_name = - -[external_image_storage.local] -# does not require any configuration - -[rendering] -# Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer -;server_url = -;callback_url = diff --git a/charts/pulsar/conf/proxy/log4j2.yaml b/charts/pulsar/conf/proxy/log4j2.yaml deleted file mode 100644 index 34826740c..000000000 --- a/charts/pulsar/conf/proxy/log4j2.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -Configuration: - status: INFO - monitorInterval: 30 - name: pulsar - packages: io.prometheus.client.log4j2 - - Properties: - Property: - - name: "pulsar.log.dir" - value: "logs" - - name: "pulsar.log.file" - value: "pulsar.log" - - name: "pulsar.log.appender" - value: "RoutingAppender" - - name: "pulsar.log.root.level" - value: "info" - - name: "pulsar.log.level" - value: "info" - - name: "pulsar.routing.appender.default" - value: "Console" - - # Example: logger-filter script - Scripts: - ScriptFile: - name: filter.js - language: JavaScript - path: ./conf/log4j2-scripts/filter.js - charset: UTF-8 - - Appenders: - - # Console - Console: - name: Console - target: SYSTEM_OUT - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - - # Rolling file appender configuration - RollingFile: - name: RollingFile - fileName: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}" - filePattern: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}-%d{MM-dd-yyyy}-%i.log.gz" - immediateFlush: false - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: 1 GB - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - Prometheus: - name: Prometheus - - # Routing - Routing: - name: RoutingAppender - Routes: - pattern: "$${ctx:function}" - Route: - - - Routing: - name: InstanceRoutingAppender - Routes: - pattern: "$${ctx:instance}" - Route: - - - RollingFile: - name: "Rolling-${ctx:function}" - fileName : "${sys:pulsar.log.dir}/functions/${ctx:function}/${ctx:functionname}-${ctx:instance}.log" - filePattern : "${sys:pulsar.log.dir}/functions/${sys:pulsar.log.file}-${ctx:instance}-%d{MM-dd-yyyy}-%i.log.gz" - PatternLayout: - Pattern: "%d{ABSOLUTE} %level{length=5} [%thread] [instance: %X{instance}] %logger{1} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: "20MB" - # Trigger every day at midnight that also scan - # roll-over strategy that deletes older file - CronTriggeringPolicy: - schedule: "0 0 0 * * ?" - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - Loggers: - - # Default root logger configuration - Root: - level: "${sys:pulsar.log.root.level}" - additivity: true - AppenderRef: - - ref: "${sys:pulsar.log.appender}" - level: "${sys:pulsar.log.level}" - - ref: Prometheus - level: info - - Logger: - - name: org.apache.bookkeeper.bookie.BookieShell - level: info - additivity: false - AppenderRef: - - ref: Console - - - name: verbose - level: info - additivity: false - AppenderRef: - - ref: Console - - # Logger to inject filter script -# - name: org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl -# level: debug -# additivity: false -# AppenderRef: -# ref: "${sys:pulsar.log.appender}" -# ScriptFilter: -# onMatch: ACCEPT -# onMisMatch: DENY -# ScriptRef: -# ref: filter.js diff --git a/charts/pulsar/conf/toolset/log4j2.yaml b/charts/pulsar/conf/toolset/log4j2.yaml deleted file mode 100644 index 34826740c..000000000 --- a/charts/pulsar/conf/toolset/log4j2.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -Configuration: - status: INFO - monitorInterval: 30 - name: pulsar - packages: io.prometheus.client.log4j2 - - Properties: - Property: - - name: "pulsar.log.dir" - value: "logs" - - name: "pulsar.log.file" - value: "pulsar.log" - - name: "pulsar.log.appender" - value: "RoutingAppender" - - name: "pulsar.log.root.level" - value: "info" - - name: "pulsar.log.level" - value: "info" - - name: "pulsar.routing.appender.default" - value: "Console" - - # Example: logger-filter script - Scripts: - ScriptFile: - name: filter.js - language: JavaScript - path: ./conf/log4j2-scripts/filter.js - charset: UTF-8 - - Appenders: - - # Console - Console: - name: Console - target: SYSTEM_OUT - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - - # Rolling file appender configuration - RollingFile: - name: RollingFile - fileName: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}" - filePattern: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}-%d{MM-dd-yyyy}-%i.log.gz" - immediateFlush: false - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: 1 GB - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - Prometheus: - name: Prometheus - - # Routing - Routing: - name: RoutingAppender - Routes: - pattern: "$${ctx:function}" - Route: - - - Routing: - name: InstanceRoutingAppender - Routes: - pattern: "$${ctx:instance}" - Route: - - - RollingFile: - name: "Rolling-${ctx:function}" - fileName : "${sys:pulsar.log.dir}/functions/${ctx:function}/${ctx:functionname}-${ctx:instance}.log" - filePattern : "${sys:pulsar.log.dir}/functions/${sys:pulsar.log.file}-${ctx:instance}-%d{MM-dd-yyyy}-%i.log.gz" - PatternLayout: - Pattern: "%d{ABSOLUTE} %level{length=5} [%thread] [instance: %X{instance}] %logger{1} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: "20MB" - # Trigger every day at midnight that also scan - # roll-over strategy that deletes older file - CronTriggeringPolicy: - schedule: "0 0 0 * * ?" - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - Loggers: - - # Default root logger configuration - Root: - level: "${sys:pulsar.log.root.level}" - additivity: true - AppenderRef: - - ref: "${sys:pulsar.log.appender}" - level: "${sys:pulsar.log.level}" - - ref: Prometheus - level: info - - Logger: - - name: org.apache.bookkeeper.bookie.BookieShell - level: info - additivity: false - AppenderRef: - - ref: Console - - - name: verbose - level: info - additivity: false - AppenderRef: - - ref: Console - - # Logger to inject filter script -# - name: org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl -# level: debug -# additivity: false -# AppenderRef: -# ref: "${sys:pulsar.log.appender}" -# ScriptFilter: -# onMatch: ACCEPT -# onMisMatch: DENY -# ScriptRef: -# ref: filter.js diff --git a/charts/pulsar/conf/zookeeper/log4j2.yaml b/charts/pulsar/conf/zookeeper/log4j2.yaml deleted file mode 100644 index 34826740c..000000000 --- a/charts/pulsar/conf/zookeeper/log4j2.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -Configuration: - status: INFO - monitorInterval: 30 - name: pulsar - packages: io.prometheus.client.log4j2 - - Properties: - Property: - - name: "pulsar.log.dir" - value: "logs" - - name: "pulsar.log.file" - value: "pulsar.log" - - name: "pulsar.log.appender" - value: "RoutingAppender" - - name: "pulsar.log.root.level" - value: "info" - - name: "pulsar.log.level" - value: "info" - - name: "pulsar.routing.appender.default" - value: "Console" - - # Example: logger-filter script - Scripts: - ScriptFile: - name: filter.js - language: JavaScript - path: ./conf/log4j2-scripts/filter.js - charset: UTF-8 - - Appenders: - - # Console - Console: - name: Console - target: SYSTEM_OUT - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - - # Rolling file appender configuration - RollingFile: - name: RollingFile - fileName: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}" - filePattern: "${sys:pulsar.log.dir}/${sys:pulsar.log.file}-%d{MM-dd-yyyy}-%i.log.gz" - immediateFlush: false - PatternLayout: - Pattern: "%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: 1 GB - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - Prometheus: - name: Prometheus - - # Routing - Routing: - name: RoutingAppender - Routes: - pattern: "$${ctx:function}" - Route: - - - Routing: - name: InstanceRoutingAppender - Routes: - pattern: "$${ctx:instance}" - Route: - - - RollingFile: - name: "Rolling-${ctx:function}" - fileName : "${sys:pulsar.log.dir}/functions/${ctx:function}/${ctx:functionname}-${ctx:instance}.log" - filePattern : "${sys:pulsar.log.dir}/functions/${sys:pulsar.log.file}-${ctx:instance}-%d{MM-dd-yyyy}-%i.log.gz" - PatternLayout: - Pattern: "%d{ABSOLUTE} %level{length=5} [%thread] [instance: %X{instance}] %logger{1} - %msg%n" - Policies: - TimeBasedTriggeringPolicy: - interval: 1 - modulate: true - SizeBasedTriggeringPolicy: - size: "20MB" - # Trigger every day at midnight that also scan - # roll-over strategy that deletes older file - CronTriggeringPolicy: - schedule: "0 0 0 * * ?" - # Delete file older than 30days - DefaultRolloverStrategy: - Delete: - basePath: ${sys:pulsar.log.dir} - maxDepth: 2 - IfFileName: - glob: "*/${sys:pulsar.log.file}*log.gz" - IfLastModified: - age: 30d - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - ref: "${sys:pulsar.routing.appender.default}" - key: "${ctx:function}" - - Loggers: - - # Default root logger configuration - Root: - level: "${sys:pulsar.log.root.level}" - additivity: true - AppenderRef: - - ref: "${sys:pulsar.log.appender}" - level: "${sys:pulsar.log.level}" - - ref: Prometheus - level: info - - Logger: - - name: org.apache.bookkeeper.bookie.BookieShell - level: info - additivity: false - AppenderRef: - - ref: Console - - - name: verbose - level: info - additivity: false - AppenderRef: - - ref: Console - - # Logger to inject filter script -# - name: org.apache.bookkeeper.mledger.impl.ManagedLedgerImpl -# level: debug -# additivity: false -# AppenderRef: -# ref: "${sys:pulsar.log.appender}" -# ScriptFilter: -# onMatch: ACCEPT -# onMisMatch: DENY -# ScriptRef: -# ref: filter.js diff --git a/charts/pulsar/requirements.yaml b/charts/pulsar/requirements.yaml deleted file mode 100644 index 8a858bfa7..000000000 --- a/charts/pulsar/requirements.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -dependencies: -- name: loki-stack - version: 0.36.1 - repository: https://grafana.github.io/helm-charts - condition: monitoring.loki -- name: superset - version: 0.1.1 - repository: https://apache.github.io/superset - condition: components.superset diff --git a/charts/pulsar/templates/_helpers.tpl b/charts/pulsar/templates/_helpers.tpl deleted file mode 100644 index 8ff132774..000000000 --- a/charts/pulsar/templates/_helpers.tpl +++ /dev/null @@ -1,101 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -pulsar home -*/}} -{{- define "pulsar.home" -}} -{{- if or (eq .Values.images.broker.repository "streamnative/platform") (eq .Values.images.broker.repository "streamnative/platform-all") }} -{{- print "/sn-platform" -}} -{{- else }} -{{- print "/pulsar" -}} -{{- end -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "pulsar.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand to the namespace pulsar installs into. -*/}} -{{- define "pulsar.namespace" -}} -{{- default .Release.Namespace .Values.namespace -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pulsar.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pulsar.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the common labels. -*/}} -{{- define "pulsar.standardLabels" -}} -app: {{ template "pulsar.name" . }} -chart: {{ template "pulsar.chart" . }} -release: {{ .Release.Name }} -heritage: {{ .Release.Service }} -cluster: {{ template "pulsar.fullname" . }} -{{- end }} - -{{/* -Create the template labels. -*/}} -{{- define "pulsar.template.labels" -}} -app: {{ template "pulsar.name" . }} -release: {{ .Release.Name }} -cluster: {{ template "pulsar.fullname" . }} -{{- end }} - -{{/* -Create the match labels. -*/}} -{{- define "pulsar.matchLabels" -}} -app: {{ template "pulsar.name" . }} -release: {{ .Release.Name }} -{{- end }} - -{{/* -Pulsar Cluster Name. -*/}} -{{- define "pulsar.cluster" -}} -{{- if .Values.pulsar_metadata.clusterName }} -{{- .Values.pulsar_metadata.clusterName }} -{{- else }} -{{- template "pulsar.fullname" . }} -{{- end }} -{{- end }} - -{{/* -Define TLS CA secret name -*/}} -{{- define "pulsar.tls.ca.secret.name" -}} -{{- if .Values.tls.common.caSecretName -}} -{{- .Values.tls.common.caSecretName -}} -{{- else -}} -{{ .Release.Name }}-ca-tls -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/alert-manager/alertmanager-configmap.yaml b/charts/pulsar/templates/alert-manager/alertmanager-configmap.yaml deleted file mode 100644 index 1d36d291c..000000000 --- a/charts/pulsar/templates/alert-manager/alertmanager-configmap.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.alert_manager }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.alert_manager.component }} -data: - # For more configuration about the alert manager, please refer to https://prometheus.io/docs/alerting/configuration/ - alertmanager.yml: | -{{- with .Values.alert_manager.config }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/alert-manager/alertmanager-service.yaml b/charts/pulsar/templates/alert-manager/alertmanager-service.yaml deleted file mode 100644 index 1a94ef31a..000000000 --- a/charts/pulsar/templates/alert-manager/alertmanager-service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.alert_manager }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.alert_manager.component }} - annotations: - {{ toYaml .Values.alert_manager.service.annotations | indent 4 }} -spec: -{{- if .Values.alert_manager.service.spec }} -{{- with .Values.alert_manager.service.spec }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- else }} - clusterIP: None -{{- end}} - ports: - - name: server - port: {{ .Values.alert_manager.port }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.alert_manager.component }} -{{- end }} diff --git a/charts/pulsar/templates/alert-manager/alertmanager-statefulset.yaml b/charts/pulsar/templates/alert-manager/alertmanager-statefulset.yaml deleted file mode 100644 index 0344e8e51..000000000 --- a/charts/pulsar/templates/alert-manager/alertmanager-statefulset.yaml +++ /dev/null @@ -1,116 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.alert_manager }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.alert_manager.component }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}" - replicas: {{ .Values.alert_manager.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.alert_manager.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.alert_manager.component }} - annotations: -{{- with .Values.alert_manager.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.alert_manager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.alert_manager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.alert_manager.tolerations }} - tolerations: -{{ toYaml .Values.alert_manager.tolerations | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.alert_manager.gracePeriod }} - containers: - {{- if .Values.configmapReload.alertmanager.enabled }} - - name: {{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}-{{ .Values.configmapReload.alertmanager.name }} - image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:{{ .Values.alert_manager.port }}{{ template "pulsar.control_center_path.alertmanager" . }}/-/reload - resources: -{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- end }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}" - image: "{{ .Values.images.alert_manager.repository }}:{{ .Values.images.alert_manager.tag }}" - imagePullPolicy: {{ .Values.images.alert_manager.pullPolicy }} - {{- if .Values.alert_manager.resources }} - resources: -{{ toYaml .Values.alert_manager.resources | indent 10 }} - {{- end }} - env: - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - args: - - --config.file=/etc/config/alertmanager.yml - - --cluster.advertise-address=$(POD_IP):6783 - - --storage.path=/alertmanager - {{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.alertmanager }} - - --web.external-url={{ template "pulsar.control_center_url" . }}{{ template "pulsar.control_center_path.alertmanager" . }}/ - {{- end }} - ports: - - name: server - containerPort: {{ .Values.alert_manager.port }} - {{- if .Values.alert_manager.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: {{ template "pulsar.control_center_path.alertmanager" . }}/-/ready - port: {{ .Values.alert_manager.port }} - initialDelaySeconds: {{ .Values.alert_manager.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.alert_manager.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.alert_manager.probe.readiness.failureThreshold }} - {{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - volumes: - - name: config-volume - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}" -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/_autorecovery.tpl b/charts/pulsar/templates/bookkeeper/_autorecovery.tpl deleted file mode 100644 index 2e40df1bb..000000000 --- a/charts/pulsar/templates/bookkeeper/_autorecovery.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -Define the pulsar autorecovery service -*/}} -{{- define "pulsar.autorecovery.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }} -{{- end }} - -{{/* -Define the autorecovery hostname -*/}} -{{- define "pulsar.autorecovery.hostname" -}} -${HOSTNAME}.{{ template "pulsar.autorecovery.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end -}} - -{{/* -Define autorecovery zookeeper client tls settings -*/}} -{{- define "pulsar.autorecovery.zookeeper.tls.settings" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -/pulsar/keytool/keytool.sh autorecovery {{ template "pulsar.autorecovery.hostname" . }} true; -{{- end }} -{{- end }} - -{{/* -Define autorecovery tls certs mounts -*/}} -{{- define "pulsar.autorecovery.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -- name: autorecovery-certs - mountPath: "/pulsar/certs/autorecovery" - readOnly: true -- name: ca - mountPath: "/pulsar/certs/ca" - readOnly: true -{{- if .Values.tls.zookeeper.enabled }} -- name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define autorecovery tls certs volumes -*/}} -{{- define "pulsar.autorecovery.certs.volumes" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -- name: autorecovery-certs - secret: - secretName: "{{ template "pulsar.autorecovery.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -{{- if .Values.tls.zookeeper.enabled }} -- name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define autorecovery init container : verify cluster id -*/}} -{{- define "pulsar.autorecovery.init.verify_cluster_id" -}} -bin/apply-config-from-env.py conf/bookkeeper.conf; -{{- include "pulsar.autorecovery.zookeeper.tls.settings" . -}} -until bin/bookkeeper shell whatisinstanceid; do - sleep 3; -done; -{{- end }} - -{{/* -Define autorecovery log mounts -*/}} -{{- define "pulsar.autorecovery.log.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}-log4j2" - mountPath: "{{ template "pulsar.home" . }}/conf/log4j2.yaml" - subPath: log4j2.yaml -{{- end }} - -{{/* -Define autorecovery log volumes -*/}} -{{- define "pulsar.autorecovery.log.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}-log4j2" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" -{{- end }} - -{{/* -Define Autorecovery TLS certificate secret name -*/}} -{{- define "pulsar.autorecovery.tls.secret.name" -}} -{{- if .Values.tls.autorecovery.certSecretName -}} -{{- .Values.tls.autorecovery.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/bookkeeper/_bookkeeper.tpl b/charts/pulsar/templates/bookkeeper/_bookkeeper.tpl deleted file mode 100644 index 223e04dfd..000000000 --- a/charts/pulsar/templates/bookkeeper/_bookkeeper.tpl +++ /dev/null @@ -1,239 +0,0 @@ -{{/* -Define the pulsar bookkeeper service -*/}} -{{- define "pulsar.bookkeeper.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} -{{- end }} - -{{/* -Define the bookkeeper hostname -*/}} -{{- define "pulsar.bookkeeper.hostname" -}} -${HOSTNAME}.{{ template "pulsar.bookkeeper.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end -}} - - -{{/* -Define bookie zookeeper client tls settings -*/}} -{{- define "pulsar.bookkeeper.zookeeper.tls.settings" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -/pulsar/keytool/keytool.sh bookie {{ template "pulsar.bookkeeper.hostname" . }} true; -{{- end }} -{{- end }} - -{{- define "pulsar.bookkeeper.journal.pvc.name" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }} -{{- end }} - -{{- define "pulsar.bookkeeper.ledgers.pvc.name" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }} -{{- end }} - -{{- define "pulsar.bookkeeper.journal.storage.class" -}} -{{- if and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage }} -storageClassName: "local-storage" -{{- else }} - {{- if .Values.bookkeeper.volumes.journal.storageClass }} -storageClassName: "{{ template "pulsar.bookkeeper.journal.pvc.name" . }}" - {{- else if .Values.bookkeeper.volumes.journal.storageClassName }} -storageClassName: "{{ .Values.bookkeeper.volumes.journal.storageClassName }}" - {{- end -}} -{{- end }} -{{- end }} - -{{- define "pulsar.bookkeeper.ledgers.storage.class" -}} -{{- if and .Values.volumes.local_storage .Values.bookkeeper.volumes.ledgers.local_storage }} -storageClassName: "local-storage" -{{- else }} - {{- if .Values.bookkeeper.volumes.ledgers.storageClass }} -storageClassName: "{{ template "pulsar.bookkeeper.ledgers.pvc.name" . }}" - {{- else if .Values.bookkeeper.volumes.ledgers.storageClassName }} -storageClassName: "{{ .Values.bookkeeper.volumes.ledgers.storageClassName }}" - {{- end -}} -{{- end }} -{{- end }} - -{{/* -Define bookie tls certs mounts -*/}} -{{- define "pulsar.bookkeeper.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }} -- name: bookie-certs - mountPath: "/pulsar/certs/bookie" - readOnly: true -- name: ca - mountPath: "/pulsar/certs/ca" - readOnly: true -{{- if .Values.tls.zookeeper.enabled }} -- name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define bookie tls certs volumes -*/}} -{{- define "pulsar.bookkeeper.certs.volumes" -}} -{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }} -- name: bookie-certs - secret: - secretName: "{{ template "pulsar.bookkeeper.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -{{- if .Values.tls.zookeeper.enabled }} -- name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define bookie common config -*/}} -{{- define "pulsar.bookkeeper.config.common" -}} -zkServers: "{{ template "pulsar.zookeeper.connect" . }}" -zkLedgersRootPath: "{{ .Values.metadataPrefix }}/ledgers" -# enable bookkeeper http server -httpServerEnabled: "true" -httpServerPort: "{{ .Values.bookkeeper.ports.http }}" -# config the stats provider -statsProviderClass: org.apache.bookkeeper.stats.prometheus.PrometheusMetricsProvider -# use hostname as the bookie id -useHostNameAsBookieID: "true" -{{- end }} - -{{/* -Define bookie tls config -*/}} -{{- define "pulsar.bookkeeper.config.tls" -}} -{{- if and .Values.tls.enabled .Values.tls.bookie.enabled }} -PULSAR_PREFIX_tlsProviderFactoryClass: org.apache.bookkeeper.tls.TLSContextFactory -PULSAR_PREFIX_tlsCertificatePath: /pulsar/certs/bookie/tls.crt -PULSAR_PREFIX_tlsKeyStoreType: PEM -PULSAR_PREFIX_tlsKeyStore: /pulsar/certs/bookie/tls.key -PULSAR_PREFIX_tlsTrustStoreType: PEM -PULSAR_PREFIX_tlsTrustStore: /pulsar/certs/ca/ca.crt -{{- end }} -{{- end }} - -{{/* -Define bookie init container : verify cluster id -*/}} -{{- define "pulsar.bookkeeper.init.verify_cluster_id" -}} -{{- if not (and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence) }} -bin/apply-config-from-env.py conf/bookkeeper.conf; -{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}} -until bin/bookkeeper shell whatisinstanceid; do - sleep 3; -done; -bin/bookkeeper shell bookieformat -nonInteractive -force -deleteCookie || true -{{- end }} -{{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence }} -set -e; -bin/apply-config-from-env.py conf/bookkeeper.conf; -{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}} -until bin/bookkeeper shell whatisinstanceid; do - sleep 3; -done; -{{- end }} -{{- end }} - -{{/* -Define bookkeeper log mounts -*/}} -{{- define "pulsar.bookkeeper.log.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-log4j2" - mountPath: "{{ template "pulsar.home" .}}/conf/log4j2.yaml" - subPath: log4j2.yaml -{{- end }} - -{{/* -Define bookkeeper log volumes -*/}} -{{- define "pulsar.bookkeeper.log.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-log4j2" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" -{{- end }} - -{{/*Define bookkeeper datadog annotation*/}} -{{- define "pulsar.bookkeeper.datadog.annotation" -}} -{{- if .Values.datadog.components.bookkeeper.enabled }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.check_names: | - ["openmetrics"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.bookkeeper.ports.http }}/metrics", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.bookkeeper.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, - "type_overrides": { - "jvm_memory_bytes_used": "gauge", - "jvm_memory_bytes_committed": "gauge", - "jvm_memory_bytes_max": "gauge", - "jvm_memory_bytes_init": "gauge", - "jvm_memory_pool_bytes_used": "gauge", - "jvm_memory_pool_bytes_committed": "gauge", - "jvm_memory_pool_bytes_max": "gauge", - "jvm_memory_pool_bytes_init": "gauge", - "jvm_memory_direct_bytes_used": "gauge", - "jvm_threads_current": "gauge", - "jvm_threads_daemon": "gauge", - "jvm_threads_peak": "gauge", - "jvm_threads_started_total": "gauge", - "jvm_threads_deadlocked": "gauge", - "jvm_threads_deadlocked_monitor": "gauge", - "jvm_gc_collection_seconds_count": "gauge", - "jvm_gc_collection_seconds_sum": "gauge", - "jvm_memory_direct_bytes_max": "gauge" - }, - "tags": [ - "pulsar-bookie: {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - ] - } - ] -{{- end }} -{{- end }} - -{{/*Define bookkeeper service account*/}} -{{- define "pulsar.bookkeeper.serviceAccount" -}} -{{- if .Values.bookkeeper.serviceAccount.create -}} - {{- if .Values.bookkeeper.serviceAccount.name -}} -{{ .Values.bookkeeper.serviceAccount.name }} - {{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-acct - {{- end -}} -{{- else -}} -{{ .Values.bookkeeper.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Define BookKeeper TLS certificate secret name -*/}} -{{- define "pulsar.bookkeeper.tls.secret.name" -}} -{{- if .Values.tls.bookie.certSecretName -}} -{{- .Values.tls.bookie.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-configmap.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-configmap.yaml deleted file mode 100644 index 337b420a6..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.autorecovery }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.autorecovery.component }} -data: - # common config - {{- include "pulsar.bookkeeper.config.common" . | nindent 2 }} -{{ toYaml .Values.autorecovery.configData | indent 2 }} -{{ (.Files.Glob "conf/autorecovery/log4j2.yaml").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-service.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-service.yaml deleted file mode 100644 index 928b6309b..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.autorecovery }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.autorecovery.component }} -spec: - ports: - - name: http - port: {{ .Values.autorecovery.ports.http }} - clusterIP: None - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.autorecovery.component }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-statefulset.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-statefulset.yaml deleted file mode 100644 index 8e201de17..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-autorecovery-statefulset.yaml +++ /dev/null @@ -1,175 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.autorecovery }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.autorecovery.component }} -{{- with .Values.autorecovery.statefulset.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.autorecovery.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - replicas: {{ .Values.autorecovery.replicaCount }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - # nodeSelector: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.autorecovery.component }} - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.autorecovery.component }} -{{- with .Values.autorecovery.labels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.autorecovery.ports.http }}" - {{- if .Values.autorecovery.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/bookkeeper/bookkeeper-autorecovery-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.autorecovery.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: -{{- with .Values.autorecovery.securityContext }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.autorecovery.nodeSelector }} - nodeSelector: -{{ toYaml .Values.autorecovery.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.autorecovery.tolerations }} - tolerations: -{{- with .Values.autorecovery.tolerations }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- end }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.autorecovery.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.autorecovery.affinity.type }}: - {{ if eq .Values.autorecovery.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.autorecovery.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.autorecovery.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.autorecovery.gracePeriod }} - initContainers: - # This initContainer will wait for bookkeeper initnewcluster to complete - # before deploying the bookies - - name: pulsar-bookkeeper-verify-clusterid - image: "{{ .Values.images.autorecovery.repository }}:{{ .Values.images.autorecovery.tag }}" - imagePullPolicy: {{ .Values.images.autorecovery.pullPolicy }} - command: ["sh", "-c"] - args: - - > - {{- include "pulsar.autorecovery.init.verify_cluster_id" . | nindent 10 }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - volumeMounts: - {{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }} -{{- with .Values.common.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- with .Values.autorecovery.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - image: "{{ .Values.images.autorecovery.repository }}:{{ .Values.images.autorecovery.tag }}" - imagePullPolicy: {{ .Values.images.autorecovery.pullPolicy }} - {{- if .Values.autorecovery.resources }} - resources: -{{ toYaml .Values.autorecovery.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - bin/apply-config-from-env.py conf/bookkeeper.conf; - {{- include "pulsar.autorecovery.zookeeper.tls.settings" . | nindent 10 }} - bin/bookkeeper autorecovery - ports: - - name: http - containerPort: {{ .Values.autorecovery.ports.http }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - env: -{{- with .Values.autorecovery.extraEnv }} -{{ toYaml . | indent 8 }} -{{- end }} - volumeMounts: - {{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }} - {{- include "pulsar.autorecovery.log.volumeMounts" . | nindent 8 }} - volumes: - {{- include "pulsar.autorecovery.certs.volumes" . | nindent 6 }} - {{- include "pulsar.autorecovery.log.volumes" . | nindent 6 }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-cluster-initialize.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-cluster-initialize.yaml deleted file mode 100644 index 2f3cbfd5f..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-cluster-initialize.yaml +++ /dev/null @@ -1,108 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.initialize }} -{{- if .Values.components.bookkeeper }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: "{{ .Values.bookkeeper.component }}-init" -spec: - template: - spec: - initContainers: - - name: wait-zookeeper-ready - image: "{{ .Values.images.bookie.repository }}:{{ .Values.images.bookie.tag }}" - imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} - command: ["sh", "-c"] - args: - - >- - {{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }} - until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do - echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3; - done; - {{ else }} - until nslookup {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ add (.Values.zookeeper.replicaCount | int) -1 }}.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}; do - sleep 3; - done; - {{- end}} - {{- if .Values.zookeeper.customTools.restore.enable }} - - name: pulsar-metadata-cleanup - image: "{{ .Values.zookeeper.customTools.restore.repository }}:{{ .Values.zookeeper.customTools.restore.tag }}" - imagePullPolicy: "{{ .Values.zookeeper.customTools.restore.pullPolicy }}" - command: ["sh", "-c"] - args: - - > - {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }} - {{ if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - export "$(cat conf/pulsar_env.sh | xargs)"; - export OPTS="${PULSAR_EXTRA_OPTS} ${EXTRA_OPTS}"; - env; - {{- end }} - bin/pulsar-metadata-tool cleanup - env: - - name: METADATA_TOOL_CONF - value: "/pulsar-metadata-tool/conf/pulsar-metadata-tool/pulsar-metadata-tool.properties" - - name: EXTRA_OPTS - value: {{ .Values.zookeeper.customTools.restore.configData.OPTS }} - volumeMounts: - - name: cleanup-config - mountPath: /pulsar-metadata-tool/conf/pulsar-metadata-tool - {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 10 }} - {{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" - image: "{{ .Values.images.bookie.repository }}:{{ .Values.images.bookie.tag }}" - imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} - {{- if .Values.bookkeeper.metadata.resources }} - resources: -{{ toYaml .Values.bookkeeper.metadata.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - bin/apply-config-from-env.py conf/bookkeeper.conf; - {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }} - if bin/bookkeeper shell whatisinstanceid; then - echo "bookkeeper cluster already initialized"; - else - {{- if not (eq .Values.metadataPrefix "") }} - bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} create {{ .Values.metadataPrefix }} 'created for pulsar cluster "{{ template "pulsar.fullname" . }}"' || yes && - {{- end }} - bin/bookkeeper shell initnewcluster; - fi - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - volumeMounts: - {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} - volumes: - {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} - {{- if .Values.zookeeper.customTools.restore.enable }} - - name: cleanup-config - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}" - {{- end }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-cluster-role-binding.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-cluster-role-binding.yaml deleted file mode 100644 index fa8bb3aa6..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-cluster-role-binding.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.bookkeeper.serviceAccount.clusterRole }} -{{- if and .Values.components.bookkeeper .Values.bookkeeper.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-clusterrolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-clusterrole" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.bookkeeper.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-clusterrole" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - persistentvolumeclaims - - persistentvolumes - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - pods - verbs: - - list - - get ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-configmap.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-configmap.yaml deleted file mode 100644 index f79243c6d..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-configmap.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.bookkeeper }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} -data: - # common config - {{- include "pulsar.bookkeeper.config.common" . | nindent 2 }} - {{- if .Values.components.autorecovery }} - # disable auto recovery on bookies since we will start AutoRecovery in separated pods - autoRecoveryDaemonEnabled: "false" - {{- end }} - {{- if and .Values.components.functions .Values.functions.functionState }} - extraServerComponents: org.apache.bookkeeper.stream.server.StreamStorageLifecycleComponent - {{- end }} - # Do not retain journal files as it increase the disk utilization - journalMaxBackups: "0" - journalDirectories: "/pulsar/data/bookkeeper/journal" - PULSAR_PREFIX_journalDirectories: "/pulsar/data/bookkeeper/journal" - ledgerDirectories: "/pulsar/data/bookkeeper/ledgers" - # TLS config - {{- include "pulsar.bookkeeper.config.tls" . | nindent 2 }} -{{ toYaml .Values.bookkeeper.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ (.Files.Glob "conf/bookie/log4j2.yaml").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-pdb.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-pdb.yaml deleted file mode 100644 index 74e15039c..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-pdb.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.bookkeeper }} -{{- if .Values.bookkeeper.pdb.usePolicy }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.bookkeeper.component }} - maxUnavailable: {{ .Values.bookkeeper.pdb.maxUnavailable }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-role-binding.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-role-binding.yaml deleted file mode 100644 index bc382abd8..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-role-binding.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if not .Values.bookkeeper.serviceAccount.clusterRole }} -{{- if and .Values.components.bookkeeper .Values.bookkeeper.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-clusterrolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-clusterrole" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.bookkeeper.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-clusterrole" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - persistentvolumeclaims - - persistentvolumes - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - pods - verbs: - - list - - get ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-service-account.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-service-account.yaml deleted file mode 100644 index 55ac43e9c..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-service-account.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.bookkeeper .Values.bookkeeper.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.bookkeeper.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} - annotations: -{{- with .Values.bookkeeper.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-service.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-service.yaml deleted file mode 100644 index 77eafb503..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.bookkeeper }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} - annotations: -{{ toYaml .Values.bookkeeper.service.annotations | indent 4 }} -spec: - ports: - - name: bookie - port: {{ .Values.bookkeeper.ports.bookie }} - - name: http - port: {{ .Values.bookkeeper.ports.http }} -{{- if and .Values.components.functions .Values.functions.functionState }} - - name: state - port: {{ .Values.bookkeeper.ports.streamStorage }} -{{- end }} - clusterIP: None - selector: - {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} - # bookkeeper uses statefulset for getting stable bookie identifier. - # it is okay to publish endpoints that are not ready because bookkeeper client - # already has the ability to handle bookie failures. - publishNotReadyAddresses: true -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-statefulset.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-statefulset.yaml deleted file mode 100644 index eecadb6cc..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-statefulset.yaml +++ /dev/null @@ -1,263 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.bookkeeper }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} -{{- with .Values.bookkeeper.statefulset.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.bookkeeper.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - replicas: {{ .Values.bookkeeper.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.bookkeeper.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.bookkeeper.component }} -{{- with .Values.bookkeeper.labels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - {{- if .Values.monitoring.datadog }} - {{- include "pulsar.bookkeeper.datadog.annotation" . | nindent 8 }} - {{- end }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.bookkeeper.ports.http }}" - {{- if .Values.bookkeeper.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/bookkeeper/bookkeeper-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.bookkeeper.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: -{{- with .Values.bookkeeper.securityContext }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.bookkeeper.serviceAccount.use }} - serviceAccountName: {{ template "pulsar.bookkeeper.serviceAccount" . }} - {{- end }} - {{- if .Values.bookkeeper.nodeSelector }} - nodeSelector: -{{ toYaml .Values.bookkeeper.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.bookkeeper.tolerations }} - tolerations: -{{ toYaml .Values.bookkeeper.tolerations | indent 8 }} - {{- end }} - {{- if and .Values.affinity.anti_affinity .Values.bookkeeper.custom_affinity}} - affinity: -{{ toYaml .Values.bookkeeper.custom_affinity | indent 8 }} - {{ else }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.bookkeeper.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.bookkeeper.affinity.type }}: - {{ if eq .Values.bookkeeper.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.bookkeeper.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.bookkeeper.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.bookkeeper.gracePeriod }} - initContainers: - # This initContainer will wait for bookkeeper initnewcluster to complete - # before deploying the bookies - - name: pulsar-bookkeeper-verify-clusterid - image: "{{ .Values.images.bookie.repository }}:{{ .Values.images.bookie.tag }}" - imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} - command: ["sh", "-c"] - args: - # only reformat bookie if bookkeeper is running without persistence - - > - {{- include "pulsar.bookkeeper.init.verify_cluster_id" . | nindent 10 }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - volumeMounts: - {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }} -{{- with .Values.common.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- with .Values.bookkeeper.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - image: "{{ .Values.images.bookie.repository }}:{{ .Values.images.bookie.tag }}" - imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} - {{- if .Values.bookkeeper.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/v1/bookie/state - port: {{ .Values.bookkeeper.ports.http }} - initialDelaySeconds: {{ .Values.bookkeeper.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.bookkeeper.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.bookkeeper.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.bookkeeper.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: /api/v1/bookie/is_ready - port: {{ .Values.bookkeeper.ports.http }} - initialDelaySeconds: {{ .Values.bookkeeper.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.bookkeeper.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.bookkeeper.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.bookkeeper.probe.startup.enabled }} - startupProbe: - httpGet: - path: /api/v1/bookie/is_ready - port: {{ .Values.bookkeeper.ports.http }} - initialDelaySeconds: {{ .Values.bookkeeper.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.bookkeeper.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.bookkeeper.probe.startup.failureThreshold }} - {{- end }} - {{- if .Values.bookkeeper.resources }} - resources: -{{ toYaml .Values.bookkeeper.resources | indent 10 }} - {{- end }} - command: ["bash", "-c"] - args: - - > - bin/apply-config-from-env.py conf/bookkeeper.conf; - {{- include "pulsar.bookkeeper.zookeeper.tls.settings" . | nindent 10 }} - {{- if eq .Values.images.bookie.repository "streamnative/sn-pulsar" }} - scripts/run-bookie.sh; - {{- else }} - bin/pulsar bookie; - {{- end }} - ports: - - name: bookie - containerPort: {{ .Values.bookkeeper.ports.bookie }} - - name: http - containerPort: {{ .Values.bookkeeper.ports.http }} -{{- if and .Values.components.functions .Values.functions.functionState }} - - name: state - containerPort: {{ .Values.bookkeeper.ports.streamStorage }} -{{- end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: VOLUME_NAME - value: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" - - name: BOOKIE_PORT - value: "{{ .Values.bookkeeper.ports.bookie }}" - {{- if .Values.bookkeeper.placementPolicy.rackAware }} - - name: BOOKIE_RACK_AWARE_ENABLED - value: "true" - {{- end }} - volumeMounts: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" - mountPath: /pulsar/data/bookkeeper/journal - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" - mountPath: /pulsar/data/bookkeeper/ledgers - {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }} - {{- include "pulsar.bookkeeper.log.volumeMounts" . | nindent 8 }} - volumes: - {{- if not (and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence) }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" - emptyDir: {} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" - emptyDir: {} - {{- end }} - {{- include "pulsar.bookkeeper.certs.volumes" . | nindent 6 }} - {{- include "pulsar.bookkeeper.log.volumes" . | nindent 6 }} -{{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence}} - volumeClaimTemplates: - - metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.bookkeeper.volumes.journal.size }} - {{- include "pulsar.bookkeeper.journal.storage.class" . | nindent 6 }} - - metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.bookkeeper.volumes.ledgers.size }} - {{- include "pulsar.bookkeeper.ledgers.storage.class" . | nindent 6 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/bookkeeper/bookkeeper-storageclass.yaml b/charts/pulsar/templates/bookkeeper/bookkeeper-storageclass.yaml deleted file mode 100644 index 29db2a032..000000000 --- a/charts/pulsar/templates/bookkeeper/bookkeeper-storageclass.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.bookkeeper }} -{{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence }} -{{- if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage)) .Values.bookkeeper.volumes.journal.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} -provisioner: {{ .Values.bookkeeper.volumes.journal.storageClass.provisioner }} -{{- if .Values.bookkeeper.volumes.journal.storageClass.volumeBindingMode }} -volumeBindingMode: {{ .Values.bookkeeper.volumes.journal.storageClass.volumeBindingMode }} -{{- end }} -{{- if .Values.bookkeeper.volumes.journal.storageClass.reclaimPolicy }} -reclaimPolicy: {{ .Values.bookkeeper.volumes.journal.storageClass.reclaimPolicy }} -{{- end }} -{{- if .Values.bookkeeper.volumes.journal.storageClass.allowVolumeExpansion }} -allowVolumeExpansion: {{ .Values.bookkeeper.volumes.journal.storageClass.allowVolumeExpansion }} -{{- end }} -{{- if .Values.bookkeeper.volumes.journal.storageClass.mountOptions }} -mountOptions: -{{- with .Values.bookkeeper.volumes.journal.storageClass.mountOptions }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -{{- if .Values.bookkeeper.volumes.journal.storageClass.allowedTopologies }} -allowedTopologies: -{{- with .Values.bookkeeper.volumes.journal.storageClass.allowedTopologies }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -parameters: - type: {{ .Values.bookkeeper.volumes.journal.storageClass.type }} - fsType: {{ .Values.bookkeeper.volumes.journal.storageClass.fsType }} -{{- with .Values.bookkeeper.volumes.journal.storageClass.extraParameters }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} ---- - -{{- if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage)) .Values.bookkeeper.volumes.ledgers.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.bookkeeper.component }} -provisioner: {{ .Values.bookkeeper.volumes.ledgers.storageClass.provisioner }} -{{- if .Values.bookkeeper.volumes.ledgers.storageClass.volumeBindingMode }} -volumeBindingMode: {{ .Values.bookkeeper.volumes.ledgers.storageClass.volumeBindingMode }} -{{- end }} -{{- if .Values.bookkeeper.volumes.ledgers.storageClass.reclaimPolicy }} -reclaimPolicy: {{ .Values.bookkeeper.volumes.ledgers.storageClass.reclaimPolicy }} -{{- end }} -{{- if .Values.bookkeeper.volumes.ledgers.storageClass.allowVolumeExpansion }} -allowVolumeExpansion: {{ .Values.bookkeeper.volumes.ledgers.storageClass.allowVolumeExpansion }} -{{- end }} -{{- if .Values.bookkeeper.volumes.ledgers.storageClass.mountOptions }} -mountOptions: -{{- with .Values.bookkeeper.volumes.ledgers.storageClass.mountOptions }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -{{- if .Values.bookkeeper.volumes.ledgers.storageClass.allowedTopologies }} -allowedTopologies: -{{- with .Values.bookkeeper.volumes.ledgers.storageClass.allowedTopologies }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -parameters: - type: {{ .Values.bookkeeper.volumes.ledgers.storageClass.type }} - fsType: {{ .Values.bookkeeper.volumes.ledgers.storageClass.fsType }} -{{- with .Values.bookkeeper.volumes.ledgers.storageClass.extraParameters }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/_broker.tpl b/charts/pulsar/templates/broker/_broker.tpl deleted file mode 100644 index 880e01b8a..000000000 --- a/charts/pulsar/templates/broker/_broker.tpl +++ /dev/null @@ -1,587 +0,0 @@ -{{/* -Define the pulsar broker service -*/}} -{{- define "pulsar.broker.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} -{{- end }} - -{{/* -Define the pulsar broker full service name -*/}} -{{- define "pulsar.broker.service.fqn" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end }} - -{{/* -Define the service url -*/}} -{{- define "pulsar.broker.service.url" -}} -{{- if and .Values.tls.enabled .Values.tls.broker.enabled -}} -pulsar+ssl://{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.broker.ports.pulsarssl }} -{{- else -}} -pulsar://{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.broker.ports.pulsar }} -{{- end -}} -{{- end -}} - -{{/* -Define the web service url -*/}} -{{- define "pulsar.web.service.url" -}} -{{- if and .Values.tls.enabled .Values.tls.broker.enabled -}} -https://{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.broker.ports.https }} -{{- else -}} -http://{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.broker.ports.http }} -{{- end -}} -{{- end -}} - -{{/* -Define the hostname -*/}} -{{- define "pulsar.broker.hostname" -}} -${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end -}} - -{{/* -Define the broker znode prefix -*/}} -{{- define "pulsar.broker.znode.prefix" -}} -{{ .Values.metadataPrefix }}/loadbalance/brokers/ -{{- end }} - -{{/* -Define broker zookeeper client tls settings -NOTE: `BROKER_ADDRESS` should be set before using this template -*/}} -{{- define "pulsar.broker.zookeeper.tls.settings" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -/pulsar/keytool/keytool.sh broker ${BROKER_ADDRESS} true; -{{- end }} -{{- end }} - -{{/* -Define broker kop settings -*/}} -{{- define "pulsar.broker.kop.settings" -}} -{{- if .Values.components.kop }} -{{- if and .Values.tls.enabled .Values.tls.kop.enabled }} -export PULSAR_PREFIX_kafkaListeners="SSL://{{ template "pulsar.broker.hostname" . }}:{{ .Values.kop.ports.ssl }}"; -{{- else }} -export PULSAR_PREFIX_kafkaListeners="PLAINTEXT://{{ template "pulsar.broker.hostname" . }}:{{ .Values.kop.ports.plaintext }}"; -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define broker tls certs mounts -*/}} -{{- define "pulsar.broker.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }} -- name: broker-certs - mountPath: "/pulsar/certs/broker" - readOnly: true -- name: ca - mountPath: "/pulsar/certs/ca" - readOnly: true -{{- if or .Values.tls.zookeeper.enabled .Values.components.kop }} -- name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define broker tls certs volumes -*/}} -{{- define "pulsar.broker.certs.volumes" -}} -{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }} -- name: broker-certs - secret: - secretName: "{{ template "pulsar.broker.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -{{- if or .Values.tls.zookeeper.enabled .Values.components.kop }} -- name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define broker oauth2 mounts -*/}} -{{- define "pulsar.broker.oauth2.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "oauth2" }} -- mountPath: "/pulsar/oauth2" - name: broker-oauth2 - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define broker oauth2 volumes -*/}} -{{- define "pulsar.broker.oauth2.