apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pulsar-helm-chart/charts/pulsar/templates/proxy-statefulset.yaml
Miloš Matijašević c2f672881e
Updating pods on configmap change (#73) 
Fixes #71 

### Motivation

Pods are not restarting when config maps are changed after changing values.yaml file, so they need to be restarted manually in order to pick up new values from config map. 

### Modifications

As I mentioned `restartPodsOnConfigMapChange` flag for each component is added in values.yaml file whether to restart pods on configmap change or not, default is `false`.
In statefulset templates for each component is added part which is adding annotation that contains hash of corresponding configmap if `restartPodsOnConfigMapChange` is `true`, which will cause pods to restart if corresponding configmap has been changed (https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments).

### Verifying this change

- [ ] Make sure that the change passes the CI checks.
2021-01-07 21:28:11 -08:00

264 lines
10 KiB
YAML
Raw Blame History

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if or .Values.components.proxy .Values.extra.proxy }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
replicas: {{ .Values.proxy.replicaCount }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.proxy.component }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.proxy.component }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.proxy.ports.http }}"
{{- if .Values.proxy.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/proxy-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.proxy.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.proxy.nodeSelector }}
nodeSelector:
{{ toYaml .Values.proxy.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.proxy.tolerations }}
tolerations:
{{ toYaml .Values.proxy.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if and .Values.affinity.anti_affinity .Values.proxy.affinity.anti_affinity}}
podAntiAffinity:
{{ if eq .Values.proxy.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}}
{{ .Values.proxy.affinity.type }}:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.proxy.component }}
topologyKey: "kubernetes.io/hostname"
{{ else }}
{{ .Values.proxy.affinity.type }}:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.proxy.component }}
topologyKey: "kubernetes.io/hostname"
{{ end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.proxy.gracePeriod }}
initContainers:
# This init container will wait for zookeeper to be ready before
# deploying the bookies
- name: wait-zookeeper-ready
image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
command: ["sh", "-c"]
args:
- >-
{{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }}
until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do
echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3;
done;
{{ else }}
until bin/pulsar zookeeper-shell -server {{ template "pulsar.configurationStore.service" . }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster.name" . }}; do
sleep 3;
done;
{{- end}}
# This init container will wait for at least one broker to be ready before
# deploying the proxy
- name: wait-broker-ready
image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
command: ["sh", "-c"]
args:
- >-
set -e;
brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)";
until [ ${brokerServiceNumber} -ge 1 ]; do
echo "pulsar cluster {{ template "pulsar.cluster.name" . }} isn't initialized yet ... check in 10 seconds ...";
sleep 10;
brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)";
done;
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
image: "{{ .Values.images.proxy.repository }}:{{ .Values.images.proxy.tag }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
{{- if .Values.proxy.probe.liveness.enabled }}
livenessProbe:
httpGet:
path: /status.html
port: {{ .Values.proxy.ports.http }}
initialDelaySeconds: {{ .Values.proxy.probe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.proxy.probe.liveness.periodSeconds }}
failureThreshold: {{ .Values.proxy.probe.liveness.failureThreshold }}
{{- end }}
{{- if .Values.proxy.probe.readiness.enabled }}
readinessProbe:
httpGet:
path: /status.html
port: {{ .Values.proxy.ports.http }}
initialDelaySeconds: {{ .Values.proxy.probe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.proxy.probe.readiness.periodSeconds }}
failureThreshold: {{ .Values.proxy.probe.readiness.failureThreshold }}
{{- end }}
{{- if .Values.proxy.probe.startup.enabled }}
startupProbe:
httpGet:
path: /status.html
port: {{ .Values.proxy.ports.http }}
initialDelaySeconds: {{ .Values.proxy.probe.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.proxy.probe.startup.periodSeconds }}
failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }}
{{- end }}
{{- if .Values.proxy.resources }}
resources:
{{ toYaml .Values.proxy.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
bin/apply-config-from-env.py conf/proxy.conf &&
echo "OK" > status &&
exec bin/pulsar proxy
ports:
# prometheus needs to access /metrics endpoint
- name: http
containerPort: {{ .Values.proxy.ports.http }}
{{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }}
- name: pulsar
containerPort: {{ .Values.proxy.ports.pulsar }}
{{- end }}
{{- if and (.Values.tls.enabled) (.Values.tls.proxy.enabled) }}
- name: https
containerPort: {{ .Values.proxy.ports.https }}
- name: pulsarssl
containerPort: {{ .Values.proxy.ports.pulsarssl }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- if or .Values.auth.authentication.enabled (and .Values.tls.enabled (or .Values.tls.proxy.enabled .Values.tls.broker.enabled)) }}
volumeMounts:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- mountPath: "/pulsar/keys"
name: token-keys
readOnly: true
- mountPath: "/pulsar/tokens"
name: proxy-token
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.tls.proxy.enabled }}
- mountPath: "/pulsar/certs/proxy"
name: proxy-certs
readOnly: true
{{- end}}
{{- if .Values.tls.enabled }}
- mountPath: "/pulsar/certs/ca"
name: ca
readOnly: true
{{- end}}
{{- end}}
{{- if or .Values.auth.authentication.enabled (and .Values.tls.enabled .Values.tls.proxy.enabled) }}
volumes:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- name: token-keys
secret:
{{- if not .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-asymmetric-key"
{{- end}}
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-symmetric-key"
{{- end}}
items:
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
- key: SECRETKEY
path: token/secret.key
{{- else }}
- key: PUBLICKEY
path: token/public.key
{{- end}}
- name: proxy-token
secret:
secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.proxy }}"
items:
- key: TOKEN
path: proxy/token
{{- end}}
{{- end}}
{{- if .Values.tls.proxy.enabled }}
- name: ca
secret:
secretName: "{{ .Release.Name }}-ca-tls"
items:
- key: ca.crt
path: ca.crt
- name: proxy-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
{{- end}}
{{- end}}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink