From 2087d30041c36ae0c2d1d1a3f6f540815b0a0e30 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 23 Nov 2024 00:03:35 +0000 Subject: [PATCH] Added chart versions: redpanda/redpanda: - 5.9.12 --- assets/redpanda/redpanda-5.9.12.tgz | Bin 0 -> 145043 bytes charts/redpanda/redpanda/5.9.12/.helmignore | 28 + charts/redpanda/redpanda/5.9.12/Chart.lock | 9 + charts/redpanda/redpanda/5.9.12/Chart.yaml | 38 + charts/redpanda/redpanda/5.9.12/LICENSE | 201 + charts/redpanda/redpanda/5.9.12/README.md | 1220 ++ .../5.9.12/charts/connectors/.helmignore | 29 + .../5.9.12/charts/connectors/Chart.yaml | 25 + .../redpanda/5.9.12/charts/connectors/LICENSE | 201 + .../5.9.12/charts/connectors/README.md | 580 + .../charts/connectors/templates/_chart.go.tpl | 13 + .../connectors/templates/_deployment.go.tpl | 136 + .../connectors/templates/_helpers.go.tpl | 131 + .../charts/connectors/templates/_helpers.tpl | 79 + .../connectors/templates/_pod-monitor.go.tpl | 18 + .../connectors/templates/_service.go.tpl | 20 + .../templates/_serviceaccount.go.tpl | 18 + .../charts/connectors/templates/_shims.tpl | 339 + .../connectors/templates/_values.go.tpl | 15 + .../connectors/templates/entry-point.yaml | 17 + .../templates/tests/01-mm2-values.yaml | 176 + .../5.9.12/charts/connectors/values.yaml | 313 + .../5.9.12/charts/console/.helmignore | 28 + .../redpanda/5.9.12/charts/console/Chart.yaml | 23 + .../redpanda/5.9.12/charts/console/README.md | 353 + .../console/examples/console-enterprise.yaml | 94 + .../5.9.12/charts/console/templates/NOTES.txt | 20 + .../charts/console/templates/_chart.go.tpl | 13 + .../console/templates/_configmap.go.tpl | 25 + .../console/templates/_deployment.go.tpl | 133 + .../charts/console/templates/_helpers.go.tpl | 82 + .../charts/console/templates/_helpers.tpl | 25 + .../charts/console/templates/_hpa.go.tpl | 25 + .../charts/console/templates/_ingress.go.tpl | 46 + .../charts/console/templates/_notes.go.tpl | 40 + .../charts/console/templates/_secret.go.tpl | 22 + .../charts/console/templates/_service.go.tpl | 20 + .../console/templates/_serviceaccount.go.tpl | 39 + .../charts/console/templates/_shims.tpl | 289 + .../charts/console/templates/entry-point.yaml | 17 + .../templates/tests/test-connection.yaml | 22 + .../5.9.12/charts/console/values.schema.json | 323 + .../5.9.12/charts/console/values.yaml | 279 + .../redpanda/5.9.12/templates/NOTES.txt | 26 + .../5.9.12/templates/_cert-issuers.go.tpl | 57 + .../redpanda/5.9.12/templates/_certs.go.tpl | 71 + .../redpanda/5.9.12/templates/_chart.go.tpl | 63 + .../5.9.12/templates/_configmap.go.tpl | 574 + .../5.9.12/templates/_connectors.go.tpl | 47 + .../redpanda/5.9.12/templates/_console.go.tpl | 163 + .../5.9.12/templates/_example-commands.tpl | 58 + .../redpanda/5.9.12/templates/_helpers.go.tpl | 585 + .../redpanda/5.9.12/templates/_helpers.tpl | 368 + .../redpanda/5.9.12/templates/_memory.go.tpl | 63 + .../redpanda/5.9.12/templates/_notes.go.tpl | 167 + .../templates/_poddisruptionbudget.go.tpl | 21 + .../_post-install-upgrade-job.go.tpl | 123 + .../5.9.12/templates/_post_upgrade_job.go.tpl | 87 + .../redpanda/5.9.12/templates/_rbac.go.tpl | 116 + .../redpanda/5.9.12/templates/_secrets.go.tpl | 419 + .../5.9.12/templates/_service.internal.go.tpl | 38 + .../templates/_service.loadbalancer.go.tpl | 105 + .../5.9.12/templates/_service.nodeport.go.tpl | 80 + .../5.9.12/templates/_serviceaccount.go.tpl | 18 + .../5.9.12/templates/_servicemonitor.go.tpl | 26 + .../redpanda/5.9.12/templates/_shims.tpl | 339 + .../5.9.12/templates/_statefulset.go.tpl | 777 + .../redpanda/5.9.12/templates/_values.go.tpl | 1370 ++ .../5.9.12/templates/entry-point.yaml | 17 + .../templates/tests/test-api-status.yaml | 52 + .../templates/tests/test-auditLogging.yaml | 86 + .../tests/test-connector-via-console.yaml | 166 + .../5.9.12/templates/tests/test-console.yaml | 49 + .../test-internal-external-tls-secrets.yaml | 122 + .../tests/test-kafka-internal-tls-status.yaml | 62 + .../templates/tests/test-kafka-nodelete.yaml | 100 + .../tests/test-kafka-produce-consume.yaml | 83 + .../tests/test-kafka-sasl-status.yaml | 79 + .../tests/test-license-with-console.yaml | 61 + .../tests/test-lifecycle-scripts.yaml | 66 + .../tests/test-loadbalancer-tls.yaml | 173 + .../templates/tests/test-nodeport-tls.yaml | 173 + .../test-pandaproxy-internal-tls-status.yaml | 81 + .../tests/test-pandaproxy-status.yaml | 72 + .../tests/test-prometheus-targets.yaml | 84 + .../templates/tests/test-rack-awareness.yaml | 61 + .../tests/test-rpk-debug-bundle.yaml | 104 + .../templates/tests/test-sasl-updated.yaml | 71 + .../redpanda/5.9.12/values.schema.json | 15713 ++++++++++++++++ charts/redpanda/redpanda/5.9.12/values.yaml | 1133 ++ index.yaml | 44 +- 91 files changed, 29936 insertions(+), 1 deletion(-) create mode 100644 assets/redpanda/redpanda-5.9.12.tgz create mode 100644 charts/redpanda/redpanda/5.9.12/.helmignore create mode 100644 charts/redpanda/redpanda/5.9.12/Chart.lock create mode 100644 charts/redpanda/redpanda/5.9.12/Chart.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/LICENSE create mode 100644 charts/redpanda/redpanda/5.9.12/README.md create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/.helmignore create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/Chart.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/LICENSE create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/README.md create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_chart.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_deployment.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_pod-monitor.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_service.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_serviceaccount.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_shims.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_values.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/entry-point.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/templates/tests/01-mm2-values.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/connectors/values.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/.helmignore create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/Chart.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/README.md create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/examples/console-enterprise.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/NOTES.txt create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_chart.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_configmap.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_deployment.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_hpa.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_ingress.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_notes.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_secret.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_service.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_serviceaccount.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/_shims.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/entry-point.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/templates/tests/test-connection.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/values.schema.json create mode 100644 charts/redpanda/redpanda/5.9.12/charts/console/values.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/NOTES.txt create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_cert-issuers.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_certs.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_chart.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_configmap.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_connectors.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_console.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_example-commands.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_helpers.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_helpers.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_memory.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_notes.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_poddisruptionbudget.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_post-install-upgrade-job.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_post_upgrade_job.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_rbac.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_secrets.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_service.internal.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_service.loadbalancer.