diff --git a/README.md b/README.md index cba07e2..505d44a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,25 @@ + # Official Apache Pulsar Helm Chart -This is the officially supported Helm Chart for installing Apache Pulsar on Kubernetes. \ No newline at end of file +This is the officially supported Helm Chart for installing Apache Pulsar on Kubernetes. + +Read [Deploying Pulsar on Kubernetes](http://pulsar.apache.org/docs/en/deploy-kubernetes/) for more details. diff --git a/examples/values-cs.yaml b/examples/values-cs.yaml new file mode 100644 index 0000000..1611c36 --- /dev/null +++ b/examples/values-cs.yaml @@ -0,0 +1,45 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +metadataPrefix: "/configuration-store" + +## start +components: + # zookeeper + zookeeper: true + # bookkeeper + bookkeeper: false + # bookkeeper - autorecovery + autorecovery: false + # broker + broker: false + # proxy + proxy: false + # toolset + toolset: false + # pulsar manager + pulsar_manager: false + +monitoring: + # monitoring - prometheus + prometheus: false + # monitoring - grafana + grafana: false + # monitoring - node_exporter + node_exporter: false \ No newline at end of file diff --git a/examples/values-jwt-asymmetric.yaml b/examples/values-jwt-asymmetric.yaml new file mode 100644 index 0000000..1948894 --- /dev/null +++ b/examples/values-jwt-asymmetric.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +auth: + authentication: + enabled: true + provider: "jwt" + jwt: + # Enable JWT authentication + # If the token is generated by a secret key, set the usingSecretKey as true. + # If the token is generated by a private key, set the usingSecretKey as false. + usingSecretKey: false + authorization: + enabled: true + superUsers: + # broker to broker communication + broker: "broker-admin" + # proxy to broker communication + proxy: "proxy-admin" + # pulsar-admin client to broker/proxy communication + client: "admin" \ No newline at end of file diff --git a/examples/values-jwt-symmetric.yaml b/examples/values-jwt-symmetric.yaml new file mode 100644 index 0000000..22b05ce --- /dev/null +++ b/examples/values-jwt-symmetric.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +auth: + authentication: + enabled: true + provider: "jwt" + jwt: + # Enable JWT authentication + # If the token is generated by a secret key, set the usingSecretKey as true. + # If the token is generated by a private key, set the usingSecretKey as false. + usingSecretKey: true + authorization: + enabled: true + superUsers: + # broker to broker communication + broker: "broker-admin" + # proxy to broker communication + proxy: "proxy-admin" + # pulsar-admin client to broker/proxy communication + client: "admin" \ No newline at end of file diff --git a/examples/values-local-cluster.yaml b/examples/values-local-cluster.yaml new file mode 100644 index 0000000..19eac4a --- /dev/null +++ b/examples/values-local-cluster.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +metadataPrefix: "/cluster1" + +pulsar_metadata: + configurationStore: pulsar-cs-zookeeper + configurationStoreMetadataPrefix: "/configuration-store" + +## disable pulsar-manager +components: + pulsar_manager: true + +## disable monitoring stack +monitoring: + # monitoring - prometheus + prometheus: false + # monitoring - grafana + grafana: false + # monitoring - node_exporter + node_exporter: false \ No newline at end of file diff --git a/examples/values-local-pv.yaml b/examples/values-local-pv.yaml new file mode 100644 index 0000000..c393763 --- /dev/null +++ b/examples/values-local-pv.yaml @@ -0,0 +1,21 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +volumes: + local_storage: true \ No newline at end of file diff --git a/examples/values-minikube.yaml b/examples/values-minikube.yaml new file mode 100644 index 0000000..2cd2a22 --- /dev/null +++ b/examples/values-minikube.yaml @@ -0,0 +1,50 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +## deployed withh emptyDir +volumes: + persistence: false + +# disabled AntiAffinity +affinity: + anti_affinity: false + +# disable auto recovery +components: + autorecovery: false + +zookeeper: + replicaCount: 1 + +bookkeeper: + replicaCount: 1 + +broker: + replicaCount: 1 + configData: + ## Enable `autoSkipNonRecoverableData` since bookkeeper is running + ## without persistence + autoSkipNonRecoverableData: "true" + # storage settings + managedLedgerDefaultEnsembleSize: "1" + managedLedgerDefaultWriteQuorum: "1" + managedLedgerDefaultAckQuorum: "1" + +proxy: + replicaCount: 1 \ No newline at end of file diff --git a/examples/values-no-persistence.yaml b/examples/values-no-persistence.yaml new file mode 100644 index 0000000..a613366 --- /dev/null +++ b/examples/values-no-persistence.yaml @@ -0,0 +1,28 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +## deployed withh emptyDir +volumes: + persistence: false + +## Enable `autoSkipNonRecoverableData` since bookkeeper is running +## without persistence +broker: + configData: + autoSkipNonRecoverableData: "true" \ No newline at end of file diff --git a/examples/values-one-node.yaml b/examples/values-one-node.yaml new file mode 100644 index 0000000..80a31dd --- /dev/null +++ b/examples/values-one-node.yaml @@ -0,0 +1,54 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# disabled AntiAffinity +affinity: + anti_affinity: false + +images: + broker: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + functions: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + +# disable auto recovery +components: + autorecovery: false + +zookeeper: + replicaCount: 1 + +bookkeeper: + replicaCount: 1 + +broker: + replicaCount: 1 + configData: + ## Enable `autoSkipNonRecoverableData` since bookkeeper is running + ## without persistence + autoSkipNonRecoverableData: "true" + # storage settings + managedLedgerDefaultEnsembleSize: "1" + managedLedgerDefaultWriteQuorum: "1" + managedLedgerDefaultAckQuorum: "1" + +proxy: + replicaCount: 1 \ No newline at end of file diff --git a/examples/values-pulsar.yaml b/examples/values-pulsar.yaml new file mode 100644 index 0000000..b1cfb0c --- /dev/null +++ b/examples/values-pulsar.yaml @@ -0,0 +1,50 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +images: + zookeeper: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + bookie: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + autorecovery: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + broker: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + functions: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + proxy: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + +bookkeeper: + metadata: + image: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + + +pulsar_metadata: + image: + repository: apachepulsar/pulsar-all + tag: 2.5.0 diff --git a/examples/values-tls.yaml b/examples/values-tls.yaml new file mode 100644 index 0000000..fadab07 --- /dev/null +++ b/examples/values-tls.yaml @@ -0,0 +1,34 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# enable TLS +tls: + enabled: true + proxy: + enabled: true + broker: + enabled: true + zookeeper: + enabled: true + +# issue selfsigning certs +certs: + internal_issuer: + enabled: true + type: selfsigning \ No newline at end of file diff --git a/hack/common.sh b/hack/common.sh new file mode 100755 index 0000000..3d13b06 --- /dev/null +++ b/hack/common.sh @@ -0,0 +1,135 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +if [ -z "$PULSAR_CHART_HOME" ]; then + echo "error: PULSAR_CHART_HOME should be initialized" + exit 1 +fi + +OUTPUT=${PULSAR_CHART_HOME}/output +OUTPUT_BIN=${OUTPUT}/bin +KUBECTL_VERSION=1.14.3 +KUBECTL_BIN=$OUTPUT_BIN/kubectl +HELM_BIN=$OUTPUT_BIN/helm +HELM_VERSION=3.0.1 +KIND_VERSION=0.6.1 +KIND_BIN=$OUTPUT_BIN/kind +CR_BIN=$OUTPUT_BIN/cr +CR_VERSION=1.0.0-beta.1 + +test -d "$OUTPUT_BIN" || mkdir -p "$OUTPUT_BIN" + +ARCH="" +hack::discoverArch() { + ARCH=$(uname -m) + case $ARCH in + x86) ARCH="386";; + x86_64) ARCH="amd64";; + i686) ARCH="386";; + i386) ARCH="386";; + esac +} + +hack::discoverArch +OS=$(echo `uname`|tr '[:upper:]' '[:lower:]') + +function hack::verify_kubectl() { + if test -x "$KUBECTL_BIN"; then + [[ "$($KUBECTL_BIN version --client --short | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+')" == "$KUBECTL_VERSION" ]] + return + fi + return 1 +} + +function hack::ensure_kubectl() { + if hack::verify_kubectl; then + return 0 + fi + echo "Installing kubectl v$KUBECTL_VERSION..." + tmpfile=$(mktemp) + trap "test -f $tmpfile && rm $tmpfile" RETURN + curl --retry 10 -L -o $tmpfile https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/${OS}/${ARCH}/kubectl + mv $tmpfile $KUBECTL_BIN + chmod +x $KUBECTL_BIN +} + +function hack::verify_helm() { + if test -x "$HELM_BIN"; then + local v=$($HELM_BIN version --short --client | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+') + [[ "$v" == "$HELM_VERSION" ]] + return + fi + return 1 +} + +function hack::ensure_helm() { + if hack::verify_helm; then + return 0 + fi + local HELM_URL=https://get.helm.sh/helm-v${HELM_VERSION}-${OS}-${ARCH}.tar.gz + curl --retry 10 -L -s "$HELM_URL" | tar --strip-components 1 -C $OUTPUT_BIN -zxf - ${OS}-${ARCH}/helm +} + +function hack::verify_kind() { + if test -x "$KIND_BIN"; then + [[ "$($KIND_BIN --version 2>&1 | cut -d ' ' -f 3)" == "$KIND_VERSION" ]] + return + fi + return 1 +} + +function hack::ensure_kind() { + if hack::verify_kind; then + return 0 + fi + echo "Installing kind v$KIND_VERSION..." + tmpfile=$(mktemp) + trap "test -f $tmpfile && rm $tmpfile" RETURN + curl --retry 10 -L -o $tmpfile https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-$(uname)-amd64 + mv $tmpfile $KIND_BIN + chmod +x $KIND_BIN +} + +# hack::version_ge "$v1" "$v2" checks whether "v1" is greater or equal to "v2" +function hack::version_ge() { + [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ] +} + +function hack::verify_cr() { + if test -x "$CR_BIN"; then + return + fi + return 1 +} + +function hack::ensure_cr() { + if hack::verify_cr; then + $CR_BIN version + return 0 + fi + echo "Installing chart-releaser ${CR_VERSION} ..." + tmpfile=$(mktemp) + trap "test -f $tmpfile && rm $tmpfile" RETURN + echo curl --retry 10 -L -o $tmpfile https://github.com/helm/chart-releaser/releases/download/v${CR_VERSION}/chart-releaser_${CR_VERSION}_${OS}_${ARCH}.tar.gz + curl --retry 10 -L -o $tmpfile https://github.com/helm/chart-releaser/releases/download/v${CR_VERSION}/chart-releaser_${CR_VERSION}_${OS}_${ARCH}.tar.gz + mv $tmpfile $CR_BIN + chmod +x $CR_BIN + $CR_BIN version +} diff --git a/hack/kind-cluster-build.sh b/hack/kind-cluster-build.sh new file mode 100755 index 0000000..0ae3468 --- /dev/null +++ b/hack/kind-cluster-build.sh @@ -0,0 +1,251 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +PULSAR_CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/.. && pwd) +cd ${PULSAR_CHART_HOME} + +source ${PULSAR_CHART_HOME}/hack/common.sh + +hack::ensure_kubectl +hack::ensure_helm + +usage() { + cat </dev/null;then + echo "${requirement} have installed" + else + echo "this script needs ${requirement}, please install ${requirement} first." + exit 1 + fi +done + +echo "############# start create cluster:[${clusterName}] #############" +workDir=${HOME}/kind/${clusterName} +mkdir -p ${workDir} + +data_dir=${workDir}/data + +echo "clean data dir: ${data_dir}" +if [ -d ${data_dir} ]; then + rm -rf ${data_dir} +fi + +configFile=${workDir}/kind-config.yaml + +cat < ${configFile} +kind: Cluster +apiVersion: kind.sigs.k8s.io/v1alpha3 +nodes: +- role: control-plane + extraPortMappings: + - containerPort: 5000 + hostPort: 5000 + listenAddress: 127.0.0.1 + protocol: TCP +EOF + +for ((i=0;i<${nodeNum};i++)) +do + mkdir -p ${data_dir}/worker${i} + cat <> ${configFile} +- role: worker + extraMounts: +EOF + for ((k=1;k<=${volumeNum};k++)) + do + mkdir -p ${data_dir}/worker${i}/vol${k} + cat <> ${configFile} + - containerPath: /mnt/disks/vol${k} + hostPath: ${data_dir}/worker${i}/vol${k} +EOF + done +done + +matchedCluster=$(kind get clusters | grep ${clusterName}) +if [[ "${matchedCluster}" == "${clusterName}" ]]; then + echo "Kind cluster ${clusterName} already exists" + kind delete cluster --name=${clusterName} +fi +echo "start to create k8s cluster" +kind create cluster --config ${configFile} --image kindest/node:${k8sVersion} --name=${clusterName} +export KUBECONFIG=${workDir}/kubeconfig.yaml +kind get kubeconfig --name=${clusterName} > ${KUBECONFIG} + +echo "deploy docker registry in kind" +registryNode=${clusterName}-control-plane +registryNodeIP=$($KUBECTL_BIN get nodes ${registryNode} -o template --template='{{range.status.addresses}}{{if eq .type "InternalIP"}}{{.address}}{{end}}{{end}}') +registryFile=${workDir}/registry.yaml + +cat <${registryFile} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: registry +spec: + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + spec: + hostNetwork: true + nodeSelector: + kubernetes.io/hostname: ${registryNode} + tolerations: + - key: node-role.kubernetes.io/master + operator: "Equal" + effect: "NoSchedule" + containers: + - name: registry + image: registry:2 + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + hostPath: + path: /data +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: registry-proxy + labels: + app: registry-proxy +spec: + selector: + matchLabels: + app: registry-proxy + template: + metadata: + labels: + app: registry-proxy + spec: + hostNetwork: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: NotIn + values: + - ${registryNode} + tolerations: + - key: node-role.kubernetes.io/master + operator: "Equal" + effect: "NoSchedule" + containers: + - name: socat + image: alpine/socat:1.0.5 + args: + - tcp-listen:5000,fork,reuseaddr + - tcp-connect:${registryNodeIP}:5000 +EOF +$KUBECTL_BIN apply -f ${registryFile} + +echo "init pulsar env" +$KUBECTL_BIN apply -f ${PULSAR_CHART_HOME}/manifests/local-dind/local-volume-provisioner.yaml + +docker pull gcr.io/google-containers/kube-scheduler:${k8sVersion} +docker tag gcr.io/google-containers/kube-scheduler:${k8sVersion} mirantis/hypokube:final +kind load docker-image --name=${clusterName} mirantis/hypokube:final + +echo "############# success create cluster:[${clusterName}] #############" + +echo "To start using your cluster, run:" +echo " export KUBECONFIG=${KUBECONFIG}" +echo "" +echo < && kind load +docker-image ' command to load images into nodes. +EOF \ No newline at end of file diff --git a/pulsar/.helmignore b/pulsar/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/pulsar/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/pulsar/Chart.yaml b/pulsar/Chart.yaml new file mode 100644 index 0000000..f2c535e --- /dev/null +++ b/pulsar/Chart.yaml @@ -0,0 +1,31 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +apiVersion: v1 +appVersion: "1.0" +description: Apache Pulsar Helm chart for Kubernetes +name: pulsar +version: 1.0.0 +home: https://pulsar.apache.org +sources: +- https://github.com/apache/pulsar +icon: http://pulsar.apache.org/img/pulsar.svg +maintainers: +- name: The Apache Pulsar Team + email: dev@pulsar.apache.org diff --git a/pulsar/templates/_autorecovery.tpl b/pulsar/templates/_autorecovery.tpl new file mode 100644 index 0000000..1930c89 --- /dev/null +++ b/pulsar/templates/_autorecovery.tpl @@ -0,0 +1,80 @@ +{{/* +Define the pulsar autorecovery service +*/}} +{{- define "pulsar.autorecovery.service" -}} +{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }} +{{- end }} + +{{/* +Define the autorecovery hostname +*/}} +{{- define "pulsar.autorecovery.hostname" -}} +${HOSTNAME}.{{ template "pulsar.autorecovery.service" . }}.{{ .Values.namespace }}.svc.cluster.local +{{- end -}} + +{{/* +Define autorecovery zookeeper client tls settings +*/}} +{{- define "pulsar.autorecovery.zookeeper.tls.settings" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +/pulsar/keytool/keytool.sh autorecovery {{ template "pulsar.autorecovery.hostname" . }} true; +{{- end }} +{{- end }} + +{{/* +Define autorecovery tls certs mounts +*/}} +{{- define "pulsar.autorecovery.certs.volumeMounts" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +- name: autorecovery-certs + mountPath: "/pulsar/certs/autorecovery" + readOnly: true +- name: ca + mountPath: "/pulsar/certs/ca" + readOnly: true +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + mountPath: "/pulsar/keytool/keytool.sh" + subPath: keytool.sh +{{- end }} +{{- end }} +{{- end }} + +{{/* +Define autorecovery tls certs volumes +*/}} +{{- define "pulsar.autorecovery.certs.volumes" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +- name: autorecovery-certs + secret: + secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}" + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key +- name: ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + configMap: + name: "{{ template "pulsar.fullname" . }}-keytool-configmap" + defaultMode: 0755 +{{- end }} +{{- end }} +{{- end }} + +{{/* +Define autorecovery init container : verify cluster id +*/}} +{{- define "pulsar.autorecovery.init.verify_cluster_id" -}} +bin/apply-config-from-env.py conf/bookkeeper.conf; +{{- include "pulsar.autorecovery.zookeeper.tls.settings" . -}} +until bin/bookkeeper shell whatisinstanceid; do + sleep 3; +done; +{{- end }} diff --git a/pulsar/templates/_bookkeeper.tpl b/pulsar/templates/_bookkeeper.tpl new file mode 100644 index 0000000..fa4dd9f --- /dev/null +++ b/pulsar/templates/_bookkeeper.tpl @@ -0,0 +1,121 @@ +{{/* +Define the pulsar bookkeeper service +*/}} +{{- define "pulsar.bookkeeper.service" -}} +{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} +{{- end }} + +{{/* +Define the bookkeeper hostname +*/}} +{{- define "pulsar.bookkeeper.hostname" -}} +${HOSTNAME}.{{ template "pulsar.bookkeeper.service" . }}.