diff --git a/pulsar/templates/broker-configmap.yaml b/pulsar/templates/broker-configmap.yaml index d577826..cf7b5c1 100644 --- a/pulsar/templates/broker-configmap.yaml +++ b/pulsar/templates/broker-configmap.yaml @@ -39,4 +39,9 @@ data: clusterName: {{ template "pulsar.fullname" . }} functionsWorkerEnabled: "true" PF_pulsarFunctionsCluster: {{ template "pulsar.fullname" . }} -{{ toYaml .Values.broker.configData | indent 2 }} + {{- if .Values.extra.functionsAsPods }} + PF_functionRuntimeFactoryClassName: "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory" + PF_functionRuntimeFactoryConfigs_submittingInsidePod: "true" + PF_functionRuntimeFactoryConfigs_jobNamespace: {{ .Values.namespace }} + {{- end }} + {{ toYaml .Values.broker.configData | indent 2 }} diff --git a/pulsar/templates/broker-deployment.yaml b/pulsar/templates/broker-deployment.yaml index 9c74764..4abd2b6 100644 --- a/pulsar/templates/broker-deployment.yaml +++ b/pulsar/templates/broker-deployment.yaml @@ -55,6 +55,9 @@ spec: tolerations: {{ toYaml .Values.broker.tolerations | indent 8 }} {{- end }} + {{- if .Values.extra.functionsAsPods }} + serviceAccount: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" + {{- end }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/pulsar/templates/broker-rbac.yaml b/pulsar/templates/broker-rbac.yaml new file mode 100644 index 0000000..8f37ed7 --- /dev/null +++ b/pulsar/templates/broker-rbac.yaml @@ -0,0 +1,60 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + + {{- if .Values.extra.functionsAsPods }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" +rules: +- apiGroups: [""] + resources: + - services + - configmaps + - pods + verbs: + - '*' +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" + namespace: {{ .Values.namespace }} +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" +subjects: +- kind: ServiceAccount + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" + namespace: {{ .Values.namespace }} + {{- end }} diff --git a/pulsar/values-mini.yaml b/pulsar/values-mini.yaml index dadff58..49f65e0 100644 --- a/pulsar/values-mini.yaml +++ b/pulsar/values-mini.yaml @@ -49,6 +49,8 @@ extra: bastion: yes # Monitoring stack (prometheus and grafana) monitoring: yes + # Configure Kubernetes runtime for Functions + functionsAsPods: no ## Which pulsar image to use image: @@ -245,6 +247,11 @@ broker: pdb: usePolicy: yes maxUnavailable: 1 + ## Broker rbac + ## templates/broker-rbac.yaml + ## + functions: + component: functions-worker ## Pulsar Extra: Proxy ## templates/proxy-deployment.yaml diff --git a/pulsar/values.yaml b/pulsar/values.yaml index 84a2bba..d9fc502 100644 --- a/pulsar/values.yaml +++ b/pulsar/values.yaml @@ -49,6 +49,8 @@ extra: bastion: yes # Monitoring stack (prometheus and grafana) monitoring: yes + # Configure Kubernetes runtime for Functions + functionsAsPods: no ## Which pulsar image to use image: @@ -247,6 +249,11 @@ broker: pdb: usePolicy: yes maxUnavailable: 1 + ## Broker rbac + ## templates/broker-rbac.yaml + ## + functions: + component: functions-worker ## Pulsar Extra: Proxy ## templates/proxy-deployment.yaml