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_service.nodeport.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_serviceaccount.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_servicemonitor.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_shims.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_statefulset.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/_values.go.tpl create mode 100644 charts/redpanda/redpanda/5.9.12/templates/entry-point.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-api-status.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-auditLogging.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-connector-via-console.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-console.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-internal-external-tls-secrets.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-internal-tls-status.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-nodelete.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-produce-consume.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-sasl-status.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-license-with-console.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-lifecycle-scripts.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-loadbalancer-tls.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-nodeport-tls.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-internal-tls-status.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-status.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-prometheus-targets.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-rack-awareness.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-rpk-debug-bundle.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/templates/tests/test-sasl-updated.yaml create mode 100644 charts/redpanda/redpanda/5.9.12/values.schema.json create mode 100644 charts/redpanda/redpanda/5.9.12/values.yaml diff --git a/assets/redpanda/redpanda-5.9.12.tgz b/assets/redpanda/redpanda-5.9.12.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5c3134b8c9d8e05978f367fd2a4cc10ffc03f26d GIT binary patch literal 145043 zcmV)IK)k;niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ#dK)Qdwz^vunmF$+duCPc(X`};oicy2Da?z=yu zAOuhU_V3{N@bF-G@NBmX#ta4Fkk1sXeM|(S`LH0a zM*avykO_iVX)_=5D1h^UM&(nw8H-JC;xQWBBE~T#BkJLw-Bm zksJ7H$^L~969F+nOf7hR%Leke?G%V{iq(OTr;@U1I*e+(A0ZkAXs59CoW{)4TUr7p z4?z<9Kri8rm`7+NCmLW+pRi;VUk-m59vE^y_c@wFHL zwdeov<-zk;FAL}Y`O(o~fBrY|c>>;RCE5pqD&0lv(%^zl#2sV^{6u5oD=7}19$){~t09+uXpnv#yd3y3zDL%l*Tz5h~ zxWi($^8|<)=HQO98>KNpU+Z-+0GLcD3pE-HO(F9!nF5bSbB3og0qC97g=RP!?mPjP zavB#uSxmSFtHu-*{0|zNIb^15R$&hqZ3{?S;t6;vo9vn&cc1<5U`}HY!Z{#RfS98U zWOVPLNB~TLN5d$vd3ox!vO}bbXIm~knC;^aw-Qx>zda(~>0uhL~`m8KWBU7BVbXQLgR;F+@D%g9)P{kZe=+<8nbIRDr@s*{#6GOv%6bQ0>o8 zlz~ai)MT?%O$ks|rRgYVz|E}vthEZD7)in?wKA0~y|QCpO=IjM!`iPDdiy&HiNF2r zZ+fn(gC!QOF)*SRJRiOq9>|TDG6V%;;IDuE>&_FoOeZu9DFGY_i6>Ve2Ltf&7BPl> z1g;ZdE_HzGWHE-y!m!OoV0X8&<0KA(VrTo^B7iq&0^>k{U*a)h1j%Lhf|yIBeJYKm z;g0$HjrwzBf0i0A3^b7Al-&eyi~=st2lUl3fkBW3PRIX1p5Q~XpXeTjQGoWqbvPg1 ze9wm*v0LnAY^m$vj;9vwy@EUf|NJjK=m+W}z)^rawYgIB5=>fmn&h}QLw+1cYB;Ap z-vb^bfZFBK+=nu7A)r8$IJiJ5Qa%z82V9;+OGv+ErjR45-=A7?x=C6nUxOklN+fGj z|Cr!u%v2X?wc;rmMARP;>ZAQ9^1pf}lsy~n$UiU4pXq#$ClgGtn6F}{@>qlaPRDDU za*EXe-D0nN;?T@#0Es_Vz{HddOHBJp}`ccXnJ=D+fST4Or`M2XB09+_3YTEO3O=t0VXmC(Nmk+)# z;FLd8;3Vn(Cb>#XmIOMm5Hxf>iT}el9C0uJ*V?vEJ$Ki#jet|dKQrs0R`xs&f^!;R zZ>}MoPQbNZasj8;QuKeP{juNeY2joB!W>*52X}DJ75FFtGXkfR4^*5p#1RoiTDj1i zGD9YkmNoZO`p;k>f3x2yfg;Hxb3jrYOe1A^s?G(6mVt+fKuofEGr0QReyK-Q?IiEd zILNJrT-qIETk5l(0z%WFR%pRks?;G8N~Kl4U=VZ3^U%EpI`9cE0cgGgU^m-v2!m(_ zhxr3Nqg=>&@1_$U8X@S@umvDQ{D?|cH4yVig8P|rae8icP|^wD$YYWbOLcaPq(-cy zWyI*M+#8P}9}$6}mZh2@B*zvbo>A?(F)ji5P0F>9V#-E!Lu_9X;XsW#h#0mA~BG5sX%_J=>Lb*f~3Cq@98=`NtggiupA(*#ylJDn7&sxXr9rP(y8frt5c#F zlHN`=y}KD=dJfr1V-C2WOe*CTw(fJq&_q$aWEtiwefYxpK>wZnNg;HD<^wg%z`z<{ zKG5LJE*!@`79gP0sXQY31lbu|4Q>yFF&AJ4ZxJv)f50IR)P&Tx(p0^HlN$&E%mpHd z0Uk#YWm?HrZDTQ$glgQ?PxM&1(FIk8=@5LN!ir@CMa+~rL`g6Q@D}1g@p9Rn6{HIX zfBScEd-Qzxe0VV2QNZ78*ojPhtMHd9w~x8{XAXxw1vg^UkBzpdmwZ2ArBs>DpzMOPaCz2eZPG!<&DOzyt;y*(v;z zUua1Kd(v8#O9lnNBC}oB`DH&tVn+RI#qI?K*K)vXErhg^ZP=~_&i9N7juwA21M}FM z0m#9%kq`=;Z8J(Zxkdhz2sA}Z+k8^0U}Z_l5l9@45tCMW1ew6bh~&n=1_a#&bII?N zDyMf%&{~b@ z+$tjZcL)ibD$mRH@0pEK<6X+(5_)@&xloP=iK$}I=-vxrA8B1o4Xx-dGcbvRKta_l z{Y%w%0c6B5@o;1~e|xa!N&i%1l>32rVLQfiDKVa6qW|?wnrhUu8g))y>!tJpEEhgK z;UVH2P7#;G>mSeH{g3fvg4hNA6OF*(tJkkzA056*$pnOa4@{)ljEFZ^P86lLMv}M8 zAoDZZ2BgRzLm@2*xfYr6?-&+Jn@L(r9R7$=jNVAoNYW#_g~1sgftLpdWeX9)dmP3g zfFX^ETKN!#Qkzz^nOPRI7<#0!nw`WOL2sr}PKM6S{v5Fj`RfQA9=!Pey}Y}wegCDki6&Q)ezugtodnO&Q?=rM+g14L@!@+e(v`^fhGNp&6>v6|6n zQY~g{m6-I)gcDemB&&k~kc5MzR!vdCanfuONV@l@M6;1V7nK_Mt)o8k33@l+_zp5e z5a&6Yr)upBUD|DdmIN8SIrGl}gWk;mTF6o#mfs{pC5!#{86tqiM2SL7Ko|!CM*#w| zxpLGRy$1(a%)y_OAS0P!)@AmA`p8(m)~qoH1oFI{FX0-xRvna9lpMCiS7}jF$_Y$t zKj?Xi6RNLwr%3E-A6v#9Yz{uvT8JE5`8~BSG_fV*4?NdzhT$|C3^k?cANs@KzSTe&``Z}coa<{U+eV;ZGS z?|>I`K|{R+DMZ=C4s1VK=Rk zK)m!9Yxrdi11Cm#aeVQ9Y4*sG7c(s8`_lFpWPW%iEjBTe7|WkVhVQ2~n;JfE&kRkY z(@DlCD{Hu?uN9?TWIZR)iY`pFfCwW0lf5_4okymqNto}jdW-PHHW5#zh*R6j=c2Fch#$^4Q@T`IAX zey>%)F-p{AbAxEs>~2Q6_GqeWSEY6P4P>EcP6-5s2Ic^Tk(k>x%s{V#qp1-F3_*Xc z6=92))vd>9LK#w|s}H;WRr#9DK%a>eYs$=(gr+XZ3`+V;++nVq{esQaZNKuzs8-6` zpw~w#@rjhvw5v#m-kBq&nkna<*$1PgDGS+rC#`VK@2Iq7B)v}2AVkS;%{2T*lOcd( z8VfL^cgmDgJEkT#rc`jjV5G1~4wt=VO!wZ<(JyHJ2~Dy_Lom13*~nK01Xeqje5c&) z298!$659bLlT#+8Kt!8OP*|7VomAo!y2hbl0PSWJLKVb8g8;GJ!gMm|#3YXp$tGp;KS0|xSapaC(zDm%_o|ANE zK{^Rb3Yp)O9Tv_9l2nW;aryqDQh!LLiEOnpVUi&R5h&e3WZYOrVUQzE13FfFtGp#a z#Lj-*2Atv~>+J30+|3E;YFWCdSMMQG?YuU`uv${dN zR_e-idf$4TPCUV0Jw#AbNcs*-H2Ku)C>Jn?rnJR1_L8#Ils!l?3N}mwh%z0&)2CZ? zv>q~x)OWlTSCHZ=m*d(}oN_73^%-S#Gt8~aLDF7v9}`(Yl{0L<&`8iM;uZxf+|$_= z`k85|&8uH-H3f}^@zCZuE6v-M5kmvRoRAMrIgc$iib46lBFoeVgGmx>c#TzSrE#QW zsyik>Egt^#>48RXz$g_1-66{jF!4tQA@$V>B$7j#ZzuyNT0EcTduHdD$TTst^A&-P z5#xIWUX{l+;Zq{uS#MF|MD`7t-p!EmQBtN@ct$&$(ZEj}A6~kZ=^ANnzySo;9vpg- z^ls36sGT;~%I~mev;||v8UHg+E=LkzEV|iCb&3R@XQFw3@A5p5d398S_~);{(O+FY+m zik)Ub6^oO>L>-8dbx0sJtcTk=qFJeK@VIpB$52Pu0{yz$f^_~yff0=Zxaztxd>=>?%Yyg8?eX&Wb| zioOWf=THY1OJ;2tR=T%JyEa=Ze+mtt>|Lq~1Pu}&k5Qp0M|nXH67+gL+n&$%jJ9XA zkB!kPeP1beB`nsQ*&Cm64;r4 zs)$oBGmJE$vMkcv?U@T7Y0q$L(C8ub0xEZhrc+2#5s(g_3NOVImE+%p9)i4o*OxnJ z0#np_YLby`B;y21hOltOJhH;*e;Dh73#d6!dK;6=6b;{^`9^_j7GL%5WQkX^zQ-+1YRzDlJQ1tDlb*Jm6=zu{o zMJ6^Qx0PlWGcTPKw@gSy!j>au=dN#a72r=2u5}^j9r-$RHoLbfp2>`E#F(Xsf^QVy z)Ef$;NH2#~$r9Y4?=!@?REW)EBgplc7&CgK#875*(^`$_o5w8r5le2t?EOOmTq~@( zi*^k@16}Xqxw(U)1OY?@o2Q3V_mDeEnXluoGJ3v^I7uRFa&cN_u>2(kH@!I$!^Pfa zIXt6Io@Zu58F=&ILQBl#KqgCSHVrEQXX4b8uL?WC?KsJ}I;0a4T4G|Ey>#U#(h zG)9RBFIiKmpP*aB;8e4ph@lC-zci1Tj;uk9Zun>rmxTi9Yne12U4tO}FbQ&Nf$pZ@g!PuOkfj+dmR_oYJ zuIV(h8Y58*D~ES{PzHkpA$& z3Ipuh^YB!~xdjMvrH_P^3#lBBDM!zws2YLmJIGXQC?*ps|L>!5JiXr2vQ04PY42-5 zr|;z$BlQ$9)vSmQVy<5ANCM#kdmN0RcO!>O-{U|5)9~EPJ#9vJl>NC1`PVv2JAKh8 zM+0?{hq*8>kU~n-`vEfDf1(B$Bm*d|N1-nHQbN~nQ+xcHMK?xMxKa(T6o_jOF&ZJJ zMbYAJ8ljsiY^QIs!E^SkXfxLzDRpX~lcMM^&DNhKxDV}nQ$?;tId0mSD|5{NZMg9{ zqoK59V?Ov8AqHhT%D}JKlaS#V5)6Bp-vkBRV=&SS5bB?YJLxi(MsVmZHUxD9o*zh| z6Qu7K(}m^gHR_Rh$H!nKx7v(jW7ZAEL-3i~o3B$YF#V2$@bdjd_R0$?@>BMBz)zIk zr0GmI_*ssXIc7aDYZ&9|>9Uyci_z+CYk1# zs9PR%af72@r9C>&QOFINmjk;&a|Ok`ouNKp$mld_xOPGj+`IIw7&s~5+nxe0I9 z&lJXU6EUKUGb@~I1EX-+uKJ432wyptihAQna3cnjF$|xPT+`gwUS|dM9EO2Wlan|q z^JVhvSwD8Z%skGrx(!1nIM|n*hepcjhR7{ul-N}`Pu@5fK507>-vsn}lyL0ZSBQFM zhPNPJny)s@lP2(yPx~VB20EObKg)tL!J?2;vX>%MxQd_RTSUMlmJFCO>)&}|zY{4*xQSlq_JS0w;Jtrr`oP}So|E1wGStqU}b`>a6K6CFp|1JN>J(n0~dVgMX^;5(qC1&1pQlfVbk|VI?DI@ z#dRi0KmjGHA1L5I5kQj(_M}}oPv7k*wt~HDMd+I17>LxfQOVo1Ic2?F`a0P>(V0+Y z#>k!#U}t3fgK7eLVGLBcxB?vgC(y|H>Bs}xTfRgV7 zfSku6l4i#Ya%HTT`O0j4VhRqfbCW&QDC@{^I?0?}b+?pKuNTEb^}UKXFjzwZ zt`D#ETe!qhNe+yCc$S1~%in2!X)~eQmPw!K2RF&kTf?UHOP~U$)?Y3-IJtc{6j1NR zL@tz__|i2p>a>P%Wgz74;_U7%IEU=5BNWDjl#=-Xo|EoPP*&6}_HDeg<$(h{Rhl31p zk>OVQ(g|__8Q}4l&$&P$c*>BpWRWJNXL&uxoU({fPno2NB%zsA8@_yp)74t^z-fPt ziumC%%dDf~1^O5ry~9O`f->6EWP&^)PqCh|(EtYngM0GzB!E+{A`mKqrG~vH%8~e+6%E z5u0bGXf{ADPx@3BChS4(l6fB-TE?e#aF{?;UZhH>dl?!q;M6!s&M*609zLG zEpc8{7J)ofS(I}Mt@W{_xuI+bL*eGnD2rJN;!^LFlT)WSD?ZE!hNmW+No57o*Qk?f}RI;U^3awXXFw%x-#^noRK|`tQ!62|~ajfoGbVex4dlZO; z*!m=H!D3+oScG=MsA1(-IT4eZ_(5Qk4OpGmVw0elzGX?3FqJldB@e*V>P@KJ5c!vZ zZttS@zzsr?dOV2DN~djAlCl7kRIt6vKCZoERL%p=rKHo@MG#YI(};((^~CqI|5v|2 z)axBk&ZW4Pw$msh+85qQ>*QWEjjYV@EP1j8VxhXNFb}AC9BMUyAuAd!{KH{-fS%?Q z8Y`Ih!2eyLMr2hK>rOlxmZ=Iy2M1>u{3|#Z9yLPR1G@EJ!9DmZIDCgK=;uT5u}Z%H zPw!?>NCpmgD9r@3W(Z2F+pYf-P)z z3htQ9?Q7XFy+v{>_1U$0ijS3HIWw6LlLInF1WhD|uAF6FeQOXpRzo!FnlhA;rZnr| zM2xE&aBuO6=wk3a7nH$i+n1k(L6*R zwo;rk3sJ;sRB_3|Rl<#<1FH#`7(ts3$Db1zVlVYr=)9%ICLLs-za_yL@_4E}0#A)Z zer9%$=y}1ZoIh7VscN(Ay|ERDMr2t>_5u=GRCqJW5dlx9(UByp79kfhowWvE z%zu_Tr;=NA{WQs*6HgJHy)n>%tBMt3m4U-@g_LwmM|%}BF)fEmJYAXy4@(S1iqmc+ zn?6)!Ua?2VJVViJD&fYL8jTBshNn{RHu!c5eU@ctdVUEvdm?ermz+DmOy24q=^B{J zLY1I-lK6Q5p+r?_LE1yDMLIM~I<&L3i=GRJlxIDg#@2#NS&(X;dsw7SgL;^la#@vx zKsg+#uUr(y`I;P#0kF)}fV5an7~(T?iW5YPjj8HvSg0!D2v5K*upL9mTH{yHc@;ZU zK$2x0C8+J>E*a7cJj&QG`k0UTjiwka=C1W-nY&CCQgLOL`bssslD)5oMZa!4VO2%3 z3&KJ|FBbtiDXBf~bw|O7h(#fxsD&ZHFuJw*k=2YXaiwXwE}k3KS1uk}^8ekzZqB}6 zl>}I^3}}!76>?yul3+m=tX>){$^(1ho<8$W^6TUR93&wj0j~3>BuyNs{EqvS6STQ1UP0%ZtU`qMCfL38^>)`7Rk#?7@~CMk*bR9Fr^Ffk_TdZ!Be zWTf0P6^R3A>|&nyX8yiOaZeu9u6;7;W@SdAZ0&3KXUxzQpFxKFRx4SGZ^=q#&q^kZ z=5-PN^&Ys^$;*|CT$1DvoU1qP+7Xt}m1&V|&2=(FYn<~KXLdd#PYR4Y$vvYRe6p#P zuG5@bLzBx&;VKVZ`jbB_=E=IQ@O*DVIm%uB!zBJSr526JZy&Yq&|-0({9cE`B2i|j zu$n%f*<0H*I>~IrJN5EgU6tq%FJx}v3X6m%YA(4vW!Be`3cDnxz{ap;UIBMar{sL< zj1iZJuhL($mw`66#RSsn03Rz@849UDCNp9_`;pW}2)eU5__k^GR~qdrg?8;qc`{3Z8j%Ya+3BS`yiCaYfE*)$7D9pFcP0LSzyn9vy&p_{S|-qg3m!SevxL2)um$ z>igFRKO7z%?CeC8i!1XC^y(jUT$bHTvhwPHm_)6YpzMoMouL%`gX$pcd^j2a2^{;k z4*3Fy$)DEY`SS4S44ZHDc!e%U3tbKmj$W8Ph49ivpF*yj!VZu|UlL&5#$lqOf2hfl z^xx@tX%|U3z)GjcvGVdFC8JWk^g9XWLK-0I!HSX$Hkv&|Y^v_^^?(M{1WUwBFBOUe zemj#b!37E-5!mCuKYb$mVlo|Y``t4|1V%<1_fv$tjH;+onVe7}(7njm35oBV+qO2_ zQkI$$wW%7Aq}p4ZaXk}Tnz(5{Bo9Xxo~t~~MWCmF4m@)ig_CEL=?j!Q%5D%-F zx6lmUDhBeuKr#nD(l4j|LgvUtqOLx4V+5e@TmL|UrfvajxtL)l%eO-*9gryvW=qVx z&mP_7xk5<<%1W3+3EXdpM-)m&yYYu)ss9mk{emq*3{&l%QqNW+M#uW$bcpQ3T7r<@ z7&5(Fu^h=z0t$V;A5s0EL4YU7n|lFLad>(a1{ysj=aqjlj?U#bdU2#Q!!US*0yw`w z9wmMf;5mUfh#9(^F~nyy@JB#u06_c8F!j^s2P$dttxDY62>YM{`14B8QZvI&uv>!$ zfXB)h&dxG*%I6*z=2VhTxmOK3VF#n}bY>#{BJ*+}jnYZtBgXXBc=Ai*5qV}X8_A%= zg-)lZV3@bl>egDNnbOI5?Q5PS%xWjS3s!Fmlic*sW0dpEQQ6DH4_a^I;_bgj8AG11 z&wJHHdK$1{qdk%*B63VjKomfA73@JNbv~hdINstYHm!+@i(pX;b3rR|!v&tsM4$qgqQG9Z9{c7YOtO7;ztm$8 z%O&xY*i7F~vZWu`;GFttg)$ZgsI)d&qUIG?`T96bL*+G?+O*?W?!_|GcKjQ%c3g93H%iB4vcrk*HU zPx}C^uxdjKGMmmwE9erJbOL`zDueTkR(vxPL&P}$7^s+B`46qISP0q+B#27>jp-`t`e`3E>VceRL z7iW^I#T`qxKl}T}_r9tkB>=^mlp9w3EmIw6mORKDB8#7HaG`!bNq?67 ze*i*we{qBEtO}ju(RGy>6cd^u@|kcbFrQ%Uc(~9<9vzeU9h@(EAx7X_IW4WY%6cD^ z2cck?NzT5|CRJX4JNUiWW4Nu)nVL}kt_m$B?*kSi%+jEOibo;bzT`U|WKuWfRyfwKq*X7E6XQ4o zI1SNzqx=xM*pNiUv=}M7pyEgKo{s|_QpuRO2LqjG<&FRvp-io_#9@#QuDu^TqJ(2x zw=zu&V&XLu9XxfVmnD7Dj~1CXLpo6lnVK=R{gYy^LjKZ(P%0G&L6XFvWSOTz=TNnY zDF8z{Qq)kdy}inUOrEnP8MBJ9NlNYhB*~L#wcAI5694+m0n@9X+y|v$O=;AlRJI4_ zzn(1YP{|Kq28kco!}jZmev+a__KU>v<2?76=KNQn(Y5oI^rybq16Y6w^l*R$6iErb zjFz8ST|uR#x(8+m24Xfhw;y+D;Rcl%(bTz8&+77f2O=q>{J(s8Z6mN5kjC zgTc{@;q&2P@>8c8-2-Ye*CZ??Nq3jcuKVf7G}s;iA-o%U@6c1PbIeE-sh-kMZanO}c6`2NWL%3_l8!U0IH zzx4r>Y$~xoa%ugzHHegx4XO&AH7p9=i zwDlYQO>8(v;tdq=4Q3zjB%he!D7X8kB%3hJCe~$?3Y&mRy~RQPo-KN#l2U26w8W5F zuquTP4$OlX`?Ln5?0ZqIZC#fjb*+_movY8@q)65+$s);=nDgKbdnN2!Cv6?7X(BaG zpf^L6gx=G_*Gvm3W1y_x_HSm}pFGKi%}I?o69%)B^gYe1%Ch$pt7GeEvR#2x$SD@- z7VO$a)=L3)Lunud``Z05fI)-_8jK;I4ZN5IgMa)nQW;A{rmIK85E6d`egnJvV@&pC z^W8nLJMebF?`b>8rhJtCDN*~9{ZsKfFt|tgFOfH+VE1Pf1Qh(8vcUguyG7gJG^DIEWw<*oy<0IqH(spPE>r{bakJ=~%}Q$~`73<3%WqPX+NuU7?mEAyi%Q zJ0cC#3~-%MBhmr6Q7qEYR3ac%$WY(W>x>#YG+xL5f;gHo=p#T`@)biWNJ<*l&?LOo zafm7))KfLyeU)hDj;8rmbUfR?=2j%_mP4y_vZlML_n8Nh^h=;=f27{9NgM=oaB=$X z^6jTHAeoUaBB0k!GSW093{)<0wR1k;^7N}0lfm5Rp1EOXkgFgJ;3Mb|PkbTAzD zB?fc?L`p&LBtGZa@W3=U>(kqx^a?rN78{0<{xc2A97y!|{uBAXfnEwWNOJ2t4^kiZ zsknSPHC5}pW}+kTgG$<;V~Uz@nwkx&IJjh?J2|du8ERQi`?Ot3y`&;rvLHKE+<7No zSjW@Z!LkXejbJ<0Kc%&JOp24V#uiLc^II@!CQFXfX2 zGSYaHa>P6p&0;vz3#hBAYUj6(*Gwvgr&X9uN_CY3-}>Ms56~}FlP3c^wxU{6uHX|5 z5cp9gBsWjatO;Ee_B$Q?Spn-lF zWdoJ+*r$&QbwvK0cpQAVJlCg5w)Fz)-Dt8eW=B3rwqSP*g8*`|tK3b1>+RZ=XEpodZ(pf*5VpQ_a|Ff~X)ll{^+5L)R~Ij=LsZKB?_v^TJzem|>J zIpk61TZK6`Wt0^f$y?L(_$6y#Fj18fi;Ez+y~^KWOA-_iPl^DgV(|&c0=$ZJ>X!Xm z$o2y~PIJMlYg4sjDY01U+k3X4o6h>kLMXsrHPpY2{(2k!ZS+?I?{9{M%xv@`i*Afn zkbm@S8KE|Nj3$sRQJ>&(`q2izBJ;-Vf`;l*M_NrssSjv#{}5{RYA4^2V7Y?{xU zXICzF;n{+HPOIq76iv*2#V#Zwf)!dRZ1LmWmswic4D`u(QnrRdiIn`t=lWK`FF#Yy)gbS9ghB}I1;A9jTy_63! z>tVjze`4zLse&#Mqk?)gu<<8RbZ)*Gm0(n?7nxECsH&U%A){F*-R(MCmsO##eP&%= zCSPT!FdP1!)B{U0E6Pn#+ozO*;!q&Tke`o3EpBbT#9$88cYLAbU>5p&mF$EVIE600i?>fBJ5;}7<4HiXa~uc+RPLN zRi|Vasj8isWRv}g_J;E5%j ze4Q(uNH>FKrhKDL3`0u;@Ff&mDoeIYJ-e0B&ep%yS1E{{G;lDW>S4wt0)s&vL~$r%X4Mp73zw= zp1~+}JgYT6QAgr9mReHIUi$@3ZeWhjD#E&vUsrM0gt6M%)+tNPanOSwo*M{$nqy>_ zLvD&7!dR-A!mzzFBxclPYh3r1m+e5!N-eU{1?K3+z!GXI@T$cn%q`=K47ie#iMg>V zS%KQpv^21-=~clSYR~q;4@WCwB2~muMc>y!x2kl(dYa!Ke6J%;6%o88enc@T zpp)MSsnA@FA;;dgb5@hJdf{{o4(y_?;uti{sd`Y91KlKT(43r_3Ev>WDGkeaMh5dMF9lRGU(_HawB} zg;G)~T7gi2!w7o9Mh)kkJkriZGkA+BvzlvW&id6iH}?U0`F=)0C~bV>;bZ3ZSG$KK zf@5`Gs#EbNInZJjQC*+Xj;~ixeW^#0_@CbA&YdbNpGbt;x9*g|)tfY`~{%!5E;ZB;Vl0`R}WJGDaz?GW9)kMb%IDM>rIw^@s zh;H@(8cv6M;2P|f)Cc_cgWYS(;(xQr5l?a}v4RYqc6qX?J9mIRST@z1KG(6n;3dz5?NR8>W<$eJT5C1dd*P|Kj<}7cU#< z^aLEee3&_TRPj#aUlpg2B%Q5lFaob$A0B-F{i_$XGkf*oK_(W$`>V#u)i=r{%&eN+ z%fq7wnVnK9uTp#Xia~*{RGgieT1^X;X5=7YMZf)M+;@cf=vgPOSio5O<`yy-OZXX1 zbiyE?fq>FT2MC&9j!n2AEj||Ys4AK+@GVl|U>w-MO?98=DR8FNI3)wC)2q0&-n!IGCNQlm28D0u0gM%Y+&CpWawSmYVgjyjw^@%sP% zpZ`}E0=i0Ta^SS;n|xu4CW~K=z{?$z zJIm8`RAog4qCWO&yNpCQP^7{P?w=lDt4 zUMD@Suo*)k@zN?JDNjv`KHjgMpQ?@ubk9nAR@$@Do|S%utn`%V0JT)XHA&#-Wlq9{ zw6@0AniRqXMQDk~*1Qt7fzdXxC?@%W(usXCw;o&VcFpC8z$D|J)xNMZc%$>&8~?42 z*W#J@B;}5sn<*vn%{p`HQ;rZYHLgwEvB~ACgQLLi;nC~i!SG;sIQrq$ix<1)w*KNr zy_aCN?68UjXAkZxzg?e7~v84AdTmC3qU8C5Q!)r2bj-L64P!Xjfz8NWU%wNDqpvHqyb=Y z@zo04Vyqu zMOk8#f};@%Fj?bn%!qLT9I0J57fL5M&BQN?=bHS;hLEh>9=H* z*36-5PUi_&03%%?N1g=BBQm?FLOmR|@d-FRUp#{9QT6$WVLpX%^0QfTmkOisI6^Gu z>Va=tLdab$C4eO3WCVtY@9YR$u_%9q{FnY?Kgml1EqsUCUp4#(r(|VgNZsz$ix=wu z2L}ha{~sN`diDC%%fB4Hcztwmbolbs(eu9?9KLvY@ZvAvU}YH8d}1yj`^&-7V-+X& zNIw7E0buuEu)jOfaS+l-pJFkK$GP-;1NG2khJtY5%^(we-~6vYKf8Mho~EKKOi54! zLtKCt`^1qq)A^On_%sy=#&%tot z3;q2mA{towui=zx$f*LnI|BbyO8KtM>7IO3-cEf_sE>{p+t>9mzo7|Y4Eb+VY{5m6 zr}0!P?E34s_8Ia5004F=K_4f(BkC#V(5-_8lD{HT-wtX^lT|MVxQKSA}dwp3?wK(C^6r2wv1 zM?l3?e{WP=7VxN@e71M4XJxNUtKCec&Tqljl+IRaWUEr1RK;$q>NWHIR_wgJW(L}F zw6^jEw39KQ8_RTLn(gJy+VN>6dq8{n1G-MYc?#`i5pa-4&Iq)UOO8<6O{iIPs$=r-AlrRM-zme&xtMmwZ zsF$O4&3ido*Q1xC<%9QfG>`kYE=Ln)`;`loOnK|(iMr$8-}<=p{5o%a9>Q(m?qBF{ zdtU_p#>Y{A>8iV|MYKBT5Dy~eS{S`f=fHXKTqadZEH!g#Wy?RBX|=Q2 zd)ZX@^s=d!P4%#P*;EPXL1dGo-TY`6xT}5ai0ijwR_;`c=X~c*1n%$MD;oFr?lpb- z`+`c?{e8ib2=w;_6}W%v_XXe5MRb4f-pkR&=Di%P>(R^6^1*vKn#cWHm!ti?`%?J# z_wFt|x57cv-@8|}?C&-#%>Hhp3(Ec72I%iLI>Ybp-M@lq_4n?%roC+HWm7Mk>KZ?G z+0@^=_xJ9_Umfq=cM7dbTbf^YVeDh^o=&H7vD1yIOx389NT0#`ALGdcu?zesD&FQ- zdIqu)0VZ#3Ro^kC0fMBq@7r5M#N|9%I3g96^MZk0eRdkCusU5q38fSoFJMtk9ofDA zy?iC^bs6__hKYwGxWIkCy`{LM5%#{_Ww43us}5EX{alm|WI_q%h2?WP(tpG#MsFCz z#1?osTLMsy#hfE{F@vmmzoQG(xfD!}Jch(CX#NRJD%Y-Adu}i)owThgt*T}j zmxfJE33nIx3%WvXfY!=hm6Et*&Z5HgK)L?YJg*|0x&v0b14TfZ;L5436(Ch}U|a4p zn)r_ewj38SP#jH{TAObr#!=-64V?PL6k0ws*ANN(a%Be5U}p zR!1;(c;3(u;_Q86>2@cbXc$tm;Mi$);ZzWjn>wS5o4A>yYEo5tVO>l*p?;<5S{ut= zER@(rp{lP`R>yi>w9ehyVr;8~UMO?7deG}Yd$B&=(y+_R9IhB_wtnP_L8rwbmj-MK zd#(h|LfOvtP%D|X%Nb|UO&8WsUX!}#4?TbA`NLPmA52~U;>oViiUf<%o+}5KG8#u$ zrrvSpoGRK`dhr4}y<$ipBGKH?x;bjJR+THNXeGM;4*$wP4<#TKi(pC$FNwNue0fd zxerkCZAV{c$(i*Ks|pG4SG3cLu0sY?`}_M%+OUgXX>zA;mSuuQA!k2Ig}fx*0(4dJ z*?UZ;h@F*k*On?d7w5E;J+uR)4d_qCe*T=jQY-iP~kUm|BliA6nmxT?>G`|0W4O(iM7muk~z>QiNsKh`5 znAwxxN}oDXCk zMeqO}PK)CTO4JJTv%v|> ziV|J7m04NP#?;{5@tD|sHO@UC(X}mUJm-Io_d7+hn5|B5JpPNP2Z-tzD|&QJH+ICi8)uw zn6}fD39I!p17RB~INPju>6)*`oHsdc{lm0BL%(SpkJeyxGqd+prRrE(GU%y^b=Om~ z6eFZFQJ<6}M?CFb^qw0`GC-K^a161v_bWc7dC`|Yk_6APwuKk9ivrdb`X@UM^Jq!4 zLYiJp#B*|z8WRL^ZXJI-$`6h&Ya;DjrX+7Pkf`9*lz+^G`Gl3=!`j1OiNYOk3}5jy zDiY;kio$@GTX7LbaOz9k_laDzPlk=pdjiCwOWyK8Jbak?n{ukoe=~v9fP4lfL3&s^ z(7FRC=4!|88X@lfK~LgomDFsrdji-ZED1%@u@V(^EV+j!K0zHIgA*)*t0qOv=5 zXO5c2$l4ueaUlXY@6#7;D-Av3y>Y%?(Oh|iL(bX0L%}XLAKil#;w1zc*d-KH(ItLK zQ>#4R7iWoQkcu@K9TeIeV^IESE{`x(4{7@sZWVb|t2DPT_H|f5p8HU1%uG)l1f?!A zagAy@AV_B_9Bt&Qc|Ks}gAH}VhwKJzFOMYM<|ozUq;uxPjTsV`*#55i;a8RRdNJk| z>44(_(>EX4;K8d15_k<7XghZGzOsFFxBI?xQ066ug}zTFs-_wsxD%GySNd%4fHqs+ zWQkgddQ54?sPTKt*I54z9hoL6VB4-q-?Q|!<)1zqUILuI1}W&(18(Yt_=!NTacNbV zG*!_mId+CaGaOc9`c$>b>S}y9m(fbyoMbVJBvH~@qJ4iwbsU*=g_~}DT!4XVY(*UP z!6aKUe0|!&Oq{M4`R*EKJ-Y6M2^#KdIsAIU)eluBOk3`1wDEg!7QYzZIS1<9-1X%O zC!oAcfwKM(uu2uyvgQ1wp#~^vXsN#-K6zL^uH=zcoGGQ9@1Pe|^PD--5b4=~8-3iY z&fWlhMMWHZ<0v?g&3irVo-eybPuDmqlS+R?J0aP{n;Cio*~d3Ibr?p-najOq2S1HTqkJa)`6!iIc*~Dbr~^#&jUbF<~pjUhP;?WkR%A zuta0JM4B^+^{4j@^q%~Vs(^?Sash%t`pcRBxbB2tdZhpug04Mxd+K?-_8XtGS$8ji zVNg(7d2xsfjK`^)b)MCII2o*KfnK@d68|U~tbNw+3NLEsXZ@luG#5rG15xzr^F}ONgfbLRQZgU%?x%wTEn1>H?dI z<6+WEoBlYzA_Zr;^9<_RAXMLd=@E?R#U-%}J_Z`DFL6X-8e(b4aW;6@RR?A_qmhjg$k)}3enOKeH6zncK zs4U8N2P^>R#e8lg_bFkYfF}i9J9IW`eo2P#4!TWM5!Wf{ULPZ}1xu05JTANBr|M{9 z@+VDhOHN@%eSVC)c~VHaY?Xsw(xYC<_qq>!`dMyt$T4em!CWEhF&eX8=+>eOGH$=! zV5c4!&haqO>C%}W$(Bc2O~)f+Ps-aEe%IuU@%QrhXV9E)L4fRR7?>01kFm^*aZ5kl z@=gKovFD<-9bMDI&!cPUSF}u?n6Hr%?`!i;Ui0i)^4!XDIVJnKq!vNB7AIcjj7kNl zOO_Q;9?N7?Q_YcrTuYZ+QA$A^{-Fo4`>D0%& z>cmJDf`3Z5&YdAGrP4@y(U`i#Bea=|f**MJqzxA0f)B*(Hq*Q}e(j<)#;Hfo{L?aw zQwIm|gwAPW=lq#ZWV1at*H)?jb&G}m8f0^};R_b)?0#|;i(!_{hGxvX_5L-cN6H3U zZ2%T~ZP~}Mjpv~#lVvBOmAmsfb_@{bkeJneyVKIjcvil1Z%aM*R=yj5P0ph0#Z$si zoyS+9L9H%d8Q9JR*%1*p)K{S~2;!