{{ .Values.namespace }}.svc.cluster.local +{{- end -}} + + +{{/* +Define bookie zookeeper client tls settings +*/}} +{{- define "pulsar.bookkeeper.zookeeper.tls.settings" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +/pulsar/keytool/keytool.sh bookie {{ template "pulsar.bookkeeper.hostname" . }} true; +{{- end }} +{{- end }} + +{{/* +Define bookie tls certs mounts +*/}} +{{- define "pulsar.bookkeeper.certs.volumeMounts" -}} +{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }} +- name: bookie-certs + mountPath: "/pulsar/certs/bookie" + readOnly: true +- name: ca + mountPath: "/pulsar/certs/ca" + readOnly: true +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + mountPath: "/pulsar/keytool/keytool.sh" + subPath: keytool.sh +{{- end }} +{{- end }} +{{- end }} + +{{/* +Define bookie tls certs volumes +*/}} +{{- define "pulsar.bookkeeper.certs.volumes" -}} +{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }} +- name: bookie-certs + secret: + secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}" + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key +- name: ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + configMap: + name: "{{ template "pulsar.fullname" . }}-keytool-configmap" + defaultMode: 0755 +{{- end }} +{{- end }} +{{- end }} + +{{/* +Define bookie common config +*/}} +{{- define "pulsar.bookkeeper.config.common" -}} +zkServers: "{{ template "pulsar.zookeeper.connect" . }}" +zkLedgersRootPath: "{{ .Values.metadataPrefix }}/ledgers" +# enable bookkeeper http server +httpServerEnabled: "true" +httpServerPort: "{{ .Values.bookkeeper.ports.http }}" +# config the stats provider +statsProviderClass: org.apache.bookkeeper.stats.prometheus.PrometheusMetricsProvider +# use hostname as the bookie id +useHostNameAsBookieID: "true" +{{- end }} + +{{/* +Define bookie tls config +*/}} +{{- define "pulsar.bookkeeper.config.tls" -}} +{{- if and .Values.tls.enabled .Values.tls.bookie.enabled }} +PULSAR_PREFIX_tlsProviderFactoryClass: org.apache.bookkeeper.tls.TLSContextFactory +PULSAR_PREFIX_tlsCertificatePath: /pulsar/certs/bookie/tls.crt +PULSAR_PREFIX_tlsKeyStoreType: PEM +PULSAR_PREFIX_tlsKeyStore: /pulsar/certs/bookie/tls.key +PULSAR_PREFIX_tlsTrustStoreType: PEM +PULSAR_PREFIX_tlsTrustStore: /pulsar/certs/ca/ca.crt +{{- end }} +{{- end }} + +{{/* +Define bookie init container : verify cluster id +*/}} +{{- define "pulsar.bookkeeper.init.verify_cluster_id" -}} +{{- if not (and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence) }} +bin/apply-config-from-env.py conf/bookkeeper.conf; +{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}} +until bin/bookkeeper shell whatisinstanceid; do + sleep 3; +done; +bin/bookkeeper shell bookieformat -nonInteractive -force -deleteCookie || true +{{- end }} +{{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence }} +set -e; +bin/apply-config-from-env.py conf/bookkeeper.conf; +{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}} +until bin/bookkeeper shell whatisinstanceid; do + sleep 3; +done; +{{- end }} +{{- end }} diff --git a/pulsar/templates/_broker.tpl b/pulsar/templates/_broker.tpl new file mode 100644 index 0000000..bdc808f --- /dev/null +++ b/pulsar/templates/_broker.tpl @@ -0,0 +1,76 @@ +{{/* +Define the pulsar brroker service +*/}} +{{- define "pulsar.broker.service" -}} +{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} +{{- end }} + +{{/* +Define the hostname +*/}} +{{- define "pulsar.broker.hostname" -}} +${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ .Values.namespace }}.svc.cluster.local +{{- end -}} + +{{/* +Define the broker znode +*/}} +{{- define "pulsar.broker.znode" -}} +{{ .Values.metadataPrefix }}/loadbalance/brokers/{{ template "pulsar.broker.hostname" . }}:{{ .Values.broker.ports.http }} +{{- end }} + +{{/* +Define broker zookeeper client tls settings +*/}} +{{- define "pulsar.broker.zookeeper.tls.settings" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +/pulsar/keytool/keytool.sh broker {{ template "pulsar.broker.hostname" . }} true; +{{- end }} +{{- end }} + +{{/* +Define broker tls certs mounts +*/}} +{{- define "pulsar.broker.certs.volumeMounts" -}} +{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }} +- name: broker-certs + mountPath: "/pulsar/certs/broker" + readOnly: true +- name: ca + mountPath: "/pulsar/certs/ca" + readOnly: true +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + mountPath: "/pulsar/keytool/keytool.sh" + subPath: keytool.sh +{{- end }} +{{- end }} +{{- end }} + +{{/* +Define broker tls certs volumes +*/}} +{{- define "pulsar.broker.certs.volumes" -}} +{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }} +- name: broker-certs + secret: + secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}" + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key +- name: ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + configMap: + name: "{{ template "pulsar.fullname" . }}-keytool-configmap" + defaultMode: 0755 +{{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/_helpers.tpl b/pulsar/templates/_helpers.tpl new file mode 100644 index 0000000..931e097 --- /dev/null +++ b/pulsar/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +pulsar home +*/}} +{{- define "pulsar.home" -}} +{{- print "/pulsar" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "pulsar.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pulsar.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pulsar.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the common labels. +*/}} +{{- define "pulsar.standardLabels" -}} +app: {{ template "pulsar.name" . }} +chart: {{ template "pulsar.chart" . }} +release: {{ .Release.Name }} +heritage: {{ .Release.Service }} +cluster: {{ template "pulsar.fullname" . }} +{{- end }} + +{{/* +Create the template labels. +*/}} +{{- define "pulsar.template.labels" -}} +app: {{ template "pulsar.name" . }} +release: {{ .Release.Name }} +cluster: {{ template "pulsar.fullname" . }} +{{- end }} + +{{/* +Create the match labels. +*/}} +{{- define "pulsar.matchLabels" -}} +app: {{ template "pulsar.name" . }} +release: {{ .Release.Name }} +{{- end }} diff --git a/pulsar/templates/_toolset.tpl b/pulsar/templates/_toolset.tpl new file mode 100644 index 0000000..82217c9 --- /dev/null +++ b/pulsar/templates/_toolset.tpl @@ -0,0 +1,69 @@ +{{/* +Define the pulsar toolset service +*/}} +{{- define "pulsar.toolset.service" -}} +{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }} +{{- end }} + +{{/* +Define the toolset hostname +*/}} +{{- define "pulsar.toolset.hostname" -}} +${HOSTNAME}.{{ template "pulsar.toolset.service" . }}.{{ .Values.namespace }}.svc.cluster.local +{{- end -}} + +{{/* +Define toolset zookeeper client tls settings +*/}} +{{- define "pulsar.toolset.zookeeper.tls.settings" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled -}} +/pulsar/keytool/keytool.sh toolset {{ template "pulsar.toolset.hostname" . }} true; +{{- end -}} +{{- end }} + +{{/* +Define toolset tls certs mounts +*/}} +{{- define "pulsar.toolset.certs.volumeMounts" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +- name: toolset-certs + mountPath: "/pulsar/certs/toolset" + readOnly: true +- name: ca + mountPath: "/pulsar/certs/ca" + readOnly: true +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + mountPath: "/pulsar/keytool/keytool.sh" + subPath: keytool.sh +{{- end }} +{{- end }} +{{- end }} + +{{/* +Define toolset tls certs volumes +*/}} +{{- define "pulsar.toolset.certs.volumes" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +- name: toolset-certs + secret: + secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}" + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key +- name: ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt +{{- if .Values.tls.zookeeper.enabled }} +- name: keytool + configMap: + name: "{{ template "pulsar.fullname" . }}-keytool-configmap" + defaultMode: 0755 +{{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/_zookeeper.tpl b/pulsar/templates/_zookeeper.tpl new file mode 100644 index 0000000..ca5c1d1 --- /dev/null +++ b/pulsar/templates/_zookeeper.tpl @@ -0,0 +1,34 @@ +{{/* +Define the pulsar zookeeper +*/}} +{{- define "pulsar.zookeeper.service" -}} +{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} +{{- end }} + +{{/* +Define the pulsar zookeeper +*/}} +{{- define "pulsar.zookeeper.connect" -}} +{{- if not (and .Values.tls.enabled .Values.tls.zookeeper.enabled) -}} +{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.client }} +{{- end -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled -}} +{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.clientTls }} +{{- end -}} +{{- end -}} + +{{/* +Define the zookeeper hostname +*/}} +{{- define "pulsar.zookeeper.hostname" -}} +${HOSTNAME}.{{ template "pulsar.zookeeper.service" . }}.{{ .Values.namespace }}.svc.cluster.local +{{- end -}} + +{{/* +Define zookeeper tls settings +*/}} +{{- define "pulsar.zookeeper.tls.settings" -}} +{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} +/pulsar/keytool/keytool.sh zookeeper {{ template "pulsar.zookeeper.hostname" . }} false; +{{- end }} +{{- end }} diff --git a/pulsar/templates/autorecovery-configmap.yaml b/pulsar/templates/autorecovery-configmap.yaml new file mode 100644 index 0000000..8d7fb3f --- /dev/null +++ b/pulsar/templates/autorecovery-configmap.yaml @@ -0,0 +1,33 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.autorecovery .Values.extra.autoRecovery }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.autorecovery.component }} +data: + # common config + {{- include "pulsar.bookkeeper.config.common" . | nindent 2 }} +{{ toYaml .Values.autorecovery.configData | indent 2 }} +{{- end }} diff --git a/pulsar/templates/autorecovery-service.yaml b/pulsar/templates/autorecovery-service.yaml new file mode 100644 index 0000000..ab237c9 --- /dev/null +++ b/pulsar/templates/autorecovery-service.yaml @@ -0,0 +1,39 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.autorecovery .Values.extra.autoRecovery }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.autorecovery.component }} +spec: + ports: + - name: http + port: {{ .Values.autorecovery.ports.http }} + clusterIP: None + selector: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.autorecovery.component }} +{{- end }} + diff --git a/pulsar/templates/autorecovery-statefulset.yaml b/pulsar/templates/autorecovery-statefulset.yaml new file mode 100644 index 0000000..c4e1f61 --- /dev/null +++ b/pulsar/templates/autorecovery-statefulset.yaml @@ -0,0 +1,124 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.autorecovery .Values.extra.autoRecovery }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.autorecovery.component }} +spec: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + replicas: {{ .Values.autorecovery.replicaCount }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + # nodeSelector: + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.autorecovery.component }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.autorecovery.component }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.autorecovery.ports.http }}" +{{- with .Values.autorecovery.annotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.autorecovery.nodeSelector }} + nodeSelector: +{{ toYaml .Values.autorecovery.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.autorecovery.tolerations }} + tolerations: +{{- with .Values.autorecovery.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- end }} + affinity: + {{- if and .Values.affinity.anti_affinity .Values.autorecovery.affinity.anti_affinity}} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "{{ template "pulsar.name" . }}-{{ .Values.bookkeeper.component }}" + - key: "release" + operator: In + values: + - {{ .Release.Name }} + - key: "component" + operator: In + values: + - {{ .Values.bookkeeper.component }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.autorecovery.gracePeriod }} + initContainers: + # This initContainer will wait for bookkeeper initnewcluster to complete + # before deploying the bookies + - name: pulsar-bookkeeper-verify-clusterid + image: "{{ .Values.images.autorecovery.repository }}:{{ .Values.images.autorecovery.tag }}" + imagePullPolicy: {{ .Values.images.autorecovery.pullPolicy }} + command: ["sh", "-c"] + args: + - > + {{- include "pulsar.autorecovery.init.verify_cluster_id" . | nindent 10 }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + volumeMounts: + {{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + image: "{{ .Values.images.autorecovery.repository }}:{{ .Values.images.autorecovery.tag }}" + imagePullPolicy: {{ .Values.images.autorecovery.pullPolicy }} + {{- if .Values.autorecovery.resources }} + resources: +{{ toYaml .Values.autorecovery.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/bookkeeper.conf; + bin/apply-config-from-env.py conf/bkenv.sh; + {{- include "pulsar.autorecovery.zookeeper.tls.settings" . | nindent 10 }} + bin/bookkeeper autorecovery + ports: + - name: http + containerPort: {{ .Values.autorecovery.ports.http }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + volumeMounts: + {{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }} + volumes: + {{- include "pulsar.autorecovery.certs.volumes" . | nindent 6 }} +{{- end }} + diff --git a/pulsar/templates/bookkeeper-cluster-initialize.yaml b/pulsar/templates/bookkeeper-cluster-initialize.yaml new file mode 100644 index 0000000..a9ab647 --- /dev/null +++ b/pulsar/templates/bookkeeper-cluster-initialize.yaml @@ -0,0 +1,71 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.bookkeeper }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: "{{ .Values.bookkeeper.component }}-init" +spec: + template: + spec: + initContainers: + - name: wait-zookeeper-ready + image: "{{ .Values.bookkeeper.metadata.image.repository }}:{{ .Values.bookkeeper.metadata.image.tag }}" + imagePullPolicy: {{ .Values.bookkeeper.metadata.image.pullPolicy }} + command: ["sh", "-c"] + args: + - >- + until nslookup {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ add (.Values.zookeeper.replicaCount | int) -1 }}.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ .Values.namespace }}; do + sleep 3; + done; + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" + image: "{{ .Values.bookkeeper.metadata.image.repository }}:{{ .Values.bookkeeper.metadata.image.tag }}" + imagePullPolicy: {{ .Values.bookkeeper.metadata.image.pullPolicy }} + {{- if .Values.bookkeeper.metadata.resources }} + resources: +{{ toYaml .Values.bookkeeper.metadata.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/bookkeeper.conf; + {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }} + if bin/bookkeeper shell whatisinstanceid; then + echo "bookkeeper cluster already initialized"; + else + {{- if not (eq .Values.metadataPrefix "") }} + bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} create {{ .Values.metadataPrefix }} 'created for pulsar cluster "{{ template "pulsar.fullname" . }}"' || yes && + {{- end }} + bin/bookkeeper shell initnewcluster; + fi + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + volumeMounts: + {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + volumes: + {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} + restartPolicy: Never +{{- end }} diff --git a/pulsar/templates/bookkeeper-configmap.yaml b/pulsar/templates/bookkeeper-configmap.yaml new file mode 100644 index 0000000..05c43ce --- /dev/null +++ b/pulsar/templates/bookkeeper-configmap.yaml @@ -0,0 +1,44 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.bookkeeper }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} +data: + # common config + {{- include "pulsar.bookkeeper.config.common" . | nindent 2 }} + {{- if .Values.components.autorecovery }} + # disable auto recovery on bookies since we will start AutoRecovery in separated pods + autoRecoveryDaemonEnabled: "false" + {{- end }} + # Do not retain journal files as it increase the disk utilization + journalMaxBackups: "0" + journalDirectories: "/pulsar/data/bookkeeper/journal" + PULSAR_PREFIX_journalDirectories: "/pulsar/data/bookkeeper/journal" + ledgerDirectories: "/pulsar/data/bookkeeper/ledgers" + # TLS config + {{- include "pulsar.bookkeeper.config.tls" . | nindent 2 }} +{{ toYaml .Values.bookkeeper.configData | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/bookkeeper-pdb.yaml b/pulsar/templates/bookkeeper-pdb.yaml new file mode 100644 index 0000000..35ac16d --- /dev/null +++ b/pulsar/templates/bookkeeper-pdb.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.bookkeeper }} +{{- if .Values.bookkeeper.pdb.usePolicy }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} +spec: + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.bookkeeper.component }} + maxUnavailable: {{ .Values.bookkeeper.pdb.maxUnavailable }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/bookkeeper-service.yaml b/pulsar/templates/bookkeeper-service.yaml new file mode 100644 index 0000000..388635b --- /dev/null +++ b/pulsar/templates/bookkeeper-service.yaml @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.bookkeeper }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} + annotations: +{{ toYaml .Values.bookkeeper.service.annotations | indent 4 }} +spec: + ports: + - name: bookie + port: {{ .Values.bookkeeper.ports.bookie }} + - name: http + port: {{ .Values.bookkeeper.ports.http }} + clusterIP: None + selector: + {{- include "pulsar.matchLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} +{{- end }} diff --git a/pulsar/templates/bookkeeper-statefulset.yaml b/pulsar/templates/bookkeeper-statefulset.yaml new file mode 100644 index 0000000..71df9ab --- /dev/null +++ b/pulsar/templates/bookkeeper-statefulset.yaml @@ -0,0 +1,192 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.bookkeeper }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} +spec: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + replicas: {{ .Values.bookkeeper.replicaCount }} + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.bookkeeper.component }} + updateStrategy: +{{ toYaml .Values.bookkeeper.updateStrategy | indent 4 }} + podManagementPolicy: {{ .Values.bookkeeper.podManagementPolicy }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.bookkeeper.component }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.bookkeeper.ports.http }}" +{{- with .Values.bookkeeper.annotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.bookkeeper.nodeSelector }} + nodeSelector: +{{ toYaml .Values.bookkeeper.