Skip to content

Commit

Permalink
Merge branch 'master' into fix-restore-for-bk
Browse files Browse the repository at this point in the history
  • Loading branch information
zymap authored Dec 28, 2023
2 parents a2b5d9e + a49f514 commit a86a6dc
Show file tree
Hide file tree
Showing 48 changed files with 528 additions and 167 deletions.
4 changes: 2 additions & 2 deletions charts/pulsar-operator/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
#

apiVersion: v1
version: 0.17.0
appVersion: "0.17.8"
version: 0.17.9
appVersion: "0.17.10"
kubeVersion: ">= 1.16.0-0 < 1.29.0-0"
description: Apache Pulsar Operators Helm chart for Kubernetes
name: pulsar-operator
Expand Down
4 changes: 2 additions & 2 deletions charts/pulsar-operator/templates/pulsar-operator/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@ install broker crd yaml file to tpl.
*/}}
{{- define "broker.crd" -}}
{{- $files := .Files }}
{{ $files.Get "crds/pulsar.streamnative.io_pulsarbrokers" }}
{{ $files.Get "crds/pulsar.streamnative.io_pulsarbrokers.yaml" }}
{{- end -}}

{{/*
install proxy crd yaml file to tpl.
*/}}
{{- define "proxy.crd" -}}
{{- $files := .Files }}
{{ $files.Get "crds/pulsar.streamnative.io_pulsarproxies" }}
{{ $files.Get "crds/pulsar.streamnative.io_pulsarproxies.yaml" }}
{{- end -}}

{{/*Define the image for pulsar*/}}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ install crd yaml file to tpl
*/}}
{{- define "zookeeper.crd" -}}
{{- $files := .Files }}
{{ $files.Get "crds/zookeeper.streamnative.io_zookeeperclusters" }}
{{ $files.Get "crds/zookeeper.streamnative.io_zookeeperclusters.yaml" }}
{{- end -}}

{{/*Define the image for zookeeper*/}}
Expand Down
2 changes: 1 addition & 1 deletion charts/pulsar-operator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ components:
## Control what images to use for each component
images:
registry: "docker.streamnative.io"
tag: "v0.17.8"
tag: "v0.17.10"

zookeeper:
registry: ""
Expand Down
6 changes: 3 additions & 3 deletions charts/sn-platform-slim/conf/toolset/pulsar/clean_tls.sh
Original file line number Diff line number Diff line change
Expand Up @@ -81,22 +81,22 @@ done

function delete_ca() {
local tls_ca_secret="${release}-ca-tls"
/pulsar/kubectl delete secret ${tls_ca_secret} -n ${namespace}
${KUBECTL_BIN} delete secret ${tls_ca_secret} -n ${namespace}
}

function delete_server_cert() {
local component=$1
local server_cert_secret="${release}-tls-${component}"

/pulsar/kubectl delete secret ${server_cert_secret} \
${KUBECTL_BIN} delete secret ${server_cert_secret} \
-n ${namespace}
}

function delete_client_cert() {
local component=$1
local client_cert_secret="${release}-tls-${component}"

/pulsar/kubectl delete secret ${client_cert_secret} \
${KUBECTL_BIN} delete secret ${client_cert_secret} \
-n ${namespace}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,15 @@ release=${release:-pulsar-dev}

function delete_namespace() {
if [[ "${delete_namespace}" == "true" ]]; then
/pulsar/kubectl delete namespace ${namespace}
${KUBECTL_BIN} delete namespace ${namespace}
fi
}

# delete the cc admin secrets
/pulsar/kubectl delete -n ${namespace} secret ${release}-admin-secret
${KUBECTL_BIN} delete -n ${namespace} secret ${release}-admin-secret

# delete tokens
/pulsar/kubectl get secrets -n ${namespace} | grep ${release}-token- | awk '{print $1}' | xargs /pulsar/kubectl delete secrets -n ${namespace}
${KUBECTL_BIN} get secrets -n ${namespace} | grep ${release}-token- | awk '{print $1}' | xargs ${KUBECTL_BIN} delete secrets -n ${namespace}

# delete namespace
delete_namespace
1 change: 0 additions & 1 deletion charts/sn-platform-slim/conf/toolset/pulsar/common_auth.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ if [ -z "$CHART_HOME" ]; then
exit 1
fi