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "oauth2" }} -- name: broker-oauth2 - secret: - secretName: "{{ .Release.Name }}-oauth2-private-key" - items: - - key: auth.json - path: auth.json -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define broker token mounts -*/}} -{{- define "pulsar.broker.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- mountPath: "/pulsar/keys" - name: token-keys - readOnly: true -{{- end }} -- mountPath: "/pulsar/tokens" - name: broker-token - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define broker token volumes -*/}} -{{- define "pulsar.broker.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- name: token-keys - secret: - {{- if not .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-asymmetric-key" - {{- end}} - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-symmetric-key" - {{- end}} - items: - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - - key: SECRETKEY - path: token/secret.key - {{- else }} - - key: PUBLICKEY - path: token/public.key - - key: PRIVATEKEY - path: token/private.key - {{- end}} -{{- end }} -- name: broker-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.broker }}" - items: - - key: TOKEN - path: broker/token -{{- end }} -{{- end }} -{{- end }} - - -{{/* -Define broker log mounts -*/}} -{{- define "pulsar.broker.log.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-log4j2" - mountPath: "{{ template "pulsar.home" .}}/conf/log4j2.yaml" - subPath: log4j2.yaml -{{- end }} - -{{/* -Define broker log volumes -*/}} -{{- define "pulsar.broker.log.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-log4j2" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" -{{- end }} - -{{/* -Define function worker config volume mount -*/}} -{{- define "pulsar.function.worker.config.volumeMounts" -}} -{{- if .Values.components.functions }} -- name: "function-worker-config" - mountPath: "{{ template "pulsar.home" . }}/conf/functions_worker.yml" - subPath: functions_worker.yml -{{- end }} -{{- end }} - -{{/* -Define function worker config volume -*/}} -{{- define "pulsar.function.worker.config.volumes" -}} -{{- if .Values.components.functions }} -- name: "function-worker-config" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-configfile" -{{- end }} -{{- end }} - -{{/* -Define built-in connector config volume mount -*/}} -{{- define "pulsar.function.builtinconnectors.volumeMounts" -}} -{{- if .Values.functions.builtinConnectorConfigmap }} -- name: "builtin-connectors" - mountPath: "{{ template "pulsar.home" . }}/conf/connectors.yaml" - subPath: connectors.yaml -{{- end }} -{{- end }} - -{{/* -Define built-in connector config volume -*/}} -{{- define "pulsar.function.builtinconnectors.volumes" -}} -{{- if .Values.functions.builtinConnectorConfigmap }} -- name: "builtin-connectors" - configMap: - name: "{{ .Values.functions.builtinConnectorConfigmap }}" -{{- end }} -{{- end }} - -{{/*Define broker datadog annotation*/}} -{{- define "pulsar.broker.datadog.annotation" -}} -{{- if .Values.datadog.components.broker.enabled }} -{{- if eq (.Values.datadog.components.broker.checkType | default "openmetrics") "openmetrics" }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.check_names: | - ["openmetrics"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.broker.ports.http }}/metrics", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.broker.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, - "type_overrides": { - "pulsar_topics_count": "gauge", - "pulsar_rate_in": "gauge", - "pulsar_rate_out": "gauge", - "pulsar_subscriptions_count": "gauge", - "pulsar_producers_count": "gauge", - "pulsar_consumers_count": "gauge", - "pulsar_throughput_in": "gauge", - "pulsar_throughput_out": "gauge", - "pulsar_storage_size": "gauge", - "pulsar_msg_backlog": "gauge", - "pulsar_storage_backlog_size": "gauge", - "pulsar_storage_offloaded_size": "gauge", - "pulsar_storage_write_latency_le_0_5": "gauge", - "pulsar_storage_write_latency_le_1": "gauge", - "pulsar_storage_write_latency_le_5": "gauge", - "pulsar_storage_write_latency_le_10": "gauge", - "pulsar_storage_write_latency_le_20": "gauge", - "pulsar_storage_write_latency_le_50": "gauge", - "pulsar_storage_write_latency_le_100": "gauge", - "pulsar_storage_write_latency_le_200": "gauge", - "pulsar_storage_write_latency_le_1000": "gauge", - "pulsar_storage_write_latency_overflow": "gauge", - "pulsar_entry_size_le_128": "gauge", - "pulsar_entry_size_le_512": "gauge", - "pulsar_entry_size_le_1_kb": "gauge", - "pulsar_entry_size_le_2_kb": "gauge", - "pulsar_entry_size_le_4_kb": "gauge", - "pulsar_entry_size_le_16_kb": "gauge", - "pulsar_entry_size_le_100_kb": "gauge", - "pulsar_entry_size_le_1_mb": "gauge", - "pulsar_entry_size_le_overflow": "gauge", - "pulsar_subscription_back_log": "gauge", - "pulsar_subscription_back_log_no_delayed": "gauge", - "pulsar_subscription_delayed": "gauge", - "pulsar_subscription_msg_rate_redeliver": "gauge", - "pulsar_subscription_unacked_messages": "gauge", - "pulsar_subscription_blocked_on_unacked_messages": "gauge", - "pulsar_subscription_msg_rate_out": "gauge", - "pulsar_subscription_msg_throughput_out": "gauge", - "pulsar_in_bytes_total": "counter", - "pulsar_in_messages_total": "counter", - "pulsar_ml_cursor_nonContiguousDeletedMessagesRange": "gauge", - "topic_load_times": "counter", - "jvm_memory_bytes_used": "gauge", - "jvm_memory_bytes_committed": "gauge", - "jvm_memory_bytes_max": "gauge", - "jvm_memory_bytes_init": "gauge", - "jvm_memory_pool_bytes_used": "gauge", - "jvm_memory_pool_bytes_committed": "gauge", - "jvm_memory_pool_bytes_max": "gauge", - "jvm_memory_pool_bytes_init": "gauge", - "jvm_classes_loaded": "gauge", - "jvm_classes_loaded_total": "counter", - "jvm_classes_unloaded_total": "counter", - "jvm_buffer_pool_used_bytes": "gauge", - "jvm_buffer_pool_capacity_bytes": "gauge", - "jvm_buffer_pool_used_buffers": "gauge", - "jvm_threads_current": "gauge", - "jvm_threads_daemon": "gauge", - "jvm_threads_peak": "gauge", - "jvm_threads_started_total": "counter", - "jvm_threads_deadlocked": "gauge", - "jvm_threads_deadlocked_monitor": "gauge", - "jvm_gc_collection_seconds_count": "gauge", - "jvm_gc_collection_seconds_sum": "gauge", - "jvm_memory_direct_bytes_max": "gauge" - }, - "tags": [ - "pulsar-broker: {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - ] - } - ] -{{- else if eq (.Values.datadog.components.broker.checkType | default "openmetrics") "native" }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.check_names: | - ["pulsar"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.instances: | - [ - { - "openmetrics_endpoint": "http://%%host%%:{{ .Values.broker.ports.http }}/metrics", - "enable_health_service_check": true, - "timeout": 300, - "tags": [ - "pulsar-broker: {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - ] - } - ] -{{- else if eq (.Values.datadog.components.broker.checkType | default "openmetrics") "both" }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.check_names: | - ["openmetrics", "pulsar"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.init_configs: | - [{}, {}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.broker.ports.http }}/metrics", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.broker.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, - "type_overrides": { - "pulsar_topics_count": "gauge", - "pulsar_rate_in": "gauge", - "pulsar_rate_out": "gauge", - "pulsar_subscriptions_count": "gauge", - "pulsar_producers_count": "gauge", - "pulsar_consumers_count": "gauge", - "pulsar_throughput_in": "gauge", - "pulsar_throughput_out": "gauge", - "pulsar_storage_size": "gauge", - "pulsar_msg_backlog": "gauge", - "pulsar_storage_backlog_size": "gauge", - "pulsar_storage_offloaded_size": "gauge", - "pulsar_storage_write_latency_le_0_5": "gauge", - "pulsar_storage_write_latency_le_1": "gauge", - "pulsar_storage_write_latency_le_5": "gauge", - "pulsar_storage_write_latency_le_10": "gauge", - "pulsar_storage_write_latency_le_20": "gauge", - "pulsar_storage_write_latency_le_50": "gauge", - "pulsar_storage_write_latency_le_100": "gauge", - "pulsar_storage_write_latency_le_200": "gauge", - "pulsar_storage_write_latency_le_1000": "gauge", - "pulsar_storage_write_latency_overflow": "gauge", - "pulsar_entry_size_le_128": "gauge", - "pulsar_entry_size_le_512": "gauge", - "pulsar_entry_size_le_1_kb": "gauge", - "pulsar_entry_size_le_2_kb": "gauge", - "pulsar_entry_size_le_4_kb": "gauge", - "pulsar_entry_size_le_16_kb": "gauge", - "pulsar_entry_size_le_100_kb": "gauge", - "pulsar_entry_size_le_1_mb": "gauge", - "pulsar_entry_size_le_overflow": "gauge", - "pulsar_subscription_back_log": "gauge", - "pulsar_subscription_back_log_no_delayed": "gauge", - "pulsar_subscription_delayed": "gauge", - "pulsar_subscription_msg_rate_redeliver": "gauge", - "pulsar_subscription_unacked_messages": "gauge", - "pulsar_subscription_blocked_on_unacked_messages": "gauge", - "pulsar_subscription_msg_rate_out": "gauge", - "pulsar_subscription_msg_throughput_out": "gauge", - "pulsar_in_bytes_total": "counter", - "pulsar_in_messages_total": "counter", - "pulsar_ml_cursor_nonContiguousDeletedMessagesRange": "gauge", - "topic_load_times": "counter", - "jvm_memory_bytes_used": "gauge", - "jvm_memory_bytes_committed": "gauge", - "jvm_memory_bytes_max": "gauge", - "jvm_memory_bytes_init": "gauge", - "jvm_memory_pool_bytes_used": "gauge", - "jvm_memory_pool_bytes_committed": "gauge", - "jvm_memory_pool_bytes_max": "gauge", - "jvm_memory_pool_bytes_init": "gauge", - "jvm_classes_loaded": "gauge", - "jvm_classes_loaded_total": "counter", - "jvm_classes_unloaded_total": "counter", - "jvm_buffer_pool_used_bytes": "gauge", - "jvm_buffer_pool_capacity_bytes": "gauge", - "jvm_buffer_pool_used_buffers": "gauge", - "jvm_threads_current": "gauge", - "jvm_threads_daemon": "gauge", - "jvm_threads_peak": "gauge", - "jvm_threads_started_total": "counter", - "jvm_threads_deadlocked": "gauge", - "jvm_threads_deadlocked_monitor": "gauge", - "jvm_gc_collection_seconds_count": "gauge", - "jvm_gc_collection_seconds_sum": "gauge", - "jvm_memory_direct_bytes_max": "gauge" - }, - "tags": [ - "pulsar-broker: {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - ] - }, - { - "openmetrics_endpoint": "http://%%host%%:{{ .Values.broker.ports.http }}/metrics", - "enable_health_service_check": true, - "timeout": 300, - "tags": [ - "pulsar-broker: {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - ] - } - ] -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define custom runtime options mounts -*/}} -{{- define "pulsar.broker.runtime.volumeMounts" -}} -{{- if .Values.functions.enableCustomizerRuntime }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-runtime" - mountPath: "{{ template "pulsar.home" .}}/{{ .Values.functions.pulsarExtraClasspath }}" -{{- end }} -{{- end }} - -{{/* -Define broker runtime volumes -*/}} -{{- define "pulsar.broker.runtime.volumes" -}} -{{- if .Values.functions.enableCustomizerRuntime }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-runtime" - hostPath: - path: /proc -{{- end }} -{{- end }} - -{{/* -Define gcs offload options mounts -*/}} -{{- define "pulsar.broker.offload.volumeMounts" -}} -{{- if .Values.broker.offload.gcs.enabled }} -- name: gcs-offloader-service-acccount - mountPath: /pulsar/srvaccts - readOnly: true -{{- end }} -{{- end }} - -{{/* -Define gcs offload options mounts -*/}} -{{- define "pulsar.broker.offload.volumes" -}} -{{- if .Values.broker.offload.gcs.enabled }} -- name: gcs-offloader-service-acccount - secret: - secretName: "{{ .Release.Name }}-gcs-offloader-service-account" - items: - - key: gcs.json - path: gcs.json -{{- end }} -{{- end }} - -{{/* Define the filesystem offload config volumes*/}} -{{- define "pulsar.broker.offload.filesystem.config.volumes" }} -{{- if .Values.broker.offload.filesystem.enabled }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-ofc" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" -{{- end }} -{{- end }} - -{{/*Define the filesystem offload config volume mount*/}} -{{- define "pulsar.broker.offload.filesystem.config.volumeMounts" }} -{{- if .Values.broker.offload.filesystem.enabled }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-ofc" - mountPath: "{{ template "pulsar.home" .}}/conf/filesystem-config.yaml" - subPath: filesystem-config.yaml -{{- end }} -{{- end }} - -{{/*Define broker service account*/}} -{{- define "pulsar.broker.serviceAccount" -}} -{{- if .Values.broker.serviceAccount.create -}} - {{- if .Values.broker.serviceAccount.name -}} -{{ .Values.broker.serviceAccount.name }} - {{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct - {{- end -}} -{{- else -}} -{{ .Values.broker.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Define kop tls certs mounts -*/}} -{{- define "pulsar.kop.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled .Values.tls.kop.enabled }} -- name: kop-certs - mountPath: "/pulsar/certs/kop" - readOnly: true -{{- end }} -{{- end }} - -{{/* -Define kop tls certs volumes -*/}} -{{- define "pulsar.kop.certs.volumes" -}} -{{- if and .Values.tls.enabled .Values.tls.kop.enabled }} -- name: kop-certs - secret: - secretName: "{{ template "pulsar.proxy.tls.secret.name" . }}" - items: - - key: keystore.jks - path: keystore.jks - {{- if not .Values.certs.public_issuer.enabled }} - - key: truststore.jks - path: truststore.jks - {{- end }} -{{- end }} -{{- end }} - -{{/* -Define Broker TLS certificate secret name -*/}} -{{- define "pulsar.broker.tls.secret.name" -}} -{{- if .Values.tls.broker.certSecretName -}} -{{- .Values.tls.broker.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/broker/_functions.tpl b/charts/pulsar/templates/broker/_functions.tpl deleted file mode 100644 index e0ca615c2..000000000 --- a/charts/pulsar/templates/broker/_functions.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -The namespace to run functions -*/}} -{{- define "pulsar.functions.namespace" -}} -{{- if .Values.functions.jobNamespace }} -{{- .Values.functions.jobNamespace }} -{{- else }} -{{- template "pulsar.namespace" . }} -{{- end }} -{{- end }} - -{{/* -The pulsar root directory of functions image -*/}} -{{- define "pulsar.functions.pulsarRootDir" -}} -{{- if .Values.functions.pulsarRootDir }} -{{- .Values.functions.pulsarRootDir }} -{{- else }} -{{- template "pulsar.home" . }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/broker/broker-cluster-role-binding.yaml b/charts/pulsar/templates/broker/broker-cluster-role-binding.yaml deleted file mode 100644 index 269bb1949..000000000 --- a/charts/pulsar/templates/broker/broker-cluster-role-binding.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.broker.serviceAccount.clusterRole }} -{{- if and .Values.components.broker .Values.broker.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.broker.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch -{{- if and .Values.components.functions .Values.functions.functionMesh }} -- apiGroups: ["compute.functionmesh.io"] - resources: - - '*' - verbs: - - list - - watch - - get - - update - - create - - delete - - patch -{{- end }} ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-configmap.yaml b/charts/pulsar/templates/broker/broker-configmap.yaml deleted file mode 100644 index d2ed476ef..000000000 --- a/charts/pulsar/templates/broker/broker-configmap.yaml +++ /dev/null @@ -1,236 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.broker }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} -data: - # Metadata settings - zookeeperServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" - {{- if .Values.pulsar_metadata.configurationStore }} - configurationStoreServers: "{{ .Values.pulsar_metadata.configurationStore }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }}" - {{- end }} - {{- if not .Values.pulsar_metadata.configurationStore }} - configurationStoreServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" - {{- end }} - - # Broker settings - clusterName: "{{ template "pulsar.cluster" . }}" - exposeTopicLevelMetricsInPrometheus: "true" - numHttpServerThreads: "8" - zooKeeperSessionTimeoutMillis: "30000" - statusFilePath: "{{ template "pulsar.home" . }}/status" - - ## Offloading settings - {{- if .Values.broker.offload.enabled }} - offloadersDirectory: "{{ template "pulsar.home" . }}/offloaders" - managedLedgerOffloadDriver: {{ .Values.broker.offload.managedLedgerOffloadDriver }} - - {{- if .Values.broker.offload.gcs.enabled }} - # gcs - gcsManagedLedgerOffloadRegion: {{ .Values.broker.offload.gcs.gcsManagedLedgerOffloadRegion }} - gcsManagedLedgerOffloadBucket: {{ .Values.broker.offload.gcs.gcsManagedLedgerOffloadBucket }} - gcsManagedLedgerOffloadMaxBlockSizeInBytes: "{{ .Values.broker.offload.gcs.gcsManagedLedgerOffloadMaxBlockSizeInBytes }}" - gcsManagedLedgerOffloadReadBufferSizeInBytes: "{{ .Values.broker.offload.gcs.gcsManagedLedgerOffloadReadBufferSizeInBytes }}" - ## Authentication with GCS - gcsManagedLedgerOffloadServiceAccountKeyFile: "/pulsar/srvaccts/gcs.json" - {{- end }} - {{- if .Values.broker.offload.s3.enabled }} - # aws-s3 - s3ManagedLedgerOffloadRegion: {{ .Values.broker.offload.s3.s3ManagedLedgerOffloadRegion }} - s3ManagedLedgerOffloadBucket: {{ .Values.broker.offload.s3.s3ManagedLedgerOffloadBucket }} - s3ManagedLedgerOffloadServiceEndpoint: {{ .Values.broker.offload.s3.s3ManagedLedgerOffloadServiceEndpoint }} - s3ManagedLedgerOffloadMaxBlockSizeInBytes: "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadMaxBlockSizeInBytes }}" - s3ManagedLedgerOffloadReadBufferSizeInBytes: "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadReadBufferSizeInBytes }}" - {{- end }} - {{- end }} - - # Function Worker Settings - # function worker configuration - {{- if and .Values.components.functions (not .Values.functions.useDedicatedRunner) }} - functionsWorkerEnabled: "true" - {{- if .Values.functions.enableCustomizerRuntime }} - PULSAR_EXTRA_CLASSPATH: "{{ template "pulsar.home" .}}/{{ .Values.functions.pulsarExtraClasspath }}" - {{- end }} - {{- else }} - functionsWorkerEnabled: "false" - {{- end }} - - {{- if and .Values.components.functions .Values.functions.functionMesh }} - # enable package service for function mesh - enablePackagesManagement: "true" - packagesManagementStorageProvider: "{{ .Values.broker.packagesManagement.storageProvider }}" - packagesReplicas: "{{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }}" - packagesManagementLedgerRootPath: "{{ .Values.broker.packagesManagement.ledgerRootPath }}" - {{- end}} - - # prometheus needs to access /metrics endpoint - webServicePort: "{{ .Values.broker.ports.http }}" - {{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }} - brokerServicePort: "{{ .Values.broker.ports.pulsar }}" - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - {{- if .Values.tls.brokerClient.enabled }} - brokerServicePortTls: "{{ .Values.broker.ports.pulsarssl }}" - webServicePortTls: "{{ .Values.broker.ports.https }}" - # TLS Settings - tlsEnabled: "true" - tlsCertificateFilePath: "/pulsar/certs/broker/tls.crt" - tlsKeyFilePath: "/pulsar/certs/broker/tls.key" - tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - brokerClientTlsEnabled: "true" - brokerClientTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - {{- else }} - brokerServicePortTls: "{{ .Values.broker.ports.pulsarssl }}" - webServicePortTls: "{{ .Values.broker.ports.https }}" - # TLS Settings - tlsCertificateFilePath: "/pulsar/certs/broker/tls.crt" - tlsKeyFilePath: "/pulsar/certs/broker/tls.key" - tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - {{- end }} - {{- end }} - - # Authentication Settings - {{- if .Values.auth.authentication.enabled }} - authenticationEnabled: "true" - authenticateOriginalAuthData: "true" - {{- if .Values.auth.authorization.enabled }} - authorizationEnabled: "true" - superUserRoles: {{ .Values.auth.superUsers.broker }},{{ .Values.auth.superUsers.proxy }},{{ .Values.auth.superUsers.websocket }},{{ .Values.auth.superUsers.client }},{{ .Values.auth.superUsers.pulsar_manager }} - proxyRoles: {{ .Values.auth.superUsers.proxy }} - {{- end }} - {{- if and (eq .Values.auth.authentication.provider "jwt") (not .Values.auth.vault.enabled) }} - # token authentication configuration - authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken" - brokerClientAuthenticationParameters: "file:///pulsar/tokens/broker/token" - brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - tokenSecretKey: "file:///pulsar/keys/token/secret.key" - {{- else }} - tokenPublicKey: "file:///pulsar/keys/token/public.key" - {{- end }} - {{- end }} - {{- if (eq .Values.auth.authentication.provider "oauth2") }} - PULSAR_PREFIX_oauthIssuerUrl: {{ .Values.auth.authentication.oauth2.issuerUrl }} - PULSAR_PREFIX_oauthAudience: {{ .Values.auth.authentication.oauth2.audience }} - PULSAR_PREFIX_oauthSubjectClaim: {{ .Values.auth.authentication.oauth2.subjectClaim }} - PULSAR_PREFIX_oauthAdminScope: {{ .Values.auth.authentication.oauth2.adminScope }} - authenticationProviders: {{ .Values.auth.authentication.oauth2.authenticationProviders }} - brokerClientAuthenticationParameters: '{"privateKey":"file:///pulsar/oauth2/auth.json","issuerUrl":"{{ .Values.auth.authentication.oauth2.issuerUrlParam }}","audience":"{{ .Values.auth.authentication.oauth2.audienceParam }}","scope":"{{ .Values.auth.authentication.oauth2.adminScopeParam }}"}' - brokerClientAuthenticationPlugin: org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2 - {{- end }} - {{- end }} - - {{- if and .Values.tls.enabled .Values.tls.bookie.enabled }} - # bookkeeper tls settings - bookkeeperTLSClientAuthentication: "true" - bookkeeperTLSKeyFileType: "PEM" - bookkeeperTLSKeyFilePath: "/pulsar/certs/broker/tls.key" - bookkeeperTLSCertificateFilePath: "/pulsar/certs/broker/tls.crt" - bookkeeperTLSTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - bookkeeperTLSTrustCertTypes: "PEM" - PULSAR_PREFIX_bookkeeperTLSClientAuthentication: "true" - PULSAR_PREFIX_bookkeeperTLSKeyFileType: "PEM" - PULSAR_PREFIX_bookkeeperTLSKeyFilePath: "/pulsar/certs/broker/tls.key" - PULSAR_PREFIX_bookkeeperTLSCertificateFilePath: "/pulsar/certs/broker/tls.crt" - PULSAR_PREFIX_bookkeeperTLSTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - PULSAR_PREFIX_bookkeeperTLSTrustCertTypes: "PEM" - # https://github.com/apache/bookkeeper/pull/2300 - bookkeeperUseV2WireProtocol: "false" - {{- end }} - {{- if and .Values.components.mop .Values.components.kop }} - PULSAR_PREFIX_messagingProtocols: "mqtt,kafka" - {{- else }} - {{- if .Values.components.mop }} - PULSAR_PREFIX_messagingProtocols: "mqtt" - {{- if .Values.mop.tls_psk.enabled }} - PULSAR_PREFIX_mqttProxyEnable: "true" - PULSAR_PREFIX_mqttProxyTlsPskEnabled: "true" - PULSAR_PREFIX_mqttProxyTlsPskPort: "{{ .Values.mop.ports.tls_psk }}" - PULSAR_PREFIX_tlsPskIdentityHint: "{{ .Values.mop.tls_psk.identityHint }}" - PULSAR_PREFIX_tlsPskIdentity: "{{ .Values.mop.tls_psk.identity }}:{{ .Values.mop.tls_psk.secret }}" - {{- end }} - {{- end }} - {{- if .Values.components.kop }} - PULSAR_PREFIX_messagingProtocols: "kafka" - {{- end }} - {{- end }} - {{- if .Values.components.kop }} - PULSAR_PREFIX_brokerEntryMetadataInterceptors: "org.apache.pulsar.common.intercept.AppendBrokerTimestampMetadataInterceptor,org.apache.pulsar.common.intercept.AppendIndexMetadataInterceptor" - PULSAR_PREFIX_brokerDeleteInactiveTopicsEnabled: "false" - PULSAR_PREFIX_allowAutoTopicCreationType: "partitioned" - {{- if and .Values.auth.authentication.enabled .Values.kop.auth.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - PULSAR_PREFIX_saslAllowedMechanisms: "PLAIN" - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.kop.enabled }} - PULSAR_PREFIX_kopSslKeystoreLocation: /pulsar/certs/kop/keystore.jks - {{- if not .Values.certs.public_issuer.enabled }} - PULSAR_PREFIX_kopSslTruststoreLocation: /pulsar/certs/kop/truststore.jks - {{- end }} - {{- end }} - {{- end }} - {{- if and .Values.broker.offload.enabled .Values.broker.offload.filesystem.enabled }} - PULSAR_PREFIX_fileSystemProfilePath: "{{ .Values.broker.offload.filesystem.fileSystemProfilePath }}" - PULSAR_PREFIX_fileSystemURI: "{{ .Values.broker.offload.filesystem.fileSystemURI }}" - filesystem-config.yaml: | - - - - fs.defaultFS - {{ .Values.broker.offload.filesystem.fileDefaultFS }} - - - hadoop.tmp.dir - {{ .Values.broker.offload.filesystem.fileTmpDir }} - - - io.file.buffer.size - {{ .Values.broker.offload.filesystem.fileBufferSize }} - - - io.seqfile.compress.blocksize - {{ .Values.broker.offload.filesystem.ioSeqfileCompressBlocksize }} - - - io.seqfile.compression.type - {{ .Values.broker.offload.filesystem.ioSeqFileCompressionType }} - - - io.map.index.interval - {{ .Values.broker.offload.filesystem.ioMapIndexInteval }} - - - {{- end }} -{{ toYaml .Values.broker.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ if .Values.broker.log4jConfig }} - log4j2.yaml: {{ toYaml .Values.broker.log4jConfig | indent 2 }} -{{- else -}} -{{ (.Files.Glob "conf/broker/log4j2.yaml").AsConfig | indent 2 }} -{{- end -}} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-istio-gateway.yaml b/charts/pulsar/templates/broker/broker-istio-gateway.yaml deleted file mode 100644 index 2d42df53f..000000000 --- a/charts/pulsar/templates/broker/broker-istio-gateway.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.broker .Values.istio.enabled .Values.components.kop .Values.tls.kop.enabled .Values.ingress.kop.enabled }} -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} -spec: - selector: - istio: {{ quote .Values.istio.gateway.selector.istio }} - servers: - - hosts: - - {{ quote .Values.ingress.kop.external_domain }} - {{- range $i, $e := until (.Values.broker.replicaCount | int) }} - - "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ $.Values.ingress.kop.external_domain }}" - {{- end }} - port: - name: tls-pulsar-kop - number: {{ .Values.kop.ports.ssl }} - protocol: TLS - tls: - mode: PASSTHROUGH -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/broker/broker-istio-serviceentries.yaml b/charts/pulsar/templates/broker/broker-istio-serviceentries.yaml deleted file mode 100644 index 83105c35d..000000000 --- a/charts/pulsar/templates/broker/broker-istio-serviceentries.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.broker .Values.istio.enabled .Values.components.kop .Values.tls.kop.enabled .Values.ingress.kop.enabled }} -{{- range $i, $e := until (.Values.broker.replicaCount | int) }} ---- -apiVersion: networking.istio.io/v1beta1 -kind: ServiceEntry -metadata: - name: "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}" - namespace: {{ template "pulsar.namespace" $ }} - labels: - {{- include "pulsar.standardLabels" $ | nindent 4 }} - component: {{ $.Values.broker.component }} -spec: - hosts: - - "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ template "pulsar.broker.service" $ }}.{{ template "pulsar.namespace" $ }}.svc.cluster.local" - location: MESH_INTERNAL - ports: - - name: tls-pulsar-kop - number: {{ $.Values.kop.ports.ssl }} - protocol: TLS - resolution: DNS -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/broker/broker-istio-virtualservice.yaml b/charts/pulsar/templates/broker/broker-istio-virtualservice.yaml deleted file mode 100644 index dc2d0e71d..000000000 --- a/charts/pulsar/templates/broker/broker-istio-virtualservice.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.broker .Values.istio.enabled .Values.components.kop .Values.tls.kop.enabled .Values.ingress.kop.external_domain }} -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} -spec: - gateways: - - "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - hosts: - - {{ quote .Values.ingress.kop.external_domain }} - {{- range $i, $e := until (.Values.broker.replicaCount | int) }} - - "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ $.Values.ingress.kop.external_domain }}" - - "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ template "pulsar.broker.service" $ }}.{{ template "pulsar.namespace" $ }}.svc.cluster.local" - {{- end }} - tls: - - match: - - port: {{ .Values.kop.ports.ssl }} - sniHosts: - - {{ quote .Values.ingress.kop.external_domain }} - route: - - destination: - host: "{{ template "pulsar.broker.service" $ }}.{{ template "pulsar.namespace" $ }}.svc.cluster.local" - port: - number: {{ .Values.kop.ports.ssl }} - {{- range $i, $e := until (.Values.broker.replicaCount | int) }} - - match: - - port: {{ $.Values.kop.ports.ssl }} - sniHosts: - - "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ $.Values.ingress.kop.external_domain }}" - - "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ template "pulsar.broker.service" $ }}.{{ template "pulsar.namespace" $ }}.svc.cluster.local" - route: - - destination: - host: "{{ template "pulsar.fullname" $ }}-{{ $.Values.broker.component }}-{{ $i }}.{{ template "pulsar.broker.service" $ }}.{{ template "pulsar.namespace" $ }}.svc.cluster.local" - port: - number: {{ $.Values.kop.ports.ssl }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/broker/broker-pdb.yaml b/charts/pulsar/templates/broker/broker-pdb.yaml deleted file mode 100644 index c03aca63e..000000000 --- a/charts/pulsar/templates/broker/broker-pdb.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.broker }} -{{- if .Values.broker.pdb.usePolicy }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.broker.component }} - maxUnavailable: {{ .Values.broker.pdb.maxUnavailable }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-role-binding.yaml b/charts/pulsar/templates/broker/broker-role-binding.yaml deleted file mode 100644 index 16656868b..000000000 --- a/charts/pulsar/templates/broker/broker-role-binding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if not .Values.broker.serviceAccount.clusterRole }} -{{- if and .Values.components.broker .Values.broker.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-rolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-role" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.broker.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-role" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-service-account.yaml b/charts/pulsar/templates/broker/broker-service-account.yaml deleted file mode 100644 index fb5b837aa..000000000 --- a/charts/pulsar/templates/broker/broker-service-account.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.broker .Values.broker.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.broker.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} - annotations: -{{- with .Values.broker.service_account.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.broker.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-service-ingress.yaml b/charts/pulsar/templates/broker/broker-service-ingress.yaml deleted file mode 100644 index bd14cc195..000000000 --- a/charts/pulsar/templates/broker/broker-service-ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.broker .Values.ingress.broker.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-ingress" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} - annotations: - {{- with .Values.ingress.broker.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.ingress.broker.type }} - ports: - # prometheus needs to access /metrics endpoint - - name: http - port: {{ .Values.broker.ports.http }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - name: https - port: {{ .Values.broker.ports.https }} - - name: pulsarssl - port: {{ .Values.broker.ports.pulsarssl }} - {{- else }} - - name: pulsar - port: {{ .Values.broker.ports.pulsar }} - {{- end }} - {{- if .Values.components.mop }} - - name: mqtt - port: {{ .Values.mop.ports.plaintext }} - {{- if .Values.mop.tls_psk.enabled }} - - name: mqtt-tls-psk - port: {{ .Values.mop.ports.tls_psk }} - {{- end }} - {{- end }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.broker.component }} - {{- with .Values.ingress.broker.extraSpec }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-service.yaml b/charts/pulsar/templates/broker/broker-service.yaml deleted file mode 100644 index c1ccb970a..000000000 --- a/charts/pulsar/templates/broker/broker-service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.broker }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} - annotations: -{{ toYaml .Values.broker.service.annotations | indent 4 }} -spec: - ports: - # prometheus needs to access /metrics endpoint - - name: http - port: {{ .Values.broker.ports.http }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - name: https - port: {{ .Values.broker.ports.https }} - - name: pulsarssl - port: {{ .Values.broker.ports.pulsarssl }} - {{- else }} - - name: pulsar - port: {{ .Values.broker.ports.pulsar }} - {{- end }} - {{- if .Values.components.kop }} - {{- if and .Values.tls.enabled .Values.tls.kop.enabled }} - - name: kafkassl - port: {{ .Values.kop.ports.ssl }} - {{- else }} - - name: kafkaplaintext - port: {{ .Values.kop.ports.plaintext }} - {{- end }} - {{- end }} - {{- if .Values.components.mop }} - - name: mqtt - port: {{ .Values.mop.ports.plaintext }} - {{- if .Values.mop.tls_psk.enabled }} - - name: mqtt-tls-psk - port: {{ .Values.mop.ports.tls_psk }} - {{- end }} - {{- end }} - clusterIP: None - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.broker.component }} -{{- end }} diff --git a/charts/pulsar/templates/broker/broker-statefulset.yaml b/charts/pulsar/templates/broker/broker-statefulset.yaml deleted file mode 100644 index 0319b882d..000000000 --- a/charts/pulsar/templates/broker/broker-statefulset.yaml +++ /dev/null @@ -1,412 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.broker }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.broker.component }} -{{- with .Values.broker.statefulset.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.broker.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - replicas: {{ .Values.broker.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.broker.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.broker.component }} -{{- with .Values.broker.labels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - {{- if .Values.monitoring.datadog }} - {{- include "pulsar.broker.datadog.annotation" . | nindent 8 }} - {{- end }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.broker.ports.http }}" - {{- if .Values.broker.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/broker/broker-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.broker.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.broker.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.broker.imagePullSecrets }} - {{- end }} - securityContext: -{{- with .Values.broker.securityContext }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- if or .Values.broker.serviceAccount.use (and .Values.components.functions (not .Values.functions.useDedicatedRunner)) }} - serviceAccountName: {{ template "pulsar.broker.serviceAccount" . }} - {{- end }} - {{- if .Values.broker.nodeSelector }} - nodeSelector: -{{ toYaml .Values.broker.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.broker.tolerations }} - tolerations: -{{ toYaml .Values.broker.tolerations | indent 8 }} - {{- end }} - {{- if and .Values.affinity.anti_affinity .Values.broker.custom_affinity}} - affinity: -{{ toYaml .Values.broker.custom_affinity | indent 8 }} - {{ else }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.broker.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.broker.affinity.type }}: - {{ if eq .Values.broker.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.broker.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.broker.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.broker.gracePeriod }} - initContainers: - # This init container will wait for zookeeper to be ready before - # deploying the bookies - - name: wait-zookeeper-ready - image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" - imagePullPolicy: {{ .Values.images.broker.pullPolicy }} - command: ["sh", "-c"] - args: - {{ if .Values.broker.zkInitCommandOverride }} - {{ with .Values.broker.zkInitCommandOverride }} - -{{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - - >- - {{ if .Values.broker.skipZookeeperReady }} - echo "Skipping zookeeper ready check" - {{ else }} - {{- if .Values.broker.advertisedPodIP }} - export BROKER_ADDRESS="${advertisedAddress}" - {{- else }} - export BROKER_ADDRESS="${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - {{- end }} - {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }} - {{- if .Values.pulsar_metadata.configurationStore }} - until bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ .Values.pulsar_metadata.configurationStore}} get {{ .Values.configurationStoreMetadataPrefix }}/admin/clusters/"{{ template "pulsar.cluster" . }}"; do - {{- end }} - {{- if not .Values.pulsar_metadata.configurationStore }} - until bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.zookeeper.connect" . }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster" . }}; do - {{- end }} - echo "pulsar cluster {{ template "pulsar.fullname" . }} isn't initialized yet ... check in 3 seconds ..." && sleep 3; - done; - {{ end }} - {{ end }} - volumeMounts: - {{- include "pulsar.broker.certs.volumeMounts" . | nindent 8 }} - # This init container will wait for bookkeeper to be ready before - # deploying the broker - - name: wait-bookkeeper-ready - image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" - imagePullPolicy: {{ .Values.images.broker.pullPolicy }} - command: ["sh", "-c"] - args: - {{ if .Values.broker.bkInitCommandOverride }} - {{ with .Values.broker.bkInitCommandOverride }} - -{{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - - > - - {{- if .Values.broker.advertisedPodIP }} - export BROKER_ADDRESS="${advertisedAddress}" - {{- else }} - export BROKER_ADDRESS="${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - {{- end }} - {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }} - bin/apply-config-from-env.py conf/bookkeeper.conf; - until bin/bookkeeper shell whatisinstanceid; do - echo "bookkeeper cluster is not initialized yet. backoff for 3 seconds ..."; - sleep 3; - done; - echo "bookkeeper cluster is already initialized"; - bookieServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} | grep Name | wc -l)"; - until [ ${bookieServiceNumber} -ge {{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }} ]; do - echo "bookkeeper cluster {{ template "pulsar.fullname" . }} isn't ready yet ... check in 10 seconds ..."; - sleep 10; - bookieServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} | grep Name | wc -l)"; - done; - echo "bookkeeper cluster is ready"; - {{ end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - volumeMounts: - {{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }} -{{- with .Values.common.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- with .Values.broker.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" - imagePullPolicy: {{ .Values.images.broker.pullPolicy }} - {{- if .Values.broker.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: /status.html - port: {{ .Values.broker.ports.http }} - initialDelaySeconds: {{ .Values.broker.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.broker.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.broker.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.broker.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: /status.html - port: {{ .Values.broker.ports.http }} - initialDelaySeconds: {{ .Values.broker.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.broker.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.broker.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.broker.probe.startup.enabled }} - startupProbe: - httpGet: - path: /status.html - port: {{ .Values.broker.ports.http }} - initialDelaySeconds: {{ .Values.broker.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.broker.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.broker.probe.startup.failureThreshold }} - {{- end }} - {{- if .Values.broker.resources }} - resources: -{{ toYaml .Values.broker.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - # NOTE: We need to set `BROKER_ADDRESS` at the beginning. Because - # other scripts will use this variable. - {{ if .Values.broker.brokerCommandOverride }} - {{ with .Values.broker.brokerCommandOverride }} - -{{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - - > - - {{- if .Values.broker.advertisedPodIP }} - export BROKER_ADDRESS="${advertisedAddress}" - {{- else }} - export BROKER_ADDRESS="${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - {{- end }} - - bin/apply-config-from-env.py conf/broker.conf; - echo "OK" > status; - {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 10 }} - BROKER_ZNODE="{{ template "pulsar.broker.znode.prefix" . }}${BROKER_ADDRESS}:{{ .Values.broker.ports.http }}" - bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get ${BROKER_ZNODE}; - while [ $? -eq 0 ]; do - echo "broker ${BROKER_ADDRESS} znode still exists ... check in 10 seconds ..."; - sleep 10; - bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get ${BROKER_ZNODE}; - done; - bin/pulsar broker; - {{ end }} - ports: - # prometheus needs to access /metrics endpoint - - name: http - containerPort: {{ .Values.broker.ports.http }} - {{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }} - - name: pulsar - containerPort: {{ .Values.broker.ports.pulsar }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - name: https - containerPort: {{ .Values.broker.ports.https }} - - name: pulsarssl - containerPort: {{ .Values.broker.ports.pulsarssl }} - {{- end }} - {{- if .Values.components.kop }} - {{- if and .Values.tls.enabled .Values.tls.kop.enabled }} - - name: kafkassl - containerPort: {{ .Values.kop.ports.ssl }} - {{- else }} - - name: kafkaplaintext - containerPort: {{ .Values.kop.ports.plaintext }} - {{- end }} - {{- end }} - {{- if .Values.components.mop }} - - name: mqtt - containerPort: {{ .Values.mop.ports.plaintext }} - {{- if .Values.mop.tls_psk.enabled }} - - name: mqtt-tls-psk - containerPort: {{ .Values.mop.ports.tls_psk }} - {{- end }} - {{- end }} - env: - {{- if .Values.broker.advertisedPodIP }} - - name: advertisedAddress - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- end }} - {{- if and .Values.broker.offload.s3.enabled .Values.broker.offload.s3.secret }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.broker.offload.s3.secret }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.broker.offload.s3.secret }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - {{- if or .Values.components.mop .Values.components.kop .Values.broker.addPodName }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- end }} - {{- if .Values.components.mop }} - - name: PULSAR_PREFIX_mqttListeners - value: mqtt://$(POD_NAME).{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.mop.ports.plaintext }} - {{- end }} - {{- if and .Values.components.kop }} - {{- if .Values.ingress.kop.enabled }} - {{- if and .Values.tls.enabled .Values.tls.kop.enabled }} - - name: PULSAR_PREFIX_kafkaAdvertisedListeners - value: SSL://$(POD_NAME).{{ .Values.ingress.kop.external_domain }}:{{ .Values.kop.ports.ssl }} - - name: PULSAR_PREFIX_kafkaListeners - value: SSL://$(POD_NAME).{{ template "pulsar.broker.service.fqn" . }}:{{ .Values.kop.ports.ssl }} - - name: PULSAR_PREFIX_kopSslKeystorePassword - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}-jks-passwd" - key: password - - name: PULSAR_PREFIX_kopSslKeyPassword - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}-jks-passwd" - key: password - - name: PULSAR_PREFIX_kopSslTruststorePassword - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}-jks-passwd" - key: password - {{- else }} - - name: PULSAR_PREFIX_kafkaAdvertisedListeners - value: PLAINTEXT://$(POD_NAME).{{ .Values.ingress.kop.external_domain }}:{{ .Values.kop.ports.plaintext }} - - name: PULSAR_PREFIX_kafkaListeners - value: PLAINTEXT://$(POD_NAME).{{ template "pulsar.broker.service.fqn" . }}:{{ .Values.kop.ports.plaintext }} - {{- end }} - {{- end }} - {{- end }} -{{- with .Values.broker.extraEnv}} -{{ toYaml . | indent 8 }} -{{- end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - volumeMounts: - {{- include "pulsar.broker.oauth2.volumeMounts" . | nindent 10 }} - {{- include "pulsar.broker.token.volumeMounts" . | nindent 10 }} - {{- include "pulsar.broker.log.volumeMounts" . | nindent 10 }} - {{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }} - {{- if and .Values.tls.enabled .Values.tls.kop.enabled }} - {{- include "pulsar.kop.certs.volumeMounts" . | nindent 10 }} - {{- end }} - {{- include "pulsar.broker.runtime.volumeMounts" . | nindent 10 }} - {{- include "pulsar.broker.offload.volumeMounts" . | nindent 10 }} - {{- include "pulsar.function.worker.config.volumeMounts" . | nindent 10 }} - {{- include "pulsar.function.builtinconnectors.volumeMounts" . | nindent 10 }} - {{- if .Values.broker.offload.filesystem.enabled }} - {{- include "pulsar.broker.offload.filesystem.config.volumeMounts" . | nindent 10 }} - {{- end }} -{{- with .Values.broker.extraVolumeMounts }} -{{ toYaml . | indent 10 }} -{{- end }} - volumes: - {{- include "pulsar.broker.oauth2.volumes" . | nindent 6 }} - {{- include "pulsar.broker.token.volumes" . | nindent 6 }} - {{- include "pulsar.broker.certs.volumes" . | nindent 6 }} - {{- if and .Values.tls.enabled .Values.tls.kop.enabled }} - {{- include "pulsar.kop.certs.volumes" . | nindent 6 }} - {{- end }} - {{- include "pulsar.broker.log.volumes" . | nindent 6 }} - {{- include "pulsar.broker.runtime.volumes" . | nindent 6 }} - {{- include "pulsar.broker.offload.volumes" . | nindent 6 }} - {{- include "pulsar.function.worker.config.volumes" . | nindent 6 }} - {{- include "pulsar.function.builtinconnectors.volumes" . | nindent 6 }} - {{- if .Values.broker.offload.filesystem.enabled }} - {{- include "pulsar.broker.offload.filesystem.config.volumes" . | nindent 6 }} - {{- end }} -{{- with .Values.broker.extraVolumes }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/broker/function-mesh-configmap.yaml b/charts/pulsar/templates/broker/function-mesh-configmap.yaml deleted file mode 100644 index 4209aa06e..000000000 --- a/charts/pulsar/templates/broker/function-mesh-configmap.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.functions .Values.functions.functionMesh }} -## function config map -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.functionMeshName }}-config" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} -data: - brokerServiceURL: {{ .Values.functions.pulsarServiceUrlOverride | quote }} - webServiceURL: {{ .Values.functions.pulsarWebServiceUrlOverride | quote }} -{{- end }} diff --git a/charts/pulsar/templates/broker/function-worker-configfile-configmap.yaml b/charts/pulsar/templates/broker/function-worker-configfile-configmap.yaml deleted file mode 100644 index c65eeee39..000000000 --- a/charts/pulsar/templates/broker/function-worker-configfile-configmap.yaml +++ /dev/null @@ -1,168 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.functions }} -## function config map -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-configfile" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} -data: - functions_worker.yml: | - {{- if .Values.functions.config }} -{{ toYaml .Values.functions.config | indent 4 }} - {{- end }} - {{- if or .Values.functions.useDedicatedRunner .Values.functions.addWorkerPort }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - # `tlsEnabled` and `workerPortTls` are required to set to true in order to make HTTPS work for functions REST api - workerPortTls: {{ .Values.functions.ports.https }} - tlsEnabled: true - {{- else}} - workerPort: {{ .Values.functions.ports.http }} - {{- end }} - {{- end }} - {{- if and .Values.components.functions .Values.functions.functionState }} - # enable function state - stateStorageServiceUrl: bk://{{ template "pulsar.bookkeeper.service" . }}:{{ .Values.bookkeeper.ports.streamStorage }} - {{- end }} - # Function package management - numFunctionPackageReplicas: {{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }} - {{- if .Values.functions.pulsarUrlOverride }} - pulsarServiceUrl: {{ .Values.functions.pulsarUrlOverride }} - {{- else }} - pulsarServiceUrl: {{template "pulsar.function.broker.service.url" . }} - {{- end }} - {{- if .Values.functions.pulsarWebServiceUrlOverride }} - pulsarWebServiceUrl: {{ .Values.functions.pulsarWebServiceUrlOverride }} - {{- else }} - pulsarWebServiceUrl: {{template "pulsar.function.web.service.url" . }} - {{- end }} - pulsarFunctionsCluster: {{ template "pulsar.fullname" . }} - functionRuntimeFactoryConfigs: - jobNamespace: {{ template "pulsar.functions.namespace" . }} - pulsarDockerImageName: "{{ .Values.images.functions.repository }}:{{ .Values.images.functions.tag }}" - pulsarRootDir: {{ template "pulsar.functions.pulsarRootDir" . }} - {{- if .Values.functions.pulsarAdminUrlOverride }} - pulsarAdminUrl: {{ .Values.functions.pulsarAdminUrlOverride }} - {{- else }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - pulsarAdminUrl: {{ template "pulsar.function.web.service.url.tls" . }} - {{- else }} - pulsarAdminUrl: {{ template "pulsar.function.web.service.url" . }} - {{- end }} - {{- end }} - {{- if .Values.functions.pulsarServiceUrlOverride }} - pulsarServiceUrl: {{ .Values.functions.pulsarServiceUrlOverride }} - {{- else }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - pulsarServiceUrl: {{ template "pulsar.function.broker.service.url.tls" . }} - {{- else }} - pulsarServiceUrl: {{ template "pulsar.function.broker.service.url" . }} - {{- end }} - {{- end }} - changeConfigMap: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-config" - changeConfigMapNamespace: {{ template "pulsar.namespace" . }} - submittingInsidePod: true - installUserCodeDependencies: true - {{- if .Values.functions.functionMesh }} - functionsWorkerServiceNarPackage: "/pulsar/lib/mesh-worker-service.nar" - functionsWorkerServiceCustomConfigs: - jobNamespace: "{{ .Values.functions.jobNamespace }}" - defaultServiceAccountName: "{{ .Values.functions.functionMeshServiceAccount }}" - extraDependenciesDir: "/pulsar/lib" - functionEnabled: "true" - sinkEnabled: "true" - sourceEnabled: "true" - uploadEnabled: "true" - functionRunnerImages: - GO: "{{ .Values.images.function_runner_go.repository }}:{{ .Values.images.function_runner_go.tag }}" - JAVA: "{{ .Values.images.function_runner_java.repository }}:{{ .Values.images.function_runner_java.tag }}" - PYTHON: "{{ .Values.images.function_runner_python.repository }}:{{ .Values.images.function_runner_python.tag }}" - {{- end }} -{{- with .Values.functions.functionRuntimeFactoryConfigs }} -{{ toYaml . | indent 6 }} -{{- end }} - # runtime customizer - {{- if .Values.functions.enableCustomizerRuntime }} - runtimeCustomizerClassName: {{ .Values.functions.runtimeCustomizerClassName }} - {{- end }} - {{- if .Values.functions.useDedicatedRunner}} - workerHostname: {{template "pulsar.function.service" . }} - # TLS Settings - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - # if broker enables TLS, configure function to talk to broker using TLS - useTLS: true - pulsarServiceUrl: {{ template "pulsar.function.broker.service.url.tls" . }} - pulsarWebServiceUrl: {{ template "pulsar.function.web.service.url.tls" . }} - tlsEnabled: true - tlsCertificateFilePath: "/pulsar/certs/function/tls.crt" - tlsKeyFilePath: "/pulsar/certs/function/tls.key" - tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - brokerClientTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - {{- end }} - - {{- if .Values.functions.tlsAllowInsecureConn }} - tlsAllowInsecureConnection: false - tlsEnableHostnameVerification: false - {{- end }} - - {{- if .Values.functions.tlsCertRefreshCheckDurationSec }} - tlsCertRefreshCheckDurationSec: {{ .Values.functions.tlsCertRefreshCheckDurationSec }} - {{- end }} - - {{- if .Values.pulsar_metadata.configurationStore }} - configurationStoreServers: "{{ .Values.pulsar_metadata.configurationStore }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }}" - {{- end }} - {{- if not .Values.pulsar_metadata.configurationStore }} - configurationStoreServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" - {{- end }} - {{- if .Values.auth.authorization.enabled }} - authorizationEnabled: "true" - authorizationProvider: {{ .Values.functions.authorizationProvider }} - superUserRoles: - - {{ .Values.auth.superUsers.broker }} - - {{ .Values.auth.superUsers.proxy }} - - {{ .Values.auth.superUsers.websocket }} - - {{ .Values.auth.superUsers.client }} - - {{ .Values.auth.superUsers.pulsar_manager }} - {{- end }} - {{- if and .Values.auth.authentication.enabled (eq .Values.auth.authentication.provider "jwt") }} - {{- if eq .Values.functions.configData.functionRuntimeFactoryClassName "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory" }} - functionAuthProviderClassName: org.apache.pulsar.functions.auth.KubernetesSecretsTokenAuthProvider - {{- end }} - # token authentication configuration - brokerClientAuthenticationEnabled: "true" - clientAuthenticationParameters: "file:///pulsar/tokens/function/token" - clientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" - brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" - brokerClientAuthenticationParameters: "file:///pulsar/tokens/function/token" - authenticationEnabled: "true" - authenticationProviders: -{{- with .Values.functions.authenticationProviders }} -{{ toYaml . | indent 6 }} -{{- end }} - authenticateMetricsEndpoint: "false" - {{- end }} - {{- end }} -{{ toYaml .Values.functions.configData | indent 4 }} -{{- end }} diff --git a/charts/pulsar/templates/broker/function-worker-configmap.yaml b/charts/pulsar/templates/broker/function-worker-configmap.yaml deleted file mode 100644 index f54b5df76..000000000 --- a/charts/pulsar/templates/broker/function-worker-configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.functions }} -## function config map -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-config" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} -data: - pulsarDockerImageName: "{{ .Values.images.functions.repository }}:{{ .Values.images.functions.tag }}" -{{- end }} diff --git a/charts/pulsar/templates/control-center/_control_center.tpl b/charts/pulsar/templates/control-center/_control_center.tpl deleted file mode 100644 index 80b4ec7ea..000000000 --- a/charts/pulsar/templates/control-center/_control_center.tpl +++ /dev/null @@ -1,85 +0,0 @@ -{{/* -control center domain -*/}} -{{- define "pulsar.control_center_domain" -}} -{{- if .Values.ingress.control_center.enabled -}} - {{- if .Values.deployment.openshift }} -{{- printf "%s-%s-%s.%s" .Values.pulsar_metadata.clusterName .Values.pulsar_manager.component .Release.Namespace .Values.domain.suffix -}} - {{- else -}} - {{- if .Values.ingress.control_center.external_domain }} -{{- printf "%s" .Values.ingress.control_center.external_domain -}} - {{- else -}} -{{- printf "admin.%s.%s" .Release.Name .Values.domain.suffix -}} - {{- end -}} - {{- end -}} -{{- else -}} -{{- print "" -}} -{{- end -}} -{{- end -}} - -{{/* -control center url -*/}} -{{- define "pulsar.control_center_url" -}} -{{- if .Values.ingress.control_center.enabled -}} - {{- if .Values.ingress.control_center.external_domain }} -{{- printf "%s%s" .Values.ingress.control_center.external_domain_scheme .Values.ingress.control_center.external_domain -}} - {{- else -}} - {{- if .Values.domain.enabled }} - {{- if .Values.ingress.control_center.tls.enabled }} -{{- printf "https://admin.%s.%s" .Release.Name .Values.domain.suffix -}} - {{- else -}} -{{- printf "http://admin.%s.%s" .Release.Name .Values.domain.suffix -}} - {{- end -}} - {{- else -}} -{{- printf "" -}} - {{- end -}} - {{- end -}} -{{- else -}} -{{- print "" -}} -{{- end -}} -{{- end -}} - -{{/* -control center path: alert manager -*/}} -{{- define "pulsar.control_center_path.alertmanager" -}} -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.alertmanager -}} -{{- print "/alerts" -}} -{{- else -}} -{{- print "" -}} -{{- end -}} -{{- end -}} - -{{/* -control center path: grafana -*/}} -{{- define "pulsar.control_center_path.grafana" -}} -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.grafana -}} -{{- print "/grafana" -}} -{{- else -}} -{{- print "" -}} -{{- end -}} -{{- end -}} - -{{/* -control center path: prometheus -*/}} -{{- define "pulsar.control_center_path.prometheus" -}} -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.prometheus -}} -{{- print "/prometheus" -}} -{{- else -}} -{{- print "" -}} -{{- end -}} -{{- end -}} - -{{/* -pulsar controller ingress target port for http endpoint -*/}} -{{- define "pulsar.control_center.ingress.targetPort" -}} -{{- if and .Values.ingress.control_center.tls.enabled (not .Values.ingress.controller.tls.termination) }} -{{- print "https" -}} -{{- else -}} -{{- print "http" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/pulsar/templates/control-center/control-center-ingress.yaml b/charts/pulsar/templates/control-center/control-center-ingress.yaml deleted file mode 100644 index 60e470cb1..000000000 --- a/charts/pulsar/templates/control-center/control-center-ingress.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.ingress.control_center.enabled }} -{{- $fullName := include "pulsar.fullname" . -}} - -{{/* COMMENT */}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.ingress.control_center.component }}-ingress" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - annotations: -{{- if and .Values.ingress.control_center.tls.enabled (not .Values.ingress.controller.tls.termination) }} - # don't do ssl-redirect if ssl is already terminated at the load balancer level - ingress.kubernetes.io/ssl-redirect: "true" -{{- if and .Values.certs.public_issuer.enabled }} - kubernetes.io/tls-acme: "true" -{{- if eq .Values.certs.public_issuer.issuer_type "ClusterIssuer" }} - cert-manager.io/cluster-issuer: "{{ template "pulsar.tls.public_issuer" . }}" -{{- else }} - cert-manager.io/issuer: "{{ template "pulsar.tls.public_issuer" . }}" -{{- end }} -{{- end }} -{{- else }} - ingress.kubernetes.io/ssl-redirect: "false" -{{- end }} -{{- if not .Values.deployment.openshift }} - kubernetes.io/ingress.class: nginx -{{- end }} - {{- with .Values.ingress.control_center.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if and .Values.ingress.control_center.tls.enabled (not .Values.ingress.controller.tls.termination) }} - {{- if .Values.domain.enabled }} - tls: - - hosts: - - {{ template "pulsar.control_center_domain" . }} - secretName: {{ template "pulsar.fullname" . }}-{{ .Values.ingress.control_center.component }}-ingress - {{- end }} -{{- end }} - rules: - - host: {{ template "pulsar.control_center_domain" . }} - http: - paths: - {{- if and .Values.monitoring.grafana .Values.ingress.control_center.endpoints.grafana }} - - path: /grafana - pathType: {{ .Values.grafana.pathType | default "ImplementationSpecific" }} - backend: - service: - name: "{{ $fullName }}-{{ .Values.grafana.component }}" - port: - number: {{ .Values.grafana.port }} - {{- end }} - {{- if and .Values.monitoring.alert_manager .Values.ingress.control_center.endpoints.alertmanager }} - - path: /alerts - pathType: {{ .Values.alert_manager.pathType | default "ImplementationSpecific" }} - backend: - service: - name: "{{ $fullName }}-{{ .Values.alert_manager.component }}" - port: - number: {{ .Values.alert_manager.port }} - {{- end }} - {{- if and .Values.monitoring.prometheus .Values.ingress.control_center.endpoints.prometheus }} - - path: /prometheus - pathType: {{ .Values.prometheus.pathType | default "ImplementationSpecific" }} - backend: - service: - name: "{{ $fullName }}-{{ .Values.prometheus.component }}" - port: - number: {{ .Values.prometheus.port }} - {{- end }} - {{- if .Values.components.streamnative_console }} - - path: /console - pathType: {{ .Values.streamnative_console.pathType | default "ImplementationSpecific" }} - backend: - service: - name: "{{ $fullName }}-{{ .Values.streamnative_console.component }}" - port: - number: {{ .Values.streamnative_console.ports.frontend }} - {{- end }} - {{- if .Values.components.pulsar_manager }} - - path: / - pathType: {{ .Values.pulsar_manager.pathType | default "ImplementationSpecific" }} - backend: - service: - name: "{{ $fullName }}-{{ .Values.pulsar_manager.component }}" - port: - number: {{ .Values.pulsar_manager.ports.frontend }} - {{- else }} - - path: / - pathType: "ImplementationSpecific" - backend: - service: - name: default - port: - number: 80 - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/control-center/ingress-controller-configmap.yaml b/charts/pulsar/templates/control-center/ingress-controller-configmap.yaml deleted file mode 100644 index 0a070e985..000000000 --- a/charts/pulsar/templates/control-center/ingress-controller-configmap.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.ingress.controller.enabled }} -kind: ConfigMap -apiVersion: v1 -metadata: - name: "{{ template "pulsar.fullname" . }}-nginx-configuration" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.ingress.controller.component }} -data: - use-forwarded-headers: "true" - ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: "{{ template "pulsar.fullname" . }}-tcp-services" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.ingress.controller.component }} ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: "{{ template "pulsar.fullname" . }}-udp-services" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.ingress.controller.component }} - -{{- end }} diff --git a/charts/pulsar/templates/control-center/ingress-controller-deployment.yaml b/charts/pulsar/templates/control-center/ingress-controller-deployment.yaml deleted file mode 100644 index 42c4169ce..000000000 --- a/charts/pulsar/templates/control-center/ingress-controller-deployment.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.ingress.controller.enabled }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.ingress.controller.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.ingress.controller.component }} -spec: - replicas: {{ .Values.ingress.controller.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.ingress.controller.component }} - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.ingress.controller.component }} - annotations: - prometheus.io/port: "10254" - prometheus.io/scrape: "true" - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.ingress.controller.nodeSelector }} - nodeSelector: -{{ toYaml .Values.ingress.controller.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.ingress.controller.tolerations }} - tolerations: -{{ toYaml .Values.ingress.controller.tolerations | indent 8 }} - {{- end }} - {{- if .Values.rbac.enable }} - serviceAccount: "{{ template "pulsar.fullname" . }}-nginx-ingress-serviceaccount" - {{- end }} - terminationGracePeriodSeconds: {{ .Values.ingress.controller.gracePeriod }} - containers: - - name: nginx-ingress-controller - image: "{{ .Values.images.nginx_ingress_controller.repository }}:{{ .Values.images.nginx_ingress_controller.tag }}" - imagePullPolicy: {{ .Values.images.nginx_ingress_controller.pullPolicy }} - args: - - /nginx-ingress-controller - - --configmap={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-nginx-configuration - - --tcp-services-configmap={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-tcp-services - - --udp-services-configmap={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-udp-services - - --publish-service={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-{{ .Values.ingress.controller.component }} - - --annotations-prefix=nginx.ingress.kubernetes.io - securityContext: - allowPrivilegeEscalation: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - # www-data -> 101 - runAsUser: 101 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - name: http - containerPort: {{ .Values.ingress.controller.ports.http }} - protocol: TCP - - name: https - containerPort: {{ .Values.ingress.controller.ports.https }} - protocol: TCP - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - lifecycle: - preStop: - exec: - command: - - /wait-shutdown -{{- end }} diff --git a/charts/pulsar/templates/control-center/ingress-controller-rbac.yaml b/charts/pulsar/templates/control-center/ingress-controller-rbac.yaml deleted file mode 100644 index 2cb1ffaac..000000000 --- a/charts/pulsar/templates/control-center/ingress-controller-rbac.yaml +++ /dev/null @@ -1,168 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.ingress.controller.enabled }} -{{- if .Values.ingress.controller.rbac }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-serviceaccount" - namespace: {{ template "pulsar.namespace" . }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-clusterrole" - labels: - app: {{ template "pulsar.name" . }} - chart: {{ template "pulsar.chart" . }} - release: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "extensions" - - "networking.k8s.io" - resources: - - ingresses/status - verbs: - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-role" - namespace: {{ template "pulsar.namespace" . }} - labels: - app: {{ template "pulsar.name" . }} - chart: {{ template "pulsar.chart" . }} - release: {{ .Release.Name }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" - # Upgrade to v1.1.1, controller will update this configmap - - "ingress-controller-leader" - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-role-nisa-binding" - namespace: {{ template "pulsar.namespace" . }} - labels: - app: {{ template "pulsar.name" . }} - chart: {{ template "pulsar.chart" . }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-role" -subjects: - - kind: ServiceAccount - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-serviceaccount" - namespace: {{ template "pulsar.namespace" . }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-clusterrole-nisa-binding" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-clusterrole" -subjects: - - kind: ServiceAccount - name: "{{ template "pulsar.fullname" . }}-nginx-ingress-serviceaccount" - namespace: {{ template "pulsar.namespace" . }} - ---- -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/control-center/ingress-controller-service.yaml b/charts/pulsar/templates/control-center/ingress-controller-service.yaml deleted file mode 100644 index d8de0a3c4..000000000 --- a/charts/pulsar/templates/control-center/ingress-controller-service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.ingress.controller.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.ingress.controller.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.ingress.controller.component }} - annotations: - {{- if .Values.external_dns.enabled }} - {{- if .Values.domain.enabled }} - external-dns.alpha.kubernetes.io/hostname: {{ template "pulsar.control_center_domain" . }} - {{- end }} - {{- end }} - {{- with .Values.ingress.controller.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: LoadBalancer - ports: - {{- if .Values.ingress.control_center.tls.enabled }} - - name: https - port: {{ .Values.ingress.controller.ports.https }} - targetPort: {{ template "pulsar.control_center.ingress.targetPort" . }} - protocol: TCP - {{- else }} - - name: http - port: {{ .Values.ingress.controller.ports.http }} - targetPort: {{ template "pulsar.control_center.ingress.targetPort" . }} - protocol: TCP - {{- end }} - selector: - {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.ingress.controller.component }} - {{- with .Values.ingress.controller.extraSpec }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/detector/_detector.tpl b/charts/pulsar/templates/detector/_detector.tpl deleted file mode 100644 index 7a02e4772..000000000 --- a/charts/pulsar/templates/detector/_detector.tpl +++ /dev/null @@ -1,13 +0,0 @@ - -{{/*Define pulsar detector service account*/}} -{{- define "pulsar.detector.serviceAccount" -}} -{{- if .Values.pulsar_detector.serviceAccount.create -}} - {{- if .Values.pulsar_detector.serviceAccount.name -}} -{{ .Values.pulsar_detector.serviceAccount.name }} - {{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}-acct - {{- end -}} -{{- else -}} -{{ .Values.pulsar_detector.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/detector/pulsar-detector-pdb.yaml b/charts/pulsar/templates/detector/pulsar-detector-pdb.yaml deleted file mode 100644 index 4e8d50ad4..000000000 --- a/charts/pulsar/templates/detector/pulsar-detector-pdb.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_detector }} -{{- if .Values.pulsar_detector.pdb.usePolicy }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_detector.component }} -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.pulsar_detector.component }} - maxUnavailable: {{ .Values.pulsar_detector.pdb.maxUnavailable }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/detector/pulsar-detector-service-account.yaml b/charts/pulsar/templates/detector/pulsar-detector-service-account.yaml deleted file mode 100644 index 6fbeb723f..000000000 --- a/charts/pulsar/templates/detector/pulsar-detector-service-account.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.pulsar_detector .Values.pulsar_detector.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.detector.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_detector.component }} - annotations: -{{- with .Values.pulsar_detector.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/detector/pulsar-detector-service.yaml b/charts/pulsar/templates/detector/pulsar-detector-service.yaml deleted file mode 100644 index ec88f9d20..000000000 --- a/charts/pulsar/templates/detector/pulsar-detector-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_detector }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_detector.component }} -spec: -{{- if .Values.pulsar_detector.service.spec }} -{{- with .Values.pulsar_detector.service.spec }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- else }} - clusterIP: None -{{- end }} - ports: - - name: server - port: {{ .Values.pulsar_detector.port }} - protocol: TCP - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.pulsar_detector.component }} -{{- end }} diff --git a/charts/pulsar/templates/detector/pulsar-detector-statefulset.yaml b/charts/pulsar/templates/detector/pulsar-detector-statefulset.yaml deleted file mode 100644 index dbca89f82..000000000 --- a/charts/pulsar/templates/detector/pulsar-detector-statefulset.yaml +++ /dev/null @@ -1,120 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_detector }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_detector.component }} -{{- with .Values.pulsar_detector.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}" - replicas: {{ .Values.pulsar_detector.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.pulsar_detector.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.pulsar_detector.component }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.pulsar_detector.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.pulsar_detector.imagePullSecrets }} - {{- end }} - {{- if .Values.pulsar_detector.nodeSelector }} - nodeSelector: -{{ toYaml .Values.pulsar_detector.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.pulsar_detector.tolerations }} - tolerations: -{{ toYaml .Values.pulsar_detector.tolerations | indent 8 }} - {{- end }} - {{- if .Values.pulsar_detector.serviceAccount.use }} - serviceAccountName: {{ template "pulsar.detector.serviceAccount" . }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.pulsar_detector.gracePeriod }} - initContainers: - # This init container will wait for zookeeper to be ready before - # deploying the bookies - {{- if .Values.pulsar_detector.waitZkReady }} - - name: wait-zookeeper-ready - image: "{{ .Values.images.zookeeper.repository }}:{{ .Values.images.zookeeper.tag }}" - imagePullPolicy: {{ .Values.images.zookeeper.pullPolicy }} - command: ["sh", "-c"] - args: - - >- - until bin/pulsar zookeeper-shell -server {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster" . }}; do - sleep 3; - done; - {{- end }} - # This init container will wait for at least one broker to be ready before - # deploying the pulsar-detector - - name: wait-broker-ready - image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" - imagePullPolicy: {{ .Values.images.broker.pullPolicy }} - command: ["sh", "-c"] - args: - - >- - set -e; - brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; - until [ ${brokerServiceNumber} -ge 1 ]; do - echo "pulsar cluster {{ template "pulsar.fullname" . }} isn't initialized yet ... check in 10 seconds ..."; - sleep 10; - brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; - done; - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}" - image: "{{ .Values.images.pulsar_detector.repository }}:{{ .Values.images.pulsar_detector.tag }}" - imagePullPolicy: {{ .Values.images.pulsar_detector.pullPolicy }} - command: ["sh", "-c"] - args: - - > - bin/pulsar-detector -service-url pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }} -webservice-url http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} {{- if .Values.auth.authentication.enabled }} -auth-plugin token -auth-params "{\"token\":\"$PulsarClientAuthenticationParameters\"}" {{- end }}; - ports: - # prometheus needs to access /metrics endpoint - - name: server - containerPort: {{ .Values.pulsar_detector.port }} - env: - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - - name: PulsarClientAuthenticationParameters - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}" - key: TOKEN - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/external-dns/_external_dns.tpl b/charts/pulsar/templates/external-dns/_external_dns.tpl deleted file mode 100644 index de00d04e0..000000000 --- a/charts/pulsar/templates/external-dns/_external_dns.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{/*Define external_dns service account*/}} -{{- define "external_dns.serviceAccount" -}} -{{- if .Values.external_dns.serviceAcct.name -}} -{{ .Values.external_dns.serviceAcct.name }} -{{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.external_dns.component }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/external-dns/external-dns-rbac.yaml b/charts/pulsar/templates/external-dns/external-dns-rbac.yaml deleted file mode 100644 index 696049907..000000000 --- a/charts/pulsar/templates/external-dns/external-dns-rbac.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.external_dns.enabled }} -{{- if not .Values.external_dns.use_existing }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "external_dns.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - annotations: -{{- with .Values.external_dns.serviceAcct.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.external_dns.component }}" - labels: - app: {{ template "pulsar.name" . }} - chart: {{ template "pulsar.chart" . }} - release: {{ .Release.Name }} -rules: -- apiGroups: [""] - resources: ["services","endpoints","pods"] - verbs: ["get","watch","list"] -- apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get","watch","list"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list"] -{{- if .Values.external_dns.istioEnabled }} -- apiGroups: ["networking.istio.io"] - resources: ["gateways", "virtualservices"] - verbs: ["get","watch","list"] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.external_dns.component }}-viewer" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.external_dns.component }}" -subjects: -- kind: ServiceAccount - name: {{ template "external_dns.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/external-dns/external-dns.yaml b/charts/pulsar/templates/external-dns/external-dns.yaml deleted file mode 100644 index b248e2bee..000000000 --- a/charts/pulsar/templates/external-dns/external-dns.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.external_dns.enabled }} -{{- if not .Values.external_dns.use_existing }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.external_dns.component }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - strategy: - type: Recreate - selector: - matchLabels: - {{- include "pulsar.template.labels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - spec: - serviceAccountName: {{ template "external_dns.serviceAccount" . }} - volumes: - {{- range .Values.external_dns.extraMounts }} - - name: {{ .mountName }} - {{ .type }}: - {{ toYaml .mountOpts }} - {{- end }} - - containers: - - name: external-dns - image: registry.k8s.io/external-dns/external-dns:v0.7.3 - args: - - --source=service - - --source=ingress - {{- if .Values.external_dns.istioEnabled }} - - --source=istio-gateway - - --source=istio-virtualservice - {{- end }} - # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - - --domain-filter={{ .Values.external_dns.domain_filter }} - - --provider={{ .Values.external_dns.provider }} - {{- if eq .Values.external_dns.provider "google" }} - {{- if .Values.external_dns.providers.google.project }} - # Use this to specify a project different from the one external-dns is running inside - - --google-project={{ .Values.external_dns.providers.google.project }} - {{- end }} - {{- end }} - {{- if eq .Values.external_dns.provider "aws" }} - - --aws-zone-type={{ .Values.external_dns.providers.aws.zoneType }} - {{- end }} - # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - - --policy={{ .Values.external_dns.policy }} - - --registry={{ .Values.external_dns.registry }} - - --txt-owner-id={{ .Values.external_dns.owner_id }} - volumeMounts: - {{- range .Values.external_dns.extraMounts }} - - name: {{ .mountName }} - mountPath: {{ .mountPath }} - {{- end }} - env: - {{- range .Values.external_dns.extraEnv }} - - name: {{ .name }} - value: {{ .value }} - {{- end }} - securityContext: - {{- with .Values.external_dns.securityContext }} - {{ toYaml . | indent 6 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/function-worker/_function_worker.tpl b/charts/pulsar/templates/function-worker/_function_worker.tpl deleted file mode 100644 index fe281e624..000000000 --- a/charts/pulsar/templates/function-worker/_function_worker.tpl +++ /dev/null @@ -1,163 +0,0 @@ -{{/*Define function worker service account*/}} -{{- define "pulsar.function.serviceAccount" -}} -{{- if .Values.functions.serviceAccount.create -}} - {{- if .Values.functions.serviceAccount.name -}} -{{ .Values.functions.serviceAccount.name }} - {{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-acct - {{- end -}} -{{- else -}} -{{ .Values.functions.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Pulsar Broker Service URL -*/}} -{{- define "pulsar.function.broker.service.url" -}} -{{- if and .Values.functions.useDedicatedRunner (eq .Values.functions.configData.functionRuntimeFactoryClassName "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory") -}} -pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.proxy.ports.pulsar }} -{{- else -}} -pulsar://localhost:6650 -{{- end -}} -{{- end -}} - -{{/* -Pulsar Web Service URL -*/}} -{{- define "pulsar.function.web.service.url" -}} -{{- if and .Values.functions.useDedicatedRunner (eq .Values.functions.configData.functionRuntimeFactoryClassName "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory") -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.proxy.ports.http }} -{{- else -}} -http://localhost:8080 -{{- end -}} -{{- end -}} - -{{/* -Pulsar Broker Service URL TLS -*/}} -{{- define "pulsar.function.broker.service.url.tls" -}} -{{- if and .Values.functions.useDedicatedRunner (eq .Values.functions.configData.functionRuntimeFactoryClassName "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory") -}} -pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.proxy.ports.pulsarssl }} -{{- else -}} -pulsar+ssl://localhost:6651 -{{- end -}} -{{- end -}} - -{{/* -Pulsar Web Service URL TLS -*/}} -{{- define "pulsar.function.web.service.url.tls" -}} -{{- if and .Values.functions.useDedicatedRunner (eq .Values.functions.configData.functionRuntimeFactoryClassName "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory") -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:{{ .Values.proxy.ports.https }} -{{- else -}} -https://localhost:8443 -{{- end -}} -{{- end -}} - -{{/* -Define function tls certs mounts -*/}} -{{- define "pulsar.function.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled .Values.tls.functions.enabled }} -- name: function-certs - mountPath: "/pulsar/certs/function" - readOnly: true -- name: ca - mountPath: "/pulsar/certs/ca" - readOnly: true -{{- end }} -{{- end }} - -{{/* -Define function tls certs volumes -*/}} -{{- define "pulsar.function.certs.volumes" -}} -{{- if and .Values.tls.enabled .Values.tls.broker.enabled }} -- name: function-certs - secret: - secretName: "{{ template "pulsar.function.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -{{- end }} -{{- end }} - -{{/* -Define the pulsar function full service name -*/}} -{{- define "pulsar.function.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }} -{{- end }} - - -{{/* -Define function token mounts -*/}} -{{- define "pulsar.function.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- mountPath: "/pulsar/keys" - name: token-keys - readOnly: true -{{- end }} -- mountPath: "/pulsar/tokens" - name: function-token - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define function token volumes -*/}} -{{- define "pulsar.function.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- name: token-keys - secret: - {{- if not .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-asymmetric-key" - {{- end}} - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-symmetric-key" - {{- end}} - items: - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - - key: SECRETKEY - path: token/secret.key - {{- else }} - - key: PUBLICKEY - path: token/public.key - {{- end}} -{{- end }} -- name: function-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.broker }}" - items: - - key: TOKEN - path: function/token -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define Function TLS certificate secret name -*/}} -{{- define "pulsar.function.tls.secret.name" -}} -{{- if .Values.tls.functions.certSecretName -}} -{{- .Values.tls.functions.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.functions.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/function-worker/function-worker-cluster-role-binding.yaml b/charts/pulsar/templates/function-worker/function-worker-cluster-role-binding.yaml deleted file mode 100644 index 8ef9ef206..000000000 --- a/charts/pulsar/templates/function-worker/function-worker-cluster-role-binding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.functions.serviceAccount.clusterRole }} -{{- if and (and .Values.components.functions .Values.functions.useDedicatedRunner) .Values.functions.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-clusterrolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-clusterrole" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.function.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-clusterrole" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/function-worker/function-worker-role-binding.yaml b/charts/pulsar/templates/function-worker/function-worker-role-binding.yaml deleted file mode 100644 index a46e7a815..000000000 --- a/charts/pulsar/templates/function-worker/function-worker-role-binding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if not .Values.functions.serviceAccount.clusterRole }} -{{- if and (and .Values.components.functions .Values.functions.useDedicatedRunner) .Values.functions.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-rolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-role" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.function.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-role" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/function-worker/function-worker-service-account.yaml b/charts/pulsar/templates/function-worker/function-worker-service-account.yaml deleted file mode 100644 index 5937e2f4f..000000000 --- a/charts/pulsar/templates/function-worker/function-worker-service-account.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and (and .Values.components.functions .Values.functions.useDedicatedRunner) .Values.functions.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.function.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} - annotations: -{{- with .Values.functions.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/function-worker/function-worker-service.yaml b/charts/pulsar/templates/function-worker/function-worker-service.yaml deleted file mode 100644 index 0c8edb584..000000000 --- a/charts/pulsar/templates/function-worker/function-worker-service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.functions .Values.functions.useDedicatedRunner }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} - annotations: -{{ toYaml .Values.functions.service.annotations | indent 4 }} -spec: - ports: - - name: http - port: {{ .Values.functions.ports.http }} - {{- if and .Values.tls.enabled .Values.tls.functions.enabled }} - - name: https - port: {{ .Values.functions.ports.https }} - {{- end }} - clusterIP: None - selector: -{{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} -{{- end }} diff --git a/charts/pulsar/templates/function-worker/function-worker-statefulset.yaml b/charts/pulsar/templates/function-worker/function-worker-statefulset.yaml deleted file mode 100644 index 44bd72818..000000000 --- a/charts/pulsar/templates/function-worker/function-worker-statefulset.yaml +++ /dev/null @@ -1,196 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.functions .Values.functions.useDedicatedRunner }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.functions.component }} -{{- with .Values.functions.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" - replicas: {{ .Values.functions.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.functions.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.functions.component }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.functions.ports.http }}" - {{- if .Values.functions.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/broker/function-worker-configfile-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.functions.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: -{{- with .Values.functions.securityContext }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- if or .Values.functions.serviceAccount.use (and .Values.components.functions (not .Values.functions.useDedicatedRunner)) }} - serviceAccountName: {{ template "pulsar.function.serviceAccount" . }} - {{- end }} - {{- if .Values.functions.nodeSelector }} - nodeSelector: - {{ toYaml .Values.functions.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.functions.tolerations }} - tolerations: - {{ toYaml .Values.functions.tolerations | indent 8 }} - {{- end }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.functions.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.functions.affinity.type }}: - {{ if eq .Values.functions.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.functions.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.functions.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.functions.gracePeriod }} - initContainers: - # This init container will wait for pulsar proxy to be ready before deploying the function worker - - name: wait-proxy-ready - image: "{{ .Values.images.function_worker.repository }}:{{ .Values.images.function_worker.tag }}" - imagePullPolicy: {{ .Values.images.function_worker.pullPolicy }} - command: ["sh", "-c"] - args: - - >- - set -e; - proxyServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }} | grep Name | wc -l)"; - until [ ${proxyServiceNumber} -ge 1 ]; do - echo "pulsar proxy {{ template "pulsar.fullname" . }} isn't initialized yet ... check in 10 seconds ..."; - sleep 10; - proxyServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }} | grep Name | wc -l)"; - done; -{{- with .Values.common.extraInitContainers }} -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" - image: "{{ .Values.images.function_worker.repository }}:{{ .Values.images.function_worker.tag }}" - imagePullPolicy: {{ .Values.images.function_worker.pullPolicy }} - {{- if .Values.functions.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: /initialized - port: {{ .Values.functions.ports.http }} - initialDelaySeconds: {{ .Values.functions.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.functions.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.functions.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.functions.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: /initialized - port: {{ .Values.functions.ports.http }} - initialDelaySeconds: {{ .Values.functions.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.functions.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.functions.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.functions.resources }} - resources: -{{ toYaml .Values.functions.resources | indent 12 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - bin/pulsar functions-worker; - ports: - # prometheus needs to access /metrics endpoint - - name: http - containerPort: {{ .Values.functions.ports.http }} - {{- if and .Values.tls.enabled .Values.tls.functions.enabled }} - - name: https - containerPort: {{ .Values.functions.ports.https }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.functions.extraEnvs }} -{{ toYaml . | indent 12 }} -{{- end }} - volumeMounts: - {{- include "pulsar.function.worker.config.volumeMounts" . | nindent 10 }} - {{- include "pulsar.function.token.volumeMounts" . | nindent 10 }} - {{- include "pulsar.function.certs.volumeMounts" . | nindent 10 }} -{{- with .Values.functions.extraVolumeMounts }} -{{ toYaml . | indent 10 }} -{{- end }} - volumes: - {{- include "pulsar.function.worker.config.volumes" . | nindent 6 }} - {{- include "pulsar.function.token.volumes" . | nindent 6 }} - {{- include "pulsar.function.certs.volumes" . | nindent 6 }} -{{- with .Values.functions.extraVolumes }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/_grafana.tpl b/charts/pulsar/templates/grafana/_grafana.tpl deleted file mode 100644 index 1ffb5b308..000000000 --- a/charts/pulsar/templates/grafana/_grafana.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* Grafana volumes storage class */}} -{{- define "pulsar.grafana.volumes.pvc.name" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-{{ .Values.grafana.volumes.data.name }} -{{- end }} - -{{- define "pulsar.grafana.volumes.storage.class" -}} -{{- if and .Values.volumes.local_storage .Values.grafana.volumes.data.local_storage }} -storageClassName: "local-storage" -{{- else }} - {{- if .Values.grafana.volumes.data.storageClass }} -storageClassName: "{{ template "pulsar.grafana.volumes.pvc.name" . }}" - {{- else if .Values.grafana.volumes.data.storageClassName }} -storageClassName: "{{ .Values.grafana.volumes.data.storageClassName }}" - {{- end -}} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/grafana/grafana-admin-secret.yaml b/charts/pulsar/templates/grafana/grafana-admin-secret.yaml deleted file mode 100644 index 256c7f372..000000000 --- a/charts/pulsar/templates/grafana/grafana-admin-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.grafana }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-secret" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -type: Opaque -stringData: - {{- if .Values.grafana.admin}} - GRAFANA_ADMIN_PASSWORD: {{ .Values.grafana.admin.password | default "pulsar" }} - GRAFANA_ADMIN_USER: {{ .Values.grafana.admin.user | default "pulsar" }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/grafana-azuread-secret.yaml b/charts/pulsar/templates/grafana/grafana-azuread-secret.yaml deleted file mode 100644 index 525befc62..000000000 --- a/charts/pulsar/templates/grafana/grafana-azuread-secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.monitoring.grafana .Values.grafana.azureAuthEnabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-azuread-secret" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -type: Opaque -stringData: - GF_AUTH_AZUREAD_CLIENT_ID: {{ .Values.grafana.azuread.client_id }} - GF_AUTH_AZUREAD_CLIENT_SECRET: {{ .Values.grafana.azuread.client_secret }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/grafana-configmap.yaml b/charts/pulsar/templates/grafana/grafana-configmap.yaml deleted file mode 100644 index d9472a98c..000000000 --- a/charts/pulsar/templates/grafana/grafana-configmap.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -{{- if .Values.monitoring.grafana }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -data: -{{- if .Values.grafana.loadConfigFromFile }} -{{ (.Files.Glob "conf/grafana/grafana.ini").AsConfig | indent 2 }} -{{- else }} - grafana.ini: | -{{- range $key, $value := index .Values.grafana "grafana.ini" }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{ $elem }} = {{ $elemVal }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/grafana-deployment.yaml b/charts/pulsar/templates/grafana/grafana-deployment.yaml deleted file mode 100644 index 1571e4d5c..000000000 --- a/charts/pulsar/templates/grafana/grafana-deployment.yaml +++ /dev/null @@ -1,150 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.grafana }} -{{- if or (not (and .Values.volumes.persistence .Values.grafana.volumes.persistence)) .Values.grafana.useDeployment }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -spec: - replicas: {{ .Values.grafana.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.grafana.component }} - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.grafana.component }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/grafana/grafana-configmap.yaml") . | sha256sum }} -{{- with .Values.grafana.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.grafana.nodeSelector }} - nodeSelector: -{{ toYaml .Values.grafana.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.grafana.tolerations }} - tolerations: -{{ toYaml .Values.grafana.tolerations | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.grafana.gracePeriod }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - image: "{{ .Values.images.grafana.repository }}:{{ .Values.images.grafana.tag }}" - imagePullPolicy: {{ .Values.images.grafana.pullPolicy }} - {{- if .Values.grafana.resources }} - resources: -{{ toYaml .Values.grafana.resources | indent 10 }} - {{- end }} - ports: - - name: server - containerPort: {{ .Values.grafana.port }} - env: - # for supporting apachepulsar/pulsar-grafana - - name: PROMETHEUS_URL - value: http://{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}:9090/{{ template "pulsar.control_center_path.prometheus" . }} - # for supporting streamnative/apache-pulsar-grafana-dashboard - - name: PULSAR_PROMETHEUS_URL - value: http://{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}:9090/{{ template "pulsar.control_center_path.prometheus" . }} - - name: PULSAR_CLUSTER - value: {{ template "pulsar.fullname" . }} - - name: GF_LOKI_URL - value: http://{{ .Release.Name }}-{{ .Values.grafana.datasources.loki }}.{{ .Release.Namespace }}.svc.cluster.local:3100/ - - name: GF_LOKI_DATASOURCE_NAME - value: {{ .Release.Name }}-{{ .Values.grafana.datasources.loki }} - - name: GRAFANA_ADMIN_USER - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-secret" - key: GRAFANA_ADMIN_USER - - name: GRAFANA_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-secret" - key: GRAFANA_ADMIN_PASSWORD - - name: GRAFANA_CFG_FILE - value: {{ template "pulsar.home" . }}/conf/grafana.ini -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.grafana }} - - name: GRAFANA_DOMAIN - value: {{ template "pulsar.control_center_domain" . }} - - name: GRAFANA_ROOT_URL - value: {{ template "pulsar.control_center_url" . }}{{ template "pulsar.control_center_path.grafana" . }}/ - - name: GRAFANA_SERVE_FROM_SUB_PATH - value: "true" -{{- else }} - - name: GRAFANA_DOMAIN - value: localhost - - name: GRAFANA_ROOT_URL - value: http://localhost:3000 - - name: GRAFANA_SERVE_FROM_SUB_PATH - value: "false" -{{- end }} -{{- if .Values.grafana.enableRendering }} - - name: GF_RENDERING_SERVER_URL - value: "http://localhost:{{ .Values.grafana.renderPort }}{{ .Values.grafana.renderPath }}" -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.grafana (not .Values.grafana.localRenderCallback) }} - - name: GF_RENDERING_CALLBACK_URL - value: {{ template "pulsar.control_center_url" . }}{{ template "pulsar.control_center_path.grafana" . }}/ -{{- else }} - - name: GF_RENDERING_CALLBACK_URL - value: "http://localhost:{{ .Values.grafana.port }}" -{{- end }} - - name: GF_LOG_FILTERS - value: "rendering:debug" -{{- end }} - volumeMounts: - - name: "cfg" - mountPath: "{{ template "pulsar.home" . }}/conf/grafana.ini" - subPath: grafana.ini -{{- if .Values.grafana.enableRendering }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.renderComponent }}" - image: "{{ .Values.images.grafana_render.repository }}:{{ .Values.images.grafana_render.tag }}" - imagePullPolicy: {{ .Values.images.grafana_render.pullPolicy }} - {{- if .Values.grafana.renderResources }} - resources: - {{ toYaml .Values.grafana.renderResources | indent 10 }} - {{- end }} - ports: - - name: render - containerPort: {{ .Values.grafana.renderPort }} - env: - - name: HTTP_PORT - value: "{{ .Values.grafana.renderPort }}" - - name: ENABLE_METRICS - value: 'true' -{{- end }} - volumes: - - name: "cfg" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/grafana-service.yaml b/charts/pulsar/templates/grafana/grafana-service.yaml deleted file mode 100644 index 01328a3d2..000000000 --- a/charts/pulsar/templates/grafana/grafana-service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.grafana }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} - annotations: -{{- with .Values.grafana.service.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.grafana.service.spec }} -{{- with .Values.grafana.service.spec }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- else }} - clusterIP: None -{{- end }} - ports: - - name: server - port: {{ .Values.grafana.port }} - protocol: TCP - selector: - {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -{{- if .Values.grafana.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.grafana.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/grafana-statefulset.yaml b/charts/pulsar/templates/grafana/grafana-statefulset.yaml deleted file mode 100644 index 99590f9e9..000000000 --- a/charts/pulsar/templates/grafana/grafana-statefulset.yaml +++ /dev/null @@ -1,187 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.grafana }} -{{- if and .Values.volumes.persistence .Values.grafana.volumes.persistence (not .Values.grafana.useDeployment) }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - replicas: {{ .Values.grafana.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.grafana.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: OrderedReady - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.grafana.component }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/grafana/grafana-configmap.yaml") . | sha256sum }} -{{- with .Values.grafana.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.grafana.nodeSelector }} - nodeSelector: -{{ toYaml .Values.grafana.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.grafana.tolerations }} - tolerations: -{{ toYaml .Values.grafana.tolerations | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.grafana.gracePeriod }} - {{- if .Values.grafana.volumes.securityContext }} - securityContext: -{{ toYaml .Values.grafana.volumes.securityContext | indent 8 }} - {{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - image: "{{ .Values.images.grafana.repository }}:{{ .Values.images.grafana.tag }}" - imagePullPolicy: {{ .Values.images.grafana.pullPolicy }} - {{- if .Values.grafana.resources }} - resources: -{{ toYaml .Values.grafana.resources | indent 10 }} - {{- end }} - ports: - - name: server - containerPort: {{ .Values.grafana.port }} - env: - # for supporting apachepulsar/pulsar-grafana - - name: PROMETHEUS_URL - value: http://{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}:9090/{{ template "pulsar.control_center_path.prometheus" . }} - # for supporting streamnative/apache-pulsar-grafana-dashboard - - name: PULSAR_PROMETHEUS_URL - value: http://{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}:9090/{{ template "pulsar.control_center_path.prometheus" . }} - - name: PULSAR_CLUSTER - value: {{ template "pulsar.fullname" . }} - - name: GF_LOKI_URL - value: http://{{ .Release.Name }}-{{ .Values.grafana.datasources.loki }}.{{ .Release.Namespace }}.svc.cluster.local:3100/ - - name: GF_LOKI_DATASOURCE_NAME - value: {{ .Release.Name }}-{{ .Values.grafana.datasources.loki }} - {{- if .Values.grafana.azureAuthEnabled }} - - name: GF_AUTH_AZUREAD_ENABLED - value: "true" - - name: GF_AUTH_AZUREAD_CLIENT_ID - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-azuread-secret" - key: GF_AUTH_AZUREAD_CLIENT_ID - - name: GF_AUTH_AZUREAD_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-azuread-secret" - key: GF_AUTH_AZUREAD_CLIENT_SECRET - {{- end }} - - name: GRAFANA_ADMIN_USER - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-secret" - key: GRAFANA_ADMIN_USER - - name: GRAFANA_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-secret" - key: GRAFANA_ADMIN_PASSWORD - - name: GRAFANA_CFG_FILE - value: {{ template "pulsar.home" . }}/conf/grafana.ini - {{- range .Values.grafana.volumes.env }} - - name: {{ .name }} - value: {{ .value }} - {{- end }} -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.grafana }} - - name: GRAFANA_DOMAIN - value: {{ template "pulsar.control_center_domain" . }} - - name: GRAFANA_ROOT_URL - value: {{ template "pulsar.control_center_url" . }}{{ template "pulsar.control_center_path.grafana" . }}/ - - name: GRAFANA_SERVE_FROM_SUB_PATH - value: "true" -{{- else }} - - name: GRAFANA_DOMAIN - value: localhost - - name: GRAFANA_ROOT_URL - value: http://localhost:3000 - - name: GRAFANA_SERVE_FROM_SUB_PATH - value: "false" -{{- end }} -{{- if .Values.grafana.enableRendering }} - - name: GF_RENDERING_SERVER_URL - value: "http://localhost:{{ .Values.grafana.renderPort }}{{ .Values.grafana.renderPath }}" -{{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.grafana (not .Values.grafana.localRenderCallback) }} - - name: GF_RENDERING_CALLBACK_URL - value: {{ template "pulsar.control_center_url" . }}{{ template "pulsar.control_center_path.grafana" . }}/ -{{- else }} - - name: GF_RENDERING_CALLBACK_URL - value: "http://localhost:{{ .Values.grafana.port }}" -{{- end }} - - name: GF_LOG_FILTERS - value: "rendering:debug" -{{- end }} - volumeMounts: - - name: "cfg" - mountPath: "{{ template "pulsar.home" . }}/conf/grafana.ini" - subPath: grafana.ini - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-{{ .Values.grafana.volumes.data.name }}" - mountPath: {{ .Values.grafana.volumes.mountPath }} -{{- if .Values.grafana.enableRendering }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.renderComponent }}" - image: "{{ .Values.images.grafana_render.repository }}:{{ .Values.images.grafana_render.tag }}" - imagePullPolicy: {{ .Values.images.grafana_render.pullPolicy }} - {{- if .Values.grafana.renderResources }} - resources: - {{ toYaml .Values.grafana.renderResources | indent 10 }} - {{- end }} - ports: - - name: render - containerPort: {{ .Values.grafana.renderPort }} - env: - - name: HTTP_PORT - value: "{{ .Values.grafana.renderPort }}" - - name: ENABLE_METRICS - value: 'true' -{{- end }} - volumes: - - name: "cfg" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" - volumeClaimTemplates: - - metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-{{ .Values.grafana.volumes.data.name }}" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.grafana.volumes.data.size }} - {{- include "pulsar.grafana.volumes.storage.class" . | nindent 6 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/grafana/grafana-storageclass.yaml b/charts/pulsar/templates/grafana/grafana-storageclass.yaml deleted file mode 100644 index 8a3e6c4dd..000000000 --- a/charts/pulsar/templates/grafana/grafana-storageclass.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.grafana }} -{{- if and .Values.volumes.persistence .Values.grafana.volumes.persistence }} -{{- if .Values.grafana.volumes.data.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}-{{ .Values.grafana.volumes.data.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.grafana.component }} -provisioner: {{ .Values.grafana.volumes.data.storageClass.provisioner }} -parameters: - type: {{ .Values.grafana.volumes.data.storageClass.type }} - fsType: {{ .Values.grafana.volumes.data.storageClass.fsType }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/image-puller/_daemonset-helper.yaml b/charts/pulsar/templates/image-puller/_daemonset-helper.yaml deleted file mode 100644 index 4b8e04515..000000000 --- a/charts/pulsar/templates/image-puller/_daemonset-helper.yaml +++ /dev/null @@ -1,161 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- /* -Returns an image-puller daemonset. Two daemonsets will be created like this. -- hook-image-puller: for pre helm upgrade image pulling (lives temporarily) -- continuous-image-puller: for newly added nodes image pulling -*/}} -{{- define "pulsar.imagePuller.daemonset" -}} -# image puller daemonset -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "pulsar.fullname" . }}-{{ print .componentPrefix "image-puller" }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - {{- if .hook }} - annotations: - {{- /* - Allows the daemonset to be deleted when the image-awaiter job is completed. - */}} - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "-10" - {{- end }} -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 100% - template: - metadata: - labels: - {{- /* Changes here will cause the DaemonSet to restart the pods. */}} - {{- include "pulsar.template.labels" . | nindent 8 }} - spec: - initContainers: - {{- with .Values.images }} - - name: image-pull-zookeeper - image: {{ .zookeeper.repository }}:{{ .zookeeper.tag }} - imagePullPolicy: {{ .zookeeper.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-bookie - image: {{ .bookie.repository }}:{{ .bookie.tag }} - imagePullPolicy: {{ .bookie.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-presto - image: {{ .presto.repository }}:{{ .presto.tag }} - imagePullPolicy: {{ .presto.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-autorecovery - image: {{ .autorecovery.repository }}:{{ .autorecovery.tag }} - imagePullPolicy: {{ .autorecovery.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-broker - image: {{ .broker.repository }}:{{ .broker.tag }} - imagePullPolicy: {{ .broker.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-proxy - image: {{ .proxy.repository }}:{{ .proxy.tag }} - imagePullPolicy: {{ .proxy.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-functions - image: {{ .functions.repository }}:{{ .functions.tag }} - imagePullPolicy: {{ .functions.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-function-worker - image: {{ .function_worker.repository }}:{{ .function_worker.tag }} - imagePullPolicy: {{ .function_worker.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-prometheus - image: {{ .prometheus.repository }}:{{ .prometheus.tag }} - imagePullPolicy: {{ .prometheus.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-alert-manager - image: {{ .alert_manager.repository }}:{{ .alert_manager.tag }} - imagePullPolicy: {{ .alert_manager.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-grafana - image: {{ .grafana.repository }}:{{ .grafana.tag }} - imagePullPolicy: {{ .grafana.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-pulsar-manager - image: {{ .pulsar_manager.repository }}:{{ .pulsar_manager.tag }} - imagePullPolicy: {{ .pulsar_manager.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-node-exporter - image: {{ .node_exporter.repository }}:{{ .node_exporter.tag }} - imagePullPolicy: {{ .node_exporter.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - - name: image-pull-nginx-ingress-controller - image: {{ .nginx_ingress_controller.repository }}:{{ .nginx_ingress_controller.tag }} - imagePullPolicy: {{ .nginx_ingress_controller.pullPolicy }} - command: - - /bin/sh - - -c - - echo "Pulling complete" - {{- end }} - containers: - - name: pause - image: {{ .Values.imagePuller.pause.image.name }}:{{ .Values.imagePuller.pause.image.tag }} -{{- end }} diff --git a/charts/pulsar/templates/image-puller/daemonset.yaml b/charts/pulsar/templates/image-puller/daemonset.yaml deleted file mode 100644 index ab4685b06..000000000 --- a/charts/pulsar/templates/image-puller/daemonset.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- /* -The hook-image-puller daemonset will be created with the highest priority during -helm upgrades. It's task is to pull the required images on all nodes. When the -image-awaiter job confirms the required images to be pulled, the daemonset is -deleted. Only then will the actual helm upgrade start. -*/}} -{{- if .Values.imagePuller.hook.enabled }} -{{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }} -{{- include "pulsar.imagePuller.daemonset" $_ }} -{{- end }} ---- -{{- /* -The continuous-image-puller daemonset task is to pull required images to nodes -that are added in between helm upgrades, for example by manually adding a node -or by the cluster autoscaler. -*/}} -{{- if .Values.imagePuller.continuous.enabled }} -{{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }} -{{ include "pulsar.imagePuller.daemonset" $_ }} -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/image-puller/job.yaml b/charts/pulsar/templates/image-puller/job.yaml deleted file mode 100644 index 159888623..000000000 --- a/charts/pulsar/templates/image-puller/job.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- /* -This job has a part to play in a helm upgrade process. It simply waits for the -hook-image-puller daemonset which is started slightly before this job to get -its' pods running. If all those pods are running they must have pulled all the -required images on all nodes as they are used as init containers with a dummy -command. -*/}} -{{- if .Values.imagePuller.hook.enabled -}} -# wait for images to be pulled -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "pulsar.fullname" . }}-hook-image-awaiter - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.imagePuller.component }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "10" -spec: - template: - metadata: - labels: - {{- /* Changes here will cause the Job to restart the pods. */}} - {{- include "pulsar.matchLabels" . | nindent 8 }} - component: {{ .Values.imagePuller.component }} - spec: - restartPolicy: Never - {{- if .Values.imagePuller.rbac.enabled }} - serviceAccountName: {{ template "pulsar.fullname" . }}-hook-image-awaiter - {{- end }} - containers: - - image: {{ .Values.imagePuller.hook.image.name }}:{{ .Values.imagePuller.hook.image.tag }} - name: hook-image-awaiter - imagePullPolicy: IfNotPresent - command: - - /image-awaiter - - -ca-path=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - - -api-server-address=https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT) - - -namespace={{ template "pulsar.namespace" . }} - - -daemonset={{ template "pulsar.fullname" . }}-hook-image-puller -{{- end }} diff --git a/charts/pulsar/templates/image-puller/rbac.yaml b/charts/pulsar/templates/image-puller/rbac.yaml deleted file mode 100644 index 676ca3f3c..000000000 --- a/charts/pulsar/templates/image-puller/rbac.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- /* -Permissions to be used by the hook-image-awaiter job -*/}} -{{- if .Values.imagePuller.hook.enabled }} -{{- if .Values.imagePuller.rbac.enabled }} -{{- /* -This service account... -*/ -}} -# service account -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.fullname" . }}-hook-image-awaiter - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "0" ---- -{{- /* -... will be used by this role... -*/}} -# service role -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "pulsar.fullname" . }}-hook-image-awaiter - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "0" -rules: - - apiGroups: ["apps"] # "" indicates the core API group - resources: ["daemonsets"] - verbs: ["get"] ---- -{{- /* -... as declared by this binding. -*/}} -# service role binding -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "pulsar.fullname" . }}-hook-image-awaiter - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - "helm.sh/hook-weight": "0" -subjects: - - kind: ServiceAccount - name: {{ template "pulsar.fullname" . }}-hook-image-awaiter - namespace: {{ template "pulsar.namespace" . }} -roleRef: - kind: Role - name: {{ template "pulsar.fullname" . }}-hook-image-awaiter - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/namespace.yaml b/charts/pulsar/templates/namespace.yaml deleted file mode 100644 index 13f70bd3b..000000000 --- a/charts/pulsar/templates/namespace.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.namespaceCreate }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ template "pulsar.namespace" . }} -{{- end }} diff --git a/charts/pulsar/templates/node-exporter/node-exporter.yaml b/charts/pulsar/templates/node-exporter/node-exporter.yaml deleted file mode 100644 index d5d2413c0..000000000 --- a/charts/pulsar/templates/node-exporter/node-exporter.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.node_exporter }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.node_exporter.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.node_exporter.component }} - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.node_exporter.component }} - updateStrategy: - type: OnDelete - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.node_exporter.component }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9100" -{{- with .Values.node_exporter.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.node_exporter.nodeSelector }} - nodeSelector: -{{ toYaml .Values.node_exporter.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.node_exporter.tolerations }} - tolerations: -{{ toYaml .Values.node_exporter.tolerations | indent 8 }} - {{- end }} - containers: - - name: prometheus-node-exporter - image: "{{ .Values.images.node_exporter.repository }}:{{ .Values.images.node_exporter.tag }}" - imagePullPolicy: {{ .Values.images.node_exporter.pullPolicy }} - args: - - --path.procfs=/host/proc - - --path.sysfs=/host/sys - ports: - volumeMounts: - - name: proc - mountPath: /host/proc - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - {{- if .Values.node_exporter.resources }} - resources: -{{ toYaml .Values.node_exporter.resources | indent 10 }} - {{- end }} - hostNetwork: true - hostPID: true - volumes: - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys -{{- end }} diff --git a/charts/pulsar/templates/oauth2/oauth2-secret.yaml b/charts/pulsar/templates/oauth2/oauth2-secret.yaml deleted file mode 100644 index ce2f59f28..000000000 --- a/charts/pulsar/templates/oauth2/oauth2-secret.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - - -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "oauth2" }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ .Release.Name }}-oauth2-private-key" - namespace: {{ template "pulsar.namespace" . }} -data: - auth.json: {{ .Values.auth.authentication.oauth2.brokerClientCredential | b64enc }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/presto/_presto.tpl b/charts/pulsar/templates/presto/_presto.tpl deleted file mode 100644 index de1237bf4..000000000 --- a/charts/pulsar/templates/presto/_presto.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "presto.coordinator" -}} -{{ template "pulsar.fullname" . }}-presto-coordinator -{{- end -}} - -{{- define "presto.worker" -}} -{{ template "pulsar.fullname" . }}-presto-worker -{{- end -}} - -{{- define "presto.service" -}} -{{ template "pulsar.fullname" . }}-presto -{{- end -}} - -{{- define "presto.worker.service" -}} -{{ template "pulsar.fullname" . }}-presto-worker -{{- end -}} - -{{/* -presto service domain -*/}} -{{- define "presto.service_domain" -}} -{{- if .Values.domain.enabled -}} -{{- printf "presto.%s.%s" .Release.Name .Values.domain.suffix -}} -{{- else -}} -{{- print "" -}} -{{- end -}} -{{- end -}} - -{{/* -pulsar ingress target port for http endpoint -*/}} -{{- define "presto.ingress.targetPort.http" -}} -{{- if .Values.tls.presto.enabled }} -{{- print "https" -}} -{{- else -}} -{{- print "http" -}} -{{- end -}} -{{- end -}} - -{{/* -pulsar presto worker image -*/}} -{{- define "presto.worker.image" -}} -{{- if .Values.images.presto_worker }} -image: "{{ .Values.images.presto_worker.repository }}:{{ .Values.images.presto_worker.tag }}" -imagePullPolicy: {{ .Values.images.presto_worker.pullPolicy }} -{{- else }} -image: "{{ .Values.images.presto.repository }}:{{ .Values.images.presto.tag }}" -imagePullPolicy: {{ .Values.images.presto.pullPolicy }} -{{- end }} -{{- end }} - -{{/* -Define Presto TLS certificate secret name -*/}} -{{- define "pulsar.presto.tls.secret.name" -}} -{{- if .Values.tls.presto.certSecretName -}} -{{- .Values.tls.presto.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.presto.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/presto/presto-coordinator-configmap.yaml b/charts/pulsar/templates/presto/presto-coordinator-configmap.yaml deleted file mode 100644 index 3fe5a2b69..000000000 --- a/charts/pulsar/templates/presto/presto-coordinator-configmap.yaml +++ /dev/null @@ -1,282 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.sql_worker }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.presto.coordinator.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.coordinator.component }} -data: - node.properties: | - node.environment={{ .Values.presto.node.environment }} - node.data-dir={{ template "pulsar.home" . }}/data - jvm.config: | - {{- if not .Values.presto.coordinator.jvm.jdk11 }} - -Dpresto-temporarily-allow-java8=true - -server - -Xmx{{ .Values.presto.coordinator.jvm.memory }} - -XX:+UseG1GC - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:ParallelGCThreads=4 - -XX:ConcGCThreads=4 - -XX:G1NewSizePercent=50 - -XX:+DisableExplicitGC - -XX:-ResizePLAB - -XX:+ExitOnOutOfMemoryError - -XX:+PerfDisableSharedMem - {{- else }} - -Dpresto-temporarily-allow-java8=true - -server - -Xmx{{ .Values.presto.coordinator.jvm.memory }} - -XX:+UseG1GC - -XX:G1HeapRegionSize=32M - -XX:+UseGCOverheadLimit - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -Dpresto-temporarily-allow-java8=true - -Djdk.attach.allowAttachSelf=true - {{- end}} - config.properties: | - # - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, - # software distributed under the License is distributed on an - # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - # KIND, either express or implied. See the License for the - # specific language governing permissions and limitations - # under the License. - # - - coordinator=true -{{- if .Values.tls.presto.enabled }} - http-server.http.enabled=false - http-server.https.enabled=true - http-server.https.port={{ .Values.presto.coordinator.ports.https }} - http-server.https.keystore.path= - http-server.https.keystore.key= - discovery.uri=https://localhost:{{ .Values.presto.coordinator.ports.https }} - internal-communication.https.required=true - internal-communication.https.keystore.path= - internal-communication.https.keystore.key= -{{- else }} - http-server.https.enabled=false - internal-communication.https.required=false - {{- if and .Values.ingress.presto.enabled .Values.ingress.presto.tls.enabled }} - http-server.authentication.allow-forwarded-https=true - dispatcher.forwarded-header=ACCEPT - {{- end }} - http-server.http.enabled=true - http-server.http.port={{ .Values.presto.coordinator.ports.http }} - discovery.uri=http://localhost:{{ .Values.presto.coordinator.ports.http }} -{{- end }} - discovery-server.enabled=true - query.max-memory={{ .Values.presto.coordinator.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.presto.coordinator.config.query.maxMemoryPerNode }} - query.max-total-memory-per-node={{ .Values.presto.coordinator.config.query.maxTotalMemoryPerNode }} -{{- if gt (int .Values.presto.worker.replicaCount) 0 }} - node-scheduler.include-coordinator=false -{{- else }} - node-scheduler.include-coordinator=true -{{- end }} -{{- if .Values.presto.security.authentication.jwt.enabled }} - # JWT Authentication - http-server.authentication.type=JWT - http-server.authentication.jwt.key-file={{ template "pulsar.home" . }}/trino/conf/{{ .Values.presto.security.authentication.jwt.publicKeyFileName }} -{{- end }} - - log.properties: | - # - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, - # software distributed under the License is distributed on an - # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - # KIND, either express or implied. See the License for the - # specific language governing permissions and limitations - # under the License. - # - - com.facebook.presto={{ .Values.presto.coordinator.log.presto.level }} - com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory=WARN - com.ning.http.client=WARN - com.facebook.presto.server.PluginManager={{ .Values.presto.coordinator.log.presto.level }} - - pulsar.properties: | - # - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, - # software distributed under the License is distributed on an - # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - # KIND, either express or implied. See the License for the - # specific language governing permissions and limitations - # under the License. - - # name of the connector to be displayed in the catalog - connector.name=pulsar - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - # the url of Pulsar broker service - pulsar.broker-service-url=https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/ - {{- else }} - # the url of Pulsar broker service - pulsar.broker-service-url=http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} - {{- end }} - # URI of Zookeeper cluster - {{- if .Values.presto.coordinator.usePlaintextZooKeeper}} - pulsar.zookeeper-uri={{ template "pulsar.zookeeper.connect.plaintext" . }} - {{- else }} - pulsar.zookeeper-uri={{ template "pulsar.zookeeper.connect" . }} - {{- end }} - # minimum number of entries to read at a single time - pulsar.max-entry-read-batch-size={{ .Values.presto.catalog.pulsar.maxEntryReadBatchSize }} - # default number of splits to use per query - pulsar.target-num-splits={{ .Values.presto.catalog.pulsar.targetNumSplits }} - # max message queue size - pulsar.max-split-message-queue-size={{ .Values.presto.catalog.pulsar.maxSplitMessageQueueSize }} - # max entry queue size - pulsar.max-split-entry-queue-size={{ .Values.presto.catalog.pulsar.maxSplitEntryQueueSize }} - # Rewrite namespace delimiter - # Warn: avoid using symbols allowed by Namespace (a-zA-Z_0-9 -=:%) - # to prevent erroneous rewriting - pulsar.namespace-delimiter-rewrite-enable={{ .Values.presto.catalog.pulsar.namespaceDelimiterRewriteEnable }} - pulsar.rewrite-namespace-delimiter={{ .Values.presto.catalog.pulsar.rewriteNamespaceDelimiter }} - - ####### TIERED STORAGE OFFLOADER CONFIGS ####### - - {{- if and .Values.broker.offload.enabled .Values.presto.read_offload.enabled }} - ## Driver to use to offload old data to long term storage - pulsar.managed-ledger-offload-driver = {{ .Values.broker.offload.managedLedgerOffloadDriver }} - - ## The directory to locate offloaders - pulsar.offloaders-directory = {{ template "pulsar.home" . }}/offloaders - - ## Maximum number of thread pool threads for ledger offloading - pulsar.managed-ledger-offload-max-threads = 2 - - {{- if .Values.broker.offload.s3.enabled }} - ## Properties and configurations related to specific offloader implementation - pulsar.offloader-properties = \ - {"s3ManagedLedgerOffloadBucket": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadBucket }}", \ - "s3ManagedLedgerOffloadRegion": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadRegion }}", \ - "s3ManagedLedgerOffloadReadBufferSizeInBytes": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadReadBufferSizeInBytes }}", \ - "s3ManagedLedgerOffloadServiceEndpoint": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadServiceEndpoint }}"} - {{- end }} - - {{- end }} - - ####### AUTHENTICATION CONFIGS ####### - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - ## the authentication plugin to be used to authenticate to Pulsar cluster - pulsar.auth-plugin = org.apache.pulsar.client.impl.auth.AuthenticationToken - - ## the authentication parameter to be used to authenticate to Pulsar cluster - pulsar.auth-params = file:///pulsar/tokens/client/token - {{- end }} - {{- end }} - - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - ## Accept untrusted TLS certificate - pulsar.tls-allow-insecure-connection = false - - ## Whether to enable hostname verification on TLS connections - pulsar.tls-hostname-verification-enable = false - - ## Path for the trusted TLS certificate file - pulsar.tls-trust-cert-file-path = /pulsar/certs/ca/ca.crt - {{- end }} - - ####### BOOKKEEPER CONFIGS ####### - - # Entries read count throttling-limit per seconds, 0 is represents disable the throttle, default is 0. - pulsar.bookkeeper-throttle-value = {{ .Values.presto.catalog.pulsar.bookkeeperThrottleValue }} - - # The number of threads used by Netty to handle TCP connections, - # default is 2 * Runtime.getRuntime().availableProcessors(). - pulsar.bookkeeper-num-io-threads = {{ .Values.presto.catalog.pulsar.bookkeeperNumIOThreads }} - - # The number of worker threads used by bookkeeper client to submit operations, - # default is Runtime.getRuntime().availableProcessors(). - pulsar.bookkeeper-num-worker-threads = {{ .Values.presto.catalog.pulsar.bookkeeperNumWorkerThreads }} - - ####### MANAGED LEDGER CONFIGS ####### - - # Amount of memory to use for caching data payload in managed ledger. This memory - # is allocated from JVM direct memory and it's shared across all the managed ledgers - # running in same sql worker. 0 is represents disable the cache, default is 0. - pulsar.managed-ledger-cache-size-MB = {{ .Values.presto.catalog.pulsar.managedLedgerCacheSizeMB }} - - # Number of threads to be used for managed ledger tasks dispatching, - # default is Runtime.getRuntime().availableProcessors(). - pulsar.managed-ledger-num-worker-threads = {{ .Values.presto.catalog.pulsar.mlNumWorkerThreads }} - - # Number of threads to be used for managed ledger scheduled tasks, - # default is Runtime.getRuntime().availableProcessors(). - pulsar.managed-ledger-num-scheduler-threads = {{ .Values.presto.catalog.pulsar.mlNumSchedulerThreads }} - -{{- if or .Values.presto.security.authentication.jwt.enabled .Values.presto.security.authentication.password.enabled }} - rules.json: -{{ toYaml .Values.presto.security.rules | indent 2 }} -{{- end}} -{{- if .Values.presto.security.authentication.jwt.enabled }} - access-control.properties: | - # access-control.properties - access-control.name=file - security.config-file={{ template "pulsar.home" . }}/trino/conf/rules.json - security.refresh-period=60s -{{- end}} -{{- if .Values.presto.security.authentication.password.enabled }} - password-authenticator.properties: | - password-authenticator.name=file - file.password-file={{ template "pulsar.home" . }}/trino/{{ .Values.presto.security.authentication.password.passwordFileName }} - file.refresh-period=60s -{{- end}} -{{- end }} diff --git a/charts/pulsar/templates/presto/presto-coordinator-statefulset.yaml b/charts/pulsar/templates/presto/presto-coordinator-statefulset.yaml deleted file mode 100644 index 886c39c38..000000000 --- a/charts/pulsar/templates/presto/presto-coordinator-statefulset.yaml +++ /dev/null @@ -1,282 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.sql_worker }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "presto.coordinator" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.coordinator.component }} -spec: - serviceName: {{ template "presto.service" . }} - replicas: {{ .Values.presto.coordinator.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.presto.coordinator.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.presto.coordinator.component }} - annotations: - prometheus.io/scrape: "false" - prometheus.io/port: "{{ .Values.presto.coordinator.ports.http }}" -{{- with .Values.presto.coordinator.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- with .Values.presto.coordinator.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.presto.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.presto.coordinator.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.presto.coordinator.affinity.type }}: - {{ if eq .Values.presto.coordinator.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.presto.coordinator.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.presto.coordinator.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.presto.coordinator.gracePeriod }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-coordinator - image: "{{ .Values.images.presto.repository }}:{{ .Values.images.presto.tag }}" - imagePullPolicy: {{ .Values.images.presto.pullPolicy }} - {{- if .Values.presto.coordinator.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.presto.coordinator.probe.liveness.path }} - port: {{ .Values.presto.coordinator.ports.http }} - initialDelaySeconds: {{ .Values.presto.coordinator.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.presto.coordinator.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.presto.coordinator.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.presto.coordinator.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.presto.coordinator.probe.readiness.path }} - port: {{ .Values.presto.coordinator.ports.http }} - initialDelaySeconds: {{ .Values.presto.coordinator.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.presto.coordinator.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.presto.coordinator.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.presto.coordinator.resources }} - resources: -{{ toYaml .Values.presto.coordinator.resources | indent 12 }} - {{- end }} - command: ["sh", "-c"] - args: - {{ if .Values.presto.coordinator.commandOverride }} - {{ with .Values.presto.coordinator.commandOverride }} - -{{- toYaml . | indent 12 }} - {{- end }} - {{- else }} - - >- - cp {{ template "pulsar.home" . }}/trino/conf/node.properties.template {{ template "pulsar.home" . }}/trino/conf/node.properties; - echo "node.id=${HOSTNAME}" >> {{ template "pulsar.home" . }}/trino/conf/node.properties ; - bin/pulsar sql-worker run \ - --etc-dir={{ template "pulsar.home" . }}/trino/conf \ - --data-dir={{ template "pulsar.home" . }}/data; - {{- end }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- if and .Values.broker.offload.s3.enabled .Values.broker.offload.s3.secret }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.broker.offload.s3.secret }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.broker.offload.s3.secret }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: {{ template "pulsar.home" . }}/trino/conf/node.properties.template - name: config-volume - subPath: node.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/log.properties - name: config-volume - subPath: log.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/jvm.config - name: config-volume - subPath: jvm.config - - mountPath: {{ template "pulsar.home" . }}/trino/conf/config.properties - name: config-volume - subPath: config.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/catalog/pulsar.properties - name: config-volume - subPath: pulsar.properties - {{- if or .Values.presto.security.authentication.jwt.enabled .Values.presto.security.authentication.password.enabled }} - - mountPath: {{ template "pulsar.home" . }}/trino/conf/rules.json - name: config-volume - subPath: rules.json - {{- end}} - {{- if .Values.presto.security.authentication.password.enabled }} - - mountPath: {{ template "pulsar.home" . }}/trino/conf/password-authenticator.properties - name: config-volume - subPath: password-authenticator.properties - - mountPath: {{ template "pulsar.home" . }}/trino - name: password-file-volume - {{- end}} - {{- if .Values.presto.security.authentication.jwt.enabled }} - - mountPath: {{ template "pulsar.home" . }}/trino/conf/access-control.properties - name: config-volume - subPath: access-control.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/{{ .Values.presto.security.authentication.jwt.publicKeyFileName }} - name: public-key-volume - subPath: {{ .Values.presto.security.authentication.jwt.publicKeyConfigMapKey }} - {{- end}} - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - - mountPath: "/pulsar/tokens" - name: client-token - readOnly: true - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - mountPath: "/pulsar/certs/ca" - name: ca - readOnly: true - {{- end}} - {{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled)) }} - - name: presto-certs - mountPath: "/pulsar/certs/presto" - readOnly: true - {{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled) }} - - name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh - {{- end}} - {{- end}} - ports: -{{- if .Values.tls.presto.enabled }} - - name: https - containerPort: {{ .Values.presto.coordinator.ports.https }} - protocol: TCP -{{- else }} - - name: http - containerPort: {{ .Values.presto.coordinator.ports.http }} - protocol: TCP -{{- end }} - volumes: - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - - name: client-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}" - items: - - key: TOKEN - path: client/token - {{- end}} - {{- end}} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt - {{- end}} - {{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled)) }} - - name: presto-certs - secret: - secretName: "{{ template "pulsar.presto.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - {{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled) }} - - name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 - {{- end}} - {{- end}} - - name: config-volume - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.presto.coordinator.component }}" - {{- if .Values.presto.security.authentication.jwt.enabled }} - - name: public-key-volume - configMap: - name: {{ .Values.presto.security.authentication.jwt.publicKeyConfigMapName }} - {{- end}} - {{- if .Values.presto.security.authentication.password.enabled }} - - name: password-file-volume - secret: - secretName: {{ .Values.presto.security.authentication.password.passwordFileSecret }} - items: - - key: {{ .Values.presto.security.authentication.password.passwordFileSecretKey }} - path: {{ .Values.presto.security.authentication.password.passwordFileName }} - {{- end}} -{{- end }} diff --git a/charts/pulsar/templates/presto/presto-service-ingress.yaml b/charts/pulsar/templates/presto/presto-service-ingress.yaml deleted file mode 100644 index 13f65da71..000000000 --- a/charts/pulsar/templates/presto/presto-service-ingress.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.sql_worker .Values.ingress.presto.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "presto.service" . }}-ingress" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.coordinator.component }} - annotations: - {{- if .Values.external_dns.enabled }} - {{- if .Values.domain.enabled }} - external-dns.alpha.kubernetes.io/hostname: {{ template "presto.service_domain" . }} - {{- end }} - {{- end }} - {{- with .Values.ingress.presto.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.ingress.presto.type }} - ports: - {{- if .Values.ingress.presto.tls.enabled }} - - name: https - port: {{ .Values.ingress.presto.ports.https }} - protocol: TCP -{{- if .Values.tls.presto.enabled }} - targetPort: {{ .Values.presto.coordinator.ports.https }} -{{- else }} - targetPort: {{ .Values.presto.coordinator.ports.http }} -{{- end }} - {{- else }} - - name: http - port: {{ .Values.ingress.presto.ports.http }} - protocol: TCP -{{- if .Values.tls.presto.enabled }} - targetPort: {{ .Values.presto.coordinator.ports.https }} -{{- else }} - targetPort: {{ .Values.presto.coordinator.ports.http }} -{{- end }} - {{- end }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.presto.coordinator.component }} - {{- with .Values.ingress.presto.extraSpec }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/presto/presto-service.yaml b/charts/pulsar/templates/presto/presto-service.yaml deleted file mode 100644 index 0c2dcdd72..000000000 --- a/charts/pulsar/templates/presto/presto-service.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -{{- if .Values.components.sql_worker }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "presto.service" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.coordinator.component }} -spec: -{{- with .Values.presto.service.spec }} -{{ toYaml . | indent 2 }} -{{- end }} - ports: -{{- if .Values.tls.presto.enabled }} - - port: {{ .Values.presto.coordinator.ports.https }} - targetPort: {{ .Values.presto.coordinator.ports.https }} - protocol: TCP - name: https -{{- else }} - - port: {{ .Values.presto.coordinator.ports.http }} - targetPort: {{ .Values.presto.coordinator.ports.http }} - protocol: TCP - name: http -{{- end }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.presto.coordinator.component }} -{{- end }} diff --git a/charts/pulsar/templates/presto/presto-worker-configmap.yaml b/charts/pulsar/templates/presto/presto-worker-configmap.yaml deleted file mode 100644 index 5a5138eaa..000000000 --- a/charts/pulsar/templates/presto/presto-worker-configmap.yaml +++ /dev/null @@ -1,252 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.sql_worker }} -{{- if gt (int .Values.presto.worker.replicaCount) 0 }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.presto.worker.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.worker.component }} -data: - node.properties: | - node.environment={{ .Values.presto.node.environment }} - node.data-dir={{ template "pulsar.home" . }}/data - jvm.config: | - {{- if not .Values.presto.worker.jvm.jdk11 }} - -Dpresto-temporarily-allow-java8=true - -server - -Xmx{{ .Values.presto.worker.jvm.memory }} - -XX:+UseG1GC - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:ParallelGCThreads=4 - -XX:ConcGCThreads=4 - -XX:G1NewSizePercent=50 - -XX:+DisableExplicitGC - -XX:-ResizePLAB - -XX:+ExitOnOutOfMemoryError - -XX:+PerfDisableSharedMem - {{- else }} - -Dpresto-temporarily-allow-java8=true - -server - -Xmx{{ .Values.presto.worker.jvm.memory }} - -XX:+UseG1GC - -XX:G1HeapRegionSize=32M - -XX:+UseGCOverheadLimit - -XX:+ExplicitGCInvokesConcurrent - -XX:+HeapDumpOnOutOfMemoryError - -XX:+ExitOnOutOfMemoryError - -Dpresto-temporarily-allow-java8=true - -Djdk.attach.allowAttachSelf=true - {{- end}} - config.properties: | - # - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, - # software distributed under the License is distributed on an - # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - # KIND, either express or implied. See the License for the - # specific language governing permissions and limitations - # under the License. - # - coordinator=false -{{- if .Values.tls.presto.enabled }} - http-server.http.enabled=false - http-server.https.enabled=true - http-server.https.port={{ .Values.presto.coordinator.ports.https }} - http-server.https.keystore.path= - http-server.https.keystore.key= - internal-communication.https.required=true - internal-communication.https.keystore.path= - internal-communication.https.keystore.key= - discovery.uri=https://{{ template "presto.service" . }}:{{ .Values.presto.coordinator.ports.https }} -{{- else }} - http-server.https.enabled=false - internal-communication.https.required=false - http-server.http.enabled=true - http-server.http.port={{ .Values.presto.coordinator.ports.http }} - discovery.uri=http://{{ template "presto.service" . }}:{{ .Values.presto.coordinator.ports.http }} -{{- end }} - query.max-memory={{ .Values.presto.worker.config.query.maxMemory }} - query.max-memory-per-node={{ .Values.presto.worker.config.query.maxMemoryPerNode }} - query.max-total-memory-per-node={{ .Values.presto.worker.config.query.maxTotalMemoryPerNode }} - log.properties: | - # - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, - # software distributed under the License is distributed on an - # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - # KIND, either express or implied. See the License for the - # specific language governing permissions and limitations - # under the License. - # - - com.facebook.presto={{ .Values.presto.worker.log.presto.level }} - com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory=WARN - com.ning.http.client=WARN - com.facebook.presto.server.PluginManager={{ .Values.presto.worker.log.presto.level }} - - pulsar.properties: | - # - # Licensed to the Apache Software Foundation (ASF) under one - # or more contributor license agreements. See the NOTICE file - # distributed with this work for additional information - # regarding copyright ownership. The ASF licenses this file - # to you under the Apache License, Version 2.0 (the - # "License"); you may not use this file except in compliance - # with the License. You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, - # software distributed under the License is distributed on an - # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - # KIND, either express or implied. See the License for the - # specific language governing permissions and limitations - # under the License. - - # name of the connector to be displayed in the catalog - connector.name=pulsar - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - # the url of Pulsar broker service - pulsar.broker-service-url=https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/ - {{- else }} - # the url of Pulsar broker service - pulsar.broker-service-url=http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} - {{- end }} - # URI of Zookeeper cluster - {{- if .Values.presto.worker.usePlaintextZooKeeper}} - pulsar.zookeeper-uri={{ template "pulsar.zookeeper.connect.plaintext" . }} - {{- else }} - pulsar.zookeeper-uri={{ template "pulsar.zookeeper.connect" . }} - {{- end }} - # minimum number of entries to read at a single time - pulsar.max-entry-read-batch-size={{ .Values.presto.catalog.pulsar.maxEntryReadBatchSize }} - # default number of splits to use per query - pulsar.target-num-splits={{ .Values.presto.catalog.pulsar.targetNumSplits }} - # max message queue size - pulsar.max-split-message-queue-size={{ .Values.presto.catalog.pulsar.maxSplitMessageQueueSize }} - # max entry queue size - pulsar.max-split-entry-queue-size={{ .Values.presto.catalog.pulsar.maxSplitEntryQueueSize }} - # Rewrite namespace delimiter - # Warn: avoid using symbols allowed by Namespace (a-zA-Z_0-9 -=:%) - # to prevent erroneous rewriting - pulsar.namespace-delimiter-rewrite-enable={{ .Values.presto.catalog.pulsar.namespaceDelimiterRewriteEnable }} - pulsar.rewrite-namespace-delimiter={{ .Values.presto.catalog.pulsar.rewriteNamespaceDelimiter }} - - ####### TIERED STORAGE OFFLOADER CONFIGS ####### - - {{- if and .Values.broker.offload.enabled .Values.presto.read_offload.enabled }} - ## Driver to use to offload old data to long term storage - pulsar.managed-ledger-offload-driver = {{ .Values.broker.offload.managedLedgerOffloadDriver }} - - ## The directory to locate offloaders - pulsar.offloaders-directory = {{ template "pulsar.home" . }}/offloaders - - ## Maximum number of thread pool threads for ledger offloading - pulsar.managed-ledger-offload-max-threads = 2 - - {{- if .Values.broker.offload.s3.enabled }} - ## Properties and configurations related to specific offloader implementation - pulsar.offloader-properties = \ - {"s3ManagedLedgerOffloadBucket": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadBucket }}", \ - "s3ManagedLedgerOffloadRegion": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadRegion }}", \ - "s3ManagedLedgerOffloadReadBufferSizeInBytes": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadReadBufferSizeInBytes }}", \ - "s3ManagedLedgerOffloadServiceEndpoint": "{{ .Values.broker.offload.s3.s3ManagedLedgerOffloadServiceEndpoint }}"} - {{- end }} - - {{- end }} - - ####### AUTHENTICATION CONFIGS ####### - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - ## the authentication plugin to be used to authenticate to Pulsar cluster - pulsar.auth-plugin = org.apache.pulsar.client.impl.auth.AuthenticationToken - - ## the authentication parameter to be used to authenticate to Pulsar cluster - pulsar.auth-params = file:///pulsar/tokens/client/token - {{- end }} - {{- end }} - - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - ## Accept untrusted TLS certificate - pulsar.tls-allow-insecure-connection = false - - ## Whether to enable hostname verification on TLS connections - pulsar.tls-hostname-verification-enable = false - - ## Path for the trusted TLS certificate file - pulsar.tls-trust-cert-file-path = /pulsar/certs/ca/ca.crt - {{- end }} - - ####### BOOKKEEPER CONFIGS ####### - - # Entries read count throttling-limit per seconds, 0 is represents disable the throttle, default is 0. - pulsar.bookkeeper-throttle-value = {{ .Values.presto.catalog.pulsar.bookkeeperThrottleValue }} - - # The number of threads used by Netty to handle TCP connections, - # default is 2 * Runtime.getRuntime().availableProcessors(). - pulsar.bookkeeper-num-io-threads = {{ .Values.presto.catalog.pulsar.bookkeeperNumIOThreads }} - - # The number of worker threads used by bookkeeper client to submit operations, - # default is Runtime.getRuntime().availableProcessors(). - pulsar.bookkeeper-num-worker-threads = {{ .Values.presto.catalog.pulsar.bookkeeperNumWorkerThreads }} - - ####### MANAGED LEDGER CONFIGS ####### - - # Amount of memory to use for caching data payload in managed ledger. This memory - # is allocated from JVM direct memory and it's shared across all the managed ledgers - # running in same sql worker. 0 is represents disable the cache, default is 0. - pulsar.managed-ledger-cache-size-MB = {{ .Values.presto.catalog.pulsar.managedLedgerCacheSizeMB }} - - # Number of threads to be used for managed ledger tasks dispatching, - # default is Runtime.getRuntime().availableProcessors(). - pulsar.managed-ledger-num-worker-threads = {{ .Values.presto.catalog.pulsar.mlNumWorkerThreads }} - - # Number of threads to be used for managed ledger scheduled tasks, - # default is Runtime.getRuntime().availableProcessors(). - pulsar.managed-ledger-num-scheduler-threads = {{ .Values.presto.catalog.pulsar.mlNumSchedulerThreads }} - health_check.sh: | - #!/bin/bash - curl --silent {{ template "presto.service" . }}:{{ .Values.presto.coordinator.ports.http }}/v1/node | tr "," "\n" | grep --silent $(hostname) -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/presto/presto-worker-service.yaml b/charts/pulsar/templates/presto/presto-worker-service.yaml deleted file mode 100644 index d39e49018..000000000 --- a/charts/pulsar/templates/presto/presto-worker-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -{{- if .Values.components.sql_worker }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "presto.worker.service" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.worker.component }} -spec: -{{- with .Values.presto.worker.service.spec }} -{{ toYaml . | indent 2 }} -{{- end }} - ports: - - port: {{ .Values.presto.worker.ports.http }} - targetPort: {{ .Values.presto.worker.ports.http }} - protocol: TCP - name: http - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.presto.worker.component }} -{{- end }} diff --git a/charts/pulsar/templates/presto/presto-worker-statefulset.yaml b/charts/pulsar/templates/presto/presto-worker-statefulset.yaml deleted file mode 100644 index d745c7ad8..000000000 --- a/charts/pulsar/templates/presto/presto-worker-statefulset.yaml +++ /dev/null @@ -1,252 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -{{- if .Values.components.sql_worker }} -{{- if gt (int .Values.presto.worker.replicaCount) 0 }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "presto.worker" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.presto.worker.component }} -{{- with .Values.presto.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: {{ template "presto.worker.service" . }} - replicas: {{ .Values.presto.worker.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.presto.worker.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.presto.worker.component }} - annotations: - prometheus.io/scrape: "false" - prometheus.io/port: "{{ .Values.presto.worker.ports.http }}" -{{- with .Values.presto.worker.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- with .Values.presto.worker.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.presto.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.presto.worker.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.presto.worker.affinity.type }}: - {{ if eq .Values.presto.worker.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.presto.worker.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.presto.worker.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.presto.worker.gracePeriod }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-worker - {{- include "presto.worker.image" . | nindent 10 }} - {{- if .Values.presto.worker.probe.liveness.enabled }} - livenessProbe: - exec: - command: - - /bin/bash - - /presto/health_check.sh - initialDelaySeconds: {{ .Values.presto.worker.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.presto.worker.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.presto.worker.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.presto.worker.probe.readiness.enabled }} - readinessProbe: - exec: - command: - - /bin/bash - - /presto/health_check.sh - initialDelaySeconds: {{ .Values.presto.worker.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.presto.worker.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.presto.worker.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.presto.worker.resources }} - resources: -{{ toYaml .Values.presto.worker.resources | indent 12 }} - {{- end }} - command: ["sh", "-c"] - args: - {{ if .Values.presto.worker.commandOverride }} - {{ with .Values.presto.worker.commandOverride }} - -{{- toYaml . | indent 12 }} - {{- end }} - {{- else }} - - >- - cp {{ template "pulsar.home" . }}/trino/conf/node.properties.template {{ template "pulsar.home" . }}/trino/conf/node.properties; - echo "node.id=${HOSTNAME}" >> {{ template "pulsar.home" . }}/trino/conf/node.properties ; - bin/pulsar sql-worker run \ - --etc-dir={{ template "pulsar.home" . }}/trino/conf \ - --data-dir={{ template "pulsar.home" . }}/data; - {{- end }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- if and .Values.broker.offload.s3.enabled .Values.broker.offload.s3.secret }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.broker.offload.s3.secret }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.broker.offload.s3.secret }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: {{ template "pulsar.home" . }}/trino/conf/node.properties.template - name: config-volume - subPath: node.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/log.properties - name: config-volume - subPath: log.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/jvm.config - name: config-volume - subPath: jvm.config - - mountPath: {{ template "pulsar.home" . }}/trino/conf/config.properties - name: config-volume - subPath: config.properties - - mountPath: {{ template "pulsar.home" . }}/trino/conf/catalog/pulsar.properties - name: config-volume - subPath: pulsar.properties - - mountPath: /presto/health_check.sh - name: config-volume - subPath: health_check.sh - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - - mountPath: "/pulsar/tokens" - name: client-token - readOnly: true - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - mountPath: "/pulsar/certs/ca" - name: ca - readOnly: true - {{- end}} - {{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled)) }} - - name: presto-certs - mountPath: "/pulsar/certs/presto" - readOnly: true - {{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled) }} - - name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh - {{- end}} - {{- end}} - ports: - - name: http - containerPort: {{ .Values.presto.worker.ports.http }} - protocol: TCP - volumes: - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - - name: client-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}" - items: - - key: TOKEN - path: client/token - {{- end}} - {{- end}} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - - name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt - {{- end}} - {{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled)) }} - - name: presto-certs - secret: - secretName: "{{ template "pulsar.presto.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - {{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled) }} - - name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 - {{- end}} - {{- end}} - - name: config-volume - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.presto.worker.component }}" -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/_prometheus.tpl b/charts/pulsar/templates/prometheus/_prometheus.tpl deleted file mode 100644 index 19b209cef..000000000 --- a/charts/pulsar/templates/prometheus/_prometheus.tpl +++ /dev/null @@ -1,146 +0,0 @@ -{{/* -Define toolset token mounts -*/}} -{{- define "pulsar.prometheus.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -- mountPath: "/pulsar/tokens" - name: client-token - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define toolset token volumes -*/}} -{{- define "pulsar.prometheus.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -- name: client-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}" - items: - - key: TOKEN - path: client/token -{{- end }} -{{- end }} -{{- end }} - -{{/*Define prometheus service account*/}} -{{- define "pulsar.prometheus.serviceAccount" -}} -{{- if .Values.prometheus.serviceAccount.create -}} - {{- if .Values.prometheus.serviceAccount.name -}} -{{ .Values.prometheus.serviceAccount.name }} - {{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleName }} - {{- end -}} -{{- else -}} -{{ .Values.prometheus.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/*Define federation datadog annotation*/}} -{{- define "pulsar.prometheus.datadog.annotation" -}} -{{- if .Values.datadog.components.prometheus.enabled }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}.check_names: | - ["openmetrics"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.prometheus.port }}/federate?match[]=%7B__name__%3D~%22pulsar_.%2B%7Cjvm_.%2B%7Ctopic_.%2B%22%7D", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.prometheus.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, - "type_overrides": { - "pulsar_topics_count": "gauge", - "pulsar_rate_in": "gauge", - "pulsar_rate_out": "gauge", - "pulsar_subscriptions_count": "gauge", - "pulsar_producers_count": "gauge", - "pulsar_consumers_count": "gauge", - "pulsar_throughput_in": "gauge", - "pulsar_throughput_out": "gauge", - "pulsar_storage_size": "gauge", - "pulsar_msg_backlog": "gauge", - "pulsar_storage_backlog_size": "gauge", - "pulsar_storage_offloaded_size": "gauge", - "pulsar_storage_write_latency_le_0_5": "gauge", - "pulsar_storage_write_latency_le_1": "gauge", - "pulsar_storage_write_latency_le_5": "gauge", - "pulsar_storage_write_latency_le_10": "gauge", - "pulsar_storage_write_latency_le_20": "gauge", - "pulsar_storage_write_latency_le_50": "gauge", - "pulsar_storage_write_latency_le_100": "gauge", - "pulsar_storage_write_latency_le_200": "gauge", - "pulsar_storage_write_latency_le_1000": "gauge", - "pulsar_storage_write_latency_overflow": "gauge", - "pulsar_entry_size_le_128": "gauge", - "pulsar_entry_size_le_512": "gauge", - "pulsar_entry_size_le_1_kb": "gauge", - "pulsar_entry_size_le_2_kb": "gauge", - "pulsar_entry_size_le_4_kb": "gauge", - "pulsar_entry_size_le_16_kb": "gauge", - "pulsar_entry_size_le_100_kb": "gauge", - "pulsar_entry_size_le_1_mb": "gauge", - "pulsar_entry_size_le_overflow": "gauge", - "pulsar_subscription_back_log": "gauge", - "pulsar_subscription_back_log_no_delayed": "gauge", - "pulsar_subscription_delayed": "gauge", - "pulsar_subscription_msg_rate_redeliver": "gauge", - "pulsar_subscription_unacked_messages": "gauge", - "pulsar_subscription_blocked_on_unacked_messages": "gauge", - "pulsar_subscription_msg_rate_out": "gauge", - "pulsar_subscription_msg_throughput_out": "gauge", - "pulsar_in_bytes_total": "counter", - "pulsar_in_messages_total": "counter", - "topic_load_times": "counter", - "jvm_memory_bytes_used": "gauge", - "jvm_memory_bytes_committed": "gauge", - "jvm_memory_bytes_max": "gauge", - "jvm_memory_bytes_init": "gauge", - "jvm_memory_pool_bytes_used": "gauge", - "jvm_memory_pool_bytes_committed": "gauge", - "jvm_memory_pool_bytes_max": "gauge", - "jvm_memory_pool_bytes_init": "gauge", - "jvm_classes_loaded": "gauge", - "jvm_classes_loaded_total": "counter", - "jvm_classes_unloaded_total": "counter", - "jvm_buffer_pool_used_bytes": "gauge", - "jvm_buffer_pool_capacity_bytes": "gauge", - "jvm_buffer_pool_used_buffers": "gauge", - "jvm_threads_current": "gauge", - "jvm_threads_daemon": "gauge", - "jvm_threads_peak": "gauge", - "jvm_threads_started_total": "counter", - "jvm_threads_deadlocked": "gauge", - "jvm_threads_deadlocked_monitor": "gauge", - "jvm_gc_collection_seconds_count": "gauge", - "jvm_gc_collection_seconds_sum": "gauge", - "jvm_memory_direct_bytes_max": "gauge" - } - } - ] -{{- end }} -{{- end }} - - -{{- define "pulsar.prometheus.data.pvc.name" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }} -{{- end }} - -{{- define "pulsar.prometheus.data.storage.class" -}} -{{- if and .Values.volumes.local_storage .Values.prometheus.volumes.data.local_storage }} -storageClassName: "local-storage" -{{- else }} - {{- if .Values.prometheus.volumes.data.storageClass }} -storageClassName: "{{ template "pulsar.prometheus.data.pvc.name" . }}" - {{- else if .Values.prometheus.volumes.data.storageClassName }} -storageClassName: "{{ .Values.prometheus.volumes.data.storageClassName }}" - {{- end -}} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/prometheus-configmap.yaml b/charts/pulsar/templates/prometheus/prometheus-configmap.yaml deleted file mode 100644 index 62ad513d0..000000000 --- a/charts/pulsar/templates/prometheus/prometheus-configmap.