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.bookkeeper.tolerations }} + tolerations: +{{ toYaml .Values.bookkeeper.tolerations | indent 8 }} + {{- end }} + affinity: + {{- if and .Values.affinity.anti_affinity .Values.bookkeeper.affinity.anti_affinity}} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "{{ template "pulsar.name" . }}-{{ .Values.bookkeeper.component }}" + - key: "release" + operator: In + values: + - {{ .Release.Name }} + - key: "component" + operator: In + values: + - {{ .Values.bookkeeper.component }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.bookkeeper.gracePeriod }} + initContainers: + # This initContainer will wait for bookkeeper initnewcluster to complete + # before deploying the bookies + - name: pulsar-bookkeeper-verify-clusterid + image: "{{ .Values.images.bookie.repository }}:{{ .Values.images.bookie.tag }}" + imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} + command: ["sh", "-c"] + args: + # only reformat bookie if bookkeeper is running without persistence + - > + {{- include "pulsar.bookkeeper.init.verify_cluster_id" . | nindent 10 }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + volumeMounts: + {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + image: "{{ .Values.images.bookie.repository }}:{{ .Values.images.bookie.tag }}" + imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} + {{- if .Values.bookkeeper.probe.liveness.enabled }} + livenessProbe: + httpGet: + path: /api/v1/bookie/state + port: {{ .Values.bookkeeper.ports.http }} + initialDelaySeconds: {{ .Values.bookkeeper.probe.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.bookkeeper.probe.liveness.periodSeconds }} + failureThreshold: {{ .Values.bookkeeper.probe.liveness.failureThreshold }} + {{- end }} + {{- if .Values.bookkeeper.probe.readiness.enabled }} + readinessProbe: + httpGet: + path: /api/v1/bookie/is_ready + port: {{ .Values.bookkeeper.ports.http }} + initialDelaySeconds: {{ .Values.bookkeeper.probe.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.bookkeeper.probe.readiness.periodSeconds }} + failureThreshold: {{ .Values.bookkeeper.probe.readiness.failureThreshold }} + {{- end }} + {{- if .Values.bookkeeper.probe.startup.enabled }} + startupProbe: + httpGet: + path: /api/v1/bookie/is_ready + port: {{ .Values.bookkeeper.ports.http }} + initialDelaySeconds: {{ .Values.bookkeeper.probe.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.bookkeeper.probe.startup.periodSeconds }} + failureThreshold: {{ .Values.bookkeeper.probe.startup.failureThreshold }} + {{- end }} + {{- if .Values.bookkeeper.resources }} + resources: +{{ toYaml .Values.bookkeeper.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/bookkeeper.conf; + bin/apply-config-from-env.py conf/pulsar_env.sh; + bin/apply-config-from-env.py conf/bkenv.sh; + {{- include "pulsar.bookkeeper.zookeeper.tls.settings" . | nindent 10 }} + bin/pulsar bookie; + ports: + - name: bookie + containerPort: {{ .Values.bookkeeper.ports.bookie }} + - name: http + containerPort: {{ .Values.bookkeeper.ports.http }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + volumeMounts: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" + mountPath: /pulsar/data/bookkeeper/journal + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" + mountPath: /pulsar/data/bookkeeper/ledgers + {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }} + volumes: + {{- if not (and (and .Values.persistence .Values.volumes.persistence) .Values.bookkeeper.volumes.persistence) }} + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" + emptyDir: {} + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" + emptyDir: {} + {{- end }} + {{- include "pulsar.bookkeeper.certs.volumes" . | nindent 6 }} +{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.bookkeeper.volumes.persistence}} + volumeClaimTemplates: + - metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.bookkeeper.volumes.journal.size }} + {{- if .Values.bookkeeper.volumes.journal.storageClassName }} + storageClassName: "{{ .Values.bookkeeper.volumes.journal.storageClassName }}" + {{- else if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage)) .Values.bookkeeper.volumes.journal.storageClass }} + storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" + {{- else if and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage }} + storageClassName: "local-storage" + {{- end }} + - metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.bookkeeper.volumes.ledgers.size }} + {{- if .Values.bookkeeper.volumes.ledgers.storageClassName }} + storageClassName: "{{ .Values.bookkeeper.volumes.ledgers.storageClassName }}" + {{- else if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.ledgers.local_storage)) .Values.bookkeeper.volumes.ledgers.storageClass }} + storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" + {{- else if and .Values.volumes.local_storage .Values.bookkeeper.volumes.ledgers.local_storage }} + storageClassName: "local-storage" + {{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/bookkeeper-storageclass.yaml b/pulsar/templates/bookkeeper-storageclass.yaml new file mode 100644 index 0000000..3e8ebce --- /dev/null +++ b/pulsar/templates/bookkeeper-storageclass.yaml @@ -0,0 +1,54 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.bookkeeper }} +{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.bookkeeper.volumes.persistence }} +{{- if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage)) .Values.bookkeeper.volumes.journal.storageClass }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} +provisioner: {{ .Values.bookkeeper.volumes.journal.storageClass.provisioner }} +parameters: + type: {{ .Values.bookkeeper.volumes.journal.storageClass.type }} + fsType: {{ .Values.bookkeeper.volumes.journal.storageClass.fsType }} +{{- end }} +--- + +{{- if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage)) .Values.bookkeeper.volumes.ledgers.storageClass }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.bookkeeper.component }} +provisioner: {{ .Values.bookkeeper.volumes.ledgers.storageClass.provisioner }} +parameters: + type: {{ .Values.bookkeeper.volumes.ledgers.storageClass.type }} + fsType: {{ .Values.bookkeeper.volumes.ledgers.storageClass.fsType }} +{{- end }} + +{{- end }} +{{- end }} diff --git a/pulsar/templates/broker-cluster-role-binding.yaml b/pulsar/templates/broker-cluster-role-binding.yaml new file mode 100644 index 0000000..803fccb --- /dev/null +++ b/pulsar/templates/broker-cluster-role-binding.yaml @@ -0,0 +1,66 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +## TODO create our own cluster role with less privledges than admin +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrolebinding" + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole" +subjects: +- kind: ServiceAccount + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct" + namespace: {{ .Values.namespace }} +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole" + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmap + verbs: ["get", "list", "watch"] +- apiGroups: ["", "extensions", "apps"] + resources: + - pods + - services + - deployments + - secrets + - statefulsets + verbs: + - list + - watch + - get + - update + - create + - delete + - patch +--- + +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/broker-configmap.yaml b/pulsar/templates/broker-configmap.yaml new file mode 100644 index 0000000..721038a --- /dev/null +++ b/pulsar/templates/broker-configmap.yaml @@ -0,0 +1,146 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.broker.component }} +data: + # Metadata settings + zookeeperServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" + {{- if .Values.pulsar_metadata.configurationStore }} + configurationStoreServers: "{{ .Values.pulsar_metadata.configurationStore }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }}" + {{- end }} + {{- if not .Values.pulsar_metadata.configurationStore }} + configurationStoreServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}" + {{- end }} + + # Broker settings + clusterName: {{ template "pulsar.fullname" . }} + exposeTopicLevelMetricsInPrometheus: "true" + numHttpServerThreads: "8" + zooKeeperSessionTimeoutMillis: "30000" + statusFilePath: "{{ template "pulsar.home" . }}/status" + + # Function Worker Settings + # function worker configuration + {{- if not (or .Values.components.functions .Values.extra.functionsAsPods) }} + functionsWorkerEnabled: "false" + {{- end }} + {{- if or .Values.components.functions .Values.extra.functionsAsPods }} + functionsWorkerEnabled: "true" + PF_functionRuntimeFactoryClassName: "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory" + PF_pulsarFunctionsCluster: {{ template "pulsar.fullname" . }} + PF_connectorsDirectory: ./connectors + PF_containerFactory: k8s + PF_numFunctionPackageReplicas: "{{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }}" + # support version >= 2.5.0 + PF_functionRuntimeFactoryConfigs_pulsarRootDir: {{ template "pulsar.home" . }} + PF_kubernetesContainerFactory_pulsarRootDir: {{ template "pulsar.home" . }} + PF_functionRuntimeFactoryConfigs_pulsarDockerImageName: "{{ .Values.images.functions.repository }}:{{ .Values.images.functions.tag }}" + PF_functionRuntimeFactoryConfigs_submittingInsidePod: "true" + PF_functionRuntimeFactoryConfigs_installUserCodeDependencies: "true" + PF_functionRuntimeFactoryConfigs_jobNamespace: {{ .Values.namespace }} + PF_functionRuntimeFactoryConfigs_expectedMetricsCollectionInterval: "30" + {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} + PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" + PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" + PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" + {{- end }} + PF_functionRuntimeFactoryConfigs_changeConfigMap: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-config" + PF_functionRuntimeFactoryConfigs_changeConfigMapNamespace: {{ .Values.namespace }} + # support version < 2.5.0 + PF_kubernetesContainerFactory_pulsarDockerImageName: "{{ .Values.images.functions.repository }}:{{ .Values.images.functions.tag }}" + PF_kubernetesContainerFactory_submittingInsidePod: "true" + PF_kubernetesContainerFactory_installUserCodeDependencies: "true" + PF_kubernetesContainerFactory_jobNamespace: {{ .Values.namespace }} + PF_kubernetesContainerFactory_expectedMetricsCollectionInterval: "30" + {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} + PF_kubernetesContainerFactory_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" + PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + PF_kubernetesContainerFactory_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" + PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" + {{- end }} + PF_kubernetesContainerFactory_changeConfigMap: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-config" + PF_kubernetesContainerFactory_changeConfigMapNamespace: {{ .Values.namespace }} + {{- end }} + + # prometheus needs to access /metrics endpoint + webServicePort: "{{ .Values.broker.ports.http }}" + {{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }} + brokerServicePort: "{{ .Values.broker.ports.pulsar }}" + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + brokerServicePortTls: "{{ .Values.broker.ports.pulsarssl }}" + webServicePortTls: "{{ .Values.broker.ports.https }}" + # TLS Settings + tlsCertificateFilePath: "/pulsar/certs/broker/tls.crt" + tlsKeyFilePath: "/pulsar/certs/broker/tls.key" + tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" + {{- end }} + + # Authentication Settings + {{- if .Values.auth.authentication.enabled }} + authenticationEnabled: "true" + {{- if .Values.auth.authorization.enabled }} + authorizationEnabled: "true" + superUserRoles: {{ .Values.auth.superUsers.broker }},{{ .Values.auth.superUsers.proxy }},{{ .Values.auth.superUsers.client }} + {{- end }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + # token authentication configuration + authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken" + brokerClientAuthenticationParameters: "file:///pulsar/tokens/broker/token" + brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" + {{- if .Values.auth.authentication.jwt.usingSecretKey }} + tokenSecretKey: "file:///pulsar/keys/token/secret.key" + {{- else }} + tokenPublicKey: "file:///pulsar/keys/token/public.key" + {{- end }} + {{- end }} + {{- end }} + + {{- if and .Values.tls.enabled .Values.tls.bookie.enabled }} + # bookkeeper tls settings + bookkeeperTLSClientAuthentication: "true" + bookkeeperTLSKeyFileType: "PEM" + bookkeeperTLSKeyFilePath: "/pulsar/certs/broker/tls.key" + bookkeeperTLSCertificateFilePath: "/pulsar/certs/broker/tls.crt" + bookkeeperTLSTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" + bookkeeperTLSTrustCertTypes: "PEM" + PULSAR_PREFIX_bookkeeperTLSClientAuthentication: "true" + PULSAR_PREFIX_bookkeeperTLSKeyFileType: "PEM" + PULSAR_PREFIX_bookkeeperTLSKeyFilePath: "/pulsar/certs/broker/tls.key" + PULSAR_PREFIX_bookkeeperTLSCertificateFilePath: "/pulsar/certs/broker/tls.crt" + PULSAR_PREFIX_bookkeeperTLSTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" + PULSAR_PREFIX_bookkeeperTLSTrustCertTypes: "PEM" + # https://github.com/apache/bookkeeper/pull/2300 + bookkeeperUseV2WireProtocol: "false" + {{- end }} +{{ toYaml .Values.broker.configData | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/broker-pdb.yaml b/pulsar/templates/broker-pdb.yaml new file mode 100644 index 0000000..a3843a1 --- /dev/null +++ b/pulsar/templates/broker-pdb.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +{{- if .Values.broker.pdb.usePolicy }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.broker.component }} +spec: + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.broker.component }} + maxUnavailable: {{ .Values.broker.pdb.maxUnavailable }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/broker-rbac.yaml b/pulsar/templates/broker-rbac.yaml new file mode 100644 index 0000000..8f37ed7 --- /dev/null +++ b/pulsar/templates/broker-rbac.yaml @@ -0,0 +1,60 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + + {{- if .Values.extra.functionsAsPods }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" +rules: +- apiGroups: [""] + resources: + - services + - configmaps + - pods + verbs: + - '*' +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" + namespace: {{ .Values.namespace }} +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" +subjects: +- kind: ServiceAccount + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.functions.component }}" + namespace: {{ .Values.namespace }} + {{- end }} diff --git a/pulsar/templates/broker-service-account.yaml b/pulsar/templates/broker-service-account.yaml new file mode 100644 index 0000000..257f593 --- /dev/null +++ b/pulsar/templates/broker-service-account.yaml @@ -0,0 +1,29 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.broker.component }} +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/broker-service.yaml b/pulsar/templates/broker-service.yaml new file mode 100644 index 0000000..2b30333 --- /dev/null +++ b/pulsar/templates/broker-service.yaml @@ -0,0 +1,51 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.broker.component }} + annotations: +{{ toYaml .Values.broker.service.annotations | indent 4 }} +spec: + ports: + # prometheus needs to access /metrics endpoint + - name: http + port: {{ .Values.broker.ports.http }} + {{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }} + - name: pulsar + port: {{ .Values.broker.ports.pulsar }} + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + - name: https + port: {{ .Values.broker.ports.https }} + - name: pulsarssl + port: {{ .Values.broker.ports.pulsarssl }} + {{- end }} + clusterIP: None + selector: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.broker.component }} +{{- end }} diff --git a/pulsar/templates/broker-statefulset.yaml b/pulsar/templates/broker-statefulset.yaml new file mode 100644 index 0000000..591c104 --- /dev/null +++ b/pulsar/templates/broker-statefulset.yaml @@ -0,0 +1,236 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.broker.component }} +spec: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + replicas: {{ .Values.broker.replicaCount }} + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.broker.component }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.broker.component }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.broker.ports.http }}" +{{- with .Values.broker.annotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct" + {{- if .Values.broker.nodeSelector }} + nodeSelector: +{{ toYaml .Values.broker.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.broker.tolerations }} + tolerations: +{{ toYaml .Values.broker.tolerations | indent 8 }} + {{- end }} + affinity: + {{- if and .Values.affinity.anti_affinity .Values.broker.affinity.anti_affinity}} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "{{ template "pulsar.name" . }}-{{ .Values.broker.component }}" + - key: "release" + operator: In + values: + - {{ .Release.Name }} + - key: "component" + operator: In + values: + - {{ .Values.broker.component }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.broker.gracePeriod }} + initContainers: + # This init container will wait for zookeeper to be ready before + # deploying the bookies + - name: wait-zookeeper-ready + image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" + imagePullPolicy: {{ .Values.images.broker.pullPolicy }} + command: ["sh", "-c"] + args: + - >- + {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }} + {{- if .Values.pulsar_metadata.configurationStore }} + until bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ .Values.pulsar_metadata.configurationStore}} get {{ .Values.configurationStoreMetadataPrefix }}/admin/clusters/{{ template "pulsar.fullname" . }}; do + {{- end }} + {{- if not .Values.pulsar_metadata.configurationStore }} + until bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.zookeeper.connect" . }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.fullname" . }}; do + {{- end }} + echo "pulsar cluster {{ template "pulsar.fullname" . }} isn't initialized yet ... check in 3 seconds ..." && sleep 3; + done; + volumeMounts: + {{- include "pulsar.broker.certs.volumeMounts" . | nindent 8 }} + # This init container will wait for bookkeeper to be ready before + # deploying the broker + - name: wait-bookkeeper-ready + image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" + imagePullPolicy: {{ .Values.images.broker.pullPolicy }} + command: ["sh", "-c"] + args: + - > + {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }} + bin/apply-config-from-env.py conf/bookkeeper.conf; + until bin/bookkeeper shell whatisinstanceid; do + echo "bookkeeper cluster is not initialized yet. backoff for 3 seconds ..."; + sleep 3; + done; + echo "bookkeeper cluster is already initialized"; + bookieServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} | grep Name | wc -l)"; + until [ ${bookieServiceNumber} -ge {{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }} ]; do + echo "bookkeeper cluster {{ template "pulsar.fullname" . }} isn't ready yet ... check in 10 seconds ..."; + sleep 10; + bookieServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} | grep Name | wc -l)"; + done; + echo "bookkeeper cluster is ready"; + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + volumeMounts: + {{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" + imagePullPolicy: {{ .Values.images.broker.pullPolicy }} + {{- if .Values.broker.probe.liveness.enabled }} + livenessProbe: + httpGet: + path: /status.html + port: {{ .Values.broker.ports.http }} + initialDelaySeconds: {{ .Values.broker.probe.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.broker.probe.liveness.periodSeconds }} + failureThreshold: {{ .Values.broker.probe.liveness.failureThreshold }} + {{- end }} + {{- if .Values.broker.probe.readiness.enabled }} + readinessProbe: + httpGet: + path: /status.html + port: {{ .Values.broker.ports.http }} + initialDelaySeconds: {{ .Values.broker.probe.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.broker.probe.readiness.periodSeconds }} + failureThreshold: {{ .Values.broker.probe.readiness.failureThreshold }} + {{- end }} + {{- if .Values.broker.probe.startup.enabled }} + startupProbe: + httpGet: + path: /status.html + port: {{ .Values.broker.ports.http }} + initialDelaySeconds: {{ .Values.broker.probe.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.broker.probe.startup.periodSeconds }} + failureThreshold: {{ .Values.broker.probe.startup.failureThreshold }} + {{- end }} + {{- if .Values.broker.resources }} + resources: +{{ toYaml .Values.broker.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/broker.conf; + bin/apply-config-from-env.py conf/pulsar_env.sh; + bin/gen-yml-from-env.py conf/functions_worker.yml; + echo "OK" > status; + {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 10 }} + bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get {{ template "pulsar.broker.znode" . }}; + while [ $? -eq 0 ]; do + echo "broker {{ template "pulsar.broker.hostname" . }} znode still exists ... check in 10 seconds ..."; + sleep 10; + bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get {{ template "pulsar.broker.znode" . }}; + done; + cat conf/pulsar_env.sh; + bin/pulsar broker; + ports: + # prometheus needs to access /metrics endpoint + - name: http + containerPort: {{ .Values.broker.ports.http }} + {{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }} + - name: pulsar + containerPort: {{ .Values.broker.ports.pulsar }} + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + - name: https + containerPort: {{ .Values.broker.ports.https }} + - name: pulsarssl + containerPort: {{ .Values.broker.ports.pulsarssl }} + {{- end }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + volumeMounts: + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + - mountPath: "/pulsar/keys" + name: token-keys + readOnly: true + - mountPath: "/pulsar/tokens" + name: broker-token + readOnly: true + {{- end }} + {{- end }} + {{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }} + volumes: + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + - name: token-keys + secret: + {{- if not .Values.auth.authentication.jwt.usingSecretKey }} + secretName: "{{ .Release.Name }}-token-asymmetric-key" + {{- end}} + {{- if .Values.auth.authentication.jwt.usingSecretKey }} + secretName: "{{ .Release.Name }}-token-symmetric-key" + {{- end}} + items: + {{- if .Values.auth.authentication.jwt.usingSecretKey }} + - key: SECRETKEY + path: token/secret.key + {{- else }} + - key: PUBLICKEY + path: token/public.key + {{- end}} + - name: broker-token + secret: + secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.broker }}" + items: + - key: TOKEN + path: broker/token + {{- end}} + {{- end}} + {{- include "pulsar.broker.certs.volumes" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/dashboard-deployment.yaml b/pulsar/templates/dashboard-deployment.yaml new file mode 100644 index 0000000..618edb6 --- /dev/null +++ b/pulsar/templates/dashboard-deployment.yaml @@ -0,0 +1,73 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.extra.dashboard }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.dashboard.component }}" + namespace: {{ .Values.namespace }} + labels: + app: {{ template "pulsar.name" . }} + chart: {{ template "pulsar.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: {{ .Values.dashboard.component }} + cluster: {{ template "pulsar.fullname" . }} +spec: + replicas: {{ .Values.dashboard.replicaCount }} + selector: + matchLabels: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.dashboard.component }} + template: + metadata: + labels: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.dashboard.component }} + cluster: {{ template "pulsar.fullname" . }} + annotations: +{{ toYaml .Values.dashboard.annotations | indent 8 }} + spec: + {{- if .Values.dashboard.nodeSelector }} + nodeSelector: +{{ toYaml .Values.dashboard.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.dashboard.tolerations }} + tolerations: +{{ toYaml .Values.dashboard.tolerations | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.dashboard.gracePeriod }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.dashboard.component }}" + image: "{{ .Values.dashboard.image.repository }}:{{ .Values.dashboard.image.tag }}" + imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} + {{- if .Values.dashboard.resources }} + resources: +{{ toYaml .Values.dashboard.resources | indent 10 }} + {{- end }} + ports: + - name: http + containerPort: 80 + env: + - name: SERVICE_URL + value: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:8080/ +{{- end }} diff --git a/pulsar/templates/dashboard-ingress.yaml b/pulsar/templates/dashboard-ingress.yaml new file mode 100644 index 0000000..10dc4f9 --- /dev/null +++ b/pulsar/templates/dashboard-ingress.yaml @@ -0,0 +1,55 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.extra.dashboard }} +{{- if .Values.dashboard.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + labels: + app: {{ template "pulsar.name" . }} + chart: {{ template "pulsar.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + cluster: "{{ template "pulsar.fullname" . }}-{{ .Values.dashboard.component }}" + annotations: +{{- with .Values.dashboard.ingress.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} + name: "{{ template "pulsar.fullname" . }}-{{ .Values.dashboard.component }}" + namespace: {{ .Values.namespace }} +spec: +{{- if .Values.dashboard.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.dashboard.ingress.hostname }} + {{- with .Values.dashboard.ingress.tls.secretName }} + secretName: {{ . }} + {{- end }} +{{- end }} + rules: + - host: {{ required "Dashboard ingress hostname not provided" .Values.dashboard.ingress.hostname }} + http: + paths: + - path: {{ .Values.dashboard.ingress.path }} + backend: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.dashboard.component }}" + servicePort: {{ .Values.dashboard.ingress.port }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/dashboard-service.yaml b/pulsar/templates/dashboard-service.yaml new file mode 100644 index 0000000..34147af --- /dev/null +++ b/pulsar/templates/dashboard-service.yaml @@ -0,0 +1,43 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.extra.dashboard }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.dashboard.component }}" + namespace: {{ .Values.namespace }} + labels: + app: {{ template "pulsar.name" . }} + chart: {{ template "pulsar.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: {{ .Values.dashboard.component }} + cluster: {{ template "pulsar.fullname" . }} + annotations: +{{ toYaml .Values.dashboard.service.annotations | indent 4 }} +spec: + ports: +{{ toYaml .Values.dashboard.service.ports | indent 2 }} + clusterIP: None + selector: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.dashboard.component }} +{{- end }} diff --git a/pulsar/templates/function-worker-configmap.yaml b/pulsar/templates/function-worker-configmap.yaml new file mode 100644 index 0000000..98d9cfd --- /dev/null +++ b/pulsar/templates/function-worker-configmap.yaml @@ -0,0 +1,32 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.functions }} +## function config map +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-config" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.functions.component }} +data: + pulsarDockerImageName: "{{ .Values.images.functions.repository }}:{{ .Values.images.functions.tag }}" +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/grafana-deployment.yaml b/pulsar/templates/grafana-deployment.yaml new file mode 100644 index 0000000..675d897 --- /dev/null +++ b/pulsar/templates/grafana-deployment.yaml @@ -0,0 +1,84 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.grafana .Values.extra.monitoring }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.grafana.component }} +spec: + replicas: {{ .Values.grafana.replicaCount }} + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.grafana.component }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.grafana.component }} + annotations: +{{- with .Values.grafana.annotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.grafana.nodeSelector }} + nodeSelector: +{{ toYaml .Values.grafana.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.grafana.tolerations }} + tolerations: +{{ toYaml .Values.grafana.tolerations | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.grafana.gracePeriod }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" + image: "{{ .Values.images.grafana.repository }}:{{ .Values.images.grafana.tag }}" + imagePullPolicy: {{ .Values.images.grafana.pullPolicy }} + {{- if .Values.grafana.resources }} + resources: +{{ toYaml .Values.grafana.resources | indent 10 }} + {{- end }} + ports: + - name: server + containerPort: {{ .Values.grafana.port }} + env: + # for supporting apachepulsar/pulsar-grafana + - name: PROMETHEUS_URL + value: http://{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}:9090/ + # for supporting streamnative/apache-pulsar-grafana-dashboard + - name: PULSAR_PROMETHEUS_URL + value: http://{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}:9090/ + - name: PULSAR_CLUSTER + value: {{ template "pulsar.fullname" . }} + - name: GRAFANA_ADMIN_USER + valueFrom: + secretKeyRef: + name: "{{ template "pulsar.fullname" . }}-admin-secret" + key: USER + - name: GRAFANA_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ template "pulsar.fullname" . }}-admin-secret" + key: PASSWORD +{{- end }} diff --git a/pulsar/templates/grafana-ingress.yaml b/pulsar/templates/grafana-ingress.yaml new file mode 100644 index 0000000..79f4a8b --- /dev/null +++ b/pulsar/templates/grafana-ingress.yaml @@ -0,0 +1,50 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + + {{- if .Values.extra.monitoring}} + {{- if .Values.grafana.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" + namespace: {{ .Values.namespace }} + labels: + app: {{ template "pulsar.name" . }} + chart: {{ template "pulsar.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.grafana.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.grafana.ingress.tls }} + tls: +{{ toYaml .Values.grafana.ingress.tls | indent 4 }} +{{- end }} + rules: + - host: {{ required "Grafana ingress hostname not provided" .Values.grafana.ingress.hostname }} + http: + paths: + - path: {{ .Values.grafana.ingress.path }} + backend: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" + servicePort: {{ .Values.grafana.ingress.port }} + {{- end }} + {{- end }} diff --git a/pulsar/templates/grafana-service.yaml b/pulsar/templates/grafana-service.yaml new file mode 100644 index 0000000..2c1ddd1 --- /dev/null +++ b/pulsar/templates/grafana-service.yaml @@ -0,0 +1,43 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.grafana .Values.extra.monitoring }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.grafana.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.grafana.component }} + annotations: +{{- with .Values.grafana.service.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.grafana.service.type }} + ports: + - name: server + port: {{ .Values.grafana.port }} + protocol: TCP + selector: + {{- include "pulsar.matchLabels" . | nindent 4 }} + component: {{ .Values.grafana.component }} + sessionAffinity: None +{{- end }} diff --git a/pulsar/templates/keytool.yaml b/pulsar/templates/keytool.yaml new file mode 100644 index 0000000..b3da4a0 --- /dev/null +++ b/pulsar/templates/keytool.yaml @@ -0,0 +1,98 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# script to process key/cert to keystore and truststore +{{- if .Values.tls.zookeeper.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-keytool-configmap" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: keytool +data: + keytool.sh: | + #!/bin/bash + component=$1 + name=$2 + isClient=$3 + crtFile=/pulsar/certs/${component}/tls.crt + keyFile=/pulsar/certs/${component}/tls.key + caFile=/pulsar/certs/ca/ca.crt + p12File=/pulsar/${component}.p12 + keyStoreFile=/pulsar/${component}.keystore.jks + trustStoreFile=/pulsar/${component}.truststore.jks + + function ensureFileNotEmpty() { + local file=$1 + local len=$(wc -c ${file} | awk '{print $1}') + echo "processing ${file} : len = ${len}" + if [ ! -f ${file} ]; then + echo "${file} is not found" + exit -1 + fi + if [ $len -le 0 ]; then + echo "${file} is empty" + exit -1 + fi + } + + ensureFileNotEmpty ${crtFile} + ensureFileNotEmpty ${keyFile} + ensureFileNotEmpty ${caFile} + + PASSWORD=$(head /dev/urandom | base64 | head -c 24) + + openssl pkcs12 \ + -export \ + -in ${crtFile} \ + -inkey ${keyFile} \ + -out ${p12File} \ + -name ${name} \ + -passout "pass:${PASSWORD}" + + keytool -importkeystore \ + -srckeystore ${p12File} \ + -srcstoretype PKCS12 -srcstorepass "${PASSWORD}" \ + -alias ${name} \ + -destkeystore ${keyStoreFile} \ + -deststorepass "${PASSWORD}" + + keytool -import \ + -file ${caFile} \ + -storetype JKS \ + -alias ${name} \ + -keystore ${trustStoreFile} \ + -storepass "${PASSWORD}" \ + -trustcacerts -noprompt + + ensureFileNotEmpty ${keyStoreFile} + ensureFileNotEmpty ${trustStoreFile} + + if [[ "x${isClient}" == "xtrue" ]]; then + echo $'\n' >> conf/pulsar_env.sh + echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh + echo $'\n' >> conf/bkenv.sh + echo "BOOKIE_EXTRA_OPTS=\"${BOOKIE_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/bkenv.sh + else + echo $'\n' >> conf/pulsar_env.sh + echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh + fi +{{- end }} diff --git a/pulsar/templates/namespace.yaml b/pulsar/templates/namespace.yaml new file mode 100644 index 0000000..c00b1e5 --- /dev/null +++ b/pulsar/templates/namespace.yaml @@ -0,0 +1,25 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.namespaceCreate }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} +{{- end }} diff --git a/pulsar/templates/prometheus-configmap.yaml b/pulsar/templates/prometheus-configmap.yaml new file mode 100644 index 0000000..ab971ad --- /dev/null +++ b/pulsar/templates/prometheus-configmap.yaml @@ -0,0 +1,66 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.prometheus.component }} +data: + # Include prometheus configuration file, setup to monitor all the + # Kubernetes pods with the "scrape=true" annotation. + prometheus.yml: | + global: + scrape_interval: 15s + scrape_configs: + - job_name: 'prometheus' + static_configs: + - targets: ['localhost:9090'] + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_pod_label_component] + action: replace + target_label: job + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name +{{- end }} diff --git a/pulsar/templates/prometheus-deployment.yaml b/pulsar/templates/prometheus-deployment.yaml new file mode 100644 index 0000000..75bae72 --- /dev/null +++ b/pulsar/templates/prometheus-deployment.yaml @@ -0,0 +1,84 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.prometheus.component }} +spec: + replicas: {{ .Values.prometheus.replicaCount }} + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.prometheus.component }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.prometheus.component }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 8 }} + spec: + {{- if .Values.prometheus.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.prometheus.