q792602257/DataMate
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: 对接deer-flow (#54)

Browse Source 
feature: 对接deer-flow
This commit is contained in:
hhhhsc701
2025-11-04 20:30:40 +08:00
committed by GitHub
parent dc30b0d892
commit f3958f08d9
710 changed files with 112812 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

304
deployment/helm/milvus/charts/kafka/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,304 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
/opt/bitnami/scripts/kafka/entrypoint.sh /opt/bitnami/scripts/kafka/run.sh
{{- else }}
{{- $replicaCount := int .Values.replicaCount -}}
{{- $releaseNamespace := .Release.Namespace -}}
{{- $clusterDomain := .Values.clusterDomain -}}
{{- $fullname := include "common.names.fullname" . -}}
{{- $clientProtocol := include "kafka.listenerType" (dict "protocol" .Values.auth.clientProtocol) -}}
{{- $externalClientProtocol := include "kafka.listenerType" (dict "protocol" (include "kafka.externalClientProtocol" . )) -}}
{{- $saslMechanisms := .Values.auth.sasl.mechanisms -}}
{{- $tlsEndpointIdentificationAlgorithm := default "" .Values.auth.tls.endpointIdentificationAlgorithm -}}
{{- $tlsPasswordSecret := printf "$(kubectl get secret %s --namespace %s -o jsonpath='{.data.password}' | base64 --decode | cut -d , -f 1)" .Values.auth.tls.existingSecret $releaseNamespace -}}
{{- $tlsPassword := ternary .Values.auth.tls.password $tlsPasswordSecret (eq .Values.auth.tls.existingSecret "") -}}
{{- $servicePort := int .Values.service.ports.client -}}
{{- if and (or (eq .Values.service.type "LoadBalancer") .Values.externalAccess.enabled) (eq $externalClientProtocol "PLAINTEXT") }}
---------------------------------------------------------------------------------------------
WARNING
By specifying "serviceType=LoadBalancer" and not configuring the authentication
you have most likely exposed the Kafka service externally without any
authentication mechanism.
For security reasons, we strongly suggest that you switch to "ClusterIP" or
"NodePort". As alternative, you can also configure the Kafka authentication.
---------------------------------------------------------------------------------------------
{{- end }}
** Please be patient while the chart is being deployed **
Kafka can be accessed by consumers via port {{ $servicePort }} on the following DNS name from within your cluster:
{{ $fullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}
Each Kafka broker can be accessed by producers via port {{ $servicePort }} on the following DNS name(s) from within your cluster:
{{- $brokerList := list }}
{{- range $e, $i := until $replicaCount }}
{{- $brokerList = append $brokerList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $servicePort) }}
{{- end }}
{{ join "\n" $brokerList | nindent 4 }}
{{- if (include "kafka.client.saslAuthentication" .) }}
You need to configure your Kafka client to access using SASL authentication. To do so, you need to create the 'kafka_jaas.conf' and 'client.properties' configuration files with the content below:
- kafka_jaas.conf:
KafkaClient {
{{- if $saslMechanisms | regexFind "scram" }}
org.apache.kafka.common.security.scram.ScramLoginModule required
{{- else }}
org.apache.kafka.common.security.plain.PlainLoginModule required
{{- end }}
username="{{ index .Values.auth.sasl.jaas.clientUsers 0 }}"
password="$(kubectl get secret {{ $fullname }}-jaas --namespace {{ $releaseNamespace }} -o jsonpath='{.data.client-passwords}' | base64 --decode | cut -d , -f 1)";
};
- client.properties:
security.protocol={{ $clientProtocol }}
{{- if $saslMechanisms | regexFind "scram-sha-256" }}
sasl.mechanism=SCRAM-SHA-256
{{- else if $saslMechanisms | regexFind "scram-sha-512" }}
sasl.mechanism=SCRAM-SHA-512
{{- else }}
sasl.mechanism=PLAIN
{{- end }}
{{- if eq $clientProtocol "SASL_SSL" }}
ssl.truststore.type={{ upper .Values.auth.tls.type }}
{{- if eq .Values.auth.tls.type "jks" }}
ssl.truststore.location=/tmp/kafka.truststore.jks
{{- if not (empty $tlsPassword) }}
ssl.truststore.password={{ $tlsPassword }}
{{- end }}
{{- else if eq .Values.auth.tls.type "pem" }}
ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \
... \
-----END CERTIFICATE-----
{{- end }}
{{- if eq $tlsEndpointIdentificationAlgorithm "" }}
ssl.endpoint.identification.algorithm=
{{- end }}
{{- end }}
{{- else if (include "kafka.client.tlsEncryption" .) }}
You need to configure your Kafka client to access using TLS authentication. To do so, you need to create the 'client.properties' configuration file with the content below:
security.protocol={{ $clientProtocol }}
ssl.truststore.type={{ upper .Values.auth.tls.type }}
{{- if eq .Values.auth.tls.type "jks" }}
ssl.truststore.location=/tmp/kafka.truststore.{{ .Values.auth.tls.type }}
{{- if not (empty $tlsPassword) }}
ssl.truststore.password={{ $tlsPassword }}
{{- end }}
{{- else if eq .Values.auth.tls.type "pem" }}
ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \
... \
-----END CERTIFICATE-----
{{- end }}
{{- if eq .Values.auth.clientProtocol "mtls" }}
ssl.keystore.type={{ upper .Values.auth.tls.type }}
{{- if eq .Values.auth.tls.type "jks" }}
ssl.keystore.location=/tmp/client.keystore.jks
{{- if not (empty $tlsPassword) }}
ssl.keystore.password={{ $tlsPassword }}
{{- end }}
{{- else if eq .Values.auth.tls.type "pem" }}
ssl.keystore.certificate.chain=-----BEGIN CERTIFICATE----- \
... \
-----END CERTIFICATE-----
ssl.keystore.key=-----BEGIN ENCRYPTED PRIVATE KEY----- \
... \
-----END ENCRYPTED PRIVATE KEY-----
{{- end }}
{{- end }}
{{- if eq $tlsEndpointIdentificationAlgorithm "" }}
ssl.endpoint.identification.algorithm=
{{- end }}
{{- end }}
To create a pod that you can use as a Kafka client run the following commands:
kubectl run {{ $fullname }}-client --restart='Never' --image {{ template "kafka.image" . }} --namespace {{ $releaseNamespace }} --command -- sleep infinity
{{- if or (include "kafka.client.saslAuthentication" .) (include "kafka.client.tlsEncryption" .) }}
kubectl cp --namespace {{ $releaseNamespace }} /path/to/client.properties {{ $fullname }}-client:/tmp/client.properties
{{- end }}
{{- if (include "kafka.client.saslAuthentication" .) }}
kubectl cp --namespace {{ $releaseNamespace }} /path/to/kafka_jaas.conf {{ $fullname }}-client:/tmp/kafka_jaas.conf
{{- end }}
{{- if and (include "kafka.client.tlsEncryption" .) (eq .Values.auth.tls.type "jks") }}
kubectl cp --namespace {{ $releaseNamespace }} ./kafka.truststore.jks {{ $fullname }}-client:/tmp/kafka.truststore.jks
{{- if eq .Values.auth.clientProtocol "mtls" }}
kubectl cp --namespace {{ $releaseNamespace }} ./client.keystore.jks {{ $fullname }}-client:/tmp/client.keystore.jks
{{- end }}
{{- end }}
kubectl exec --tty -i {{ $fullname }}-client --namespace {{ $releaseNamespace }} -- bash
{{- if (include "kafka.client.saslAuthentication" .) }}
export KAFKA_OPTS="-Djava.security.auth.login.config=/tmp/kafka_jaas.conf"
{{- end }}
PRODUCER:
kafka-console-producer.sh \
{{ if or (include "kafka.client.saslAuthentication" .) (include "kafka.client.tlsEncryption" .) }}--producer.config /tmp/client.properties \{{ end }}
--broker-list {{ join "," $brokerList }} \
--topic test
CONSUMER:
kafka-console-consumer.sh \
{{ if or (include "kafka.client.saslAuthentication" .) (include "kafka.client.tlsEncryption" .) }}--consumer.config /tmp/client.properties \{{ end }}
--bootstrap-server {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ .Values.service.ports.client }} \
--topic test \
--from-beginning
{{- if .Values.externalAccess.enabled }}
To connect to your Kafka server from outside the cluster, follow the instructions below:
{{- if eq "NodePort" .Values.externalAccess.service.type }}
{{- if .Values.externalAccess.service.domain }}
Kafka brokers domain: Use your provided hostname to reach Kafka brokers, {{ .Values.externalAccess.service.domain }}
{{- else }}
Kafka brokers domain: You can get the external node IP from the Kafka configuration file with the following commands (Check the EXTERNAL listener)
1. Obtain the pod name:
kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "kafka.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka"
2. Obtain pod configuration:
kubectl exec -it KAFKA_POD -- cat /opt/bitnami/kafka/config/server.properties | grep advertised.listeners
{{- end }}
Kafka brokers port: You will have a different node port for each Kafka broker. You can get the list of configured node ports using the command below:
echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "kafka.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')"
{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IPs to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "kafka.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -w'
Kafka Brokers domain: You will have a different external IP for each Kafka broker. You can get the list of external IPs using the command below:
echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "kafka.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=kafka,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')"
Kafka Brokers port: {{ .Values.externalAccess.service.ports.external }}
{{- end }}
{{- if not (eq $clientProtocol $externalClientProtocol) }}
{{- if (include "kafka.client.saslAuthentication" .) }}
You need to configure your Kafka client to access using SASL authentication. To do so, you need to create the 'kafka_jaas.conf' and 'client.properties' configuration files with the content below:
- kafka_jaas.conf:
KafkaClient {
{{- if $saslMechanisms | regexFind "scram" }}
org.apache.kafka.common.security.scram.ScramLoginModule required
{{- else }}
org.apache.kafka.common.security.plain.PlainLoginModule required
{{- end }}
username="{{ index .Values.auth.sasl.jaas.clientUsers 0 }}"
password="$(kubectl get secret {{ $fullname }}-jaas --namespace {{ $releaseNamespace }} -o jsonpath='{.data.client-passwords}' | base64 --decode | cut -d , -f 1)";
};
- client.properties:
security.protocol={{ $externalClientProtocol }}
{{- if $saslMechanisms | regexFind "scram-sha-256" }}
sasl.mechanism=SCRAM-SHA-256
{{- else if $saslMechanisms | regexFind "scram-sha-512" }}
sasl.mechanism=SCRAM-SHA-512
{{- else }}
sasl.mechanism=PLAIN
{{- end }}
{{- if eq $externalClientProtocol "SASL_SSL" }}
ssl.truststore.type={{ upper .Values.auth.tls.type }}
{{- if eq .Values.auth.tls.type "jks" }}
ssl.truststore.location=/tmp/kafka.truststore.jks
{{- if not (empty $tlsPassword) }}
ssl.truststore.password={{ $tlsPassword }}
{{- end }}
{{- else if eq .Values.auth.tls.type "pem" }}
ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \
... \
-----END CERTIFICATE-----
{{- end }}
{{- if eq $tlsEndpointIdentificationAlgorithm "" }}
ssl.endpoint.identification.algorithm=
{{- end }}
{{- end }}
{{- else if (include "kafka.externalClient.tlsEncryption" .) }}
You need to configure your Kafka client to access using TLS authentication. To do so, you need to create the 'client.properties' configuration file with the content below:
security.protocol={{ $externalClientProtocol }}
ssl.truststore.type={{ upper .Values.auth.tls.type }}
{{- if eq .Values.auth.tls.type "jks" }}
ssl.truststore.location=/tmp/kafka.truststore.{{ .Values.auth.tls.type }}
{{- if not (empty $tlsPassword) }}
ssl.truststore.password={{ $tlsPassword }}
{{- end }}
{{- else if eq .Values.auth.tls.type "pem" }}
ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \
... \
-----END CERTIFICATE-----
{{- end }}
{{- if eq .Values.auth.externalClientProtocol "mtls" }}
ssl.keystore.type={{ upper .Values.auth.tls.type }}
{{- if eq .Values.auth.tls.type "jks" }}
ssl.keystore.location=/tmp/client.keystore.jks
{{- if not (empty $tlsPassword) }}
ssl.keystore.password={{ $tlsPassword }}
{{- end }}
{{- else if eq .Values.auth.tls.type "pem" }}
ssl.keystore.certificate.chain=-----BEGIN CERTIFICATE----- \
... \
-----END CERTIFICATE-----
ssl.keystore.key=-----BEGIN ENCRYPTED PRIVATE KEY----- \
... \
-----END ENCRYPTED PRIVATE KEY-----
{{- end }}
{{- end }}
{{- if eq $tlsEndpointIdentificationAlgorithm "" }}
ssl.endpoint.identification.algorithm=
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- include "kafka.checkRollingTags" . }}
{{- include "kafka.validateValues" . }}