OUTPUT=${CHART_HOME}/output
OUTPUT_BIN=${OUTPUT}/bin
PULSARCTL_VERSION=v2.10.2.2
PULSARCTL_BIN=/pulsar/bin/pulsarctl
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,8 @@ autorecovery_pod=${autorecovery_pod:-autorecovery}
for ((i=replicas; i>=1; i--))
do
j=$((i-1))
echo /pulsar/kubectl -n ${namespace} scale --replicas=${j} sts/${statefulset}
/pulsar/kubectl -n ${namespace} scale --replicas=${j} sts/${statefulset}
echo /pulsar/kubectl -n ${autorecovery_namespace} exec -it ${autorecovery_pod} -- bin/bookkeeper shell decommissionbookie -bookieid ${statefulset}-${j}.${statefulset}.${namespace}.svc.cluster.local:3181
/pulsar/kubectl -n ${autorecovery_namespace} exec -it ${autorecovery_pod} -- bin/bookkeeper shell decommissionbookie -bookieid ${statefulset}-${j}.${statefulset}.${namespace}.svc.cluster.local:3181
echo ${KUBECTL_BIN} -n ${namespace} scale --replicas=${j} sts/${statefulset}
${KUBECTL_BIN} -n ${namespace} scale --replicas=${j} sts/${statefulset}
echo ${KUBECTL_BIN} -n ${autorecovery_namespace} exec -it ${autorecovery_pod} -- bin/bookkeeper shell decommissionbookie -bookieid ${statefulset}-${j}.${statefulset}.${namespace}.svc.cluster.local:3181
${KUBECTL_BIN} -n ${autorecovery_namespace} exec -it ${autorecovery_pod} -- bin/bookkeeper shell decommissionbookie -bookieid ${statefulset}-${j}.${statefulset}.${namespace}.svc.cluster.local:3181
done
8 changes: 4 additions & 4 deletions charts/sn-platform-slim/conf/toolset/pulsar/generate_token.sh
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@ function pulsar::jwt::generate_symmetric_token() {
trap "test -f $tmpfile && rm $tmpfile" RETURN
tokentmpfile=$(mktemp)
trap "test -f $tokentmpfile && rm $tokentmpfile" RETURN
/pulsar/kubectl get -n ${namespace} secrets ${secret_name} -o jsonpath="{.data['SECRETKEY']}" | base64 --decode > ${tmpfile}
${KUBECTL_BIN} get -n ${namespace} secrets ${secret_name} -o jsonpath="{.data['SECRETKEY']}" | base64 --decode > ${tmpfile}
${PULSARCTL_BIN} token create -a HS256 --secret-key-file ${tmpfile} --subject ${role} 2&> ${tokentmpfile}
newtokentmpfile=$(mktemp)
tr -d '\n' < ${tokentmpfile} > ${newtokentmpfile}
/pulsar/kubectl create secret generic ${token_name} -n ${namespace} --from-file="TOKEN=${newtokentmpfile}" --from-literal="TYPE=symmetric"
${KUBECTL_BIN} create secret generic ${token_name} -n ${namespace} --from-file="TOKEN=${newtokentmpfile}" --from-literal="TYPE=symmetric"
}

function pulsar::jwt::generate_asymmetric_token() {
Expand All @@ -111,11 +111,11 @@ function pulsar::jwt::generate_asymmetric_token() {
trap "test -f $privatekeytmpfile && rm $privatekeytmpfile" RETURN
tokentmpfile=$(mktemp)
trap "test -f $tokentmpfile && rm $tokentmpfile" RETURN
/pulsar/kubectl get -n ${namespace} secrets ${secret_name} -o jsonpath="{.data['PRIVATEKEY']}" | base64 --decode > ${privatekeytmpfile}
${KUBECTL_BIN} get -n ${namespace} secrets ${secret_name} -o jsonpath="{.data['PRIVATEKEY']}" | base64 --decode > ${privatekeytmpfile}
${PULSARCTL_BIN} token create -a RS256 --private-key-file ${privatekeytmpfile} --subject ${role} 2&> ${tokentmpfile}
newtokentmpfile=$(mktemp)
tr -d '\n' < ${tokentmpfile} > ${newtokentmpfile}
/pulsar/kubectl create secret generic ${token_name} -n ${namespace} --from-file="TOKEN=${newtokentmpfile}" --from-literal="TYPE=asymmetric"
${KUBECTL_BIN} create secret generic ${token_name} -n ${namespace} --from-file="TOKEN=${newtokentmpfile}" --from-literal="TYPE=asymmetric"
}

if [[ "${symmetric}" == "true" ]]; then
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@
# under the License.
#

set -e

set -x;
CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd)
cd ${CHART_HOME}

Expand Down Expand Up @@ -82,9 +81,9 @@ function pulsar::jwt::generate_symmetric_key() {
tmpfile=$(mktemp)
trap "test -f $tmpfile && rm $tmpfile" RETURN
${PULSARCTL_BIN} token create-secret-key --output-file ${tmpfile}
mv $tmpfile SECRETKEY
/pulsar/kubectl create secret generic ${secret_name} -n ${namespace} --from-file=SECRETKEY
rm SECRETKEY
mv $tmpfile ${OUTPUT}/SECRETKEY
${KUBECTL_BIN} create secret generic ${secret_name} -n ${namespace} --from-file=${OUTPUT}/SECRETKEY
rm ${OUTPUT}/SECRETKEY
}

function pulsar::jwt::generate_asymmetric_key() {
Expand All @@ -95,11 +94,11 @@ function pulsar::jwt::generate_asymmetric_key() {
publickeytmpfile=$(mktemp)
trap "test -f $publickeytmpfile && rm $publickeytmpfile" RETURN
${PULSARCTL_BIN} token create-key-pair -a RS256 --output-private-key ${privatekeytmpfile} --output-public-key ${publickeytmpfile}
mv $privatekeytmpfile PRIVATEKEY
mv $publickeytmpfile PUBLICKEY
/pulsar/kubectl create secret generic ${secret_name} -n ${namespace} --from-file=PRIVATEKEY --from-file=PUBLICKEY
rm PRIVATEKEY
rm PUBLICKEY
mv $privatekeytmpfile $OUTPUT/PRIVATEKEY
mv $publickeytmpfile $OUTPUT/PUBLICKEY
${KUBECTL_BIN} create secret generic ${secret_name} -n ${namespace} --from-file=$OUTPUT/PRIVATEKEY --from-file=$OUTPUT/PUBLICKEY
rm $OUTPUT/PRIVATEKEY
rm $OUTPUT/PUBLICKEY
}

if [[ "${symmetric}" == "true" ]]; then
Expand Down
4 changes: 2 additions & 2 deletions charts/sn-platform-slim/conf/toolset/pulsar/get_token.sh
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@ release=${release:-pulsar-dev}
function pulsar::jwt::get_token() {
local token_name="${release}-token-${role}"

local token=$(/pulsar/kubectl get -n ${namespace} secrets ${token_name} -o jsonpath="{.data['TOKEN']}" | base64 --decode)
local token_type=$(/pulsar/kubectl get -n ${namespace} secrets ${token_name} -o jsonpath="{.data['TYPE']}" | base64 --decode)
local token=$(${KUBECTL_BIN} get -n ${namespace} secrets ${token_name} -o jsonpath="{.data['TOKEN']}" | base64 --decode)
local token_type=$(${KUBECTL_BIN} get -n ${namespace} secrets ${token_name} -o jsonpath="{.data['TYPE']}" | base64 --decode)

echo "token type: ${token_type}"
echo "-------------------------"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ function bootstrap(){

echo "Wait for metrics API service"
# Helm 2.15 and 3.0 bug https://github.com/helm/helm/issues/6361#issuecomment-550503455
/pulsar/kubectl --namespace=kube-system wait --for=condition=Available --timeout=5m apiservices/v1beta1.metrics.k8s.io
${KUBECTL_BIN} --namespace=kube-system wait --for=condition=Available --timeout=5m apiservices/v1beta1.metrics.k8s.io

helm repo update
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
# under the License.
#

set -x;
CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd)
cd ${CHART_HOME}

Expand Down Expand Up @@ -94,15 +95,15 @@ pulsar_superusers=${pulsar_superusers:-"proxy-admin,broker-admin,admin,pulsar-ma

function generate_gcs_offloader_service_account_keyfile() {
local secret_name="${release}-gcs-offloader-service-account"
/pulsar/kubectl create secret generic ${secret_name} -n ${namespace} \
${KUBECTL_BIN} create secret generic ${secret_name} -n ${namespace} \
--from-file="gcs.json=${gcs_offloader_service_account_keyfile}"
}

pulsar_superusers=${pulsar_superusers:-"proxy-admin,broker-admin,admin,pulsar-manager-admin"}

function do_create_namespace() {
if [[ "${create_namespace}" == "true" ]]; then
/pulsar/kubectl create namespace ${namespace}
${KUBECTL_BIN} create namespace ${namespace}
fi
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ gcloud iam service-accounts keys create ${RESOLVER_NAME}-key.json \
--iam-account ${RESOLVER_NAME}@$PROJECT_ID.iam.gserviceaccount.com

echo "Save the service account key as a kubernete secret '${HELM_RELEASE}-${RESOLVER_NAME}-svc-acct' in namespace '${NAMESPACE}'."
/pulsar/kubectl create secret generic ${HELM_RELEASE}-${RESOLVER_NAME}-svc-acct \
${KUBECTL_BIN} create secret generic ${HELM_RELEASE}-${RESOLVER_NAME}-svc-acct \
--from-file=${RESOLVER_NAME}-key.json -n ${NAMESPACE}

echo "Remove the generated key."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,5 @@ PEM="${CA_NAME}.pem"