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.tolerations | indent 8 }} + {{- end }} + {{- if or .Values.prometheus.rbac.enabled .Values.prometheus_rbac }} + serviceAccount: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.prometheus.gracePeriod }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + image: "{{ .Values.images.prometheus.repository }}:{{ .Values.images.prometheus.tag }}" + imagePullPolicy: {{ .Values.images.prometheus.pullPolicy }} + {{- if .Values.prometheus.resources }} + resources: +{{ toYaml .Values.prometheus.resources | indent 10 }} + {{- end }} + ports: + - name: server + containerPort: {{ .Values.prometheus.port }} + volumeMounts: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-config" + mountPath: /etc/prometheus + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" + mountPath: /prometheus + volumes: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-config" + configMap: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + {{- if not (and (and .Values.persistence .Values.volumes.persistence) .Values.prometheus.volumes.persistence) }} + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" + emptyDir: {} + {{- end }} + {{- if and (and .Values.persistence .Values.volumes.persistence) .Values.prometheus.volumes.persistence }} + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" + persistentVolumeClaim: + claimName: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" + {{- end }} +{{- end }} diff --git a/pulsar/templates/prometheus-pvc.yaml b/pulsar/templates/prometheus-pvc.yaml new file mode 100644 index 0000000..d647db3 --- /dev/null +++ b/pulsar/templates/prometheus-pvc.yaml @@ -0,0 +1,40 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }} +{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.prometheus.volumes.persistence }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" + namespace: {{ .Values.namespace }} +spec: + resources: + requests: + storage: {{ .Values.prometheus.volumes.data.size }} + accessModes: [ "ReadWriteOnce" ] +{{- if .Values.prometheus.volumes.data.storageClassName }} + storageClassName: "{{ .Values.prometheus.volumes.data.storageClassName }}" +{{- else if and (not (and .Values.volumes.local_storage .Values.prometheus.volumes.data.local_storage)) .Values.prometheus.volumes.data.storageClass }} + storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" +{{- else if and .Values.volumes.local_storage .Values.prometheus.volumes.data.local_storage }} + storageClassName: "local-storage" +{{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/prometheus-rbac.yaml b/pulsar/templates/prometheus-rbac.yaml new file mode 100644 index 0000000..d027676 --- /dev/null +++ b/pulsar/templates/prometheus-rbac.yaml @@ -0,0 +1,59 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }} +{{- if or .Values.prometheus.rbac.enabled .Values.prometheus_rbac }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" +rules: +- apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + namespace: {{ .Values.namespace }} +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" +subjects: +- kind: ServiceAccount + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + namespace: {{ .Values.namespace }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/prometheus-service.yaml b/pulsar/templates/prometheus-service.yaml new file mode 100644 index 0000000..c4a660d --- /dev/null +++ b/pulsar/templates/prometheus-service.yaml @@ -0,0 +1,40 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.prometheus.component }} + annotations: +{{ toYaml .Values.prometheus.service.annotations | indent 4 }} +spec: + clusterIP: None + ports: + - name: server + port: {{ .Values.prometheus.port }} + selector: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.prometheus.component }} +{{- end }} diff --git a/pulsar/templates/prometheus-storageclass.yaml b/pulsar/templates/prometheus-storageclass.yaml new file mode 100644 index 0000000..7cda9e0 --- /dev/null +++ b/pulsar/templates/prometheus-storageclass.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.monitoring.prometheus .Values.extra.monitoring }} +{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.prometheus.volumes.persistence }} +{{- if .Values.prometheus.volumes.data.storageClass }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.prometheus.component }}-{{ .Values.prometheus.volumes.data.name }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.prometheus.component }} +provisioner: {{ .Values.prometheus.volumes.data.storageClass.provisioner }} +parameters: + type: {{ .Values.prometheus.volumes.data.storageClass.type }} + fsType: {{ .Values.prometheus.volumes.data.storageClass.fsType }} +{{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/proxy-configmap.yaml b/pulsar/templates/proxy-configmap.yaml new file mode 100644 index 0000000..491d1bc --- /dev/null +++ b/pulsar/templates/proxy-configmap.yaml @@ -0,0 +1,83 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.proxy .Values.extra.proxy }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.proxy.component }} +data: + clusterName: {{ template "pulsar.fullname" . }} + httpNumThreads: "8" + statusFilePath: "{{ template "pulsar.home" . }}/status" + # prometheus needs to access /metrics endpoint + webServicePort: "{{ .Values.proxy.ports.http }}" + {{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }} + servicePort: "{{ .Values.proxy.ports.pulsar }}" + brokerServiceURL: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }} + brokerWebServiceURL: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} + tlsEnabledInProxy: "true" + servicePortTls: "{{ .Values.proxy.ports.pulsarssl }}" + webServicePortTls: "{{ .Values.proxy.ports.https }}" + tlsCertificateFilePath: "/pulsar/certs/proxy/tls.crt" + tlsKeyFilePath: "/pulsar/certs/proxy/tls.key" + tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + # if broker enables TLS, configure proxy to talk to broker using TLS + brokerServiceURLTLS: pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }} + brokerWebServiceURLTLS: https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }} + tlsEnabledWithBroker: "true" + tlsCertRefreshCheckDurationSec: "300" + brokerClientTrustCertsFilePath: "/pulsar/certs/ca/ca.crt" + {{- end }} + {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} + brokerServiceURL: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }} + brokerWebServiceURL: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} + {{- end }} + {{- end }} + + # Authentication Settings + {{- if .Values.auth.authentication.enabled }} + authenticationEnabled: "true" + {{- if .Values.auth.authorization.enabled }} + # disable authorization on proxy and forward authorization credentials to broker + authorizationEnabled: "false" + forwardAuthorizationCredentials: "true" + superUserRoles: {{ .Values.auth.superUsers.broker }},{{ .Values.auth.superUsers.proxy }},{{ .Values.auth.superUsers.client }} + {{- end }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + # token authentication configuration + authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken" + brokerClientAuthenticationParameters: "file:///pulsar/tokens/proxy/token" + brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" + {{- if .Values.auth.authentication.jwt.usingSecretKey }} + tokenSecretKey: "file:///pulsar/keys/token/secret.key" + {{- else }} + tokenPublicKey: "file:///pulsar/keys/token/public.key" + {{- end }} + {{- end }} + {{- end }} +{{ toYaml .Values.proxy.configData | indent 2 }} +{{- end }} diff --git a/pulsar/templates/proxy-pdb.yaml b/pulsar/templates/proxy-pdb.yaml new file mode 100644 index 0000000..50cfe7a --- /dev/null +++ b/pulsar/templates/proxy-pdb.yaml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.proxy .Values.extra.proxy }} +{{- if .Values.proxy.pdb.usePolicy }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.proxy.component }} +spec: + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.proxy.component }} + maxUnavailable: {{ .Values.proxy.pdb.maxUnavailable }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/proxy-service.yaml b/pulsar/templates/proxy-service.yaml new file mode 100644 index 0000000..273d5aa --- /dev/null +++ b/pulsar/templates/proxy-service.yaml @@ -0,0 +1,56 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.proxy .Values.extra.proxy }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.proxy.component }} + annotations: + {{- with .Values.proxy.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.proxy.service.type }} + ports: + {{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }} + - name: http + port: {{ .Values.proxy.ports.http }} + protocol: TCP + - name: pulsar + port: {{ .Values.proxy.ports.pulsar }} + protocol: TCP + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} + - name: https + port: {{ .Values.proxy.ports.https }} + protocol: TCP + - name: pulsarssl + port: {{ .Values.proxy.ports.pulsarssl }} + protocol: TCP + {{- end }} + selector: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.proxy.component }} +{{- end }} diff --git a/pulsar/templates/proxy-statefulset.yaml b/pulsar/templates/proxy-statefulset.yaml new file mode 100644 index 0000000..d974c0f --- /dev/null +++ b/pulsar/templates/proxy-statefulset.yaml @@ -0,0 +1,234 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.proxy .Values.extra.proxy }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.proxy.component }} +spec: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + replicas: {{ .Values.proxy.replicaCount }} + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.proxy.component }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.proxy.component }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.proxy.ports.http }}" +{{- with .Values.proxy.annotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.proxy.nodeSelector }} + nodeSelector: +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.proxy.tolerations }} + tolerations: +{{ toYaml .Values.proxy.tolerations | indent 8 }} + {{- end }} + affinity: + {{- if and .Values.affinity.anti_affinity .Values.proxy.affinity.anti_affinity}} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "{{ template "pulsar.name" . }}-{{ .Values.proxy.component }}" + - key: "release" + operator: In + values: + - {{ .Release.Name }} + - key: "component" + operator: In + values: + - {{ .Values.proxy.component }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.proxy.gracePeriod }} + initContainers: + # This init container will wait for zookeeper to be ready before + # deploying the bookies + - name: wait-zookeeper-ready + image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" + imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} + command: ["sh", "-c"] + args: + - >- + until bin/pulsar zookeeper-shell -server {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.fullname" . }}; do + sleep 3; + done; + # This init container will wait for at least one broker to be ready before + # deploying the proxy + - name: wait-broker-ready + image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" + imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} + command: ["sh", "-c"] + args: + - >- + set -e; + brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; + until [ ${brokerServiceNumber} -ge 1 ]; do + echo "pulsar cluster {{ template "pulsar.fullname" . }} isn't initialized yet ... check in 10 seconds ..."; + sleep 10; + brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; + done; + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}" + imagePullPolicy: {{ .Values.images.proxy.pullPolicy }} + {{- if .Values.proxy.probe.liveness.enabled }} + livenessProbe: + httpGet: + path: /status.html + port: {{ .Values.proxy.ports.http }} + initialDelaySeconds: {{ .Values.proxy.probe.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.proxy.probe.liveness.periodSeconds }} + failureThreshold: {{ .Values.proxy.probe.liveness.failureThreshold }} + {{- end }} + {{- if .Values.proxy.probe.readiness.enabled }} + readinessProbe: + httpGet: + path: /status.html + port: {{ .Values.proxy.ports.http }} + initialDelaySeconds: {{ .Values.proxy.probe.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.proxy.probe.readiness.periodSeconds }} + failureThreshold: {{ .Values.proxy.probe.readiness.failureThreshold }} + {{- end }} + {{- if .Values.proxy.probe.startup.enabled }} + startupProbe: + httpGet: + path: /status.html + port: {{ .Values.proxy.ports.http }} + initialDelaySeconds: {{ .Values.proxy.probe.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.proxy.probe.startup.periodSeconds }} + failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: +{{ toYaml .Values.proxy.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/proxy.conf && + bin/apply-config-from-env.py conf/pulsar_env.sh && + echo "OK" > status && + bin/pulsar proxy + ports: + # prometheus needs to access /metrics endpoint + - name: http + containerPort: {{ .Values.proxy.ports.http }} + {{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }} + - name: pulsar + containerPort: {{ .Values.proxy.ports.pulsar }} + {{- end }} + {{- if and (.Values.tls.enabled) (.Values.tls.proxy.enabled) }} + - name: https + containerPort: {{ .Values.proxy.ports.https }} + - name: pulsarssl + containerPort: {{ .Values.proxy.ports.pulsarssl }} + {{- end }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + {{- if or .Values.auth.authentication.enabled (and .Values.tls.enabled (or .Values.tls.proxy.enabled .Values.tls.broker.enabled)) }} + volumeMounts: + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + - mountPath: "/pulsar/keys" + name: token-keys + readOnly: true + - mountPath: "/pulsar/tokens" + name: proxy-token + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.tls.proxy.enabled }} + - mountPath: "/pulsar/certs/proxy" + name: proxy-certs + readOnly: true + {{- end}} + {{- if .Values.tls.enabled }} + - mountPath: "/pulsar/certs/ca" + name: ca + readOnly: true + {{- end}} + {{- end}} + {{- if or .Values.auth.authentication.enabled (and .Values.tls.enabled .Values.tls.proxy.enabled) }} + volumes: + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + - name: token-keys + secret: + {{- if not .Values.auth.authentication.jwt.usingSecretKey }} + secretName: "{{ .Release.Name }}-token-asymmetric-key" + {{- end}} + {{- if .Values.auth.authentication.jwt.usingSecretKey }} + secretName: "{{ .Release.Name }}-token-symmetric-key" + {{- end}} + items: + {{- if .Values.auth.authentication.jwt.usingSecretKey }} + - key: SECRETKEY + path: token/secret.key + {{- else }} + - key: PUBLICKEY + path: token/public.key + {{- end}} + - name: proxy-token + secret: + secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.proxy }}" + items: + - key: TOKEN + path: proxy/token + {{- end}} + {{- end}} + {{- if .Values.tls.proxy.enabled }} + - name: ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt + - name: proxy-certs + secret: + secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}" + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + {{- end}} + {{- end}} +{{- end }} diff --git a/pulsar/templates/pulsar-cluster-initialize.yaml b/pulsar/templates/pulsar-cluster-initialize.yaml new file mode 100644 index 0000000..a57db8e --- /dev/null +++ b/pulsar/templates/pulsar-cluster-initialize.yaml @@ -0,0 +1,102 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.broker }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.pulsar_metadata.component }} +spec: + template: + spec: + initContainers: + {{- if .Values.pulsar_metadata.configurationStore }} + - name: wait-cs-ready + image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" + imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + command: ["sh", "-c"] + args: + - >- + until nslookup {{ .Values.pulsar_metadata.configurationStore}}; do + sleep 3; + done; + + {{- end }} + - name: wait-zookeeper-ready + image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" + imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + command: ["sh", "-c"] + args: + - >- + until nslookup {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ add (.Values.zookeeper.replicaCount | int) -1 }}.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ .Values.namespace }}; do + sleep 3; + done; + # This initContainer will wait for bookkeeper initnewcluster to complete + # before initializing pulsar metadata + - name: pulsar-bookkeeper-verify-clusterid + image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" + imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/bookkeeper.conf; + {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }} + until bin/bookkeeper shell whatisinstanceid; do + sleep 3; + done; + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + volumeMounts: + {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}" + image: "{{ .Values.pulsar_metadata.image.repository }}:{{ .Values.pulsar_metadata.image.tag }}" + imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + {{- if .Values.pulsar_metadata.resources }} + resources: +{{ toYaml .Values.pulsar_metadata.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }} + bin/pulsar initialize-cluster-metadata \ + --cluster {{ template "pulsar.fullname" . }} \ + --zookeeper {{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }} \ + {{- if .Values.pulsar_metadata.configurationStore }} + --configuration-store {{ .Values.pulsar_metadata.configurationStore }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }} \ + {{- end }} + {{- if not .Values.pulsar_metadata.configurationStore }} + --configuration-store {{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }} \ + {{- end }} + --web-service-url http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ .Values.namespace }}.svc.cluster.local:8080/ \ + --web-service-url-tls https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ .Values.namespace }}.svc.cluster.local:8443/ \ + --broker-service-url pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ .Values.namespace }}.svc.cluster.local:6650/ \ + --broker-service-url-tls pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ .Values.namespace }}.svc.cluster.local:6651/ || true; + volumeMounts: + {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + volumes: + {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} + restartPolicy: Never +{{- end }} diff --git a/pulsar/templates/pulsar-manager-admin-secret.yaml b/pulsar/templates/pulsar-manager-admin-secret.yaml new file mode 100644 index 0000000..ef4ecf9 --- /dev/null +++ b/pulsar/templates/pulsar-manager-admin-secret.yaml @@ -0,0 +1,39 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.pulsar_manager .Values.extra.pulsar_manager }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret" + namespace: {{ .Values.namespace }} + labels: + app: {{ template "pulsar.name" . }} + chart: {{ template "pulsar.