474
deployment/helm/milvus/charts/kafka/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,474 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kafka.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified zookeeper name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "kafka.zookeeper.fullname" -}}
{{- if .Values.zookeeper.fullnameOverride -}}
{{- .Values.zookeeper.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default "zookeeper" .Values.zookeeper.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "kafka.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Kafka image name
*/}}
{{- define "kafka.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container auto-discovery image)
*/}}
{{- define "kafka.externalAccess.autoDiscovery.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "kafka.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Create a default fully qualified Kafka exporter name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "kafka.metrics.kafka.fullname" -}}
{{- printf "%s-exporter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{/*
Create the name of the service account to use for Kafka exporter pods
*/}}
{{- define "kafka.metrics.kafka.serviceAccountName" -}}
{{- if .Values.metrics.kafka.serviceAccount.create -}}
{{ default (include "kafka.metrics.kafka.fullname" .) .Values.metrics.kafka.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.metrics.kafka.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Kafka exporter image name
*/}}
{{- define "kafka.metrics.kafka.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.kafka.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper JMX exporter image name
*/}}
{{- define "kafka.metrics.jmx.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.jmx.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kafka.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.externalAccess.autoDiscovery.image .Values.volumePermissions.image .Values.metrics.kafka.image .Values.metrics.jmx.image) "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "kafka.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return true if authentication via SASL should be configured for client communications
*/}}
{{- define "kafka.client.saslAuthentication" -}}
{{- $saslProtocols := list "sasl" "sasl_tls" -}}
{{- if has .Values.auth.clientProtocol $saslProtocols -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if authentication via SASL should be configured for inter-broker communications
*/}}
{{- define "kafka.interBroker.saslAuthentication" -}}
{{- $saslProtocols := list "sasl" "sasl_tls" -}}
{{- if has .Values.auth.interBrokerProtocol $saslProtocols -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if encryption via TLS for client connections should be configured
*/}}
{{- define "kafka.client.tlsEncryption" -}}
{{- $tlsProtocols := list "tls" "mtls" "sasl_tls" -}}
{{- if (has .Values.auth.clientProtocol $tlsProtocols) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the configured value for the external client protocol, defaults to the same value as clientProtocol
*/}}
{{- define "kafka.externalClientProtocol" -}}
{{- coalesce .Values.auth.externalClientProtocol .Values.auth.clientProtocol -}}
{{- end -}}
{{/*
Return true if encryption via TLS for external client connections should be configured
*/}}
{{- define "kafka.externalClient.tlsEncryption" -}}
{{- $tlsProtocols := list "tls" "mtls" "sasl_tls" -}}
{{- if (has (include "kafka.externalClientProtocol" . ) $tlsProtocols) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if encryption via TLS for inter broker communication connections should be configured
*/}}
{{- define "kafka.interBroker.tlsEncryption" -}}
{{- $tlsProtocols := list "tls" "mtls" "sasl_tls" -}}
{{- if (has .Values.auth.interBrokerProtocol $tlsProtocols) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if encryption via TLS should be configured
*/}}
{{- define "kafka.tlsEncryption" -}}
{{- if or (include "kafka.client.tlsEncryption" .) (include "kafka.interBroker.tlsEncryption" .) (include "kafka.externalClient.tlsEncryption" .) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the type of listener
Usage:
{{ include "kafka.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }}
*/}}
{{- define "kafka.listenerType" -}}
{{- if eq .protocol "plaintext" -}}
PLAINTEXT
{{- else if or (eq .protocol "tls") (eq .protocol "mtls") -}}
SSL
{{- else if eq .protocol "sasl_tls" -}}
SASL_SSL
{{- else if eq .protocol "sasl" -}}
SASL_PLAINTEXT
{{- end -}}
{{- end -}}
{{/*
Return the Kafka JAAS credentials secret
*/}}
{{- define "kafka.jaasSecretName" -}}
{{- $secretName := .Values.auth.sasl.jaas.existingSecret -}}
{{- if $secretName -}}
{{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
{{- printf "%s-jaas" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a JAAS credentials secret object should be created
*/}}
{{- define "kafka.createJaasSecret" -}}
{{- $secretName := .Values.auth.sasl.jaas.existingSecret -}}
{{- if and (or (include "kafka.client.saslAuthentication" .) (include "kafka.interBroker.saslAuthentication" .) (and .Values.zookeeper.auth.enabled .Values.auth.sasl.jaas.zookeeperUser)) (empty $secretName) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS credentials secret object should be created
*/}}
{{- define "kafka.createTlsSecret" -}}
{{- if and (include "kafka.tlsEncryption" .) (empty .Values.auth.tls.existingSecrets) (eq .Values.auth.tls.type "pem") .Values.auth.tls.autoGenerated }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the Kafka configuration configmap
*/}}
{{- define "kafka.configmapName" -}}
{{- if .Values.existingConfigmap -}}
{{- printf "%s" (tpl .Values.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s-configuration" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Returns the secret name for the Kafka Provisioning client
*/}}
{{- define "kafka.client.passwordsSecretName" -}}
{{- if .Values.provisioning.auth.tls.passwordsSecret -}}
{{- printf "%s" (tpl .Values.provisioning.auth.tls.passwordsSecret $) -}}
{{- else -}}
{{- printf "%s-client-secret" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap object should be created
*/}}
{{- define "kafka.createConfigmap" -}}
{{- if and .Values.config (not .Values.existingConfigmap) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the Kafka log4j ConfigMap name.
*/}}
{{- define "kafka.log4j.configMapName" -}}
{{- if .Values.existingLog4jConfigMap -}}
{{- printf "%s" (tpl .Values.existingLog4jConfigMap $) -}}
{{- else -}}
{{- printf "%s-log4j-configuration" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a log4j ConfigMap object should be created.
*/}}
{{- define "kafka.log4j.createConfigMap" -}}
{{- if and .Values.log4j (not .Values.existingLog4jConfigMap) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the SASL mechanism to use for the Kafka exporter to access Kafka
The exporter uses a different nomenclature so we need to do this hack
*/}}
{{- define "kafka.metrics.kafka.saslMechanism" -}}
{{- $saslMechanisms := .Values.auth.sasl.mechanisms }}
{{- if contains "scram-sha-512" $saslMechanisms }}
{{- print "scram-sha512" -}}
{{- else if contains "scram-sha-256" $saslMechanisms }}
{{- print "scram-sha256" -}}
{{- else -}}
{{- print "plain" -}}
{{- end -}}
{{- end -}}
{{/*
Return the Kafka configuration configmap
*/}}
{{- define "kafka.metrics.jmx.configmapName" -}}
{{- if .Values.metrics.jmx.existingConfigmap -}}
{{- printf "%s" (tpl .Values.metrics.jmx.existingConfigmap $) -}}
{{- else -}}
{{- printf "%s-jmx-configuration" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap object should be created
*/}}
{{- define "kafka.metrics.jmx.createConfigmap" -}}
{{- if and .Values.metrics.jmx.enabled .Values.metrics.jmx.config (not .Values.metrics.jmx.existingConfigmap) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Check if there are rolling tags in the images
*/}}
{{- define "kafka.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.kafka.image }}
{{- include "common.warnings.rollingTag" .Values.metrics.jmx.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "kafka.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "kafka.validateValues.authProtocols" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.nodePortListLength" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceType" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.externalAccessAutoDiscoveryRBAC" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.externalAccessAutoDiscoveryIPsOrNames" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceList" (dict "element" "loadBalancerIPs" "context" .)) -}}
{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceList" (dict "element" "loadBalancerNames" "context" .)) -}}
{{- $messages := append $messages (include "kafka.validateValues.externalAccessServiceList" (dict "element" "loadBalancerAnnotations" "context" . )) -}}
{{- $messages := append $messages (include "kafka.validateValues.saslMechanisms" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.tlsSecrets" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.tlsSecrets.length" .) -}}
{{- $messages := append $messages (include "kafka.validateValues.tlsPasswords" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - Authentication protocols for Kafka */}}
{{- define "kafka.validateValues.authProtocols" -}}
{{- $authProtocols := list "plaintext" "tls" "mtls" "sasl" "sasl_tls" -}}
{{- if or (not (has .Values.auth.clientProtocol $authProtocols)) (not (has .Values.auth.interBrokerProtocol $authProtocols)) (not (has (include "kafka.externalClientProtocol" . ) $authProtocols)) -}}
kafka: auth.clientProtocol auth.externalClientProtocol auth.interBrokerProtocol
Available authentication protocols are "plaintext", "tls", "mtls", "sasl" and "sasl_tls"
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - number of replicas must be the same as NodePort list */}}
{{- define "kafka.validateValues.nodePortListLength" -}}
{{- $replicaCount := int .Values.replicaCount }}
{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }}
{{- if and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $nodePortListLength )) (eq .Values.externalAccess.service.type "NodePort") -}}
kafka: .Values.externalAccess.service.nodePorts
Number of replicas and nodePort array length must be the same. Currently: replicaCount = {{ $replicaCount }} and nodePorts = {{ $nodePortListLength }}
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - service type for external access */}}
{{- define "kafka.validateValues.externalAccessServiceType" -}}
{{- if and (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) -}}
kafka: externalAccess.service.type
Available service type for external access are NodePort or LoadBalancer.
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - RBAC should be enabled when autoDiscovery is enabled */}}
{{- define "kafka.validateValues.externalAccessAutoDiscoveryRBAC" -}}
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }}
kafka: rbac.create
By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true"
an initContainer will be used to auto-detect the external IPs/ports by querying the
K8s API. Please note this initContainer requires specific RBAC resources. You can create them
by specifying "--set rbac.create=true".
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - LoadBalancerIPs or LoadBalancerNames should be set when autoDiscovery is disabled */}}
{{- define "kafka.validateValues.externalAccessAutoDiscoveryIPsOrNames" -}}
{{- $loadBalancerNameListLength := len .Values.externalAccess.service.loadBalancerNames -}}
{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs -}}
{{- if and .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "LoadBalancer") (not .Values.externalAccess.autoDiscovery.enabled) (eq $loadBalancerNameListLength 0) (eq $loadBalancerIPListLength 0) }}
kafka: externalAccess.service.loadBalancerNames or externalAccess.service.loadBalancerIPs
By specifying "externalAccess.enabled=true", "externalAccess.autoDiscovery.enabled=false" and
"externalAccess.service.type=LoadBalancer" at least one of externalAccess.service.loadBalancerNames
or externalAccess.service.loadBalancerIPs must be set and the length of those arrays must be equal
to the number of replicas.
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - number of replicas must be the same as loadBalancerIPs list */}}
{{- define "kafka.validateValues.externalAccessServiceList" -}}
{{- $replicaCount := int .context.Values.replicaCount }}
{{- $listLength := len (get .context.Values.externalAccess.service .element) -}}
{{- if and .context.Values.externalAccess.enabled (not .context.Values.externalAccess.autoDiscovery.enabled) (eq .context.Values.externalAccess.service.type "LoadBalancer") (gt $listLength 0) (not (eq $replicaCount $listLength)) }}
kafka: externalAccess.service.{{ .element }}
Number of replicas and {{ .element }} array length must be the same. Currently: replicaCount = {{ $replicaCount }} and {{ .element }} = {{ $listLength }}
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - SASL mechanisms must be provided when using SASL */}}
{{- define "kafka.validateValues.saslMechanisms" -}}
{{- if and (or (.Values.auth.clientProtocol | regexFind "sasl") (.Values.auth.interBrokerProtocol | regexFind "sasl") (and .Values.zookeeper.auth.enabled .Values.auth.sasl.jaas.zookeeperUser)) (not .Values.auth.sasl.mechanisms) }}
kafka: auth.sasl.mechanisms
The SASL mechanisms are required when either auth.clientProtocol or auth.interBrokerProtocol use SASL or Zookeeper user is provided.
{{- end }}
{{- if not (contains .Values.auth.sasl.interBrokerMechanism .Values.auth.sasl.mechanisms) }}
kafka: auth.sasl.mechanisms
auth.sasl.interBrokerMechanism must be provided and it should be one of the specified mechanisms at auth.saslMechanisms
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - Secrets containing TLS certs must be provided when TLS authentication is enabled */}}
{{- define "kafka.validateValues.tlsSecrets" -}}
{{- if and (include "kafka.tlsEncryption" .) (eq .Values.auth.tls.type "jks") (empty .Values.auth.tls.existingSecrets) }}
kafka: auth.tls.existingSecrets
A secret containing the Kafka JKS keystores and truststore is required
when TLS encryption in enabled and TLS format is "JKS"
{{- else if and (include "kafka.tlsEncryption" .) (eq .Values.auth.tls.type "pem") (empty .Values.auth.tls.existingSecrets) (not .Values.auth.tls.autoGenerated) }}
kafka: auth.tls.existingSecrets
A secret containing the Kafka TLS certificates and keys is required
when TLS encryption in enabled and TLS format is "PEM"
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka - The number of secrets containing TLS certs should be equal to the number of replicas */}}
{{- define "kafka.validateValues.tlsSecrets.length" -}}
{{- $replicaCount := int .Values.replicaCount }}
{{- if and (include "kafka.tlsEncryption" .) (not (empty .Values.auth.tls.existingSecrets)) }}
{{- $existingSecretsLength := len .Values.auth.tls.existingSecrets }}
{{- if ne $replicaCount $existingSecretsLength }}
kafka: .Values.auth.tls.existingSecrets
Number of replicas and existingSecrets array length must be the same. Currently: replicaCount = {{ $replicaCount }} and existingSecrets = {{ $existingSecretsLength }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Kafka provisioning - keyPasswordSecretKey, keystorePasswordSecretKey or truststorePasswordSecretKey must not be used without passwordsSecret */}}
{{- define "kafka.validateValues.tlsPasswords" -}}
{{- if and (include "kafka.client.tlsEncryption" .) (not .Values.auth.tls.passwordsSecret) }}
{{- if or .Values.auth.tls.keyPasswordSecretKey .Values.auth.tls.keystorePasswordSecretKey .Values.auth.tls.truststorePasswordSecretKey }}
kafka: auth.tls.keyPasswordSecretKey,auth.tls.keystorePasswordSecretKey,auth.tls.truststorePasswordSecretKey
auth.tls.keyPasswordSecretKey,auth.tls.keystorePasswordSecretKey,auth.tls.truststorePasswordSecretKey
must not be used without passwordsSecret setted.
{{- end -}}
{{- end -}}
{{- end -}}

17
deployment/helm/milvus/charts/kafka/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if (include "kafka.createConfigmap" .) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
server.properties: |-
{{ .Values.config | nindent 4 }}
{{- end -}}

4
deployment/helm/milvus/charts/kafka/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

38
deployment/helm/milvus/charts/kafka/templates/jaas-secret.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if (include "kafka.createJaasSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-jaas" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if (include "kafka.client.saslAuthentication" .) }}
{{- $clientUsers := .Values.auth.sasl.jaas.clientUsers }}
{{- $clientPasswords := .Values.auth.sasl.jaas.clientPasswords }}
{{- if $clientPasswords }}
client-passwords: {{ join "," $clientPasswords | b64enc | quote }}
{{- else }}
{{- $passwords := list }}
{{- range $clientUsers }}
{{- $passwords = append $passwords (randAlphaNum 10) }}
{{- end }}
client-passwords: {{ join "," $passwords | b64enc | quote }}
{{- end }}
{{- end }}
{{- $zookeeperUser := .Values.auth.sasl.jaas.zookeeperUser }}
{{- if and .Values.zookeeper.auth.enabled $zookeeperUser }}
{{- $zookeeperPassword := .Values.auth.sasl.jaas.zookeeperPassword }}
zookeeper-password: {{ default (randAlphaNum 10) $zookeeperPassword | b64enc | quote }}
{{- end }}
{{- if (include "kafka.interBroker.saslAuthentication" .) }}
{{- $interBrokerPassword := .Values.auth.sasl.jaas.interBrokerPassword }}
inter-broker-password: {{ default (randAlphaNum 10) $interBrokerPassword | b64enc | quote }}
{{- end }}
{{- end }}

60
deployment/helm/milvus/charts/kafka/templates/jmx-configmap.yaml Normal file
View File

@@ -0,0 +1,60 @@
{{- if (include "kafka.metrics.jmx.createConfigmap" .) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-jmx-configuration" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
jmx-kafka-prometheus.yml: |-
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.jmx.config "context" $ ) | nindent 4 }}
rules:
- pattern: kafka.controller<type=(ControllerChannelManager), name=(QueueSize), broker-id=(\d+)><>(Value)
name: kafka_controller_$1_$2_$4
labels:
broker_id: "$3"
- pattern: kafka.controller<type=(ControllerChannelManager), name=(TotalQueueSize)><>(Value)
name: kafka_controller_$1_$2_$3
- pattern: kafka.controller<type=(KafkaController), name=(.+)><>(Value)
name: kafka_controller_$1_$2_$3
- pattern: kafka.controller<type=(ControllerStats), name=(.+)><>(Count)
name: kafka_controller_$1_$2_$3
- pattern: kafka.server<type=(ReplicaFetcherManager), name=(.+), clientId=(.+)><>(Value)
name: kafka_server_$1_$2_$4
labels:
client_id: "$3"
- pattern : kafka.network<type=(Processor), name=(IdlePercent), networkProcessor=(.+)><>(Value)
name: kafka_network_$1_$2_$4
labels:
network_processor: $3
- pattern : kafka.network<type=(RequestMetrics), name=(RequestsPerSec), request=(.+)><>(Count)
name: kafka_network_$1_$2_$4
labels:
request: $3
- pattern: kafka.server<type=(.+), name=(.+), topic=(.+)><>(Count|OneMinuteRate)
name: kafka_server_$1_$2_$4
labels:
topic: $3
- pattern: kafka.server<type=(DelayedOperationPurgatory), name=(.+), delayedOperation=(.+)><>(Value)
name: kafka_server_$1_$2_$3_$4
- pattern: kafka.server<type=(.+), name=(.+)><>(Count|Value|OneMinuteRate)
name: kafka_server_$1_total_$2_$3
- pattern: kafka.server<type=(.+)><>(queue-size)
name: kafka_server_$1_$2
- pattern: java.lang<type=(.+), name=(.+)><(.+)>(\w+)
name: java_lang_$1_$4_$3_$2
- pattern: java.lang<type=(.+), name=(.+)><>(\w+)
name: java_lang_$1_$3_$2
- pattern : java.lang<type=(.*)>
- pattern: kafka.log<type=(.+), name=(.+), topic=(.+), partition=(.+)><>Value
name: kafka_log_$1_$2
labels:
topic: $3
partition: $4
{{- end -}}

34
deployment/helm/milvus/charts/kafka/templates/jmx-metrics-svc.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.metrics.jmx.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.metrics.jmx.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.metrics.jmx.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" .Values.metrics.jmx.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.jmx.service.sessionAffinity }}
{{- if .Values.metrics.jmx.service.clusterIP }}
clusterIP: {{ .Values.metrics.jmx.service.clusterIP }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.metrics.jmx.service.ports.metrics }}
protocol: TCP
targetPort: metrics
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- end }}

168
deployment/helm/milvus/charts/kafka/templates/kafka-metrics-deployment.yaml Normal file
View File

@@ -0,0 +1,168 @@
{{- if .Values.metrics.kafka.enabled }}
{{- $replicaCount := int .Values.replicaCount -}}
{{- $releaseNamespace := .Release.Namespace -}}
{{- $clusterDomain := .Values.clusterDomain -}}
{{- $fullname := include "common.names.fullname" . -}}
{{- $servicePort := int .Values.service.ports.client -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "kafka.metrics.kafka.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: 1
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: metrics
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: metrics
{{- if .Values.metrics.kafka.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.metrics.kafka.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kafka.imagePullSecrets" . | nindent 6 }}
{{- if .Values.metrics.kafka.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.kafka.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "metrics" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "metrics" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.kafka.nodeAffinityPreset.type "key" .Values.metrics.kafka.nodeAffinityPreset.key "values" .Values.metrics.kafka.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.metrics.kafka.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.kafka.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.kafka.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.kafka.priorityClassName }}
priorityClassName: {{ .Values.metrics.kafka.priorityClassName }}
{{- end }}
{{- if .Values.metrics.kafka.schedulerName }}
schedulerName: {{ .Values.metrics.kafka.schedulerName }}
{{- end }}
{{- if .Values.metrics.kafka.podSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.kafka.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "kafka.metrics.kafka.serviceAccountName" . }}
{{- if .Values.metrics.kafka.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: kafka-exporter
image: {{ include "kafka.metrics.kafka.image" . }}
imagePullPolicy: {{ .Values.metrics.kafka.image.pullPolicy | quote }}
{{- if .Values.metrics.kafka.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.kafka.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.metrics.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}
{{- else }}
command:
- kafka_exporter
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.metrics.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}
{{- else }}
args:
{{- range $i, $e := until $replicaCount }}
- --kafka.server={{ $fullname }}-{{ $i }}.{{ $fullname }}-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }}
{{- end }}
{{- if (include "kafka.client.saslAuthentication" .) }}
- --sasl.enabled
- --sasl.username="$SASL_USERNAME"
- --sasl.password="${SASL_USER_PASSWORD%%,*}"
- --sasl.mechanism={{ include "kafka.metrics.kafka.saslMechanism" . }}
{{- end }}
{{- if (include "kafka.client.tlsEncryption" .) }}
- --tls.enabled
{{- if .Values.metrics.kafka.certificatesSecret }}
- --tls.key-file=/opt/bitnami/kafka-exporter/certs/{{ .Values.metrics.kafka.tlsKey }}
- --tls.cert-file=/opt/bitnami/kafka-exporter/certs/{{ .Values.metrics.kafka.tlsCert }}
{{- if .Values.metrics.kafka.tlsCaSecret }}
- --tls.ca-file=/opt/bitnami/kafka-exporter/cacert/{{ .Values.metrics.kafka.tlsCaCert }}
{{- else }}
- --tls.ca-file=/opt/bitnami/kafka-exporter/certs/{{ .Values.metrics.kafka.tlsCaCert }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.metrics.kafka.extraFlags }}
- --{{ $key }}{{ if $value }}={{ $value }}{{ end }}
{{- end }}
- --web.listen-address=:{{ .Values.metrics.kafka.containerPorts.metrics }}
{{- end }}
{{- if (include "kafka.client.saslAuthentication" .) }}
{{- $clientUsers := .Values.auth.sasl.jaas.clientUsers }}
env:
- name: SASL_USERNAME
value: {{ index $clientUsers 0 | quote }}
- name: SASL_USER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kafka.jaasSecretName" . }}
key: client-passwords
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.kafka.containerPorts.metrics }}
{{- if .Values.metrics.kafka.resources }}
resources: {{ toYaml .Values.metrics.kafka.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.metrics.kafka.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if and (include "kafka.client.tlsEncryption" .) .Values.metrics.kafka.certificatesSecret }}
- name: kafka-exporter-certificates
mountPath: /opt/bitnami/kafka-exporter/certs/
readOnly: true
{{- if .Values.metrics.kafka.tlsCaSecret }}
- name: kafka-exporter-ca-certificate
mountPath: /opt/bitnami/kafka-exporter/cacert/
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.metrics.kafka.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.metrics.kafka.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.kafka.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if and (include "kafka.client.tlsEncryption" .) .Values.metrics.kafka.certificatesSecret }}
- name: kafka-exporter-certificates
secret:
secretName: {{ .Values.metrics.kafka.certificatesSecret }}
defaultMode: 0440
{{- if .Values.metrics.kafka.tlsCaSecret }}
- name: kafka-exporter-ca-certificate
secret:
secretName: {{ .Values.metrics.kafka.tlsCaSecret }}
defaultMode: 0440
{{- end }}
{{- end }}
{{- end }}

16
deployment/helm/milvus/charts/kafka/templates/kafka-metrics-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if and .Values.metrics.kafka.enabled .Values.metrics.kafka.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kafka.metrics.kafka.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.metrics.kafka.serviceAccount.automountServiceAccountToken }}
{{- end }}

34
deployment/helm/milvus/charts/kafka/templates/kafka-metrics-svc.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.metrics.kafka.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.metrics.kafka.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.metrics.kafka.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.kafka.service.sessionAffinity }}
{{- if .Values.metrics.kafka.service.clusterIP }}
clusterIP: {{ .Values.metrics.kafka.service.clusterIP }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.metrics.kafka.service.ports.metrics }}
protocol: TCP
targetPort: metrics
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- end }}

18
deployment/helm/milvus/charts/kafka/templates/kafka-provisioning-secret.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and .Values.provisioning.enabled (include "kafka.client.tlsEncryption" .) (not .Values.provisioning.auth.tls.passwordsSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kafka.client.passwordsSecretName" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
truststore-password: {{ default "" .Values.provisioning.auth.tls.keystorePassword | b64enc | quote }}
keystore-password: {{ default "" .Values.provisioning.auth.tls.truststorePassword | b64enc | quote }}
key-password: {{ default "" .Values.provisioning.auth.tls.keyPassword | b64enc | quote }}
{{- end }}

189
deployment/helm/milvus/charts/kafka/templates/kafka-provisioning.yaml Normal file
View File

@@ -0,0 +1,189 @@
{{- if .Values.provisioning.enabled }}
{{- $replicaCount := int .Values.replicaCount }}
kind: Job
apiVersion: batch/v1
metadata:
name: {{ printf "%s-provisioning" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka-provisioning
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: kafka-provisioning
{{- if .Values.provisioning.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if .Values.provisioning.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kafka.imagePullSecrets" . | nindent 6 }}
{{- if .Values.provisioning.schedulerName }}
schedulerName: {{ .Values.provisioning.schedulerName | quote }}
{{- end }}
{{- if .Values.provisioning.podSecurityContext.enabled }}
securityContext: {{- omit .Values.provisioning.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
restartPolicy: OnFailure
terminationGracePeriodSeconds: 0
initContainers:
- name: wait-for-available-kafka
image: {{ include "kafka.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.provisioning.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.provisioning.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
- /bin/bash
args:
- -ec
- |
wait-for-port \
--host={{ include "common.names.fullname" . }} \
--state=inuse \
--timeout=120 \
{{ .Values.service.ports.client | int64 }};
echo "Kafka is available";
{{- if .Values.provisioning.resources }}
resources: {{- toYaml .Values.provisioning.resources | nindent 12 }}
{{- end }}
{{- if .Values.provisioning.initContainers }}
{{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.initContainers "context" $ ) | nindent 8 }}
{{- end }}
containers:
- name: kafka-provisioning
image: {{ include "kafka.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.provisioning.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.provisioning.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.provisioning.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.command "context" $) | nindent 12 }}
{{- else }}
command:
- /bin/bash
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.provisioning.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.args "context" $) | nindent 12 }}
{{- else }}
args:
- -ec
- |
. /opt/bitnami/scripts/libkafka.sh
export CLIENT_CONF="${CLIENT_CONF:-/opt/bitnami/kafka/config/client.properties}"
if [ ! -f "$CLIENT_CONF" ]; then
touch $CLIENT_CONF
kafka_common_conf_set "$CLIENT_CONF" security.protocol {{ include "kafka.listenerType" ( dict "protocol" .Values.auth.clientProtocol ) | quote }}
{{- if (include "kafka.client.tlsEncryption" .) }}
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.type {{ upper .Values.provisioning.auth.tls.type | quote }}
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.type {{ upper .Values.provisioning.auth.tls.type | quote }}
! is_empty_value "$KAFKA_CLIENT_KEY_PASSWORD" && kafka_common_conf_set "$CLIENT_CONF" ssl.key.password "$KAFKA_CLIENT_KEY_PASSWORD"
{{- if eq (upper .Values.provisioning.auth.tls.type) "PEM" }}
file_to_multiline_property() {
awk 'NR > 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}"
}
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.key "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.key }}")"
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")"
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")"
{{- else if eq (upper .Values.provisioning.auth.tls.type) "JKS" }}
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"
! is_empty_value "$KAFKA_CLIENT_KEYSTORE_PASSWORD" && kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.password "$KAFKA_CLIENT_KEYSTORE_PASSWORD"
! is_empty_value "$KAFKA_CLIENT_TRUSTSTORE_PASSWORD" && kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.password "$KAFKA_CLIENT_TRUSTSTORE_PASSWORD"
{{- end }}
{{- end }}
fi
{{- $bootstrapServer := printf "%s:%d" (include "common.names.fullname" .) (.Values.service.ports.client | int64) }}
{{- range $topic := .Values.provisioning.topics }}
echo "Ensure topic '{{ $topic.name }}' exists"
/opt/bitnami/kafka/bin/kafka-topics.sh \
--create \
--if-not-exists \
--bootstrap-server {{ $bootstrapServer }} \
--replication-factor {{ $topic.replicationFactor | default $.Values.provisioning.replicationFactor }} \
--partitions {{ $topic.partitions | default $.Values.provisioning.numPartitions }} \
{{- range $name, $value := $topic.config }}
--config {{ $name }}={{ $value }} \
{{- end }}
--command-config $CLIENT_CONF \
--topic {{ $topic.name }}
{{- end }}
echo "Provisioning succeeded"
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
{{- if (include "kafka.client.tlsEncryption" .) }}
- name: KAFKA_CLIENT_KEY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "kafka.client.passwordsSecretName" . }}
key: {{ .Values.provisioning.auth.tls.keyPasswordSecretKey }}
- name: KAFKA_CLIENT_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "kafka.client.passwordsSecretName" . }}
key: {{ .Values.provisioning.auth.tls.keystorePasswordSecretKey }}
- name: KAFKA_CLIENT_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "kafka.client.passwordsSecretName" . }}
key: {{ .Values.provisioning.auth.tls.truststorePasswordSecretKey }}
{{- end }}
{{- if .Values.provisioning.resources }}
resources: {{- toYaml .Values.provisioning.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if or .Values.log4j .Values.existingLog4jConfigMap }}
- name: log4j-config
mountPath: {{ .Values.persistence.mountPath }}/config/log4j.properties
subPath: log4j.properties
{{- end }}
{{- if (include "kafka.client.tlsEncryption" .) }}
{{- if not (empty .Values.provisioning.auth.tls.certificatesSecret) }}
- name: kafka-client-certs
mountPath: /certs
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.provisioning.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.provisioning.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.log4j .Values.existingLog4jConfigMap }}
- name: log4j-config
configMap:
name: {{ include "kafka.log4j.configMapName" . }}
{{ end }}
{{- if (include "kafka.client.tlsEncryption" .) }}
{{- if not (empty .Values.provisioning.auth.tls.certificatesSecret) }}
- name: kafka-client-certs
secret:
secretName: {{ .Values.provisioning.auth.tls.certificatesSecret }}
defaultMode: 256
{{- end }}
{{- end }}
{{- if .Values.provisioning.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

17
deployment/helm/milvus/charts/kafka/templates/log4j-configmap.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if (include "kafka.log4j.createConfigMap" .) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kafka.log4j.configMapName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
log4j.properties: |-
{{- include "common.tplvalues.render" ( dict "value" .Values.log4j "context" $ ) | nindent 4 }}
{{- end -}}

22
deployment/helm/milvus/charts/kafka/templates/networkpolicy-egress.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.egressRules.customRules }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 6 }}
policyTypes:
- Egress
egress:
{{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
{{- end }}

53
deployment/helm/milvus/charts/kafka/templates/networkpolicy-ingress.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ printf "%s-ingress" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 6 }}
policyTypes:
- Ingress
ingress:
# Allow client connections
- ports:
- port: {{ .Values.containerPorts.client }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.networkPolicy.explicitNamespacesSelector }}
namespaceSelector: {{- toYaml .Values.networkPolicy.explicitNamespacesSelector | nindent 12 }}
{{- end }}
{{- end }}
# Allow communication inter-broker
- ports:
- port: {{ .Values.containerPorts.internal }}
from:
- podSelector:
matchLabels:
{{- include "common.labels.matchLabels" . | nindent 14 }}
# Allow External connection
{{- if .Values.externalAccess.enabled }}
- ports:
- port: {{ .Values.containerPorts.external }}
{{- if .Values.externalAccess.from }}
from: {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.externalAccess.from "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.kafka.enabled }}
# Allow prometheus scrapes
- ports:
- port: {{ .Values.metrics.kafka.containerPorts.metrics }}
{{- end }}
{{- end }}

26
deployment/helm/milvus/charts/kafka/templates/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- $replicaCount := int .Values.replicaCount }}
{{- if and .Values.pdb.create (gt $replicaCount 1) }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- end }}
{{- if .Values.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: kafka
{{- end }}

24
deployment/helm/milvus/charts/kafka/templates/role.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
{{- end -}}

23
deployment/helm/milvus/charts/kafka/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
kind: Role
name: {{ include "common.names.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ template "kafka.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

182
deployment/helm/milvus/charts/kafka/templates/scripts-configmap.yaml Normal file
View File

