q792602257/DataMate
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: 对接deer-flow (#54)

Browse Source 
feature: 对接deer-flow
This commit is contained in:
hhhhsc701
2025-11-04 20:30:40 +08:00
committed by GitHub
parent dc30b0d892
commit f3958f08d9
710 changed files with 112812 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
deployment/helm/milvus/charts/pulsar/templates/_autorecovery.tpl Normal file
View File

@@ -0,0 +1,99 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/*
Define the pulsar autorecovery service
*/}}
{{- define "pulsar.autorecovery.service" -}}
{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}
{{- end }}
{{/*
Define the autorecovery hostname
*/}}
{{- define "pulsar.autorecovery.hostname" -}}
${HOSTNAME}.{{ template "pulsar.autorecovery.service" . }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}
{{- end -}}
{{/*
Define autorecovery zookeeper client tls settings
*/}}
{{- define "pulsar.autorecovery.zookeeper.tls.settings" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
/pulsar/keytool/keytool.sh autorecovery {{ template "pulsar.autorecovery.hostname" . }} true;
{{- end }}
{{- end }}
{{/*
Define autorecovery tls certs mounts
*/}}
{{- define "pulsar.autorecovery.certs.volumeMounts" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: autorecovery-certs
mountPath: "/pulsar/certs/autorecovery"
readOnly: true
- name: ca
mountPath: "/pulsar/certs/ca"
readOnly: true
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
mountPath: "/pulsar/keytool/keytool.sh"
subPath: keytool.sh
{{- end }}
{{- end }}
{{- end }}
{{/*
Define autorecovery tls certs volumes
*/}}
{{- define "pulsar.autorecovery.certs.volumes" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: autorecovery-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- name: ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
configMap:
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
defaultMode: 0755
{{- end }}
{{- end }}
{{- end }}
{{/*
Define autorecovery init container : verify cluster id
*/}}
{{- define "pulsar.autorecovery.init.verify_cluster_id" -}}
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.autorecovery.zookeeper.tls.settings" . -}}
until bin/bookkeeper shell whatisinstanceid; do
sleep 3;
done;
{{- end }}

140
deployment/helm/milvus/charts/pulsar/templates/_bookkeeper.tpl Normal file
View File

@@ -0,0 +1,140 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/*
Define the pulsar bookkeeper service
*/}}
{{- define "pulsar.bookkeeper.service" -}}
{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}
{{- end }}
{{/*
Define the bookkeeper hostname
*/}}
{{- define "pulsar.bookkeeper.hostname" -}}
${HOSTNAME}.{{ template "pulsar.bookkeeper.service" . }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}
{{- end -}}
{{/*
Define bookie zookeeper client tls settings
*/}}
{{- define "pulsar.bookkeeper.zookeeper.tls.settings" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
/pulsar/keytool/keytool.sh bookie {{ template "pulsar.bookkeeper.hostname" . }} true;
{{- end }}
{{- end }}
{{/*
Define bookie tls certs mounts
*/}}
{{- define "pulsar.bookkeeper.certs.volumeMounts" -}}
{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }}
- name: bookie-certs
mountPath: "/pulsar/certs/bookie"
readOnly: true
- name: ca
mountPath: "/pulsar/certs/ca"
readOnly: true
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
mountPath: "/pulsar/keytool/keytool.sh"
subPath: keytool.sh
{{- end }}
{{- end }}
{{- end }}
{{/*
Define bookie tls certs volumes
*/}}
{{- define "pulsar.bookkeeper.certs.volumes" -}}
{{- if and .Values.tls.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }}
- name: bookie-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- name: ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
configMap:
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
defaultMode: 0755
{{- end }}
{{- end }}
{{- end }}
{{/*
Define bookie common config
*/}}
{{- define "pulsar.bookkeeper.config.common" -}}
zkServers: "{{ template "pulsar.zookeeper.connect" . }}"
zkLedgersRootPath: "{{ .Values.metadataPrefix }}/ledgers"
# enable bookkeeper http server
httpServerEnabled: "true"
httpServerPort: "{{ .Values.bookkeeper.ports.http }}"
# config the stats provider
statsProviderClass: org.apache.bookkeeper.stats.prometheus.PrometheusMetricsProvider
# use hostname as the bookie id
useHostNameAsBookieID: "true"
{{- end }}
{{/*
Define bookie tls config
*/}}
{{- define "pulsar.bookkeeper.config.tls" -}}
{{- if and .Values.tls.enabled .Values.tls.bookie.enabled }}
PULSAR_PREFIX_tlsProviderFactoryClass: org.apache.bookkeeper.tls.TLSContextFactory
PULSAR_PREFIX_tlsCertificatePath: /pulsar/certs/bookie/tls.crt
PULSAR_PREFIX_tlsKeyStoreType: PEM
PULSAR_PREFIX_tlsKeyStore: /pulsar/certs/bookie/tls.key
PULSAR_PREFIX_tlsTrustStoreType: PEM
PULSAR_PREFIX_tlsTrustStore: /pulsar/certs/ca/ca.crt
{{- end }}
{{- end }}
{{/*
Define bookie init container : verify cluster id
*/}}
{{- define "pulsar.bookkeeper.init.verify_cluster_id" -}}
{{- if not (and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence) }}
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}}
until bin/bookkeeper shell whatisinstanceid; do
sleep 3;
done;
bin/bookkeeper shell bookieformat -nonInteractive -force -deleteCookie || true
{{- end }}
{{- if and .Values.volumes.persistence .Values.bookkeeper.volumes.persistence }}
set -e;
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . -}}
until bin/bookkeeper shell whatisinstanceid; do
sleep 3;
done;
{{- end }}
{{- end }}

95
deployment/helm/milvus/charts/pulsar/templates/_broker.tpl Normal file
View File

@@ -0,0 +1,95 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/*
Define the pulsar brroker service
*/}}
{{- define "pulsar.broker.service" -}}
{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}
{{- end }}
{{/*
Define the hostname
*/}}
{{- define "pulsar.broker.hostname" -}}
${HOSTNAME}.{{ template "pulsar.broker.service" . }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}
{{- end -}}
{{/*
Define the broker znode
*/}}
{{- define "pulsar.broker.znode" -}}
{{ .Values.metadataPrefix }}/loadbalance/brokers/{{ template "pulsar.broker.hostname" . }}:{{ .Values.broker.ports.http }}
{{- end }}
{{/*
Define broker zookeeper client tls settings
*/}}
{{- define "pulsar.broker.zookeeper.tls.settings" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
/pulsar/keytool/keytool.sh broker {{ template "pulsar.broker.hostname" . }} true;
{{- end }}
{{- end }}
{{/*
Define broker tls certs mounts
*/}}
{{- define "pulsar.broker.certs.volumeMounts" -}}
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }}
- name: broker-certs
mountPath: "/pulsar/certs/broker"
readOnly: true
- name: ca
mountPath: "/pulsar/certs/ca"
readOnly: true
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
mountPath: "/pulsar/keytool/keytool.sh"
subPath: keytool.sh
{{- end }}
{{- end }}
{{- end }}
{{/*
Define broker tls certs volumes
*/}}
{{- define "pulsar.broker.certs.volumes" -}}
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled)) }}
- name: broker-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- name: ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
configMap:
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
defaultMode: 0755
{{- end }}
{{- end }}
{{- end }}

39
deployment/helm/milvus/charts/pulsar/templates/_configurationstore.tpl Normal file
View File

@@ -0,0 +1,39 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/*
Define configuration store endpoint
*/}}
{{- define "pulsar.configurationStore.service" -}}
{{- if .Values.pulsar_metadata.configurationStore }}
{{- .Values.pulsar_metadata.configurationStore }}
{{- else -}}
{{ template "pulsar.zookeeper.service" . }}
{{- end -}}
{{- end -}}
{{/*
Define configuration store connection string
*/}}
{{- define "pulsar.configurationStore.connect" -}}
{{- if .Values.pulsar_metadata.configurationStore }}
{{- template "pulsar.configurationStore.service" . }}:{{ .Values.pulsar_metadata.configurationStorePort }}
{{- end -}}
{{- end -}}

130
deployment/helm/milvus/charts/pulsar/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,130 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
pulsar home
*/}}
{{- define "pulsar.home" -}}
{{- print "/pulsar" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "pulsar.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the namespace of the chart.
*/}}
{{- define "pulsar.namespace" -}}
{{- default .Release.Namespace .Values.namespace -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "pulsar.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Define cluster's name
*/}}
{{- define "pulsar.cluster.name" -}}
{{- if .Values.clusterName }}
{{- .Values.clusterName }}
{{- else -}}
{{- template "pulsar.fullname" .}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "pulsar.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the common labels.
*/}}
{{- define "pulsar.standardLabels" -}}
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
cluster: {{ template "pulsar.cluster.name" . }}
{{- if .Values.labels }}
{{ .Values.labels | toYaml | trim }}
{{- end }}
{{- end }}
{{/*
Create the template labels.
*/}}
{{- define "pulsar.template.labels" -}}
app: {{ template "pulsar.name" . }}
release: {{ .Release.Name }}
cluster: {{ template "pulsar.cluster.name" . }}
{{- if .Values.labels }}
{{ .Values.labels | toYaml | trim }}
{{- end }}
{{- end }}
{{/*
Create the match labels.
*/}}
{{- define "pulsar.matchLabels" -}}
app: {{ template "pulsar.name" . }}
release: {{ .Release.Name }}
{{- end }}
{{/*
Create ImagePullSecrets
*/}}
{{- define "pulsar.imagePullSecrets" -}}
{{- if .Values.images.imagePullSecrets -}}
imagePullSecrets:
{{- range .Values.images.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end }}
{{/*
Create full image name
*/}}
{{- define "pulsar.imageFullName" -}}
{{- printf "%s:%s" .image.repository (.image.tag | default .root.Values.defaultPulsarImageTag | default .root.Chart.AppVersion) -}}
{{- end -}}

88
deployment/helm/milvus/charts/pulsar/templates/_toolset.tpl Normal file
View File

@@ -0,0 +1,88 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/*
Define the pulsar toolset service
*/}}
{{- define "pulsar.toolset.service" -}}
{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}
{{- end }}
{{/*
Define the toolset hostname
*/}}
{{- define "pulsar.toolset.hostname" -}}
${HOSTNAME}.{{ template "pulsar.toolset.service" . }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}
{{- end -}}
{{/*
Define toolset zookeeper client tls settings
*/}}
{{- define "pulsar.toolset.zookeeper.tls.settings" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled -}}
/pulsar/keytool/keytool.sh toolset {{ template "pulsar.toolset.hostname" . }} true;
{{- end -}}
{{- end }}
{{/*
Define toolset tls certs mounts
*/}}
{{- define "pulsar.toolset.certs.volumeMounts" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: toolset-certs
mountPath: "/pulsar/certs/toolset"
readOnly: true
- name: ca
mountPath: "/pulsar/certs/ca"
readOnly: true
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
mountPath: "/pulsar/keytool/keytool.sh"
subPath: keytool.sh
{{- end }}
{{- end }}
{{- end }}
{{/*
Define toolset tls certs volumes
*/}}
{{- define "pulsar.toolset.certs.volumes" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: toolset-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- name: ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
{{- if .Values.tls.zookeeper.enabled }}
- name: keytool
configMap:
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
defaultMode: 0755
{{- end }}
{{- end }}
{{- end }}

58
deployment/helm/milvus/charts/pulsar/templates/_zookeeper.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
*/}}
{{/*
Define the pulsar zookeeper
*/}}
{{- define "pulsar.zookeeper.service" -}}
{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}
{{- end }}
{{/*
Define the pulsar zookeeper
*/}}
{{- define "pulsar.zookeeper.connect" -}}
{{$zk:=.Values.pulsar_metadata.userProvidedZookeepers}}
{{- if and (not .Values.components.zookeeper) $zk }}
{{- $zk -}}
{{ else }}
{{- if not (and .Values.tls.enabled .Values.tls.zookeeper.enabled) -}}
{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.client }}
{{- end -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled -}}
{{ template "pulsar.zookeeper.service" . }}:{{ .Values.zookeeper.ports.clientTls }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Define the zookeeper hostname
*/}}
{{- define "pulsar.zookeeper.hostname" -}}
${HOSTNAME}.{{ template "pulsar.zookeeper.service" . }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}
{{- end -}}
{{/*
Define zookeeper tls settings
*/}}
{{- define "pulsar.zookeeper.tls.settings" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
/pulsar/keytool/keytool.sh zookeeper {{ template "pulsar.zookeeper.hostname" . }} false;
{{- end }}
{{- end }}

33
deployment/helm/milvus/charts/pulsar/templates/autorecovery-configmap.yaml Normal file
View File

@@ -0,0 +1,33 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.autorecovery }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.autorecovery.component }}
data:
# common config
{{- include "pulsar.bookkeeper.config.common" . | nindent 2 }}
{{ toYaml .Values.autorecovery.configData | indent 2 }}
{{- end }}

58
deployment/helm/milvus/charts/pulsar/templates/autorecovery-podmonitor.yaml Normal file
View File

@@ -0,0 +1,58 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy broker PodMonitor only when `$.Values.broker.podMonitor.enabled` is true
{{- if $.Values.autorecovery.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "pulsar.name" . }}-recovery
labels:
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
jobLabel: recovery
podMetricsEndpoints:
- port: http
path: /metrics
scheme: http
interval: {{ $.Values.autorecovery.podMonitor.interval }}
scrapeTimeout: {{ $.Values.autorecovery.podMonitor.scrapeTimeout }}
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: kubernetes_namespace
- sourceLabels: [__meta_kubernetes_pod_label_component]
action: replace
targetLabel: job
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: kubernetes_pod_name
{{- if $.Values.autorecovery.podMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml $.Values.autorecovery.podMonitor.metricRelabelings | nindent 8 }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.autorecovery.component }}
{{- end }}

85
deployment/helm/milvus/charts/pulsar/templates/autorecovery-psp.yaml Normal file
View File

@@ -0,0 +1,85 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'RunAsAny'
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
seLinux:
rule: 'RunAsAny'
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end }}

33
deployment/helm/milvus/charts/pulsar/templates/autorecovery-service-account.yaml Normal file
View File

@@ -0,0 +1,33 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.autorecovery }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.autorecovery.component }}
annotations:
{{- with .Values.autorecovery.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}

38
deployment/helm/milvus/charts/pulsar/templates/autorecovery-service.yaml Normal file
View File

@@ -0,0 +1,38 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.autorecovery }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.autorecovery.component }}
spec:
ports:
- name: http
port: {{ .Values.autorecovery.ports.http }}
clusterIP: None
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.autorecovery.component }}
{{- end }}

154
deployment/helm/milvus/charts/pulsar/templates/autorecovery-statefulset.yaml Normal file
View File

@@ -0,0 +1,154 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.autorecovery }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.autorecovery.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
replicas: {{ .Values.autorecovery.replicaCount }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
# nodeSelector:
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.autorecovery.component }}
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.autorecovery.component }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.autorecovery.ports.http }}"
{{- if .Values.autorecovery.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/autorecovery-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.autorecovery.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.autorecovery.nodeSelector }}
nodeSelector:
{{ toYaml .Values.autorecovery.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.autorecovery.tolerations }}
tolerations:
{{- with .Values.autorecovery.tolerations }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
affinity:
{{- if and .Values.affinity.anti_affinity .Values.autorecovery.affinity.anti_affinity}}
podAntiAffinity:
{{ if eq .Values.autorecovery.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}}
{{ .Values.autorecovery.affinity.type }}:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.autorecovery.component }}
topologyKey: {{ .Values.autorecovery.affinity.anti_affinity_topology_key }}
{{ else }}
{{ .Values.autorecovery.affinity.type }}:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.autorecovery.component }}
topologyKey: {{ .Values.autorecovery.affinity.anti_affinity_topology_key }}
{{ end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.autorecovery.gracePeriod }}
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
initContainers:
# This initContainer will wait for bookkeeper initnewcluster to complete
# before deploying the bookies
- name: pulsar-bookkeeper-verify-clusterid
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.autorecovery "root" .) }}"
imagePullPolicy: {{ .Values.images.autorecovery.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >
{{- include "pulsar.autorecovery.init.verify_cluster_id" . | nindent 10 }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
volumeMounts:
{{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.autorecovery "root" .) }}"
imagePullPolicy: {{ .Values.images.autorecovery.pullPolicy }}
{{- if .Values.autorecovery.resources }}
resources:
{{ toYaml .Values.autorecovery.resources | indent 10 }}
{{- end }}
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end}}
command: ["sh", "-c"]
args:
- >
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.autorecovery.zookeeper.tls.settings" . | nindent 10 }}
OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec bin/bookkeeper autorecovery
ports:
- name: http
containerPort: {{ .Values.autorecovery.ports.http }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
volumeMounts:
{{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }}
volumes:
{{- include "pulsar.autorecovery.certs.volumes" . | nindent 6 }}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
{{- end }}

103
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-cluster-initialize.yaml Normal file
View File

@@ -0,0 +1,103 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if or .Release.IsInstall .Values.initialize }}
{{- if .Values.components.bookkeeper }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: "{{ .Values.bookkeeper.component }}-init"
spec:
# This feature was previously behind a feature gate for several Kubernetes versions and will default to true in 1.23 and beyond
# https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
{{- if .Values.job.ttl.enabled }}
ttlSecondsAfterFinished: {{ .Values.job.ttl.secondsAfterFinished }}
{{- end }}
template:
spec:
{{- include "pulsar.imagePullSecrets" . | nindent 6 }}
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
nodeSelector:
{{- if .Values.pulsar_metadata.nodeSelector }}
{{ toYaml .Values.pulsar_metadata.nodeSelector | indent 8 }}
{{- end }}
tolerations:
{{- if .Values.pulsar_metadata.tolerations }}
{{ toYaml .Values.pulsar_metadata.tolerations | indent 8 }}
{{- end }}
initContainers:
- name: wait-zookeeper-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}"
imagePullPolicy: {{ .Values.images.bookie.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >-
{{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }}
export PULSAR_MEM="-Xmx128M";
until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do
echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3;
done;
{{ else }}
until nslookup {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ add (.Values.zookeeper.replicaCount | int) -1 }}.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}; do
sleep 3;
done;
{{- end}}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}"
imagePullPolicy: {{ .Values.images.bookie.pullPolicy }}
{{- if .Values.bookkeeper.metadata.resources }}
resources:
{{ toYaml .Values.bookkeeper.metadata.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }}
export BOOKIE_MEM="-Xmx128M";
if bin/bookkeeper shell whatisinstanceid; then
echo "bookkeeper cluster already initialized";
else
{{- if not (eq .Values.metadataPrefix "") }}
bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }} create {{ .Values.metadataPrefix }} && echo 'created for pulsar cluster "{{ template "pulsar.cluster.name" . }}"' &&
{{- end }}
bin/bookkeeper shell initnewcluster;
fi
{{- if .Values.extraInitCommand }}
{{ .Values.extraInitCommand }}
{{- end }}
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
volumeMounts:
{{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }}
volumes:
{{- include "pulsar.toolset.certs.volumes" . | nindent 6 }}
restartPolicy: OnFailure
{{- end }}
{{- end }}

65
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-configmap.yaml Normal file
View File

@@ -0,0 +1,65 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.bookkeeper }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
data:
# common config
{{- include "pulsar.bookkeeper.config.common" . | nindent 2 }}
{{- if .Values.components.autorecovery }}
# disable auto recovery on bookies since we will start AutoRecovery in separated pods
autoRecoveryDaemonEnabled: "false"
{{- end }}
# Do not retain journal files as it increase the disk utilization
journalMaxBackups: "0"
{{- if .Values.bookkeeper.volumes.journal.useMultiVolumes }}
{{- $journalDirs := list -}}
{{ range .Values.bookkeeper.volumes.journal.multiVolumes }}
{{- $journalDirs = append $journalDirs .mountPath -}}
{{- end }}
journalDirectories: {{ $journalDirs | join "," | quote }}
PULSAR_PREFIX_journalDirectories: {{ $journalDirs | join "," | quote }}
{{- else }}
journalDirectories: "/pulsar/data/bookkeeper/journal"
PULSAR_PREFIX_journalDirectories: "/pulsar/data/bookkeeper/journal"
{{- end }}
{{- if .Values.bookkeeper.volumes.ledgers.useMultiVolumes }}
{{- $ledgerDirs := list -}}
{{ range .Values.bookkeeper.volumes.ledgers.multiVolumes }}
{{- $ledgerDirs = append $ledgerDirs .mountPath -}}
{{- end }}
ledgerDirectories: {{ $ledgerDirs | join "," | quote }}
{{- else }}
ledgerDirectories: "/pulsar/data/bookkeeper/ledgers"
{{- end }}
{{- if .Values.functions.useBookieAsStateStore }}
# Stateful function config
extraServerComponents: "org.apache.bookkeeper.stream.server.StreamStorageLifecycleComponent"
{{- end }}
# TLS config
{{- include "pulsar.bookkeeper.config.tls" . | nindent 2 }}
{{ toYaml .Values.bookkeeper.configData | indent 2 }}
{{- end }}

42
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-pdb.yaml Normal file
View File

@@ -0,0 +1,42 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.bookkeeper }}
{{- if .Values.bookkeeper.pdb.usePolicy }}
# pdb version detection
{{- if semverCompare "<1.21-0" .Capabilities.KubeVersion.Version }}
apiVersion: policy/v1beta1
{{- else }}
apiVersion: policy/v1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
spec:
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.bookkeeper.component }}
maxUnavailable: {{ .Values.bookkeeper.pdb.maxUnavailable }}
{{- end }}
{{- end }}

58
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-podmonitor.yaml Normal file
View File

@@ -0,0 +1,58 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy bookkeeper PodMonitor only when `$.Values.bookkeeper.podMonitor.enabled` is true
{{- if $.Values.bookkeeper.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "pulsar.fullname" . }}-bookie
labels:
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
jobLabel: bookie
podMetricsEndpoints:
- port: http
path: /metrics
scheme: http
interval: {{ $.Values.bookkeeper.podMonitor.interval }}
scrapeTimeout: {{ $.Values.bookkeeper.podMonitor.scrapeTimeout }}
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: kubernetes_namespace
- sourceLabels: [__meta_kubernetes_pod_label_component]
action: replace
targetLabel: job
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: kubernetes_pod_name
{{- if $.Values.bookkeeper.podMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml $.Values.bookkeeper.podMonitor.metricRelabelings | nindent 8 }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: bookie
{{- end }}

85
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-psp.yaml Normal file
View File

@@ -0,0 +1,85 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'RunAsAny'
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
seLinux:
rule: 'RunAsAny'
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end}}

33
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-service-account.yaml Normal file
View File

@@ -0,0 +1,33 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.bookkeeper }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
annotations:
{{- with .Values.bookkeeper.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}

46
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-service.yaml Normal file
View File

@@ -0,0 +1,46 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.bookkeeper }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
{{- if .Values.bookkeeper.service.annotations }}
annotations:
{{ toYaml .Values.bookkeeper.service.annotations | indent 4 }}
{{- end }}
spec:
ports:
- name: "{{ .Values.tcpPrefix }}bookie"
port: {{ .Values.bookkeeper.ports.bookie }}
- name: http
port: {{ .Values.bookkeeper.ports.http }}
clusterIP: None
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
{{- if .Values.bookkeeper.service.spec }}
{{- toYaml .Values.bookkeeper.service.spec | trim | nindent 2 }}
{{- end }}
{{- end }}

335
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-statefulset.yaml Normal file
View File

@@ -0,0 +1,335 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.bookkeeper }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
replicas: {{ .Values.bookkeeper.replicaCount }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.bookkeeper.component }}
updateStrategy:
{{ toYaml .Values.bookkeeper.updateStrategy | indent 4 }}
podManagementPolicy: {{ .Values.bookkeeper.podManagementPolicy }}
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.bookkeeper.component }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.bookkeeper.ports.http }}"
{{- if .Values.bookkeeper.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/bookkeeper-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.bookkeeper.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.bookkeeper.nodeSelector }}
nodeSelector:
{{ toYaml .Values.bookkeeper.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.bookkeeper.tolerations }}
tolerations:
{{ toYaml .Values.bookkeeper.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if and .Values.affinity.anti_affinity .Values.bookkeeper.affinity.anti_affinity}}
podAntiAffinity:
{{ if eq .Values.bookkeeper.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}}
{{ .Values.bookkeeper.affinity.type }}:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.bookkeeper.component }}
topologyKey: {{ .Values.bookkeeper.affinity.anti_affinity_topology_key }}
{{ else }}
{{ .Values.bookkeeper.affinity.type }}:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.bookkeeper.component }}
topologyKey: {{ .Values.bookkeeper.affinity.anti_affinity_topology_key }}
{{ end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.bookkeeper.gracePeriod }}
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
{{- if .Values.bookkeeper.securityContext }}
securityContext:
{{ toYaml .Values.bookkeeper.securityContext | indent 8 }}
{{- end }}
initContainers:
# This initContainer will wait for bookkeeper initnewcluster to complete
# before deploying the bookies
- name: pulsar-bookkeeper-verify-clusterid
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}"
imagePullPolicy: {{ .Values.images.bookie.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
# only reformat bookie if bookkeeper is running without persistence
- >
{{- include "pulsar.bookkeeper.init.verify_cluster_id" . | nindent 10 }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end}}
volumeMounts:
{{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}"
imagePullPolicy: {{ .Values.images.bookie.pullPolicy }}
{{- if .Values.bookkeeper.probe.liveness.enabled }}
livenessProbe:
httpGet:
path: /api/v1/bookie/state
port: {{ .Values.bookkeeper.ports.http }}
initialDelaySeconds: {{ .Values.bookkeeper.probe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.bookkeeper.probe.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.bookkeeper.probe.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.bookkeeper.probe.liveness.failureThreshold }}
{{- end }}
{{- if .Values.bookkeeper.probe.readiness.enabled }}
readinessProbe:
httpGet:
path: /api/v1/bookie/is_ready
port: {{ .Values.bookkeeper.ports.http }}
initialDelaySeconds: {{ .Values.bookkeeper.probe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.bookkeeper.probe.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.bookkeeper.probe.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.bookkeeper.probe.readiness.failureThreshold }}
{{- end }}
{{- if .Values.bookkeeper.probe.startup.enabled }}
startupProbe:
httpGet:
path: /api/v1/bookie/is_ready
port: {{ .Values.bookkeeper.ports.http }}
initialDelaySeconds: {{ .Values.bookkeeper.probe.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.bookkeeper.probe.startup.periodSeconds }}
timeoutSeconds: {{ .Values.bookkeeper.probe.startup.timeoutSeconds }}
failureThreshold: {{ .Values.bookkeeper.probe.startup.failureThreshold }}
{{- end }}
{{- if .Values.bookkeeper.resources }}
resources:
{{ toYaml .Values.bookkeeper.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
{{- if .Values.bookkeeper.additionalCommand }}
{{ .Values.bookkeeper.additionalCommand }}
{{- end }}
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.bookkeeper.zookeeper.tls.settings" . | nindent 10 }}
OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec bin/pulsar bookie;
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end}}
ports:
- name: "{{ .Values.tcpPrefix }}bookie"
containerPort: {{ .Values.bookkeeper.ports.bookie }}
- name: http
containerPort: {{ .Values.bookkeeper.ports.http }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
volumeMounts:
{{- if .Values.bookkeeper.volumes.useSingleCommonVolume }}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.common.name }}"
mountPath: /pulsar/data/bookkeeper
{{- else }}
{{- if .Values.bookkeeper.volumes.journal.useMultiVolumes }}
{{- $fullname := include "pulsar.fullname" . -}}
{{- $bkComponent := .Values.bookkeeper.component -}}
{{ range .Values.bookkeeper.volumes.journal.multiVolumes }}
- name: "{{ $fullname }}-{{ $bkComponent }}-{{ .name }}"
mountPath: {{ .mountPath }}
{{- end }}
{{- else }}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}"
mountPath: /pulsar/data/bookkeeper/journal
{{- end}}
{{- if .Values.bookkeeper.volumes.ledgers.useMultiVolumes }}
{{- $fullname := include "pulsar.fullname" . -}}
{{- $bkComponent := .Values.bookkeeper.component -}}
{{ range .Values.bookkeeper.volumes.ledgers.multiVolumes }}
- name: "{{ $fullname }}-{{ $bkComponent }}-{{ .name }}"
mountPath: {{ .mountPath }}
{{- end }}
{{- else }}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}"
mountPath: /pulsar/data/bookkeeper/ledgers
{{- end }}
{{- end }}
{{- if .Values.bookkeeper.extraVolumeMounts }}
{{ toYaml .Values.bookkeeper.extraVolumeMounts | indent 8 }}
{{- end }}
{{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }}
volumes:
{{- if not (and (and .Values.persistence .Values.volumes.persistence) .Values.bookkeeper.volumes.persistence) }}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}"
emptyDir: {}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}"
emptyDir: {}
{{- end }}
{{- include "pulsar.bookkeeper.certs.volumes" . | nindent 6 }}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
{{- if .Values.bookkeeper.extraVolumes }}
{{ toYaml .Values.bookkeeper.extraVolumes | indent 6 }}
{{- end }}
{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.bookkeeper.volumes.persistence}}
volumeClaimTemplates:
{{- if .Values.bookkeeper.volumes.useSingleCommonVolume }}
- metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.common.name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.bookkeeper.volumes.common.size }}
{{- if .Values.bookkeeper.volumes.common.storageClassName }}
storageClassName: "{{ .Values.bookkeeper.volumes.common.storageClassName }}"
{{- else if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.common.local_storage)) .Values.bookkeeper.volumes.common.storageClass }}
storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.common.name }}"
{{- else if and .Values.volumes.local_storage .Values.bookkeeper.volumes.common.local_storage }}
storageClassName: "local-storage"
{{- end }}
{{- with .Values.bookkeeper.volumes.common.selector }}
selector:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- else }}
{{- if .Values.bookkeeper.volumes.journal.useMultiVolumes }}
{{- $fullname := include "pulsar.fullname" . -}}
{{- $bkComponent := .Values.bookkeeper.component -}}
{{ range .Values.bookkeeper.volumes.journal.multiVolumes }}
- metadata:
name: "{{ $fullname }}-{{ $bkComponent }}-{{ .name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .size }}
{{- if .storageClassName }}
storageClassName: "{{ .storageClassName }}"
{{- end }}
{{- with $.Values.bookkeeper.volumes.journal.selector }}
selector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- else }}
- metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.bookkeeper.volumes.journal.size }}
{{- if .Values.bookkeeper.volumes.journal.storageClassName }}
storageClassName: "{{ .Values.bookkeeper.volumes.journal.storageClassName }}"
{{- else if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage)) .Values.bookkeeper.volumes.journal.storageClass }}
storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}"
{{- else if and .Values.volumes.local_storage .Values.bookkeeper.volumes.journal.local_storage }}
storageClassName: "local-storage"
{{- end }}
{{- with .Values.bookkeeper.volumes.journal.selector }}
selector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.bookkeeper.volumes.ledgers.useMultiVolumes }}
{{- $fullname := include "pulsar.fullname" . -}}
{{- $bkComponent := .Values.bookkeeper.component -}}
{{ range .Values.bookkeeper.volumes.ledgers.multiVolumes }}
- metadata:
name: "{{ $fullname }}-{{ $bkComponent }}-{{ .name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .size }}
{{- if .storageClassName }}
storageClassName: "{{ .storageClassName }}"
{{- end }}
{{- with $.Values.bookkeeper.volumes.ledgers.selector }}
selector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- else }}
- metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.bookkeeper.volumes.ledgers.size }}
{{- if .Values.bookkeeper.volumes.ledgers.storageClassName }}
storageClassName: "{{ .Values.bookkeeper.volumes.ledgers.storageClassName }}"
{{- else if and (not (and .Values.volumes.local_storage .Values.bookkeeper.volumes.ledgers.local_storage)) .Values.bookkeeper.volumes.ledgers.storageClass }}
storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}"
{{- else if and .Values.volumes.local_storage .Values.bookkeeper.volumes.ledgers.local_storage }}
storageClassName: "local-storage"
{{- end }}
{{- with .Values.bookkeeper.volumes.ledgers.selector }}
selector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

74
deployment/helm/milvus/charts/pulsar/templates/bookkeeper-storageclass.yaml Normal file
View File

@@ -0,0 +1,74 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.bookkeeper }}
{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.bookkeeper.volumes.persistence }}
{{- if not .Values.volumes.local_storage }}
{{- if .Values.bookkeeper.volumes.useSingleCommonVolume}}
{{- if and (not .Values.bookkeeper.volumes.common.local_storage) .Values.bookkeeper.volumes.common.storageClass }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.common.name }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
provisioner: {{ .Values.bookkeeper.volumes.common.storageClass.provisioner }}
parameters:
type: {{ .Values.bookkeeper.volumes.common.storageClass.type }}
fsType: {{ .Values.bookkeeper.volumes.common.storageClass.fsType }}
{{- end }}
{{- else }}
{{- if and (not .Values.bookkeeper.volumes.journal.local_storage) .Values.bookkeeper.volumes.journal.storageClass }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.journal.name }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
provisioner: {{ .Values.bookkeeper.volumes.journal.storageClass.provisioner }}
parameters:
type: {{ .Values.bookkeeper.volumes.journal.storageClass.type }}
fsType: {{ .Values.bookkeeper.volumes.journal.storageClass.fsType }}
{{- end }}
---
{{- if and (not .Values.bookkeeper.volumes.ledgers.local_storage) .Values.bookkeeper.volumes.ledgers.storageClass }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-{{ .Values.bookkeeper.volumes.ledgers.name }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.bookkeeper.component }}
provisioner: {{ .Values.bookkeeper.volumes.ledgers.storageClass.provisioner }}
parameters:
type: {{ .Values.bookkeeper.volumes.ledgers.storageClass.type }}
fsType: {{ .Values.bookkeeper.volumes.ledgers.storageClass.fsType }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

83
deployment/helm/milvus/charts/pulsar/templates/broker-cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,83 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
## TODO create our own cluster role with less privledges than admin
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.rbac.limit_to_namespace }}
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-rolebinding"
{{- else}}
kind: ClusterRoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrolebinding"
{{- end}}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.rbac.limit_to_namespace }}
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-role"
{{- else}}
kind: ClusterRole
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole"
{{- end}}
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.rbac.limit_to_namespace }}
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-role"
{{- else}}
kind: ClusterRole
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-clusterrole"
{{- end}}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions", "apps"]
resources:
- pods
- services
- deployments
- secrets
- statefulsets
verbs:
- list
- watch
- get
- update
- create
- delete
- patch
---
{{- end }}

198
deployment/helm/milvus/charts/pulsar/templates/broker-configmap.yaml Normal file
View File

@@ -0,0 +1,198 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.broker.component }}
data:
# Metadata settings
zookeeperServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}"
{{- if .Values.pulsar_metadata.configurationStore }}
configurationStoreServers: "{{ template "pulsar.configurationStore.connect" . }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }}"
{{- end }}
{{- if not .Values.pulsar_metadata.configurationStore }}
configurationStoreServers: "{{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }}"
{{- end }}
# Broker settings
clusterName: {{ template "pulsar.cluster.name" . }}
exposeTopicLevelMetricsInPrometheus: "true"
numHttpServerThreads: "8"
zooKeeperSessionTimeoutMillis: "30000"
statusFilePath: "{{ template "pulsar.home" . }}/status"
# Tiered storage settings
{{- if .Values.broker.storageOffload.driver }}
{{- if eq .Values.broker.storageOffload.driver "aws-s3" }}
managedLedgerOffloadDriver: "{{ .Values.broker.storageOffload.driver }}"
s3ManagedLedgerOffloadBucket: "{{ .Values.broker.storageOffload.bucket }}"
s3ManagedLedgerOffloadRegion: "{{ .Values.broker.storageOffload.region }}"
{{- if .Values.broker.storageOffload.managedLedgerOffloadAutoTriggerSizeThresholdBytes }}
PULSAR_PREFIX_managedLedgerOffloadThresholdInBytes: "{{ .Values.broker.storageOffload.managedLedgerOffloadAutoTriggerSizeThresholdBytes }}"
{{- end }}
{{- if .Values.broker.storageOffload.managedLedgerOffloadDeletionLagMs }}
PULSAR_PREFIX_managedLedgerOffloadDeletionLagInMillis: "{{ .Values.broker.storageOffload.managedLedgerOffloadDeletionLagMs }}"
{{- end }}
{{- if .Values.broker.storageOffload.maxBlockSizeInBytes }}
s3ManagedLedgerOffloadMaxBlockSizeInBytes: "{{ .Values.broker.storageOffload.maxBlockSizeInBytes }}"
{{- end }}
{{- if .Values.broker.storageOffload.readBufferSizeInBytes }}
s3ManagedLedgerOffloadReadBufferSizeInBytes: "{{ .Values.broker.storageOffload.readBufferSizeInBytes }}"
{{- end }}
{{- end }}
{{- if eq .Values.broker.storageOffload.driver "google-cloud-storage" }}
managedLedgerOffloadDriver: "{{ .Values.broker.storageOffload.driver }}"
gcsManagedLedgerOffloadBucket: "{{ .Values.broker.storageOffload.bucket }}"
gcsManagedLedgerOffloadRegion: "{{ .Values.broker.storageOffload.region }}"
gcsManagedLedgerOffloadServiceAccountKeyFile: "/pulsar/gcp-service-account/{{ .Values.broker.storageOffload.gcsServiceAccountJsonFile }}"
{{- if .Values.broker.storageOffload.managedLedgerOffloadAutoTriggerSizeThresholdBytes }}
PULSAR_PREFIX_managedLedgerOffloadThresholdInBytes: "{{ .Values.broker.storageOffload.managedLedgerOffloadAutoTriggerSizeThresholdBytes }}"
{{- end }}
{{- if .Values.broker.storageOffload.managedLedgerOffloadDeletionLagMs }}
PULSAR_PREFIX_managedLedgerOffloadDeletionLagInMillis: "{{ .Values.broker.storageOffload.managedLedgerOffloadDeletionLagMs }}"
{{- end }}
{{- if .Values.broker.storageOffload.maxBlockSizeInBytes }}
gcsManagedLedgerOffloadMaxBlockSizeInBytes: "{{ .Values.broker.storageOffload.maxBlockSizeInBytes }}"
{{- end }}
{{- if .Values.broker.storageOffload.readBufferSizeInBytes }}
gcsManagedLedgerOffloadReadBufferSizeInBytes: "{{ .Values.broker.storageOffload.readBufferSizeInBytes }}"
{{- end }}
{{- end }}
{{- if eq .Values.broker.storageOffload.driver "azureblob" }}
managedLedgerOffloadDriver: "{{ .Values.broker.storageOffload.driver }}"
managedLedgerOffloadBucket: "{{ .Values.broker.storageOffload.bucket }}"
{{- if .Values.broker.storageOffload.managedLedgerOffloadAutoTriggerSizeThresholdBytes }}
PULSAR_PREFIX_managedLedgerOffloadThresholdInBytes: "{{ .Values.broker.storageOffload.managedLedgerOffloadAutoTriggerSizeThresholdBytes }}"
{{- end }}
{{- if .Values.broker.storageOffload.managedLedgerOffloadDeletionLagMs }}
PULSAR_PREFIX_managedLedgerOffloadDeletionLagInMillis: "{{ .Values.broker.storageOffload.managedLedgerOffloadDeletionLagMs }}"
{{- end }}
{{- if .Values.broker.storageOffload.maxBlockSizeInBytes }}
managedLedgerOffloadMaxBlockSizeInBytes: "{{ .Values.broker.storageOffload.maxBlockSizeInBytes }}"
{{- end }}
{{- end }}
{{- end }}
# Function Worker Settings
# function worker configuration
{{- if not .Values.components.functions }}
functionsWorkerEnabled: "false"
{{- end }}
{{- if .Values.components.functions }}
functionsWorkerEnabled: "true"
{{- if .Values.functions.useBookieAsStateStore }}
PF_stateStorageServiceUrl: "bk://{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}:{{ .Values.bookkeeper.ports.statestore }}"
{{- end }}
PF_functionRuntimeFactoryClassName: "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory"
PF_pulsarFunctionsCluster: {{ template "pulsar.cluster.name" . }}
PF_connectorsDirectory: ./connectors
PF_containerFactory: k8s
PF_numFunctionPackageReplicas: "{{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }}"
# support version >= 2.5.0
PF_functionRuntimeFactoryConfigs_pulsarRootDir: {{ template "pulsar.home" . }}
PF_kubernetesContainerFactory_pulsarRootDir: {{ template "pulsar.home" . }}
PF_functionRuntimeFactoryConfigs_pulsarDockerImageName: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.functions "root" .) }}"
PF_functionRuntimeFactoryConfigs_submittingInsidePod: "true"
PF_functionRuntimeFactoryConfigs_installUserCodeDependencies: "true"
PF_functionRuntimeFactoryConfigs_jobNamespace: {{ template "pulsar.namespace" . }}
PF_functionRuntimeFactoryConfigs_expectedMetricsCollectionInterval: "30"
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled .Values.tls.function_instance.enabled) }}
PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/"
PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/"
{{- else }}
PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/"
PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/"
{{- end }}
# support version < 2.5.0
PF_kubernetesContainerFactory_pulsarDockerImageName: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.functions "root" .) }}"
PF_kubernetesContainerFactory_submittingInsidePod: "true"
PF_kubernetesContainerFactory_installUserCodeDependencies: "true"
PF_kubernetesContainerFactory_jobNamespace: {{ template "pulsar.namespace" . }}
PF_kubernetesContainerFactory_expectedMetricsCollectionInterval: "30"
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled .Values.tls.function_instance.enabled) }}
PF_kubernetesContainerFactory_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/"
PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/"
{{- else }}
PF_kubernetesContainerFactory_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/"
PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/"
{{- end }}
{{- end }}
# prometheus needs to access /metrics endpoint
webServicePort: "{{ .Values.broker.ports.http }}"
{{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }}
brokerServicePort: "{{ .Values.broker.ports.pulsar }}"
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
brokerServicePortTls: "{{ .Values.broker.ports.pulsarssl }}"
webServicePortTls: "{{ .Values.broker.ports.https }}"
# TLS Settings
tlsCertificateFilePath: "/pulsar/certs/broker/tls.crt"
tlsKeyFilePath: "/pulsar/certs/broker/tls.key"
tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
{{- end }}
# Authentication Settings
{{- if .Values.auth.authentication.enabled }}
authenticationEnabled: "true"
{{- if .Values.auth.authorization.enabled }}
authorizationEnabled: "true"
superUserRoles: {{ .Values.auth.superUsers | values | compact | sortAlpha | join "," }}
{{- if .Values.auth.useProxyRoles }}
proxyRoles: {{ .Values.auth.superUsers.proxy }}
{{- end }}
{{- end }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
# token authentication configuration
authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken"
brokerClientAuthenticationParameters: "file:///pulsar/tokens/broker/token"
brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken"
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
tokenSecretKey: "file:///pulsar/keys/token/secret.key"
{{- else }}
tokenPublicKey: "file:///pulsar/keys/token/public.key"
{{- end }}
{{- end }}
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.bookie.enabled }}
# bookkeeper tls settings
bookkeeperTLSClientAuthentication: "true"
bookkeeperTLSKeyFileType: "PEM"
bookkeeperTLSKeyFilePath: "/pulsar/certs/broker/tls.key"
bookkeeperTLSCertificateFilePath: "/pulsar/certs/broker/tls.crt"
bookkeeperTLSTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
bookkeeperTLSTrustCertTypes: "PEM"
PULSAR_PREFIX_bookkeeperTLSClientAuthentication: "true"
PULSAR_PREFIX_bookkeeperTLSKeyFileType: "PEM"
PULSAR_PREFIX_bookkeeperTLSKeyFilePath: "/pulsar/certs/broker/tls.key"
PULSAR_PREFIX_bookkeeperTLSCertificateFilePath: "/pulsar/certs/broker/tls.crt"
PULSAR_PREFIX_bookkeeperTLSTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
PULSAR_PREFIX_bookkeeperTLSTrustCertTypes: "PEM"
# https://github.com/apache/bookkeeper/pull/2300
bookkeeperUseV2WireProtocol: "false"
{{- end }}
{{ toYaml .Values.broker.configData | indent 2 }}
{{- end }}

44
deployment/helm/milvus/charts/pulsar/templates/broker-hpa.yaml Normal file
View File

@@ -0,0 +1,44 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.broker.autoscaling.enabled }}
{{- if (semverCompare "<1.23-0" .Capabilities.KubeVersion.Version) }}
apiVersion: autoscaling/v2beta2
{{- else }}
apiVersion: autoscaling/v2
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
spec:
maxReplicas: {{ .Values.broker.autoscaling.maxReplicas }}
{{- with .Values.broker.autoscaling.metrics }}
metrics:
{{- toYaml . | nindent 4 }}
{{- end }}
minReplicas: {{ .Values.broker.autoscaling.minReplicas }}
{{- with .Values.broker.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
{{- end }}

42
deployment/helm/milvus/charts/pulsar/templates/broker-pdb.yaml Normal file
View File

@@ -0,0 +1,42 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
{{- if .Values.broker.pdb.usePolicy }}
# pdb version detection
{{- if semverCompare "<1.21-0" .Capabilities.KubeVersion.Version }}
apiVersion: policy/v1beta1
{{- else }}
apiVersion: policy/v1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.broker.component }}
spec:
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.broker.component }}
maxUnavailable: {{ .Values.broker.pdb.maxUnavailable }}
{{- end }}
{{- end }}

58
deployment/helm/milvus/charts/pulsar/templates/broker-podmonitor.yaml Normal file
View File

@@ -0,0 +1,58 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy broker PodMonitor only when `$.Values.broker.podMonitor.enabled` is true
{{- if $.Values.broker.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "pulsar.fullname" . }}-broker
labels:
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
jobLabel: broker
podMetricsEndpoints:
- port: http
path: /metrics
scheme: http
interval: {{ $.Values.broker.podMonitor.interval }}
scrapeTimeout: {{ $.Values.broker.podMonitor.scrapeTimeout }}
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: kubernetes_namespace
- sourceLabels: [__meta_kubernetes_pod_label_component]
action: replace
targetLabel: job
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: kubernetes_pod_name
{{- if $.Values.broker.podMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml $.Values.broker.podMonitor.metricRelabelings | nindent 8 }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: broker
{{- end }}

85
deployment/helm/milvus/charts/pulsar/templates/broker-psp.yaml Normal file
View File

@@ -0,0 +1,85 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-psp"
namespace: {{ template "pulsar.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-psp"
namespace: {{ template "pulsar.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-psp"
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'RunAsAny'
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
seLinux:
rule: 'RunAsAny'
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end}}

70
deployment/helm/milvus/charts/pulsar/templates/broker-rbac.yaml Normal file
View File

@@ -0,0 +1,70 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.functions }}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.functions.rbac.limit_to_namespace }}
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-role"
{{- else}}
kind: ClusterRole
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
{{- end}}
rules:
- apiGroups: [""]
resources:
- services
- configmaps
- pods
verbs:
- '*'
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.functions.rbac.limit_to_namespace }}
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-rolebinding"
{{- else}}
kind: ClusterRoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
{{- end}}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.functions.rbac.limit_to_namespace }}
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-role"
{{- else}}
kind: ClusterRole
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
{{- end}}
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
namespace: {{ template "pulsar.namespace" . }}
{{- end }}

50
deployment/helm/milvus/charts/pulsar/templates/broker-service-account.yaml Normal file
View File

@@ -0,0 +1,50 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.broker.component }}
annotations:
{{- with .Values.broker.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
---
{{- end }}
{{- if .Values.components.functions }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.functions.component }}
annotations:
{{- with .Values.functions.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
---
{{- end }}

50
deployment/helm/milvus/charts/pulsar/templates/broker-service.yaml Normal file
View File

@@ -0,0 +1,50 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.broker.component }}
annotations:
{{ toYaml .Values.broker.service.annotations | indent 4 }}
spec:
ports:
# prometheus needs to access /metrics endpoint
- name: http
port: {{ .Values.broker.ports.http }}
{{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }}
- name: "{{ .Values.tcpPrefix }}pulsar"
port: {{ .Values.broker.ports.pulsar }}
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
- name: https
port: {{ .Values.broker.ports.https }}
- name: "{{ .Values.tlsPrefix }}pulsarssl"
port: {{ .Values.broker.ports.pulsarssl }}
{{- end }}
clusterIP: None
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.broker.component }}
{{- end }}

333
deployment/helm/milvus/charts/pulsar/templates/broker-statefulset.yaml Normal file
View File

@@ -0,0 +1,333 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.broker }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.broker.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
{{- if not .Values.broker.autoscaling.enabled }}
replicas: {{ .Values.broker.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.broker.component }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.broker.component }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.broker.ports.http }}"
{{- if .Values.broker.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/broker-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.broker.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}-acct"
{{- if .Values.broker.nodeSelector }}
nodeSelector:
{{ toYaml .Values.broker.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.broker.tolerations }}
tolerations:
{{ toYaml .Values.broker.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if and .Values.affinity.anti_affinity .Values.broker.affinity.anti_affinity}}
podAntiAffinity:
{{ if eq .Values.broker.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}}
{{ .Values.broker.affinity.type }}:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.broker.component }}
topologyKey: {{ .Values.broker.affinity.anti_affinity_topology_key }}
{{ else }}
{{ .Values.broker.affinity.type }}:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.broker.component }}
topologyKey: {{ .Values.broker.affinity.anti_affinity_topology_key }}
{{ end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.broker.gracePeriod }}
initContainers:
# This init container will wait for zookeeper to be ready before
# deploying the bookies
- name: wait-zookeeper-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}"
imagePullPolicy: {{ .Values.images.broker.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >-
{{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }}
export BOOKIE_MEM="-Xmx128M";
{{- if .Values.pulsar_metadata.configurationStore }}
until bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.configurationStore.connect" . }} get {{ .Values.configurationStoreMetadataPrefix }}/admin/clusters/{{ template "pulsar.cluster.name" . }}; do
{{- end }}
{{- if not .Values.pulsar_metadata.configurationStore }}
until bin/bookkeeper org.apache.zookeeper.ZooKeeperMain -server {{ template "pulsar.zookeeper.connect" . }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster.name" . }}; do
{{- end }}
echo "pulsar cluster {{ template "pulsar.cluster.name" . }} isn't initialized yet ... check in 3 seconds ..." && sleep 3;
done;
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end }}
volumeMounts:
{{- include "pulsar.broker.certs.volumeMounts" . | nindent 8 }}
# This init container will wait for bookkeeper to be ready before
# deploying the broker
- name: wait-bookkeeper-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}"
imagePullPolicy: {{ .Values.images.broker.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >
{{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }}
bin/apply-config-from-env.py conf/bookkeeper.conf;
export BOOKIE_MEM="-Xmx128M";
until bin/bookkeeper shell whatisinstanceid; do
echo "bookkeeper cluster is not initialized yet. backoff for 3 seconds ...";
sleep 3;
done;
echo "bookkeeper cluster is already initialized";
bookieServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} | grep Name | wc -l)";
until [ ${bookieServiceNumber} -ge {{ .Values.broker.configData.managedLedgerDefaultEnsembleSize }} ]; do
echo "bookkeeper cluster {{ template "pulsar.cluster.name" . }} isn't ready yet ... check in 10 seconds ...";
sleep 10;
bookieServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }} | grep Name | wc -l)";
done;
echo "bookkeeper cluster is ready";
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end }}
volumeMounts:
{{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}"
imagePullPolicy: {{ .Values.images.broker.pullPolicy }}
{{- if .Values.broker.probe.liveness.enabled }}
livenessProbe:
httpGet:
path: /status.html
port: {{ .Values.broker.ports.http }}
initialDelaySeconds: {{ .Values.broker.probe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.broker.probe.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.broker.probe.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.broker.probe.liveness.failureThreshold }}
{{- end }}
{{- if .Values.broker.probe.readiness.enabled }}
readinessProbe:
httpGet:
path: /status.html
port: {{ .Values.broker.ports.http }}
initialDelaySeconds: {{ .Values.broker.probe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.broker.probe.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.broker.probe.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.broker.probe.readiness.failureThreshold }}
{{- end }}
{{- if .Values.broker.probe.startup.enabled }}
startupProbe:
httpGet:
path: /status.html
port: {{ .Values.broker.ports.http }}
initialDelaySeconds: {{ .Values.broker.probe.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.broker.probe.startup.periodSeconds }}
timeoutSeconds: {{ .Values.broker.probe.startup.timeoutSeconds }}
failureThreshold: {{ .Values.broker.probe.startup.failureThreshold }}
{{- end }}
{{- if .Values.broker.resources }}
resources:
{{ toYaml .Values.broker.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
{{- if .Values.broker.additionalCommand }}
{{ .Values.broker.additionalCommand }}
{{- end }}
bin/apply-config-from-env.py conf/broker.conf;
bin/gen-yml-from-env.py conf/functions_worker.yml;
echo "OK" > status;
{{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 10 }}
bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get {{ template "pulsar.broker.znode" . }};
while [ $? -eq 0 ]; do
echo "broker {{ template "pulsar.broker.hostname" . }} znode still exists ... check in 10 seconds ...";
sleep 10;
bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get {{ template "pulsar.broker.znode" . }};
done;
cat conf/pulsar_env.sh;
OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec bin/pulsar broker;
ports:
# prometheus needs to access /metrics endpoint
- name: http
containerPort: {{ .Values.broker.ports.http }}
{{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }}
- name: "{{ .Values.tcpPrefix }}pulsar"
containerPort: {{ .Values.broker.ports.pulsar }}
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
- name: https
containerPort: {{ .Values.broker.ports.https }}
- name: "{{ .Values.tlsPrefix }}pulsarssl"
containerPort: {{ .Values.broker.ports.pulsarssl }}
{{- end }}
{{- if .Values.broker.extreEnvs }}
env:
{{ toYaml .Values.broker.extreEnvs | indent 8 }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
volumeMounts:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- mountPath: "/pulsar/keys"
name: token-keys
readOnly: true
- mountPath: "/pulsar/tokens"
name: broker-token
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.broker.storageOffload.driver }}
{{- if eq .Values.broker.storageOffload.driver "google-cloud-storage" }}
- name: gcp-service-account
readOnly: true
mountPath: /pulsar/gcp-service-account
{{- end }}
{{- end }}
{{- if .Values.broker.extraVolumeMounts }}
{{ toYaml .Values.broker.extraVolumeMounts | indent 10 }}
{{- end }}
{{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }}
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end }}
env:
{{- if and .Values.broker.storageOffload (eq .Values.broker.storageOffload.driver "aws-s3") }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ .Values.broker.storageOffload.secret }}
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.broker.storageOffload.secret }}
key: AWS_SECRET_ACCESS_KEY
{{- end }}
{{- if and .Values.broker.storageOffload (eq .Values.broker.storageOffload.driver "azureblob") }}
- name: AZURE_STORAGE_ACCOUNT
valueFrom:
secretKeyRef:
name: {{ .Values.broker.storageOffload.secret }}
key: AZURE_STORAGE_ACCOUNT
- name: AZURE_STORAGE_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.broker.storageOffload.secret }}
key: AZURE_STORAGE_ACCESS_KEY
{{- end }}
volumes:
{{- if .Values.broker.extraVolumes }}
{{ toYaml .Values.broker.extraVolumes | indent 6 }}
{{- end }}
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- name: token-keys
secret:
{{- if not .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-asymmetric-key"
{{- end}}
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-symmetric-key"
{{- end}}
items:
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
- key: SECRETKEY
path: token/secret.key
{{- else }}
- key: PUBLICKEY
path: token/public.key
{{- end}}
- name: broker-token
secret:
secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.broker }}"
items:
- key: TOKEN
path: broker/token
{{- end}}
{{- end}}
{{- if .Values.broker.storageOffload.driver }}
{{- if eq .Values.broker.storageOffload.driver "google-cloud-storage" }}
- name: gcp-service-account
secret:
secretName: {{ .Values.broker.storageOffload.gcsServiceAccountSecret }}
{{- end }}
{{- end }}
{{- include "pulsar.broker.certs.volumes" . | nindent 6 }}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
{{- end }}

22
deployment/helm/milvus/charts/pulsar/templates/check_helm_version.yaml Normal file
View File

@@ -0,0 +1,22 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if semverCompare "<3.10.0-0" .Capabilities.HelmVersion.Version -}}
{{- fail "Your Helm version is not supported. Please upgrade to Helm 3.10.0 or later. The recommended version is currently 3.12.3 or newer. You can find more about Helm releases and installation at https://github.com/helm/helm/releases. " -}}
{{- end -}}

105
deployment/helm/milvus/charts/pulsar/templates/keytool.yaml Normal file
View File

@@ -0,0 +1,105 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# script to process key/cert to keystore and truststore
{{- if .Values.tls.zookeeper.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: keytool
data:
keytool.sh: |
#!/bin/bash
component=$1
name=$2
isClient=$3
crtFile=/pulsar/certs/${component}/tls.crt
keyFile=/pulsar/certs/${component}/tls.key
caFile=/pulsar/certs/ca/ca.crt
p12File=/pulsar/${component}.p12
keyStoreFile=/pulsar/${component}.keystore.jks
trustStoreFile=/pulsar/${component}.truststore.jks
function checkFile() {
local file=$1
local len=$(wc -c ${file} | awk '{print $1}')
echo "processing ${file} : len = ${len}"
if [ ! -f ${file} ]; then
echo "${file} is not found"
return -1
fi
if [ $len -le 0 ]; then
echo "${file} is empty"
return -1
fi
}
function ensureFileNotEmpty() {
local file=$1
until checkFile ${file}; do
echo "file isn't initialized yet ... check in 3 seconds ..." && sleep 3;
done;
}
ensureFileNotEmpty ${crtFile}
ensureFileNotEmpty ${keyFile}
ensureFileNotEmpty ${caFile}
PASSWORD=$(head /dev/urandom | base64 | head -c 24)
openssl pkcs12 \
-export \
-in ${crtFile} \
-inkey ${keyFile} \
-out ${p12File} \
-name ${name} \
-passout "pass:${PASSWORD}"
keytool -importkeystore \
-srckeystore ${p12File} \
-srcstoretype PKCS12 -srcstorepass "${PASSWORD}" \
-alias ${name} \
-destkeystore ${keyStoreFile} \
-deststorepass "${PASSWORD}"
keytool -import \
-file ${caFile} \
-storetype JKS \
-alias ${name} \
-keystore ${trustStoreFile} \
-storepass "${PASSWORD}" \
-trustcacerts -noprompt
ensureFileNotEmpty ${keyStoreFile}
ensureFileNotEmpty ${trustStoreFile}
if [[ "x${isClient}" == "xtrue" ]]; then
echo $'\n' >> conf/pulsar_env.sh
echo "PULSAR_EXTRA_OPTS=\"\${PULSAR_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh
echo $'\n' >> conf/bkenv.sh
echo "BOOKIE_EXTRA_OPTS=\"\${BOOKIE_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/bkenv.sh
else
echo $'\n' >> conf/pulsar_env.sh
echo "PULSAR_EXTRA_OPTS=\"\${PULSAR_EXTRA_OPTS} -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.password=${PASSWORD} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.password=${PASSWORD}\"" >> conf/pulsar_env.sh
fi
{{- end }}

25
deployment/helm/milvus/charts/pulsar/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,25 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.namespaceCreate }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ template "pulsar.namespace" . }}
{{- end }}

86
deployment/helm/milvus/charts/pulsar/templates/proxy-configmap.yaml Normal file
View File

@@ -0,0 +1,86 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.proxy }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
data:
clusterName: {{ template "pulsar.cluster.name" . }}
statusFilePath: "{{ template "pulsar.home" . }}/status"
# prometheus needs to access /metrics endpoint
webServicePort: "{{ .Values.proxy.ports.containerPorts.http }}"
{{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }}
servicePort: "{{ .Values.proxy.ports.pulsar }}"
brokerServiceURL: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}
brokerWebServiceURL: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
tlsEnabledInProxy: "true"
servicePortTls: "{{ .Values.proxy.ports.pulsarssl }}"
webServicePortTls: "{{ .Values.proxy.ports.containerPorts.https }}"
tlsCertificateFilePath: "/pulsar/certs/proxy/tls.crt"
tlsKeyFilePath: "/pulsar/certs/proxy/tls.key"
tlsTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
# if broker enables TLS, configure proxy to talk to broker using TLS
brokerServiceURLTLS: pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}
brokerWebServiceURLTLS: https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}
tlsEnabledWithBroker: "true"
tlsCertRefreshCheckDurationSec: "300"
brokerClientTrustCertsFilePath: "/pulsar/certs/ca/ca.crt"
{{- end }}
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }}
brokerServiceURL: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}
brokerWebServiceURL: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}
{{- end }}
{{- end }}
# Authentication Settings
{{- if .Values.auth.authentication.enabled }}
authenticationEnabled: "true"
{{- if .Values.auth.authorization.enabled }}
# disable authorization on proxy and forward authorization credentials to broker
authorizationEnabled: "false"
forwardAuthorizationCredentials: "true"
{{- if .Values.auth.useProxyRoles }}
superUserRoles: {{ omit .Values.auth.superUsers "proxy" | values | compact | sortAlpha | join "," }}
{{- else }}
superUserRoles: {{ .Values.auth.superUsers | values | compact | sortAlpha | join "," }}
{{- end }}
{{- end }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
# token authentication configuration
authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken"
brokerClientAuthenticationParameters: "file:///pulsar/tokens/proxy/token"
brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken"
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
tokenSecretKey: "file:///pulsar/keys/token/secret.key"
{{- else }}
tokenPublicKey: "file:///pulsar/keys/token/public.key"
{{- end }}
{{- end }}
{{- end }}
{{ toYaml .Values.proxy.configData | indent 2 }}
{{- end }}

44
deployment/helm/milvus/charts/pulsar/templates/proxy-hpa.yaml Normal file
View File

@@ -0,0 +1,44 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.proxy.autoscaling.enabled }}
{{- if (semverCompare "<1.23-0" .Capabilities.KubeVersion.Version) }}
apiVersion: autoscaling/v2beta2
{{- else }}
apiVersion: autoscaling/v2
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
spec:
maxReplicas: {{ .Values.proxy.autoscaling.maxReplicas }}
{{- with .Values.proxy.autoscaling.metrics }}
metrics:
{{- toYaml . | nindent 4 }}
{{- end }}
minReplicas: {{ .Values.proxy.autoscaling.minReplicas }}
{{- with .Values.proxy.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- end }}

76
deployment/helm/milvus/charts/pulsar/templates/proxy-ingress.yaml Normal file
View File

@@ -0,0 +1,76 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.proxy.ingress.enabled }}
{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }}
apiVersion: extensions/v1beta1
{{- else }}
apiVersion: networking.k8s.io/v1
{{- end }}
kind: Ingress
metadata:
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
annotations:
{{- with .Values.proxy.ingress.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
{{- with .Values.proxy.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.proxy.ingress.tls.enabled }}
tls:
- hosts:
- {{ .Values.proxy.ingress.hostname }}
{{- with .Values.proxy.ingress.tls.secretName }}
secretName: {{ . }}
{{- end }}
{{- end }}
rules:
- http:
paths:
- path: {{ .Values.proxy.ingress.path }}
{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }}
backend:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
servicePort: {{ .Values.proxy.ports.https }}
{{- else }}
servicePort: {{ .Values.proxy.ports.http }}
{{- end }}
{{- else }}
pathType: ImplementationSpecific
backend:
service:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
port:
{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
number: {{ .Values.proxy.ports.https }}
{{- else }}
number: {{ .Values.proxy.ports.http }}
{{- end }}
{{- end }}
{{- if .Values.proxy.ingress.hostname }}
host: {{ .Values.proxy.ingress.hostname }}
{{- end }}
{{- end }}

42
deployment/helm/milvus/charts/pulsar/templates/proxy-pdb.yaml Normal file
View File

@@ -0,0 +1,42 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.proxy }}
{{- if .Values.proxy.pdb.usePolicy }}
# pdb version detection
{{- if semverCompare "<1.21-0" .Capabilities.KubeVersion.Version }}
apiVersion: policy/v1beta1
{{- else }}
apiVersion: policy/v1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
spec:
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.proxy.component }}
maxUnavailable: {{ .Values.proxy.pdb.maxUnavailable }}
{{- end }}
{{- end }}

58
deployment/helm/milvus/charts/pulsar/templates/proxy-podmonitor.yaml Normal file
View File

@@ -0,0 +1,58 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy proxy PodMonitor only when `$.Values.proxy.podMonitor.enabled` is true
{{- if $.Values.proxy.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "pulsar.fullname" . }}-proxy
labels:
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
jobLabel: proxy
podMetricsEndpoints:
- port: http
path: /metrics
scheme: http
interval: {{ $.Values.proxy.podMonitor.interval }}
scrapeTimeout: {{ $.Values.proxy.podMonitor.scrapeTimeout }}
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: kubernetes_namespace
- sourceLabels: [__meta_kubernetes_pod_label_component]
action: replace
targetLabel: job
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: kubernetes_pod_name
{{- if $.Values.proxy.podMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml $.Values.proxy.podMonitor.metricRelabelings | nindent 8 }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: proxy
{{- end }}

85
deployment/helm/milvus/charts/pulsar/templates/proxy-psp.yaml Normal file
View File

@@ -0,0 +1,85 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'RunAsAny'
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
seLinux:
rule: 'RunAsAny'
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end}}

33
deployment/helm/milvus/charts/pulsar/templates/proxy-service-account.yaml Normal file
View File

@@ -0,0 +1,33 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.proxy }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
annotations:
{{- with .Values.proxy.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}

68
deployment/helm/milvus/charts/pulsar/templates/proxy-service.yaml Normal file
View File

@@ -0,0 +1,68 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.proxy }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
annotations:
{{- with .Values.proxy.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.proxy.service.type }}
{{- with .Values.proxy.service.loadBalancerIP }}
loadBalancerIP: {{ . }}
{{- end }}
{{- if .Values.proxy.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.proxy.service.externalTrafficPolicy }}
{{- end }}
{{- if .Values.proxy.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.proxy.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
{{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }}
- name: http
port: {{ .Values.proxy.ports.http }}
protocol: TCP
targetPort: sts-http
- name: "{{ .Values.tcpPrefix }}pulsar"
port: {{ .Values.proxy.ports.pulsar }}
protocol: TCP
targetPort: "sts-{{ .Values.tcpPrefix }}pulsar"
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
- name: https
port: {{ .Values.proxy.ports.https }}
protocol: TCP
targetPort: sts-https
- name: "{{ .Values.tlsPrefix }}pulsarssl"
port: {{ .Values.proxy.ports.pulsarssl }}
protocol: TCP
targetPort: "sts-{{ .Values.tlsPrefix }}pulsarssl"
{{- end }}
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
{{- end }}

290
deployment/helm/milvus/charts/pulsar/templates/proxy-statefulset.yaml Normal file
View File

@@ -0,0 +1,290 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.proxy }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.proxy.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- if not .Values.proxy.autoscaling.enabled }}
replicas: {{ .Values.proxy.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.proxy.component }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.proxy.component }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.proxy.ports.http }}"
{{- if .Values.proxy.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/proxy-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.proxy.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.proxy.nodeSelector }}
nodeSelector:
{{ toYaml .Values.proxy.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.proxy.tolerations }}
tolerations:
{{ toYaml .Values.proxy.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if and .Values.affinity.anti_affinity .Values.proxy.affinity.anti_affinity}}
podAntiAffinity:
{{ if eq .Values.proxy.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}}
{{ .Values.proxy.affinity.type }}:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.proxy.component }}
topologyKey: {{ .Values.proxy.affinity.anti_affinity_topology_key }}
{{ else }}
{{ .Values.proxy.affinity.type }}:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.proxy.component }}
topologyKey: {{ .Values.proxy.affinity.anti_affinity_topology_key }}
{{ end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.proxy.gracePeriod }}
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
initContainers:
# This init container will wait for zookeeper to be ready before
# deploying the bookies
- name: wait-zookeeper-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >-
export PULSAR_MEM="-Xmx128M";
{{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }}
until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do
echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3;
done;
{{ else }}
until bin/pulsar zookeeper-shell -server {{ template "pulsar.configurationStore.service" . }} get {{ .Values.metadataPrefix }}/admin/clusters/{{ template "pulsar.cluster.name" . }}; do
sleep 3;
done;
{{- end}}
# This init container will wait for at least one broker to be ready before
# deploying the proxy
- name: wait-broker-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >-
set -e;
brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)";
until [ ${brokerServiceNumber} -ge 1 ]; do
echo "pulsar cluster {{ template "pulsar.cluster.name" . }} isn't initialized yet ... check in 10 seconds ...";
sleep 10;
brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)";
done;
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
{{- if .Values.proxy.probe.liveness.enabled }}
livenessProbe:
httpGet:
path: /status.html
port: {{ .Values.proxy.ports.containerPorts.http }}
initialDelaySeconds: {{ .Values.proxy.probe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.proxy.probe.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.proxy.probe.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.proxy.probe.liveness.failureThreshold }}
{{- end }}
{{- if .Values.proxy.probe.readiness.enabled }}
readinessProbe:
httpGet:
path: /status.html
port: {{ .Values.proxy.ports.containerPorts.http }}
initialDelaySeconds: {{ .Values.proxy.probe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.proxy.probe.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.proxy.probe.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.proxy.probe.readiness.failureThreshold }}
{{- end }}
{{- if .Values.proxy.probe.startup.enabled }}
startupProbe:
httpGet:
path: /status.html
port: {{ .Values.proxy.ports.containerPorts.http }}
initialDelaySeconds: {{ .Values.proxy.probe.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.proxy.probe.startup.periodSeconds }}
timeoutSeconds: {{ .Values.proxy.probe.startup.timeoutSeconds }}
failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }}
{{- end }}
{{- if .Values.proxy.resources }}
resources:
{{ toYaml .Values.proxy.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
{{- if .Values.proxy.additionalCommand }}
{{ .Values.proxy.additionalCommand }}
{{- end }}
bin/apply-config-from-env.py conf/proxy.conf &&
echo "OK" > status &&
OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec bin/pulsar proxy
ports:
# prometheus needs to access /metrics endpoint
- name: sts-http
containerPort: {{ .Values.proxy.ports.containerPorts.http }}
{{- if or (not .Values.tls.enabled) (not .Values.tls.proxy.enabled) }}
- name: "sts-{{ .Values.tcpPrefix }}pulsar"
containerPort: {{ .Values.proxy.ports.pulsar }}
{{- end }}
{{- if and (.Values.tls.enabled) (.Values.tls.proxy.enabled) }}
- name: sts-https
containerPort: {{ .Values.proxy.ports.containerPorts.https }}
- name: "sts-{{ .Values.tlsPrefix }}pulsarssl"
containerPort: {{ .Values.proxy.ports.pulsarssl }}
{{- end }}
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end }}
{{- if .Values.proxy.extreEnvs }}
env:
{{ toYaml .Values.proxy.extreEnvs | indent 8 }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- if or .Values.proxy.extraVolumeMounts .Values.auth.authentication.enabled (and .Values.tls.enabled (or .Values.tls.proxy.enabled .Values.tls.broker.enabled)) }}
volumeMounts:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- mountPath: "/pulsar/keys"
name: token-keys
readOnly: true
- mountPath: "/pulsar/tokens"
name: proxy-token
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.tls.proxy.enabled }}
- mountPath: "/pulsar/certs/proxy"
name: proxy-certs
readOnly: true
{{- end}}
{{- if .Values.tls.enabled }}
- mountPath: "/pulsar/certs/ca"
name: ca
readOnly: true
{{- end}}
{{- if .Values.proxy.extraVolumeMounts }}
{{ toYaml .Values.proxy.extraVolumeMounts | indent 10 }}
{{- end }}
{{- end}}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
{{- if or .Values.proxy.extraVolumes .Values.auth.authentication.enabled (and .Values.tls.enabled .Values.tls.proxy.enabled) }}
volumes:
{{- if .Values.proxy.extraVolumes }}
{{ toYaml .Values.proxy.extraVolumes | indent 8 }}
{{- end }}
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- name: token-keys
secret:
{{- if not .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-asymmetric-key"
{{- end}}
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-symmetric-key"
{{- end}}
items:
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
- key: SECRETKEY
path: token/secret.key
{{- else }}
- key: PUBLICKEY
path: token/public.key
{{- end}}
- name: proxy-token
secret:
secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.proxy }}"
items:
- key: TOKEN
path: proxy/token
{{- end}}
{{- end}}
{{- if .Values.tls.proxy.enabled }}
- name: ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
- name: proxy-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
{{- end}}
{{- end}}
{{- end }}

138
deployment/helm/milvus/charts/pulsar/templates/pulsar-cluster-initialize.yaml Normal file
View File

@@ -0,0 +1,138 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if or .Release.IsInstall .Values.initialize }}
{{- if .Values.components.broker }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_metadata.component }}
spec:
# This feature was previously behind a feature gate for several Kubernetes versions and will default to true in 1.23 and beyond
# https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
{{- if .Values.job.ttl.enabled }}
ttlSecondsAfterFinished: {{ .Values.job.ttl.secondsAfterFinished }}
{{- end }}
template:
spec:
{{- include "pulsar.imagePullSecrets" . | nindent 6 }}
{{- if .Values.pulsar_metadata.nodeSelector }}
nodeSelector:
{{ toYaml .Values.pulsar_metadata.nodeSelector | indent 8 }}
{{- end }}
initContainers:
{{- if .Values.pulsar_metadata.configurationStore }}
- name: wait-cs-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}"
imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >-
until nslookup {{ .Values.pulsar_metadata.configurationStore}}; do
sleep 3;
done;
{{- end }}
- name: wait-zookeeper-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}"
imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >-
{{- if $zk:=.Values.pulsar_metadata.userProvidedZookeepers }}
export PULSAR_MEM="-Xmx128M";
until bin/pulsar zookeeper-shell -server {{ $zk }} ls {{ or .Values.metadataPrefix "/" }}; do
echo "user provided zookeepers {{ $zk }} are unreachable... check in 3 seconds ..." && sleep 3;
done;
{{ else }}
until nslookup {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ add (.Values.zookeeper.replicaCount | int) -1 }}.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}; do
sleep 3;
done;
{{- end}}
# This initContainer will wait for bookkeeper initnewcluster to complete
# before initializing pulsar metadata
- name: pulsar-bookkeeper-verify-clusterid
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}"
imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 10 }}
command: ["sh", "-c"]
args:
- >
bin/apply-config-from-env.py conf/bookkeeper.conf;
echo Default BOOKIE_MEM settings are set very high, which can cause the init container to fail.;
echo Setting the memory to a lower value to avoid OOM as operations below are not memory intensive.;
export BOOKIE_MEM="-Xmx128M";
{{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }}
until bin/bookkeeper shell whatisinstanceid; do
sleep 3;
done;
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
volumeMounts:
{{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}"
imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }}
{{- if .Values.pulsar_metadata.resources }}
resources:
{{ toYaml .Values.pulsar_metadata.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- |
{{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }}
export PULSAR_MEM="-Xmx128M";
bin/pulsar initialize-cluster-metadata \
--cluster {{ template "pulsar.cluster.name" . }} \
--zookeeper {{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }} \
{{- if .Values.pulsar_metadata.configurationStore }}
--configuration-store {{ template "pulsar.configurationStore.connect" . }}{{ .Values.pulsar_metadata.configurationStoreMetadataPrefix }} \
{{- end }}
{{- if not .Values.pulsar_metadata.configurationStore }}
--configuration-store {{ template "pulsar.zookeeper.connect" . }}{{ .Values.metadataPrefix }} \
{{- end }}
--web-service-url http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.broker.ports.http }}/ \
--web-service-url-tls https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.broker.ports.https }}/ \
--broker-service-url pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.broker.ports.pulsar }}/ \
--broker-service-url-tls pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.broker.ports.pulsarssl }}/ ;
{{- if .Values.extraInitCommand }}
{{ .Values.extraInitCommand }}
{{- end }}
volumeMounts:
{{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }}
volumes:
{{- include "pulsar.toolset.certs.volumes" . | nindent 6 }}
restartPolicy: OnFailure
{{- if .Values.pulsar_metadata.nodeSelector }}
nodeSelector:
{{ toYaml .Values.pulsar_metadata.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.pulsar_metadata.tolerations }}
tolerations:
{{ toYaml .Values.pulsar_metadata.tolerations | indent 8 }}
{{- end }}
{{- end }}
{{- end }}

56
deployment/helm/milvus/charts/pulsar/templates/pulsar-manager-admin-secret.yaml Normal file
View File

@@ -0,0 +1,56 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.pulsar_manager }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret"
namespace: {{ template "pulsar.namespace" . }}
labels:
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
component: {{ .Values.pulsar_manager.component }}
cluster: {{ template "pulsar.fullname" . }}
"helm.sh/resource-policy": "keep" # do not remove when uninstalling to keep it for next install
type: Opaque
data:
{{/* https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918 */}}
{{- $namespace := include "pulsar.namespace" . -}}
{{- $fullname := include "pulsar.fullname" . -}}
{{- $secretName := printf "%s-%s-secret" $fullname .Values.pulsar_manager.component -}}
{{- $secretObj := lookup "v1" "Secret" $namespace $secretName | default dict }}
{{- $secretData := (get $secretObj "data") | default dict }}
{{- $ui_user := ((get $secretData "UI_USERNAME") | b64dec) | default (.Values.pulsar_manager.admin.ui_username) | default ("pulsar") | b64enc }}
{{- $ui_password := ((get $secretData "UI_PASSWORD") | b64dec) | default (.Values.pulsar_manager.admin.ui_password) | default (randAlphaNum 32) | b64enc }}
UI_USERNAME: {{ $ui_user | quote }}
UI_PASSWORD: {{ $ui_password | quote }}
{{- $db_user := ((get $secretData "DB_USERNAME") | b64dec) | default (.Values.pulsar_manager.admin.db_username) | default ("pulsar") | b64enc }}
{{- $db_password := ((get $secretData "DB_PASSWORD") | b64dec) | default (.Values.pulsar_manager.admin.db_password) | default (randAlphaNum 32) | b64enc }}
DB_USERNAME: {{ $db_user | quote }}
DB_PASSWORD: {{ $db_password | quote }}
{{- end }}

162
deployment/helm/milvus/charts/pulsar/templates/pulsar-manager-cluster-initialize.yaml Normal file
View File

@@ -0,0 +1,162 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if or .Release.IsInstall .Values.initialize }}
{{- if .Values.components.pulsar_manager }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-init"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}-init
spec:
{{- if or .Values.job.ttl.enabled (semverCompare ">=1.23-0" .Capabilities.KubeVersion.Version) }}
ttlSecondsAfterFinished: {{ .Values.job.ttl.secondsAfterFinished | default 600 }}
{{- end }}
template:
spec:
nodeSelector:
{{- if .Values.pulsar_metadata.nodeSelector }}
{{ toYaml .Values.pulsar_metadata.nodeSelector | indent 8 }}
{{- end }}
tolerations:
{{- if .Values.pulsar_metadata.tolerations }}
{{ toYaml .Values.pulsar_metadata.tolerations | indent 8 }}
{{- end }}
restartPolicy: OnFailure
initContainers:
- name: wait-pulsar-manager-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}"
imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 12 }}
command: [ "sh", "-c" ]
args:
- |
ADMIN_URL={{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-admin:{{ .Values.pulsar_manager.adminService.port }}
until $(curl -sS --fail -X GET http://${ADMIN_URL} > /dev/null 2>&1); do
sleep 3;
done;
# This init container will wait for at least one broker to be ready before
# initializing the pulsar-manager
- name: wait-broker-ready
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}"
imagePullPolicy: {{ .Values.images.proxy.pullPolicy }}
resources: {{ toYaml .Values.initContainer.resources | nindent 12 }}
command: [ "sh", "-c" ]
args:
- >-
set -e;
brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)";
until [ ${brokerServiceNumber} -ge 1 ]; do
echo "pulsar cluster {{ template "pulsar.cluster.name" . }} isn't initialized yet ... check in 10 seconds ...";
sleep 10;
brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)";
done;
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-init"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}"
imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }}
{{- if .Values.pulsar_metadata.resources }}
resources: {{ toYaml .Values.pulsar_metadata.resources | nindent 12 }}
{{- end }}
command: [ "sh", "-c" ]
args:
- |
ADMIN_URL={{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-admin:{{ .Values.pulsar_manager.adminService.port }}
CSRF_TOKEN=$(curl http://${ADMIN_URL}/pulsar-manager/csrf-token)
UI_URL={{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}:{{ .Values.pulsar_manager.service.port }}
{{/* check if account is already existing */}}
LOGIN_REPLY=$(curl -v \
-X POST http://${UI_URL}/pulsar-manager/login \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json' \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN" \
-sS -D headers.txt \
-d '{"username": "'${USERNAME}'", "password": "'${PASSWORD}'"}')
echo "$LOGIN_REPLY"
if [ -n "$(echo "$LOGIN_REPLY" | grep 'success')" ]; then
echo "account already exists"
else
echo "creating account"
{{/* set admin credentials */}}
curl -v \
-X PUT http://${ADMIN_URL}/pulsar-manager/users/superuser \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \
-H 'Content-Type: application/json' \
-d '{"name": "'"${USERNAME}"'", "password": "'"${PASSWORD}"'", "description": "Helm-managed Admin Account", "email": "'"${USERNAME}"'@pulsar.org"}'
{{/* login as admin */}}
LOGIN_REPLY=$(curl -v \
-X POST http://${UI_URL}/pulsar-manager/login \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json' \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN" \
-sS -D headers.txt \
-d '{"username": "'${USERNAME}'", "password": "'${PASSWORD}'"}')
echo "$LOGIN_REPLY"
fi
LOGIN_TOKEN=$(grep "token:" headers.txt | sed 's/^.*: //')
LOGIN_JSESSSIONID=$(grep -o "JSESSIONID=[a-zA-Z0-9_]*" headers.txt | sed 's/^.*=//')
{{/* create environment */}}
{{- if or (not .Values.tls.enabled) (not .Values.tls.broker.enabled) }}
BROKER_URL="http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}"
{{- else }}
BROKER_URL="https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}"
{{- end }}
BOOKIE_URL="http://{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}:{{ .Values.bookkeeper.ports.http }}"
echo '{ "name": "{{ template "pulsar.fullname" . }}", "broker": "'$BROKER_URL'", "bookie": "'$BOOKIE_URL'"}'
ENVIRONMENT_REPLY=$(curl -v \
-X PUT http://${UI_URL}/pulsar-manager/environments/environment \
-H 'Content-Type: application/json' \
-H "token: $LOGIN_TOKEN" \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "username: $USERNAME" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN; JSESSIONID=$LOGIN_JSESSSIONID;" \
-d '{ "name": "{{ template "pulsar.fullname" . }}", "broker": "'$BROKER_URL'", "bookie": "'$BOOKIE_URL'"}')
echo "$ENVIRONMENT_REPLY"
if [ -n "$(echo "$ENVIRONMENT_REPLY" | grep -e 'success' -e 'exist')" ]; then
echo "Successfully created / found existing environment"
exit 0
else
echo "Error creating environment"
exit 1
fi
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret"
key: UI_USERNAME
- name: PASSWORD
valueFrom:
secretKeyRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret"
key: UI_PASSWORD
{{- end }}
{{- end }}

31
deployment/helm/milvus/charts/pulsar/templates/pulsar-manager-configmap.yaml Normal file
View File

@@ -0,0 +1,31 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.pulsar_manager }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
data:
{{ toYaml .Values.pulsar_manager.configData | indent 2 }}
{{- end }}

68
deployment/helm/milvus/charts/pulsar/templates/pulsar-manager-ingress.yaml Normal file
View File

@@ -0,0 +1,68 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.pulsar_manager.ingress.enabled }}
{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }}
apiVersion: extensions/v1beta1
{{- else }}
apiVersion: networking.k8s.io/v1
{{- end }}
kind: Ingress
metadata:
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
annotations:
{{- with .Values.pulsar_manager.ingress.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
{{- with .Values.pulsar_manager.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.pulsar_manager.ingress.tls.enabled }}
tls:
- hosts:
- {{ .Values.pulsar_manager.ingress.hostname }}
{{- with .Values.pulsar_manager.ingress.tls.secretName }}
secretName: {{ . }}
{{- end }}
{{- end }}
rules:
- http:
paths:
- path: {{ .Values.pulsar_manager.ingress.path }}
{{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }}
backend:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
servicePort: {{ .Values.pulsar_manager.service.targetPort }}
{{- else }}
pathType: ImplementationSpecific
backend:
service:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
port:
number: {{ .Values.pulsar_manager.service.targetPort }}
{{- end }}
{{- if .Values.pulsar_manager.ingress.hostname }}
host: {{ .Values.pulsar_manager.ingress.hostname }}
{{- end }}
{{- end }}

71
deployment/helm/milvus/charts/pulsar/templates/pulsar-manager-service.yaml Normal file
View File

@@ -0,0 +1,71 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.pulsar_manager }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
annotations:
{{ toYaml .Values.pulsar_manager.service.annotations | indent 4 }}
spec:
type: {{ .Values.pulsar_manager.service.type }}
{{- if .Values.pulsar_manager.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.pulsar_manager.service.externalTrafficPolicy }}
{{- end }}
{{- if .Values.pulsar_manager.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ toYaml .Values.pulsar_manager.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
ports:
- name: server
port: {{ .Values.pulsar_manager.service.port }}
targetPort: {{ .Values.pulsar_manager.service.targetPort }}
protocol: TCP
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
---
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-admin"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
annotations:
{{ toYaml .Values.pulsar_manager.adminService.annotations | indent 4 }}
spec:
type: {{ .Values.pulsar_manager.adminService.type }}
ports:
- port: {{ .Values.pulsar_manager.adminService.port }}
targetPort: {{ .Values.pulsar_manager.adminService.targetPort }}
protocol: TCP
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
{{- end }}

164
deployment/helm/milvus/charts/pulsar/templates/pulsar-manager-statefulset.yaml Normal file
View File

@@ -0,0 +1,164 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.pulsar_manager }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.pulsar_manager.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
replicas: 1
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.pulsar_manager.component }}
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.pulsar_manager.component }}
annotations:
{{- if .Values.pulsar_manager.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/pulsar-manager-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.pulsar_manager.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.pulsar_manager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.pulsar_manager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.pulsar_manager.tolerations }}
tolerations:
{{ toYaml .Values.pulsar_manager.tolerations | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.pulsar_manager.gracePeriod }}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
image: "{{ .Values.images.pulsar_manager.repository }}:{{ .Values.images.pulsar_manager.tag }}"
imagePullPolicy: {{ .Values.images.pulsar_manager.pullPolicy }}
{{- if .Values.pulsar_manager.resources }}
resources:
{{ toYaml .Values.pulsar_manager.resources | indent 12 }}
{{- end }}
ports:
- containerPort: {{ .Values.pulsar_manager.service.targetPort }}
- containerPort: {{ .Values.pulsar_manager.adminService.targetPort }}
volumeMounts:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }}"
mountPath: /data
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- name: pulsar-manager-keys
mountPath: /pulsar-manager/keys
{{- end }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}"
env:
- name: PULSAR_CLUSTER
value: {{ template "pulsar.fullname" . }}
- name: USERNAME
valueFrom:
secretKeyRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret"
key: DB_USERNAME
- name: PASSWORD
valueFrom:
secretKeyRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-secret"
key: DB_PASSWORD
- name: PULSAR_MANAGER_OPTS
value: "$(PULSAR_MANAGER_OPTS) -Dlog4j2.formatMsgNoLookups=true"
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
{{- if .Values.auth.superUsers.manager }}
- name: JWT_TOKEN
valueFrom:
secretKeyRef:
key: TOKEN
name: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.manager }}"
{{- end }}
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
- name: SECRET_KEY
value: file:///pulsar-manager/keys/token/secret.key
{{- else }}
- name: PRIVATE_KEY
value: file:///pulsar-manager/keys/token/private.key
- name: PUBLIC_KEY
value: file:///pulsar-manager/keys/token/public.key
{{- end }}
{{- end }}
{{- end }}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
volumes:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- name: pulsar-manager-keys
secret:
defaultMode: 420
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
secretName: "{{ .Release.Name }}-token-symmetric-key"
{{- else }}
secretName: "{{ .Release.Name }}-token-asymmetric-key"
{{- end }}
items:
{{- if .Values.auth.authentication.jwt.usingSecretKey }}
- key: SECRETKEY
path: token/secret.key
{{- else }}
- key: PRIVATEKEY
path: token/private.key
- key: PUBLICKEY
path: token/public.key
{{- end }}
{{- end }}
{{- end }}
{{- if not (and (and .Values.persistence .Values.volumes.persistence) .Values.pulsar_manager.volumes.persistence) }}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }}"
emptyDir: {}
{{- end }}
{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.pulsar_manager.volumes.persistence }}
volumeClaimTemplates:
- metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_manager.component }}-{{ .Values.pulsar_manager.volumes.data.name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.pulsar_manager.volumes.data.size }}
{{- if .Values.pulsar_manager.volumes.data.storageClassName }}
storageClassName: "{{ .Values.pulsar_manager.volumes.data.storageClassName }}"
{{- else if and .Values.volumes.local_storage .Values.pulsar_manager.volumes.data.local_storage }}
storageClassName: "local-storage"
{{- end }}
{{- with .Values.pulsar_manager.volumes.data.selector }}
selector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

64
deployment/helm/milvus/charts/pulsar/templates/tls-cert-internal-issuer.yaml Normal file
View File

@@ -0,0 +1,64 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.certs.internal_issuer.enabled }}
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Issuer
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
selfSigned: {}
---
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-ca"
namespace: {{ template "pulsar.namespace" . }}
spec:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
commonName: "{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
duration: "{{ .Values.certs.internal_issuer.duration }}"
renewBefore: "{{ .Values.certs.internal_issuer.renewBefore }}"
usages:
- server auth
- client auth
isCA: true
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
---
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Issuer
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
namespace: {{ template "pulsar.namespace" . }}
spec:
ca:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
{{- end }}
{{- end }}

277
deployment/helm/milvus/charts/pulsar/templates/tls-certs-internal.yaml Normal file
View File

@@ -0,0 +1,277 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.tls.enabled }}
{{- if .Values.certs.internal_issuer.enabled }}
{{- if .Values.tls.proxy.enabled }}
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.proxy.cert_name }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
# Secret names are always required.
secretName: "{{ .Release.Name }}-{{ .Values.tls.proxy.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
# At least one of a DNS Name, USI SAN, or IP address is required.
dnsNames:
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
{{- if .Values.tls.proxy.dnsNames }}
{{ toYaml .Values.tls.proxy.dnsNames | indent 4 }}
{{- end }}
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
---
{{- end }}
{{- if or .Values.tls.broker.enabled (or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled) }}
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.broker.cert_name }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
# Secret names are always required.
secretName: "{{ .Release.Name }}-{{ .Values.tls.broker.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
# At least one of a DNS Name, USI SAN, or IP address is required.
dnsNames:
{{- if .Values.tls.broker.dnsNames }}
{{ toYaml .Values.tls.broker.dnsNames | indent 4 }}
{{- end}}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
---
{{- end }}
{{- if or .Values.tls.bookie.enabled .Values.tls.zookeeper.enabled }}
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.bookie.cert_name }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
# Secret names are always required.
secretName: "{{ .Release.Name }}-{{ .Values.tls.bookie.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
dnsNames:
{{- if .Values.tls.bookie.dnsNames }}
{{ toYaml .Values.tls.bookie.dnsNames | indent 4 }}
{{- end }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
---
{{- end }}
{{- if .Values.tls.zookeeper.enabled }}
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.autorecovery.cert_name }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
# Secret names are always required.
secretName: "{{ .Release.Name }}-{{ .Values.tls.autorecovery.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
dnsNames:
{{- if .Values.tls.autorecovery.dnsNames }}
{{ toYaml .Values.tls.autorecovery.dnsNames | indent 4 }}
{{- end }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
---
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.toolset.cert_name }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
# Secret names are always required.
secretName: "{{ .Release.Name }}-{{ .Values.tls.toolset.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
dnsNames:
{{- if .Values.tls.toolset.dnsNames }}
{{ toYaml .Values.tls.toolset.dnsNames | indent 4 }}
{{- end }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
---
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
kind: Certificate
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.tls.zookeeper.cert_name }}"
namespace: {{ template "pulsar.namespace" . }}
spec:
# Secret names are always required.
secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}"
duration: "{{ .Values.tls.common.duration }}"
renewBefore: "{{ .Values.tls.common.renewBefore }}"
subject:
organizations:
{{ toYaml .Values.tls.common.organization | indent 4 }}
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
isCA: false
privateKey:
size: {{ .Values.tls.common.keySize }}
algorithm: {{ .Values.tls.common.keyAlgorithm }}
encoding: {{ .Values.tls.common.keyEncoding }}
usages:
- server auth
- client auth
dnsNames:
{{- if .Values.tls.zookeeper.dnsNames }}
{{ toYaml .Values.tls.zookeeper.dnsNames | indent 4 }}
{{- end }}
- "*.{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}.{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
- "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
# Issuer references are always required.
issuerRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
{{- end }}
{{- end }}
{{- end }}

70
deployment/helm/milvus/charts/pulsar/templates/toolset-configmap.yaml Normal file
View File

@@ -0,0 +1,70 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.toolset }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.toolset.component }}
data:
BOOKIE_LOG_APPENDER: "RollingFile"
{{- include "pulsar.bookkeeper.config.common" . | nindent 2 }}
{{- if not .Values.toolset.useProxy }}
# talk to broker
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/"
brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/"
useTls: "true"
tlsAllowInsecureConnection: "false"
tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt"
tlsEnableHostnameVerification: "false"
{{- end }}
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }}
webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/"
brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/"
{{- end }}
{{- end }}
{{- if .Values.toolset.useProxy }}
# talk to proxy
{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.https }}/"
brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsarssl }}/"
useTls: "true"
tlsAllowInsecureConnection: "false"
tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt"
tlsEnableHostnameVerification: "false"
{{- end }}
{{- if not (and .Values.tls.enabled .Values.tls.proxy.enabled) }}
webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.http }}/"
brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsar }}/"
{{- end }}
{{- end }}
# Authentication Settings
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
authParams: "file:///pulsar/tokens/client/token"
authPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken"
{{- end }}
{{- end }}
{{ toYaml .Values.toolset.configData | indent 2 }}
{{- end }}

85
deployment/helm/milvus/charts/pulsar/templates/toolset-psp.yaml Normal file
View File

@@ -0,0 +1,85 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'RunAsAny'
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
seLinux:
rule: 'RunAsAny'
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end}}

33
deployment/helm/milvus/charts/pulsar/templates/toolset-service-account.yaml Normal file
View File

@@ -0,0 +1,33 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.toolset }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.toolset.component }}
annotations:
{{- with .Values.toolset.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}

34
deployment/helm/milvus/charts/pulsar/templates/toolset-service.yaml Normal file
View File

@@ -0,0 +1,34 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.toolset }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.toolset.component }}
spec:
clusterIP: None
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.toolset.component }}
{{- end }}

128
deployment/helm/milvus/charts/pulsar/templates/toolset-statefulset.yaml Normal file
View File

@@ -0,0 +1,128 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.toolset }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.toolset.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
replicas: {{ .Values.toolset.replicaCount }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.toolset.component }}
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.toolset.component }}
annotations:
{{- if .Values.toolset.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/toolset-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.toolset.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.toolset.nodeSelector }}
nodeSelector:
{{ toYaml .Values.toolset.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.toolset.tolerations }}
tolerations:
{{ toYaml .Values.toolset.tolerations | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.toolset.gracePeriod }}
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}"
imagePullPolicy: {{ .Values.images.broker.pullPolicy }}
{{- if .Values.toolset.resources }}
resources:
{{ toYaml .Values.toolset.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
{{- if .Values.toolset.additionalCommand }}
{{ .Values.toolset.additionalCommand }}
{{- end }}
bin/apply-config-from-env.py conf/client.conf;
bin/apply-config-from-env.py conf/bookkeeper.conf;
{{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }}
sleep 10000000000
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
volumeMounts:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- mountPath: "/pulsar/tokens"
name: client-token
readOnly: true
{{- end }}
{{- end }}
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }}
- mountPath: "/pulsar/certs/proxy-ca"
name: proxy-ca
readOnly: true
{{- end}}
{{- if .Values.toolset.extraVolumeMounts }}
{{ toYaml .Values.toolset.extraVolumeMounts | indent 8 }}
{{- end }}
{{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }}
volumes:
{{- if .Values.auth.authentication.enabled }}
{{- if eq .Values.auth.authentication.provider "jwt" }}
- name: client-token
secret:
secretName: "{{ .Release.Name }}-token-{{ .Values.auth.superUsers.client }}"
items:
- key: TOKEN
path: client/token
{{- end}}
{{- end}}
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }}
- name: proxy-ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
{{- end}}
{{- if .Values.toolset.extraVolumes }}
{{ toYaml .Values.toolset.extraVolumes | indent 6 }}
{{- end }}
{{- include "pulsar.toolset.certs.volumes" . | nindent 6 }}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
{{- end }}