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: {{ .Values.pulsar_manager.component }} + cluster: {{ template "pulsar.fullname" . }} +type: Opaque +data: + {{- if .Values.pulsar_manager.admin}} + PULSAR_MANAGER_ADMIN_PASSWORD: {{ .Values.pulsar_manager.admin.password | default "pulsar" | b64enc }} + PULSAR_MANAGER_ADMIN_USER: {{ .Values.pulsar_manager.admin.user | default "pulsar" | b64enc }} + {{- end }} +{{- end }} diff --git a/pulsar/templates/pulsar-manager-configmap.yaml b/pulsar/templates/pulsar-manager-configmap.yaml new file mode 100644 index 0000000..acfb315 --- /dev/null +++ b/pulsar/templates/pulsar-manager-configmap.yaml @@ -0,0 +1,31 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.pulsar_manager .Values.extra.pulsar_manager }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.pulsar_manager.component }} +data: +{{ toYaml .Values.pulsar_manager.configData | indent 2 }} +{{- end }} diff --git a/pulsar/templates/pulsar-manager-deployment.yaml b/pulsar/templates/pulsar-manager-deployment.yaml new file mode 100644 index 0000000..73ffc1a --- /dev/null +++ b/pulsar/templates/pulsar-manager-deployment.yaml @@ -0,0 +1,85 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.pulsar_manager .Values.extra.pulsar_manager }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.pulsar_manager.component }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.pulsar_manager.component }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.pulsar_manager.component }} + annotations: +{{ toYaml .Values.pulsar_manager.annotations | indent 8 }} + spec: + {{- if .Values.pulsar_manager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.pulsar_manager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.pulsar_manager.tolerations }} + tolerations: +{{ toYaml .Values.pulsar_manager.tolerations | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.pulsar_manager.gracePeriod }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" + image: "{{ .Values.images.pulsar_manager.repository }}:{{ .Values.images.pulsar_manager.tag }}" + imagePullPolicy: {{ .Values.images.pulsar_manager.pullPolicy }} + {{- if .Values.pulsar_manager.resources }} + resources: +{{ toYaml .Values.pulsar_manager.resources | indent 12 }} + {{- end }} + ports: + - containerPort: {{ .Values.pulsar_manager.port }} + volumeMounts: + - name: pulsar-manager-data + mountPath: /data + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" + env: + - name: PULSAR_CLUSTER + value: {{ template "pulsar.fullname" . }} + - name: USERNAME + valueFrom: + secretKeyRef: + key: PULSAR_MANAGER_ADMIN_USER + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret" + - name: PASSWORD + valueFrom: + secretKeyRef: + key: PULSAR_MANAGER_ADMIN_PASSWORD + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret" + volumes: + - name: pulsar-manager-data + emptyDir: {} + +{{- end }} diff --git a/pulsar/templates/pulsar-manager-service.yaml b/pulsar/templates/pulsar-manager-service.yaml new file mode 100644 index 0000000..188b3a4 --- /dev/null +++ b/pulsar/templates/pulsar-manager-service.yaml @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if or .Values.components.pulsar_manager .Values.extra.pulsar_manager }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.pulsar_manager.component }} + annotations: +{{ toYaml .Values.pulsar_manager.service.annotations | indent 4 }} +spec: + type: {{ .Values.pulsar_manager.service.type }} + ports: + - name: server + port: {{ .Values.pulsar_manager.port }} + protocol: TCP + selector: + app: {{ template "pulsar.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.pulsar_manager.component }} +{{- end }} diff --git a/pulsar/templates/tls-cert-internal-issuer.yaml b/pulsar/templates/tls-cert-internal-issuer.yaml new file mode 100644 index 0000000..bf006a1 --- /dev/null +++ b/pulsar/templates/tls-cert-internal-issuer.yaml @@ -0,0 +1,62 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.certs.internal_issuer.enabled }} +{{- if eq .Values.certs.internal_issuer.type "selfsigning" }} +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}" + namespace: {{ .Values.namespace }} +spec: + selfSigned: {} +--- + +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-ca" + namespace: {{ .Values.namespace }} +spec: + secretName: "{{ .Release.Name }}-ca-tls" + commonName: "{{ .Values.namespace }}.svc.cluster.local" + usages: + - server auth + - client auth + isCA: true + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +--- + +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + namespace: {{ .Values.namespace }} +spec: + ca: + secretName: "{{ .Release.Name }}-ca-tls" +{{- end }} +{{- end }} diff --git a/pulsar/templates/tls-certs-internal.yaml b/pulsar/templates/tls-certs-internal.yaml new file mode 100644 index 0000000..1a20bbd --- /dev/null +++ b/pulsar/templates/tls-certs-internal.yaml @@ -0,0 +1,247 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.tls.enabled }} +{{- if .Values.certs.internal_issuer.enabled }} + +{{- if .Values.tls.proxy.enabled }} +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}" + namespace: {{ .Values.namespace }} +spec: + # Secret names are always required. + secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}" + duration: "{{ .Values.tls.common.duration }}" + renewBefore: "{{ .Values.tls.common.renewBefore }}" + organization: +{{ toYaml .Values.tls.common.organization | indent 2 }} + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ .Values.namespace }}.svc.cluster.local" + isCA: false + keySize: {{ .Values.tls.common.keySize }} + keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} + keyEncoding: {{ .Values.tls.common.keyEncoding }} + usages: + - server auth + - client auth + # At least one of a DNS Name, USI SAN, or IP address is required. + dnsNames: + - "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ .Values.namespace }}.svc.cluster.local" + - "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" + # Issuer references are always required. + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +--- +{{- end }} + +{{- if or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }} +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.broker.cert_name }}" + namespace: {{ .Values.namespace }} +spec: + # Secret names are always required. + secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}" + duration: "{{ .Values.tls.common.duration }}" + renewBefore: "{{ .Values.tls.common.renewBefore }}" + organization: +{{ toYaml .Values.tls.common.organization | indent 2 }} + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: "*.{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ .Values.namespace }}.svc.cluster.local" + isCA: false + keySize: {{ .Values.tls.common.keySize }} + keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} + keyEncoding: {{ .Values.tls.common.keyEncoding }} + usages: + - server auth + - client auth + # At least one of a DNS Name, USI SAN, or IP address is required. + dnsNames: + - "*.{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ .Values.namespace }}.svc.cluster.local" + - "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" + # Issuer references are always required. + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +--- +{{- end }} + +{{- if or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled }} +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.bookie.cert_name }}" + namespace: {{ .Values.namespace }} +spec: + # Secret names are always required. + secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}" + duration: "{{ .Values.tls.common.duration }}" + renewBefore: "{{ .Values.tls.common.renewBefore }}" + organization: +{{ toYaml .Values.tls.common.organization | indent 2 }} + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: "*.{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ .Values.namespace }}.svc.cluster.local" + isCA: false + keySize: {{ .Values.tls.common.keySize }} + keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} + keyEncoding: {{ .Values.tls.common.keyEncoding }} + usages: + - server auth + - client auth + dnsNames: + - "*.{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ .Values.namespace }}.svc.cluster.local" + - "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + # Issuer references are always required. + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +--- +{{- end }} + +{{- if .Values.tls.zookeeper.enabled }} +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.autorecovery.cert_name }}" + namespace: {{ .Values.namespace }} +spec: + # Secret names are always required. + secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}" + duration: "{{ .Values.tls.common.duration }}" + renewBefore: "{{ .Values.tls.common.renewBefore }}" + organization: +{{ toYaml .Values.tls.common.organization | indent 2 }} + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: "*.{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ .Values.namespace }}.svc.cluster.local" + isCA: false + keySize: {{ .Values.tls.common.keySize }} + keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} + keyEncoding: {{ .Values.tls.common.keyEncoding }} + usages: + - server auth + - client auth + dnsNames: + - "*.{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ .Values.namespace }}.svc.cluster.local" + - "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + # Issuer references are always required. + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.toolset.cert_name }}" + namespace: {{ .Values.namespace }} +spec: + # Secret names are always required. + secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}" + duration: "{{ .Values.tls.common.duration }}" + renewBefore: "{{ .Values.tls.common.renewBefore }}" + organization: +{{ toYaml .Values.tls.common.organization | indent 2 }} + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: "*.{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ .Values.namespace }}.svc.cluster.local" + isCA: false + keySize: {{ .Values.tls.common.keySize }} + keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} + keyEncoding: {{ .Values.tls.common.keyEncoding }} + usages: + - server auth + - client auth + dnsNames: + - "*.{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ .Values.namespace }}.svc.cluster.local" + - "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + # Issuer references are always required. + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.zookeeper.cert_name }}" + namespace: {{ .Values.namespace }} +spec: + # Secret names are always required. + secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}" + duration: "{{ .Values.tls.common.duration }}" + renewBefore: "{{ .Values.tls.common.renewBefore }}" + organization: +{{ toYaml .Values.tls.common.organization | indent 2 }} + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: "*.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ .Values.namespace }}.svc.cluster.local" + isCA: false + keySize: {{ .Values.tls.common.keySize }} + keyAlgorithm: {{ .Values.tls.common.keyAlgorithm }} + keyEncoding: {{ .Values.tls.common.keyEncoding }} + usages: + - server auth + - client auth + dnsNames: + - "*.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ .Values.namespace }}.svc.cluster.local" + - "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + # Issuer references are always required. + issuerRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer" + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer + # This is optional since cert-manager will default to this value however + # if you are using an external issuer, change this to that issuer group. + group: cert-manager.io +{{- end }} + +{{- end }} +{{- end }} diff --git a/pulsar/templates/toolset-configmap.yaml b/pulsar/templates/toolset-configmap.yaml new file mode 100644 index 0000000..4e8fc16 --- /dev/null +++ b/pulsar/templates/toolset-configmap.yaml @@ -0,0 +1,70 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.toolset }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.toolset.component }} +data: + BOOKIE_LOG_APPENDER: "RollingFile" + {{- include "pulsar.bookkeeper.config.common" . | nindent 2 }} + {{- if not .Values.toolset.useProxy }} + # talk to broker + {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" + brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" + useTls: "true" + tlsAllowInsecureConnection: "false" + tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt" + tlsEnableHostnameVerification: "false" + {{- end }} + {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} + webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" + brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" + {{- end }} + {{- end }} + {{- if .Values.toolset.useProxy }} + # talk to proxy + {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} + webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.https }}/" + brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsarssl }}/" + useTls: "true" + tlsAllowInsecureConnection: "false" + tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt" + tlsEnableHostnameVerification: "false" + {{- end }} + {{- if not (and .Values.tls.enabled .Values.tls.proxy.enabled) }} + webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.http }}/" + brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsar }}/" + {{- end }} + {{- end }} + # Authentication Settings + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + authParams: "file:///pulsar/tokens/client/token" + authPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" + {{- end }} + {{- end }} +{{ toYaml .Values.toolset.configData | indent 2 }} +{{- end }} diff --git a/pulsar/templates/toolset-service.yaml b/pulsar/templates/toolset-service.yaml new file mode 100644 index 0000000..e1c0ccc --- /dev/null +++ b/pulsar/templates/toolset-service.yaml @@ -0,0 +1,34 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.toolset }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.toolset.component }} +spec: + clusterIP: None + selector: + {{- include "pulsar.matchLabels" . | nindent 4 }} + component: {{ .Values.toolset.component }} +{{- end }} \ No newline at end of file diff --git a/pulsar/templates/toolset-statefulset.yaml b/pulsar/templates/toolset-statefulset.yaml new file mode 100644 index 0000000..715680c --- /dev/null +++ b/pulsar/templates/toolset-statefulset.yaml @@ -0,0 +1,108 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +{{- if .Values.components.toolset }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.toolset.component }} +spec: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + replicas: {{ .Values.toolset.replicaCount }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.toolset.component }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.toolset.component }} + annotations: +{{ toYaml .Values.toolset.annotations | indent 8 }} + spec: + {{- if .Values.toolset.nodeSelector }} + nodeSelector: +{{ toYaml .Values.toolset.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.toolset.tolerations }} + tolerations: +{{ toYaml .Values.toolset.tolerations | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.toolset.gracePeriod }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + image: "{{ .Values.images.broker.repository }}:{{ .Values.images.broker.tag }}" + imagePullPolicy: {{ .Values.images.broker.pullPolicy }} + {{- if .Values.toolset.resources }} + resources: +{{ toYaml .Values.toolset.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/client.conf; + bin/apply-config-from-env.py conf/bookkeeper.conf; + {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }} + sleep 10000000000 + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}" + volumeMounts: + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + - mountPath: "/pulsar/tokens" + name: client-token + readOnly: true + {{- end }} + {{- end }} + {{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }} + - mountPath: "/pulsar/certs/proxy-ca" + name: proxy-ca + readOnly: true + {{- end}} + {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + volumes: + {{- if .Values.auth.authentication.enabled }} + {{- if eq .Values.auth.authentication.provider "jwt" }} + - name: client-token + secret: + secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}" + items: + - key: TOKEN + path: client/token + {{- end}} + {{- end}} + {{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }} + - name: proxy-ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt + {{- end}} + {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} +{{- end }} diff --git a/pulsar/templates/zookeeper-configmap.yaml b/pulsar/templates/zookeeper-configmap.yaml new file mode 100644 index 0000000..3b4cabf --- /dev/null +++ b/pulsar/templates/zookeeper-configmap.yaml @@ -0,0 +1,40 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# deploy zookeeper only when `components.zookeeper` is true +{{- if .Values.components.zookeeper }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.zookeeper.component }} +data: + dataDir: /pulsar/data/zookeeper + PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory + serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory + # enable zookeeper tls + {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} + secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}" + PULSAR_PREFIX_secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}" + {{- end }} +{{ toYaml .Values.zookeeper.configData | indent 2 }} +{{- end }} diff --git a/pulsar/templates/zookeeper-pdb.yaml b/pulsar/templates/zookeeper-pdb.yaml new file mode 100644 index 0000000..5417bed --- /dev/null +++ b/pulsar/templates/zookeeper-pdb.yaml @@ -0,0 +1,38 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# deploy zookeeper only when `components.zookeeper` is true +{{- if .Values.components.zookeeper }} +{{- if .Values.zookeeper.pdb.usePolicy }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.zookeeper.component }} +spec: + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.zookeeper.component }} + maxUnavailable: {{ .Values.zookeeper.pdb.maxUnavailable }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/zookeeper-service.yaml b/pulsar/templates/zookeeper-service.yaml new file mode 100644 index 0000000..478a264 --- /dev/null +++ b/pulsar/templates/zookeeper-service.yaml @@ -0,0 +1,48 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# deploy zookeeper only when `components.zookeeper` is true +{{- if .Values.components.zookeeper }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.zookeeper.component }} + annotations: +{{ toYaml .Values.zookeeper.service.annotations | indent 4 }} +spec: + ports: + - name: follower + port: {{ .Values.zookeeper.ports.follower }} + - name: leader-election + port: {{ .Values.zookeeper.ports.leaderElection }} + - name: client + port: {{ .Values.zookeeper.ports.client }} + {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} + - name: client-tls + port: {{ .Values.zookeeper.ports.clientTls }} + {{- end }} + clusterIP: None + selector: + {{- include "pulsar.matchLabels" . | nindent 4 }} + component: {{ .Values.zookeeper.component }} +{{- end }} diff --git a/pulsar/templates/zookeeper-statefulset.yaml b/pulsar/templates/zookeeper-statefulset.yaml new file mode 100644 index 0000000..dc78cfd --- /dev/null +++ b/pulsar/templates/zookeeper-statefulset.yaml @@ -0,0 +1,195 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# deploy zookeeper only when `components.zookeeper` is true +{{- if .Values.components.zookeeper }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.zookeeper.component }} +spec: + serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + replicas: {{ .Values.zookeeper.replicaCount }} + selector: + matchLabels: + {{- include "pulsar.matchLabels" . | nindent 6 }} + component: {{ .Values.zookeeper.component }} + updateStrategy: +{{ toYaml .Values.zookeeper.updateStrategy | indent 4 }} + podManagementPolicy: {{ .Values.zookeeper.podManagementPolicy }} + template: + metadata: + labels: + {{- include "pulsar.template.labels" . | nindent 8 }} + component: {{ .Values.zookeeper.component }} + annotations: +{{ toYaml .Values.zookeeper.annotations | indent 8 }} + spec: + {{- if .Values.zookeeper.nodeSelector }} + nodeSelector: +{{ toYaml .Values.zookeeper.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.zookeeper.tolerations }} + tolerations: +{{ toYaml .Values.zookeeper.tolerations | indent 8 }} + {{- end }} + affinity: + {{- if and .Values.affinity.anti_affinity .Values.zookeeper.affinity.anti_affinity}} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - "{{ template "pulsar.name" . }}-{{ .Values.zookeeper.component }}" + - key: "release" + operator: In + values: + - {{ .Release.Name }} + - key: "component" + operator: In + values: + - {{ .Values.zookeeper.component }} + topologyKey: "kubernetes.io/hostname" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.zookeeper.gracePeriod }} + containers: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + image: "{{ .Values.images.zookeeper.repository }}:{{ .Values.images.zookeeper.tag }}" + imagePullPolicy: {{ .Values.images.zookeeper.pullPolicy }} + {{- if .Values.zookeeper.resources }} + resources: +{{ toYaml .Values.zookeeper.resources | indent 10 }} + {{- end }} + command: ["sh", "-c"] + args: + - > + bin/apply-config-from-env.py conf/zookeeper.conf; + bin/apply-config-from-env.py conf/pulsar_env.sh; + {{- include "pulsar.zookeeper.tls.settings" . | nindent 10 }} + bin/generate-zookeeper-config.sh conf/zookeeper.conf; + bin/pulsar zookeeper; + ports: + - name: client + containerPort: {{ .Values.zookeeper.ports.client }} + - name: follower + containerPort: {{ .Values.zookeeper.ports.follower }} + - name: leader-election + containerPort: {{ .Values.zookeeper.ports.leaderElection }} + {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} + - name: client-tls + containerPort: {{ .Values.zookeeper.ports.clientTls }} + {{- end }} + env: + - name: ZOOKEEPER_SERVERS + value: + {{- $global := . }} + {{ range $i, $e := until (.Values.zookeeper.replicaCount | int) }}{{ if ne $i 0 }},{{ end }}{{ template "pulsar.fullname" $global }}-{{ $global.Values.zookeeper.component }}-{{ printf "%d" $i }}{{ end }} + envFrom: + - configMapRef: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" + {{- if .Values.zookeeper.probe.readiness.enabled }} + readinessProbe: + exec: + command: + - bin/pulsar-zookeeper-ruok.sh + initialDelaySeconds: {{ .Values.zookeeper.probe.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.zookeeper.probe.readiness.periodSeconds }} + failureThreshold: {{ .Values.zookeeper.probe.readiness.failureThreshold }} + {{- end }} + {{- if .Values.zookeeper.probe.liveness.enabled }} + livenessProbe: + exec: + command: + - bin/pulsar-zookeeper-ruok.sh + initialDelaySeconds: {{ .Values.zookeeper.probe.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.zookeeper.probe.liveness.periodSeconds }} + failureThreshold: {{ .Values.zookeeper.probe.liveness.failureThreshold }} + {{- end }} + {{- if .Values.zookeeper.probe.startup.enabled }} + startupProbe: + exec: + command: + - bin/pulsar-zookeeper-ruok.sh + initialDelaySeconds: {{ .Values.zookeeper.probe.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.zookeeper.probe.startup.periodSeconds }} + failureThreshold: {{ .Values.zookeeper.probe.startup.failureThreshold }} + {{- end }} + volumeMounts: + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" + mountPath: /pulsar/data + {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} + - mountPath: "/pulsar/certs/zookeeper" + name: zookeeper-certs + readOnly: true + - mountPath: "/pulsar/certs/ca" + name: ca + readOnly: true + - name: keytool + mountPath: "/pulsar/keytool/keytool.sh" + subPath: keytool.sh + {{- end }} + volumes: + {{- if not (and (and .Values.volumes.persistence .Values.volumes.persistence) .Values.zookeeper.volumes.persistence) }} + - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" + emptyDir: {} + {{- end }} + {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} + - name: zookeeper-certs + secret: + secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}" + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - name: ca + secret: + secretName: "{{ .Release.Name }}-ca-tls" + items: + - key: ca.crt + path: ca.crt + - name: keytool + configMap: + name: "{{ template "pulsar.fullname" . }}-keytool-configmap" + defaultMode: 0755 + {{- end}} +{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.zookeeper.volumes.persistence }} + volumeClaimTemplates: + - metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.zookeeper.volumes.data.size }} + {{- if .Values.zookeeper.volumes.data.storageClassName }} + storageClassName: "{{ .Values.zookeeper.volumes.data.storageClassName }}" + {{- else if and (not (and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage)) .Values.zookeeper.volumes.data.storageClass }} + storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" + {{- else if and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage }} + storageClassName: "local-storage" + {{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/templates/zookeeper-storageclass.yaml b/pulsar/templates/zookeeper-storageclass.yaml new file mode 100644 index 0000000..08b66c8 --- /dev/null +++ b/pulsar/templates/zookeeper-storageclass.yaml @@ -0,0 +1,40 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# deploy zookeeper only when `components.zookeeper` is true +{{- if .Values.components.zookeeper }} +{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.zookeeper.volumes.persistence }} + +# define the storage class for data directory +{{- if and (not (and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage)) .Values.zookeeper.volumes.data.storageClass }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" + namespace: {{ .Values.namespace }} + labels: + {{- include "pulsar.standardLabels" . | nindent 4 }} + component: {{ .Values.zookeeper.component }} +provisioner: {{ .Values.zookeeper.volumes.data.storageClass.provisioner }} +parameters: + type: {{ .Values.zookeeper.volumes.data.storageClass.type }} + fsType: {{ .Values.zookeeper.volumes.data.storageClass.fsType }} +{{- end }} +{{- end }} +{{- end }} diff --git a/pulsar/values.yaml b/pulsar/values.yaml new file mode 100644 index 0000000..5c1582d --- /dev/null +++ b/pulsar/values.yaml @@ -0,0 +1,901 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + + +### +### K8S Settings +### + +## Namespace to deploy pulsar +namespace: pulsar +namespaceCreate: false + +### +### Global Settings +### + +## Pulsar Metadata Prefix +## +## By default, pulsar stores all the metadata at root path. +## You can configure to have a prefix (e.g. "/my-pulsar-cluster"). +## If you do so, all the pulsar and bookkeeper metadata will +## be stored under the provided path +metadataPrefix: "" + +## Persistence +## +## If persistence is enabled, components that have state will +## be deployed with PersistentVolumeClaims, otherwise, for test +## purposes, they will be deployed with emptyDir +## +## This is a global setting that is applied to all components. +## If you need to disable persistence for a component, +## you can set the `volume.persistence` setting to `false` for +## that component. +## +## Deprecated in favor of using `volumes.persistence` +persistence: true +## Volume settings +volumes: + persistence: true + # configure the components to use local persistent volume + # the local provisioner should be installed prior to enable local persistent volume + local_storage: false + +## AntiAffinity +## +## Flag to enable and disable `AntiAffinity` for all components. +## This is a global setting that is applied to all components. +## If you need to disable AntiAffinity for a component, you can set +## the `affinity.anti_affinity` settings to `false` for that component. +affinity: + anti_affinity: true + +## Components +## +## Control what components of Apache Pulsar to deploy for the cluster +components: + # zookeeper + zookeeper: true + # bookkeeper + bookkeeper: true + # bookkeeper - autorecovery + autorecovery: true + # broker + broker: true + # functions + functions: true + # proxy + proxy: true + # toolset + toolset: true + # pulsar manager + pulsar_manager: true + +## Monitoring Components +## +## Control what components of the monitoring stack to deploy for the cluster +monitoring: + # monitoring - prometheus + prometheus: true + # monitoring - grafana + grafana: true + # monitoring - node_exporter + node_exporter: true + # alerting - alert-manager + alert_manager: true + +## which extra components to deploy (Deprecated) +extra: + # Pulsar proxy + proxy: false + # Bookkeeper auto-recovery + autoRecovery: false + # Pulsar dashboard + # Deprecated + # Replace pulsar-dashboard with pulsar-manager + dashboard: false + # pulsar manager + pulsar_manager: false + # Bastion pod for administrative commands + bastion: false + # Monitoring stack (prometheus and grafana) + monitoring: false + # Configure Kubernetes runtime for Functions + functionsAsPods: false + +## Images +## +## Control what images to use for each component +images: + zookeeper: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + bookie: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + autorecovery: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + broker: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + proxy: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + functions: + repository: apachepulsar/pulsar-all + tag: 2.5.0 + prometheus: + repository: prom/prometheus + tag: v1.6.3 + pullPolicy: IfNotPresent + grafana: + repository: streamnative/apache-pulsar-grafana-dashboard-k8s + tag: 0.0.4 + pullPolicy: IfNotPresent + pulsar_manager: + repository: apachepulsar/pulsar-manager + tag: v0.1.0 + pullPolicy: IfNotPresent + hasCommand: false + +## TLS +## templates/tls-certs.yaml +## +## The chart is using cert-manager for provisioning TLS certs for +## brokers and proxies. +tls: + enabled: false + # common settings for generating certs + common: + # 90d + duration: 2160h + # 15d + renewBefore: 360h + organization: + - pulsar + keySize: 4096 + keyAlgorithm: rsa + keyEncoding: pkcs8 + # settings for generating certs for proxy + proxy: + enabled: false + cert_name: tls-proxy + # settings for generating certs for broker + broker: + enabled: false + cert_name: tls-broker + # settings for generating certs for bookies + bookie: + enabled: false + cert_name: tls-bookie + # settings for generating certs for zookeeper + zookeeper: + enabled: false + cert_name: tls-zookeeper + # settings for generating certs for recovery + autorecovery: + cert_name: tls-recovery + # settings for generating certs for toolset + toolset: + cert_name: tls-toolset + +# Enable or disable broker authentication and authorization. +auth: + authentication: + enabled: false + provider: "jwt" + jwt: + # Enable JWT authentication + # If the token is generated by a secret key, set the usingSecretKey as true. + # If the token is generated by a private key, set the usingSecretKey as false. + usingSecretKey: false + authorization: + enabled: false + superUsers: + # broker to broker communication + broker: "broker-admin" + # proxy to broker communication + proxy: "proxy-admin" + # pulsar-admin client to broker/proxy communication + client: "admin" + +###################################################################### +# External dependencies +###################################################################### + +## cert-manager +## templates/tls-cert-issuer.yaml +## +## Cert manager is used for automatically provisioning TLS certificates +## for components within a Pulsar cluster +certs: + internal_issuer: + enabled: false + component: internal-cert-issuer + type: selfsigning + issuers: + selfsigning: + +###################################################################### +# Below are settings for each component +###################################################################### + +## Pulsar: Zookeeper cluster +## templates/zookeeper-statefulset.yaml +## +zookeeper: + # use a component name that matches your grafana configuration + # so the metrics are correctly rendered in grafana dashboard + component: zookeeper + # the number of zookeeper servers to run. it should be an odd number larger than or equal to 3. + replicaCount: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: OrderedReady + ports: + client: 2181 + clientTls: 2281 + follower: 2888 + leaderElection: 3888 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + probe: + liveness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 10 + periodSeconds: 30 + readiness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 10 + periodSeconds: 30 + startup: + enabled: false + failureThreshold: 30 + initialDelaySeconds: 10 + periodSeconds: 30 + affinity: + anti_affinity: true + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8000" + tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 256Mi + cpu: 0.1 + volumes: + # use a persistent volume or emptyDir + persistence: true + data: + name: data + size: 20Gi + local_storage: true + ## If you already have an existent storage class and want to reuse it, you can specify its name with the option below + ## + # storageClassName: existent-storage-class + # + ## Instead if you want to create a new storage class define it below + ## If left undefined no storage class will be defined along with PVC + ## + # storageClass: + # type: pd-ssd + # fsType: xfs + # provisioner: kubernetes.io/gce-pd + ## Zookeeper configmap + ## templates/zookeeper-configmap.yaml + ## + configData: + PULSAR_MEM: > + " + -Xms64m -Xmx128m + -Dcom.sun.management.jmxremote + -Djute.maxbuffer=10485760 + -XX:+ParallelRefProcEnabled + -XX:+UnlockExperimentalVMOptions + -XX:+DoEscapeAnalysis + -XX:+DisableExplicitGC + -XX:+PerfDisableSharedMem + -Dzookeeper.forceSync=no + " + PULSAR_GC: > + " + -XX:+UseG1GC + -XX:MaxGCPauseMillis=10 + " + ## Zookeeper service + ## templates/zookeeper-service.yaml + ## + service: + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + ## Zookeeper PodDisruptionBudget + ## templates/zookeeper-pdb.yaml + ## + pdb: + usePolicy: true + maxUnavailable: 1 + +## Pulsar: Bookkeeper cluster +## templates/bookkeeper-statefulset.yaml +## +bookkeeper: + # use a component name that matches your grafana configuration + # so the metrics are correctly rendered in grafana dashboard + component: bookie + ## BookKeeper Cluster Initialize + ## templates/bookkeeper-cluster-initialize.yaml + metadata: + image: + # the image used for running `bookkeeper-cluster-initialize` job + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + ## Set the resources used for running `bin/bookkeeper shell initnewcluster` + ## + resources: + # requests: + # memory: 4Gi + # cpu: 2 + replicaCount: 4 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + ports: + http: 8000 + bookie: 3181 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + probe: + liveness: + enabled: true + failureThreshold: 60 + initialDelaySeconds: 10 + periodSeconds: 30 + readiness: + enabled: true + failureThreshold: 60 + initialDelaySeconds: 10 + periodSeconds: 30 + startup: + enabled: false + failureThreshold: 30 + initialDelaySeconds: 60 + periodSeconds: 30 + affinity: + anti_affinity: true + annotations: {} + tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 512Mi + cpu: 0.2 + volumes: + # use a persistent volume or emptyDir + persistence: true + journal: + name: journal + size: 10Gi + local_storage: true + ## If you already have an existent storage class and want to reuse it, you can specify its name with the option below + ## + # storageClassName: existent-storage-class + # + ## Instead if you want to create a new storage class define it below + ## If left undefined no storage class will be defined along with PVC + ## + # storageClass: + # type: pd-ssd + # fsType: xfs + # provisioner: kubernetes.io/gce-pd + ledgers: + name: ledgers + size: 50Gi + local_storage: true + ## If you already have an existent storage class and want to reuse it, you can specify its name with the option below + ## + # storageClassName: existent-storage-class + # + ## Instead if you want to create a new storage class define it below + ## If left undefined no storage class will be defined along with PVC + ## + # storageClass: + # type: pd-ssd + # fsType: xfs + # provisioner: kubernetes.io/gce-pd + ## Bookkeeper configmap + ## templates/bookkeeper-configmap.yaml + ## + configData: + # `BOOKIE_MEM` is used for `bookie shell` + BOOKIE_MEM: > + " + -Xms128m + -Xmx256m + -XX:MaxDirectMemorySize=256m + " + # we use `bin/pulsar` for starting bookie daemons + PULSAR_MEM: > + " + -Xms128m + -Xmx256m + -XX:MaxDirectMemorySize=256m + " + PULSAR_GC: > + " + -XX:+UseG1GC + -XX:MaxGCPauseMillis=10 + -XX:+ParallelRefProcEnabled + -XX:+UnlockExperimentalVMOptions + -XX:+DoEscapeAnalysis + -XX:ParallelGCThreads=4 + -XX:ConcGCThreads=4 + -XX:G1NewSizePercent=50 + -XX:+DisableExplicitGC + -XX:-ResizePLAB + -XX:+ExitOnOutOfMemoryError + -XX:+PerfDisableSharedMem + -XX:+PrintGCDetails + -XX:+PrintGCTimeStamps + -XX:+PrintGCApplicationStoppedTime + -XX:+PrintHeapAtGC + -verbosegc + -Xloggc:/var/log/bookie-gc.log + -XX:G1LogLevel=finest + " + # configure the memory settings based on jvm memory settings + dbStorage_writeCacheMaxSizeMb: "32" + dbStorage_readAheadCacheMaxSizeMb: "32" + dbStorage_rocksDB_writeBufferSizeMB: "8" + dbStorage_rocksDB_blockCacheSize: "8388608" + ## Bookkeeper Service + ## templates/bookkeeper-service.yaml + ## + service: + annotations: + publishNotReadyAddresses: "true" + ## Bookkeeper PodDisruptionBudget + ## templates/bookkeeper-pdb.yaml + ## + pdb: + usePolicy: true + maxUnavailable: 1 + +## Pulsar: Bookkeeper AutoRecovery +## templates/autorecovery-statefulset.yaml +## +autorecovery: + # use a component name that matches your grafana configuration + # so the metrics are correctly rendered in grafana dashboard + component: recovery + replicaCount: 1 + ports: + http: 8000 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + affinity: + anti_affinity: true + annotations: {} + # tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 64Mi + cpu: 0.05 + ## Bookkeeper auto-recovery configmap + ## templates/autorecovery-configmap.yaml + ## + configData: + BOOKIE_MEM: > + " + -Xms64m -Xmx64m + " + +## Pulsar Zookeeper metadata. The metadata will be deployed as +## soon as the last zookeeper node is reachable. The deployment +## of other components that depends on zookeeper, such as the +## bookkeeper nodes, broker nodes, etc will only start to be +## deployed when the zookeeper cluster is ready and with the +## metadata deployed +pulsar_metadata: + component: pulsar-init + image: + # the image used for running `pulsar-cluster-initialize` job + repository: apachepulsar/pulsar-all + tag: 2.5.0 + pullPolicy: IfNotPresent + ## set an existing configuration store + # configurationStore: + configurationStoreMetadataPrefix: "" + +## Pulsar: Broker cluster +## templates/broker-statefulset.yaml +## +broker: + # use a component name that matches your grafana configuration + # so the metrics are correctly rendered in grafana dashboard + component: broker + replicaCount: 3 + ports: + http: 8080 + https: 8443 + pulsar: 6650 + pulsarssl: 6651 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + probe: + liveness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + readiness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + startup: + enabled: false + failureThreshold: 30 + initialDelaySeconds: 60 + periodSeconds: 10 + affinity: + anti_affinity: true + annotations: {} + tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 512Mi + cpu: 0.2 + ## Broker configmap + ## templates/broker-configmap.yaml + ## + configData: + PULSAR_MEM: > + " + -Xms128m -Xmx256m -XX:MaxDirectMemorySize=256m + -Dio.netty.leakDetectionLevel=disabled + -Dio.netty.recycler.linkCapacity=1024 + -XX:+ParallelRefProcEnabled + -XX:+UnlockExperimentalVMOptions + -XX:+DoEscapeAnalysis + -XX:ParallelGCThreads=4 + -XX:ConcGCThreads=4 + -XX:G1NewSizePercent=50 + -XX:+DisableExplicitGC + -XX:-ResizePLAB + -XX:+ExitOnOutOfMemoryError + -XX:+PerfDisableSharedMem + " + PULSAR_GC: > + " + -XX:+UseG1GC + -XX:MaxGCPauseMillis=10 + " + managedLedgerDefaultEnsembleSize: "3" + managedLedgerDefaultWriteQuorum: "3" + managedLedgerDefaultAckQuorum: "2" + ## Broker service + ## templates/broker-service.yaml + ## + service: + annotations: {} + ## Broker PodDisruptionBudget + ## templates/broker-pdb.yaml + ## + pdb: + usePolicy: true + maxUnavailable: 1 + +## Pulsar: Functions Worker +## templates/function-worker-configmap.yaml +## +functions: + component: functions-worker + +## Pulsar: Proxy Cluster +## templates/proxy-statefulset.yaml +## +proxy: + # use a component name that matches your grafana configuration + # so the metrics are correctly rendered in grafana dashboard + component: proxy + replicaCount: 3 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + probe: + liveness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + readiness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + startup: + enabled: false + failureThreshold: 30 + initialDelaySeconds: 60 + periodSeconds: 10 + affinity: + anti_affinity: true + annotations: {} + tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 128Mi + cpu: 0.2 + ## Proxy configmap + ## templates/proxy-configmap.yaml + ## + configData: + PULSAR_MEM: > + " + -Xms64m -Xmx64m -XX:MaxDirectMemorySize=64m + -Dio.netty.leakDetectionLevel=disabled + -Dio.netty.recycler.linkCapacity=1024 + -XX:+ParallelRefProcEnabled + -XX:+UnlockExperimentalVMOptions + -XX:+DoEscapeAnalysis + -XX:ParallelGCThreads=4 + -XX:ConcGCThreads=4 + -XX:G1NewSizePercent=50 + -XX:+DisableExplicitGC + -XX:-ResizePLAB + -XX:+ExitOnOutOfMemoryError + -XX:+PerfDisableSharedMem + " + PULSAR_GC: > + " + -XX:+UseG1GC + -XX:MaxGCPauseMillis=10 + " + ## Proxy service + ## templates/proxy-service.yaml + ## + ports: + http: 80 + https: 443 + pulsar: 6650 + pulsarssl: 6651 + service: + annotations: {} + type: LoadBalancer + ## Proxy PodDisruptionBudget + ## templates/proxy-pdb.yaml + ## + pdb: + usePolicy: true + maxUnavailable: 1 + +## Pulsar Extra: Dashboard +## templates/dashboard-deployment.yaml +## Deprecated +## +dashboard: + component: dashboard + replicaCount: 1 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + annotations: {} + tolerations: [] + gracePeriod: 0 + image: + repository: apachepulsar/pulsar-dashboard + tag: latest + pullPolicy: IfNotPresent + resources: + requests: + memory: 1Gi + cpu: 250m + ## Dashboard service + ## templates/dashboard-service.yaml + ## + service: + annotations: {} + ports: + - name: server + port: 80 + ingress: + enabled: false + annotations: {} + tls: + enabled: false + + ## Optional. Leave it blank if your Ingress Controller can provide a default certificate. + secretName: "" + + ## Required if ingress is enabled + hostname: "" + path: "/" + port: 80 + + +## Pulsar ToolSet +## templates/toolset-deployment.yaml +## +toolset: + component: toolset + useProxy: true + replicaCount: 1 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + annotations: {} + tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 256Mi + cpu: 0.1 + ## Bastion configmap + ## templates/bastion-configmap.yaml + ## + configData: + PULSAR_MEM: > + " + -Xms64M + -Xmx128M + -XX:MaxDirectMemorySize=128M + " + +############################################################# +### Monitoring Stack : Prometheus / Grafana +############################################################# + +## Monitoring Stack: Prometheus +## templates/prometheus-deployment.yaml +## + +## Deprecated in favor of using `prometheus.rbac.enabled` +prometheus_rbac: false +prometheus: + component: prometheus + rbac: + enabled: true + replicaCount: 1 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + annotations: {} + tolerations: [] + gracePeriod: 5 + port: 9090 + resources: + requests: + memory: 256Mi + cpu: 0.1 + volumes: + # use a persistent volume or emptyDir + persistence: true + data: + name: data + size: 10Gi + local_storage: true + ## If you already have an existent storage class and want to reuse it, you can specify its name with the option below + ## + # storageClassName: existent-storage-class + # + ## Instead if you want to create a new storage class define it below + ## If left undefined no storage class will be defined along with PVC + ## + # storageClass: + # type: pd-standard + # fsType: xfs + # provisioner: kubernetes.io/gce-pd + ## Prometheus service + ## templates/prometheus-service.yaml + ## + service: + annotations: {} + +## Monitoring Stack: Grafana +## templates/grafana-deployment.yaml +## +grafana: + component: grafana + replicaCount: 1 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + annotations: {} + tolerations: [] + gracePeriod: 30 + port: 3000 + resources: + requests: + memory: 250Mi + cpu: 0.1 + ## Grafana service + ## templates/grafana-service.yaml + ## + service: + type: LoadBalancer + annotations: {} + plugins: [] + ## Grafana ingress + ## templates/grafana-ingress.yaml + ## + ingress: + enabled: false + annotations: + kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/rewrite-target: /$1 + # ingress.kubernetes.io/force-ssl-redirect: "true" + ingress.kubernetes.io/rewrite-target: / + labels: {} + + tls: [] + + ## Optional. Leave it blank if your Ingress Controller can provide a default certificate. + ## - secretName: "" + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + ## Required if ingress is enabled + hostname: "" + protocol: http + path: /grafana + port: 80 + +## Components Stack: pulsar_manager +## templates/pulsar-manager.yaml +## +pulsar_manager: + component: pulsar-manager + port: 9527 + replicaCount: 1 + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + annotations: {} + tolerations: [] + gracePeriod: 30 + resources: + requests: + memory: 250Mi + cpu: 0.1 + configData: + REDIRECT_HOST: "http://127.0.0.1" + REDIRECT_PORT: "9527" + DRIVER_CLASS_NAME: org.postgresql.Driver + URL: jdbc:postgresql://127.0.0.1:5432/pulsar_manager + LOG_LEVEL: DEBUG + ## If you enabled authentication support + ## JWT_TOKEN: + ## SECRET_KEY: data:base64, + ## Pulsar manager service + ## templates/pulsar-manager-service.yaml + ## + service: + type: LoadBalancer + annotations: {} + admin: + user: pulsar + password: pulsar diff --git a/scripts/cert-manager/install-cert-manager.sh b/scripts/cert-manager/install-cert-manager.sh new file mode 100755 index 0000000..5670b92 --- /dev/null +++ b/scripts/cert-manager/install-cert-manager.sh @@ -0,0 +1,55 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +#!/usr/bin/env bash + +NAMESPACE=cert-manager +NAME=cert-manager +VERSION=v0.13.0 + +# Install cert-manager CustomResourceDefinition resources +echo "Installing cert-manager CRD resources ..." +kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/${VERSION}/deploy/manifests/00-crds.yaml + +# Create the namespace +kubectl get ns ${NAMESPACE} +if [ $? == 0 ]; then + echo "Namespace '${NAMESPACE}' already exists." +else + echo "Creating namespace '${NAMESPACE}' ..." + kubectl create namespace ${NAMESPACE} + echo "Successfully created namespace '${NAMESPACE}'." +fi + +# Add the Jetstack Helm repository. +echo "Adding Jetstack Helm repository." +helm repo add jetstack https://charts.jetstack.io +echo "Successfully added Jetstack Helm repository." + +# Update local helm chart repository cache. +echo "Updating local helm chart repository cache ..." +helm repo update + +echo "Installing cert-manager ${VERSION} to namespace ${NAMESPACE} as '${NAME}' ..." +helm install \ + --namespace ${NAMESPACE} \ + --version ${VERSION} \ + ${NAME} \ + jetstack/cert-manager +echo "Successfully installed cert-manager ${VERSION}." \ No newline at end of file diff --git a/scripts/pulsar/clean_tls.sh b/scripts/pulsar/clean_tls.sh new file mode 100755 index 0000000..8dba53d --- /dev/null +++ b/scripts/pulsar/clean_tls.sh @@ -0,0 +1,115 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd) +cd ${CHART_HOME} + +namespace=${namespace:-pulsar} +release=${release:-pulsar-dev} +clientComponents=${clientComponents:-"toolset"} +serverComponents=${serverComponents:-"bookie,broker,proxy,recovery,zookeeper"} + +usage() { + cat <&2 "${tool} is required. Please follow ${url}" + exit 1 +} + +function need_gcloud(){ + need_tool "gcloud" "https://cloud.google.com/sdk/downloads" +} + +function need_kubectl(){ + need_tool "kubectl" "https://kubernetes.io/docs/tasks/tools/install-kubectl" +} + +function need_helm(){ + need_tool "helm" "https://github.com/helm/helm/#install" +} + +function need_eksctl(){ + need_tool "eksctl" "https://eksctl.io" +} + +function validate_gke_required_tools(){ + if [ -z "$PROJECT" ]; then + echo "\$PROJECT needs to be set to your project id"; + exit 1; + fi + + for comm in gcloud kubectl helm + do + command -v "${comm}" > /dev/null 2>&1 || "need_${comm}" + done + + gcloud container clusters list --project $PROJECT >/dev/null 2>&1 || { echo >&2 "Gcloud seems to be configured incorrectly or authentication is unsuccessfull"; exit 1; } + +} + +function cluster_admin_password_gke(){ + gcloud container clusters describe $CLUSTER_NAME --zone $ZONE --project $PROJECT --format='value(masterAuth.password)'; +} + +function validate_eks_required_tools(){ + for comm in eksctl kubectl helm + do + command -v "${comm}" > /dev/null 2>&1 || "need_${comm}" + done +} diff --git a/scripts/pulsar/common_auth.sh b/scripts/pulsar/common_auth.sh new file mode 100755 index 0000000..b9d3aba --- /dev/null +++ b/scripts/pulsar/common_auth.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +if [ -z "$CHART_HOME" ]; then + echo "error: CHART_HOME should be initialized" + exit 1 +fi + +OUTPUT=${CHART_HOME}/output +OUTPUT_BIN=${OUTPUT}/bin +PULSARCTL_VERSION=v0.4.0 +PULSARCTL_BIN=${HOME}/.pulsarctl/pulsarctl +export PATH=${HOME}/.pulsarctl/plugins:${PATH} + +discoverArch() { + ARCH=$(uname -m) + case $ARCH in + x86) ARCH="386";; + x86_64) ARCH="amd64";; + i686) ARCH="386";; + i386) ARCH="386";; + esac +} + +discoverArch +OS=$(echo `uname`|tr '[:upper:]' '[:lower:]') + +test -d "$OUTPUT_BIN" || mkdir -p "$OUTPUT_BIN" + +function pulsar::verify_pulsarctl() { + if test -x "$PULSARCTL_BIN"; then + return + fi + return 1 +} + +function pulsar::ensure_pulsarctl() { + if pulsar::verify_pulsarctl; then + return 0 + fi + echo "Get pulsarctl install.sh script ..." + install_script=$(mktemp) + trap "test -f $install_script && rm $install_script" RETURN + curl --retry 10 -L -o $install_script https://raw.githubusercontent.com/streamnative/pulsarctl/master/install.sh + chmod +x $install_script + $install_script --user --version ${PULSARCTL_VERSION} +} + + diff --git a/scripts/pulsar/generate_token.sh b/scripts/pulsar/generate_token.sh new file mode 100755 index 0000000..b152bf1 --- /dev/null +++ b/scripts/pulsar/generate_token.sh @@ -0,0 +1,121 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd) +cd ${CHART_HOME} + +usage() { + cat < +EOF +} + +symmetric=false + +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -n|--namespace) + namespace="$2" + shift + shift + ;; + -k|--release) + release="$2" + shift + shift + ;; + -r|--role) + role="$2" + shift + shift + ;; + -s|--symmetric) + symmetric=true + shift + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "unknown option: $key" + usage + exit 1 + ;; +esac +done + +if [[ "x${role}" == "x" ]]; then + echo "No pulsar role is provided!" + usage + exit 1 +fi + +source ${CHART_HOME}/scripts/pulsar/common_auth.sh + +pulsar::ensure_pulsarctl + +namespace=${namespace:-pulsar} +release=${release:-pulsar-dev} + +function pulsar::jwt::generate_symmetric_token() { + local token_name="${release}-token-${role}" + local secret_name="${release}-token-symmetric-key" + + tmpfile=$(mktemp) + trap "test -f $tmpfile && rm $tmpfile" RETURN + tokentmpfile=$(mktemp) + trap "test -f $tokentmpfile && rm $tokentmpfile" RETURN + kubectl get -n ${namespace} secrets ${secret_name} -o jsonpath="{.data['SECRETKEY']}" | base64 --decode > ${tmpfile} + ${PULSARCTL_BIN} token create -a HS256 --secret-key-file ${tmpfile} --subject ${role} 2&> ${tokentmpfile} + kubectl create secret generic ${token_name} -n ${namespace} --from-file="TOKEN=${tokentmpfile}" --from-literal="TYPE=symmetric" +} + +function pulsar::jwt::generate_asymmetric_token() { + local token_name="${release}-token-${role}" + local secret_name="${release}-token-asymmetric-key" + + privatekeytmpfile=$(mktemp) + trap "test -f $privatekeytmpfile && rm $privatekeytmpfile" RETURN + tokentmpfile=$(mktemp) + trap "test -f $tokentmpfile && rm $tokentmpfile" RETURN + kubectl get -n ${namespace} secrets ${secret_name} -o jsonpath="{.data['PRIVATEKEY']}" | base64 --decode > ${privatekeytmpfile} + ${PULSARCTL_BIN} token create -a RS256 --private-key-file ${privatekeytmpfile} --subject ${role} 2&> ${tokentmpfile} + kubectl create secret generic ${token_name} -n ${namespace} --from-file="TOKEN=${tokentmpfile}" --from-literal="TYPE=asymmetric" +} + +if [[ "${symmetric}" == "true" ]]; then + pulsar::jwt::generate_symmetric_token +else + pulsar::jwt::generate_asymmetric_token +fi diff --git a/scripts/pulsar/generate_token_secret_key.sh b/scripts/pulsar/generate_token_secret_key.sh new file mode 100755 index 0000000..be2f76e --- /dev/null +++ b/scripts/pulsar/generate_token_secret_key.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd) +cd ${CHART_HOME} + +usage() { + cat < +EOF +} + +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -n|--namespace) + namespace="$2" + shift + shift + ;; + -k|--release) + release="$2" + shift + shift + ;; + -r|--role) + role="$2" + shift + shift + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "unknown option: $key" + usage + exit 1 + ;; +esac +done + +if [[ "x${role}" == "x" ]]; then + echo "No pulsar role is provided!" + usage + exit 1 +fi + +source ${CHART_HOME}/scripts/pulsar/common_auth.sh + +pulsar::ensure_pulsarctl + +namespace=${namespace:-pulsar} +release=${release:-pulsar-dev} + +function pulsar::jwt::get_token() { + local token_name="${release}-token-${role}" + + local token=$(kubectl get -n ${namespace} secrets ${token_name} -o jsonpath="{.data['TOKEN']}" | base64 --decode) + local token_type=$(kubectl get -n ${namespace} secrets ${token_name} -o jsonpath="{.data['TYPE']}" | base64 --decode) + + echo "token type: ${token_type}" + echo "-------------------------" + echo "${token}" +} + +pulsar::jwt::get_token diff --git a/scripts/pulsar/prepare_helm_release.sh b/scripts/pulsar/prepare_helm_release.sh new file mode 100755 index 0000000..a174bc8 --- /dev/null +++ b/scripts/pulsar/prepare_helm_release.sh @@ -0,0 +1,155 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd) +cd ${CHART_HOME} + +usage() { + cat <