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.prometheus }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.prometheus.component }} -data: - # Include prometheus configuration file, setup to monitor all the - # Kubernetes pods with the "scrape=true" annotation. - prometheus.yml: | - global: - scrape_interval: {{ .Values.prometheus.scrapeInterval }} - {{- if .Values.prometheus.scrapeTimeout }} - scrape_timeout: {{ .Values.prometheus.scrapeTimeout }} - {{- end }} -{{- if .Values.monitoring.alert_manager }} - rule_files: - - 'rules.yml' - alerting: - alertmanagers: - - static_configs: - - targets: ['{{ template "pulsar.fullname" . }}-{{ .Values.alert_manager.component }}:{{ .Values.alert_manager.port }}'] - path_prefix: {{ template "pulsar.control_center_path.alertmanager" . }}/ -{{- end }} - scrape_configs: - - job_name: 'prometheus' - static_configs: - - targets: - - '127.0.0.1:{{ .Values.prometheus.port }}' - {{- if .Values.components.pulsar_detector }} - - '{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_detector.component }}:{{ .Values.pulsar_detector.port }}' - {{- end }} - metrics_path: {{ template "pulsar.control_center_path.prometheus" . }}/metrics - - job_name: 'kubernetes-pods' -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} - bearer_token_file: /pulsar/tokens/client/token -{{- end }} -{{- end }} -{{- if .Values.prometheus.sampleLimit }} - sample_limit: {{ .Values.prometheus.sampleLimit }} -{{- end }} - kubernetes_sd_configs: - - role: pod -{{- if eq .Values.prometheus.serviceAccount.clusterRole false }} - namespaces: - names: - - {{ .Values.namespace }} -{{- end }} - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_label_component] - action: replace - target_label: job - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name - metric_relabel_configs: -{{- if .Values.prometheus.customRelabelConfigs -}} -{{- with .Values.prometheus.customRelabelConfigs }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- end }} -{{- if eq .Values.prometheus.serviceAccount.clusterRole true }} - - job_name: 'kubernetes-nodes' - scheme: https - kubernetes_sd_configs: - - role: node - - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - job_name: 'kubernetes-cadvisor' - scheme: https - kubernetes_sd_configs: - - role: node - - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor -{{- end }} -{{- if .Values.prometheus.extraScrapeConfigs -}} -{{- with .Values.prometheus.extraScrapeConfigs }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} - rules.yml: | -{{- if .Values.monitoring.alert_manager -}} -{{- with .Values.alert_manager.rules }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/prometheus-pvc.yaml b/charts/pulsar/templates/prometheus/prometheus-pvc.yaml deleted file mode 100644 index 2b70cbdf2..000000000 --- a/charts/pulsar/templates/prometheus/prometheus-pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.prometheus }} -{{- if and .Values.volumes.persistence .Values.prometheus.volumes.persistence }} -{{- if or (not (or .Values.prometheus.volumes.data.storageClass .Values.prometheus.volumes.data.storageClassName)) .Values.prometheus.volumes.data.useVolumeClaimTemplates }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - resources: - requests: - storage: {{ .Values.prometheus.volumes.data.size }} - accessModes: [ "ReadWriteOnce" ] -{{- if and .Values.volumes.local_storage .Values.prometheus.volumes.data.local_storage }} - storageClassName: "local-storage" -{{- else }} - {{- if .Values.prometheus.volumes.data.storageClass }} - storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" - {{- else if .Values.prometheus.volumes.data.storageClassName }} - storageClassName: {{ .Values.prometheus.volumes.data.storageClassName }} - {{- end -}} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/prometheus-service.yaml b/charts/pulsar/templates/prometheus/prometheus-service.yaml deleted file mode 100644 index b0cf5836e..000000000 --- a/charts/pulsar/templates/prometheus/prometheus-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.prometheus }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.prometheus.component }} - annotations: -{{ toYaml .Values.prometheus.service.annotations | indent 4 }} -spec: -{{- if .Values.prometheus.service.type }} - type: {{ .Values.prometheus.service.type }} -{{- else }} - clusterIP: None -{{- end }} - ports: - - name: server - port: {{ .Values.prometheus.port }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.prometheus.component }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/prometheus-statefulset.yaml b/charts/pulsar/templates/prometheus/prometheus-statefulset.yaml deleted file mode 100644 index 56796f2ec..000000000 --- a/charts/pulsar/templates/prometheus/prometheus-statefulset.yaml +++ /dev/null @@ -1,183 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.prometheus }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.prometheus.component }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" - replicas: {{ .Values.prometheus.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.prometheus.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.prometheus.component }} - annotations: - {{- if .Values.monitoring.datadog }} - {{- include "pulsar.prometheus.datadog.annotation" . | nindent 8 }} - {{- end }} - {{- with .Values.prometheus.annotations }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.prometheus.nodeSelector }} - nodeSelector: -{{ toYaml .Values.prometheus.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.prometheus.tolerations }} - tolerations: -{{ toYaml .Values.prometheus.tolerations | indent 8 }} - {{- end }} - {{- if and .Values.rbac.enable .Values.prometheus.serviceAccount.use }} - serviceAccount: {{ template "pulsar.prometheus.serviceAccount" . }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.prometheus.gracePeriod }} - {{- if .Values.prometheus.securityContext }} - securityContext: -{{ toYaml .Values.prometheus.securityContext | indent 8 }} - {{- end }} - containers: - {{- if .Values.configmapReload.prometheus.enabled }} - - name: {{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.configmapReload.prometheus.name }} - image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" - imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" - args: - - --volume-dir=/etc/config - - --webhook-url=http://127.0.0.1:{{ .Values.prometheus.port }}{{ template "pulsar.control_center_path.prometheus" . }}/-/reload - {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} - - --{{ $key }}={{ $value }} - {{- end }} - {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} - - --volume-dir={{ . }} - {{- end }} - resources: -{{ toYaml .Values.configmapReload.prometheus.resources | indent 10 }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - readOnly: true - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath }} - readOnly: {{ .readOnly }} - {{- end }} - {{- end }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" - image: "{{ .Values.images.prometheus.repository }}:{{ .Values.images.prometheus.tag }}" - imagePullPolicy: {{ .Values.images.prometheus.pullPolicy }} - {{- if .Values.prometheus.resources }} - resources: -{{ toYaml .Values.prometheus.resources | indent 10 }} - {{- end }} - args: - {{- if .Values.prometheus.args.logLevel }} - - --log.level={{ .Values.prometheus.args.logLevel }} - {{- end }} - - --config.file=/etc/config/prometheus.yml - {{- if .Values.prometheus.args.retention }} - - --storage.tsdb.retention.time={{ .Values.prometheus.args.retention }} - {{- end }} - - --storage.tsdb.path=/prometheus - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - {{- if and .Values.ingress.control_center.enabled .Values.ingress.control_center.endpoints.prometheus }} - - --web.external-url={{ template "pulsar.control_center_url" . }}{{ template "pulsar.control_center_path.prometheus" . }}/ - {{- end }} - - --web.enable-lifecycle - {{- if .Values.prometheus.maxQuerySamples }} - - --query.max-samples={{.Values.prometheus.maxQuerySamples }} - {{- end }} - ports: - - name: server - containerPort: {{ .Values.prometheus.port }} - {{- if .Values.prometheus.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: {{ template "pulsar.control_center_path.prometheus" . }}/-/ready - port: {{ .Values.prometheus.port }} - initialDelaySeconds: {{ .Values.prometheus.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.prometheus.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.prometheus.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.prometheus.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: {{ template "pulsar.control_center_path.prometheus" . }}/-/healthy - port: {{ .Values.prometheus.port }} - initialDelaySeconds: {{ .Values.prometheus.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.prometheus.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.prometheus.probe.liveness.failureThreshold }} - {{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" - mountPath: /prometheus - {{- include "pulsar.prometheus.token.volumeMounts" . | nindent 8 }} - volumes: - - name: config-volume - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" - {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} - - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} - configMap: - name: {{ .configMap }} - {{- end }} - {{- if not (and .Values.volumes.persistence .Values.prometheus.volumes.persistence) }} - - name: "{{ template "pulsar.prometheus.data.pvc.name" . }}" - emptyDir: {} - {{- end }} - {{- if and .Values.volumes.persistence .Values.prometheus.volumes.persistence }} - {{- if or (not (or .Values.prometheus.volumes.data.storageClass .Values.prometheus.volumes.data.storageClassName)) .Values.prometheus.volumes.data.useVolumeClaimTemplates }} - - name: "{{ template "pulsar.prometheus.data.pvc.name" . }}" - persistentVolumeClaim: - claimName: "{{ template "pulsar.prometheus.data.pvc.name" . }}" - {{- end }} - {{- end }} - {{- include "pulsar.prometheus.token.volumes" . | nindent 6 }} - {{- if and (or .Values.prometheus.volumes.data.storageClass .Values.prometheus.volumes.data.storageClassName) (not .Values.prometheus.volumes.data.useVolumeClaimTemplates) }} - volumeClaimTemplates: - - metadata: - name: "{{ template "pulsar.prometheus.data.pvc.name" . }}" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.prometheus.volumes.data.size }} - {{- include "pulsar.prometheus.data.storage.class" . | nindent 6 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/prometheus-storageclass.yaml b/charts/pulsar/templates/prometheus/prometheus-storageclass.yaml deleted file mode 100644 index 26688a73d..000000000 --- a/charts/pulsar/templates/prometheus/prometheus-storageclass.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.monitoring.prometheus }} -{{- if and .Values.volumes.persistence .Values.prometheus.volumes.persistence }} -{{- if .Values.prometheus.volumes.data.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.prometheus.component }} -provisioner: {{ .Values.prometheus.volumes.data.storageClass.provisioner }} -parameters: - type: {{ .Values.prometheus.volumes.data.storageClass.type }} - fsType: {{ .Values.prometheus.volumes.data.storageClass.fsType }} -{{- if .Values.prometheus.volumes.data.storageClass.allowVolumeExpansion }} -allowVolumeExpansion: {{ .Values.prometheus.volumes.data.storageClass.allowVolumeExpansion }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/prometheus/pulsar-operators-rbac.yaml b/charts/pulsar/templates/prometheus/pulsar-operators-rbac.yaml deleted file mode 100644 index 004977a4a..000000000 --- a/charts/pulsar/templates/prometheus/pulsar-operators-rbac.yaml +++ /dev/null @@ -1,174 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.rbac.enable .Values.prometheus.serviceAccount.create }} -{{- if .Values.prometheus.serviceAccount.clusterRole }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleName }}" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -- apiGroups: [""] - resources: - - namespaces - - persistentvolumes - - persistentvolumeclaims - verbs: - - list - - watch - - get - - create -- apiGroups: ["", "extensions", "apps"] - resources: - - pods - - deployments - - ingresses - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch -- apiGroups: [""] - resources: - - replicasets - verbs: - - list - - watch - - get -- apiGroups: [""] - resources: - - events - verbs: - - list - - watch - - get -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - clusterrolebindings - - clusterroles - verbs: - - "*" ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.prometheus.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleBindingName }}" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleName }}" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.prometheus.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleName }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "apps"] - resources: - - pods - - deployments - - ingresses - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch -- apiGroups: [""] - resources: - - replicasets - verbs: - - list - - watch - - get -- apiGroups: [""] - resources: - - events - verbs: - - list - - watch - - get ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.prometheus.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleBindingName }}" - namespace: {{ template "pulsar.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-{{ .Values.rbac.roleName }}" -subjects: -- kind: ServiceAccount - name: {{ template "pulsar.prometheus.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/_proxy.tpl b/charts/pulsar/templates/proxy/_proxy.tpl deleted file mode 100644 index f9597f849..000000000 --- a/charts/pulsar/templates/proxy/_proxy.tpl +++ /dev/null @@ -1,395 +0,0 @@ -{{/* -pulsar service domain -*/}} -{{- define "pulsar.service_domain" -}} -{{- if .Values.ingress.proxy.externalDomainOverride -}} -{{ .Values.ingress.proxy.externalDomainOverride }} -{{- else -}} -{{- if .Values.ingress.proxy.enabled -}} - {{- if .Values.ingress.proxy.external_domain }} -{{- print .Values.ingress.proxy.external_domain -}} - {{- else -}} - {{- if .Values.domain.enabled -}} -{{- printf "data.%s.%s" .Release.Name .Values.domain.suffix -}} - {{- else -}} -{{- print "" -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Define proxy token mounts -*/}} -{{- define "pulsar.proxy.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- mountPath: "/pulsar/keys" - name: token-keys - readOnly: true -{{- end }} -- mountPath: "/pulsar/tokens" - name: proxy-token - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define proxy token volumes -*/}} -{{- define "pulsar.proxy.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- name: token-keys - secret: - {{- if not .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-asymmetric-key" - {{- end}} - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-symmetric-key" - {{- end}} - items: - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - - key: SECRETKEY - path: token/secret.key - {{- else }} - - key: PUBLICKEY - path: token/public.key - {{- end}} -{{- end }} -- name: proxy-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.proxy }}" - items: - - key: TOKEN - path: proxy/token -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define proxy certs mounts -*/}} -{{- define "pulsar.proxy.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled (or .Values.tls.proxy.enabled .Values.tls.broker.enabled) }} -{{- if .Values.tls.proxy.enabled }} -- mountPath: "/pulsar/certs/proxy" - name: proxy-certs - readOnly: true -{{- if .Values.tls.proxy.untrustedCa }} -- mountPath: "/pulsar/certs/ca" - name: proxy-ca - readOnly: true -{{- end }} -{{- end }} -{{- if .Values.tls.broker.enabled }} -- mountPath: "/pulsar/certs/broker" - name: broker-ca - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define proxy certs volumes -*/}} -{{- define "pulsar.proxy.certs.volumes" -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} -{{- if .Values.tls.proxy.untrustedCa }} -- name: proxy-ca - secret: - {{- if and .Values.certs.public_issuer.enabled (eq .Values.certs.public_issuer.type "acme") }} - secretName: {{ .Values.certs.lets_encrypt.ca_ref.secretName }} - items: - - key: {{ .Values.certs.lets_encrypt.ca_ref.keyName }} - path: ca.crt - {{- else }} - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt - {{- end }} - {{- end }} -- name: proxy-certs - secret: - secretName: "{{ template "pulsar.proxy.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -{{- end }} -{{- if and .Values.tls.enabled .Values.tls.broker.enabled }} -- name: broker-ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -{{- end }} -{{- end }} - -{{/* -Define proxy log mounts -*/}} -{{- define "pulsar.proxy.log.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-log4j2" - mountPath: "{{ template "pulsar.home" . }}/conf/log4j2.yaml" - subPath: log4j2.yaml -{{- end }} - -{{/* -Define proxy log volumes -*/}} -{{- define "pulsar.proxy.log.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-log4j2" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" -{{- end }} -{{/* -Define proxy datadog annotation -*/}} -{{- define "pulsar.proxy.datadog.annotation" -}} -{{- if .Values.datadog.components.proxy.enabled }} -{{- if eq (.Values.datadog.components.proxy.checkType | default "openmetrics") "openmetrics" }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.check_names: | - ["openmetrics"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.proxy.ports.http }}/metrics/", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.proxy.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} - "extra_headers": { - "Authorization": "Bearer %%env_PROXY_TOKEN%%" - }, -{{- end }} -{{- end }} - "tags": [ - "pulsar-proxy: {{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - ] - } - ] -{{- else if (.Values.datadog.components.proxy.checkType | default "openmetrics") "native" }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.check_names: | - ["pulsar"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.instances: | - [ - { - "openmetrics_endpoint": "http://%%host%%:{{ .Values.proxy.ports.http }}/metrics/", - "enable_health_service_check": true, - "timeout": 300, -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} - "extra_headers": { - "Authorization": "Bearer %%env_PROXY_TOKEN%%" - }, -{{- end }} -{{- end }} - "tags": [ - "pulsar-proxy: {{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - ] - } - ] -{{- else if (.Values.datadog.components.proxy.checkType | default "openmetrics") "both" }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.check_names: | - ["openmetrics", "pulsar"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.init_configs: | - [{}, {}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.proxy.ports.http }}/metrics/", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.proxy.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} - "extra_headers": { - "Authorization": "Bearer %%env_PROXY_TOKEN%%" - }, -{{- end }} -{{- end }} - "tags": [ - "pulsar-proxy: {{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - ] - }, - { - "openmetrics_endpoint": "http://%%host%%:{{ .Values.proxy.ports.http }}/metrics/", - "enable_health_service_check": true, - "timeout": 300, -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} - "extra_headers": { - "Authorization": "Bearer %%env_PROXY_TOKEN%%" - }, -{{- end }} -{{- end }} - "tags": [ - "pulsar-proxy: {{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - ] - } - ] -{{- end }} -{{- end }} -{{- end }} - -{{/* -pulsar ingress target port for http endpoint -*/}} -{{- define "pulsar.proxy.ingress.targetPort.admin" -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} -{{- print "https" -}} -{{- else -}} -{{- print "http" -}} -{{- end -}} -{{- end -}} - -{{/* -pulsar ingress target port for http endpoint -*/}} -{{- define "pulsar.proxy.ingress.targetPort.data" -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} -{{- print "pulsarssl" -}} -{{- else -}} -{{- print "pulsar" -}} -{{- end -}} -{{- end -}} - -{{/* -pulsar ingress target port for websocket endpoint -*/}} -{{- define "pulsar.proxy.ingress.targetPort.websocket" -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} -{{- print "websockettls" -}} -{{- else -}} -{{- print "websocket" -}} -{{- end -}} -{{- end -}} - -{{/* -Pulsar Broker Service URL -*/}} -{{- define "pulsar.proxy.broker.service.url" -}} -{{- if .Values.proxy.brokerServiceURL -}} -{{- .Values.proxy.brokerServiceURL -}} -{{- else -}} -pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }} -{{- end -}} -{{- end -}} - -{{/* -Pulsar Web Service URL -*/}} -{{- define "pulsar.proxy.web.service.url" -}} -{{- if .Values.proxy.brokerWebServiceURL -}} -{{- .Values.proxy.brokerWebServiceURL -}} -{{- else -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} -{{- end -}} -{{- end -}} - -{{/* -Pulsar Broker Service URL TLS -*/}} -{{- define "pulsar.proxy.broker.service.url.tls" -}} -{{- if .Values.proxy.brokerServiceURLTLS -}} -{{- .Values.proxy.brokerServiceURLTLS -}} -{{- else -}} -pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }} -{{- end -}} -{{- end -}} - -{{/* -Pulsar Web Service URL -*/}} -{{- define "pulsar.proxy.web.service.url.tls" -}} -{{- if .Values.proxy.brokerWebServiceURLTLS -}} -{{- .Values.proxy.brokerWebServiceURLTLS -}} -{{- else -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }} -{{- end -}} -{{- end -}} - -{{/* -Pulsar Function Service URL -*/}} -{{- define "pulsar.proxy.function.service.url" -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}:{{ .Values.functions.ports.http }} -{{- end -}} - -{{/* -Pulsar Function Service URL TLS -*/}} -{{- define "pulsar.proxy.function.service.url.tls" -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}:{{ .Values.functions.ports.https }} -{{- end -}} - -{{/*Define proxy service account*/}} -{{- define "pulsar.proxy.serviceAccount" -}} -{{- if .Values.proxy.serviceAccount.create -}} - {{- if .Values.proxy.serviceAccount.name -}} -{{ .Values.proxy.serviceAccount.name }} - {{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-acct - {{- end -}} -{{- else -}} -{{ .Values.proxy.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Define Proxy TLS certificate secret name -*/}} -{{- define "pulsar.proxy.tls.secret.name" -}} -{{- if .Values.tls.proxy.certSecretName -}} -{{- .Values.tls.proxy.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }} -{{- end -}} -{{- end -}} - - -{{/* -Define Proxy oauth2 mounts -*/}} -{{- define "pulsar.proxy.oauth2.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "oauth2" }} -- mountPath: "/pulsar/oauth2" - name: proxy-oauth2 - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define Proxy oauth2 volumes -*/}} -{{- define "pulsar.proxy.oauth2.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "oauth2" }} -- name: proxy-oauth2 - secret: - secretName: "{{ .Release.Name }}-oauth2-private-key" - items: - - key: auth.json - path: auth.json -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/_websocket.tpl b/charts/pulsar/templates/proxy/_websocket.tpl deleted file mode 100644 index 01467789d..000000000 --- a/charts/pulsar/templates/proxy/_websocket.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Define websocket token mounts -*/}} -{{- define "pulsar.websocket.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- mountPath: "/pulsar/keys" - name: token-keys - readOnly: true -{{- end }} -- mountPath: "/pulsar/tokens" - name: websocket-token - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define websocket token volumes -*/}} -{{- define "pulsar.websocket.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- name: token-keys - secret: - {{- if not .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-asymmetric-key" - {{- end}} - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-symmetric-key" - {{- end}} - items: - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - - key: SECRETKEY - path: token/secret.key - {{- else }} - - key: PUBLICKEY - path: token/public.key - {{- end}} -{{- end }} -- name: websocket-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.websocket }}" - items: - - key: TOKEN - path: websocket/token -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/proxy-configmap.yaml b/charts/pulsar/templates/proxy/proxy-configmap.yaml deleted file mode 100644 index 31ed5791f..000000000 --- a/charts/pulsar/templates/proxy/proxy-configmap.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.proxy }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.component }} -data: - clusterName: {{ template "pulsar.cluster" . }} - httpNumThreads: "8" - statusFilePath: "{{ template "pulsar.home" . }}/status" - # prometheus needs to access /metrics endpoint - webServicePort: "{{ .Values.proxy.ports.http }}" - {{- if or (or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled)) .Values.ingress.proxy.plaintext.enabled }} - servicePort: "{{ .Values.proxy.ports.pulsar }}" - brokerServiceURL: {{ template "pulsar.proxy.broker.service.url" . }} - brokerWebServiceURL: {{ template "pulsar.proxy.web.service.url" . }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} - tlsEnabledInProxy: "true" - servicePortTls: "{{ .Values.proxy.ports.pulsarssl }}" - webServicePortTls: "{{ .Values.proxy.ports.https }}" - tlsCertificateFilePath: "/pulsar/certs/proxy/tls.crt" - tlsKeyFilePath: "/pulsar/certs/proxy/tls.key" - {{- if .Values.tls.proxy.untrustedCa }} - tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - # if broker enables TLS, configure proxy to talk to broker using TLS - brokerServiceURLTLS: {{ template "pulsar.proxy.broker.service.url.tls" . }} - brokerWebServiceURLTLS: {{ template "pulsar.proxy.web.service.url.tls" . }} - tlsEnabledWithBroker: "true" - tlsCertRefreshCheckDurationSec: "300" - brokerClientTrustCertsFilePath: "/pulsar/certs/broker/ca.crt" - {{- end }} - - # Authentication Settings - {{- if .Values.auth.authentication.enabled }} - authenticationEnabled: "true" - # this configuration should be same with `authenticateOriginalAuthData` in broker.conf - forwardAuthorizationCredentials: "true" - {{- if .Values.auth.authorization.enabled }} - # disable authorization on proxy and forward authorization credentials to broker - authorizationEnabled: "false" - superUserRoles: {{ .Values.auth.superUsers.broker }},{{ .Values.auth.superUsers.proxy }},{{ .Values.auth.superUsers.websocket }},{{ .Values.auth.superUsers.client }},{{ .Values.auth.superUsers.pulsar_manager }} - {{- end }} - {{- if and (eq .Values.auth.authentication.provider "jwt") (not .Values.auth.vault.enabled) }} - # token authentication configuration - authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken" - brokerClientAuthenticationParameters: "file:///pulsar/tokens/proxy/token" - brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - tokenSecretKey: "file:///pulsar/keys/token/secret.key" - {{- else }} - tokenPublicKey: "file:///pulsar/keys/token/public.key" - {{- end }} - {{- end }} - {{- if (eq .Values.auth.authentication.provider "oauth2") }} - PULSAR_PREFIX_oauthIssuerUrl: {{ .Values.auth.authentication.oauth2.issuerUrl }} - PULSAR_PREFIX_oauthAudience: {{ .Values.auth.authentication.oauth2.audience }} - PULSAR_PREFIX_oauthSubjectClaim: {{ .Values.auth.authentication.oauth2.subjectClaim }} - PULSAR_PREFIX_oauthAdminScope: {{ .Values.auth.authentication.oauth2.adminScope }} - authenticationProviders: {{ .Values.auth.authentication.oauth2.authenticationProviders }} - brokerClientAuthenticationParameters: '{"privateKey":"file:///pulsar/oauth2/auth.json","issuerUrl":"{{ .Values.auth.authentication.oauth2.issuerUrlParam }}","audience":"{{ .Values.auth.authentication.oauth2.audienceParam }}","scope":"{{ .Values.auth.authentication.oauth2.adminScopeParam }}"}' - brokerClientAuthenticationPlugin: org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2 - {{- end }} - {{- end }} - {{- if .Values.functions.useDedicatedRunner}} - functionWorkerWebServiceURL: {{ template "pulsar.proxy.function.service.url" . }} - {{- if .Values.tls.functions.enabled}} - functionWorkerWebServiceURLTLS: {{ template "pulsar.proxy.function.service.url.tls" . }} - {{- end }} - {{- end }} -{{ toYaml .Values.proxy.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ if .Values.proxy.log4jConfig }} - log4j2.yaml: {{ toYaml .Values.proxy.log4jConfig | indent 2 }} -{{- else -}} -{{ (.Files.Glob "conf/proxy/log4j2.yaml").AsConfig | indent 2 }} -{{- end -}} -{{- end }} diff --git a/charts/pulsar/templates/proxy/proxy-pdb.yaml b/charts/pulsar/templates/proxy/proxy-pdb.yaml deleted file mode 100644 index 86555672a..000000000 --- a/charts/pulsar/templates/proxy/proxy-pdb.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.proxy }} -{{- if .Values.proxy.pdb.usePolicy }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.component }} -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.proxy.component }} - maxUnavailable: {{ .Values.proxy.pdb.maxUnavailable }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/proxy-service-account.yaml b/charts/pulsar/templates/proxy/proxy-service-account.yaml deleted file mode 100644 index e5b969cf8..000000000 --- a/charts/pulsar/templates/proxy/proxy-service-account.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.proxy .Values.proxy.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.proxy.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.component }} - annotations: -{{- with .Values.proxy.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/proxy-service-ingress.yaml b/charts/pulsar/templates/proxy/proxy-service-ingress.yaml deleted file mode 100644 index f187b75dd..000000000 --- a/charts/pulsar/templates/proxy/proxy-service-ingress.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.proxy .Values.ingress.proxy.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-ingress" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.component }} - annotations: - {{- if .Values.external_dns.enabled }} - {{- if .Values.domain.enabled }} - external-dns.alpha.kubernetes.io/hostname: {{ template "pulsar.service_domain" . }} - {{- end }} - {{- end }} - {{- with .Values.ingress.proxy.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.ingress.proxy.type }} - ports: - {{- if .Values.ingress.proxy.tls.enabled }} - {{- if .Values.ingress.proxy.ports.https }} - - name: https - port: {{ .Values.ingress.proxy.ports.portNumbers.https }} - protocol: TCP - targetPort: {{ template "pulsar.proxy.ingress.targetPort.admin" . }} - {{- end }} - {{- if .Values.ingress.proxy.ports.pulsarssl }} - - name: pulsarssl - port: {{ .Values.proxy.ports.pulsarssl }} - protocol: TCP - targetPort: {{ template "pulsar.proxy.ingress.targetPort.data" . }} - {{- end }} - {{- if .Values.proxy.websocket.enabled }} - {{- if .Values.ingress.proxy.ports.websockettls }} - - name: websockettls - port: {{ .Values.proxy.ports.websockettls }} - protocol: TCP - targetPort: {{ template "pulsar.proxy.ingress.targetPort.websocket" . }} - {{- end }} - {{- end }} - {{- end }} - {{- if or (not .Values.ingress.proxy.tls.enabled) .Values.ingress.proxy.plaintext.enabled }} - {{- if .Values.ingress.proxy.ports.http }} - - name: http - port: {{ .Values.proxy.ports.http }} - protocol: TCP - {{- if .Values.ingress.proxy.plaintext.enabled }} - targetPort: http - {{- else }} - targetPort: {{ template "pulsar.proxy.ingress.targetPort.admin" . }} - {{- end }} - {{- end }} - {{- if .Values.ingress.proxy.ports.pulsar }} - - name: pulsar - port: {{ .Values.proxy.ports.pulsar }} - protocol: TCP - {{- if .Values.ingress.proxy.plaintext.enabled }} - targetPort: pulsar - {{- else }} - targetPort: {{ template "pulsar.proxy.ingress.targetPort.data" . }} - {{- end }} - {{- end }} - {{- if .Values.proxy.websocket.enabled }} - {{- if .Values.ingress.proxy.ports.websocket }} - - name: websocket - port: {{ .Values.proxy.ports.websocket }} - protocol: TCP - {{- if .Values.ingress.proxy.plaintext.enabled }} - targetPort: websocket - {{- else }} - targetPort: {{ template "pulsar.proxy.ingress.targetPort.websocket" . }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.proxy.component }} - {{- with .Values.ingress.proxy.extraSpec }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/proxy-service.yaml b/charts/pulsar/templates/proxy/proxy-service.yaml deleted file mode 100644 index c2c23e0e9..000000000 --- a/charts/pulsar/templates/proxy/proxy-service.yaml +++ /dev/null @@ -1,88 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.proxy }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.component }} - annotations: - {{- if and .Values.external_dns.enabled (not .Values.ingress.proxy.enabled) }} - {{- if .Values.domain.enabled }} - external-dns.alpha.kubernetes.io/hostname: {{ template "pulsar.service_domain" . }} - {{- end }} - {{- end }} - {{- with .Values.proxy.service.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.proxy.enabled }} - # if an ingress service is already set, set this service to ClusterIP - type: ClusterIP - clusterIP: None - {{- else }} - type: {{ .Values.proxy.service.type }} - {{- if .Values.proxy.service.clusterIP }} - clusterIP: {{ .Values.proxy.service.clusterIP }} - {{- end }} - {{- end }} - ports: - {{- if or (or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled)) .Values.ingress.proxy.plaintext.enabled }} - - name: http - port: {{ .Values.proxy.ports.http }} - protocol: TCP - - name: pulsar - port: {{ .Values.proxy.ports.pulsar }} - protocol: TCP - {{- if .Values.proxy.websocket.enabled }} - - name: websocket - port: {{ .Values.proxy.ports.websocket }} - protocol: TCP - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} - - name: https - port: {{ .Values.proxy.ports.httpsServicePort | default .Values.proxy.ports.https }} -{{- if .Values.proxy.ports.httpsServicePort }} -{{- if ne .Values.proxy.ports.httpsServicePort .Values.proxy.ports.https }} - targetPort: {{ template "pulsar.proxy.ingress.targetPort.admin" . }} -{{- end }} -{{- end }} - protocol: TCP - - name: pulsarssl - port: {{ .Values.proxy.ports.pulsarssl }} - protocol: TCP - {{- if .Values.proxy.websocket.enabled }} - - name: websockettls - port: {{ .Values.proxy.ports.websockettls }} - protocol: TCP - {{- end }} - {{- end }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.proxy.component }} - {{- with .Values.proxy.service.extraSpec }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/proxy-statefulset.yaml b/charts/pulsar/templates/proxy/proxy-statefulset.yaml deleted file mode 100644 index d4391edda..000000000 --- a/charts/pulsar/templates/proxy/proxy-statefulset.yaml +++ /dev/null @@ -1,346 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.proxy }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.component }} -{{- with .Values.proxy.statefulset.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.proxy.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - replicas: {{ .Values.proxy.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.proxy.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.proxy.component }} -{{- with .Values.proxy.labels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - {{- if .Values.monitoring.datadog }} - {{- include "pulsar.proxy.datadog.annotation" . | nindent 8 }} - {{- end }} - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.proxy.ports.http }}" - {{- if .Values.proxy.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/proxy/proxy-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.proxy.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.proxy.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.proxy.imagePullSecrets }} - {{- end }} - securityContext: -{{- with .Values.proxy.securityContext }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.proxy.serviceAccount.use }} - serviceAccountName: {{ template "pulsar.proxy.serviceAccount" . }} - {{- end }} - {{- if .Values.proxy.nodeSelector }} - nodeSelector: -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.proxy.tolerations }} - tolerations: -{{ toYaml .Values.proxy.tolerations | indent 8 }} - {{- end }} - {{- if and .Values.affinity.anti_affinity .Values.proxy.custom_affinity}} - affinity: -{{ toYaml .Values.proxy.custom_affinity | indent 8 }} - {{ else }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.proxy.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.proxy.affinity.type }}: - {{ if eq .Values.proxy.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.proxy.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.proxy.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.proxy.gracePeriod }} - initContainers: - # This init container will wait for zookeeper to be ready before - # deploying the bookies - - name: wait-zookeeper-ready - image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" - imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} - command: ["sh", "-c"] - args: - {{ if .Values.proxy.zkInitCommandOverride }} - {{ with .Values.proxy.zkInitCommandOverride }} - -{{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - - >- - {{ if .Values.proxy.skipZookeeperReady }} - echo "Skipping zookeeper ready check" - {{ else if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }} - until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do - echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3; - done; - {{ else }} - until bin/pulsar zookeeper-shell -server {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster" . }}; do - sleep 3; - done; - {{ end}} - {{ end}} - # This init container will wait for at least one broker to be ready before - # deploying the proxy - - name: wait-broker-ready - image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" - imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} - command: ["sh", "-c"] - args: - {{ if .Values.proxy.bkInitCommandOverride }} - {{ with .Values.proxy.bkInitCommandOverride }} - -{{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - - >- - set -e; - brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; - until [ ${brokerServiceNumber} -ge 1 ]; do - echo "pulsar cluster {{ template "pulsar.fullname" . }} isn't initialized yet ... check in 10 seconds ..."; - sleep 10; - brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; - done; - {{ end }} -{{- with .Values.common.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- with .Values.proxy.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" - imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} - {{- if .Values.proxy.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: /status.html - port: {{ .Values.proxy.ports.http }} - initialDelaySeconds: {{ .Values.proxy.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.proxy.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.proxy.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: /status.html - port: {{ .Values.proxy.ports.http }} - initialDelaySeconds: {{ .Values.proxy.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.proxy.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.proxy.probe.startup.enabled }} - startupProbe: - httpGet: - path: /status.html - port: {{ .Values.proxy.ports.http }} - initialDelaySeconds: {{ .Values.proxy.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: -{{ toYaml .Values.proxy.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - {{ if .Values.proxy.proxyCommandOverride }} - {{ with .Values.proxy.proxyCommandOverride }} - -{{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - - > - bin/apply-config-from-env.py conf/proxy.conf; - echo "OK" > status; - bin/pulsar proxy; - {{ end }} - ports: - # prometheus needs to access /metrics endpoint - - name: http - containerPort: {{ .Values.proxy.ports.http }} - {{- if or (or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled)) .Values.ingress.proxy.plaintext.enabled }} - - name: pulsar - containerPort: {{ .Values.proxy.ports.pulsar }} - {{- end }} - {{- if and (.Values.tls.enabled) (.Values.tls.proxy.enabled) }} - - name: https - containerPort: {{ .Values.proxy.ports.https }} - - name: pulsarssl - containerPort: {{ .Values.proxy.ports.pulsarssl }} - {{- end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - env: -{{- with .Values.proxy.extraEnv}} -{{ toYaml . | indent 8 }} -{{- end }} - volumeMounts: - {{- include "pulsar.proxy.oauth2.volumeMounts" . | nindent 10 }} - {{- include "pulsar.proxy.log.volumeMounts" . | nindent 10 }} - {{- include "pulsar.proxy.token.volumeMounts" . | nindent 10 }} - {{- include "pulsar.proxy.certs.volumeMounts" . | nindent 10 }} -{{- with .Values.proxy.extraVolumeMounts }} -{{ toYaml . | indent 10 }} -{{- end }} - {{- if .Values.proxy.websocket.enabled }} - - name: websocket - image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" - imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} - {{- if .Values.proxy.probe.liveness.enabled }} - livenessProbe: - httpGet: - path: /status.html - port: {{ .Values.proxy.ports.websocket }} - initialDelaySeconds: {{ .Values.proxy.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.proxy.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.proxy.probe.readiness.enabled }} - readinessProbe: - httpGet: - path: /status.html - port: {{ .Values.proxy.ports.websocket }} - initialDelaySeconds: {{ .Values.proxy.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.proxy.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.proxy.probe.startup.enabled }} - startupProbe: - httpGet: - path: /status.html - port: {{ .Values.proxy.ports.websocket }} - initialDelaySeconds: {{ .Values.proxy.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: -{{ toYaml .Values.proxy.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - {{ if .Values.proxy.websocketCommandOverride }} - {{ with .Values.proxy.websocketCommandOverride }} - -{{- toYaml . | nindent 10 }} - {{- end }} - {{ else }} - - > - cat /pulsar/tokens/websocket/token; - bin/apply-config-from-env.py conf/websocket.conf; - echo "OK" > status; - bin/pulsar websocket; - {{ end }} - ports: - - name: websocket - containerPort: {{ .Values.proxy.ports.websocket }} - {{- if and (.Values.tls.enabled) (.Values.tls.proxy.enabled) }} - - name: websockettls - containerPort: {{ .Values.proxy.ports.websockettls }} - {{- end }} - env: -{{- with .Values.proxy.extraEnv }} -{{ toYaml . | indent 8 }} -{{- end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.websocket.component }}" - volumeMounts: - {{- include "pulsar.proxy.log.volumeMounts" . | nindent 10 }} - {{- include "pulsar.websocket.token.volumeMounts" . | nindent 10 }} - {{- include "pulsar.proxy.certs.volumeMounts" . | nindent 10 }} -{{- with .Values.proxy.extraVolumeMounts }} -{{ toYaml . | indent 10 }} -{{- end }} - {{- end }} - volumes: - {{- if .Values.proxy.websocket.enabled }} - {{- include "pulsar.websocket.token.volumes" . | nindent 8 }} - {{- end }} - {{- include "pulsar.proxy.oauth2.volumes" . | nindent 8 }} - {{- include "pulsar.proxy.log.volumes" . | nindent 8 }} - {{- include "pulsar.proxy.token.volumes" . | nindent 8 }} - {{- include "pulsar.proxy.certs.volumes" . | nindent 8 }} -{{- with .Values.proxy.extraVolumes }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/proxy/websocket-configmap.yaml b/charts/pulsar/templates/proxy/websocket-configmap.yaml deleted file mode 100644 index 38f309bcd..000000000 --- a/charts/pulsar/templates/proxy/websocket-configmap.yaml +++ /dev/null @@ -1,84 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if and .Values.components.proxy .Values.proxy.websocket.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.websocket.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.proxy.websocket.component }} -data: - clusterName: {{ template "pulsar.cluster" . }} - zookeeperServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" - {{- if .Values.pulsar_metadata.configurationStore }} - configurationStoreServers: "{{ .Values.pulsar_metadata.configurationStore }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }}" - {{- end }} - {{- if not .Values.pulsar_metadata.configurationStore }} - configurationStoreServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" - {{- end }} - statusFilePath: "{{ template "pulsar.home" . }}/status" - # prometheus needs to access /metrics endpoint - webServicePort: "{{ .Values.proxy.ports.websocket }}" - {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} - webServicePortTls: "{{ .Values.proxy.ports.websockettls }}" - tlsCertificateFilePath: "/pulsar/certs/proxy/tls.crt" - tlsKeyFilePath: "/pulsar/certs/proxy/tls.key" - {{- if .Values.tls.proxy.untrustedCa }} - tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - {{- end }} - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - # if broker enables TLS, configure proxy to talk to broker using TLS - brokerServiceUrlTls: {{ template "pulsar.proxy.broker.service.url.tls" . }} - serviceUrlTls: {{ template "pulsar.proxy.web.service.url.tls" . }} - tlsCertRefreshCheckDurationSec: "300" - brokerClientTlsEnabled: "true" - brokerClientTrustCertsFilePath: "/pulsar/certs/broker/ca.crt" - {{- else }} - brokerServiceUrl: {{ template "pulsar.proxy.broker.service.url" . }} - serviceUrl: {{ template "pulsar.proxy.web.service.url" . }} - {{- end }} - - # Authentication Settings - {{- if .Values.auth.authentication.enabled }} - authenticationEnabled: "true" - {{- if .Values.auth.authorization.enabled }} - authorizationEnabled: "true" - superUserRoles: {{ .Values.auth.superUsers.broker }},{{ .Values.auth.superUsers.proxy }},{{ .Values.auth.superUsers.client }},{{ .Values.auth.superUsers.pulsar_manager }} - {{- end }} - {{- if and (eq .Values.auth.authentication.provider "jwt") (not .Values.auth.vault.enabled) }} - # token authentication configuration - authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken" - brokerClientAuthenticationParameters: "file:///pulsar/tokens/websocket/token" - brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - PULSAR_PREFIX_tokenSecretKey: "file:///pulsar/keys/token/secret.key" - {{- else }} - PULSAR_PREFIX_tokenPublicKey: "file:///pulsar/keys/token/public.key" - {{- end }} - {{- end }} - {{- end }} -{{ toYaml .Values.proxy.websocket.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ (.Files.Glob "conf/proxy/log4j2.yaml").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-cluster-initialize.yaml b/charts/pulsar/templates/pulsar-cluster-initialize.yaml deleted file mode 100644 index 7a5f7bdb2..000000000 --- a/charts/pulsar/templates/pulsar-cluster-initialize.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.initialize }} -{{- if .Values.components.broker }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_metadata.component }} -spec: - template: - spec: - initContainers: - {{- if .Values.pulsar_metadata.configurationStore }} - - name: wait-cs-ready - image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" - imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} - command: ["sh", "-c"] - args: - - >- - until nslookup {{ .Values.pulsar_metadata.configurationStore}}; do - sleep 3; - done; - - {{- end }} - - name: wait-zookeeper-ready - image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" - imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} - command: ["sh", "-c"] - args: - - >- - {{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }} - until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do - echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3; - done; - {{ else }} - until nslookup {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ add (.Values.zookeeper.replicaCount | int) -1 }}.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}; do - sleep 3; - done; - {{- end}} - # This initContainer will wait for bookkeeper initnewcluster to complete - # before initializing pulsar metadata - - name: pulsar-bookkeeper-verify-clusterid - image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" - imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} - command: ["sh", "-c"] - args: - - > - bin/apply-config-from-env.py conf/bookkeeper.conf; - {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }} - until bin/bookkeeper shell whatisinstanceid; do - sleep 3; - done; - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - volumeMounts: - {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}" - image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" - imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} - {{- if .Values.pulsar_metadata.resources }} - resources: -{{ toYaml .Values.pulsar_metadata.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }} - bin/pulsar initialize-cluster-metadata \ - --cluster {{ template "pulsar.cluster" . }} \ - --zookeeper {{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }} \ - {{- if .Values.pulsar_metadata.configurationStore }} - --configuration-store {{ .Values.pulsar_metadata.configurationStore }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }} \ - {{- end }} - {{- if not .Values.pulsar_metadata.configurationStore }} - --configuration-store {{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }} \ - {{- end }} - --web-service-url http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:8080/ \ - --web-service-url-tls https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:8443/ \ - --broker-service-url pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:6650/ \ - --broker-service-url-tls pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local:6651/ || true; - volumeMounts: - {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} - volumes: - {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/_pulsar_manager.tpl b/charts/pulsar/templates/pulsar-manager/_pulsar_manager.tpl deleted file mode 100644 index 51df53e35..000000000 --- a/charts/pulsar/templates/pulsar-manager/_pulsar_manager.tpl +++ /dev/null @@ -1,162 +0,0 @@ -{{/* -Define pulsar_manager tls certs mounts -*/}} -{{- define "pulsar.pulsar_manager.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled (or .Values.tls.pulsar_manager.enabled .Values.tls.broker.enabled) }} -- name: pulsar-manager-certs - mountPath: "/pulsar/certs/pulsar_manager" - readOnly: true -- name: ca - mountPath: "/pulsar/certs/ca" - readOnly: true -- name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh -{{- end }} -{{- end }} - -{{/* -Define pulsar_manager tls certs volumes -*/}} -{{- define "pulsar.pulsar_manager.certs.volumes" -}} -{{- if and .Values.tls.enabled (or .Values.tls.pulsar_manager.enabled .Values.tls.broker.enabled) }} -- name: pulsar-manager-certs - secret: - secretName: "{{ template "pulsar.pulsar_manager.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -- name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 -{{- end }} -{{- end }} - -{{/* -Define the pulsar-manager service -*/}} -{{- define "pulsar.pulsar_manager.