@1knP4O;jDG`28QY}x_u(nM&0nR%WDeWfzp73 zwkmQFNb?fxYLE89*E{+1a_f`AWtxC$_2chWHitK&%eQU0N81tXcfiEsg|Uz2rbk*1 zMq$cZ*W`|7+D?!52bgX(k0_heSPKplXA(Ds<@VFCH!WzzM{}a?8mtERjSGi|NFSLOjy~p_fa!y zLZ$jZx5Gw%iH6bzRSOHiT6#row}TeZXSYMf)qJ^KxW~vs3KcK6D z74!&ge$tr>0G>rP!|T5lbX$fo6mJ-g0&AZD#7bjnJ?`?dd)E`5k|$Wcs>_ib7N^l<)T8%)5x-!y?Y zM)!ma9lF6%74`b$TBOVPjU<9W{6qEQb5wQ?T~wgWe@PvD!6Q;|%sV0O0dk5AaE7E8 z4LnjQfLdjV=`AuCS^7AF^Q>}+Aet#KaGE{^QLC=Q0+fdbQ;aP8pAVDA3Uf?8KyVlY zIysz@d+l<{=_JG8qkXqDoz?@#i||qKk?P+>M~9KhN!ZKdfHP#`M8Qkx5ZBb#$Cw)a zY*`^VIrMwPc+wXUW%midWaH9EA{DcGDvT*{2=nL;7=<#TrRexmNvgEb^S?uqGSsx_ zf6Ue?lE4ZC{Kg&~4~6OyXW{q0L?(-yB0sG?&?v>3f?jeUJA>K%4m@zqHnf|YC{3ic z-fA9io1NjC93>zy@xdyDf2roTp>|NqKGOu&2graA-cw4LfIwNf!=Sk!*Np=YIGXpB zFf&&&aOyXxlk|y%y%+kr^)tUV!VTH9%YMcI+=U zi5A2d)@$smU%#L3!stc1LnWABBo1;juCIo^Pzq;todF}@TMVg@Tt*3NZ=bP{G>)!%Arrg{gLHwZJ(p)mzlVD5Ep>+(1h>jya3)8VjcvDB?jE+@h3=DG{0Y!8}lQt-Phd!33nHcvn z=((f_r?6%e{hmB+_Y9-bBgZ1W4G$AfMjt!OWq5WTtj@?JqlSf<-bv%C|24*#U=zVk z(HIJXosJ(_$}Q^7EyKH5jOc3o3(86+_8_T_GQ?J`^2sWRFYwnyIdTB-uqHxx!o}~w z&UaCV026Dpr)bg@yKEg)d$GXf0G{USrF+wJiINraj2s2D6CCRlSo8jWXMe73ierx! zKOVhzUw&CnZ5=TSI0T`pSGYW_#Y8tt(xG=4`^+Y|@8-ZIy#>Pj(wI3ZbWYkQ0=IWG z$5oWl?49(qKH36-vQ8#^F-kVk@*u&#q?YQfpSO*^-O!z%t25v46Zx-;H9q)fxStF2 z*Q4W!wG>x9+MZ0`H&9=W0ln=#x|G)m4xeYdAI12pa>H6$Pgv|Xm{KpkE`X_ckITEa zh_+LrCKWtk3LyjHW82&F>n97l98>y{EfSm8|Y+ zAbwd!@n8x=Nm~1`RzHKT3f>i#9x8YqL_E+^mGX7WP0dozt2occ3hq7-u-BP)NuXff z9l@i{>kHV0Z^UuwGEX^oj|8yXWP;Fkf?{sd@^EHw6)_O>1`v$ zA2S=G)JB3KT5;xP`!)(2F^8!Y!A@Ql&thY6xyo`)7tyaK$pf)d#``=!w5v%!8_7^* zj`MO5mB;g8gRM6cOM*6+D9y-`YIGi`9A(Lz>pF6ta331tb*KWD;T=XZo`?jar3zG_ znvF6@yD+JTpT$Rw`7XG15bQ%f>kt5(8sd35DmrEGLspD%(BwKde&`Btb}?iBW}6{d z8(vq|!C5?p{VxOZpT|&w2lvL%Jp~B9YsGwmm4b{*OPzLtm5wU^H5`S7l`mM+>J3Gw z?Q7*G8o)b!w`NM@_=`2;6`2)d(p8TLolLm2KF!AMZp$NCWY-ns^~CZ~XYJtf+W3!+ z8ja@D#UQd@QxO+oRRla`3mi)cS`b#h@zupW!t~Sn4&KMavcy+YFKS5#C@Z+#=g#&GBRq<+e;z;I8{~xu=TWh#f;R?~yzDOeEsbas^M3ziflO9J3O~W$|cjrk2 zIbP3SEnjE;dd{XN%UJ@f7-Fp^q8EWuO36;*o??ke)nYyg{Vuw^i{;7E+(RmRqc^=k zHHC9F*Tkw<*;6d?zxPkdhhgYRI8u>CCmGhx`4%fLC>K&HSLSkSB#~{e45ZycDCIUp zWxSN3iZV+tDsaW`G$=Y79P(d!fop%qm*BSk*<*LUzL747 zZ?b}OH{;w0z#(DPP}|rZ)D#M`Z|&N#nN@)#$tg5PKRnAN zwexH8aQPxUkMp4CF2u$r4aw&5yV?ax3JsR>XEXEur=r4ki(PRH812Dig4;r3gTvCn z^;*10oEGY4kdDhuCppp}02ZAgw-#*aFFta&$3`CQ=jw^Afrc!C{VPupJY z+TVRQ*{!y`xU}KV_D?MN0OFR#mL=*kiJcdqJoHbAZxnsN2I5~q-?YaWHm z@Q|xKZ^(F7?Vod6)7rgOy2nzk%L*K&V-3Dvv_Eq!+q(O%&8&MHOpOD3ZK9@$W*UxPzoMhl;54$}^%@@(T%M>lnE0@O^l16g^ zF+gG(>riR3Ww_cb*~lmy&S#8IBdPI%fdrkFGYfwI5t9-_zC)#df|Y$K1NV2f>y9Z6@aa z{eP2Xzeo5@mK}QwRV3F@aiQ=~c^Ye82?~~y&kS4-Qd&HB0W;R+mS+!u8n&zojbxMk zv=_3Kp7x3F(i|4k0UhGPpkCmw9FK}79bs04>ZI1~Pru~I|Ivp}uJiLqSp}k&Rt1yd zXBF8${CqI=2mUNs|8^YY78Z67Kd0TDkr!X{5+R}%QN@K7l9Vhu1V(5R8v~IOQm@?U z@n*q9Wtw9LuG&Xj5ROMwC-gH%+gMB(zJSg3=8-)8p} zarC2WY>t8_0+ZYphG9_y87GGs@sujgd*dm30d79}=0da9jS?UPBsFtMp z#LvgD{&<-e{jpv;W=j7KI;B&7&)Z#pI34W2!rbi`e+2{wSCkBk1WSY6AE?>No5Ah# z8(8?tB!UoqQWnkO5sh`BQFo)Pw(6ugvi+Z?e3HQw z3Wd8ScQL^p3eog<;FffRD-QP?MPxVr|BE8(H{MOEmX->HD(*p!ILP7t7>xaFuwS-w z`_@1|w)-KoEPbxq<(;rgEkX}^O8?lY!=7MrgPLH`$h3A;25%q_6Jsnz;2 z!E8@>wH4-IPk>+Hi#@-e2hc9IU4DR>q3zx_9DC_MuXt&o(x=EokncLW=P%#kouRM| zgWR|iYN8?|duj^uC1UF?650gb*F0MzV7gEvvv{^1Z*TUr6yzpa&0CYCI`@@#u!=GNuVpEMq>22(zKz{RLN;`>`<5Wk<0K@aMojZK7-(RA%h?`Q0Uo29OrTy z=4>kNU9JXNS>SXk?spHMj7`X6dExerbTV%KCgVDJy}JTd`f{`h# znJ8dJTc}|ze)YCQ+jySd*0VMr6TvGxo#Zq*9sHH5j*{F`PpANDai?h<3bPs4R^JOx+TYW${$xvk6tn9BsvFCXpk6F!f z=N>gc4GT^!1tGpcf1G^-i%st($gfjB)5l_uyf@-d7%gL|6zfhT3i@QGL|*@)ekFH)d=Q8cz-?q{m@a_55(XVw^v_;SyDKVe#VF5i zp}d-syq}Qv0ji2Mr?RzOqUrR>qg&Vbt4&JJv z=D?Pi`}4YW+XS>~3Jd?xOO(172oX4n)LQVglU7Y6+Qo!Pci35jUgC3h5rp-~_fP*j zT=5PW4k5?U|GeRvmX8fJ!RS|CZQXM|oi{1OJOw6kaLGtrFpW8XFt6@~4Bj?E+VPDV zF9%0iZ!QIkvQco9El+w2SvB-eV2Lr=wK8jL4F_9~dB*pO`Cqw|?NSAcu>coFnLZd; zyLO5B7Qe$GG+gfHH3I&J`S3RAKa{J19by}Iqux?Cb<9;Fs=G5L5{cRi&O~ z5h42sx6xEhG*#v6OO;;t86 z;#Coc&Fu!3O6ab}TnCz9t~lKYE7A>Ab|IBLgVtK`a#uH7SxwU-RxRJTzZ3N; zx2(k%%#@XtQlk{JSgg5*tnnF6i<;;Y{WE%9vUOKD2OSojk=A9yVs zwABxW-*7uP*Xrza4zkAz3R6!L=oevs`7K%fA%u=r@_8St|Clv(mXSogF4~CjpSvAv z(l+^7UeGpV>@n)yk`x2)Awv{?Oj7ji^USF$&}u(uYd0kKDv2j=LzbpG{oJ?Q)9*n1 z32UE9vqXg;KRGV^hgugp^x=gaHB$8qPsCAf&iMP5uP5g4l+`@vAbKcK^(mb->W&Pk) z0b~^LUUi`>Yiqj5(RqSb+vZi}>z2W4Kkz1h$fr4XZaDfJokzyH${*1$qY*)R?idjzafg&dhlZ&3lftuMk%iuoSfA(Zk)Z3NXZGxbN*RQ{(CyKG1%`w+|55xQ$&6L}Off>)jnN zLp10tHNshxhPYXUv*uue!Eu52_y#QE`{Rx3Z6=fPZl zHSpeJ7!UK%XBYK(R~$}ZET7B%9iEUy2km_Xd%%I?#a?~;B|ISeU)4|OI}p@M^$CVZ z;B>C)5Cj>0mrv(j2T<+78F0-x(|OM5rAzNpvcn zK!umRjX22rTf7*yXv{zE{0=s>%>H|;i?ylS{sK=xnL=9%t`r`~5u?Ba*p_=x6EP1; zsNyt6rkljWI$X33JHL(Jl2@CPPOMXh#x=;r`VM(WmtqB$Ioqius+i{l7p^k7&K5gf z+LScHle4*#Zl8W1hIp6QUh6#}K)TJP-De=}h?`?UnKs-jjw~#AOOmkV5D_ZGMbOBq z$IwEjV;8=igmtJ|b*?fFqdl8NClO<+vhKD+$7*-a2v>5!Ov|324V2HH%PvpXjpk%> zpYQ3C-FeBIL7t|ALUXPX#}6*P6tk@vMx(rcy1u>Z@Irp?_w@EwBwpa;M_l-}$Rol! z#+9N0@zC;hhtar1im~FqNH14$9`WIUx>y~+N2JDGE-B(oVqeH(>`Sn{RNmZ6zlrxg z!!*`*^#jUJ(Z9(EwLc~`wIpLMQ_XAp!VNaf(2Sb@&H~%$A#0E5C%uOwgYNbZ(|i0g zp0Ze1?Mqmjz4LAY7@0>(c=x?LamkMK3kCd?u(B5JKC`NN=twH>TXe!-)613yfh7%g z#XSGjOX0JQ?62tUTuEG~Y-lN}#arl0ot>z@z0yw2uz`t`d{GpJz4r>)wa9Sex`ZTU z)6zQEWRyJJ#qoE>{;^mS#`{%91Jc})czYqy*b%J%25y#Y=H;#MEMMxw4RIji*@5na=)&0xxXYM0 zuVT3LwB^%u&rWnBZ3|+Oxcc`eh*M8PxSqj={KK~_b7I+HX0dhR*21ggrP-u4^L~#w zR{ENQyHb@yC|JC}Cv9`qCE>~~f}}t$746|=4jy>5!2SzYuZ--PjlXzp7iM!F05UaH zr<0Jtyb|10WOo5d)c;BHHNnXtY=l9G``0T}@;w-u(yTV{9NIR8S(qWGr>K$y=N*@1 zZM(~Ao}j=Uywc?kS6fgb4A0?%f@DjX$)S&s)+Y+6rWnfq4MyUF_-1f%@L-A&X=(jp zYFui3`C)4OrAjQ6S_-}um!R=Ju;Dq#vXOqEXzgR5k7s|<3(mT8->UN(CK-CB&fpqn zWs`3jQwP@}1R_wpR5qWrFR4h1-VgYmfFD5Vfm6pCi0q;I;bgh7^kt7ppqn$N<2|1! zc(_AsaJ1RJ4dJLWZrwN2`Kpux(989eiY^h>nlyyLRGCd;rG!lP;dh!$bQ)}N9D@pD@?Jv$- zlTiGBIMYWsO7N7NMH5m_9*s&DYJuuz$WN`tNiA@ZBToDd@*Co#Z)XT?O_m+yO22f+ zmjjWglzw7D2^3;xj^81NO&hE>@76jiW=vw%VD0b1FXn%jmU+Y!%62_gc_ED5%^m2M z_e&UZC6G|^&G@riOF*fm=Km6Dn6B5vH#%L7`GNg}WL+!#5L41R{30Og2S{Jr{KS(F3(#aCCnL< zhiPj8_O5C}dGb90p!0?aZ&;G`CHD~2hZ9u=-CK;Dl4T>QK>XHc$M5bB#%Z0c)qd*jzF5N?J4WT>@iGjb{_*=l}ZHpUYnj#-3i{*$~$ zsGt2_j~Li4#m23zAL2^ZPnWXpwZGl+#~(bSl8(CES!x3nNToX=N`*GNxsF3iMyrq>rMB2EtgCc?c{_9T)@ks^G(!A>F zpW~1NGseFd(Zq4mb!B+_@rLXqNGdKr-1lGR{qN%&RdzTP0Hw*R7vZ`O+z1~|MdI|P zscO>#t_1Q3^8U&c5_<-wELv6Dgloyk3>!;@5Nz#)>ScU$6TV0GsLHyQq6ah-L%Lr^ zD5DQX`kc#*gmtGMYg=QEe{Mm*mXmfmOzr6EZD7g&$3`68!guZQd%9_ z`1(x~nZ>|+FyP09XdSb2y5jr>BnzHl&IoArXcY1m3)06aggc@TI#iek(5EKB3}rxF zT)SyODrHCtr7^W9Ot&>lLdU~OETv$AE1L(wuv@Y+*isiG<^a<#LgEjkzk9u+>1N{6Qg?6lyyln?^?l~U!K)T0_o8~Tbz4eTGPQaT*dIu?OvM)u^v3T!oiNooHT`B{f&7+_@Vvq( z@yJrLQKSWNb@-K2irGa{1bKL>`}e-ZG)!SeJsI&Xrra1;#oFZR2z~}^#Syl;)Rv_xjx>0?`zUX4sEUV5 z8PUp?+ytvEn=$1MCbk;fhUzZnjoqeCqr_h-zi&$;KMT7f9AH-4*SB9>UMQf1@aXLE z<8n5SaTDhNYWnsl#V0;oXSM*%Z!J}Tr*M=lmH-Q6bz&J?h;L76YXE9bEk$8ps%K3G6>C*k`PLalwM2`?%qGluv+i5wlH+4}{_6^12*j|)I0zo)Euax%Wj+IAA%-i{Vo&2xSl80MPot4>R7%ToQz*%@|!mX)H}++76!{8e`Ap7-@f>e|_mp z55G&a!SZhdl+(n{{l$t|nrPxzrF54*SqTH>sS5K)co-fc*|h{Q>Pgsx)_CGLQ-(YH zz7N^Kur1sp0W|lePY85Q&Uj4S(4Ku4XZaimjZvJLr zqtMziu?|&^&7lJBbNBa5m5)^AH4{npyy4o1f^)m~qbB*-lYHDf5%rx)Cm-b4tc}M6 zJPDn!zv=IzDTS07R5)f3;^9AL?h(himz&hL6d;H-P!SCFdMeb{iK^>oYjj+jl!zMV zrJ;S)e4{#ky|(7vc$BMTH-ot&N$`DnSdSy??36D*KW2@1l2w z8)MoK?O#X?K6y%AL_Dg72hAYdC;~(yapAfdbfh{<0>lE}=hK`jue7mD8CSj@9ey4! zT315G$8`%M1pig+NYz~hd6cfkS+I!Fq>heQ3UVYTj2bH_N-(q6O^cDZs#$s`_tO9Z z{}bb{q~}(QCvT)lzL0FgDQ9hy@atkkCDqDxr5Qd*Esgw+Sip9HK`}LpyuW-c1xpiK zd`*9lMo7HF{#gSpndmFxF}Z^U^Zu!KV~rHB)B!E4pf=<&>qJ+U@t*4+y-+Hp8n>v) zS{4iAX3nb2C3rgf^uc6|>QurUjEb=uquwi^x}-v?NQF5p^Su+i|ZTVN|_hjfEY{0P}{`*^m+o9hB_;fpF zB??4%ozxa5nUETRc!!M!iFRQTg0ivb&a4ja)6v^E;zuO#8fAvd4KJ+eu8gS$W%XRK zIixexib8ueu0sPQtFcm+Pn_}`PLu*01*6Sl&OiD5Evw(GF(upfF#2HFSBdGotUcYR z67xjuUXkRlC7yUPCixL??f=r@ubXXZAueRw(4#@N6>VNx{1qchYAhNz3!isFij*9t5uAR81shsFDvC2j( zqIl5qEZn>M0LA}c7-OMRiZygLwXqqHWmnQ{AxZCOsnsQN65(dzK( zeC-kV-}AAa&{cJGE(DiF_f;onQuTYb^Gjpr(SL$6;m%Y8UkHYPnE4!f9a4l;%J&+q zj)WPVkm5Xzx?|ZR8bLeQ#L01o9vs1%$V#r(oopi2*~LBBvi%fu%w&*_8#OKG7DlWOn57 zBqU9{n6#>t7q2|L`d5NVp4Zyy?{j_IrdN?PH#XxXVSHx3KBDfz7~$0W$4gHZ_BR^m z=fmr*t*`g{Sq|N|^R4mG#L3V5Ug%7Qp7&P`9^7}fpklNJGBbwtj#|QAQ{P`?M@@SmQqkT)aCKbB+E##M-U~<%s(vy*yB0?HIDV|rj4cHEp#-4O z?vVwY=d*w{B}bQhV>=2&aKvdvEN2yl20Q8|4u(BzB-JNzK#X! zrIENzNf}0$5zP*ZA{&zpR3*?Ra`5VCGzy$-D^v}&+Aty&D!6YIK9li1F@M|~qjd6m ziF}*VOx0vv4{MrsosmZew?K9C;oW3gOGzEEG67v-%rS-1BV@#+YA%^Vm{o@HWLo_o zhpAOB7(@@w+mFn&lUQ)33D)SB&iB4K5W7w3*&Z>8GC!lqoO) z7$~DUGJa3gB9`3T0A(a%C+|%xPbGOQMxu}6j5Ysw3mWb8PqX6I6;q>7RU;*8C{~hR z5^&Nl{nd##wq_i2ZE0!i^b@wb?!(U(xzt@|5#(uVqA z0IA5Fm&VmHO=8ditq_3^4#cDlwjFlUPF<%6XihDFSp@Aeyn znUbxF*fg_)`vgBDHbXZLnSMQbA|`A9zj1U!EZw%i^_E_IDtWdv)`|sHNzL+s<*Elu zxn%qTtCWoPlQ#68Ek)zY?~p8 zpbtM%euQf9XGjy5p4j4F4wkY;KbD@Rd`6fi(VwUD-Qty8{kulV`aYkybKh3zZfdcN zo%xGOt6yf#_a{ME`Awwy1d65|6BH7be^siXiHWfspeOP=DVL?U0n)Au)^z@5KfMmP}41`S*(ZsHm&lw!Z-VO^o*|$eocQI`L3ITxG z5rGrX0SVwLw?a#<5AauU)_BF##XxmzBV3sKgeMGB89-6DmxbPFTJT`}_c+Rjc zc$fgc#c7V;z!Ja0iGt!+Kaa28ly?v4RTIUE-oC0ST%l1>S8ZI9Vp*+(@pd{YCdDJl zOPS+!SddZ6=frD~yRvFtY?$9e@8|2az0zoL-GT(c_+EY3!SG%k&~ryallRX)b@R$~%F`yLxxuPT09AGaT z7R$0qu?|uR%Qswj2wq&nm0>k#kpNorKVcLmY=c8&)mT5y0yTAtj>W=~M~d_76hQF+ zOej+5L4t7LY&49l3jwnm)uWlCQ(EA=CR+4N|^hiH?n>oNJ4YvB3BT=p@E&Ltb*HYEtb2C_uQ z`)WLd($gm>L(Yv^AH5i{n+P`7J4!iRTF(p*Z43=4YJ8$GY^c4~%A0(=pTDa?^S*t( z6ddY-|8Rewul? zicyndEd0zXF4&OB)>eBJFOqx;U|7fXO>)r<=yFxWC?C^N0ZOO>F+7>4m-tHU5oiD_ zo%?Ii@_U7vqKGLdTvL-0ftzFcIfQVlZMy>Y=~120pS&kqeHy5SKBb5-$>W+jvi>v^ z?|&zP0qp>CFHFMZjlP^+aS*W$jyQh)>lhWogr^!J^bg9z-O~A!PqmNS>NB(%i|bww z^b#>VT>aqfHs5?{f5}i@?n79y;;Y$*S`iBe$s& zX$=SMnUVkXqR4lEg8^e~!vZ_o=t4J%znHE2$e?xi;c21)Ja_=UFJ%h})w_%Hw#qMM ze>|%%Ne2qe5jdkDSQTUxUUjnNVQOvo$xI}8Zt>(QNNoep77(J{XKwm+H^?@*0|3n7@Wpr9#T|v9Tku9g|jEb94 zv?%kCFU?VZUo<9nw4y@|k1R>IIeiyJDegn1Di(kz09CUo%l8=&sH2yx_x|~*T$hRW zJ+A^z=agXx^D8sQo$Xwg;zE@$*{rb|4O*d|d2<0jEL4=2C0W^AJhK*|UY29e2VQVqYzjNVs9b6G zGvSNU^bWCSFmEv!DXTdcV3t|MP_W90(~M4DG}pzM-6TxwE}GJXC|0ZKo2*H|8qp#c z6?PwWuX@`m6mqR1UNa+;wg7}0q}dP|Fv@Q8TlS&WSy)rSShjsxzRm2N$Z2xVBO==1 z*Idcvg5}PiY{T7)hOZ;1)0wb6rv93Z zVNJ9)Xr##E4+OCapw6MMDVmy%ZR(9=4O<#XnbAAw&VZRj38!gpE1dFl_22JqJ8hpV+CkMTR zw>*DQR5)f)1@4Z0Z-tI3eelk$LOm1?%A-RFwxDcrNYsK_cXE3Dx+;*UxncfMIX3%}uZg~m1|bX)mYd^@oufi$ z#<5Wuv47jS&Pu<*w7b(0a(8M>y%bvg1pea_nIOFb3S=qSbE5tB(LgrW>;V z9o49Z1LjH0D9tyYt`Yeez7t0RX!1=@&>eCk4=f1Xuetm96*n)dyWu?OfZsx@y-Q*O z5S+HxB%!xm!b>P6GUdlwY(I}h85ar?(34hK*qqJ@)*dqjbq!40c}~x$E~a9347IMLd_OlLDTpKTOP1w}d<0&gzW<871>AuaF~u zUt5&Dd7{NskqNz7!3Iwy0DQ5p09aPhXoO)@!cls071JOPT`(>DJbRV;lgsgp1S^Hd zwx~#Rz^v%N8NIV_LieM*2g#OWjWe&8z1C|!V=eeO zCp;uGi!az3v}9c>2%Tr`+(LGJ#+(He*fy4vYGntc6IU6U_CZtH&QjRAR#3I;B5TO> zXZ+@$!K_YiDuuZ?$c-KD9BN4X5sxB0Xp=u9ivlJOMx03ty~Iu5=$61VfL9wvbLQ_r zPB41@G4U_?Mg`wZssriqY#~2k^mufLpG>-hQ>M1GbFz&3G2WL@LUbQspKKCl41JiGpeyV@g|~gN=*c*|u3}06P5y3W(5_mHHAiIh z7l!bJTy^VrVVE#V3x;f`{vY<o*En! z9&_pr`EmB{nN@d_6?3UoeKq1oy*twkT#?9q0eE_y#{bYQd1f**o0~yS>^m$Z@xYR9 zZa3*5MbQ(G8q@mD^a{%`IB&6;G&s4ax?UDKt@%33LqPV{rKGa~Z*KQ_$w0Em^b#{| z{eWkMS;9lK1W6v6LOS7dN&7QH;n@o-fAYXcntr=WjV`tXhlUyV+Xyv$=hk!Fe0xCk zPZo?jJD9tWy1TOFDD0&ED2@ClFmNf)Zme(^vs-A8L$HK1QryiT2P_l%z>_i(y zY%7UE%}*K{y$sTm0xtzvxaxd%k!#ffsX+prbkAbrSPG;F zGuf>c;Y0G0^)VWlxraO40vDf$Bf0e~YU-1gml4nJl)AuGJm+Kl^biv;4zMe9=Z5Z; ziY&-asmN7Dkkpl6=BhbZJJ}8b#}Zv`gZTSi`0h9xB$x`cb8g#FbOTS zSCW5PN{=4=g|$A=L2+xKNs9 zZ;e!U*P8fHK{so;JA8XP!27hXM3CxyN#{dRHw|)=<##swczk_D&Du^(fSW}9!T@p~ zozqvsQ2@%Y(`Q89fsrKS@Up@ryYD(j0o3d>_+=T3i>U}er=xXZNad(O!e3{wGYP_D zK~U|&Xr+c$Ia9A^+Qw1xikq|!WaM=4?Ij8%8-r3*SEBT0u={+l0@u)MYF%2zO`8Btv}GW8-z4sXrdjd8 z*Mg00;!8xQXruI|Nr+(&xOBKk<78L475jhcP{{&*tr-i;e9{`yBl0^4ICp9_8()SO zT4FOZwhW*K>CpW@(%Sv}X8cqLAVc-nW?O0hXqxaP6xJsiY~W~MD{MYe|7e<4K`zkP zxd5c$&AcuHKV$q(z>btGnV#`!Dca39pPkBQvm}|f=N6Vz}qb3Nn#R)uQ=oEv+G^Z8r ze2F$iPZv*ryI-n#GNj_^SUZ!M^})iUrS5)?`^HIr^V(f=jS1<24K&qaTvYKY38{Sj zO#^1{vIhxGEjX!IJMkRBzw;UljkhV^$~{y;Wsmo-3nZcREgQaF!^lXfM?&O`scOC2yWFwx zC$Lcm9Y9C>Ras$&VFyawV@VrFoa}V!v|7@QB4fFbIiyXDgB#UvDMZ(<&9}J35n6d< zE{u;Gz@^Mp@vnq3W?>O_(f%w-4=%hZ6?h@>B|`XkEfxdem8=>5jkdaCaZ&sKsg@3} z!+aCf#u(K4w~_{ZTR_}HhebtcA#D*AUpRMil`HE?_$}qM6*gQlCTp>AFc(TA9!{#n zsiiHsDox)WMNn|1i7DRM-vF*~h+X<)axB_Iy{(;l(g(wf@JIei=(CZVW+@cxED(Uv zo1_aOZZJR#_;Fd++$mFvse?!^&y#!|L!%uKrxsH8^Zs?>;v7( zuDGngB2id{$x!q{ziQ9_vCZyOTN^Q71mKybfS0l{xoN^XD=;x)oII21V0ZjGPc=xn zY{uB%meTHKmTAeSvfQ$d*lsD{|P_##xY20F_wc%v8-D=;-H>0Qv2S zD`y~x7=QSJeX&AJ9M>or-r?Y_NE6_+D-jkDy)PCAgc~A6oiRcsfIOW&M|x$f$$3KK zlE-)nYpD?y?xTpdfg71VWTO?}Tt|FjP(q8-BDsNtMV8tq_j4wRI2-=iQ&Nt*-(*=+ zf|aqrIw%IsXmkuGzm7RbB!esq`le?bJwwmmHHCRh$t;QBBNO@w+oZ?dkH~90Q_3Wg z-F?K@n~NjS%naOl1NXqb9OjrJ_6_ITftGG8QFX&-0jRKwdab|4(v2W^T6EVnKOOQLByss9y=#B@>p z+-uY|>tbXelxlDBpk0f;f?;JHTPvEeZt8IUO~Jjk(Q_ZwMRf%Hvk>7WG2^|KR1J@a z9wx+iIwC)XOo{%03z3_c>GyP%;4Z2d6rQ9`s7h9IJ*#YnNF~#$P3%;v1D*NR3t07d z2@JHNuM&2EmynyJ+P19@*M_2Y#kL{5(_*U*{Sw%oZJG*3*CYDIPDCR%yc;C4cZ*QMV#*DeNm z`a2v~0jP9ie{*4{+;pQnJ{+&=1F}eBb!o_LFUWp?s+9xF`iZV)vsN|(|1}*(`kDRzVPhmeix7_;? zMc}hAsg`8UfX?2T*6xf}cU##$sSqgeU9RK07~N*%CUT?k`$(+x$klvp6c3Z-*2sOD zriAAAnf8v+36Z=Ajn}Pu(HUr0bb6!GQh|0tVWVdZI0#e7-?gFOjOrbRaYZ?7Z0}-E3jbVF=%>-+?02Nhap1v9D zOjI&ctiuYdEsYbLSO*iVsY(XsfdU~i*c8s^%>`t!>V!Q{AA?2-fz^OC=iU(u)B3KV@ z59RWb<;OfI)X_`k+rZ*%j{D@>fmc4KYeo^|?9TkbK)3L-gmg1f7JrI%qgJeU(P}gh z3pxE=Wmchx=$s|S9~uay8vrxzocOA41|P(8LJOPY0MYoc?rX+Kd_I+Xl*x zly-_3>@xLv<%1H;tFy_@xo7T9p zn?Hpa-=ET;N3!y{5`l!T>GVj?yiarb~FY0!oKNgUi$-rLltMp9$_;qi&s39w=vZL#)3yQ>iUkhEu7fxSslv zTm5Px)fb2zewGS9tojlRy*1#;{3g*iUjc|rSB&s?ra5l`wTrkB`cE+nW12g%WYjQ4 zX14!3W)j=RWV}r3<(BgnN{z|_yp}p7Zd1aKiv;myTo=D)eujR+xpt0x$M6>WYWb21 znd68d({$}m&46YKDa(AMBx@xGeP0u^AM`m88!^p5w2+~n0+wx*WF}ap_UTpM~**hYm^FuL+Y{Rq3NzBL17`T{ae)Mg9*ZGY>+a&z>uLe`` z^?oSZLgs)qpd7BYdRd4&xH5u)a8)O*RBwJW zpfTPJ3=?+C-{9E)f|LJ(lmCK~|ALeMf|LJ(lmCK~|5xCI{y-;ZgD^N?a#C@30z~qY zcHvzUB@Os&H$e+JA2YurZV^xEsGX+e27@Inl+y-H7N40@|op;4#`j% zOW`R8Y8TV8EA4Ha#(Xsx2V+tVY>ZZZd$O(-J{sJ-sIuxRF+aT6yXdXLDIVvQH5|32 zi^U*p=O*#cJ>#n>arWPeea6nJ6kez5!(IGf8=;FJ@|)O23xx#Q?}W>)TCD;~>6=*onhezJ!mA;jHQ_TYi2iHD<;)_MFu z(}Xz&Kc+{McY^)>V#({Im?Ko`SckAN9wklw3cBopIeGJn#6M-fqV}RbiAB3SB~_Bt z3zNW`>}Y}=MXL#IbRZ*U6mCe`-qCZhgg(^ZSlB4kY^UZDk1py%fU8M*57v-pRCd@H10f5&IK)Cs1Ff;3+3qVP;?G6P#<&_|65AZW zX>{sBq9s7daFh;F7pp*t)Xyz8RhFw7xDO(~{XO^8ue(^=W~S18ulov1*2>K?L|sX578tY;CTiHEd3t2y+Iynl4*{)mLxFh-5Ak zG6sU(rcRRL92o@%V$i$P=qJz?me=_BWyoqL_+x#7y&S8jj7(UKLoxEQA5DKTR#>7M z;c9Mi(9A>??hM3oWeoBwOYzQpg@>nTx();`Sk$Gqc;JVcLsTkZ+6gpf8{oeQ|Hs}k z_hQBrrgJ4ypBLv<$3O8taVq60v&&avt`$Yv`D6c?c`I#njtbW#(QL!66LBGty2_kl zTkR+4rHr8=Ur z#pvAA%K9QOo6QR0Wq)(^56DO-1sheADtMCCfAW(DKaXMj%B43}Kyg0@=+IYSkXY+2 zWBe#%J)VBqswj+ea<;t(f*M+He*jr{bLFx!yd-e>NwSu}?J#K8KX;5oo4RT8WlfTRv#4?l)-&Rjk5Y{f=%KfNJZttXMw;KD<-LDS|pL zML$``xdu!iV+K|s4~9ja=2^mso{I_rw7+_8T$QzGI+Q-^Sfv35+*_krxkA-A&NFY( zOjxLe{jU+MXGxyjWQ3|bibW24C?Bq%i%vYS;kC2`Lz1ZPy576_(T#~1XJW1n<0OtH z!jdLPUs?oC9R8j<{Hy{ee&}x_M&${6Vy8b{&1_E_3Re6QSJyw7V&a9LXU(GC)bz;a za_iLI=I52m&cbR44wm{7b!0Bhml>cT`M!O~wh%CHlSeK!gZaL>3A8ayjM!^}!;e-o ztgw}XAYfKkIywP2Pp;+H0}N=3X*3N=K;d^|t0u7*^$bq(w(y*TiJf(9v37=^$lUNp zL$A6yu~$2%O~D2$PoHuQq9|~r-#?xV05?bG8<-FGhWtL$%(IRyvX+@Preog$$^M?D z#V|i!Q2$wk$z9p+=s&AX&4KcukXV=ifc~PY>qB8Mfj=I3B}^u815u}fv2A9>lY~%| zHIkR=A}#h7`G8`12_P5AR)`Te3Qnrcjs?J;*B{M6Pn_kCyCTHkQp0c)3QbcFNad_w#WVwV!I^2IP0XoGb-!IKK7 zmKRs&F0wt&cz4tX_qQiv+aaCT0H~eML#YQ3Y9ioAfpf9DerPKG5wE~yT7R?VBFkV; zbeRa8|9l=FQSdZGw>6f9_5rOJ{kG1kPt48vWzt%t$@k0dqciC?>0k?~UmnrCwURIH zl$94K!#38|l7Q0m*1uGtt(=huV!_U?CAIMjNc$(6R~89K*T`yzcRA2tbifD|7tL8# z$nDrl-uXW)8N=r9e?{a*{+~ew;Ysy?)-k2)SKD2px=hNTL7=c}1LJ%TV zgn*9&U?v~))OpY}gR~rr9uKT7!V_E^)yr-%zqOZEL`tv{f+~;D6N1c!yFbipzsWZBc4)dy76$9epslR1BSrheNM3qB^Ao7*hjGvd%mpH?fhk zv}P93IZ54N{^ePnoY4o2tyNDI{FArQSC$oC|BL06S%cfTXAM1zdm@sY&^#@T{Et zbP$|0ZA1mWhUKJM+5~CKT7a&)U7NTz7rLbRz075fC1~;`W(~C`v(=SUVmcCdX_GCR z3=(V5IadwJ6mD>aU;oOGHD>lFUc)D{(J$He>9Y2O*$a>}xSD@>#ACKr{#&D5Z*l~y z-$y7lCI#XPgD&oi{x*Ik%0lUk2cpiYM?n)ZXve8g;P+Cu+AGhCGw`L2534@eC&}L$@ zG?R5ORmTe$7gHBGF^_}y5%IYHo}L;!2p&_)Hql|)_OVHKoi%--X>}RmOT81rG(@4` zbrx7!odzMp;P$-w8rM{2YF!h^kz=c|2tGjK<>e|RkSJ0-Y)wkM!Xuz{`tW4zmAL0=bvQjlp}6_1 z0P6~ZNt26dK2;ZY=sjUaz(eO1P!L(1S|;Mv9G0a-zNQCF+LGK}+;XN)uO*>j z`%M}noK23|_*1ix%ru!z9 z2mQ6KpN%}bwcgF+^F3tBZhRC_FA@O**lB3SPzFcgH_6VB25B2i5|`P<8kOL-?G)}y zv&#U@Dh3}#;fqE`>sW`%S&4+d%5Y=spWPU{%$3Gk5utLjO3%EBtptq}_h{Ktngs>n zRU}iB=q55`(*NQd9+-hbMdP^cLuf6p)lk`*fQU(QJ~_0qRKMPYZKfCci+_83`Fy0# zg6}Anl{`QLz34T|Mgg;texj+WQ+s!z58&xFX)dNRy(&se@^n~1bs6Hp%20RgueD&O znP4f-zNgfxl#1(SE}ST9AMma*{99#%qQ1`=+s_<;!L5R|zgP8wj5`6O!Ub!_+l#E& z^;mm*$je3Y__QZ1tn$ce$POrOAmBW|D%g6^J<;MD8Zx8-*GLEKYW`N~T3sulLJ5=)Xd@9TbE#R1a_coO7lQSNz`t< zdT(1inIcKIF*~#H%zJ#q78 z)H71#lhg8yW0X%1tiQejG}^3eGh<&4 zg)J_i-iL(Bzqs#u896yF=UEn6xIRRPjYVH_EQ@S;6K`?_0t$#qP7^2p78bHXBhwC; zkJJIgo)C*T7TThk1frPlWf!Zqfe(1}kvUsF27!6Uo<^`I3ZqMnegu6szQFiKCVA>w z?^*bT@ig1HMlfJGfxz^;vq@w>?p*(88>+*Xlp@lD%>m6HbAByPPgt}zC&D&ne+Y{h zlT@W^Ur94ylb{8F1?i%qk|D)~!*G^QpBJlv@BtOJI(UD0%8bL>Gq8!)wMTmulLrx? z^G|{QF#?nWPrt}Q*&r}QPW&6K9y~TO*u&Qt3%hyW`7vPp978B!#Y_7BRh+2u5Knr88b-k*3gpC1Zfi$bR?q!K=z#ZIDCBmSFl_LBEyVC!f zND|V)5g%5W1$43+!O#U%-kF(Z7@Du(z*Mo9U{u=2+{L+a#P7>F;Uu4LZqO?oSh3;j zZ&ttbD7{O4u+FxUDd!NYMiQ@v*a~C_3atA;@R?2!ezWvSJY&{>sSXS`f=wHr&qC28 zQ8XCiU80!l{T*~756pBQqdUBHODuJDgpw0n~@is+7OWmiqi;?-uI6lg5O3)%+ zc#=GG7C8&F{bD=teA$^z?`2mzMO{53Xc0nDo_lUmQ3WcpPTK6iCp55SkgfK~;d%G* z@g1Tt9t2R_jt6sx^NV=6NaWx9^wUjR5xuOxOZnTx!U+e8p$7&Kq573EDM`2oL5SI8 zqxrs{E^cgcyuUZ!?{=QIV;X$;Uf-WXWV3(rl6@{Y``@pyIA3n|FS;Q)-dsQC|FdoJ zdsh(K_W(NhpOB*C+j+tsosTs5+6$%G`^&vg`F&o`6OI%|!&31_MWRgv_BSys<(llU z%4frXKVpiDEoj7AT^*;_qLBJrg$PTo(6zfVK764*E3@WHT=6zFunn)%V!@c2S zIM{QT^zOl?27P1@WVA1H4O4E?`kX5x>qF+w7>rOZqdTMU{|G+Q=dT2>q-izbxqCx7 zn>!E){PT(}zS=30t9qI#?!Uac%Zml|B$5{bk_{CMlAR)}GJb?w_k9HDmD?rj|2k}#JbfL& zbYVcih1m(*4B9R|#AFf|BT+wMLcUlyh3;1ZOgVC~5grozK9}9Jx*RmE5 zD0tNLRpQt;H$N%kh?=CP32WRODW=$jIap+SSL_JWNFZoYrCjFLi@PifGzJP&n~9P zjS+R72%`svHpRLi&vJ~Rb=y^x;g~U=~Koj65t7} zCre16hQX~Zk-u{YuNlXQW*!S&QfOiQnfuR4ZuJ9+B{z;Mw5JAYB!N?2K#I=CS7e*V z4P2|7TP*zS3tv0hlD62he|l2H7mOh=ZgW>Pq&3xgl&8ISfc+R^wah1OX)a8ga8>EQ z=h_`9vP6 z7?+h2#A=>E)4Mnpogrgg94JSHOTiRO_DxR~i)AU+O;6Gd!)S)tRsyjKKa99b{j!v3 zO6gk{p^Drt+s5{(6UJN+uoU@$KipU@O*&u(KQZ)j#xY$D3KSP#e;3cX@E1yyx4T3> ztTjT%(iSXCA3QnVQY)N2XX#xFXKmqu#3l-vH}I{#fW&BJ}DXCx2$X(LyaSv|V1uHGfn1LaB zbgU1PQkuJ*TzEPWDLXbsrdXJSwXRVa+%VNrY_w0vVvr|cOA{^UwXV^mPqITE={4V5 zBAqP_UQZXQgtN8)i-lTYWe5GzO8cApDYy$*>eI~sLB#f#122mN&%gd)iu0VsVZuYn zUt?Dxn@XlU+LN<;Pn1NhVQL!aKB@(!=)4}AWbs5zyYLqb9!Ow>I!m~*xIZkmcau2u zoJj=OINA5-`sl7tUOyilpV2q_&)$4kOoyj=>d-&a?SnIa2JmWf{a1Xl(D_p&wkx)@ zk`1cYZ$^C+f7~T=ca@Pi;*n7kv8UktWPJO@{$FDDWPlKKPh5KUnKvmya9H%=%8e+>LjS(6y*~1SM=n?j-*-wbxZaq^)xB`*J~d1z&kbldSNs zjhC@5W>DWNWIMkV-Ds?7Wu1*^&#%|%VqIQ$K`m_C3l4uyeZQ;(gjVPasZ*&R zi6cvu8LA@?ol92cZ#7&d`3=2;sV~l0CW+CDeEeIwmasqLuxyCKOr~B(B;8Zoz7&JZ zkoWV~-s7nxSyxH4sOuV}#}o}>gs8qii-Y89BU8bIx&;q5(geBYUwnFQ(Fvm74LdW} z=@Cx??4Ov&5E?PJyCWjqpEq+*P?vatgjW!!uLKc{hoB(i^Y5`ydkU`Um}oqnFf6IM z98&P_-HrJX^?VPq+`ce&+Q^7&Eo`U|kZ8%2JXyJ&y+!}K*_cejJ68~Q5(G%>MCzVA zrsA0ifjxQ8D74>!+k8JRF%OSGB=Q*Y3_fj|v(t>_V!CZT0^L+pqng`}5Hdc(Q9+o$gG|Yd-ek>+P)0F4xbm%>}pbF%GxqoT=&R z?JTduKZL(hIbLWD87>kzh_^T|aCkKG#?0@~(e}FCLbVx*s`d;1;O22SA3cE8r(SXp z7)$o;_wU0&b%^q+$4j{=X-~}-(B*uc>&D=I-sgl&?Q14R_GDfA*k(`E+GcYT_??U5 zMw?kB!+$JS%nrEiA*!+?Guvgq1VSI5?CkWsUQD2Cf8ogl0GsrYf=_jSCBaO|(GO4U zk5}KB?Wr#*l1?sl8+F?5aB#Q+qN>5Kx3>iG{J8~zR63Qy5F2gIxUtMoipqiGMf&o= z;PZx4Bmw11pC>|mi#nRQ|2CQKa&y+&``-3`evF9we!dO6ex9ex%K7On)LfG?6Y=or z(JJB>c7LdNY%83=%}pc_2b85xs#6?ACSD(C@1{iT7y*LYfnXGLlqbUJ^h zx#J*x+thcsne*%RUH?0Oso1Zj^Io3qpa2K?*O_cQZEiL`X0%4PKk-G6wvJ(Y#G7z2 z;RU+!d@(XFnkW(spJ9@5F|83yYB1zq{ciD>LY#)y^XwxH%1Cc1nQl9TyWFEt ztA=toC?^`uy(x%jHVhfnoe!!O>TaY*5t3u1h?rWjBu79r{o)wSaCJ~0>M;StkSU=r zZxO(gk>Ibi!G_9~WQVaK|75?6MFV*|-B?F2NT-N9vyhK>_<H=JRhtd zy{v=5r@o9AHTb@J-%y-Hm3<;_S)~)K$}lKDuY2Fn6-n*zJ5h;}p92pg6&UuKj{vkk zzltx2M{kd%NCz!yzjT@o87N~h?BaT~FWRrNjeZAQ85hB{#ds)h_4sr6AloENUVi+_ zu8J|@Qmr-UK!5OJ9t^r@-zX?jNtFCppRPMfnO|@O@qt4X^=QH$-(5vtN!C@psos4X9 zclTiF&N$j9nngC<{krse5zAj_sy0B$LJNi(-z7{@OH5>VC4s8II(pKjP(fIKmr?n3 zxVTS5=TmB<8DsJ;f9j(t|6!bi`FS0&Z!`9`ZKK2e?Y!{)bUSTZepKD^W&7A>J&F^&zf_DKHWx0 z;|I{*sd|00Xxv}lA45EE{<2W2B%){N&x{kCC+60R16filr-r(?Rt`3Y_0JtU(eMri zlI?C#&SYxX)&1DbLZ_&{8GcRdTFP8CmJdwxU9GRJE(2bhuxs z%XM5}ngs?0$IQhC z9}y!(z?ZkgaR!C9iWm-hOQ8^EbZi6ymSb3_v1l^1EcZ z@TnVAKcDS=`?guv=ea}w+v91|^!t3jpzhmq=+(drKZZ zN0F3KQ-ub(0`E4{-6XJ{Jo2?S#>{T}sKEFptA#eo{};Gcn&}$WEe&jFZbcMeScvw3 zj2ZqvvGo`5vt~P?J3k*{Ke8l*iD5Lc9rXiQO^!E*vBC3yT4CVz{{-E?_#U9F8)!l7 z=gPnR)Sc(Gj%?)B=ujo9a%5oBnl(BR^>a0p^wcVw&@-F9$0z$+pL|NOw#eZ1TElLC z)N0(dI=lh*ZMlQbP*0SWR3oWpfeNlklm|B1-!o9u2EDTwA2pyB%4WOzE;>)nduyZ_!s%+h!^_~d#7ymd+mI6ARSougC^qveQyCC2fcTiU<={wKlcK3PmQ z&vph7IZ;f6+u_=>nu%>UGuuRuDtPrs(k2Y^(}dCKMd0Ie^z3}Y!6$whoUr#WQqR-P zDd(?F06Ac(N3IEJ~VB%4}e4(laKW(4_aMxwERuf$*@QQXrx zN|O|h0gUF6`!iQF1$$LU2E>IFW9LXwE`c2#h73~WU$<@8O{DpvQf%bW2{(TrIv3s!&tz_? zOtSMzX;^vehyoaxE_-0NJEy1WfbePkJ&z_4_D}aay@RppDdaZwocMUvjI0?4ZJ-u^ zlas^yH80%ghg^24lLYCRZz0LBzTW zM6|RyK3=bnhjv~|7^4Y}kCq{^(WLQR(UfGWCh`1Er}J)X$D2rObbT9?f^?>1;Q7yE zhfVf3=FyBp?P~Fq(u8^<(j45_Kw_)83WKqZ$9mQ>W7fo>z5!8kG*k@{itq<2d|mnv znDwcM)nsw*67et3NwbrEK-8Y|T zxFDyoE&*xy*dE`xb7=OS)G^}n$za?Z%LQN9_4y8C{DL-?2IW8Xf@b^7wGN!v$T;lEF*^^t74_*ODnPWv=DP+~I2$%9m+HGBK7 zw$23i+RB8nWos`5ItjAJ-}VZ0g=8dY?MHmZ-pi5*=(x(Gm zahWS@bI1wOIu3@*!Zh}j40of!p=nA7)w~7a*PE>~=$Lgp_q7-JstdUi*A7*b%l=vg zFg1M$_Gj{1_;=jF9J2P4BLn3!%WZA4Ll(lX8q0zs*E!~u3V!+XgGVK%9U9ryP4vOP zBc==}Ogjxrp4YJ>R0Hj98RsX7J#nfGr8`sQ#7HS{NsHq@qYRB|+Iw13SAQRw^Kg3A@8&MENku+gr$8mcvg= z->;edAf-4RA8_+zXN+@K=F|bMS)eZ}(548SG)uWUie$DZu~-pKS6-011e{%S z3^4uOITvM?;7RevA}3l|fQ{6UL`^iDRiQyU&$JZG2i#QsZ+fKwx%lHy*qH&7wJYCJIBx=zuZXX`J>l3~C-57r9AF}4Ck zQs@MPus%O4`-U^$x~N_(v_8X{RNFFVgP58o#fe$uam+`AP-i&)mGuQ~j1gBkyxL@t zdf2>L^6*A9gbXaY+)O&Q@pAMX4ekjaudSt1-6GtXwR}a=Xz*8ar7OX%Evu0fW%#!~ zE}(b#9%#<^CGBe_d2?t~yo4x=dGM+eJ{}Z8CHsJK_+C0K;nH$&>IL9jv=p-oHg52P z=kwZ|*TZJ7_Fv2%btL%x2eqEy-fERf;d`gGK+b3FI$lQUHuEkuRvOjcA&ZR737~3l&fr0(Qm{(&qibo-e^sD z(*v{y@5NF)1Aj6-1P9_@q~p}WGthj-7vhWMP8b#8QzTK#QUJ0N0G0SUd=)uIkDA$} zMkA?egWXU$d`|Tr^OvASrTP+z=+(DgG@;8cU33VQ*}K}YA#EnxI}}1^;S36)ala!` z@{yqcJ-XntWfHk@MEn_$BIEuv$kMYi+QI~pUx3PIMzw8vsR1+@)O+ z@y0~h$^%ps$y{z{FvV2>aOkl#+=pwechlxK(lk!@bcqza(8p(5p_N>F3eKF%n$$E* zsMB%)J*|udl|NgQ-!1-hXO>{1AceP+1H03I0p*)BT2JVH%5xiFg=K2AwQ?23=u46^ zOuCpztC^W(la2h z3G9=BG;=uCT}5`x`D;8i)3Kb6oyE$MeW+&!6itMipr7Xs9va$lvgIEF5cYj<4~jbh zst`FWFV?#@SRkYf!x+wDmg%T#mCdEYeO4r*<@%pt!pR9h@P|W3wu{;;PW=*n`a4CH zoMviT+ml`!XTnR@5C@Fs4z|5)aITe-9?P$w-)r2TP=6%vYq7NNJpZcDFpzKKYva#+HH#tZst1t+^G%^}Bnj8{H z`JJu1cA`ZYT=X4x6&u#@r4WZFW(;`ss0R^1)Fh(sIlbN$Jt0 z?g1g|#9^IGnxiA8Ss-}=frQ0NN(EnbEl;p~7s=mLJaWunghFAVI<1+>}@%=E? zwT>)b1&8XUpI;b=n(ef^c`!1~xt;?8Zy}MoV0>#R_D>-DWFPB7c5G33|GO*9hXO-? zpRC`QHTd^nh3gL1#XLg&ILYJ90Y254R{UuJK1)p%d`$! z>ePOy!LM&MPt{+amP@k+Zj0?j%^VsX=E27=S2Rdh`d+5rUaqMJj-h!RYSSQUmP><^f8O^&c{2ods2P`EIhuRF4anhHmB`zH7~9sU{r_Gh~<{*hdOE}+I8huzBr%X& zd~16$|4srY^wd)#W7>;a5wTcFz_rdkYj|BetK9eKis;8W=b(6?cb)PWW(A|l+um0_ zO6Q9!4Bn=2JnBwHmK6Jg<@>6Zlk57+?>dob_o$esh4-j^*CRfdiw_6Vq%ud94<>Ip zZ`{MKc)?D<5cx!k!yGaP=D-0_@6z|CK(--+b->upbafcoD!wooIb(EPP0-zVA#YIH znQvUV4~dg=idSTta@Q2)@R(59VaU?pr%Giv-VMXR4?o3kYy|8(hIM46lsKu-DTP!E@MSs+S5{n175)2}47{BoJj}VX}9;Q=W4+0ETsb^o*9VHiB|8~MP z#FnE$W#g;nRV6Q;rJkm*V=ElO!VkhK@{P=UVrzHS6g}3bsIq= zx3=W`Vw=wHAO1dCy?69nbxuqU-2|lpjI){iKISgUb4}kkDaH`sfI&QNPIQw^^EhF= z*yTq!xGyfhR%J41UU?4(Iqg=l`H=htD(abcw>cL&m~cTTb4LY<1w_J%7u}*u7c^`Y zv-g*D!m(9kk%eK}%)>LtUcF;%sVu(Cnnp`5_-G|svz8)PFlFy) z!#<>8v;5}#}wGf2l>BNrmIh!KJLLSaF+)%rE; zQwIwEjhP=OTIW0qg=c1X02@~zBUjMYjlx>NB9uaNb}K*s#n#`)D$TTeJ$uYZK{l~Z zAU(Q{UF0myo{af{xO?PqfuP{rlcAZErKLeDB`si-HIjZi(odPJP^t@u$}Q^ZdJSzWc6Z|M}*-(f-rVM{WN}P(Xw}$N&^K z9;o%FJRPfjBTNiStpz4-RA+w429nuc;-5AQFRHdaadE)$B`{F+CoJBi zJ>C$38S;%nRnzbbT%2_>IcWWyQ+Zrvb5rtALw`&jcmP&&Dc=UNcVAz zs@ef5YJWa?_47$dHCgyB*S;0LYpkM`jrGIhf6Bh@K|R}K2R0O&S%cGmynK7|;pI=S zrxzdoGavGY$C7#KyRT;7=)U@Lqx*-KXXhvH&Q2~*&fdO$cXIyPVCrgLz`RdU7(QLm zoX7uv^4;O##Pn{e)u)@~EE0Zj2@Ggov)1WKpM)6>-1-;u23f=F$h_73>!7^4WkPw^ zif2vN8rq8DAq_g%FhNRsK~xy)kv4wH*LM{Eoi$s3d5!PO=044Px3~rIyZx6$DFw=J zmG!=OGhKJG$cUo^BG;^$Ly~v3ho_A{40STe0ZmsranR|sf8Mnt)@h6?LmD9Wc6CL%_j&b3Z|i+tj-^RdvQnS@ z#~gA0^6O#%#o8!Xeideo^Cx=pO3c1nn^z_q$C*v7bNXMdj0$bp5DMu|GrfG9z8MC} zf6dFrI;Vw6J(_js9we!WDvBK9@wSCyF2ptRQrk3$a^q*{**v}>oCxflVkTs{XbO&z z!sn+MO9f|URb@d@G|EdB6jQb=!%Go`ew{ifLn4hq<$8Q>3T$7&W#Nda+?JA_Wt%iHmv+A3hp8)I5z3r^nXIq_&n6<(=h1pIjfZ`U!lSnl7eC2V8c#fo z!&4e=qzOzW;0IOlql~FKs$3@s4NRI@W0Qe6)2<{_vgr*)ib=`v#}98(K}K1Dqn3cL z#Fx^@@u-u95aGnk!e?F2L&H}Tg*`GrGdK$prX;;aPsM8rr=la0>t>a#4`1-_pFUkx ztoi;6FVB`a@ZvSH7{=0(7K0hP3aHx>@~(?4wt=&c-9qx8L>8;o%^qlI>M8`I6adkw zXTYievrYJ0_DF471YlCmFkRjNFd3ditWZokp(N1NsWKItEfbWdIN9{o#D%BMYEE-~1IgtbAg1 zL)o(PXtV3HpX)fSPaVhCa=K@4)0JTolDMV_1_14N9slq5!;1vpltjr&YJdG2n*@QG z!C){L%%htv610Nk5{cl66Un*WIF)T7^9Mncoyv@oKWzW7tA#~QUnxBPRVUtF^!Nv< zC!Ix${Qo$9)u%grl{wh$ng_d%Ob(ZR-Ph=6eYiUKYL2@)XO*cllBXZej>Xq{UGn`& ztjyj9?a^yTt0PT(=PMME63=-F?imvKjC=gFMMLNynWtDrb^xoF$Wh0SC__Xp|1Ri+ zC3mSYSTpQNtu8G~L7E7@)af_1sv_cB*(p&XsVq+Zt>>dqTfaq=d-};0x=lau0*ai7 zpuv?Fp8NDSM7+_h?odUzB-ZsLJcIwm@D&Q=k-Zy(e(p^XjyQdjQ#L`+Eq?wfLbT|U ziaSHow<7N!%Kxo)t4M#7crZ6HB{(Th&MJ?ch9})jXlgM&%4wC0f;EioX!27O|A9Wk zY3L(cIi}G?qd=`u>S>8FT@|B5nPC2%QN613Y3k zkRb3DM}aFGlfdTw;B6N~fr|*h0RotSDJJNNg9Apq%ZOnDl!qRGV}j5W1&sE9On5&* z;N<=J(ZL}Yc|HOz*IfBW$OShZn>=9?kAfRauD}QrkmMZ%UNFLBDnTG<42jEEuYXp^~ zE4alGn8I6;>p!B%=ofuJ03HFO8G!7` z699nP)o*TYdQd>w!(_ark=i;wIygKT9NHYxCm#YIQ3_OUWfxrD0vL+Z;iZp&4{!K1 ziP;cS>;-_!P%jui160lN6LT&S0%@Q;nwl&e02lyke*lgK7Wip@a5Q-K>y(2IB~h5g6lZBn5eh$kd}$_|Cz=ed2plPy5p4(CIz- zev3=rCxZL;gIhqtE1=!g*#xqu6pX!V6zCPfH(O4(llSL`gC6_L0N;|pB~oTcm%kJY zq2;LHj3=T$M44;=#qWA_KDhCc|3fu22cb9dr|X82kLH@8H|oPh(RpaS z=JBW5Pm%sVL4JtZO8#4`|G#+o{KfNJ{P)Y3kNW>Ae(s9nzY`XyiTxHq-^cJ0`760` zZF+j2B_&CL<&vP#hYkYPUo2n^)4oz7DW!{i6% zJkKnW-3MMIyI;W~F|SsZwoJs1y+*FyzJRC59X98ts}1qfDGnqW1-A;SzrDit#Z#<& zf6Q`D6XZ{Obh0IG<{G&n8ro1@hB6q2y{qUFk$|u7o`<)Zrc*0-ajfp&3n+sk7Cgsj zMa`!$fMev^m$#V@2C7u85)~ z{(1B4e%hbgYH@*yV#e#TqL?h@w#o27s9y1c@}_W%dd#e=rYl_VZ&I_#AMBa>@O~KT zd#6I`hmbKu0^ut8uj|e2FTeNgAOHCH(fz*r@nf&@@6Erzwl_Eb{@Qr-vSzJh0N=-uBU$#jfVDd?1! zzI1`M^8Vl!2^~wtBoqc^>P`jD$q32*?o%VQa||p$sZyVOEWHI)wHry(N}pU`2RStB zH{*X;(RCvC`DTo!A-gq)>vnT*ICkARB>U|1hdvt>!ep)E$;3hh4o>=2P1dz*rTe zO`2pWypoJmb6JEnt=iThR+)uubxK5|%t4Nk=(nnMeNRnq(i`XD=%#A_R;fUXsX0xP zf48satTg*yMPk3EcNLF&_&V(2UrC~|Wh4_5v)M`K_9{qe_S}q|o+aDYI_MS+*fLf< zBqe6mN|KpLevHR7bPBXU%c*oNOm;=A_fJ)20%7iroQnBI2>z0~|2)nXQk>jXF&{ z{2OGUG1Iq&IfM(F(R7<4rM0nJY^~%O(Vq#9LXqC9r~Zha9!xl;PqFVgx2YE93($5( zPX@gJkw?