@@ -0,0 +1,182 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- $fullname := include "common.names.fullname" . }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $interBrokerPort := .Values.service.ports.internal }}
{{- $clientPort := .Values.service.ports.client }}
{{- $jksTruststoreSecret := .Values.auth.tls.jksTruststoreSecret -}}
{{- $jksTruststore := .Values.auth.tls.jksTruststore -}}
{{- $jksKeystoreSAN := .Values.auth.tls.jksKeystoreSAN -}}
{{- if .Values.externalAccess.autoDiscovery.enabled }}
auto-discovery.sh: |-
#!/bin/bash
SVC_NAME="${MY_POD_NAME}-external"
{{- if eq .Values.externalAccess.service.type "LoadBalancer" }}
# Auxiliary functions
retry_while() {
local -r cmd="${1:?cmd is missing}"
local -r retries="${2:-12}"
local -r sleep_time="${3:-5}"
local return_value=1
read -r -a command <<< "$cmd"
for ((i = 1 ; i <= retries ; i+=1 )); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
k8s_svc_lb_ip() {
local namespace=${1:?namespace is missing}
local service=${2:?service is missing}
local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
if [[ -n ${service_ip} ]]; then
echo "${service_ip}"
else
echo "${service_hostname}"
fi
}
k8s_svc_lb_ip_ready() {
local namespace=${1:?namespace is missing}
local service=${2:?service is missing}
[[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]]
}
# Wait until LoadBalancer IP is ready
retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1
# Obtain LoadBalancer external IP
k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE"
{{- else if eq .Values.externalAccess.service.type "NodePort" }}
k8s_svc_node_port() {
local namespace=${1:?namespace is missing}
local service=${2:?service is missing}
local index=${3:-0}
local node_port="$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.spec.ports[$index].nodePort}")"
echo "$node_port"
}
k8s_svc_node_port "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE"
{{- end }}
{{- end }}
setup.sh: |-
#!/bin/bash
ID="${MY_POD_NAME#"{{ $fullname }}-"}"
if [[ -f "/bitnami/kafka/data/meta.properties" ]]; then
export KAFKA_CFG_BROKER_ID="$(grep "broker.id" /bitnami/kafka/data/meta.properties | awk -F '=' '{print $2}')"
else
export KAFKA_CFG_BROKER_ID="$((ID + {{ .Values.minBrokerId }}))"
fi
{{- if .Values.externalAccess.enabled }}
# Configure external ip and port
{{- if eq .Values.externalAccess.service.type "LoadBalancer" }}
{{- if .Values.externalAccess.autoDiscovery.enabled }}
export EXTERNAL_ACCESS_HOST="$(<${SHARED_FILE})"
{{- else }}
export EXTERNAL_ACCESS_HOST=$(echo '{{ .Values.externalAccess.service.loadBalancerNames | default .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
{{- end }}
export EXTERNAL_ACCESS_PORT={{ .Values.externalAccess.service.ports.external }}
{{- else if eq .Values.externalAccess.service.type "NodePort" }}
{{- if and .Values.externalAccess.service.usePodIPs .Values.externalAccess.autoDiscovery.enabled }}
export EXTERNAL_ACCESS_HOST="${MY_POD_IP}"
{{- else if or .Values.externalAccess.service.useHostIPs .Values.externalAccess.autoDiscovery.enabled }}
export EXTERNAL_ACCESS_HOST="${HOST_IP}"
{{- else if .Values.externalAccess.service.domain }}
export EXTERNAL_ACCESS_HOST={{ .Values.externalAccess.service.domain }}
{{- else }}
export EXTERNAL_ACCESS_HOST=$(curl -s https://ipinfo.io/ip)
{{- end }}
{{- if .Values.externalAccess.autoDiscovery.enabled }}
export EXTERNAL_ACCESS_PORT="$(<${SHARED_FILE})"
{{- else }}
export EXTERNAL_ACCESS_PORT=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
{{- end }}
{{- end }}
# Configure Kafka advertised listeners
{{- if .Values.advertisedListeners }}
export KAFKA_CFG_ADVERTISED_LISTENERS={{ join "," .Values.advertisedListeners }}
{{- else }}
export KAFKA_CFG_ADVERTISED_LISTENERS="INTERNAL://${MY_POD_NAME}.{{ $fullname }}-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $interBrokerPort }},CLIENT://${MY_POD_NAME}.{{ $fullname }}-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $clientPort }},EXTERNAL://${EXTERNAL_ACCESS_HOST}:${EXTERNAL_ACCESS_PORT}"
{{- end }}
{{- end }}
{{- if (include "kafka.tlsEncryption" .) }}
mkdir -p /opt/bitnami/kafka/config/certs
{{- if eq .Values.auth.tls.type "jks" }}
{{- if not (empty .Values.auth.tls.existingSecrets) }}
JKS_TRUSTSTORE={{ printf "/%s/%s" (ternary "certs-${ID}" "truststore" (empty $jksTruststoreSecret)) (default "kafka.truststore.jks" $jksTruststore) | quote }}
JKS_KEYSTORE={{ printf "/certs-${ID}/%s" (default "kafka.keystore.jks" $jksKeystoreSAN) | quote }}
{{- else }}
JKS_TRUSTSTORE={{ printf "/%s/%s" (ternary "certs" "truststore" (empty $jksTruststoreSecret)) (default "kafka.truststore.jks" $jksTruststore) | quote }}
JKS_KEYSTORE={{ printf "/certs/%s" (default "kafka-${ID}.keystore.jks" $jksKeystoreSAN) | quote }}
{{- end }}
if [[ -f "$JKS_TRUSTSTORE" ]] && [[ -f "$JKS_KEYSTORE" ]]; then
cp "$JKS_TRUSTSTORE" "/opt/bitnami/kafka/config/certs/kafka.truststore.jks"
cp "$JKS_KEYSTORE" "/opt/bitnami/kafka/config/certs/kafka.keystore.jks"
else
echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled."
exit 1
fi
export KAFKA_TLS_TRUSTSTORE_FILE="/opt/bitnami/kafka/config/certs/kafka.truststore.jks"
{{- else if eq .Values.auth.tls.type "pem" }}
{{- if or (not (empty .Values.auth.tls.existingSecrets)) .Values.auth.tls.autoGenerated }}
PEM_CA="/certs-${ID}/ca.crt"
PEM_CERT="/certs-${ID}/tls.crt"
PEM_KEY="/certs-${ID}/tls.key"
{{- else }}
PEM_CA="/certs/kafka.truststore.pem"
PEM_CERT="/certs/kafka-${ID}.keystore.pem"
PEM_KEY="/certs/kafka-${ID}.keystore.key"
{{- end }}
if [[ -f "$PEM_CERT" ]] && [[ -f "$PEM_KEY" ]]; then
CERT_DIR="/opt/bitnami/kafka/config/certs"
PEM_CA_LOCATION="${CERT_DIR}/kafka.truststore.pem"
PEM_CERT_LOCATION="${CERT_DIR}/kafka.keystore.pem"
{{- if .Values.auth.tls.pemChainIncluded }}
cat $PEM_CERT | csplit - -s -z '/\-*END CERTIFICATE\-*/+1' '{*}' -f ${CERT_DIR}/xx
FIND_CA_RESULT=$(find ${CERT_DIR} -not -name 'xx00' -name 'xx*')
if [[ $(echo $FIND_CA_RESULT | wc -l) < 1 ]]; then
echo "auth.tls.pemChainIncluded was set, but PEM chain only contained 1 cert"
exit 1
fi
echo $FIND_CA_RESULT | sort | xargs cat >> "$PEM_CA_LOCATION"
cat ${CERT_DIR}/xx00 > "$PEM_CERT_LOCATION"
{{- else }}
if [[ -f "$PEM_CA" ]]; then
cp "$PEM_CA" "$PEM_CA_LOCATION"
cp "$PEM_CERT" "$PEM_CERT_LOCATION"
else
echo "PEM_CA not provided, and auth.tls.pemChainIncluded was not true. One of these values must be set when using PEM type for TLS."
exit 1
fi
{{- end }}
# Ensure the key used PEM format with PKCS#8
openssl pkcs8 -topk8 -nocrypt -in "$PEM_KEY" > "/opt/bitnami/kafka/config/certs/kafka.keystore.key"
else
echo "Couldn't find the expected PEM files! They are mandatory when encryption via TLS is enabled."
exit 1
fi
export KAFKA_TLS_TRUSTSTORE_FILE="/opt/bitnami/kafka/config/certs/kafka.truststore.pem"
{{- end }}
{{- end }}
exec /entrypoint.sh /run.sh

20
deployment/helm/milvus/charts/kafka/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kafka.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

53
deployment/helm/milvus/charts/kafka/templates/servicemonitor-jmx-metrics.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if and .Values.metrics.jmx.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: kafka
endpoints:
- port: http-metrics
path: "/"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}

53
deployment/helm/milvus/charts/kafka/templates/servicemonitor-metrics.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if and .Values.metrics.kafka.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: metrics
endpoints:
- port: http-metrics
path: "/metrics"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}