43
deployment/helm/milvus/charts/pulsar/templates/zookeeper-configmap.yaml Normal file
View File

@@ -0,0 +1,43 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy zookeeper only when `components.zookeeper` is true
{{- if .Values.components.zookeeper }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
data:
dataDir: /pulsar/data/zookeeper
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
# enable zookeeper tls
PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory
serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory
secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}"
PULSAR_PREFIX_secureClientPort: "{{ .Values.zookeeper.ports.clientTls }}"
{{- else }}
PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NIOServerCnxnFactory
serverCnxnFactory: org.apache.zookeeper.server.NIOServerCnxnFactory
{{- end }}
{{ toYaml .Values.zookeeper.configData | indent 2 }}
{{- end }}

43
deployment/helm/milvus/charts/pulsar/templates/zookeeper-pdb.yaml Normal file
View File

@@ -0,0 +1,43 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy zookeeper only when `components.zookeeper` is true
{{- if .Values.components.zookeeper }}
{{- if .Values.zookeeper.pdb.usePolicy }}
# pdb version detection
{{- if semverCompare "<1.21-0" .Capabilities.KubeVersion.Version }}
apiVersion: policy/v1beta1
{{- else }}
apiVersion: policy/v1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
spec:
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.zookeeper.component }}
maxUnavailable: {{ .Values.zookeeper.pdb.maxUnavailable }}
{{- end }}
{{- end }}

58
deployment/helm/milvus/charts/pulsar/templates/zookeeper-podmonitor.yaml Normal file
View File

@@ -0,0 +1,58 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy zookeeper PodMonitor only when `$.Values.zookeeper.podMonitor.enabled` is true
{{- if $.Values.zookeeper.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "pulsar.fullname" . }}-zookeeper
labels:
app: {{ template "pulsar.name" . }}
chart: {{ template "pulsar.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
jobLabel: zookeeper
podMetricsEndpoints:
- port: http
path: /metrics
scheme: http
interval: {{ $.Values.zookeeper.podMonitor.interval }}
scrapeTimeout: {{ $.Values.zookeeper.podMonitor.scrapeTimeout }}
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: kubernetes_namespace
- sourceLabels: [__meta_kubernetes_pod_label_component]
action: replace
targetLabel: job
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: kubernetes_pod_name
{{- if $.Values.zookeeper.podMonitor.metricRelabelings }}
metricRelabelings: {{ toYaml $.Values.zookeeper.podMonitor.metricRelabelings | nindent 8 }}
{{- end }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: zookeeper
{{- end }}

85
deployment/helm/milvus/charts/pulsar/templates/zookeeper-psp.yaml Normal file
View File

@@ -0,0 +1,85 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
rules:
- apiGroups:
- policy
resourceNames:
- "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
subjects:
- kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.rbac.limit_to_namespace }}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ template "pulsar.namespace" . }}"
{{- else}}
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
{{- end}}
spec:
readOnlyRootFilesystem: false
privileged: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'RunAsAny'
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
seLinux:
rule: 'RunAsAny'
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
{{- end}}

33
deployment/helm/milvus/charts/pulsar/templates/zookeeper-service-account.yaml Normal file
View File

@@ -0,0 +1,33 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
{{- if .Values.components.zookeeper }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
annotations:
{{- with .Values.zookeeper.service_account.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}

52
deployment/helm/milvus/charts/pulsar/templates/zookeeper-service.yaml Normal file
View File

@@ -0,0 +1,52 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy zookeeper only when `components.zookeeper` is true
{{- if .Values.components.zookeeper }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
annotations:
{{ toYaml .Values.zookeeper.service.annotations | indent 4 }}
spec:
ports:
# prometheus needs to access /metrics endpoint
- name: http
port: {{ .Values.zookeeper.ports.http }}
- name: "{{ .Values.tcpPrefix }}follower"
port: {{ .Values.zookeeper.ports.follower }}
- name: "{{ .Values.tcpPrefix }}leader-election"
port: {{ .Values.zookeeper.ports.leaderElection }}
- name: "{{ .Values.tcpPrefix }}client"
port: {{ .Values.zookeeper.ports.client }}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: "{{ .Values.tlsPrefix }}client-tls"
port: {{ .Values.zookeeper.ports.clientTls }}
{{- end }}
clusterIP: None
publishNotReadyAddresses: true
selector:
{{- include "pulsar.matchLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
{{- end }}

276
deployment/helm/milvus/charts/pulsar/templates/zookeeper-statefulset.yaml Normal file
View File

@@ -0,0 +1,276 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy zookeeper only when `components.zookeeper` is true
{{- if .Values.components.zookeeper }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
spec:
serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
replicas: {{ .Values.zookeeper.replicaCount }}
selector:
matchLabels:
{{- include "pulsar.matchLabels" . | nindent 6 }}
component: {{ .Values.zookeeper.component }}
updateStrategy:
{{ toYaml .Values.zookeeper.updateStrategy | indent 4 }}
podManagementPolicy: {{ .Values.zookeeper.podManagementPolicy }}
template:
metadata:
labels:
{{- include "pulsar.template.labels" . | nindent 8 }}
component: {{ .Values.zookeeper.component }}
annotations:
{{- if .Values.zookeeper.restartPodsOnConfigMapChange }}
checksum/config: {{ include (print $.Template.BasePath "/zookeeper-configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.zookeeper.annotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.zookeeper.nodeSelector }}
nodeSelector:
{{ toYaml .Values.zookeeper.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.zookeeper.tolerations }}
tolerations:
{{ toYaml .Values.zookeeper.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if and .Values.affinity.anti_affinity .Values.zookeeper.affinity.anti_affinity}}
podAntiAffinity:
{{ if eq .Values.zookeeper.affinity.type "requiredDuringSchedulingIgnoredDuringExecution"}}
{{ .Values.zookeeper.affinity.type }}:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.zookeeper.component }}
topologyKey: {{ .Values.zookeeper.affinity.anti_affinity_topology_key }}
{{ else }}
{{ .Values.zookeeper.affinity.type }}:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- "{{ template "pulsar.name" . }}"
- key: "release"
operator: In
values:
- {{ .Release.Name }}
- key: "component"
operator: In
values:
- {{ .Values.zookeeper.component }}
topologyKey: {{ .Values.zookeeper.affinity.anti_affinity_topology_key }}
{{ end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.zookeeper.gracePeriod }}
serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
{{- if .Values.zookeeper.securityContext }}
securityContext:
{{ toYaml .Values.zookeeper.securityContext | indent 8 }}
{{- end }}
containers:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.zookeeper "root" .) }}"
imagePullPolicy: {{ .Values.images.zookeeper.pullPolicy }}
{{- if .Values.zookeeper.resources }}
resources:
{{ toYaml .Values.zookeeper.resources | indent 10 }}
{{- end }}
command: ["sh", "-c"]
args:
- >
{{- if .Values.zookeeper.additionalCommand }}
{{ .Values.zookeeper.additionalCommand }}
{{- end }}
bin/apply-config-from-env.py conf/zookeeper.conf;
{{- include "pulsar.zookeeper.tls.settings" . | nindent 10 }}
bin/generate-zookeeper-config.sh conf/zookeeper.conf;
OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec bin/pulsar zookeeper;
ports:
# prometheus needs to access /metrics endpoint
- name: http
containerPort: {{ .Values.zookeeper.ports.http }}
- name: client
containerPort: {{ .Values.zookeeper.ports.client }}
- name: follower
containerPort: {{ .Values.zookeeper.ports.follower }}
- name: leader-election
containerPort: {{ .Values.zookeeper.ports.leaderElection }}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: client-tls
containerPort: {{ .Values.zookeeper.ports.clientTls }}
{{- end }}
env:
- name: ZOOKEEPER_SERVERS
{{- if .Values.zookeeper.externalZookeeperServerList }}
value: {{ .Values.zookeeper.externalZookeeperServerList }}
{{- else }}
{{- $global := . }}
value: {{ range $i, $e := until (.Values.zookeeper.replicaCount | int) }}{{ if ne $i 0 }},{{ end }}{{ template "pulsar.fullname" $global }}-{{ $global.Values.zookeeper.component }}-{{ printf "%d" $i }}{{ end }}
{{- end }}
- name: EXTERNAL_PROVIDED_SERVERS
{{- if .Values.zookeeper.externalZookeeperServerList }}
value: "true"
{{- else }}
value: "false"
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
{{- $zkConnectCommand := "" -}}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
{{- $zkConnectCommand = print "openssl s_client -quiet -crlf -connect localhost:" .Values.zookeeper.ports.clientTls " -cert /pulsar/certs/zookeeper/tls.crt -key /pulsar/certs/zookeeper/tls.key" -}}
{{- else -}}
{{- $zkConnectCommand = print "nc -q 1 localhost " .Values.zookeeper.ports.client -}}
{{- end }}
{{- if .Values.zookeeper.probe.readiness.enabled }}
{{- if and (semverCompare "<1.25-0" .Capabilities.KubeVersion.Version) .Values.rbac.enabled .Values.rbac.psp }}
securityContext:
readOnlyRootFilesystem: false
{{- end}}
readinessProbe:
exec:
command:
- timeout
- "{{ .Values.zookeeper.probe.readiness.timeoutSeconds }}"
- bash
- -c
- 'echo ruok | {{ $zkConnectCommand }} | grep imok'
initialDelaySeconds: {{ .Values.zookeeper.probe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.zookeeper.probe.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.zookeeper.probe.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.zookeeper.probe.readiness.failureThreshold }}
{{- end }}
{{- if .Values.zookeeper.probe.liveness.enabled }}
livenessProbe:
exec:
command:
- timeout
- "{{ .Values.zookeeper.probe.liveness.timeoutSeconds }}"
- bash
- -c
- 'echo ruok | {{ $zkConnectCommand }} | grep imok'
initialDelaySeconds: {{ .Values.zookeeper.probe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.zookeeper.probe.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.zookeeper.probe.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.zookeeper.probe.liveness.failureThreshold }}
{{- end }}
{{- if .Values.zookeeper.probe.startup.enabled }}
startupProbe:
exec:
command:
- timeout
- "{{ .Values.zookeeper.probe.startup.timeoutSeconds }}"
- bash
- -c
- 'echo ruok | {{ $zkConnectCommand }} | grep imok'
initialDelaySeconds: {{ .Values.zookeeper.probe.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.zookeeper.probe.startup.periodSeconds }}
timeoutSeconds: {{ .Values.zookeeper.probe.startup.timeoutSeconds }}
failureThreshold: {{ .Values.zookeeper.probe.startup.failureThreshold }}
{{- end }}
volumeMounts:
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}"
mountPath: /pulsar/data
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- mountPath: "/pulsar/certs/zookeeper"
name: zookeeper-certs
readOnly: true
- mountPath: "/pulsar/certs/ca"
name: ca
readOnly: true
- name: keytool
mountPath: "/pulsar/keytool/keytool.sh"
subPath: keytool.sh
{{- end }}
{{- if .Values.zookeeper.extraVolumeMounts }}
{{ toYaml .Values.zookeeper.extraVolumeMounts | indent 8 }}
{{- end }}
volumes:
{{- if not (and (and .Values.volumes.persistence .Values.volumes.persistence) .Values.zookeeper.volumes.persistence) }}
- name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}"
emptyDir: {}
{{- end }}
{{- if .Values.zookeeper.extraVolumes }}
{{ toYaml .Values.zookeeper.extraVolumes | indent 6 }}
{{- end }}
{{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }}
- name: zookeeper-certs
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.zookeeper.cert_name }}"
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- name: ca
secret:
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
items:
- key: ca.crt
path: ca.crt
- name: keytool
configMap:
name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
defaultMode: 0755
{{- end}}
{{- include "pulsar.imagePullSecrets" . | nindent 6}}
{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.zookeeper.volumes.persistence }}
volumeClaimTemplates:
- metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.zookeeper.volumes.data.size }}
{{- if .Values.zookeeper.volumes.data.storageClassName }}
storageClassName: "{{ .Values.zookeeper.volumes.data.storageClassName }}"
{{- else if and (not (and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage)) .Values.zookeeper.volumes.data.storageClass }}
storageClassName: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}"
{{- else if and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage }}
storageClassName: "local-storage"
{{- end }}
{{- with .Values.zookeeper.volumes.data.selector }}
selector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

40
deployment/helm/milvus/charts/pulsar/templates/zookeeper-storageclass.yaml Normal file
View File

@@ -0,0 +1,40 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# deploy zookeeper only when `components.zookeeper` is true
{{- if .Values.components.zookeeper }}
{{- if and (and .Values.persistence .Values.volumes.persistence) .Values.zookeeper.volumes.persistence }}
# define the storage class for data directory
{{- if and (not (and .Values.volumes.local_storage .Values.zookeeper.volumes.data.local_storage)) .Values.zookeeper.volumes.data.storageClass }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}"
namespace: {{ template "pulsar.namespace" . }}
labels:
{{- include "pulsar.standardLabels" . | nindent 4 }}
component: {{ .Values.zookeeper.component }}
provisioner: {{ .Values.zookeeper.volumes.data.storageClass.provisioner }}
parameters:
type: {{ .Values.zookeeper.volumes.data.storageClass.type }}
fsType: {{ .Values.zookeeper.volumes.data.storageClass.fsType }}
{{- end }}
{{- end }}
{{- end }}