~eXx1Q6uunfwMC8=Rf2uc%Z<lIc$iZp0-$bmx-!3^q$8FND62Z%&DK z?fGbo4ygluRdco-5X$<`y>!jDDG&t~Cpb96m>EPCv(tONGWzbA^xYZuzhRNP z)9Y_5`tGhwEbM&C(st*;r0qAX8|pQ z@&!sIoXc69J_^Qca*oeA0U(oR<4qb}g3ZlM=(=;3GVRcU;-Yi*B+$=wm;9T|TDK@k z`Ir@8Sybp$+-^ul$bZnG3noR*ra_`HW=q&v2k%bT$I$0sg6L83&hvdwxd+s70zni< z#6d&xk?6ME{-+z$o)bnrFeUOrFrgwJwdZT7dfx8v4x7y|po$IG~yXiT$K$kl3@ zOl>qQ;G6cD((oF&HZDXoS+W}=g}#QZH$@D(kU?PiD%DRmElRdy<1##MlI=~yP~lr$ z3_A=0tkN;hjDYcN6&6ObMyQw|&5REXk(0lGX@nU6R9y0>Z?wu0D;mqdu=ehz+s%xg z1AIR8VZ^ZTf=wsEImcHhn28ou9a%FDTPSjL5Al6sVWugyY`td+*6hGe^0j&Hl+R2j zsq*hSUI{_+02)a~;trJ0K=PnH*RaC$4;e&a?~phR#F)*i5SMjbUd-PN@kckmRk)Dq zzRfl>&b4+GN;Z4!S4^>PUN^rQBHo>J7306PH;bm)AOX&-{2X4%vHkgC#)kQ8{gxAF zmSVs7YWPFO5b?Y)d*N@`AHK@BOqncXZ$lWZPe3j2=69v`m(bNrhegHZ9 zEtmf?xUC(`6&usF_K8nHQP_#ty=7ExafMfdG^tG^vp|bBnS@WP%ciejjT#$NW?Pzd zvG%t!Yw$&JuF)U!&2me%zny%Df@?JkB@C5-je_fh9?$4=O zXK^N=5c(F)Cs<=a?QLm%;fy%Z% zBdxQbXIHdl4ydwTGt6V*i4(owVFaWM0@%ZLQ^MHz| zRa--8GoRWhn^04o9TX&&82eWF($w&u9}jv*v@|ANUpyDZI8rSRoRdJ zDmOq0u5pMnh~HF?%=NX!Xv}-~3P_wzX}1{4>At=K{f_zlj@{ob z{60a-8wp)X+@${ksk9zSOuMR?Y$yv54E6`dT>sKbULPMd2(gx|&a21;K7v;isFZcu z%HrcO?SWH~q8vCAjQQao1n35lxC=aryX{#9$aQ5q3OOPQXcTfrMXt?{BDNaE?6|{U z{HE@+InBfoVN)FydIvCsm!9u257FK)vZ*Y0*t<4rSj2QqJ0Dwr+wJ|(+qSo@WSks* zV<$s#TGG94&{*ZwIK;H$r`uHHYcUMKL{hVt4A-rpVWG;JW~c2r)xfeC%|@rSZdSI` z!MWQeoV&|{Q%Q$*;8anB%Yt*KO*nU2g|k>@wm18^Xt#D@FOb*mt*~4q*>d<}r%gWI zSsov^C>M4YkqZ^f@Y%lc*aSz+mTFO~W+%}ml`4l4emxV2M2}G$6DH;APyWNQLn7D4 zP{2G#SeoA02AW0lczabh3dTyVX54oLhRbwmCtsvsWHmtu_)6@qvJ@0!7za- zzNei7vhs8v?ZGFH0m3d25#Jv9a7;QH~Ft{?r>)j#ZquO{(4vMs^?{7}$0O6kyv| z=vF_tLbnPw^Z#i$^;8!9rGaR0Dit=GkYI)#?3c~D$j!funU9GjhM-02d;^TOzJCJU zYebkwk!y=%r}TWF`bv$TEpXu9f}|Y~?YP+E&v76w^y1^mvnT3;O|(i*E%M&YqaegC zz{C|!?>7?^@Ww>+0mX%sI1GZ2;A_uCZtuyHb8(OB`M!b;Kp<v1vnZ{#9JC)3kK2j5)pY+5|^IxCKOSAMtGvC*Qc2w zMZXjyh=E`4$z!>E8!wIDpikvNzo#vX{85@$Qm=Z+P^SXs%;H0zz^0Fa>W{jhpIvtX zh&@pN@2y8Dn_*O4fwG`G70XcBRZr3QNVILXM%4iI+&sZF;bsW_&G$vcH=@8FpKTEn z5Fq3#29c)qVY+?TIn?h&}B zSwsaf=}&vAHpP(?E!sYc_G|`fOH$K*_+}q6sZ0M=c}l@ zb(UbR9h+wJc>hCu=L?BPk?xA`d)dNAh3$0)Owqjdk^v!C7-|u*`7%ze&r5=@R1AmM zc#>Dj$yV=GulGO{FwX~@TFWu>r^UO45pNsMpB`fmz%b+>#!pf~urB8vHSa~I62l{+ z(~a9{0INRC*`GUI*+Cs2XgCY#yY>AOwI6F2En(!Oz(pZJ4rIs$D$vjy0Vg5^1uT9- zftcO=eRC007)LEtrAWOHe5R)(`O-in|FWmSjdAh|zfjGFT)V8Xj^;=ar|>PO2?`jw zEuc(2Sv2pP#`hFm;?c_q)NMqf1dSA}w251;&n&$pcte6lg`*TSo141QSA1zCw$n~M zi_%$q8YlW)4b|m^kbIXLy49)R%Vc>oAXw7F4-OrK)&V)vdEPiu+Gg1z}#vKAs2TDOXmiP*zIbJUC~H zv8@_u9b#89&mnfpXZSi-gu^J6Q9Z|{l|$clE z6KFrvj?%&%k4d{i>CDeXi);~{)e}QqPXZr}p>qo;!$kP(d59oaI-uooR;_H=Dy}6H zWA2Q`Rag(?=jX;4v!l+($f9jNE8kxLAmJ4dY5Gxc?GYSI<%Xer?4CRU(vDPU5sFXt z4kiRSthf*5t|=HwT)v%@#1`zLSqWh4IW z$^N@Tkbca2`p5gTH<`zoF6*wkg)tn5D#?OwDo#4U0ye##?gHBu_w%+*5LXR8TK%2v zkCy)1p2E*I^QI{G0{Xs<2*LbJf`JX}8}QNk_%YyTv54+%+)Wq@hYohpJ=nM-$n`iI z3?t&-1M2+;?QPuge}*o;349FQd%%a;+qmQZ3>jw7zZVnDXN}#4Xz%04kJiSWdNkyZ z?)jsSAA^q;u&V9Eu~|qR%55DOl{OQK^l#_tRbntqJ(eniKJ_1)ZiI;iP!?Iu^q0Od zNWW_^RK_Zqvc-LhFhjXc3q_gq_2DX@xBvjc_sDR35ivSJ9KaIaAQWtGq63?EV3T}} z-uyj7)pl1YAxrdDE@DXrkLFJ#<-;j!0PzF?U((X?QHzt%l?bU z_`g;BNF#jg#qWwW1FV<@ETD|%g%|d*Q@|M##=3Xnv-Qc^M#6V!I_#Szg_6u+3dh)O z&)ns6sZdl;M(&e>x4iR&3~}2z@~~~X-gOJv(n{dU=at*soJKy_>~HTpk29|re{{QZ zCRJ;WuuRj)!5Hy>8`Miwnw{pknyNK1s$am!$58yb-P_*YNj*sjvXe@rw}gyxdg-j& znvu&wW;on7$(Bh$m}CHWXMC}|dCM&7oz@ohPUWKBQC$|TW<{#Kme*@C(`2eCdtosoO0?jF{iQHvn`)ml>HrvX{umH$r`#dVx2MrfPVu+v*i+>He!qiZdm{Vo>UrLdoXYa6uSzk)6OA z%ufZ@ z@4m{O|DQkKeLVlK;-}>NuUVkx`2PC<$hxU#U)#xB19UIFs`_piYQy$}N|T*)^XuDulK2Fcb$e@W%PU(c-k zEhObnPAt>nBMU(eo=#EVA{QK-ekeY|q<~tEdSh8FvfBw4LF>b5Ft`=>j*X}fh_V>sw^A;FQ5$iJ}1=% z{jUp26OofgWV7muF3v@?fUB=`vG3zZBtU~;gl+&u4h~$}1Ls)XBFQU%$RheW4FLdG z(Is-24{Qk`b&R3=6ZB!=pmdq1Ii~MuB$CiUf_!1WRchH?a!Z1Vt3tx~fJXc}pZ7-PHWZS&3dd`Yjgm2q9#Xy{C6p-m87@ z&bq%-lBnk~G^M|P|Hu7ZPcm}PH~66E1!Mlv@7sU$yb#nknqbN})85}%&-f@JP1K!r z|1q%cpLQ=AuzhhVs%&NV;zd>bxKu?62_AXAl3iEmmc~mX8$PLtn9pE~3ETI>2~2wH z<^~XM^hQqhc-*48NOP>V0b(Eug>Q?v>5e(|7DomL$4I@t=;nbm0j!}y3b9Q2r`ig0 z6}e?f)Y(ovZW3QoYAIKci3C)|)^ekTic!ql%i|IE^6g8k)#fK9^vm~-L4!5nJ{w=j>OZUks*WNWjc^3uL6m;zAUheOocI63t`3o{7 z>W$sT4a64XV|>N`WLnRbj*cENGq|2$m#bv|#1U{{kmMx(6d`h}FV(bX7QiDwCz!|( z2{Fjgsj1oRyKZJ@QxSJ6U6Iy7M1EbNhdMa&UBD36^KM19W~q`=6z`HExSfAluJ&^v zL+mDMmJ?Bir?!LrXd2MH0K4e5R*-mCN2kv?9Ium7P9mnnwgYTW5OhWGlMi4R_O4=L z^*p@Ao9*ejdX|6h;Aw~h6tK9FZ5%(!*dilR&d4E~+&r zDMPSG!kXM~-Nm}9kR|u`d^zL=$(>R*@41jUdOO&A4G4lRuu0WQG0(OlYg~`Ukr@qc z1H&tMa*i?mE%C*jLBgWX!V{arx!gg^G~qdB{+!&(OwANdLm%nWPg=Qbh0WsZ$q_{) z$4ZTfwtsN^fg&P%tDhc@cb>kgX^?<3ac;Jmw8n5MA>Ua?Di z{$jbcwgS`Wj3(*}u4h5Vmn&Q8YSUZsmu&~=#ttE+H<-Aue_xu445s_t2pzj0Q7D5j^ohd^sDD9 zNg+2@USg^(gUPg3u|6AgiUv}HS{4P$Pf^P!M1-D2YTk@MYwV5nIR`uqOU*cjwh^+W&87`+2|r=>NBhpSxoJ zzhV}s@diA_?wk0dpTtM&qi9Ja!~jK#kiu~aKYs||HS~NDm||oG6P--G;7n^wuj8y|b1tQsh^28f+vSAID_K5`f)Gi>2WommqC z!`Bf{w+hyP)#_#7%!hz!MAODCYd%7sL*y{zo?@5s z2YkG8_`5N!LhmVKhvi$Vx9KK4w}LSUKUK%7Z_Knmo`?vHnMy zt=vFuVK3C6$=a%3k)R-)F^?M7&FQU z4F3tIzRoX0)<+LS!F4lDLuS)bskIK0i}>C?Jq)gYgQQ64#+sm+^{Z!G;}2%I2UlbF zenu<}Oi6~X%;=`7kyn94DN(Z!!NmrBEw1znv{~x8=l~Kb0t^ZEeMD$a79%An#MEP$ z+|K$XgX30ppg38k6^Csk%1vfVw_-N6Z{buV{-V((WfrgmaF!;Jr7qw#jjh;;SefSe zE@>H`Z?S2(bqOg_S=_ebk$QY23s|;|BNj$+W7V#gY1kFrT9RW^DAn)DqLy>QpH3K6 zs1v!sn254dNN9mJWA(SUr5ghx%z!d zylc-#V{}LzDC0GBkw%Lk=)Mp9+cS*WThB-ImNGQ8p?^ zO0T;n%S)ufJcVpx$sFwI20D3Rs+q~?Qej_wAY+jgjb^SvOUy#6ml~&-vLm@cevtd) z|KiKF+2+KZFiy6F)PBzQ@m%rH#sWBXRGRG?c-{7#f8$F5%`(r`R+2xky*`u7xdlzT z`Lp~yr|(OCl1m-F1%ogBux+H**R?&Auxr!yGSfkP%27**)#kZ8aWhlBm#$a|4gU@X z0cKF;>dXQshnpaO+M|=L3C35JROj`H?wR;Q>GW2*sVy%DZE1PoOn^q1AX~iCQL1J#|MrpBHl&^YBwsa#*r5hlcLoSAdE!l?%L zC9QNFS$L9L@q#xCR%Ew)HEPjSZK&c9Yr4 z>ihGA3N*AQ(A&VVl`C9w#Ify&B0_DMAX}VNW%Wo^SbR&o77gQ0mCYe{B8u^fjS^{# zNWF2wBz(w`1`#xxVGoSEZ=kq#O$%4i3A>s8wg9x5F=vH&hP0V8ij4d@zbw9? z2@F-mL~?;Rt1>98-ku=L2@2P^OvS>4EiGCxKV=)8`Xo;8U|3^|s_&`w>(XwrT8x8d z(R?*zfktSEocwRRM%SN3fTftkqNzRaq#=n0MPJntDbo!FL(z9*HBgo)l(3^()HUKCJX!-v19qg zvBwaBesfQ=IPMt{6gWtxEuUq?LAryPvlS+&rg9c4;#BdgY%-&|k$MvQl^-7+9G(mg zEnr>CgnI^9>5yDCgLegSZ8=gF1hzdWT5k!SHuSIJnEZ-vMg7A99+BI4gQOZwcZ23< z`*Pm~zEWfACE93fqN8Ayt;t@Y*V1)qVOnc}=*oO|OVJ3D%sp|D+@(xjPGGImB<5AU ziXx)zy6EZ}qBESN8o(%XpCm^RF-nu~uF!3x3-PQ#&Qma740UY?mj|t9RMsscTlrT_ ziMFV?p8t-0R`1v{|Idum-$JRtYy3aAU%brtfA(L!e7^nY|GA2vD*w-!{64wj|3P0W zubIeCoqkQM9>fdAPr_X)ugXn8)#ZQEiE(#6TTkYtdvSMrGx!uN#f_l9&4qoZ7}9l! zm3j2(nct@;%{Fb_cCU*&Pe(7*w3AM1eXYHt%O!NK@Mv`GO+99nOA@o$vb|%>aldu% z7^TAIol3q%515=lU?d70u=!#;j+|{rM0Cp>U>?l>rNTm=+OSJ4^chc=BK!11`>U+% z@~a)sm?it5B-)blK{3|B>kVTHb8gNJ!j)icC7UAelS?nyx`cGX^)5#&b26U6CCJeF z{}*2l9O8vdToM}k+>r39#vECy*negO9tPJYhoInET4-y(dMnOAtMVf;Ay{WW5`)W2 z;ZMAFvTi4}kiC(swV8WK*7u@m?+tw{ito}}z9!4Bn>9H$cc_3T8Q_8<25fWzE-rF# zT%p@%s$27tRQf>lbUL@VYc>ssEDHU)yEnClxXu8b0`9E)5K=E-Xk2_(Ct$1zkEBNd zd-+_TWWd}z-!Tr&Nt?}dqkciz;-o?K9pIvvv)hnsTm@fRml*qc@k++1CIY@vWtI)t zGZgpd8m`{GVAkK~a#c!%#EYfMN#49zPL}8_mZJGkWXT+=j9xlU zWHzb!DkBeHm{K#TxWtb%ytUBe8zvUpZG+*<_@~ zh=k>5WYt9vUl$b#6ZNT*whlZ%gk@@;b*M8zvYMPVVJx&}ga0Uy6?4vy2fZU&UWiS> z*<*fE6OZ|{5G4tag2!~2R0t$N^pktmuKCs8pGjJV$|KHhp@#z1vik}kyAH@PSK0m5f#2H?dOMkPP@T9VAwnLh_{SQ1BIglJA zS!4`^XLZDn-Prl~1)l3pjoZ4D_^it=%JnVNC)LERHNO<*A6u3rpUgN5l zgje>Zc)O%Ty3L4~3(%~)>6_1$fJA=&Y%zz^j+jCiu?Z&Lf5fo8s~^OTy6MQ1V$H89 zBkoet-Dccx^zkKiuiVQz<>(2kV~1-*E-TysVCel!a1_Q}S=n%T`82>TqWqQaPd*kY zjV=DWr7xi#d2<%WnY0M{^YT|*2A7Hqm2QYVakFZnYb1XWX(Gjr%>N4ctnyPcllQ8Q z551{)A#!+&f3|!)77h=wA;`$FW_Ut;iZFxJiXA|pB#H5)8RyScd2iNDtNNaR2E9yL{qtIb$zqRMjp z4U@DESDVy1*6(KfOqNbP`)U7Ro|}LLLjP!XDvESP)yPhrtiGwbQ{S@np?HedX=7M7 zD;KbCL|K!^K z`V04U)B1}k_Gi)lm$@Z8YVVJmz@I>Se^|Bsp~|(cmu3&ckQOV`#$u&gDnCh1oz5uE zE7J3+jsutXmk)9RX-2p**m4JsbvQ1mTj8(Z%=CCzdfX=;4@>bT`rxOeuWK)Tz=PD| z32MO;)I&Q}e?>n<{{KpIYApny+W-I6^H;mOS^xi6ubw~p|F7bw#Q#5GftnD2INQ<+ z6f6Z)mA{*AQW*`T(>*m!awKsaoDYt@5pr&wdguRC>=>l}2Z{)79Cjdw+aDZ%koCOg z^tm$zF7UjYgHov;OQNx))9F9BmXAnd*F!PRf%)nDo`z`vTEaZrYgsJX^4RYnu7!*1 zOYRxij_7aD_gwy2P5zb4fNux!hjULxYVek(BHd@nM8xF`IJ?#)V9DV9llke~m}dZJ z3HNNTCD=E0G>N-!?-X7jD%a%bt*~82!SC6RZRX)j(rmR^cqyZ{Z|r6dRav{ua~}Vf z-G=;h^FD;1BL0g^{Pf0{&~#BWksRP4BK}(+j%hP7A-*|39>kwDPgEe;n@-LZzmpAfm_xY(j7}p5TaOVL5sK=5ToQW_a-K&7LL0+HLCjC}29WeS?C|ore2< z>$<-cU>6NlS-y+xtV;ky`*-_CC+CMJ`zHs7!#9V=hv$cUnBnQ!;oGDC+j}ZU`#&IG z8RKHG<)Z5?F5-cG1FVg^31i{V!7jSDo)-0f`r*8=YY{8oxZgBo%>I8qJU1!yf8ggs zqvJemtTDXGi3 zKK^U#(#Mxu=tbXsartVrgGR4jx-a@Kw;j0Mzx=^@1%Gfx+pk{yxa;oxc=>XR5@&0S zx2}GmTj7;RS0OFqD$_!5jP?2pA)A0p-BQ*#&nZuY<_T_*pgqfZ@oQ08y+o)n5F9T-_`RnCAnvjP^R4 ziW7`=bq~G(kz>Nf;OR%}pxs$hLukCva?187& z&i1zT6#N0cd?|eWT)s{dSu{yzuo&(8Zi87VW1Y8N;L(ZTo%;e#yZ{#>O-JJ`F8(^Z z%b8LoC2R;9FdROL8cut2mLy$r%X=l#$P_yUAc+AJ#FI;)#}8xry*Q9r8Mp{40ZM5n22gsuz0RhXz79b& z%_6!*4UfbmemP)20HE?r+Q*ruf^@DgIR2$Oaibl)RKkEdtq{tzlM;~8%*4ytjMj6TRn6R=LSiT=c~V7DV+rhJtnGd7{WQmY>BeD zC>?j1@B*9YQ=RC`?MT7`XBD+p+vg<$lK*ZdC;+)Z_k^Zd#v!XKpgPY^mbp4wqung) zb6B)dnb%jjW~rN}o>{;=zS>%`lc4~i$g?m8)sEy1-V&S&xlk}Sjw7n7xg-Fts?v#% z@l_NSsQF^o)!S{!HfNA==E@K0VkqddNBMa>SNfr!Dg7Y3npwal{m);1Io<~Nd=MD8 z`+hiqC(#sa?j~of)OK`gd{Vb6;_k~Xh0P8NZiM6S_cCKIa>@HA)&30eu;$vHrKjC8 zIG}Ck_#y|JHQJt<__ZgXKTO%?)LL(LQ=HNVdi;MSyG*rUDa;QKsb46Q9#4Qp{tl9V z?3>uR?9b}(pk4UXg-V$lWzwqBJt=P1t#wo2%nY829P+~n3|t=((D^&)93Pz=p1gkw z4$sbH!