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }} -{{- end }} - -{{/* -Define the pulsar-manager hostname -*/}} -{{- define "pulsar.pulsar_manager.hostname" -}} -${HOSTNAME}.{{ template "pulsar.pulsar_manager.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end -}} - - - -{{/* -Define pulsar-manager tls settings -*/}} -{{- define "pulsar.pulsar_manager.tls.settings" -}} -{{- if and .Values.tls.enabled .Values.tls.pulsar_manager.enabled }} -apk add --update openssl && rm -rf /var/cache/apk/*; -sh /pulsar/keytool/keytool.sh pulsar_manager {{ template "pulsar.pulsar_manager.hostname" . }} false; -{{- end }} -{{- end }} - -{{/* -Define pulsar_manager token mounts -*/}} -{{- define "pulsar.pulsar_manager.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- mountPath: "/pulsar/keys" - name: token-keys - readOnly: true -{{- end }} -- mountPath: "/pulsar/tokens" - name: pulsar-manager-token - readOnly: true -{{- end }} -{{- end }} -{{- if .Values.pulsar_manager.force_vault }} -- mountPath: "/pulsar/tokens" - name: pulsar-manager-token - readOnly: true -{{- end }} -{{- end }} - -{{/* -Define pulsar-manager token volumes -*/}} -{{- define "pulsar.pulsar_manager.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -{{- if not .Values.auth.vault.enabled }} -- name: token-keys - secret: - {{- if not .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-asymmetric-key" - {{- end}} - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - secretName: "{{ .Release.Name }}-token-symmetric-key" - {{- end}} - items: - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - - key: SECRETKEY - path: token/secret.key - {{- else }} - - key: PUBLICKEY - path: token/public.key - - key: PRIVATEKEY - path: token/private.key - {{- end}} -{{- end }} -- name: pulsar-manager-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.pulsar_manager }}" - items: - - key: TOKEN - path: pulsar_manager/token -{{- end }} -{{- end }} -{{- if .Values.pulsar_manager.force_vault }} -- name: pulsar-manager-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.pulsar_manager }}" - items: - - key: TOKEN - path: pulsar_manager/token -{{- end }} -{{- end }} - -{{- define "pulsar.pulsar_manager.data.pvc.name" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }} -{{- end }} - -{{- define "pulsar.pulsar_manager.data.storage.class" -}} -{{- if and .Values.volumes.local_storage .Values.pulsar_manager.volumes.data.local_storage }} -storageClassName: "local-storage" -{{- else }} - {{- if .Values.pulsar_manager.volumes.data.storageClass }} -storageClassName: "{{ template "pulsar.pulsar_manager.data.pvc.name" . }}" - {{- else if .Values.pulsar_manager.volumes.data.storageClassName }} -storageClassName: "{{ .Values.pulsar_manager.volumes.data.storageClassName }}" - {{- end -}} -{{- end }} -{{- end }} - -{{/* -Define Pulsar manager TLS certificate secret name -*/}} -{{- define "pulsar.pulsar_manager.tls.secret.name" -}} -{{- if .Values.tls.pulsar_manager.certSecretName -}} -{{- .Values.tls.pulsar_manager.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.pulsar_manager.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-backend-service.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-backend-service.yaml deleted file mode 100644 index bdfbd0da9..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-backend-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_manager }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-backend" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_manager.component }} - annotations: -{{ toYaml .Values.pulsar_manager.backend_service.annotations | indent 4 }} -spec: - clusterIP: None - ports: - - name: backend - port: {{ .Values.pulsar_manager.ports.backend }} - protocol: TCP - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.pulsar_manager.component }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-configmap.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-configmap.yaml deleted file mode 100644 index 5587470a9..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-configmap.yaml +++ /dev/null @@ -1,108 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if or .Values.components.pulsar_manager }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-configmap" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_manager.component }} -data: - entrypoint.sh: | - apk add --update openssl && rm -rf /var/cache/apk/*; - mkdir conf; - {{- include "pulsar.pulsar_manager.tls.settings" . | nindent 14 }} - echo 'Starting PostGreSQL Server'; - addgroup pulsar; - adduser --disabled-password --ingroup pulsar pulsar; - mkdir -p /run/postgresql; - chown -R pulsar:pulsar /run/postgresql/; - chown -R pulsar:pulsar /data; - chown pulsar:pulsar /pulsar-manager/init_db.sql; - chmod 750 /data; - su - pulsar -s /bin/sh /pulsar-manager/startup.sh; - echo 'Starting Pulsar Manager Front end'; - nginx; - echo 'Starting Pulsar Manager Back end'; - export JAVA_OPTS="${JAVA_OPTS} -Dlog4j2.formatMsgNoLookups=true"; - /pulsar-manager/pulsar-backend-entrypoint.sh; - backend_entrypoint.sh: | - {{ .Values.pulsar_manager.scripts.backend_entrypoint.command }} \ - --spring.datasource.initialization-mode=never \ - --spring.datasource.driver-class-name=org.postgresql.Driver \ - --spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/pulsar_manager \ - --spring.datasource.username={{ .Values.pulsar_manager.spring.datasource.username }} \ - --spring.datasource.password={{ .Values.pulsar_manager.spring.datasource.password }} \ - --pagehelper.helperDialect=postgresql \ - {{- if .Values.auth.authentication.enabled }} - {{- if and (eq .Values.auth.authentication.provider "jwt") (not .Values.auth.vault.enabled) }} - --backend.jwt.token="$(cat /pulsar/tokens/pulsar_manager/token)" \ - {{- if .Values.auth.authentication.jwt.usingSecretKey }} - --jwt.broker.token.mode=SECRET \ - --jwt.broker.secret.key=file:///pulsar/keys/token/secret.key \ - {{- else }} - --jwt.broker.token.mode=PRIVATE \ - --jwt.broker.public.key=file:///pulsar/keys/token/public.key \ - --jwt.broker.private.key=file:///pulsar/keys/token/private.key \ - {{- end }} - {{- end }} - {{- end }} - --bookie.host="http://{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}:{{ .Values.bookkeeper.ports.http }}" \ - --bookie.enable=true \ - {{- if .Values.ingress.control_center.enabled }} - {{- if .Values.ingress.control_center.tls.enabled }} - --redirect.scheme=https \ - --redirect.port=443 \ - {{- else }} - --redirect.scheme=http \ - --redirect.port=80 \ - {{- end }} - --redirect.host={{ template "pulsar.control_center_domain" . }} \ - {{- else }} - {{- if and .Values.tls.enabled .Values.tls.pulsar_manager.enabled }} - --redirect.scheme=https \ - {{- else }} - --redirect.scheme=http \ - {{- end }} - --redirect.host={{ .Values.pulsar_manager.redirect.host }} \ - --redirect.port={{ .Values.pulsar_manager.ports.frontend }} \ - {{- end }} - --default.environment.name={{ template "pulsar.fullname" . }} \ - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - --default.environment.service_url=https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }} \ - --tls.pulsar.admin.ca-certs=/pulsar/certs/ca/ca.crt \ - {{- else }} - --default.environment.service_url=http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} \ - {{- end}} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - --tls.enabled=true \ - --tls.keystore=/pulsar/pulsar_manager.keystore.jks \ - --tls.keystore.password="$(cat /pulsar-manager/conf/password)" \ - --tls.hostname.verifier=false \ - {{- else }} - --tls.enabled=false \ - {{- end}} - {{- range .Values.pulsar_manager.scripts.backend_entrypoint.extraArgs }} - {{ toYaml . | indent 4 }} - {{- end }} - --pulsar.peek.message=true -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-initialize.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-initialize.yaml deleted file mode 100644 index b09afa0c0..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-initialize.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.initialize }} -{{- if .Values.components.pulsar_manager }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-init" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_manager.component }} -spec: - template: - spec: - initContainers: - # This init container will wait for bookkeeper to be ready before - # deploying the broker - - name: wait-pulsar-manager-ready - image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" - imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} - command: ["sh", "-c"] - args: - - > - pmServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-backend | grep Name | wc -l)"; - until [ ${pmServiceNumber} -ge 1 ]; do - echo "Pulsar Manager cluster {{ template "pulsar.fullname" . }} isn't ready yet ... check in 10 seconds ..."; - sleep 10; - pmServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-backend | grep Name | wc -l)"; - done; - echo "Pulsar Manager cluster is ready"; - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}" - image: "{{ .Values.images.pulsar_manager.repository }}:{{ .Values.images.pulsar_manager.tag }}" - imagePullPolicy: {{ .Values.images.pulsar_manager.pullPolicy }} - command: ["sh", "-c"] - args: - - > - apk add curl; - export CSRF_TOKEN=$(curl http://{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-backend:{{ .Values.pulsar_manager.ports.backend }}/pulsar-manager/csrf-token); - curl -H "Content-Type: application/json" \ - -H "X-XSRF-TOKEN: $CSRF_TOKEN" \ - -H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \ - -X PUT \ - http://{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-backend:{{ .Values.pulsar_manager.ports.backend }}/pulsar-manager/users/superuser \ - -d '{"name": "{{ .Values.pulsar_manager.superuser.user }}", "password": "{{ .Values.pulsar_manager.superuser.password }}", "description": "{{ .Values.pulsar_manager.superuser.description }}", "email": "{{ .Values.pulsar_manager.superuser.email }}"}' - restartPolicy: Never -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-pvc.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-pvc.yaml deleted file mode 100644 index 31bd735dd..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_manager }} -{{- if and .Values.volumes.persistence .Values.pulsar_manager.volumes.persistence }} -{{- if or (not (or .Values.pulsar_manager.volumes.data.storageClass .Values.pulsar_manager.volumes.data.storageClassName)) .Values.pulsar_manager.volumes.data.useVolumeClaimTemplates }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - resources: - requests: - storage: {{ .Values.pulsar_manager.volumes.data.size }} - accessModes: [ "ReadWriteOnce" ] -{{- if and .Values.volumes.local_storage .Values.pulsar_manager.volumes.data.local_storage }} - storageClassName: "local-storage" -{{- else }} - {{- if .Values.pulsar_manager.volumes.data.storageClass }} - storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }}" - {{- else if .Values.pulsar_manager.volumes.data.storageClassName }} - storageClassName: {{ .Values.pulsar_manager.volumes.data.storageClassName }} - {{- end -}} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-service.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-service.yaml deleted file mode 100644 index da3b566ee..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_manager }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_manager.component }} - annotations: -{{ toYaml .Values.pulsar_manager.service.annotations | indent 4 }} -spec: -{{- if .Values.pulsar_manager.service.type }} - type: {{ .Values.pulsar_manager.service.type }} -{{- else }} - clusterIP: None -{{- end }} -{{- with .Values.pulsar_manager.service.spec }} -{{ toYaml . | indent 2 }} -{{- end }} - ports: - - name: frontend - port: {{ .Values.pulsar_manager.service.ports.frontend }} - protocol: TCP - targetPort: {{ .Values.pulsar_manager.ports.frontend }} - selector: - app: {{ template "pulsar.name" . }} - release: {{ .Release.Name }} - component: {{ .Values.pulsar_manager.component }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-statefulset.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-statefulset.yaml deleted file mode 100644 index 156d8fb12..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-statefulset.yaml +++ /dev/null @@ -1,172 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_manager }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_manager.component }} -{{- with .Values.pulsar_manager.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" - replicas: 1 - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.pulsar_manager.component }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.pulsar_manager.component }} - annotations: -{{- with .Values.pulsar_manager.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - checksum/config: {{ include (print $.Template.BasePath "/pulsar-manager/pulsar-manager-configmap.yaml") . | sha256sum }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - {{- if .Values.pulsar_manager.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.pulsar_manager.imagePullSecrets }} - {{- end }} - {{- if .Values.pulsar_manager.nodeSelector }} - nodeSelector: -{{ toYaml .Values.pulsar_manager.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.pulsar_manager.tolerations }} - tolerations: -{{ toYaml .Values.pulsar_manager.tolerations | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.pulsar_manager.gracePeriod }} - initContainers: - # This init container will wait for broker to be ready before - # deploying the pulsar manager - - name: wait-broker-ready - image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" - imagePullPolicy: {{ .Values.images.broker.pullPolicy }} - command: ["sh", "-c"] - args: - - > - brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; - until [ ${brokerServiceNumber} -ge 1 ]; do - echo "broker cluster {{ template "pulsar.fullname" . }} isn't ready yet ... check in 10 seconds ..."; - sleep 10; - brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; - done; - echo "broker cluster is ready"; - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" - image: "{{ .Values.images.pulsar_manager.repository }}:{{ .Values.images.pulsar_manager.tag }}" - imagePullPolicy: {{ .Values.images.pulsar_manager.pullPolicy }} - {{- if .Values.pulsar_manager.resources }} - resources: -{{ toYaml .Values.pulsar_manager.resources | indent 12 }} - {{- end }} - {{- if .Values.pulsar_manager.probe.readiness.enabled }} - readinessProbe: - tcpSocket: - port: {{ .Values.pulsar_manager.ports.backend }} - initialDelaySeconds: {{ .Values.pulsar_manager.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.pulsar_manager.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.pulsar_manager.probe.readiness.failureThreshold }} - {{- end }} - {{- if .Values.pulsar_manager.probe.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.pulsar_manager.ports.backend }} - initialDelaySeconds: {{ .Values.pulsar_manager.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.pulsar_manager.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.pulsar_manager.probe.liveness.failureThreshold }} - {{- end }} - {{- if .Values.pulsar_manager.probe.startup.enabled }} - startupProbe: - tcpSocket: - port: {{ .Values.pulsar_manager.ports.backend }} - initialDelaySeconds: {{ .Values.pulsar_manager.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.pulsar_manager.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.pulsar_manager.probe.startup.failureThreshold }} - {{- end }} - command: ["sh", "-c"] - args: - - > - /pulsar-manager/pulsar-manager.sh - ports: - - name: frontend - containerPort: {{ .Values.pulsar_manager.ports.frontend }} - - name: backend - containerPort: {{ .Values.pulsar_manager.ports.backend }} - volumeMounts: - - name: pulsar-manager-data - mountPath: /data - - name: pulsar-manager-script - mountPath: "/pulsar-manager/pulsar-manager.sh" - subPath: entrypoint.sh - - name: pulsar-manager-backend-script - mountPath: "/pulsar-manager/pulsar-backend-entrypoint.sh" - subPath: backend_entrypoint.sh - {{- include "pulsar.pulsar_manager.token.volumeMounts" . | nindent 10 }} - {{- include "pulsar.pulsar_manager.certs.volumeMounts" . | nindent 10 }} - volumes: - {{- if not (and .Values.volumes.persistence .Values.pulsar_manager.volumes.persistence) }} - - name: pulsar-manager-data - emptyDir: {} - {{- end }} - {{- if and .Values.volumes.persistence .Values.pulsar_manager.volumes.persistence }} - {{- if or (not (or .Values.pulsar_manager.volumes.data.storageClass .Values.pulsar_manager.volumes.data.storageClassName)) .Values.pulsar_manager.volumes.data.useVolumeClaimTemplates }} - - name: pulsar-manager-data - persistentVolumeClaim: - claimName: "{{ template "pulsar.pulsar_manager.data.pvc.name" . }}" - {{- end }} - {{- end }} - - name: pulsar-manager-script - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-configmap" - defaultMode: 0755 - - name: pulsar-manager-backend-script - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-configmap" - defaultMode: 0755 - {{- include "pulsar.pulsar_manager.token.volumes" . | nindent 6 }} - {{- include "pulsar.pulsar_manager.certs.volumes" . | nindent 6 }} - {{- if and (or .Values.pulsar_manager.volumes.data.storageClass .Values.pulsar_manager.volumes.data.storageClassName) (not .Values.pulsar_manager.volumes.data.useVolumeClaimTemplates) }} - volumeClaimTemplates: - - metadata: - name: pulsar-manager-data - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.pulsar_manager.volumes.data.size }} - {{- include "pulsar.pulsar_manager.data.storage.class" . | nindent 6 }} - {{- end }} -{{- end }} diff --git a/charts/pulsar/templates/pulsar-manager/pulsar-manager-storageclass.yaml b/charts/pulsar/templates/pulsar-manager/pulsar-manager-storageclass.yaml deleted file mode 100644 index f68ea82d1..000000000 --- a/charts/pulsar/templates/pulsar-manager/pulsar-manager-storageclass.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.pulsar_manager }} -{{- if and .Values.volumes.persistence .Values.pulsar_manager.volumes.persistence }} -{{- if .Values.pulsar_manager.volumes.data.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.pulsar_manager.component }} -provisioner: {{ .Values.pulsar_manager.volumes.data.storageClass.provisioner }} -parameters: - type: {{ .Values.pulsar_manager.volumes.data.storageClass.type }} - fsType: {{ .Values.pulsar_manager.volumes.data.storageClass.fsType }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/tls/_tls.tpl b/charts/pulsar/templates/tls/_tls.tpl deleted file mode 100644 index c87a5ffa4..000000000 --- a/charts/pulsar/templates/tls/_tls.tpl +++ /dev/null @@ -1,10 +0,0 @@ -{{/* -Define the tls issuer -*/}} -{{- define "pulsar.tls.public_issuer" -}} -{{- if and .Values.certs.public_issuer.enabled .Values.certs.public_issuer.issuer_override -}} -{{ .Values.certs.public_issuer.issuer_override }} -{{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.certs.public_issuer.component }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/tls/keytool.yaml b/charts/pulsar/templates/tls/keytool.yaml deleted file mode 100644 index 87c772be5..000000000 --- a/charts/pulsar/templates/tls/keytool.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# script to process key/cert to keystore and truststore -{{- if .Values.tls.enabled }} -{{- if or .Values.tls.zookeeper.enabled (or .Values.tls.pulsar_manager.enabled (and .Values.tls.broker.enabled .Values.components.kop)) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: keytool -data: - keytool.sh: | - #!/bin/bash - component=$1 - name=$2 - isClient=$3 - crtFile=/pulsar/certs/${component}/tls.crt - keyFile=/pulsar/certs/${component}/tls.key - caFile=/pulsar/certs/ca/ca.crt - p12File=/pulsar/${component}.p12 - keyStoreFile=/pulsar/${component}.keystore.jks - trustStoreFile=/pulsar/${component}.truststore.jks - - function checkFile() { - local file=$1 - local len=$(wc -c ${file} | awk '{print $1}') - echo "processing ${file} : len = ${len}" - if [ ! -f ${file} ]; then - echo "${file} is not found" - return -1 - fi - if [ $len -le 0 ]; then - echo "${file} is empty" - return -1 - fi - } - - function ensureFileNotEmpty() { - local file=$1 - until checkFile ${file}; do - echo "file isn't initialized yet ... check in 3 seconds ..." && sleep 3; - done; - } - - ensureFileNotEmpty ${crtFile} - ensureFileNotEmpty ${keyFile} - ensureFileNotEmpty ${caFile} - - export PASSWORD=$(head /dev/urandom | base64 | head -c 24) - - openssl pkcs12 \ - -export \ - -in ${crtFile} \ - -inkey ${keyFile} \ - -out ${p12File} \ - -name ${name} \ - -passout "pass:${PASSWORD}" - - keytool -importkeystore \ - -srckeystore ${p12File} \ - -srcstoretype PKCS12 -srcstorepass "${PASSWORD}" \ - -alias ${name} \ - -destkeystore ${keyStoreFile} \ - -deststorepass "${PASSWORD}" - - keytool -import \ - -file ${caFile} \ - -storetype JKS \ - -alias ${name} \ - -keystore ${trustStoreFile} \ - -storepass "${PASSWORD}" \ - -trustcacerts -noprompt - - ensureFileNotEmpty ${keyStoreFile} - ensureFileNotEmpty ${trustStoreFile} - - if [[ "x${isClient}" == "xtrue" ]]; then - echo "update tls client settings ..." -{{- if .Values.tls.zookeeper.enabled }} - echo $'\n' >> conf/pulsar_env.sh - echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh - echo $'\n' >> conf/bkenv.sh - echo "BOOKIE_EXTRA_OPTS=\"${BOOKIE_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/bkenv.sh - echo $'\n' >> conf/bkenv.sh -{{- end }} -{{- if and .Values.tls.broker.enabled .Values.components.kop }} - echo $'\n' >> conf/broker.conf - echo "kopSslKeystorePassword=${PASSWORD}" >> conf/broker.conf - echo $'\n' >> conf/broker.conf - echo "kopSslKeyPassword=${PASSWORD}" >> conf/broker.conf - echo $'\n' >> conf/broker.conf - echo "kopSslTruststorePassword=${PASSWORD}" >> conf/broker.conf -{{- end }} - else - echo "update tls client settings ..." -{{- if .Values.tls.zookeeper.enabled }} - echo $'\n' >> conf/pulsar_env.sh - echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh -{{- end }} - fi - echo ${PASSWORD} > conf/password -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/tls/tls-cert-internal-issuer.yaml b/charts/pulsar/templates/tls/tls-cert-internal-issuer.yaml deleted file mode 100644 index c457e182c..000000000 --- a/charts/pulsar/templates/tls/tls-cert-internal-issuer.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.certs.internal_issuer.enabled }} -{{- if eq .Values.certs.internal_issuer.type "selfsigning" }} -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - selfSigned: {} ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-ca" - namespace: {{ template "pulsar.namespace" . }} -spec: - secretName: "{{ .Release.Name }}-ca-tls" - commonName: "{{ template "pulsar.namespace" . }}.svc.cluster.local" - usages: - - server auth - - client auth - isCA: true - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io - {{- with .Values.certs.ca.annotations }} - secretTemplate: - annotations: - {{ toYaml . | nindent 6 }} - {{- end }} ---- - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - namespace: {{ template "pulsar.namespace" . }} -spec: - ca: - secretName: "{{ .Release.Name }}-ca-tls" -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/tls/tls-cert-public-issuer.yaml b/charts/pulsar/templates/tls/tls-cert-public-issuer.yaml deleted file mode 100644 index c36577507..000000000 --- a/charts/pulsar/templates/tls/tls-cert-public-issuer.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.external_dns.enabled }} -{{- if .Values.certs.public_issuer.enabled }} -{{- if eq .Values.certs.public_issuer.type "acme" }} -{{- if not .Values.certs.public_issuer.issuer_override }} -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.public_issuer.component }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - acme: - email: {{ .Values.certs.issuers.acme.email }} - server: {{ .Values.certs.issuers.acme.server }} - privateKeySecretRef: - # Secret resource used to store the account's private key. - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.public_issuer.component }}-private-key" - # Add a single challenge solver, HTTP01 using nginx - solvers: - - dns01: - cnameStrategy: Follow - {{- if eq .Values.certs.issuers.acme.solver "clouddns" }} - {{- if .Values.certs.issuers.acme.solvers.clouddns }} - cloudDNS: -{{ toYaml .Values.certs.issuers.acme.solvers.clouddns | indent 10 }} - {{- end }} - {{- end }} - {{- if eq .Values.certs.issuers.acme.solver "route53" }} - {{- if .Values.certs.issuers.acme.solvers.route53 }} - route53: -{{ toYaml .Values.certs.issuers.acme.solvers.route53 | indent 10 }} - {{- end }} - {{- end }} - {{- if eq .Values.certs.issuers.acme.solver "cloudflare" }} - {{- if .Values.certs.issuers.acme.solvers.cloudflare }} - cloudflare: -{{ toYaml .Values.certs.issuers.acme.solvers.cloudflare | indent 10 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/tls/tls-certs-internal.yaml b/charts/pulsar/templates/tls/tls-certs-internal.yaml deleted file mode 100644 index 1187b2a4c..000000000 --- a/charts/pulsar/templates/tls/tls-certs-internal.yaml +++ /dev/null @@ -1,382 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.tls.enabled }} -{{- if .Values.certs.internal_issuer.enabled }} - -{{- if .Values.tls.proxy.enabled }} -{{- if not (and .Values.external_dns.enabled .Values.certs.public_issuer.enabled) }} -# only configure issue private certicate for proxy when public_issuer is not used -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.proxy.commonNameOverride }} - commonName: "{{ .Values.tls.proxy.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - # At least one of a DNS Name, USI SAN, or IP address is required. - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} -{{- end }} - -{{- if or .Values.tls.zookeeper.enabled .Values.tls.bookie.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.presto.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.presto.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - # At least one of a DNS Name, USI SAN, or IP address is required. - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.presto.coordinator.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.presto.coordinator.component }}" - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.presto.worker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.presto.worker.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} - -{{- if or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.broker.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.broker.commonNameOverride }} - commonName: "{{ .Values.tls.broker.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - # At least one of a DNS Name, USI SAN, or IP address is required. - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} - -{{- if or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.bookie.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.bookie.commonNameOverride }} - commonName: "{{ .Values.tls.bookie.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} - -{{- if .Values.tls.zookeeper.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.autorecovery.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.autorecovery.commonNameOverride }} - commonName: "{{ .Values.tls.autorecovery.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.zookeeper.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.zookeeper.commonNameOverride }} - commonName: "{{ .Values.tls.zookeeper.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} - -{{- if or .Values.tls.pulsar_manager.enabled .Values.tls.broker.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.pulsar_manager.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.pulsar_manager.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.pulsar_manager.commonNameOverride }} - commonName: "{{ .Values.tls.pulsar_manager.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - # At least one of a DNS Name, USI SAN, or IP address is required. - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} - -{{- if or .Values.tls.zookeeper.enabled (and .Values.tls.broker.enabled .Values.components.kop) }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.toolset.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}" - duration: "{{ .Values.tls.common.duration }}" - renewBefore: "{{ .Values.tls.common.renewBefore }}" - subject: - organizations: - {{ toYaml .Values.tls.common.organization | nindent 4 }} - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - {{- if .Values.tls.toolset.commonNameOverride }} - commonName: "{{ .Values.tls.toolset.commonNameOverride }}" - {{- else }} - commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - {{- end }} - isCA: false - privateKey: - size: {{ .Values.tls.common.keySize }} - algorithm: {{ .Values.tls.common.keyAlgorithm }} - encoding: {{ .Values.tls.common.keyEncoding }} - usages: - - server auth - - client auth - dnsNames: - - "*.{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ template "pulsar.namespace" . }}.svc.cluster.local" - - "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io ---- -{{- end }} - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/tls/tls-certs-public.yaml b/charts/pulsar/templates/tls/tls-certs-public.yaml deleted file mode 100644 index 24748f298..000000000 --- a/charts/pulsar/templates/tls/tls-certs-public.yaml +++ /dev/null @@ -1,75 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.external_dns.enabled }} -{{- if .Values.certs.public_issuer.enabled }} -{{- if .Values.tls.enabled }} -{{- if .Values.tls.proxy.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}" - namespace: {{ template "pulsar.namespace" . }} -spec: - {{- if .Values.ingress.proxy.external_domain }} - commonName: {{ .Values.ingress.proxy.external_domain }} - {{- end }} - # Secret names are always required. - secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}" - dnsNames: - - "{{ template "pulsar.service_domain" . }}" - {{- if .Values.ingress.proxy.wildcardDomain }} - - "*.{{ template "pulsar.service_domain" . }}" - {{- end }} - {{- if .Values.ingress.kop.enabled }} - - "{{ .Values.ingress.kop.external_domain }}" - - "*.{{ .Values.ingress.kop.external_domain }}" - {{- end }} - # Issuer references are always required. - issuerRef: - name: "{{ template "pulsar.tls.public_issuer" . }}" - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: {{ .Values.certs.public_issuer.issuer_type | default "Issuer" }} - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io -{{- if .Values.tls.kop.enabled }} - keystores: - jks: - create: true - passwordSecretRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}-jks-passwd" - key: password -{{- end }} ---- -{{- if .Values.tls.kop.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}-jks-passwd" - namespace: {{ template "pulsar.namespace" . }} -type: Opaque -stringData: - password: "{{ .Values.tls.kop.jks.password }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/toolset/_toolset.tpl b/charts/pulsar/templates/toolset/_toolset.tpl deleted file mode 100644 index 1b96fd216..000000000 --- a/charts/pulsar/templates/toolset/_toolset.tpl +++ /dev/null @@ -1,265 +0,0 @@ -{{/* -Define the pulsar toolset service -*/}} -{{- define "pulsar.toolset.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }} -{{- end }} - -{{/* -Define the toolset hostname -*/}} -{{- define "pulsar.toolset.hostname" -}} -${HOSTNAME}.{{ template "pulsar.toolset.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end -}} - -{{/* -Define toolset zookeeper client tls settings -*/}} -{{- define "pulsar.toolset.zookeeper.tls.settings" -}} -{{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled (and .Values.tls.broker.enabled .Values.components.kop)) }} -/pulsar/keytool/keytool.sh toolset {{ template "pulsar.toolset.hostname" . }} true; -{{- end -}} -{{- end }} - -{{/* -Define toolset kafka settings -*/}} -{{- define "pulsar.toolset.kafka.settings" -}} -{{- if and .Values.tls.enabled (and .Values.tls.broker.enabled .Values.components.kop) }} -cp conf/kafka.properties.template conf/kafka.properties; -echo "ssl.truststore.password=$(cat conf/password)" >> conf/kafka.properties; -{{- if and .Values.auth.authentication.enabled (eq .Values.auth.authentication.provider "jwt") }} -echo "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \\" >> conf/kafka.properties; -echo ' username="public/default" \' >> conf/kafka.properties; -echo " password=\"token:$(cat /pulsar/tokens/client/token)\";" >> conf/kafka.properties; -{{- end -}} -{{- end -}} -{{- end }} - -{{/* -Define toolset token mounts -*/}} -{{- define "pulsar.toolset.token.volumeMounts" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -- mountPath: "/pulsar/tokens" - name: client-token - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define toolset token volumes -*/}} -{{- define "pulsar.toolset.token.volumes" -}} -{{- if .Values.auth.authentication.enabled }} -{{- if eq .Values.auth.authentication.provider "jwt" }} -- name: client-token - secret: - secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}" - items: - - key: TOKEN - path: client/token -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define toolset tls certs mounts -*/}} -{{- define "pulsar.toolset.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled .Values.tls.broker.enabled) }} -- name: toolset-certs - mountPath: "/pulsar/certs/toolset" - readOnly: true -- name: ca - mountPath: "/pulsar/certs/ca" - readOnly: true -{{- if or .Values.tls.zookeeper.enabled (and .Values.tls.broker.enabled .Values.components.kop) }} -- name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh -{{- end }} -{{- end }} -{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }} -{{- if .Values.tls.proxy.untrustedCa }} -- mountPath: "/pulsar/certs/proxy-ca" - name: proxy-ca - readOnly: true -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define toolset tls certs volumes -*/}} -{{- define "pulsar.toolset.certs.volumes" -}} -{{- if and .Values.tls.enabled (or .Values.tls.zookeeper.enabled .Values.tls.broker.enabled) }} -- name: toolset-certs - secret: - secretName: "{{ template "pulsar.toolset.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -{{- if or .Values.tls.zookeeper.enabled (and .Values.tls.broker.enabled .Values.components.kop) }} -- name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 -{{- end }} -{{- end }} -{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }} -{{- if .Values.tls.proxy.untrustedCa }} -- name: proxy-ca - secret: - {{- if and .Values.certs.public_issuer.enabled (eq .Values.certs.public_issuer.type "acme") }} - secretName: {{ .Values.certs.lets_encrypt.ca_ref.secretName }} - items: - - key: {{ .Values.certs.lets_encrypt.ca_ref.keyName }} - path: ca.crt - {{- else }} - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define toolset log mounts -*/}} -{{- define "pulsar.toolset.log.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-log4j2" - mountPath: "{{ template "pulsar.home" . }}/conf/log4j2.yaml" - subPath: log4j2.yaml -{{- end }} - -{{/* -Define toolset log volumes -*/}} -{{- define "pulsar.toolset.log.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-log4j2" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" -{{- end }} - -{{/* -Define toolset kafka conf mounts -*/}} -{{- define "pulsar.toolset.kafka.conf.volumeMounts" -}} -{{- if and .Values.tls.broker.enabled .Values.components.kop }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-kafka-conf" - mountPath: "{{ template "pulsar.home" . }}/conf/kafka.properties.template" - subPath: kafka.properties -{{- end }} -{{- end }} - -{{/* -Define toolset log volumes -*/}} -{{- define "pulsar.toolset.kafka.conf.volumes" -}} -{{- if and .Values.tls.broker.enabled .Values.components.kop }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-kafka-conf" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" -{{- end }} -{{- end }} - -{{/* -pulsar toolset image -*/}} -{{- define "pulsar.toolset.image" -}} -{{- if .Values.images.toolset }} -image: "{{ .Values.images.toolset.repository }}:{{ .Values.images.toolset.tag }}" -imagePullPolicy: {{ .Values.images.toolset.pullPolicy }} -{{- else }} -image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" -imagePullPolicy: {{ .Values.images.broker.pullPolicy }} -{{- end }} -{{- end }} - -{{/* -Define the toolset web service url -*/}} -{{- define "toolset.web.service.url" -}} -{{- if .Values.toolset.pulsarAdminUrlOverride -}} -{{ .Values.toolset.pulsarAdminUrlOverride }} -{{- else -}} -{{- if not .Values.toolset.useProxy -}} -{{- if and .Values.tls.enabled .Values.tls.broker.enabled -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }} -{{- else -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} -{{- end -}} -{{- else -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.httpsServicePort | default .Values.proxy.ports.https }} -{{- else -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.http }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Define the toolset broker service url -*/}} -{{- define "toolset.broker.service.url" -}} -{{- if .Values.toolset.pulsarServiceUrlOverride -}} -{{ .Values.toolset.pulsarServiceUrlOverride }} -{{- else -}} -{{- if not .Values.toolset.useProxy -}} -{{- if and .Values.tls.enabled .Values.tls.broker.enabled -}} -pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }} -{{- else -}} -pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }} -{{- end -}} -{{- else -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} -pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsarssl }} -{{- else -}} -pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsar }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Define pulsarctl config volume mount -*/}} -{{- define "pulsar.toolset.pulsarctl.conf.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl" - mountPath: "{{ template "pulsar.home" . }}/conf/pulsarctl.config" - subPath: pulsarctl.config -{{- end }} - -{{/* -Define toolset pulsarctl config volumes -*/}} -{{- define "pulsar.toolset.pulsarctl.conf.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-pulsarctl" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" -{{- end }} - -{{/* -Define toolset TLS certificate secret name -*/}} -{{- define "pulsar.toolset.tls.secret.name" -}} -{{- if .Values.tls.toolset.certSecretName -}} -{{- .Values.tls.toolset.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/toolset/toolset-configmap.yaml b/charts/pulsar/templates/toolset/toolset-configmap.yaml deleted file mode 100644 index 10c10729f..000000000 --- a/charts/pulsar/templates/toolset/toolset-configmap.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.toolset }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.toolset.component }} -data: - BOOKIE_LOG_APPENDER: "RollingFile" - {{- include "pulsar.bookkeeper.config.common" . | nindent 2 }} - webServiceUrl: "{{ template "toolset.web.service.url" . }}" - brokerServiceUrl: "{{ template "toolset.broker.service.url" . }}" - {{- if not .Values.toolset.useProxy }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - useTls: "true" - tlsAllowInsecureConnection: "false" - tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" - tlsEnableHostnameVerification: "false" - {{- end }} - {{- else }} - {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} - useTls: "true" - tlsAllowInsecureConnection: "false" - {{- if .Values.tls.proxy.untrustedCa }} - tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt" - {{- end }} - tlsEnableHostnameVerification: "false" - {{- end }} - {{- end }} - # Authentication Settings - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - authParams: "file:///pulsar/tokens/client/token" - authPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" - {{- end }} - {{- end }} -{{ toYaml .Values.toolset.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ (.Files.Glob "conf/toolset/log4j2.yaml").AsConfig | indent 2 }} -{{- if and .Values.tls.broker.enabled .Values.components.kop }} - kafka.properties: | -{{- if and .Values.auth.authentication.enabled (eq .Values.auth.authentication.provider "jwt") }} - security.protocol=SASL_SSL - sasl.mechanism=PLAIN -{{- else }} - security.protocol=SSL -{{- end }} - ssl.truststore.location=/pulsar/toolset.truststore.jks - ssl.endpoint.identification.algorithm= -{{- end }} - pulsarctl.config: | - auth-info: - default: - locationoforigin: /root/.config/pulsar/config - {{- if not .Values.toolset.useProxy }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} - tls_trust_certs_file_path: "/pulsar/certs/ca/ca.crt" - {{- end }} - {{- else }} - {{- if and .Values.tls.enabled (and .Values.tls.proxy.enabled .Values.tls.proxy.untrustedCa) }} - tls_trust_certs_file_path: "/pulsar/certs/proxy-ca/ca.crt" - {{- end }} - {{- end }} - tls_allow_insecure_connection: false - token: "" - {{- if .Values.auth.authentication.enabled }} - {{- if eq .Values.auth.authentication.provider "jwt" }} - tokenFile: "/pulsar/tokens/client/token" - {{- end }} - {{- end }} - issuer_endpoint: "" - client_id: "" - audience: "" - key_file: "" - contexts: - default: - admin-service-url: "{{ template "toolset.web.service.url" . }}" - bookie-service-url: http://{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}:{{ .Values.bookkeeper.ports.http }} - current-context: default -{{- end }} diff --git a/charts/pulsar/templates/toolset/toolset-service.yaml b/charts/pulsar/templates/toolset/toolset-service.yaml deleted file mode 100644 index 7ea0a5f87..000000000 --- a/charts/pulsar/templates/toolset/toolset-service.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.toolset }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.toolset.component }} -spec: - clusterIP: None - selector: - {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.toolset.component }} -{{- end }} diff --git a/charts/pulsar/templates/toolset/toolset-statefulset.yaml b/charts/pulsar/templates/toolset/toolset-statefulset.yaml deleted file mode 100644 index 2ee79dfb6..000000000 --- a/charts/pulsar/templates/toolset/toolset-statefulset.yaml +++ /dev/null @@ -1,132 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.components.toolset }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.toolset.component }} -{{- with .Values.toolset.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - replicas: {{ .Values.toolset.replicaCount }} - updateStrategy: - type: RollingUpdate - podManagementPolicy: Parallel - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.toolset.component }} - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.toolset.component }} - annotations: - {{- if .Values.toolset.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/toolset/toolset-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.toolset.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.toolset.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.toolset.imagePullSecrets }} - {{- end }} - {{- if .Values.toolset.nodeSelector }} - nodeSelector: -{{ toYaml .Values.toolset.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.toolset.tolerations }} - tolerations: -{{ toYaml .Values.toolset.tolerations | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.toolset.gracePeriod }} - containers: - - name: "pulsar" - {{- include "pulsar.toolset.image" . | nindent 8 }} - {{- if .Values.toolset.resources }} - resources: -{{ toYaml .Values.toolset.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - bin/apply-config-from-env.py conf/client.conf; - bin/apply-config-from-env.py conf/bookkeeper.conf; - {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }} - echo "Configuring pulsarctl context ..."; - mkdir -p /root/.config/pulsar; - cp {{ template "pulsar.home" . }}/conf/pulsarctl.config /root/.config/pulsar/config; - echo "Successfully configured pulsarctl context."; - sleep 10000000000 - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - env: -{{- with .Values.toolset.extraEnv}} -{{ toYaml . | indent 8 }} -{{- end }} - volumeMounts: - {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} - {{- include "pulsar.toolset.token.volumeMounts" . | nindent 8 }} - {{- include "pulsar.toolset.log.volumeMounts" . | nindent 8 }} - {{- include "pulsar.toolset.pulsarctl.conf.volumeMounts" . | nindent 8 }} - {{- if .Values.components.kop }} - - name: "kafka" - image: "confluentinc/cp-kafka:6.2.0" - imagePullPolicy: {{ .Values.images.broker.pullPolicy }} - workingDir: {{ template "pulsar.home" . }} - {{- if .Values.toolset.resources }} - resources: -{{ toYaml .Values.toolset.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }} - {{- include "pulsar.toolset.kafka.settings" . | nindent 10 }} - sleep 10000000000 - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" - env: -{{- with .Values.toolset.extraEnv}} -{{ toYaml . | indent 8 }} -{{- end }} - volumeMounts: - {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} - {{- include "pulsar.toolset.token.volumeMounts" . | nindent 8 }} - {{- include "pulsar.toolset.kafka.conf.volumeMounts" . | nindent 8 }} - {{- end }} - volumes: - {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} - {{- include "pulsar.toolset.token.volumes" . | nindent 6 }} - {{- include "pulsar.toolset.log.volumes" . | nindent 6 }} - {{- include "pulsar.toolset.kafka.conf.volumes" . | nindent 6 }} - {{- include "pulsar.toolset.pulsarctl.conf.volumes" . | nindent 6 }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/_backup_restore.tpl b/charts/pulsar/templates/zookeeper/_backup_restore.tpl deleted file mode 100644 index 2529c9db9..000000000 --- a/charts/pulsar/templates/zookeeper/_backup_restore.tpl +++ /dev/null @@ -1,24 +0,0 @@ - -{{- define "pulsar.zookeeper.backup.serviceAccount" -}} -{{- if .Values.zookeeper.customTools.serviceAccount.create -}} -{{- if .Values.zookeeper.customTools.serviceAccount.name -}} -{{ .Values.zookeeper.customTools.serviceAccount.name }} -{{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-acct -{{- end -}} -{{- else -}} -{{ .Values.zookeeper.customTools.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{- define "pulsar.zookeeper.restore.serviceAccount" -}} -{{- if .Values.zookeeper.customTools.serviceAccount.create -}} -{{- if .Values.zookeeper.customTools.serviceAccount.name -}} -{{ .Values.zookeeper.customTools.serviceAccount.name }} -{{- else -}} -{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-acct -{{- end -}} -{{- else -}} -{{ .Values.zookeeper.customTools.serviceAccount.name }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/pulsar/templates/zookeeper/_zookeeper.tpl b/charts/pulsar/templates/zookeeper/_zookeeper.tpl deleted file mode 100644 index b5bcd9a35..000000000 --- a/charts/pulsar/templates/zookeeper/_zookeeper.tpl +++ /dev/null @@ -1,258 +0,0 @@ -{{/* -Define the pulsar zookeeper -*/}} -{{- define "pulsar.zookeeper.service" -}} -{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} -{{- end }} - -{{/* -Define the pulsar zookeeper -*/}} -{{- define "pulsar.zookeeper.connect" -}} -{{$zk:=.Values.pulsar_metadata.userProvidedZookeepers}} -{{- if and (not .Values.components.zookeeper) $zk }} -{{- $zk -}} -{{ else }} -{{- if not (and .Values.tls.enabled .Values.tls.zookeeper.enabled) -}} -{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.client }} -{{- end -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled -}} -{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.clientTls }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Define the pulsar zookeeper plaintext connect -*/}} -{{- define "pulsar.zookeeper.connect.plaintext" -}} -{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.client }} -{{- end -}} - -{{/* -Define the zookeeper hostname -*/}} -{{- define "pulsar.zookeeper.hostname" -}} -${HOSTNAME}.{{ template "pulsar.zookeeper.service" . }}.{{ template "pulsar.namespace" . }}.svc.cluster.local -{{- end -}} - -{{/* -Define zookeeper tls settings -*/}} -{{- define "pulsar.zookeeper.tls.settings" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -/pulsar/keytool/keytool.sh zookeeper {{ template "pulsar.zookeeper.hostname" . }} false; -{{- end }} -{{- end }} - -{{/* -Define zookeeper certs mounts -*/}} -{{- define "pulsar.zookeeper.certs.volumeMounts" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -- mountPath: "/pulsar/certs/zookeeper" - name: zookeeper-certs - readOnly: true -- mountPath: "/pulsar/certs/ca" - name: ca - readOnly: true -- name: keytool - mountPath: "/pulsar/keytool/keytool.sh" - subPath: keytool.sh -{{- end }} -{{- end }} - -{{/* -Define zookeeper certs volumes -*/}} -{{- define "pulsar.zookeeper.certs.volumes" -}} -{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} -- name: zookeeper-certs - secret: - secretName: "{{ template "pulsar.zookeeper.tls.secret.name" . }}" - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -- name: ca - secret: - secretName: "{{ template "pulsar.tls.ca.secret.name" . }}" - items: - - key: ca.crt - path: ca.crt -- name: keytool - configMap: - name: "{{ template "pulsar.fullname" . }}-keytool-configmap" - defaultMode: 0755 -{{- end}} -{{- end }} - - -{{/* -Define zookeeper log mounts -*/}} -{{- define "pulsar.zookeeper.log.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-log4j2" - mountPath: "{{ template "pulsar.home" . }}/conf/log4j2.yaml" - subPath: log4j2.yaml -{{- end }} - -{{/* -Define zookeeper log volumes -*/}} -{{- define "pulsar.zookeeper.log.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-log4j2" - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" -{{- end }} - -{{/*Define zookeeper datadog annotation*/}} -{{- define "pulsar.zookeeper.datadog.annotation"}} -{{- if .Values.datadog.components.zookeeper.enabled }} -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.check_names: | - ["openmetrics"] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.init_configs: | - [{}] -ad.datadoghq.com/{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.instances: | - [ - { - "prometheus_url": "http://%%host%%:{{ .Values.zookeeper.ports.metrics }}/metrics", - "namespace": "{{ .Values.datadog.namespace }}", - "metrics": {{ .Values.datadog.components.zookeeper.metrics }}, - "health_service_check": true, - "prometheus_timeout": 1000, - "max_returned_metrics": 1000000, - "type_overrides": { - "jvm_memory_bytes_used": "gauge", - "jvm_memory_bytes_committed": "gauge", - "jvm_memory_bytes_max": "gauge", - "jvm_memory_bytes_init": "gauge", - "jvm_memory_pool_bytes_used": "gauge", - "jvm_memory_pool_bytes_committed": "gauge", - "jvm_memory_pool_bytes_max": "gauge", - "jvm_memory_pool_bytes_init": "gauge", - "jvm_classes_loaded": "gauge", - "jvm_classes_loaded_total": "counter", - "jvm_classes_unloaded_total": "counter", - "jvm_buffer_pool_used_bytes": "gauge", - "jvm_buffer_pool_capacity_bytes": "gauge", - "jvm_buffer_pool_used_buffers": "gauge", - "jvm_threads_current": "gauge", - "jvm_threads_daemon": "gauge", - "jvm_threads_peak": "gauge", - "jvm_threads_started_total": "counter", - "jvm_threads_deadlocked": "gauge", - "jvm_threads_deadlocked_monitor": "gauge", - "jvm_gc_collection_seconds_count": "gauge", - "jvm_gc_collection_seconds_sum": "gauge", - "jvm_memory_direct_bytes_max": "gauge" - }, - "tags": [ - "pulsar-zookeeper: {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - ] - } - ] -{{- end }} -{{- end }} - -{{/* -Define zookeeper data mounts -*/}} -{{- define "pulsar.zookeeper.data.volumeMounts" -}} -{{- if .Values.zookeeper.volumes.useSeparateDiskForTxlog }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" - mountPath: "/pulsar/data/zookeeper" -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.dataLog.name }}" - mountPath: "/pulsar/data/zookeeper-datalog" -{{- else }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" - mountPath: "/pulsar/data" -{{- end }} -{{- end }} - -{{/* -Define zookeeper data volumes -*/}} -{{- define "pulsar.zookeeper.data.volumes" -}} -{{- if not (and .Values.volumes.persistence .Values.zookeeper.volumes.persistence) }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" - emptyDir: {} -{{- if .Values.zookeeper.volumes.useSeparateDiskForTxlog }} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.dataLog.name }}" - emptyDir: {} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define zookeeper data volumes -*/}} -{{- define "pulsar.zookeeper.data.volumeClaimTemplates" -}} -{{- if and .Values.volumes.persistence .Values.zookeeper.volumes.persistence }} -- metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.zookeeper.volumes.data.size }} - {{- if and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage }} - storageClassName: "local-storage" - {{- else }} - {{- if .Values.zookeeper.volumes.data.storageClass }} - storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" - {{- else if .Values.zookeeper.volumes.data.storageClassName }} - storageClassName: {{ .Values.zookeeper.volumes.data.storageClassName }} - {{- end -}} - {{- end }} -{{- if .Values.zookeeper.volumes.useSeparateDiskForTxlog }} -- metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.dataLog.name }}" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.zookeeper.volumes.dataLog.size }} - {{- if and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage }} - storageClassName: "local-storage" - {{- else }} - {{- if .Values.zookeeper.volumes.dataLog.storageClass }} - storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.dataLog.name }}" - {{- else if .Values.zookeeper.volumes.dataLog.storageClassName }} - storageClassName: {{ .Values.zookeeper.volumes.dataLog.storageClassName }} - {{- end -}} - {{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Define zookeeper gen-zk-conf volume mounts -*/}} -{{- define "pulsar.zookeeper.genzkconf.volumeMounts" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-genzkconf" - mountPath: "{{ template "pulsar.home" . }}/bin/gen-zk-conf.sh" - subPath: gen-zk-conf.sh -{{- end }} - -{{/* -Define zookeeper gen-zk-conf volumes -*/}} -{{- define "pulsar.zookeeper.genzkconf.volumes" -}} -- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-genzkconf" - configMap: - name: "{{ template "pulsar.fullname" . }}-genzkconf-configmap" - defaultMode: 0755 -{{- end }} - -{{/* -Define Zookeeper TLS certificate secret name -*/}} -{{- define "pulsar.zookeeper.tls.secret.name" -}} -{{- if .Values.tls.zookeeper.certSecretName -}} -{{- .Values.tls.zookeeper.certSecretName -}} -{{- else -}} -{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }} -{{- end -}} -{{- end -}} diff --git a/charts/pulsar/templates/zookeeper/gen-zk-conf.yaml b/charts/pulsar/templates/zookeeper/gen-zk-conf.yaml deleted file mode 100644 index d122fd1ee..000000000 --- a/charts/pulsar/templates/zookeeper/gen-zk-conf.