579
deployment/helm/milvus/charts/kafka/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,579 @@
{{- $replicaCount := int .Values.replicaCount }}
{{- $fullname := include "common.names.fullname" . }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $interBrokerPort := .Values.service.ports.internal }}
{{- $clientPort := .Values.service.ports.client }}
{{- $interBrokerProtocol := include "kafka.listenerType" (dict "protocol" .Values.auth.interBrokerProtocol) -}}
{{- $clientProtocol := include "kafka.listenerType" (dict "protocol" .Values.auth.clientProtocol) -}}
{{- $externalClientProtocol := include "kafka.listenerType" (dict "protocol" (include "kafka.externalClientProtocol" . )) -}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podManagementPolicy: {{ .Values.podManagementPolicy }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: kafka
serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: kafka
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
annotations:
{{- if (include "kafka.createConfigmap" .) }}
checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if (include "kafka.createJaasSecret" .) }}
checksum/jaas-secret: {{ include (print $.Template.BasePath "/jaas-secret.yaml") . | sha256sum }}
{{- end }}
{{- if (include "kafka.createTlsSecret" .) }}
checksum/tls-secret: {{ include (print $.Template.BasePath "/tls-secrets.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.externalAccess.enabled }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if (include "kafka.metrics.jmx.createConfigmap" .) }}
checksum/jmx-configuration: {{ include (print $.Template.BasePath "/jmx-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kafka.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
hostNetwork: {{ .Values.hostNetwork }}
hostIPC: {{ .Values.hostIPC }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "kafka" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "kafka" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "kafka.serviceAccountName" . }}
{{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.initContainers }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ include "kafka.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
args:
- -ec
- |
mkdir -p "{{ .Values.persistence.mountPath }}" "{{ .Values.logPersistence.mountPath }}"
find "{{ .Values.persistence.mountPath }}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
find "{{ .Values.logPersistence.mountPath }}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
{{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
- name: logs
mountPath: {{ .Values.logPersistence.mountPath }}
{{- end }}
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled }}
- name: auto-discovery
image: {{ include "kafka.externalAccess.autoDiscovery.image" . }}
imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }}
command:
- /scripts/auto-discovery.sh
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: SHARED_FILE
value: "/shared/info.txt"
{{- if .Values.externalAccess.autoDiscovery.resources }}
resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: shared
mountPath: /shared
- name: logs
mountPath: {{ .Values.logPersistence.mountPath }}
- name: scripts
mountPath: /scripts/auto-discovery.sh
subPath: auto-discovery.sh
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: kafka
image: {{ include "kafka.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: KAFKA_CFG_ZOOKEEPER_CONNECT
{{- if .Values.zookeeper.enabled }}
value: {{ printf "%s%s" (include "kafka.zookeeper.fullname" .) (tpl .Values.zookeeperChrootPath .) | quote }}
{{- else }}
value: {{ include "common.tplvalues.render" (dict "value" (join "," .Values.externalZookeeper.servers) "context" $) }}
{{- end }}
- name: KAFKA_INTER_BROKER_LISTENER_NAME
value: {{ .Values.interBrokerListenerName | quote }}
- name: KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP
{{- if .Values.listenerSecurityProtocolMap }}
value: {{ .Values.listenerSecurityProtocolMap | quote }}
{{- else if .Values.externalAccess.enabled }}
value: "INTERNAL:{{ $interBrokerProtocol }},CLIENT:{{ $clientProtocol }},EXTERNAL:{{ $externalClientProtocol }}"
{{- else }}
value: "INTERNAL:{{ $interBrokerProtocol }},CLIENT:{{ $clientProtocol }}"
{{- end }}
{{- if or ($clientProtocol | regexFind "SASL") ($externalClientProtocol | regexFind "SASL") ($interBrokerProtocol | regexFind "SASL") .Values.auth.sasl.jaas.zookeeperUser }}
- name: KAFKA_CFG_SASL_ENABLED_MECHANISMS
value: {{ upper .Values.auth.sasl.mechanisms | quote }}
- name: KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL
value: {{ upper .Values.auth.sasl.interBrokerMechanism | quote }}
{{- end }}
- name: KAFKA_CFG_LISTENERS
{{- if .Values.listeners }}
value: {{ join "," .Values.listeners }}
{{- else if .Values.externalAccess.enabled }}
value: "INTERNAL://:{{ $interBrokerPort }},CLIENT://:9092,EXTERNAL://:9094"
{{- else }}
value: "INTERNAL://:{{ $interBrokerPort }},CLIENT://:9092"
{{- end }}
{{- if .Values.externalAccess.enabled }}
{{- if .Values.externalAccess.autoDiscovery.enabled }}
- name: SHARED_FILE
value: "/shared/info.txt"
{{- end }}
{{- if eq .Values.externalAccess.service.type "NodePort" }}
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- end }}
{{- else }}
- name: KAFKA_CFG_ADVERTISED_LISTENERS
{{- if .Values.advertisedListeners }}
value: {{ join "," .Values.advertisedListeners }}
{{- else }}
value: "INTERNAL://$(MY_POD_NAME).{{ $fullname }}-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $interBrokerPort }},CLIENT://$(MY_POD_NAME).{{ $fullname }}-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $clientPort }}"
{{- end }}
{{- end }}
- name: ALLOW_PLAINTEXT_LISTENER
value: {{ ternary "yes" "no" .Values.allowPlaintextListener | quote }}
{{- if or (include "kafka.client.saslAuthentication" .) (include "kafka.interBroker.saslAuthentication" .) }}
- name: KAFKA_OPTS
value: "-Djava.security.auth.login.config=/opt/bitnami/kafka/config/kafka_jaas.conf"
{{- if (include "kafka.client.saslAuthentication" .) }}
- name: KAFKA_CLIENT_USERS
value: {{ join "," .Values.auth.sasl.jaas.clientUsers | quote }}
- name: KAFKA_CLIENT_PASSWORDS
valueFrom:
secretKeyRef:
name: {{ include "kafka.jaasSecretName" . }}
key: client-passwords
{{- end }}
{{- if (include "kafka.interBroker.saslAuthentication" .) }}
- name: KAFKA_INTER_BROKER_USER
value: {{ .Values.auth.sasl.jaas.interBrokerUser | quote }}
- name: KAFKA_INTER_BROKER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kafka.jaasSecretName" . }}
key: inter-broker-password
{{- end }}
{{- end }}
{{- if and .Values.zookeeper.auth.enabled .Values.auth.sasl.jaas.zookeeperUser }}
- name: KAFKA_ZOOKEEPER_PROTOCOL
value: "SASL"
- name: KAFKA_ZOOKEEPER_USER
value: {{ .Values.auth.sasl.jaas.zookeeperUser | quote }}
- name: KAFKA_ZOOKEEPER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kafka.jaasSecretName" . }}
key: zookeeper-password
{{- end }}
{{- if (include "kafka.tlsEncryption" .) }}
- name: KAFKA_TLS_TYPE
value: {{ upper .Values.auth.tls.type | quote }}
- name: KAFKA_CFG_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM
value: {{ default "" .Values.auth.tls.endpointIdentificationAlgorithm | quote }}
- name: KAFKA_TLS_CLIENT_AUTH
value: {{ ternary "required" "none" (or (eq (include "kafka.externalClientProtocol" . ) "mtls") (eq .Values.auth.clientProtocol "mtls")) | quote }}
- name: KAFKA_CERTIFICATE_PASSWORD
{{- if .Values.auth.tls.existingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.auth.tls.existingSecret }}
key: password
{{- else }}
value: {{ default "" .Values.auth.tls.password | quote }}
{{- end }}
{{- end }}
{{- if .Values.metrics.jmx.enabled }}
- name: JMX_PORT
value: "5555"
{{- end }}
- name: KAFKA_VOLUME_DIR
value: {{ .Values.persistence.mountPath | quote }}
- name: KAFKA_LOG_DIR
value: {{ .Values.logPersistence.mountPath | quote }}
- name: KAFKA_CFG_DELETE_TOPIC_ENABLE
value: {{ .Values.deleteTopicEnable | quote }}
- name: KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE
value: {{ .Values.autoCreateTopicsEnable | quote }}
- name: KAFKA_HEAP_OPTS
value: {{ .Values.heapOpts | quote }}
- name: KAFKA_CFG_LOG_FLUSH_INTERVAL_MESSAGES
value: {{ .Values.logFlushIntervalMessages | replace "_" "" | quote }}
- name: KAFKA_CFG_LOG_FLUSH_INTERVAL_MS
value: {{ .Values.logFlushIntervalMs | quote }}
- name: KAFKA_CFG_LOG_RETENTION_BYTES
value: {{ .Values.logRetentionBytes | replace "_" "" | quote }}
- name: KAFKA_CFG_LOG_RETENTION_CHECK_INTERVALS_MS
value: {{ .Values.logRetentionCheckIntervalMs | quote }}
- name: KAFKA_CFG_LOG_RETENTION_HOURS
value: {{ .Values.logRetentionHours | quote }}
- name: KAFKA_CFG_MESSAGE_MAX_BYTES
value: {{ .Values.maxMessageBytes | replace "_" "" | quote }}
- name: KAFKA_CFG_LOG_SEGMENT_BYTES
value: {{ .Values.logSegmentBytes | replace "_" "" | quote }}
- name: KAFKA_CFG_LOG_DIRS
value: {{ .Values.logsDirs | quote }}
- name: KAFKA_CFG_DEFAULT_REPLICATION_FACTOR
value: {{ .Values.defaultReplicationFactor | quote }}
- name: KAFKA_CFG_OFFSETS_TOPIC_REPLICATION_FACTOR
value: {{ .Values.offsetsTopicReplicationFactor | quote }}
- name: KAFKA_CFG_TRANSACTION_STATE_LOG_REPLICATION_FACTOR
value: {{ .Values.transactionStateLogReplicationFactor | quote }}
- name: KAFKA_CFG_TRANSACTION_STATE_LOG_MIN_ISR
value: {{ .Values.transactionStateLogMinIsr | quote }}
- name: KAFKA_CFG_NUM_IO_THREADS
value: {{ .Values.numIoThreads | quote }}
- name: KAFKA_CFG_NUM_NETWORK_THREADS
value: {{ .Values.numNetworkThreads | quote }}
- name: KAFKA_CFG_NUM_PARTITIONS
value: {{ .Values.numPartitions | quote }}
- name: KAFKA_CFG_NUM_RECOVERY_THREADS_PER_DATA_DIR
value: {{ .Values.numRecoveryThreadsPerDataDir | quote }}
- name: KAFKA_CFG_SOCKET_RECEIVE_BUFFER_BYTES
value: {{ .Values.socketReceiveBufferBytes | quote }}
- name: KAFKA_CFG_SOCKET_REQUEST_MAX_BYTES
value: {{ .Values.socketRequestMaxBytes | replace "_" "" | quote }}
- name: KAFKA_CFG_SOCKET_SEND_BUFFER_BYTES
value: {{ .Values.socketSendBufferBytes | quote }}
- name: KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS
value: {{ .Values.zookeeperConnectionTimeoutMs | quote }}
- name: KAFKA_CFG_AUTHORIZER_CLASS_NAME
value: {{ .Values.authorizerClassName | quote }}
- name: KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND
value: {{ .Values.allowEveryoneIfNoAclFound | quote }}
- name: KAFKA_CFG_SUPER_USERS
value: {{ .Values.superUsers | quote }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
ports:
- name: kafka-client
containerPort: {{ .Values.containerPorts.client }}
- name: kafka-internal
containerPort: {{ .Values.containerPorts.internal }}
{{- if .Values.externalAccess.enabled }}
- name: kafka-external
containerPort: {{ .Values.containerPorts.external }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: kafka-client
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: kafka-client
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: kafka-client
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
- name: logs
mountPath: {{ .Values.logPersistence.mountPath }}
{{- if or .Values.config .Values.existingConfigmap }}
- name: kafka-config
mountPath: {{ .Values.persistence.mountPath }}/config/server.properties
subPath: server.properties
{{- end }}
{{- if or .Values.log4j .Values.existingLog4jConfigMap }}
- name: log4j-config
mountPath: {{ .Values.persistence.mountPath }}/config/log4j.properties
subPath: log4j.properties
{{- end }}
- name: scripts
mountPath: /scripts/setup.sh
subPath: setup.sh
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled }}
- name: shared
mountPath: /shared
{{- end }}
{{- if (include "kafka.tlsEncryption" .) }}
{{- if not (empty .Values.auth.tls.existingSecrets) }}
{{- range $index, $_ := .Values.auth.tls.existingSecrets }}
- name: kafka-certs-{{ $index }}
mountPath: /certs-{{ $index }}
readOnly: true
{{- end }}
{{- else if .Values.auth.tls.autoGenerated }}
{{- range $index := until $replicaCount }}
- name: kafka-certs-{{ $index }}
mountPath: /certs-{{ $index }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.auth.tls.jksTruststoreSecret }}
- name: kafka-truststore
mountPath: /truststore
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.jmx.enabled }}
- name: jmx-exporter
image: {{ include "kafka.metrics.jmx.image" . }}
imagePullPolicy: {{ .Values.metrics.jmx.image.pullPolicy | quote }}
{{- if .Values.metrics.jmx.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.jmx.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else }}
command:
- java
args:
- -XX:+UnlockExperimentalVMOptions
- -XX:+UseCGroupMemoryLimitForHeap
- -XX:MaxRAMFraction=1
- -XshowSettings:vm
- -jar
- jmx_prometheus_httpserver.jar
- "5556"
- /etc/jmx-kafka/jmx-kafka-prometheus.yml
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.jmx.containerPorts.metrics }}
{{- if .Values.metrics.jmx.resources }}
resources: {{- toYaml .Values.metrics.jmx.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: jmx-config
mountPath: /etc/jmx-kafka
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if or .Values.config .Values.existingConfigmap }}
- name: kafka-config
configMap:
name: {{ include "kafka.configmapName" . }}
{{- end }}
{{- if or .Values.log4j .Values.existingLog4jConfigMap }}
- name: log4j-config
configMap:
name: {{ include "kafka.log4j.configMapName" . }}
{{ end }}
- name: scripts
configMap:
name: {{ include "common.names.fullname" . }}-scripts
defaultMode: 0755
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled }}
- name: shared
emptyDir: {}
{{- end }}
{{- if .Values.metrics.jmx.enabled }}
- name: jmx-config
configMap:
name: {{ include "kafka.metrics.jmx.configmapName" . }}
{{- end }}
{{- if (include "kafka.tlsEncryption" .) }}
{{- if not (empty .Values.auth.tls.existingSecrets) }}
{{- range $index, $secret := .Values.auth.tls.existingSecrets }}
- name: kafka-certs-{{ $index }}
secret:
secretName: {{ tpl $secret $ }}
defaultMode: 256
{{- end }}
{{- else if .Values.auth.tls.autoGenerated }}
{{- range $index := until $replicaCount }}
- name: kafka-certs-{{ $index }}
secret:
secretName: {{ printf "%s-%d-tls" (include "common.names.fullname" $) $index }}
defaultMode: 256
{{- end }}
{{- end }}
{{- if .Values.auth.tls.jksTruststoreSecret }}
- name: kafka-truststore
secret:
secretName: {{ .Values.auth.tls.jksTruststoreSecret }}
defaultMode: 256
{{- end }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }}
{{- end }}
{{- if not .Values.logPersistence.enabled }}
- name: logs
emptyDir: {}
{{- else if .Values.logPersistence.existingClaim }}
- name: logs
persistentVolumeClaim:
claimName: {{ printf "%s" (tpl .Values.logPersistence.existingClaim .) }}
{{- end }}
{{- if or (and .Values.persistence.enabled (not .Values.persistence.existingClaim)) (and .Values.logPersistence.enabled (not .Values.logPersistence.existingClaim)) }}
volumeClaimTemplates:
{{- end }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
- metadata:
name: data
{{- if .Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "kafka.storageClass" . | nindent 8 }}
{{- if .Values.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }}
{{- end -}}
{{- end }}
{{- if and .Values.logPersistence.enabled (not .Values.logPersistence.existingClaim) }}
- metadata:
name: logs
{{- if .Values.logPersistence.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.logPersistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.logPersistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.logPersistence.size | quote }}
{{ include "kafka.storageClass" . | nindent 8 }}
{{- if .Values.logPersistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.logPersistence.selector "context" $) | nindent 10 }}
{{- end -}}
{{- end }}

60
deployment/helm/milvus/charts/kafka/templates/svc-external-access.yaml Normal file
View File

@@ -0,0 +1,60 @@
{{- if .Values.externalAccess.enabled }}
{{- $fullName := include "common.names.fullname" . }}
{{- $replicaCount := .Values.replicaCount | int }}
{{- $root := . }}
{{- range $i, $e := until $replicaCount }}
{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }}
{{- $_ := set $ "targetPod" $targetPod }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-%d-external" (include "common.names.fullname" $) $i | trunc 63 | trimSuffix "-" }}
namespace: {{ $root.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: kafka
pod: {{ $targetPod }}
{{- if $root.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations $root.Values.externalAccess.service.loadBalancerAnnotations }}
annotations:
{{- if and (not (empty $root.Values.externalAccess.service.loadBalancerAnnotations)) (eq (len $root.Values.externalAccess.service.loadBalancerAnnotations) $replicaCount) }}
{{ include "common.tplvalues.render" ( dict "value" (index $root.Values.externalAccess.service.loadBalancerAnnotations $i) "context" $) | nindent 4 }}
{{- end }}
{{- if $root.Values.externalAccess.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if $root.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ $root.Values.externalAccess.service.type }}
{{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }}
{{- if and (not (empty $root.Values.externalAccess.service.loadBalancerIPs)) (eq (len $root.Values.externalAccess.service.loadBalancerIPs) $replicaCount) }}
loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }}
{{- end }}
{{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
ports:
- name: tcp-kafka
port: {{ $root.Values.externalAccess.service.ports.external }}
{{- if not (empty $root.Values.externalAccess.service.nodePorts) }}
nodePort: {{ index $root.Values.externalAccess.service.nodePorts $i }}
{{- else }}
nodePort: null
{{- end }}
targetPort: kafka-external
{{- if $root.Values.externalAccess.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
app.kubernetes.io/component: kafka
statefulset.kubernetes.io/pod-name: {{ $targetPod }}
---
{{- end }}
{{- end }}

27
deployment/helm/milvus/charts/kafka/templates/svc-headless.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-client
port: {{ .Values.service.ports.client }}
protocol: TCP
targetPort: kafka-client
- name: tcp-internal
port: {{ .Values.service.ports.internal }}
protocol: TCP
targetPort: kafka-internal
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: kafka

58
deployment/helm/milvus/charts/kafka/templates/svc.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kafka
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{ include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{ end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: tcp-client
port: {{ .Values.service.ports.client }}
protocol: TCP
targetPort: kafka-client
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.client)) }}
nodePort: {{ .Values.service.nodePorts.client }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if and .Values.externalAccess.enabled (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) }}
- name: tcp-external
port: {{ .Values.service.ports.external }}
protocol: TCP
targetPort: kafka-external
{{- if (not (empty .Values.service.nodePorts.external)) }}
nodePort: {{ .Values.service.nodePorts.external }}
{{- end }}
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: kafka

29
deployment/helm/milvus/charts/kafka/templates/tls-secrets.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if (include "kafka.createTlsSecret" .) }}
{{- $replicaCount := int .Values.replicaCount }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "common.names.fullname" . }}
{{- $ca := genCA "kafka-ca" 365 }}
{{- range $i := until $replicaCount }}
{{- $replicaHost := printf "%s-%d.%s-headless" $fullname $i $fullname }}
{{- $altNames := list (printf "%s.%s.svc.%s" $replicaHost $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $replicaHost $releaseNamespace) (printf "%s.%s" $fullname $releaseNamespace) $replicaHost $fullname }}
{{- $cert := genSignedCert $replicaHost nil $altNames 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-%d-tls" (include "common.names.fullname" $) $i }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
---
{{- end }}
{{- end }}