NAMESPACE=$1

/pulsar/kubectl create secret generic ${CA_NAME} \
${KUBECTL_BIN} create secret generic ${CA_NAME} \
--from-file=${PEM} -n ${NAMESPACE}
6 changes: 3 additions & 3 deletions charts/sn-platform-slim/conf/toolset/pulsar/upload_tls.sh
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ ca_cert_file=${tlsdir}/certs/ca.cert.pem

function upload_ca() {
local tls_ca_secret="${release}-ca-tls"
/pulsar/kubectl create secret generic ${tls_ca_secret} -n ${namespace} --from-file="ca.crt=${ca_cert_file}"
${KUBECTL_BIN} create secret generic ${tls_ca_secret} -n ${namespace} --from-file="ca.crt=${ca_cert_file}"
}

function upload_server_cert() {
Expand All @@ -100,7 +100,7 @@ function upload_server_cert() {
local tls_cert_file="${tlsdir}/servers/${component}/${component}.cert.pem"
local tls_key_file="${tlsdir}/servers/${component}/${component}.key-pk8.pem"

/pulsar/kubectl create secret generic ${server_cert_secret} \
${KUBECTL_BIN} create secret generic ${server_cert_secret} \
-n ${namespace} \
--from-file="tls.crt=${tls_cert_file}" \
--from-file="tls.key=${tls_key_file}" \
Expand All @@ -113,7 +113,7 @@ function upload_client_cert() {
local tls_cert_file="${tlsdir}/clients/${component}/${component}.cert.pem"
local tls_key_file="${tlsdir}/clients/${component}/${component}.key-pk8.pem"

/pulsar/kubectl create secret generic ${client_cert_secret} \
${KUBECTL_BIN} create secret generic ${client_cert_secret} \
-n ${namespace} \
--from-file="tls.crt=${tls_cert_file}" \
--from-file="tls.key=${tls_key_file}" \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,13 +111,13 @@ Get ingress image according to the k8s version.
When k8s version is higher or equal than v1.22, ingress image should use version v1.x.x,
otherwise it should use the default version 0.26.2 that defines in values.yaml.
If k8s version is higher or equal than v1.22, but the .Values.images.nginx_ingress_controller.tag is less than v1.x.x,
it will use registry.k8s.io/ingress-nginx/controller:v1.1.1 as default to make ingress work.
If k8s version is higher or equal than v1.22, it will use the nginx_ingress_controller image in values.
otherwise, it will use quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26. as default to make ingress work.
*/}}
{{- define "pulsar.ingress.image" -}}
{{- if and (eq (include "pulsar.kubeVersion.isLessThanV122" .) "false") (semverCompare "< 1.0.0" .Values.images.nginx_ingress_controller.tag )}}
{{- print "registry.k8s.io/ingress-nginx/controller:v1.1.1"}}
{{- else -}}
{{- if (eq (include "pulsar.kubeVersion.isLessThanV122" .) "false") }}
{{- printf "%s:%s" .Values.images.nginx_ingress_controller.repository .Values.images.nginx_ingress_controller.tag -}}
{{- else -}}
{{- print "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.2"}}
{{- end -}}
{{- end -}}
{{- end -}}
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,16 @@ metadata:
{{- else }}
ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
{{- if not $isIngressAPIStable }}
kubernetes.io/ingress.class: nginx
{{- end }}
{{- with .Values.ingress.control_center.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if $isIngressAPIStable }}
ingressClassName: nginx
{{- end }}
{{- if and .Values.ingress.control_center.tls.enabled (not .Values.ingress.controller.tls.termination) }}
{{- if .Values.domain.enabled }}
tls:
Expand All @@ -61,7 +66,6 @@ spec:
# Use the same cert for proxy which is wildcard type
secretName: "{{ template "pulsar.proxy.tls.secret.name" . }}"
{{- end }}

{{- end }}
{{- end }}
rules:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@

{{- if .Values.ingress.controller.enabled }}
{{- $isKubeVersionLessThanV122 := eq (include "pulsar.kubeVersion.isLessThanV122" .) "true" }}
{{- $isIngressAPIStable := eq (include "pulsar.ingress.isStable" .) "true" -}}

{{/* COMMENT */}}



apiVersion: apps/v1
kind: Deployment
Expand Down Expand Up @@ -70,7 +75,11 @@ spec:
- --tcp-services-configmap={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-tcp-services
- --udp-services-configmap={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-udp-services
- --publish-service={{ template "pulsar.namespace" . }}/{{ template "pulsar.fullname" . }}-{{ .Values.ingress.controller.component }}
{{- if $isIngressAPIStable }}
- --ingress-class=nginx
{{- else }}
- --annotations-prefix=nginx.ingress.kubernetes.io
{{- end }}
securityContext:
allowPrivilegeEscalation: true
capabilities:
Expand Down
Loading

0 comments on commit a86a6dc

Please sign in to comment.