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-genzkconf-configmap" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -data: - {{if .Values.zookeeper.genZKCommandOverride }} - {{ with .Values.zookeeper.genZKCommandOverride }} - gen-zk-conf.sh: {{- toYaml . | indent 10 }} - {{- end }} - {{ else }} - gen-zk-conf.sh: | - #!/bin/bash - - # Apply env variables to config file and start the regular command - - CONF_FILE=$1 - IDX=$2 - PEER_TYPE=$3 - - if [ $? != 0 ]; then - echo "Error: Failed to apply changes to config file" - exit 1 - fi - - DOMAIN=`hostname -d` - - if [ -n "${ZOOKEEPER_DOMAIN}" ]; then - ZOOKEEPER_DOMAIN="${ZOOKEEPER_DOMAIN}.$(cut -d '.' -f 2- <<<${DOMAIN})" - else - ZOOKEEPER_DOMAIN=$DOMAIN - fi - - # Generate list of servers and detect the current server ID, - # based on the hostname - ((IDX++)) - for SERVER in $(echo $ZOOKEEPER_SERVERS | tr "," "\n") - do - echo "server.$IDX=$SERVER.$ZOOKEEPER_DOMAIN:2888:3888:${PEER_TYPE};2181" >> $CONF_FILE - - if [ "$HOSTNAME" == "$SERVER" ]; then - MY_ID=$IDX - echo "Current server id $MY_ID" - fi - - ((IDX++)) - done - - if [ -n "${OBSERVER_SERVER}" ]; then - echo "server.$IDX=${OBSERVER_SERVER}.$DOMAIN:2181:2888:observer" >> $CONF_FILE - MY_ID=$IDX - fi - - # For ZooKeeper container we need to initialize the ZK id - if [ ! -z "$MY_ID" ]; then - # Get ZK data dir - DATA_DIR=`grep '^dataDir=' $CONF_FILE | awk -F= '{print $2}'` - if [ ! -e $DATA_DIR/myid ]; then - echo "Creating $DATA_DIR/myid with id = $MY_ID" - mkdir -p $DATA_DIR - echo $MY_ID > $DATA_DIR/myid - fi - fi - {{ end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-backup-clusterrolebinding.yaml b/charts/pulsar/templates/zookeeper/zookeeper-backup-clusterrolebinding.yaml deleted file mode 100644 index c20bc26f1..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-backup-clusterrolebinding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.zookeeper.customTools.serviceAccount.clusterRole }} -{{- if and .Values.zookeeper.customTools.backup.enable .Values.zookeeper.customTools.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-clusterrolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-clusterrole" -subjects: - - kind: ServiceAccount - name: {{ template "pulsar.zookeeper.backup.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-clusterrole" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] - - apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-backup-configmap.yaml b/charts/pulsar/templates/zookeeper/zookeeper-backup-configmap.yaml deleted file mode 100644 index 5face3130..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-backup-configmap.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `zookeeper.customTools.backup.enable` is true -{{- if .Values.zookeeper.customTools.backup.enable }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -data: - pulsar-metadata-tool.properties: | - zkServer=localhost:2181 - zkDataDir=/pulsar/data/zookeeper - zkSnapshotDir=/pulsar/data/zookeeper - backupInterval={{ .Values.zookeeper.customTools.backup.backupInterval }} - bucket={{ .Values.zookeeper.customTools.backup.bucket }} - backupPrefix={{ .Values.zookeeper.customTools.backup.backupPrefix }} - managedLedgerPath={{ .Values.zookeeper.customTools.backup.managedLedgerPath }} - webServerPort={{ .Values.zookeeper.customTools.backup.webServerPort }} - dataDir: /pulsar/data/zookeeper - {{- if .Values.zookeeper.volumes.useSeparateDiskForTxlog }} - # use a seperate disk for tx log - PULSAR_PREFIX_dataLogDir: /pulsar/data/zookeeper-datalog - {{- end }} - PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory - serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory - # enable zookeeper tls - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}" - PULSAR_PREFIX_secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}" - {{- end }} - {{- if .Values.zookeeper.reconfig.enabled }} - PULSAR_PREFIX_reconfigEnabled: "true" - PULSAR_PREFIX_quorumListenOnAllIPs: "true" - {{- end }} - PULSAR_PREFIX_peerType: "observer" -{{ toYaml .Values.zookeeper.customTools.backup.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ (.Files.Glob "conf/zookeeper/log4j2.yaml").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-backup-rolebinding.yaml b/charts/pulsar/templates/zookeeper/zookeeper-backup-rolebinding.yaml deleted file mode 100644 index 2851ec641..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-backup-rolebinding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if not .Values.zookeeper.customTools.serviceAccount.clusterRole }} -{{- if and .Values.zookeeper.customTools.backup.enable .Values.zookeeper.customTools.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-rolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-role" -subjects: - - kind: ServiceAccount - name: {{ template "pulsar.zookeeper.backup.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-role" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] - - apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} - {{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-backup-service.yaml b/charts/pulsar/templates/zookeeper/zookeeper-backup-service.yaml deleted file mode 100644 index 380a1b0d9..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-backup-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `zookeeper.customTools.backup.enable` is true -{{- if .Values.zookeeper.customTools.backup.enable }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} - annotations: -{{ toYaml .Values.zookeeper.service.annotations | indent 4 }} -spec: - ports: - - name: client - port: {{ .Values.zookeeper.ports.client }} - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - - name: client-tls - port: {{ .Values.zookeeper.ports.clientTls }} - {{- end }} - clusterIP: None - publishNotReadyAddresses: true - selector: - {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.customTools.backup.component }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-backup-serviceaccount.yaml b/charts/pulsar/templates/zookeeper/zookeeper-backup-serviceaccount.yaml deleted file mode 100644 index 5b55f7982..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-backup-serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.zookeeper.customTools.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.zookeeper.backup.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.customTools.backup.component }} - annotations: -{{- with .Values.zookeeper.customTools.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-backup-statefulset.yaml b/charts/pulsar/templates/zookeeper/zookeeper-backup-statefulset.yaml deleted file mode 100644 index 65c828904..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-backup-statefulset.yaml +++ /dev/null @@ -1,242 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `zookeeper.customTools.backup.enable` is true -{{- if .Values.zookeeper.customTools.backup.enable }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - replicas: 1 - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.zookeeper.customTools.backup.component }} - updateStrategy: - type: {{ .Values.zookeeper.updateStrategy }} - podManagementPolicy: OrderedReady - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.zookeeper.customTools.backup.component }} - annotations: - {{- if .Values.monitoring.datadog }} - {{- include "pulsar.zookeeper.datadog.annotation" . | nindent 8 }} - {{- end }} - {{- if .Values.zookeeper.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/zookeeper/zookeeper-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.zookeeper.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: {{- toYaml .Values.zookeeper.securityContext | nindent 8}} - {{- if .Values.zookeeper.customTools.serviceAccount.use }} - serviceAccountName: {{ template "pulsar.zookeeper.backup.serviceAccount" . }} - {{- end }} - {{- if .Values.zookeeper.nodeSelector }} - nodeSelector: {{- toYaml .Values.zookeeper.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.zookeeper.tolerations }} - tolerations: {{- toYaml .Values.zookeeper.tolerations | nindent 8 }} - {{- end }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.zookeeper.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.zookeeper.affinity.type }}: - {{ if eq .Values.zookeeper.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.zookeeper.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.zookeeper.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.zookeeper.gracePeriod }} - initContainers: - {{- if .Values.common.extraInitContainers }} - {{- toYaml .Values.common.extraInitContainers | nindent 8 }} - {{- end }} - {{- if .Values.zookeeper.extraInitContainers }} - {{- toYaml .Values.zookeeper.extraInitContainers | nindent 8 }} - {{- end }} - {{- if .Values.zookeeper.customTools.backup.enable }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-service" - image: "{{ .Values.zookeeper.customTools.backup.repository }}:{{ .Values.zookeeper.customTools.backup.tag }}" - imagePullPolicy: {{ .Values.zookeeper.customTools.backup.pullPolicy }} - command: ["sh", "-c"] - args: - - > - bin/pulsar-metadata-tool backup - volumeMounts: - {{- include "pulsar.zookeeper.data.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.log.volumeMounts" . | nindent 8 }} - - name: backup-config - mountPath: /pulsar-metadata-tool/conf/pulsar-metadata-tool - env: - {{- if .Values.zookeeper.customTools.backup.secrets.use }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.zookeeper.customTools.backup.secrets.aws.secretName }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.zookeeper.customTools.backup.secrets.aws.secretName }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - - name: METADATA_TOOL_CONF - value: "/pulsar-metadata-tool/conf/pulsar-metadata-tool/pulsar-metadata-tool.properties" - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - ports: - - name: metrics - containerPort: {{ .Values.zookeeper.customTools.backup.webServerPort }} - {{- end }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - image: "{{ .Values.images.zookeeper.repository }}:{{ .Values.images.zookeeper.tag }}" - imagePullPolicy: {{ .Values.images.zookeeper.pullPolicy }} - {{- if .Values.zookeeper.resources }} - resources: - {{- toYaml .Values.zookeeper.resources | nindent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - bin/apply-config-from-env.py conf/zookeeper.conf; - {{- include "pulsar.zookeeper.tls.settings" . | nindent 10 }} - {{- range $server := .Values.zookeeper.reconfig.zkServers }} - echo "{{ $server }}" >> conf/zookeeper.conf; - {{- end }} - bin/gen-zk-conf.sh conf/zookeeper.conf {{ .Values.zookeeper.initialMyId }} {{ .Values.zookeeper.peerType }}; - cat conf/zookeeper.conf; - bin/pulsar zookeeper; - ports: - - name: metrics - containerPort: {{ .Values.zookeeper.ports.metrics }} - - name: client - containerPort: {{ .Values.zookeeper.ports.client }} - - name: follower - containerPort: {{ .Values.zookeeper.ports.follower }} - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - - name: client-tls - containerPort: {{ .Values.zookeeper.ports.clientTls }} - {{- end }} - env: - - name: ZOOKEEPER_DOMAIN - value: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - - name: OBSERVER_SERVER - value: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}-0" - - name: ZOOKEEPER_SERVERS - value: - {{- $global := . }} - {{ range $i, $e := until (.Values.zookeeper.replicaCount | int) }}{{ if ne $i 0 }},{{ end }}{{ template "pulsar.fullname" $global }}-{{ $global.Values.zookeeper.component }}-{{ printf "%d" $i }}{{ end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - {{- if .Values.zookeeper.probe.readiness.enabled }} - readinessProbe: - exec: - command: - - bin/pulsar-zookeeper-ruok.sh - initialDelaySeconds: {{ .Values.zookeeper.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.zookeeper.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.zookeeper.probe.readiness.failureThreshold }} - timeoutSeconds: {{ .Values.zookeeper.probe.readiness.timeoutSeconds }} - {{- end }} - {{- if .Values.zookeeper.probe.liveness.enabled }} - livenessProbe: - exec: - command: - - bin/pulsar-zookeeper-ruok.sh - initialDelaySeconds: {{ .Values.zookeeper.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.zookeeper.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.zookeeper.probe.liveness.failureThreshold }} - timeoutSeconds: {{ .Values.zookeeper.probe.liveness.timeoutSeconds }} - {{- end }} - {{- if .Values.zookeeper.probe.startup.enabled }} - startupProbe: - exec: - command: - - bin/pulsar-zookeeper-ruok.sh - initialDelaySeconds: {{ .Values.zookeeper.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.zookeeper.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.zookeeper.probe.startup.failureThreshold }} - timeoutSeconds: {{ .Values.zookeeper.probe.startup.timeoutSeconds }} - {{- end }} - volumeMounts: - {{- include "pulsar.zookeeper.data.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.certs.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.log.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.genzkconf.volumeMounts" . | nindent 8 }} - volumes: - {{- include "pulsar.zookeeper.data.volumes" . | nindent 6 }} - {{- include "pulsar.zookeeper.certs.volumes" . | nindent 6 }} - {{- include "pulsar.zookeeper.log.volumes" . | nindent 6 }} - {{- include "pulsar.zookeeper.genzkconf.volumes" . | nindent 6 }} - {{- if .Values.zookeeper.customTools.backup.enable }} - - name: backup-config - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.backup.component }}" - {{- end }} - volumeClaimTemplates: - {{- include "pulsar.zookeeper.data.volumeClaimTemplates" . | nindent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-configmap.yaml b/charts/pulsar/templates/zookeeper/zookeeper-configmap.yaml deleted file mode 100644 index d3404c53c..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-configmap.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `components.zookeeper` is true -{{- if .Values.components.zookeeper }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -data: - dataDir: /pulsar/data/zookeeper - {{- if .Values.zookeeper.volumes.useSeparateDiskForTxlog }} - # use a seperate disk for tx log - PULSAR_PREFIX_dataLogDir: /pulsar/data/zookeeper-datalog - {{- end }} - {{- if .Values.zookeeper.useNettyIO }} - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory - serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory - {{- else }} - PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NIOServerCnxnFactory - serverCnxnFactory: org.apache.zookeeper.server.NIOServerCnxnFactory - {{- end }} - {{- end }} - # enable zookeeper tls - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}" - PULSAR_PREFIX_secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}" - {{- end }} - {{- if .Values.zookeeper.reconfig.enabled }} - PULSAR_PREFIX_reconfigEnabled: "true" - PULSAR_PREFIX_skipACL: "yes" - {{- end }} - PULSAR_PREFIX_peerType: {{ .Values.zookeeper.peerType }} -{{ toYaml .Values.zookeeper.configData | indent 2 }} - # Include log configuration file, If you want to configure the log level and other configuration - # items, you can modify the configmap, and eventually it will overwrite the log4j2.yaml file under conf -{{ (.Files.Glob "conf/zookeeper/log4j2.yaml").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-pdb.yaml b/charts/pulsar/templates/zookeeper/zookeeper-pdb.yaml deleted file mode 100644 index 387a05aeb..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-pdb.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `components.zookeeper` is true -{{- if .Values.components.zookeeper }} -{{- if .Values.zookeeper.pdb.usePolicy }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -spec: - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.zookeeper.component }} - maxUnavailable: {{ .Values.zookeeper.pdb.maxUnavailable }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-restore-clusterrolebinding.yaml b/charts/pulsar/templates/zookeeper/zookeeper-restore-clusterrolebinding.yaml deleted file mode 100644 index 6b07efe8a..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-restore-clusterrolebinding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.zookeeper.customTools.serviceAccount.clusterRole }} -{{- if and .Values.zookeeper.customTools.restore.enable .Values.zookeeper.customTools.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-clusterrolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-clusterrole" -subjects: - - kind: ServiceAccount - name: {{ template "pulsar.zookeeper.restore.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-clusterrole" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] - - apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-restore-configmap.yaml b/charts/pulsar/templates/zookeeper/zookeeper-restore-configmap.yaml deleted file mode 100644 index 4523666de..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-restore-configmap.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `zookeeper.customTools.restore.enable` is true -{{- if .Values.zookeeper.customTools.restore.enable }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}" - namespace: {{ template "pulsar.namespace" . }} -data: - pulsar-metadata-tool.properties: | - zkServer={{ template "pulsar.zookeeper.connect" . }} - zkDataDir=/pulsar/data/zookeeper - zkSnapshotDir=/pulsar/data/zookeeper - backupInterval=30 - bucket={{ .Values.zookeeper.customTools.restore.bucket }} - backupPrefix=test-cluster - downloadTimeout=60 - managedLedgerPath={{ .Values.zookeeper.customTools.restore.managedLedgerPath }} - webServerPort=8088 - restoreVersion={{ .Values.zookeeper.customTools.restore.restoreVersion }} - cleanupBookieMeta={{ .Values.zookeeper.customTools.restore.cleanupBookieMeta }} - cleanupClusterMeta={{ .Values.zookeeper.customTools.restore.cleanupClusterMeta }} -{{ toYaml .Values.zookeeper.customTools.restore.configData | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/pulsar/templates/zookeeper/zookeeper-restore-rolebinding.yaml b/charts/pulsar/templates/zookeeper/zookeeper-restore-rolebinding.yaml deleted file mode 100644 index 18a50ebe4..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-restore-rolebinding.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if not .Values.zookeeper.customTools.serviceAccount.clusterRole }} -{{- if and .Values.zookeeper.customTools.restore.enable .Values.zookeeper.customTools.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-rolebinding" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-role" -subjects: - - kind: ServiceAccount - name: {{ template "pulsar.zookeeper.restore.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}-role" - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: - - configmap - - configmaps - verbs: ["get", "list", "watch"] - - apiGroups: ["", "extensions", "apps"] - resources: - - pods - - services - - deployments - - secrets - - statefulsets - verbs: - - list - - watch - - get - - update - - create - - delete - - patch ---- - -{{- end }} - {{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-restore-serviceaccount.yaml b/charts/pulsar/templates/zookeeper/zookeeper-restore-serviceaccount.yaml deleted file mode 100644 index 5f9953ad9..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-restore-serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -{{- if .Values.zookeeper.customTools.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pulsar.zookeeper.restore.serviceAccount" . }} - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.customTools.restore.component }} - annotations: -{{- with .Values.zookeeper.customTools.serviceAccount.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-service.yaml b/charts/pulsar/templates/zookeeper/zookeeper-service.yaml deleted file mode 100644 index 15452c265..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `components.zookeeper` is true -{{- if .Values.components.zookeeper }} -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} - annotations: -{{ toYaml .Values.zookeeper.service.annotations | indent 4 }} -spec: - ports: - - name: follower - port: {{ .Values.zookeeper.ports.follower }} - - name: leader-election - port: {{ .Values.zookeeper.ports.leaderElection }} - - name: client - port: {{ .Values.zookeeper.ports.client }} - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - - name: client-tls - port: {{ .Values.zookeeper.ports.clientTls }} - {{- end }} - clusterIP: None - publishNotReadyAddresses: true - selector: - {{- include "pulsar.matchLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-statefulset.yaml b/charts/pulsar/templates/zookeeper/zookeeper-statefulset.yaml deleted file mode 100644 index 409b951c3..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-statefulset.yaml +++ /dev/null @@ -1,262 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `components.zookeeper` is true -{{- if .Values.components.zookeeper }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - namespace: {{ template "pulsar.namespace" . }} -{{- with .Values.zookeeper.statefulset.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -{{- with .Values.zookeeper.statefulset.labels }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - replicas: {{ .Values.zookeeper.replicaCount }} - selector: - matchLabels: - {{- include "pulsar.matchLabels" . | nindent 6 }} - component: {{ .Values.zookeeper.component }} - updateStrategy: - type: {{ .Values.zookeeper.updateStrategy }} - podManagementPolicy: {{ .Values.zookeeper.podManagementPolicy | default "Parallel" }} - template: - metadata: - labels: - {{- include "pulsar.template.labels" . | nindent 8 }} - component: {{ .Values.zookeeper.component }} -{{- with .Values.zookeeper.labels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - {{- if .Values.monitoring.datadog }} - {{- include "pulsar.zookeeper.datadog.annotation" . | nindent 8 }} - {{- end }} - {{- if .Values.zookeeper.autoRollDeployment }} - checksum/config: {{ include (print $.Template.BasePath "/zookeeper/zookeeper-configmap.yaml") . | sha256sum }} - {{- end }} -{{- with .Values.zookeeper.annotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: -{{- with .Values.zookeeper.securityContext }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.zookeeper.customTools.serviceAccount.use }} - serviceAccountName: {{ template "pulsar.zookeeper.restore.serviceAccount" . }} - {{- end }} - {{- if .Values.zookeeper.nodeSelector }} - nodeSelector: -{{ toYaml .Values.zookeeper.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.zookeeper.tolerations }} - tolerations: -{{ toYaml .Values.zookeeper.tolerations | indent 8 }} - {{- end }} - {{- if and .Values.affinity.anti_affinity .Values.zookeeper.custom_affinity}} - affinity: -{{ toYaml .Values.zookeeper.custom_affinity | indent 8 }} - {{ else }} - affinity: - {{- if and .Values.affinity.anti_affinity .Values.zookeeper.affinity.anti_affinity}} - podAntiAffinity: - {{ .Values.zookeeper.affinity.type }}: - {{ if eq .Values.zookeeper.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}} - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.zookeeper.component }} - topologyKey: "kubernetes.io/hostname" - {{ else }} - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - "{{ template "pulsar.name" . }}" - - key: "release" - operator: In - values: - - {{ .Release.Name }} - - key: "component" - operator: In - values: - - {{ .Values.zookeeper.component }} - topologyKey: "kubernetes.io/hostname" - {{ end }} - {{- end }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.zookeeper.gracePeriod }} - initContainers: - {{- if .Values.zookeeper.customTools.restore.enable }} - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.customTools.restore.component }}" - image: "{{ .Values.zookeeper.customTools.restore.repository }}:{{ .Values.zookeeper.customTools.restore.tag }}" - imagePullPolicy: {{ .Values.zookeeper.customTools.restore.pullPolicy }} - command: ["sh", "-c"] - args: - - > - cat conf/pulsar-metadata-tool/pulsar-metadata-tool.properties; - bin/pulsar-metadata-tool restore {{ .Values.zookeeper.customTools.restore.restorePoint }}; - env: - {{- if .Values.zookeeper.customTools.restore.secrets.use }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .Values.zookeeper.customTools.restore.secrets.aws.secretName }} - key: AWS_ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.zookeeper.customTools.restore.secrets.aws.secretName }} - key: AWS_SECRET_ACCESS_KEY - {{- end }} - - name: METADATA_TOOL_CONF - value: "/pulsar-metadata-tool/conf/pulsar-metadata-tool/pulsar-metadata-tool.properties" - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}" - volumeMounts: - {{- include "pulsar.zookeeper.data.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.log.volumeMounts" . | nindent 8 }} - - name: restore-config - mountPath: /pulsar-metadata-tool/conf/pulsar-metadata-tool - {{- end }} -{{- with .Values.common.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} -{{- with .Values.zookeeper.extraInitContainers }} -{{ toYaml . | indent 6 }} -{{- end }} - containers: - - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - image: "{{ .Values.images.zookeeper.repository }}:{{ .Values.images.zookeeper.tag }}" - imagePullPolicy: {{ .Values.images.zookeeper.pullPolicy }} - {{- if .Values.zookeeper.resources }} - resources: -{{ toYaml .Values.zookeeper.resources | indent 10 }} - {{- end }} - command: ["sh", "-c"] - args: - - > - bin/apply-config-from-env.py conf/zookeeper.conf; - {{- include "pulsar.zookeeper.tls.settings" . | nindent 10 }} - {{- range $server := .Values.zookeeper.reconfig.zkServers }} - echo "{{ $server }}" >> conf/zookeeper.conf; - {{- end }} - bin/gen-zk-conf.sh conf/zookeeper.conf {{ .Values.zookeeper.initialMyId }} {{ .Values.zookeeper.peerType }}; - cat conf/zookeeper.conf; - bin/pulsar zookeeper; - ports: - - name: metrics - containerPort: {{ .Values.zookeeper.ports.metrics }} - - name: client - containerPort: {{ .Values.zookeeper.ports.client }} - - name: follower - containerPort: {{ .Values.zookeeper.ports.follower }} - - name: leader-election - containerPort: {{ .Values.zookeeper.ports.leaderElection }} - {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - - name: client-tls - containerPort: {{ .Values.zookeeper.ports.clientTls }} - {{- end }} - env: - - name: ZOOKEEPER_SERVERS - value: - {{- $global := . }} - {{ range $i, $e := until (.Values.zookeeper.replicaCount | int) }}{{ if ne $i 0 }},{{ end }}{{ template "pulsar.fullname" $global }}-{{ $global.Values.zookeeper.component }}-{{ printf "%d" $i }}{{ end }} - {{- if .Values.components.backup }} - - name: OBSERVER_SERVER - value: - {{- end }} - envFrom: - - configMapRef: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" - {{- if .Values.zookeeper.probe.readiness.enabled }} - readinessProbe: - exec: - command: - - bin/pulsar-zookeeper-ruok.sh - initialDelaySeconds: {{ .Values.zookeeper.probe.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.zookeeper.probe.readiness.periodSeconds }} - failureThreshold: {{ .Values.zookeeper.probe.readiness.failureThreshold }} - timeoutSeconds: {{ .Values.zookeeper.probe.readiness.timeoutSeconds }} - {{- end }} - {{- if .Values.zookeeper.probe.liveness.enabled }} - livenessProbe: - exec: - command: - - bin/pulsar-zookeeper-ruok.sh - initialDelaySeconds: {{ .Values.zookeeper.probe.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.zookeeper.probe.liveness.periodSeconds }} - failureThreshold: {{ .Values.zookeeper.probe.liveness.failureThreshold }} - timeoutSeconds: {{ .Values.zookeeper.probe.liveness.timeoutSeconds }} - {{- end }} - {{- if .Values.zookeeper.probe.startup.enabled }} - startupProbe: - exec: - command: - - bin/pulsar-zookeeper-ruok.sh - initialDelaySeconds: {{ .Values.zookeeper.probe.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.zookeeper.probe.startup.periodSeconds }} - failureThreshold: {{ .Values.zookeeper.probe.startup.failureThreshold }} - timeoutSeconds: {{ .Values.zookeeper.probe.startup.timeoutSeconds }} - {{- end }} - volumeMounts: - {{- include "pulsar.zookeeper.data.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.certs.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.log.volumeMounts" . | nindent 8 }} - {{- include "pulsar.zookeeper.genzkconf.volumeMounts" . | nindent 8 }} - volumes: - {{- include "pulsar.zookeeper.data.volumes" . | nindent 6 }} - {{- include "pulsar.zookeeper.certs.volumes" . | nindent 6 }} - {{- include "pulsar.zookeeper.log.volumes" . | nindent 6 }} - {{- include "pulsar.zookeeper.genzkconf.volumes" . | nindent 6 }} - {{- if .Values.zookeeper.customTools.restore.enable }} - - name: restore-config - configMap: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.customTools.restore.component }}" - {{- end }} - volumeClaimTemplates: - {{- include "pulsar.zookeeper.data.volumeClaimTemplates" . | nindent 2 }} -{{- end }} diff --git a/charts/pulsar/templates/zookeeper/zookeeper-storageclass.yaml b/charts/pulsar/templates/zookeeper/zookeeper-storageclass.yaml deleted file mode 100644 index 8b5358fe3..000000000 --- a/charts/pulsar/templates/zookeeper/zookeeper-storageclass.yaml +++ /dev/null @@ -1,107 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# deploy zookeeper only when `components.zookeeper` is true -{{- if .Values.components.zookeeper }} -{{- if and .Values.volumes.persistence .Values.zookeeper.volumes.persistence }} - -# define the storage class for data directory -{{- if and (not (and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage)) .Values.zookeeper.volumes.data.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -provisioner: {{ .Values.zookeeper.volumes.data.storageClass.provisioner }} -{{- if .Values.zookeeper.volumes.data.storageClass.volumeBindingMode }} -volumeBindingMode: {{ .Values.zookeeper.volumes.data.storageClass.volumeBindingMode }} -{{- end }} -{{- if .Values.zookeeper.volumes.data.storageClass.reclaimPolicy }} -reclaimPolicy: {{ .Values.zookeeper.volumes.data.storageClass.reclaimPolicy }} -{{- end }} -{{- if .Values.zookeeper.volumes.data.storageClass.allowVolumeExpansion }} -allowVolumeExpansion: {{ .Values.zookeeper.volumes.data.storageClass.allowVolumeExpansion }} -{{- end }} -{{- if .Values.zookeeper.volumes.data.storageClass.mountOptions }} -mountOptions: -{{- with .Values.zookeeper.volumes.data.storageClass.mountOptions }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -{{- if .Values.zookeeper.volumes.data.storageClass.allowedTopologies }} -allowedTopologies: -{{- with .Values.zookeeper.volumes.data.storageClass.allowedTopologies }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -parameters: - type: {{ .Values.zookeeper.volumes.data.storageClass.type }} - fsType: {{ .Values.zookeeper.volumes.data.storageClass.fsType }} -{{- with .Values.zookeeper.volumes.data.storageClass.extraParameters }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} ---- - -# define the storage class for dataLog directory -{{- if and (not (and .Values.volumes.local_storage .Values.zookeeper.volumes.dataLog.local_storage)) .Values.zookeeper.volumes.dataLog.storageClass }} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.dataLog.name }}" - namespace: {{ template "pulsar.namespace" . }} - labels: - {{- include "pulsar.standardLabels" . | nindent 4 }} - component: {{ .Values.zookeeper.component }} -provisioner: {{ .Values.zookeeper.volumes.dataLog.storageClass.provisioner }} -{{- if .Values.zookeeper.volumes.dataLog.storageClass.volumeBindingMode }} -volumeBindingMode: {{ .Values.zookeeper.volumes.dataLog.storageClass.volumeBindingMode }} -{{- end }} -{{- if .Values.zookeeper.volumes.dataLog.storageClass.reclaimPolicy }} -reclaimPolicy: {{ .Values.zookeeper.volumes.dataLog.storageClass.reclaimPolicy }} -{{- end }} -{{- if .Values.zookeeper.volumes.dataLog.storageClass.allowVolumeExpansion }} -allowVolumeExpansion: {{ .Values.zookeeper.volumes.dataLog.storageClass.allowVolumeExpansion }} -{{- end }} -{{- if .Values.zookeeper.volumes.dataLog.storageClass.mountOptions }} -mountOptions: -{{- with .Values.zookeeper.volumes.dataLog.storageClass.mountOptions }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -{{- if .Values.zookeeper.volumes.dataLog.storageClass.allowedTopologies }} -allowedTopologies: -{{- with .Values.zookeeper.volumes.dataLog.storageClass.allowedTopologies }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} -parameters: - type: {{ .Values.zookeeper.volumes.dataLog.storageClass.type }} - fsType: {{ .Values.zookeeper.volumes.dataLog.storageClass.fsType }} -{{- with .Values.zookeeper.volumes.dataLog.storageClass.extraParameters }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} ---- - -{{- end }} -{{- end }} diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml deleted file mode 100644 index 2c6317b07..000000000 --- a/charts/pulsar/values.yaml +++ /dev/null @@ -1,2035 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# Flag to control whether to run initialize job -initialize: true - -### -### K8S Settings -### - -## Namespace to deploy pulsar -# NOTE: Make the default namespace as empty. So it will fallback to use the namespace used for installing the helm -# chart. Helm does not position it self as a namespace manager, as namespaces in kubernetes are considered as -# a higher control structure that is not part of the application. -namespace: "" -namespaceCreate: false - -### -### Global Settings -### - -## Pulsar Metadata Prefix -## -## By default, pulsar stores all the metadata at root path. -## You can configure to have a prefix (e.g. "/my-pulsar-cluster"). -## If you do so, all the pulsar and bookkeeper metadata will -## be stored under the provided path -metadataPrefix: "" - -## Persistence -## -## If persistence is enabled, components that have state will -## be deployed with PersistentVolumeClaims, otherwise, for test -## purposes, they will be deployed with emptyDir -## -## This is a global setting that is applied to all components. -## If you need to disable persistence for a component, -## you can set the `volume.persistence` setting to `false` for -## that component. -volumes: - persistence: true - # configure the components to use local persistent volume - # the local provisioner should be installed prior to enable local persistent volume - local_storage: false - -## AntiAffinity -## -## Flag to enable and disable `AntiAffinity` for all components. -## This is a global setting that is applied to all components. -## If you need to disable AntiAffinity for a component, you can set -## the `affinity.anti_affinity` settings to `false` for that component. -affinity: - anti_affinity: true - -## Deployment type -## -## Control what configurations of Apache Pulsar to deploy for a specified environment type -deployment: - # This option will configure specific resources/object for a deployment on openshift - openshift: false - -## Components -## -## Control what components of Apache Pulsar to deploy for the cluster -components: - # zookeeper - zookeeper: true - # bookkeeper - bookkeeper: true - # bookkeeper - autorecovery - autorecovery: true - # broker - broker: true - # functions - functions: true - # proxy - proxy: true - # toolset - toolset: true - # pulsar manager - pulsar_manager: true - # pulsar sql - sql_worker: true - # kop - kop: false - # mop - mop: false - # pulsar detector - pulsar_detector: false - # superset - superset: false - -## Monitoring Components -## -## Control what components of the monitoring stack to deploy for the cluster -monitoring: - # monitoring - prometheus - prometheus: true - # monitoring - grafana - grafana: true - # monitoring - node_exporter - node_exporter: true - # alerting - alert-manager - alert_manager: true - # monitoring - loki - loki: true - # monitoring - datadog - datadog: false - -## Images -## -## Control what images to use for each component -images: - zookeeper: - repository: streamnative/pulsar-all - tag: 2.10.3.6 - pullPolicy: IfNotPresent - bookie: - repository: streamnative/pulsar-all - tag: 2.10.3.6 - pullPolicy: IfNotPresent - presto: - repository: streamnative/pulsar-all - tag: 2.10.3.6 - pullPolicy: IfNotPresent - # NOTE: allow overriding the presto worker image - # presto_worker: - # repository: streamnative/pulsar-all - # tag: 2.10.3.6 - # pullPolicy: IfNotPresent - autorecovery: - repository: streamnative/pulsar-all - tag: 2.10.3.6 - pullPolicy: IfNotPresent - broker: - repository: streamnative/sn-pulsar - tag: 2.10.3.6 - pullPolicy: IfNotPresent - proxy: - repository: streamnative/sn-pulsar - tag: 2.10.3.6 - pullPolicy: IfNotPresent - pulsar_detector: - repository: streamnative/sn-platform - tag: 2.10.3.6 - pullPolicy: IfNotPresent - functions: - repository: streamnative/sn-pulsar - tag: 2.10.3.6 - pullPolicy: IfNotPresent - function_worker: - repository: streamnative/sn-pulsar - tag: 2.10.3.6 - pullPolicy: IfNotPresent - function_runner_java: - repository: streamnative/pulsar-functions-java-runner - tag: 2.10.3.6 - pullPolicy: IfNotPresent - function_runner_go: - repository: streamnative/pulsar-functions-go-runner - tag: 2.10.3.6 - pullPolicy: IfNotPresent - function_runner_python: - repository: streamnative/pulsar-functions-python-runner - tag: 2.10.3.6 - pullPolicy: IfNotPresent - # NOTE: allow overriding the toolset image - # toolset: - # repository: streamnative/pulsar-all - # tag: 2.10.3.6 - # pullPolicy: IfNotPresent - prometheus: - repository: prom/prometheus - tag: v2.17.2 - pullPolicy: IfNotPresent - alert_manager: - repository: prom/alertmanager - tag: v0.20.0 - pullPolicy: IfNotPresent - grafana: - repository: streamnative/apache-pulsar-grafana-dashboard-k8s - tag: 0.0.17 - pullPolicy: IfNotPresent - pulsar_manager: - repository: streamnative/pulsar-manager - tag: 0.3.0 - pullPolicy: IfNotPresent - hasCommand: false - node_exporter: - repository: prom/node-exporter - tag: v0.16.0 - pullPolicy: "IfNotPresent" - nginx_ingress_controller: - repository: registry.k8s.io/ingress-nginx/controller - tag: v1.1.1 - pullPolicy: "IfNotPresent" - -## TLS -## templates/tls-certs.yaml -## -## The chart is using cert-manager for provisioning TLS certs for -## brokers and proxies. -tls: - enabled: false - # common settings for generating certs - common: - # 90d - duration: 2160h - # 15d - renewBefore: 360h - organization: - - pulsar - keySize: 4096 - keyAlgorithm: RSA - keyEncoding: PKCS8 - caSecretName: - # settings for generating certs for proxy - proxy: - enabled: false - cert_name: tls-proxy - certSecretName: - untrustedCa: true - # settings for generating certs for proxy - pulsar_detector: - enabled: false - cert_name: tls-pulsar-detector - # settings for generating certs for broker - broker: - enabled: false - cert_name: tls-broker - certSecretName: - brokerClient: - enabled: false - functions: - enabled: false - cert_name: tls-function - certSecretName: - # settings for generating certs for kop - kop: - enabled: false - jks: - password: "[pulsar tls jks store password]" - cert_name: tls-kop - # settings for generating certs for bookies - bookie: - enabled: false - cert_name: tls-bookie - certSecretName: - # settings for generating certs for zookeeper - zookeeper: - enabled: false - cert_name: tls-zookeeper - certSecretName: - # settings for generating certs for recovery - autorecovery: - cert_name: tls-recovery - certSecretName: - # settings for generating certs for toolset - toolset: - cert_name: tls-toolset - certSecretName: - pulsar_manager: - enabled: false - cert_name: tls-pulsar-manager - certSecretName: - presto: - enabled: false - cert_name: tls-presto - certSecretName: - -# Enable or disable broker authentication and authorization. -auth: - authentication: - enabled: false - provider: "jwt" - jwt: - # Enable JWT authentication - # If the token is generated by a secret key, set the usingSecretKey as true. - # If the token is generated by a private key, set the usingSecretKey as false. - usingSecretKey: false - authorization: - enabled: false - superUsers: - # broker to broker communication - broker: "broker-admin" - # proxy to broker communication - proxy: "proxy-admin" - # websocket proxy to broker communication - websocket: "ws-admin" - # pulsar-admin client to broker/proxy communication - client: "admin" - # pulsar-manager to broker/proxy communication - pulsar_manager: "pulsar-manager-admin" - # Enable vault based authentication - vault: - enabled: false -###################################################################### -# External dependencies -###################################################################### - -## cert-manager -## templates/tls-cert-issuer.yaml -## -## Cert manager is used for automatically provisioning TLS certificates -## for components within a Pulsar cluster -certs: - internal_issuer: - enabled: false - component: internal-cert-issuer - type: selfsigning - public_issuer: - enabled: false - component: public-cert-issuer - type: acme - issuers: - selfsigning: - acme: - # You must replace this email address with your own. - # Let's Encrypt will use this to contact you about expiring - # certificates, and issues related to your account. - email: contact@example.local - # change this to production endpoint once you successfully test it - # server: https://acme-v02.api.letsencrypt.org/directory - server: https://acme-staging-v02.api.letsencrypt.org/directory - solver: clouddns - solvers: - clouddns: - # TODO: add a link about how to configure this section - project: "[YOUR GCP PROJECT ID]" - serviceAccountSecretRef: - name: "[NAME OF SECRET]" - key: "[KEY OF SECRET]" - # route53: - # region: "[ROUTE53 REGION]" - # secretAccessKeySecretRef: - # name: "[NAME OF SECRET]" - # key: "[KEY OF SECRET]" - # role: "[ASSUME A ROLE]" - # cloudflare: - # email: "[YOUR ACCOUNT EMAIL]" - # apiTokenSecretRef: - # name: "[NAME OF SECRET]" - # key: "[KEY OF SECRET]" - lets_encrypt: - ca_ref: - secretName: "[SECRET STORES lets encrypt CA]" - keyName: "[KEY IN THE SECRET STORES let encrypt CA]" - ca: - annotations: {} -## External DNS -## templates/external-dns.yaml -## templates/external-dns-rbac.yaml -## -## External DNS is used for synchronizing exposed Ingresses with DNS providers -external_dns: - enabled: false - use_existing: false - component: external-dns - policy: upsert-only - registry: txt - owner_id: pulsar - domain_filter: pulsar.example.local - provider: google - providers: - google: - # project: external-dns-test - project: "[GOOGLE PROJECT ID]" - aws: - zoneType: public - serviceAcct: - annotations: {} - securityContext: {} - extraMounts: [] - extraEnv: [] - - -## Domain requested from External DNS -domain: - enabled: false - suffix: test.pulsar.example.local - -## Ingresses for exposing Pulsar services -ingress: - ## templates/proxy-service-ingress.yaml - ## - ## Ingresses for exposing pulsar service publicly - proxy: - enabled: false - tls: - enabled: true - plaintext: - enabled: false - # `tls.enabled` will turn on all the TLS ports - # `plaintext.enabled` will control whether to turn on all the plaintext ports - # this section is used to control individal ports - ports: - http: true - https: true - pulsar: true - pulsarssl: true - websocket: true - websockettls: true - portNumbers: - https: 443 - type: LoadBalancer - annotations: {} - extraSpec: {} - ## templates/broker-service-ingress.yaml - ## - ## Ingresses for exposing pulsar service publicly - broker: - enabled: false - type: LoadBalancer - annotations: {} - extraSpec: {} - kop: - enabled: false - # NOTE: replace this with the actual domain when enabling ingress for KOP - external_domain: "" - ## templates/presto-service-ingress.yaml - ## - ## Ingresses for exposing presto service publicly - presto: - enabled: false - tls: - enabled: true - type: LoadBalancer - annotations: {} - extraSpec: {} - ports: - http: 80 - https: 443 - ## templates/control-center-ingress.yaml - ## - ## Ingresses for exposing monitoring/management services publicly - controller: - enabled: false - rbac: true - component: nginx-ingress-controller - replicaCount: 1 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - tolerations: [] - gracePeriod: 300 - annotations: {} - ports: - http: 80 - https: 443 - # flag whether to terminate the tls at the loadbalancer level - tls: - termination: false - control_center: - enabled: true - component: control-center - endpoints: - grafana: true - prometheus: false - alertmanager: false - # Set external domain of the load balancer of ingress controller - # external_domain: your.external.control.center.domain - # external_domain_scheme: https:// - tls: - enabled: false - annotations: {} - -imagePuller: - component: image-puller - pullSecret: - enabled: false - hook: - enabled: false - image: - name: streamnative/k8s-image-awaiter - tag: '0.1.0' - rbac: - enabled: true - continuous: - enabled: false - pause: - image: - name: gcr.io/google_containers/pause - tag: '3.1' - - -###################################################################### -# Below are settings for each component -###################################################################### - -## Common properties applied to pulsar components -common: - extraInitContainers: [] - -## Pulsar: Zookeeper cluster -## templates/zookeeper-statefulset.yaml -## -zookeeper: - # use a component name that matches your grafana configuration - # so the metrics are correctly rendered in grafana dashboard - component: zookeeper - # the number of zookeeper servers to run. it should be an odd number larger than or equal to 3. - replicaCount: 3 - updateStrategy: RollingUpdate - ports: - metrics: 8000 - client: 2181 - clientTls: 2281 - follower: 2888 - leaderElection: 3888 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 10 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 10 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 10 - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8000" - labels: {} - securityContext: - fsGroup: 0 - fsGroupChangePolicy: "OnRootMismatch" - tolerations: [] - gracePeriod: 30 - resources: - requests: - memory: 256Mi - cpu: 0.1 - volumes: - # use a persistent volume or emptyDir - persistence: true - # Add a flag here for backward compatibility. Ideally we should - # use two disks for production workloads. This flag might be - # removed in the future releases to stick to two-disks mode. - useSeparateDiskForTxlog: false - data: - name: data - size: 50Gi - local_storage: true - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-ssd - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - # allowVolumeExpansion: false - # volumeBindingMode: Immediate - # reclaimPolicy: Retain - # allowedTopologies: - # mountOptions: - # extraParameters: - # iopsPerGB: "50" - dataLog: - name: datalog - size: 10Gi - local_storage: true - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-ssd - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - # allowVolumeExpansion: false - # volumeBindingMode: Immediate - # reclaimPolicy: Retain - # allowedTopologies: - # mountOptions: - # extraParameters: - # iopsPerGB: "50" - extraInitContainers: [] - ## Zookeeper configmap - ## templates/zookeeper-configmap.yaml - ## - # The initial myid used for generating myid for each zookeeper pod. - initialMyId: 0 - peerType: "participant" - # reconfig settings - reconfig: - enabled: false - # The zookeeper servers to observe/join - zkServers: [] - # Automtically Roll Deployments when configmap is changed - autoRollDeployment: true - useNettyIO: true - configData: - PULSAR_MEM: > - -Xms64m -Xmx128m - PULSAR_GC: > - -XX:+UseG1GC - -XX:MaxGCPauseMillis=10 - -Dcom.sun.management.jmxremote - -Djute.maxbuffer=10485760 - -XX:+ParallelRefProcEnabled - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:+DisableExplicitGC - -XX:+PerfDisableSharedMem - statefulset: - annotations: {} - labels: {} - ## Zookeeper service - ## templates/zookeeper-service.yaml - ## - service: - annotations: {} - ## Zookeeper PodDisruptionBudget - ## templates/zookeeper-pdb.yaml - ## - pdb: - usePolicy: true - maxUnavailable: 1 - customTools: - serviceAccount: - use: true - create: true - name: "" - annotations: {} - clusterRole: true - backup: - component: "backup" - enable: false - repository: "streamnative/pulsar-metadata-tool" - tag: "2.10.3.6" - pullPolicy: IfNotPresent - webServerPort: "8088" - backupInterval: "600" - bucket: "s3a://bucket" - backupPrefix: "pulsar-backup" - managedLedgerPath: "/managed-ledgers" - configData: - # extra opts for the java command - OPTS: "" - secrets: - use: false - # aws: - # secretName: "backup-aws-secret" - ## secret that stores AWS credentials. The secret should be created in the following - ## format. - ## ``` - ## kubectl -n pulsar create secret generic \ - ## --from-literal=AWS_ACCESS_KEY_ID=[AWS ACCESS KEY] \ - ## --from-literal=AWS_SECRET_ACCESS_KEY=[AWS SECRET KEY] \ - ## [secret name] - ## ``` - restore: - component: "restore" - enable: false - repository: "streamnative/pulsar-metadata-tool" - tag: "2.10.3.6" - pullPolicy: IfNotPresent - restorePoint: "" - restoreVersion: "1" - managedLedgerPath: "/managed-ledgers" - bucket: "s3a://bucket" - cleanupBookieMeta: false - cleanupClusterMeta: false - configData: - OPTS: "" - secrets: - use: false -# aws: -# secretName: "restore-aws-secret" - -## Pulsar: Bookkeeper cluster -## templates/bookkeeper-statefulset.yaml -## -bookkeeper: - # use a component name that matches your grafana configuration - # so the metrics are correctly rendered in grafana dashboard - component: bookie - ## BookKeeper Cluster Initialize - ## templates/bookkeeper-cluster-initialize.yaml - metadata: - ## Set the resources used for running `bin/bookkeeper shell initnewcluster` - ## - resources: - # requests: - # memory: 4Gi - # cpu: 2 - replicaCount: 4 - ports: - http: 8000 - bookie: 3181 - streamStorage: 4181 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - probe: - liveness: - enabled: true - failureThreshold: 60 - initialDelaySeconds: 10 - periodSeconds: 30 - readiness: - enabled: true - failureThreshold: 60 - initialDelaySeconds: 10 - periodSeconds: 30 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 60 - periodSeconds: 30 - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: {} - labels: {} - securityContext: - fsGroup: 0 - fsGroupChangePolicy: "OnRootMismatch" - tolerations: [] - gracePeriod: 30 - resources: - requests: - memory: 512Mi - cpu: 0.2 - # Definition of the serviceAccount used to run bookies. - serviceAccount: - # Specifies whether to use a service account to run this component - use: true - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # whether to create a cluster role - clusterRole: true - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - volumes: - # use a persistent volume or emptyDir - persistence: true - journal: - name: journal - size: 10Gi - local_storage: true - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-ssd - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - # allowVolumeExpansion: false - # volumeBindingMode: Immediate - # reclaimPolicy: Retain - # allowedTopologies: - # mountOptions: - # extraParameters: - # iopsPerGB: "50" - ledgers: - name: ledgers - size: 50Gi - local_storage: true - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-ssd - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - # allowVolumeExpansion: false - # volumeBindingMode: Immediate - # reclaimPolicy: Retain - # allowedTopologies: - # mountOptions: - # extraParameters: - # iopsPerGB: "50" - extraInitContainers: [] - ## Bookkeeper configmap - ## templates/bookkeeper-configmap.yaml - ## - # Automtically Roll Deployments when configmap is changed - autoRollDeployment: true - placementPolicy: - rackAware: true - configData: - # `BOOKIE_MEM` is used for `bookie shell` - BOOKIE_MEM: > - -Xms128m - -Xmx256m - -XX:MaxDirectMemorySize=256m - # we use `bin/pulsar` for starting bookie daemons - PULSAR_MEM: > - -Xms128m - -Xmx256m - -XX:MaxDirectMemorySize=256m - PULSAR_GC: > - -XX:+UseG1GC - -XX:MaxGCPauseMillis=10 - -XX:+ParallelRefProcEnabled - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:ParallelGCThreads=4 - -XX:ConcGCThreads=4 - -XX:G1NewSizePercent=50 - -XX:+DisableExplicitGC - -XX:-ResizePLAB - -XX:+ExitOnOutOfMemoryError - -XX:+PerfDisableSharedMem - -verbosegc - statefulset: - annotations: {} - labels: {} - ## Bookkeeper Service - ## templates/bookkeeper-service.yaml - ## - service: - annotations: {} - ## Bookkeeper PodDisruptionBudget - ## templates/bookkeeper-pdb.yaml - ## - pdb: - usePolicy: true - maxUnavailable: 1 - -## Pulsar: Bookkeeper AutoRecovery -## templates/autorecovery-statefulset.yaml -## -autorecovery: - # use a component name that matches your grafana configuration - # so the metrics are correctly rendered in grafana dashboard - component: recovery - replicaCount: 1 - ports: - http: 8000 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: {} - labels: {} - securityContext: - fsGroup: 0 - fsGroupChangePolicy: "OnRootMismatch" - # tolerations: [] - gracePeriod: 30 - resources: - requests: - memory: 64Mi - cpu: 0.05 - extraInitContainers: [] - ## Bookkeeper auto-recovery configmap - ## templates/autorecovery-configmap.yaml - ## - # Automtically Roll Deployments when configmap is changed - autoRollDeployment: true - configData: - BOOKIE_MEM: > - -Xms64m -Xmx64m - statefulset: - annotations: {} - labels: {} - -## Pulsar Zookeeper metadata. The metadata will be deployed as -## soon as the last zookeeper node is reachable. The deployment -## of other components that depends on zookeeper, such as the -## bookkeeper nodes, broker nodes, etc will only start to be -## deployed when the zookeeper cluster is ready and with the -## metadata deployed -pulsar_metadata: - component: pulsar-init - image: - # the image used for running `pulsar-cluster-initialize` job - # repository: apachepulsar/pulsar-all - # tag: 2.5.0 - repository: streamnative/pulsar-all - tag: 2.10.3.6 - pullPolicy: IfNotPresent - ## set an existing configuration store - # configurationStore: - configurationStoreMetadataPrefix: "" - - ## optional, you can provide your own zookeeper metadata store for other components - # to use this, you should explicit set components.zookeeper to false - # - # userProvidedZookeepers: "zk01.example.com:2181,zk02.example.com:2181" - - # set the cluster name. if empty or not specified, - # it will use helm release name to generate a cluster name. - clusterName: "" - -## Pulsar: KoP Protocol Handler -kop: - ports: - plaintext: 9092 - ssl: 9093 - auth: - enabled: false - -## Pulsar: MoP Protocol Handler -mop: - ports: - plaintext: 1883 - tls_psk: 5684 - # TLS PSK is introduced since sn-pulsar:2.8.1.1 - tls_psk: - enabled: false - identity: "[ADD IDENTITY]" - identityHint: "[ADD HINT]" - secret: "[ADD SECRET]" - - -# Istio is required for exposing Kafka service -istio: - enable: false - gateway: - selector: - istio: "ingressgateway" - -## Pulsar: Broker cluster -## templates/broker-statefulset.yaml -## -broker: - # use a component name that matches your grafana configuration - # so the metrics are correctly rendered in grafana dashboard - component: broker - replicaCount: 3 - ports: - http: 8080 - https: 8443 - pulsar: 6650 - pulsarssl: 6651 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 60 - periodSeconds: 10 - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: {} - labels: {} - tolerations: [] - securityContext: {} - gracePeriod: 30 - # flag to advertise pod ip address - advertisedPodIP: false - resources: - requests: - memory: 512Mi - cpu: 0.2 - extraInitContainers: [] - extraVolumes: [] - extraVolumeMounts: [] - extraEnv: [] - # Definition of the serviceAccount used to run brokers. - serviceAccount: - # Specifies whether to use a service account to run this component - use: true - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # whether to create a cluster role - clusterRole: true - ## Broker configmap - ## templates/broker-configmap.yaml - ## - # Automtically Roll Deployments when configmap is changed - autoRollDeployment: true - configData: - PULSAR_MEM: > - -Xms128m -Xmx256m -XX:MaxDirectMemorySize=256m - PULSAR_GC: > - -XX:+UseG1GC - -XX:MaxGCPauseMillis=10 - -Dio.netty.leakDetectionLevel=disabled - -Dio.netty.recycler.linkCapacity=1024 - -XX:+ParallelRefProcEnabled - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:ParallelGCThreads=4 - -XX:ConcGCThreads=4 - -XX:G1NewSizePercent=50 - -XX:+DisableExplicitGC - -XX:-ResizePLAB - -XX:+ExitOnOutOfMemoryError - -XX:+PerfDisableSharedMem - # @deprecated: - # 1. You can use a service account to assume an IAM role to access S3 bucket - # 2. You can use a k8s secret to reference AWS credentials. See `offload.s3.secret` - # AWS_ACCESS_KEY_ID: "[YOUR AWS ACCESS KEY ID]" - # AWS_SECRET_ACCESS_KEY: "[YOUR SECRET]" - managedLedgerDefaultEnsembleSize: "3" - managedLedgerDefaultWriteQuorum: "3" - managedLedgerDefaultAckQuorum: "2" - statefulset: - annotations: {} - labels: {} - ## Broker service - ## templates/broker-service.yaml - ## - service: - annotations: {} - ## Broker PodDisruptionBudget - ## templates/broker-pdb.yaml - ## - pdb: - usePolicy: true - maxUnavailable: 1 - ### Broker service account - ## templates/broker-service-account.yaml - # deprecated: use `serviceAccount` section to configure service account. - service_account: - annotations: {} - offload: - enabled: false - managedLedgerOffloadDriver: aws-s3 - gcs: - enabled: false - gcsManagedLedgerOffloadRegion: "[YOUR REGION OF GCS]" - gcsManagedLedgerOffloadBucket: "[YOUR BUCKET OF GCS]" - gcsManagedLedgerOffloadMaxBlockSizeInBytes: "67108864" - gcsManagedLedgerOffloadReadBufferSizeInBytes: "1048576" - s3: - enabled: false - s3ManagedLedgerOffloadRegion: "[YOUR REGION OF S3]" - s3ManagedLedgerOffloadBucket: "[YOUR BUCKET OF S3]" - s3ManagedLedgerOffloadMaxBlockSizeInBytes: "67108864" - s3ManagedLedgerOffloadReadBufferSizeInBytes: "1048576" - s3ManagedLedgerOffloadServiceEndpoint: "http://s3.amazonaws.com" - # secret that stores AWS credentials. The secret should be created in the following - # format. - # ``` - # kubectl -n pulsar create secret generic \ - # --from-literal=AWS_ACCESS_KEY_ID=[AWS ACCESS KEY] \ - # --from-literal=AWS_SECRET_ACCESS_KEY=[AWS SECRET KEY] \ - # [secret name] - # ``` - # secret: [k8s secret that stores AWS credentials] - filesystem: - enabled: false - fileSystemURI: "file:///pulsar/data" - fileSystemProfilePath: "/pulsar/conf/filesystem-config.yaml" - fileDefaultFS: "" - fileTmpDir: "pulsar" - fileBuffersize: "4096" - ioSeqfileCompressBlocksize: "1000000" - ioSeqFileCompressionType: "BLOCK" - ioMapIndexInteval: "128" - packagesManagement: - storageProvider: "org.apache.pulsar.packages.management.storage.bookkeeper.BookKeeperPackagesStorageProvider" - ledgerRootPath: "/ledgers" - -## Pulsar: Functions Worker -## templates/function-worker-configmap.yaml -## -functions: - component: functions-worker - useDedicatedRunner: true - functionMesh: false - functionMeshName: "function-mesh" - functionMeshServiceAccount: "default" - builtinConnectorConfigmap: "" - replicaCount: 1 - functionState: false - enableCustomizerRuntime: false - runtimeCustomizerClassName: "org.apache.pulsar.functions.runtime.kubernetes.BasicKubernetesManifestCustomizer" - pulsarExtraClasspath: "extraLibs" - # Specify the namespace to run pulsar functions - authenticationProviders: [] - authorizationProvider: "org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider" - jobNamespace: "" - # Specify the pulsar root directory - pulsarRootDir: "" - # pulsarAdminUrlOverride: - # pulsarServiceUrlOverride: - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - securityContext: - fsGroup: 0 - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - tolerations: [] - extraVolumes: [] - extraVolumeMounts: [] - extraEnvs: [] - gracePeriod: 30 - # Definition of the serviceAccount used to run function worker. - serviceAccount: - # Specifies whether to use a service account to run this component - use: true - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # whether to create a cluster role - clusterRole: true - autoRollDeployment: true - annotations: {} - labels: {} - ports: - http: 8080 - https: 8443 - resources: - requests: - memory: 512Mi - cpu: 0.2 - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 60 - periodSeconds: 10 - statefulset: - annotations: {} - labels: {} - service: - annotations: {} - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - configData: - downloadDirectory: download/pulsar_functions - pulsarFunctionsNamespace: public/functions - functionMetadataTopicName: metadata - clusterCoordinationTopicName: coordinate - numHttpServerThreads: 8 - schedulerClassName: "org.apache.pulsar.functions.worker.scheduler.RoundRobinScheduler" - functionAssignmentTopicName: "assignments" - failureCheckFreqMs: 30000 - rescheduleTimeoutMs: 60000 - initialBrokerReconnectMaxRetries: 60 - assignmentWriteMaxRetries: 60 - instanceLivenessCheckFreqMs: 30000 - # Frequency how often worker performs compaction on function-topics - topicCompactionFrequencySec: 1800 - # kubernetes runtime - functionRuntimeFactoryClassName: org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory - # Connectors - connectorsDirectory: ./connectors - functionsDirectory: ./functions - narExtractionDirectory: "" - functionRuntimeFactoryConfigs: - -## Pulsar: pulsar detector -## templates/pulsar-detector-statefulset.yaml -## -pulsar_detector: - component: pulsar-detector - replicaCount: 1 - - gracePeriod: 30 - port: 9000 - waitZkReady: true - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - # tolerations: [] - # Definition of the serviceAccount used to run brokers. - serviceAccount: - # Specifies whether to use a service account to run this component - use: true - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - - statefulset: - annotations: {} - ## Proxy service - ## templates/pulsar-detector-service.yaml - ## - service: - # spec: - # clusterIP: None - annotations: {} - - ## Pulsar detector PodDisruptionBudget - ## templates/pulsar-detector-pdb.yaml - ## - pdb: - usePolicy: true - maxUnavailable: 1 -## Pulsar: Proxy Cluster -## templates/proxy-statefulset.yaml -## -proxy: - # use a component name that matches your grafana configuration - # so the metrics are correctly rendered in grafana dashboard - component: proxy - replicaCount: 3 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 60 - periodSeconds: 10 - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: {} - labels: {} - securityContext: {} - tolerations: [] - gracePeriod: 30 - resources: - requests: - memory: 128Mi - cpu: 0.2 - extraInitContainers: [] - extraVolumes: [] - extraVolumeMounts: [] - extraEnv: [] - # Definition of the serviceAccount used to run proxies. - serviceAccount: - # Specifies whether to use a service account to run this component - use: true - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - websocket: - component: websocket - enabled: false - configData: - PULSAR_MEM: > - -Xms64m -Xmx64m -XX:MaxDirectMemorySize=64m - PULSAR_GC: > - -XX:+UseG1GC - -XX:MaxGCPauseMillis=10 - -Dio.netty.leakDetectionLevel=disabled - -Dio.netty.recycler.linkCapacity=1024 - -XX:+ParallelRefProcEnabled - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:ParallelGCThreads=4 - -XX:ConcGCThreads=4 - -XX:G1NewSizePercent=50 - -XX:+DisableExplicitGC - -XX:-ResizePLAB - -XX:+ExitOnOutOfMemoryError - -XX:+PerfDisableSharedMem - ## Proxy configmap - ## templates/proxy-configmap.yaml - ## - # Automtically Roll Deployments when configmap is changed - autoRollDeployment: true - # Config proxy to point to an existing broker clusters - brokerServiceURL: "" - brokerWebServiceURL: "" - brokerServiceURLTLS: "" - brokerWebServiceURLTLS: "" - configData: - PULSAR_MEM: > - -Xms64m -Xmx64m -XX:MaxDirectMemorySize=64m - PULSAR_GC: > - -XX:+UseG1GC - -XX:MaxGCPauseMillis=10 - -Dio.netty.leakDetectionLevel=disabled - -Dio.netty.recycler.linkCapacity=1024 - -XX:+ParallelRefProcEnabled - -XX:+UnlockExperimentalVMOptions - -XX:+AggressiveOpts - -XX:+DoEscapeAnalysis - -XX:ParallelGCThreads=4 - -XX:ConcGCThreads=4 - -XX:G1NewSizePercent=50 - -XX:+DisableExplicitGC - -XX:-ResizePLAB - -XX:+ExitOnOutOfMemoryError - -XX:+PerfDisableSharedMem - ## Proxy service - ## templates/proxy-service.yaml - ## - ports: - http: 8080 - https: 443 - # httpsServicePort: - pulsar: 6650 - pulsarssl: 6651 - websocket: 9090 - websockettls: 9443 - statefulset: - annotations: {} - labels: {} - service: - annotations: {} - type: ClusterIP - extraSpec: {} - ## Proxy PodDisruptionBudget - ## templates/proxy-pdb.yaml - ## - pdb: - usePolicy: true - maxUnavailable: 1 - -## Pulsar ToolSet -## templates/toolset-deployment.yaml -## -toolset: - component: toolset - useProxy: true - replicaCount: 1 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - annotations: {} - tolerations: [] - gracePeriod: 0 - resources: - requests: - memory: 256Mi - cpu: 0.1 - ## Bastion configmap - ## templates/bastion-configmap.yaml - ## - # Automtically Roll Deployments when configmap is changed - autoRollDeployment: true - # pulsarAdminUrlOverride: - # pulsarServiceUrlOverride: - extraEnv: [] - configData: - PULSAR_MEM: > - -Xms64M - -Xmx128M - -XX:MaxDirectMemorySize=128M - statefulset: - annotations: {} - -############################################################# -### Monitoring Stack : Prometheus / Grafana -############################################################# - -configmapReload: - prometheus: - ## If false, the configmap-reload container will not be deployed - ## - enabled: true - ## configmap-reload container name - ## - name: configmap-reload - ## configmap-reload container image - ## - image: - repository: jimmidyson/configmap-reload - tag: v0.3.0 - pullPolicy: IfNotPresent - - ## Additional configmap-reload container arguments - ## - extraArgs: {} - ## Additional configmap-reload volume directories - ## - extraVolumeDirs: [] - - ## Additional configmap-reload mounts - ## - extraConfigmapMounts: [] - # - name: prometheus-alerts - # mountPath: /etc/alerts.d - # subPath: "" - # configMap: prometheus-alerts - # readOnly: true - - ## configmap-reload resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - alertmanager: - ## If false, the configmap-reload container will not be deployed - ## - enabled: true - - ## configmap-reload container name - ## - name: configmap-reload - - ## configmap-reload container image - ## - image: - repository: jimmidyson/configmap-reload - tag: v0.3.0 - pullPolicy: IfNotPresent - - ## Additional configmap-reload container arguments - ## - extraArgs: {} - ## Additional configmap-reload volume directories - ## - extraVolumeDirs: [] - - ## Additional configmap-reload mounts - ## - extraConfigmapMounts: [] - # - name: prometheus-alerts - # mountPath: /etc/alerts.d - # subPath: "" - # configMap: prometheus-alerts - # readOnly: true - - ## configmap-reload resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - -## Monitoring Stack: Prometheus -## templates/prometheus-deployment.yaml -## -prometheus: - component: prometheus - replicaCount: 1 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - annotations: {} - tolerations: [] - gracePeriod: 0 - port: 9090 - resources: - requests: - memory: 256Mi - cpu: 0.1 - # Definition of the serviceAccount used to run brokers. - serviceAccount: - # Specifies whether to use a service account to run this component - use: true - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # Extra annotations for the serviceAccount definition. This can either be - # YAML or a YAML-formatted multi-line templated string map of the - # annotations to apply to the serviceAccount. - annotations: {} - # specify to use a clusterRole, set to false to only allow in a single namespace - clusterRole: true - volumes: - # use a persistent volume or emptyDir - persistence: true - data: - name: data - size: 10Gi - local_storage: true - useVolumeClaimTemplates: false - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-standard - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - args: - ## Prometheus data retention period (default if not specified is 15 days) - ## - retention: "15d" - scrapeInterval: 15s - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - fsGroup: 65534 - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - customRelabelConfigs: [] - extraScrapeConfigs: [] - - ## Prometheus service - ## templates/prometheus-service.yaml - ## - service: - # expose the load balancer - # type: LoadBalancer - annotations: {} - -datadog: - component: datadog - namespace: pulsar - components: - zookeeper: - enabled: false - metrics: [ - "\"_*\"" - ] - bookkeeper: - enabled: false - metrics: [ - "\"_*\"" - ] - broker: - enabled: false - metrics: [ - "\"_*\"" - ] - proxy: - enabled: false - metrics: [ - "\"_*\"" - ] - -## Monitoring Stack: Grafana -## templates/grafana-statefulset.yaml -## -grafana: - component: grafana - grafana.ini: - paths: - data: /var/lib/grafana/pulsar/data - plugins: /var/lib/grafana/pulsar/plugins - provisioning: /var/lib/grafana/pulsar_provisioning - server: - domain: "{{ GRAFANA_DOMAIN }}" - serve_from_sub_path: "{{ GRAFANA_SERVE_FROM_SUB_PATH }}" - root_url: "{{ GRAFANA_ROOT_URL }}" - analytics: - check_for_updates: true - security: - admin_user: "{{ GRAFANA_ADMIN_USER }}" - admin_password: "{{ GRAFANA_ADMIN_PASSWORD }}" - auth.azuread: - name: Azure AD - enabled: false - allow_sign_up: true - client_id: "" - client_secret: "" - scopes: openid email profile - auth_url: "" - token_url: "" - allowed_domains: "" - allowed_groups: "" - role_attribute_strict: true - log: - mode: console - log.file: - level: info - format: text - grafana_com: - url: https://grafana.com - replicaCount: 1 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - annotations: {} - tolerations: [] - gracePeriod: 0 - port: 3000 - localRenderCallback: false - resources: - requests: - memory: 250Mi - cpu: 0.1 - volumes: - # use a persistent volume or emptyDir - persistence: true - ## templates/grafana-statefulset.yaml - ## environment variables since grafana.ini settings do not override in Docker container - ## https://grafana.com/docs/grafana/latest/administration/configure-docker/#default-paths - env: - - name: GF_PATHS_DATA - value: /var/lib/grafana/pulsar/data - - name: GF_PATHS_PLUGINS - value: /var/lib/grafana/pulsar/plugin - # - name: GF_PATHS_LOGS - # value: /var/lib/grafana/pulsar/logs - - name: GF_PATHS_PROVISIONING - value: /var/lib/grafana/pulsar_provisioning - securityContext: - # Grafana docker image user and groups: https://grafana.com/docs/grafana/latest/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later - runAsUser: 472 - runAsNonRoot: true - runAsGroup: 472 - fsGroup: 472 - mountPath: /var/lib/grafana/pulsar - data: - name: data - size: 10Gi - local_storage: true - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-standard - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - - ## Grafana service - ## templates/grafana-service.yaml - ## - service: - # spec: - # type: clusterIP - annotations: {} - datasources: - loki: loki - admin: - user: pulsar - password: pulsar - ## Oauth2 for Azuread - ## Grafana Override configuration with environment variables. - ## see: https://grafana.com/docs/grafana/latest/administration/configuration/#override-configuration-with-environment-variables - azureAuthEnabled: false - azuread: - client_id: "AZURE-AD-SSO-CLIENT-ID" - client_secret: "AZURE-AD-SSO-CLIENT-SECRET" - -## Monitoring Stack: node_exporteer -## templates/node-exporter.yaml -## - -node_exporter: - component: node-exporter - annotations: {} - limits: - cpu: 10m - memory: 50Mi - requests: - cpu: 10m - memory: 50Mi - -alert_manager: - component: alert-manager - port: 9093 - annotations: {} - replicaCount: 1 - gracePeriod: 0 - resources: - requests: - memory: 250Mi - cpu: 0.1 - service: - # spec: - # clusterIP: None - annotations: {} - securityContext: - runAsUser: 65534 - runAsNonRoot: true - runAsGroup: 65534 - fsGroup: 65534 - probe: - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 10 - # alert manager config - config: - global: - resolve_timeout: 1m - route: - group_interval: 1m - repeat_interval: 10m - receiver: 'pagerduty-notifications' - receivers: - - name: 'pagerduty-notifications' - pagerduty_configs: - - service_key: "[PAGER DUTRY SERVICE KEY]" - send_resolved: true - # add alert rules below - rules: - groups: - -## Components Stack: pulsar_manager -## templates/pulsar-manager.yaml -## -pulsar_manager: - component: pulsar-manager - # this can be used to indiciate to use vault auth for pulsar-manager - # even if authentication isn't enabled for other components - force_vault: false - ports: - frontend: 9527 - backend: 7750 - replicaCount: 1 - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 10 - periodSeconds: 30 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - annotations: {} - tolerations: [] - gracePeriod: 0 - resources: - requests: - memory: 250Mi - cpu: 0.1 - volumes: - # use a persistent volume or emptyDir - persistence: true - data: - name: data - size: 10Gi - local_storage: true - useVolumeClaimTemplates: false - # storageClassName: "" - ## If the storage class is left undefined when using persistence - ## the default storage class for the cluster will be used. - ## - # storageClass: - # type: pd-standard - # fsType: xfs - # provisioner: kubernetes.io/gce-pd - statefulset: - annotations: {} - ## Pulsar manager service - ## templates/pulsar-manager-service.yaml - ## - service: - # expose the load balancer - # type: LoadBalancer - spec: {} - annotations: {} - ports: - frontend: 9527 - backend_service: - spec: - clusterIP: None - annotations: {} - ## pulsar manager configmap - ## templates/pulsar-manager-configmap.yaml - ## - configData: {} - superuser: - user: "pulsarmanager" - password: "welovepulsar" - description: "Pulsar Manager Admin" - email: support@pulsar.io - redirect: - host: localhost - scripts: - backend_entrypoint: - command: /pulsar-manager/pulsar-manager/bin/pulsar-manager - # extra arguments - # extraArgs: - spring: - datasource: - username: pulsar - password: pulsar - -## Components Stack: pulsar operators rbac -## templates/pulsar-operators-rbac.yaml -## - -rbac: - enable: true - roleName: pulsar-operator - roleBindingName: pulsar-operator-cluster-role-binding - -# Deploy pulsar sql -presto: - security: - authentication: - password: - enabled: false - # a K8S secret that stores the password file - # - # a) generate the password file `password.db`: - # $ touch password.db - # $ htpasswd -B -C 10 password.db - # - # b) generate the secret: `kubectl -n pulsar create secret generic [PASSWORD FILE SECRET NAME] --from-file=password=password.db` - # example: kubectl -n pulsar create secret generic prod-pulsar-presto-password --from-file=password=password.db - passwordFileName: "password.db" - passwordFileSecret: '[PASSWORD FILE SECRET NAME]' - passwordFileSecretKey: 'password' - jwt: - enabled: false - publicKeyFileName: "public.key" - publicKeyConfigMapName: '[PUBLIC KEY CM NAME]' - # the public key stored in the configmap should be persisted in PEM format. - # presto prefers the PEM format. If you generate the public key using `pulsar tokens` CLI, - # you can use `openssl rsa -pubin -in -inform DER -pubout -out -outform PEM` - # to convert the public key file to a public key file in PEM format. - publicKeyConfigMapKey: 'public.key' - rules: > - { - "rules": [ - ] - } - coordinator: - component: coordinator - replicaCount: 1 - tolerations: [] - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: {} - gracePeriod: 10 - ports: - http: 8081 - https: 8443 - resources: - requests: - memory: 4Gi - cpu: 2 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - path: "/v1/status" - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - path: "/v1/status" - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 10 - periodSeconds: 30 - config: - http: - port: 8081 - query: - maxMemory: "1GB" - maxMemoryPerNode: "128MB" - maxTotalMemoryPerNode: "256MB" - jvm: - memory: 2G - jdk11: true - log: - presto: - level: DEBUG - worker: - service: - spec: - type: ClusterIP - component: worker - replicaCount: 2 - tolerations: [] - affinity: - anti_affinity: true - # Set the anti affinity type. Valid values: - # requiredDuringSchedulingIgnoredDuringExecution - rules must be met for pod to be scheduled (hard) requires at least one node per replica - # preferredDuringSchedulingIgnoredDuringExecution - scheduler will try to enforce but not guranentee - type: preferredDuringSchedulingIgnoredDuringExecution - annotations: {} - gracePeriod: 10 - ports: - http: 8081 - resources: - requests: - memory: 4Gi - cpu: 2 - # nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - probe: - liveness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - readiness: - enabled: true - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 30 - startup: - enabled: false - failureThreshold: 30 - initialDelaySeconds: 10 - periodSeconds: 30 - config: - query: - maxMemory: "1GB" - maxMemoryPerNode: "128MB" - maxTotalMemoryPerNode: "256MB" - jvm: - memory: 2G - jdk11: true - log: - presto: - level: DEBUG - node: - environment: production - read_offload: - enabled: false - catalog: - pulsar: - maxEntryReadBatchSize: "100" - targetNumSplits: "16" - maxSplitMessageQueueSize: "10000" - maxSplitEntryQueueSize: "1000" - namespaceDelimiterRewriteEnable: "true" - rewriteNamespaceDelimiter: "/" - bookkeeperThrottleValue: "0" - managedLedgerCacheSizeMB: "0" - bookkeeperNumIOThreads: "8" - bookkeeperNumWorkerThreads: "8" - mlNumWorkerThreads: "8" - mlNumSchedulerThreads: "8" - statefulset: - annotations: {} - service: - spec: - type: ClusterIP diff --git a/examples/pulsar/values-cs.yaml b/examples/pulsar/values-cs.yaml deleted file mode 100644 index 1611c36b5..000000000 --- a/examples/pulsar/values-cs.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -metadataPrefix: "/configuration-store" - -## start -components: - # zookeeper - zookeeper: true - # bookkeeper - bookkeeper: false - # bookkeeper - autorecovery - autorecovery: false - # broker - broker: false - # proxy - proxy: false - # toolset - toolset: false - # pulsar manager - pulsar_manager: false - -monitoring: - # monitoring - prometheus - prometheus: false - # monitoring - grafana - grafana: false - # monitoring - node_exporter - node_exporter: false \ No newline at end of file diff --git a/examples/pulsar/values-jwt-asymmetric.yaml b/examples/pulsar/values-jwt-asymmetric.yaml deleted file mode 100644 index 194889491..000000000 --- a/examples/pulsar/values-jwt-asymmetric.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -auth: - authentication: - enabled: true - provider: "jwt" - jwt: - # Enable JWT authentication - # If the token is generated by a secret key, set the usingSecretKey as true. - # If the token is generated by a private key, set the usingSecretKey as false. - usingSecretKey: false - authorization: - enabled: true - superUsers: - # broker to broker communication - broker: "broker-admin" - # proxy to broker communication - proxy: "proxy-admin" - # pulsar-admin client to broker/proxy communication - client: "admin" \ No newline at end of file diff --git a/examples/pulsar/values-jwt-symmetric.yaml b/examples/pulsar/values-jwt-symmetric.yaml deleted file mode 100644 index 22b05ce5b..000000000 --- a/examples/pulsar/values-jwt-symmetric.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -auth: - authentication: - enabled: true - provider: "jwt" - jwt: - # Enable JWT authentication - # If the token is generated by a secret key, set the usingSecretKey as true. - # If the token is generated by a private key, set the usingSecretKey as false. - usingSecretKey: true - authorization: - enabled: true - superUsers: - # broker to broker communication - broker: "broker-admin" - # proxy to broker communication - proxy: "proxy-admin" - # pulsar-admin client to broker/proxy communication - client: "admin" \ No newline at end of file diff --git a/examples/pulsar/values-kop-tls-istio.yaml b/examples/pulsar/values-kop-tls-istio.yaml deleted file mode 100644 index d645dff92..000000000 --- a/examples/pulsar/values-kop-tls-istio.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -components: - kop: true - -broker: - annotations: - sidecar.istio.io/inject: "true" - -# enable TLS -tls: - enabled: true - proxy: - enabled: true - broker: - enabled: true - zookeeper: - enabled: true - -# issue selfsigning certs -certs: - internal_issuer: - enabled: true - type: selfsigning - public_issuer: - enabled: true - type: selfsigning - -istio: - enabled: true - gateway: - selector: - istio: "ingressgateway" - -ingress: - kop: - enabled: true - external_domain: \ No newline at end of file diff --git a/examples/pulsar/values-local-cluster.yaml b/examples/pulsar/values-local-cluster.yaml deleted file mode 100644 index 19eac4ae7..000000000 --- a/examples/pulsar/values-local-cluster.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -metadataPrefix: "/cluster1" - -pulsar_metadata: - configurationStore: pulsar-cs-zookeeper - configurationStoreMetadataPrefix: "/configuration-store" - -## disable pulsar-manager -components: - pulsar_manager: true - -## disable monitoring stack -monitoring: - # monitoring - prometheus - prometheus: false - # monitoring - grafana - grafana: false - # monitoring - node_exporter - node_exporter: false \ No newline at end of file diff --git a/examples/pulsar/values-migrate.yaml b/examples/pulsar/values-migrate.yaml deleted file mode 100644 index 7449b653f..000000000 --- a/examples/pulsar/values-migrate.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -initialize: false - -zookeeper: - volumes: - data: - size: 20Gi - -grafana: - service: - spec: - type: LoadBalancer - -pulsar_manager: - service: - type: LoadBalancer diff --git a/examples/pulsar/values-minikube.yaml b/examples/pulsar/values-minikube.yaml deleted file mode 100644 index 2cd2a2240..000000000 --- a/examples/pulsar/values-minikube.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -## deployed withh emptyDir -volumes: - persistence: false - -# disabled AntiAffinity -affinity: - anti_affinity: false - -# disable auto recovery -components: - autorecovery: false - -zookeeper: - replicaCount: 1 - -bookkeeper: - replicaCount: 1 - -broker: - replicaCount: 1 - configData: - ## Enable `autoSkipNonRecoverableData` since bookkeeper is running - ## without persistence - autoSkipNonRecoverableData: "true" - # storage settings - managedLedgerDefaultEnsembleSize: "1" - managedLedgerDefaultWriteQuorum: "1" - managedLedgerDefaultAckQuorum: "1" - -proxy: - replicaCount: 1 \ No newline at end of file diff --git a/examples/pulsar/values-no-persistence.yaml b/examples/pulsar/values-no-persistence.yaml deleted file mode 100644 index a6133669e..000000000 --- a/examples/pulsar/values-no-persistence.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -## deployed withh emptyDir -volumes: - persistence: false - -## Enable `autoSkipNonRecoverableData` since bookkeeper is running -## without persistence -broker: - configData: - autoSkipNonRecoverableData: "true" \ No newline at end of file diff --git a/examples/pulsar/values-oauth2.yaml b/examples/pulsar/values-oauth2.yaml deleted file mode 100644 index c3e9358db..000000000 --- a/examples/pulsar/values-oauth2.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -images: - broker: - # the image should contain the `io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth` lib - repository: streamnative/sn-platform - tag: 2.9.2.19 - proxy: # if the proxy component is enabled - repository: streamnative/sn-platform - tag: 2.9.2.19 - -auth: - authorization: - # if set to true, please set one of the superRoles to your super-application-id - enabled: false - authentication: - enabled: true - provider: "oauth2" - # below configurations are using Azure as the provider - oauth2: - issuerUrl: https://xxxxxx/ # the issuerUrl, such as https://sts.windows.net/xxxxxx/ - issuerUrlParam: https://xxxxxx/v2.0 # such as https://sts.windows.net/xxxxxx/v2.0 - audience: api://YOUR-APPLICATION-ID - audienceParam: api://YOUR-APPLICATION-ID/.default - brokerClientCredential: '{"client_id":"****","client_secret":"*****"}' - subjectClaim: appid - adminScope: appid - adminScopeParam: api://YOUR-APPLICATION-ID - authenticationProviders: io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth diff --git a/examples/pulsar/values-one-node.yaml b/examples/pulsar/values-one-node.yaml deleted file mode 100644 index 80a31dd32..000000000 --- a/examples/pulsar/values-one-node.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# disabled AntiAffinity -affinity: - anti_affinity: false - -images: - broker: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - functions: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - -# disable auto recovery -components: - autorecovery: false - -zookeeper: - replicaCount: 1 - -bookkeeper: - replicaCount: 1 - -broker: - replicaCount: 1 - configData: - ## Enable `autoSkipNonRecoverableData` since bookkeeper is running - ## without persistence - autoSkipNonRecoverableData: "true" - # storage settings - managedLedgerDefaultEnsembleSize: "1" - managedLedgerDefaultWriteQuorum: "1" - managedLedgerDefaultAckQuorum: "1" - -proxy: - replicaCount: 1 \ No newline at end of file diff --git a/examples/pulsar/values-pulsar.yaml b/examples/pulsar/values-pulsar.yaml deleted file mode 100644 index b1cfb0c3b..000000000 --- a/examples/pulsar/values-pulsar.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -images: - zookeeper: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - bookie: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - autorecovery: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - broker: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - functions: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - proxy: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - -bookkeeper: - metadata: - image: - repository: apachepulsar/pulsar-all - tag: 2.5.0 - - -pulsar_metadata: - image: - repository: apachepulsar/pulsar-all - tag: 2.5.0 diff --git a/examples/pulsar/values-tls.yaml b/examples/pulsar/values-tls.yaml deleted file mode 100644 index 83ea00ba4..000000000 --- a/examples/pulsar/values-tls.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -# enable TLS -tls: - enabled: true - proxy: - enabled: true - broker: - enabled: true - zookeeper: - enabled: true - -# issue selfsigning certs -certs: - internal_issuer: - enabled: true - type: selfsigning - public_issuer: - enabled: true - type: selfsigning \ No newline at end of file From 66384746ebc6185cc598b9fcf263d00b95fa446c Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Thu, 7 Mar 2024 13:04:09 +0800 Subject: [PATCH 7/8] feat: support podLabel and podAnnotation for toolset and console (#1152) * support podLabel and podAnnotation for toolset and console Signed-off-by: ericsyh * apply to sn-platform chart Signed-off-by: ericsyh --------- Signed-off-by: ericsyh --- .../streamnative-console-statefulset.yaml | 4 ++-- .../templates/toolset/toolset-statefulset.yaml | 4 ++-- charts/sn-platform-slim/values.yaml | 4 ++++ .../streamnative-console-statefulset.yaml | 4 ++-- charts/sn-platform/templates/toolset/toolset-statefulset.yaml | 4 ++-- charts/sn-platform/values.yaml | 4 ++++ 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml b/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml index d8994de19..17b54774b 100644 --- a/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml +++ b/charts/sn-platform-slim/templates/streamnative-console/streamnative-console-statefulset.yaml @@ -48,11 +48,11 @@ spec: labels: {{- include "pulsar.template.labels" . | nindent 8 }} component: {{ .Values.streamnative_console.component }} -{{- with .Values.streamnative_console.labels }} +{{- with .Values.streamnative_console.podLabels }} {{ toYaml . | indent 8 }} {{- end }} annotations: -{{- with .Values.streamnative_console.annotations }} +{{- with .Values.streamnative_console.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} spec: diff --git a/charts/sn-platform-slim/templates/toolset/toolset-statefulset.yaml b/charts/sn-platform-slim/templates/toolset/toolset-statefulset.yaml index 542e5d8b6..de288f866 100644 --- a/charts/sn-platform-slim/templates/toolset/toolset-statefulset.yaml +++ b/charts/sn-platform-slim/templates/toolset/toolset-statefulset.yaml @@ -48,14 +48,14 @@ spec: labels: {{- include "pulsar.template.labels" . | nindent 8 }} component: {{ .Values.toolset.component }} -{{- with .Values.toolset.labels }} +{{- with .Values.toolset.podLabels }} {{ toYaml . | indent 8 }} {{- end }} annotations: {{- if .Values.toolset.autoRollDeployment }} checksum/config: {{ include (print $.Template.BasePath "/toolset/toolset-configmap.yaml") . | sha256sum }} {{- end }} -{{- with .Values.toolset.annotations }} +{{- with .Values.toolset.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} spec: diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml index 175d8b224..a42de0413 100644 --- a/charts/sn-platform-slim/values.yaml +++ b/charts/sn-platform-slim/values.yaml @@ -1561,6 +1561,8 @@ toolset: # cloud.google.com/gke-nodepool: default-pool labels: {} annotations: {} + podLabels: {} + podAnnotations: {} tolerations: [] gracePeriod: 0 resources: @@ -1985,6 +1987,8 @@ streamnative_console: # cloud.google.com/gke-nodepool: default-pool labels: {} annotations: {} + podLabels: {} + podAnnotations: {} tolerations: [] gracePeriod: 0 # Resources requests/limits for both init containers and app containers diff --git a/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml b/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml index 64c69d6aa..d57140797 100644 --- a/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml +++ b/charts/sn-platform/templates/streamnative-console/streamnative-console-statefulset.yaml @@ -48,11 +48,11 @@ spec: labels: {{- include "pulsar.template.labels" . | nindent 8 }} component: {{ .Values.streamnative_console.component }} -{{- with .Values.streamnative_console.labels }} +{{- with .Values.streamnative_console.podLabels }} {{ toYaml . | indent 8 }} {{- end }} annotations: -{{- with .Values.streamnative_console.annotations }} +{{- with .Values.streamnative_console.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} spec: diff --git a/charts/sn-platform/templates/toolset/toolset-statefulset.yaml b/charts/sn-platform/templates/toolset/toolset-statefulset.yaml index b4f9e8b24..2745c1387 100644 --- a/charts/sn-platform/templates/toolset/toolset-statefulset.yaml +++ b/charts/sn-platform/templates/toolset/toolset-statefulset.yaml @@ -48,14 +48,14 @@ spec: labels: {{- include "pulsar.template.labels" . | nindent 8 }} component: {{ .Values.toolset.component }} -{{- with .Values.toolset.labels }} +{{- with .Values.toolset.podLabels }} {{ toYaml . | indent 8 }} {{- end }} annotations: {{- if .Values.toolset.autoRollDeployment }} checksum/config: {{ include (print $.Template.BasePath "/toolset/toolset-configmap.yaml") . | sha256sum }} {{- end }} -{{- with .Values.toolset.annotations }} +{{- with .Values.toolset.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} spec: diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml index 773226819..da06c6ea1 100644 --- a/charts/sn-platform/values.yaml +++ b/charts/sn-platform/values.yaml @@ -1637,6 +1637,8 @@ toolset: # cloud.google.com/gke-nodepool: default-pool labels: {} annotations: {} + podLabels: {} + podAnnotations: {} tolerations: [] kafka: enabled: false @@ -2072,6 +2074,8 @@ streamnative_console: # cloud.google.com/gke-nodepool: default-pool labels: {} annotations: {} + podLabels: {} + podAnnotations: {} tolerations: [] gracePeriod: 0 # Resources requests/limits for both init containers and app containers From 04b7ad549f2283fc3f51c67686f8ae0c61636483 Mon Sep 17 00:00:00 2001 From: Eric Shen Date: Thu, 7 Mar 2024 15:02:45 +0800 Subject: [PATCH 8/8] chore: update default connectors version (#1144) Signed-off-by: ericsyh --- .../conf/broker/connectors.yaml | 56 +++++++++---------- .../sn-platform/conf/broker/connectors.yaml | 56 +++++++++---------- 2 files changed, 56 insertions(+), 56 deletions(-) diff --git a/charts/sn-platform-slim/conf/broker/connectors.yaml b/charts/sn-platform-slim/conf/broker/connectors.yaml index ea1ab2fae..0a0174cab 100644 --- a/charts/sn-platform-slim/conf/broker/connectors.yaml +++ b/charts/sn-platform-slim/conf/broker/connectors.yaml @@ -23,8 +23,8 @@ sourceConfigClass: org.apache.pulsar.io.datagenerator.DataGeneratorSourceConfig sinkClass: org.apache.pulsar.io.datagenerator.DataGeneratorPrintSink imageRepository: streamnative/pulsar-io-data-generator - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.io.datagenerator.Person - id: pulsar-io-kinesis name: kinesis @@ -34,8 +34,8 @@ sourceConfigClass: org.apache.pulsar.io.kinesis.KinesisSourceConfig sinkConfigClass: org.apache.pulsar.io.kinesis.KinesisSinkConfig imageRepository: streamnative/pulsar-io-kinesis - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 - id: pulsar-io-sqs name: sqs description: SQS connectors @@ -44,8 +44,8 @@ sourceConfigClass: org.apache.pulsar.ecosystem.io.sqs.SQSConnectorConfig sinkClass: org.apache.pulsar.ecosystem.io.sqs.SQSSink sinkConfigClass: org.apache.pulsar.ecosystem.io.sqs.SQSConnectorConfig - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.5 + imageTag: 3.0.2.5 sinkTypeClassName: org.apache.pulsar.client.api.schema.GenericRecord sourceTypeClassName: java.lang.String - id: pulsar-io-cloud-storage @@ -54,8 +54,8 @@ sinkClass: org.apache.pulsar.io.jcloud.sink.CloudStorageGenericRecordSink sinkConfigClass: org.apache.pulsar.io.jcloud.sink.CloudStorageSinkConfig imageRepository: streamnative/pulsar-io-cloud-storage - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.client.api.schema.GenericRecord - id: pulsar-io-amqp1_0 name: amqp1_0 @@ -65,8 +65,8 @@ sinkConfigClass: org.apache.pulsar.ecosystem.io.amqp.AmqpSinkConfig sourceConfigClass: org.apache.pulsar.ecosystem.io.amqp.AmqpSourceConfig imageRepository: streamnative/pulsar-io-amqp-1-0 - version: 2.8.2.4 - imageTag: 2.8.2.4 + version: 2.8.0.6 + imageTag: 2.8.0.6 typeClassName: java.nio.ByteBuffer defaultSchemaType: org.apache.pulsar.client.impl.schema.ByteBufferSchema - id: pulsar-io-debezium-mysql @@ -74,40 +74,40 @@ description: Debezium MySql Source sourceClass: org.apache.pulsar.io.debezium.mysql.DebeziumMysqlSource imageRepository: streamnative/pulsar-io-debezium-mysql - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-debezium-postgres name: debezium-postgres description: Debezium Postgres Source sourceClass: org.apache.pulsar.io.debezium.postgres.DebeziumPostgresSource imageRepository: streamnative/pulsar-io-debezium-postgres - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-debezium-mongodb name: debezium-mongodb description: Debezium MongoDb Source sourceClass: org.apache.pulsar.io.debezium.mongodb.DebeziumMongoDbSource imageRepository: streamnative/pulsar-io-debezium-mongodb - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-debezium-mssql name: debezium-mssql description: Debezium Microsoft SQL Server Source sourceClass: org.apache.pulsar.io.debezium.mssql.DebeziumMsSqlSource imageRepository: streamnative/pulsar-io-debezium-mssql - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-kafka name: kafka description: Kafka Source sourceClass: org.apache.pulsar.io.kafka.KafkaBytesSource imageRepository: streamnative/pulsar-io-kafka - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 sourceConfigClass: org.apache.pulsar.io.kafka.KafkaSourceConfig sourceTypeClassName: java.nio.ByteBuffer - id: pulsar-io-elastic-search @@ -116,8 +116,8 @@ sinkClass: org.apache.pulsar.io.elasticsearch.ElasticSearchSink sinkConfigClass: org.apache.pulsar.io.elasticsearch.ElasticSearchConfig imageRepository: streamnative/pulsar-io-elastic-search - version: 2.10.0.3 - imageTag: 2.10.0.3 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.client.api.schema.GenericObject - id: pulsar-io-aws-lambda name: aws-lambda @@ -125,8 +125,8 @@ sinkClass: org.apache.pulsar.ecosystem.io.aws.lambda.AWSLambdaBytesSink sinkConfigClass: org.apache.pulsar.ecosystem.io.aws.lambda.AWSLambdaConnectorConfig imageRepository: streamnative/pulsar-io-aws-lambda - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.5 + imageTag: 3.0.2.5 - id: pulsar-io-bigquery name: bigquery description: Google BigQuery connectors @@ -135,8 +135,8 @@ sourceClass: org.apache.pulsar.ecosystem.io.bigquery.BigQuerySource sourceConfigClass: org.apache.pulsar.ecosystem.io.bigquery.BigQuerySourceConfig imageRepository: streamnative/pulsar-io-bigquery - version: 2.10.1.10 - imageTag: 2.10.1.10 + version: 3.0.2.6 + imageTag: 3.0.2.6 sinkTypeClassName: org.apache.pulsar.client.api.schema.GenericObject sourceTypeClassName: org.apache.pulsar.client.api.schema.GenericRecord - id: pulsar-io-snowflake @@ -145,6 +145,6 @@ sinkClass: org.apache.pulsar.ecosystem.io.snowflake.SnowflakeSinkConnector sinkConfigClass: org.apache.pulsar.ecosystem.io.snowflake.SnowflakeSinkConfig imageRepository: streamnative/pulsar-io-snowflake - version: 2.10.3.4 - imageTag: 2.10.3.4 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.client.api.schema.GenericObject diff --git a/charts/sn-platform/conf/broker/connectors.yaml b/charts/sn-platform/conf/broker/connectors.yaml index ea1ab2fae..0a0174cab 100644 --- a/charts/sn-platform/conf/broker/connectors.yaml +++ b/charts/sn-platform/conf/broker/connectors.yaml @@ -23,8 +23,8 @@ sourceConfigClass: org.apache.pulsar.io.datagenerator.DataGeneratorSourceConfig sinkClass: org.apache.pulsar.io.datagenerator.DataGeneratorPrintSink imageRepository: streamnative/pulsar-io-data-generator - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.io.datagenerator.Person - id: pulsar-io-kinesis name: kinesis @@ -34,8 +34,8 @@ sourceConfigClass: org.apache.pulsar.io.kinesis.KinesisSourceConfig sinkConfigClass: org.apache.pulsar.io.kinesis.KinesisSinkConfig imageRepository: streamnative/pulsar-io-kinesis - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 - id: pulsar-io-sqs name: sqs description: SQS connectors @@ -44,8 +44,8 @@ sourceConfigClass: org.apache.pulsar.ecosystem.io.sqs.SQSConnectorConfig sinkClass: org.apache.pulsar.ecosystem.io.sqs.SQSSink sinkConfigClass: org.apache.pulsar.ecosystem.io.sqs.SQSConnectorConfig - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.5 + imageTag: 3.0.2.5 sinkTypeClassName: org.apache.pulsar.client.api.schema.GenericRecord sourceTypeClassName: java.lang.String - id: pulsar-io-cloud-storage @@ -54,8 +54,8 @@ sinkClass: org.apache.pulsar.io.jcloud.sink.CloudStorageGenericRecordSink sinkConfigClass: org.apache.pulsar.io.jcloud.sink.CloudStorageSinkConfig imageRepository: streamnative/pulsar-io-cloud-storage - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.client.api.schema.GenericRecord - id: pulsar-io-amqp1_0 name: amqp1_0 @@ -65,8 +65,8 @@ sinkConfigClass: org.apache.pulsar.ecosystem.io.amqp.AmqpSinkConfig sourceConfigClass: org.apache.pulsar.ecosystem.io.amqp.AmqpSourceConfig imageRepository: streamnative/pulsar-io-amqp-1-0 - version: 2.8.2.4 - imageTag: 2.8.2.4 + version: 2.8.0.6 + imageTag: 2.8.0.6 typeClassName: java.nio.ByteBuffer defaultSchemaType: org.apache.pulsar.client.impl.schema.ByteBufferSchema - id: pulsar-io-debezium-mysql @@ -74,40 +74,40 @@ description: Debezium MySql Source sourceClass: org.apache.pulsar.io.debezium.mysql.DebeziumMysqlSource imageRepository: streamnative/pulsar-io-debezium-mysql - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-debezium-postgres name: debezium-postgres description: Debezium Postgres Source sourceClass: org.apache.pulsar.io.debezium.postgres.DebeziumPostgresSource imageRepository: streamnative/pulsar-io-debezium-postgres - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-debezium-mongodb name: debezium-mongodb description: Debezium MongoDb Source sourceClass: org.apache.pulsar.io.debezium.mongodb.DebeziumMongoDbSource imageRepository: streamnative/pulsar-io-debezium-mongodb - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-debezium-mssql name: debezium-mssql description: Debezium Microsoft SQL Server Source sourceClass: org.apache.pulsar.io.debezium.mssql.DebeziumMsSqlSource imageRepository: streamnative/pulsar-io-debezium-mssql - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.common.schema.KeyValue - id: pulsar-io-kafka name: kafka description: Kafka Source sourceClass: org.apache.pulsar.io.kafka.KafkaBytesSource imageRepository: streamnative/pulsar-io-kafka - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.6 + imageTag: 3.0.2.6 sourceConfigClass: org.apache.pulsar.io.kafka.KafkaSourceConfig sourceTypeClassName: java.nio.ByteBuffer - id: pulsar-io-elastic-search @@ -116,8 +116,8 @@ sinkClass: org.apache.pulsar.io.elasticsearch.ElasticSearchSink sinkConfigClass: org.apache.pulsar.io.elasticsearch.ElasticSearchConfig imageRepository: streamnative/pulsar-io-elastic-search - version: 2.10.0.3 - imageTag: 2.10.0.3 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.client.api.schema.GenericObject - id: pulsar-io-aws-lambda name: aws-lambda @@ -125,8 +125,8 @@ sinkClass: org.apache.pulsar.ecosystem.io.aws.lambda.AWSLambdaBytesSink sinkConfigClass: org.apache.pulsar.ecosystem.io.aws.lambda.AWSLambdaConnectorConfig imageRepository: streamnative/pulsar-io-aws-lambda - version: 2.9.2.17 - imageTag: 2.9.2.17 + version: 3.0.2.5 + imageTag: 3.0.2.5 - id: pulsar-io-bigquery name: bigquery description: Google BigQuery connectors @@ -135,8 +135,8 @@ sourceClass: org.apache.pulsar.ecosystem.io.bigquery.BigQuerySource sourceConfigClass: org.apache.pulsar.ecosystem.io.bigquery.BigQuerySourceConfig imageRepository: streamnative/pulsar-io-bigquery - version: 2.10.1.10 - imageTag: 2.10.1.10 + version: 3.0.2.6 + imageTag: 3.0.2.6 sinkTypeClassName: org.apache.pulsar.client.api.schema.GenericObject sourceTypeClassName: org.apache.pulsar.client.api.schema.GenericRecord - id: pulsar-io-snowflake @@ -145,6 +145,6 @@ sinkClass: org.apache.pulsar.ecosystem.io.snowflake.SnowflakeSinkConnector sinkConfigClass: org.apache.pulsar.ecosystem.io.snowflake.SnowflakeSinkConfig imageRepository: streamnative/pulsar-io-snowflake - version: 2.10.3.4 - imageTag: 2.10.3.4 + version: 3.0.2.6 + imageTag: 3.0.2.6 typeClassName: org.apache.pulsar.client.api.schema.GenericObject