&H;_MnRhD4*9#+V6)Tj0_->uA;<-g0iTPz&W@E_QzaGaz{PjKte`PL&}S2V z8Ug6D$3TDs`#*?aE{Ht#l!8b|7r-!ZJ?JY#AMJ_jCF!XE12BPMhypOe1WaLY3kZS~ z2NYaJ4BQ|Ppld|H4Gb7y6ORIwq@H2m5J)EgQs6PsnY=h;@CpGJ-vr@S8p$n+TBC!&{4JH)zL^nqPWeB>@z`rBPzzy`6fQ?O%cC6roi_D*qaQ6_n zbG&=8A@m>66E`OOLrpD)`GJif=-zVb${T_La@ulj0o&#s+x%>2%U8GYm4F8Ji*S- z_BRucvkZw)2HUd_CnrZIKfea=aNsd4?z}l@A3_%jTnGDuV<1lc5~~k`!?VHg&C%Ij zLFoufUpNHlW+-5!MCx`zS^8WTZJL-uy0>A$b>;PDuJKpx* z0)M27QK&ww&Yk}H{+Vv8n(!led28Kj$f4n4x&_|6R&rZ5S_ceT||ug zRLi$V$A^2WB8DtAA-=v(YGGu`Ovok@e&O5H$?UqK)!E_x8_{Su_;7G=I2i10t6{$b zX9&7d_FUeIf1d#R^}HDFO3_?dL{n>RwwQ{Tc$*m5y1iTf(RM+cBwAJ z-C*3q))v^hx4?hxWxAcMU*$0(w*O!()=H|Dh!hB^sRao&_Bwa*@2~9*dVisAzPQH3 zH%v%n~YB*+z%gR}j2_TZO&`$d1p%B!y3t{z3}BtwE|lbCYNr|@grF&ObFn*$ zEnjZvRGJ0jgU|$0!09s<7k2u)Vt~Qk9{9d+$nT3_*PJCpG0O9mm1_GP-_~zD-{+eV z-xg&^Ghg{5k5C3g0JIm3Q(wu4r3@m2rqc`(PkiRv+{9PCPXVE*RocFMdJ`h)kGTNL zQA%y#uR-T7Gf0MrMdGxdX(5hasb_{PkTY?DZ}@De8Q_e^K}t1}@0PhPQzPUir{Zn1 zHEB#-NncH-Ez)X6)tsgJZ)L_(8bW@pxn)8;^@XuNcQ(@skKSeE>w7D;>)c!2a`wqV z_8r()+O{Eu2y&kRiUE#T7|G2W6L0JV&<9gQDI6oA#T8GRL{)a@lx|y`@)-e^p?w|Y zvvfBQRV=31>sh=;zzvtDg8khTf{-QqZJI>J_S<0M+L*K$53bjPzkyDo;3X=hsmZ2# z{qO$cpW|A{_k2V-u;NgWpqQ{gEIZf1Q>%MO7P~YxM^~qOue^MMTk3hda(Q0s`n&5+NV2kF`_C~hVR zDgcO)-E>F5J_j8Q1mJ5^)F2MPUv|J30B^3q(>uX~ptE!TwEILtZ*}feC)$j7mnCHZ zLL3&LfRS-M@)jfMOd6Tc=TL6YMF6irP`|xaV(X27z9Uj<9t3=b1Q`VGPo(p?LHMoC zT|A%nPhy?1x*gd0pCknIuM)q`-@7q&v{EC8vz;e}BW{=YY)bi{+2|RV!dvlN=*046 zh={OS;*Cp3y&rWCbSd&fraVLy-!rqI%b{vS) zuKZcu223)Tv6$seDr?cDn#Rh#3@hZv2Q!<2yw3df!%v52Cx_>U0~tjq-|Sp~i_`aS zhVReb9G&bR?{)6XFTeZld;9(ZSU;V;|Ml=}cy#jS@c;HM(C3hVj`0=v3+P{1G6}%@ zleb4d?}@v{crT7=d<&<(_9z%27KPfbBR0PaaN&e9+UOEeq&O%2H5Y4gjC(74VO<&7 z758$ce%WWo2vRoO*%|H*w`VC7xbQRy{I&2hY$^Qtci;pwnZaR%3DD4j>z$q6Zg2Z9 z7vO?~SHM=(G3fy`j;6IN##;r5@(+xu6Q_B-U!wnvyuAp?pXMqcR=^9qix;2`kAP)XF<>7}`y;aA>=e9%14$Rd-RYhhwxa?*sc za6#mLIX^#rP}~e03j9ZwwH%WorO>(Bzkvh=h|+?SZ|jTo3_4dJ9#Q#8{pGW9eSWro z@atY@Gn-h&fes=JY>_C4y)Y7kRL{d(=}Ny_4(vH3PRU~b0-o-hNl#ycpAaO7fTx{J zj!^TC8NNb67g*Xz*10qG1}*-7c|SP6e_i{og}^ z7`v5mDLO!SBMBwG22Vd)SLpVm_4+CJ0=VdVO1FC7Td#rjar5_oS$}-|%g1i-`>l`t zt*6}!ut`5fm@6pqpJG!NXcDp%6JdyNS5DB5>jf+)?zwe&WqxH2;}ockuKq0Yth22Y_^6lYqd zDo{hXmpF?0A~k%H;oB0Mg_Um*Bj@U->2Ko?G}v;MP9YKF$JkhT@G4EnO13BBFcx&j zM}zajlf$#U4SJy$qmI-_od_&FK^Cx}oEocQ)~pZ{W+jpR8co_0wCVBJ+Kwg?E5#7; zg`Hi+1q+=o&kfpxF-3( z$<_y4;wx`^-7LE_bz6?cv*gd;pifN)`7(gY2i*gko6vRhFE;xz#2Jtl<;ndwza5^P z9}N!Q@HyRo^XBYuFgP6SZSs913PVKF%O;hW%LoQmc?^z(K;y)de!H8E(oN)MLvSqb zB}Lp6Be%mlsqPd0KE;GphP|hTN1s+Se7}TJ@lI0NVG;P5v==jUmYVVUnC8v|(}qfW zGSV-Yvi}{tKPlcp(hE^Rp8+ec%tK?V(@}C9wsdNdk@xvrr6+F^N*OXTe1nKtdZBoZ zGhJI&Nn%&@DF=pSm4mpKEP5+RM4(5`j9QjScrigD(-95N58s_0@1Gxrq(AOw+i?rFl{x{xC^hHH z5v-}ZM77*B13YTwOVG;sS-Fu?ZVBK*fBPc0^MP$e3y7(=7)P_R!@u zHH`6H;s#AF3H1YxuzYfbZuNsJbZaSOjsMT+;TzLxCPo^FoBxCTQ^+PQ@KP&Ov*y9S zdi`s;mpwMEjTq=42*sH*chb(C736`sE#)MuDY&BdV!fn;K67#+nO}^Beko9LG38{O z%FC&{Nu9nR1WgPN$;XTBF$ls|_m{lJ+K98#8f>anzvws=zuoDY=8MeHD{i&BQXY;q z{8Xm06o!c@qh3yxFWS25tI`%Csn)WIAzmm75!CFIXr4MO>j6M2I5}#NlJj0^hoy(T z6qC%-VbM|4T*p!l4PUKNzNvJE$=InAm*DQE%$<>AF=?dKj0X^mTgtF$>drELJYHGP zi>m1Iz}&8WuJw{%&d*Oz31-;A{@QHNVx>NmiaxuBE}X|^Q`2Yad$z7;n0!%CZB6EU zW+irmzTVmrOP>EnubtioeZAo}+3YG-K+SGqWW<{eqS46v z46I&ab5bb*q(ay&x{#2}ZkTeHSp~hg{6T;c{^=pAT6EuZqXzWo&Zr5N{NPvg} zXeMf9aG8a06`z)`85qZr(8T(bJJn}Pe<%&0piF_;-(I$TqBNS#7CBF~9foYt5IISd zt0jvk#$EUrx<5f522N7_zm4c+L7f$ZFSmNOnJGqj$}vbN(q_nVeP?CrXKfU=!KPN4 zx4Q|i)X%&Ms6LRVyCWe0qD$YSlM~F&5Oi<%wQbLmoNhTr+Y=lJse*iwg`?3tDu1B? zmlqOUI!L~6U;?I=7M$Jr>rFiL0p{^%p`WVrKNp3UN)#?)1E@a#_n+_fx6|kUo$cKh zyN~DpRs2++|FbMmV*@xg_D;3Utj`s4Q5m%O+QX=VR`gnvLpNJ#ax#7Gk_C!yIlwY$ zK97UJ0!h>2%k7gv+t*NW*8#0kk23X&^={lPEMX=Um1aI5Gw3D>#gpJ^HIzkA=*G4q zr6QP1Dpk=(?cL1)Txj<<#*~Y+DwrVlMHcSH4V;y;OZpk;c>H7G@H}8B1e=?Q=eYdm zi@b$x(!Xlj|B`m|4zU{)6a#E_yU^6_33R-YgHXZ2O5uO?40NtdulMA(x8Q_ia*_GI za|Jrr?fD(@Z;a(zaG(|*sRC?G*>&&}Sj?MzL5BcElXBTfGk51BK z$-DKE3x9RfUdM)({?2v-+Jk;LfxUFLjtQnrUA}Ag<1$m8J1|9F-RgUyL%_|qU3h_XO&S=|DaoCJBE9c^7YMo{q?8thMSTvODOnIkJ zUCyPLpd;w}m(aO7H7HSHwTq$1#eOJ5UbE}d2eT8#Yf(UDi{&W!A#X5D+x}wAQ}#h+ zRBUBp1MDI`S}cOn^I}$&&q~Kuec)$d_>$ZWe zIG>tF249rHvv+xqtiFb=mQ)P2c3!PE(Jlv)Oek}V5_|hOm6-%hfE|AvhR;% zHIwA3P+1dG=3jY_S76?&jMY_*v<%_g-R5Fxp8iq8@puinx}U21KQ3=M`!3i2x8L91 z-pTp@zUn{T|E=Pu=KjxMfttI&6SX!_V zdeGUm{aEJ|w_k-iZaeoPue(pD-Ro*3YI~Tug+8%v$sfA z{m9|`v6Z_}` zb9~l6sgeJYcCgXWAV!`$($78g|D$BO&X>B#y2S_GSCEGXADY z(5Jxc$=c1UwV*zb9@L6L6Ho8jM6oJ}+7D)3q8?Msi&^akMhs8+n>429_=+FN$~vj| z=uts<{K@}R?Efm8&C>V(=ezwEx&8m;&Kg+$fa=&{lW}W)FCjGxuCA053Eq6sJ6Dm@zohl5hI>MV>48o7)c`j3uEC< zMdm8;UYWU)EI^q^EKD9U>0?pW5(5wBQUnnAc#dd1pU1uaci znrms=dNe^|Ei!AznNQ6&SjNEwVJc#U3zY9zwm!V_-8fu!UGm2itWP;?w~-~WO%5sO zQ9`Vrr2DMrrYU63BtwVV^o5qJW^TbS%)~A><$-2Lu6+MqKp6}Q83J^b1MA~SWo18w z`oFmPTTJISf2#HWofpq{o@ey`7u&nfANBuL{FLbbml!k32nQ5hwkO8Tr>`zhR`vm43aTjl4%1+tRf|b z_Y8EzQj{PRofLTo@gg}FIdDYX)Hth&NGhT|YdR$r50@J5gQFG-WatGYBL@?&AV!um zGuab-$VlmtT}Ub`@O&V^Lj-ZHcR@iU25gCH!ndn|1ZtIH(;|8`T;1D7jo&564kW;9 zjl4!kYa_<&xM;M*4HngM?UGoqamOwiwMzWMPf;pIJ}f8wGGQeFct$kmT)t@ay1H1g$! zEpbbsBtbVo?4~hV{>hH!R_w4Fi6?Z@yL{mgO$ErMgw7EU0 zV}~{JF=Q{FTMu?K(vtjPB zC?j4l)?n3Ge7xWq`ko8^-v|cGW49nS0m*IvCO|`|EJ0v%<_ig*fKmM}$u_u1H+kW=)zWevht1r_p@4o!}<^0R(mtVav@4PQRdtc7IFQ;Dj z@12YJaCr?jKIO@f;$!}9pbilX4-v$)fEI0H#G4TmfWeKhPh$zL6tfU-l^eVEw$a$m~7 zExw9?HMPKYZ+p8BtSbv__P4iVLR;_D1M}I>$usludFrwG<}~}peEF*<-tIh4#*|N< z|M23~%Vbdb@YU|C=lvgy#^>_+k3YWX_h0V3dS!faDqi(>Ui|Rmk3Vj|{Nee|%jCnZ zV%Mx!O%i^R&svSIg!RjqzTWvx@|rr(mpgO1NgsUCqM@5x^BsIuvs$CzD!?}Z;NYs2 zDp+p8cqhrcdc8^D+uL!7+H8jJBFawr_Op_0#~}R9QkPa{M=caG)y!1LEjyf{3b-XD z7t`$vxvN7NG3w%3mRRI`dGi&`S1@0$d|`_9CzhO8Vq!hLrwB;s##4Q zWd_*;9dCw}bvJ*Obzwl^L)!g@@w@|rh_;?ZcZbAl-rTawX}@w$@6{hK{(|3 z*T^ByXXKFQOW=?!qww9Mw{0@Ya(Rb&Q#2GR&6|k8j4#6yS%)iq?_ii*&|0)W5$EXh zy?*m$c0UzwCKlM-eVN;9`8!k5CEnNzpf7elfl`6_Y18;N{w2EuiI1(4OUm4VR1;LG zxf+a$V{Wl>zh zyqBEF=Q}Y6`Lnm(Z(>cj_}Av-%k&HFmZB~`T5s$N?FB^ykV|b(xlpJ-H--4qf{~L_ zD^XfL=+j}$*#*mUW!@I;Ixq>*t0!$ZQ1-hRC^uS`>}_1cUBL!6H(l>qLR2K8Gqcl@ zP7}C@*i#sIql{x@=$mv&U;d}#q*7GTT^Y5@VjdTr7J6X|jP#<&XcgWFq)f2C{~Sztl&dF!(s3|zA$0ow%}`X8ei&4w2=0a0(t@(kFhf+Ce$eU-aVik&h<*si1iFRBlI7l$Y0t3icNPpoDnlX- zYL!M5wimxxcMT;kH%c#}&}WY_FBnU*WiO-5BNGf<)!zbH8I$39G(=8MM-ldn2*Iih zjdS>dHXCw|wUQjXY9jnQ&~-ho=0RVtn&YI-Z^nT>>j+y=Y__bsqU48VBk#@Bb209G z5#a!-Q~^esKchh;lES7N9^XC74H$xTiGLarNGvw zzFw?<`b*s>YKL9wUSS+m7TP32?4D~3{IcyKKUnd;kngM*!ve9JitP`v>w1(#A(uy& zkvkR}M0>d$78jOziYz&SYC^L%vq>yZqVJn|;u?wdjw8~*yo2Gv1UXkUnl2}jrP=z* z0h1tPaII{WPE6sb53C}L=3blC$*bq&;^t#k5@cCvBWr{5R}JQ?wGbr882p ztx_YIT@ogXLgLb_`vW|k;vh!9@fb}Oo(7~U5x#2E&A*z-bXISCp~xX(?`hifB$La$ z_hOr$bExfmBjnsVK0h4jx$FWeY*+&Zm(cNr4^rVpE5BA*0p|=BRoc z;w4mraeYs6+=Oe5R9bngE+Iv>qmqENiH`_Id*d}qK2!wQGGJo`uycupe91`HD<_pt_P97~cnmTGhytO8|i zj;U9DmE*t2mRUsNNCT&0VCM=`5KQC<2L?6rqMt9Y5$;`d_|yhwSNN%3J^^?HCbhZ zqrm<3hk?LK@<3jPH(W@rg%Ygi(VU41q^AUpyw9L>EiO>APVd%Lbct*jdNy<%MEMij zs)HqS$Z9(49u;-9eX$+5{X#)aUSLjyIp@1UtmF`+M zNQRmLbr;_RH;}mdr$>#H*rw2zPNR|fcOid_d{L58zZo^0x`{FW$sDoO@w!F9Q?5I$ zz|PgkM#QP)dSoCLHfWZBes)_x;b~8(biI(zB0m)<3gyptX%HJhnCIc(Ol>^{#REmvWLHt~f(c;HZ^MR0c#Wn+@|{p6M6tuh_@!ve z4@T%y3Jfd20aD4=QqQxZWW}V?p))2(u@so++Nvd0b0JC8e8PW5EXCNrB*QkI`66?) zB&V$!+w%yUm6LpyZP%jSf6%cv^%~vwr${VIi1ZG89L0~IGeHCIKLrbJ(?uvez~Suz zlNuK-X)LUkKf5#DTndr2n(Iqp0h;M{Q3KcN<)Q+k$_OEwEOfPKi9Yh`f96&x)ocqf zXG@cy@r_f>NU4jp^l)q%Zq0M=Rx@J31!a2NYe=??yU=zZpi{Oxx1YC zozUjHa46#HW_JzEs?yKG}mhWFdSZ^@18-1z?3GQK~Si;1;<>H+Pf97wH-25^=Ad z-kOS$Yr2J+*e%0)Rk*3F$zGbRt;z&={2w%g9v-4=6r}P8d=ul28Ax&1hm0F2g9?&!TS$q z2ZtB3>|#i~YtKhxj}l>To9`L%YmsW?Sv5A9<3WU)2JCH`n>w+Ho_?wShY3gXc`8V^$p zd+AvklNn75yAPiGvsZLw!spPUh}p_EV&izCtHb=po?DW{F_ZAA6BV}X7qndQURI2D z?bcSxXh+#Sui+OAj>|T-cw5uJTsRYa6Mzl(^@a=VGf-^2x{y@olk~VZG#3f0*(fd) z&t0V2U6jq_JiA2^cFWp2iUm!hO(Ho=oaFq}RvX5rWK^O5XBxp?tgxkaBIy}h8>cr& zcV^VZn)%xVkfJJD9HG+S+tQw@ZfRraBG0X^02s@v4GQ8J1_XVIJc1}lMq?OUB0xjr zcq0$F7a4{qvuBK(Pu55(&JR6R3XGzO8qYFOS#+wVX}sVx>9OXVq}hrA7`xTdmD-dU z^XpS)3&MrIX^TTT&}Y5u4s>$S1r{XZ*ljeetT6&ZV4=?*1KSojKRkQ)SAaev2Z$4) z44R@_CWc$;K6J~RW;y{I6#O^1fgS^$|GJo&O;o|4w}Wn>9i)MJ7as_--&WhdA63t~ znOTX-nTYya?A%4GiDA+jZ7q{uv~#h)0*%_7wACA7>TaRdY!~}>T|1XuLt%dVO~x(E z;Y?yLXwZ4y*r4;g*r4MmR-MNYR52}Sc9v{Mb zSG^@xD^?G6mbqvqs4sG-oC|TvX`uJ7!~{LPay2wll#cfb>m9@ApeM>6Qf{VXVChuBx>fxN# zN)5!FgZC$IkAD7ewtxQqY&bYLJ32iFR_D&F+;MO5C%=C9>G162@ceKvJbC{nev?>> zyTC%hbrUl$39k-=>)&9h!|6;3#!^oT(9tC>8VTdnZcQh%7~s@z+Q zc~gWVrcz^-x{Gz3shfVe)7A>-u!l(Y{%`CBzyg*SZw`~9%sR)FL4K}r43`FlC$O)< zh6^?**!iFT?t?FYA{TtL=+?iI$Y@(oY=eT%rVAPBz6M(#Ek0KWfvu2WXRE(8a<}?_ z6<}C78paq2(l5(QRv?Vl#XKg8fCkXtcdrp)9!2}EOAw`*8bm#D9_?(J>SMRbo_nPF ze}kvcD=JTtIWpu|es$ie*$!Ln)DU{G<5a_AOdRP~bC{V$*r%#IX1goAShbAw1x>Pg zVaf&!l4fy9{EXNvfGIwK)?!;An6roqC~d016orO2i_|`b$kYo&BEz2vbkHdxp73TA zLMOf_-rOlDOPrOApL6LTwqjcGlVCnyiWL$xV7M;h;R92WAe%}cAC8WaPQ_Fdu40_X zQFu!5WgQnUh0=xBP;%q_7{u=>V!%em1=ZQ%;KT9xUT4#Zh!1R=dOivmux;V@YF`0+ z3SRJC)7qe~x3)Iu)^&eN9=f&&g6^%=ZDM?a?$is;j|T@4@!$GzT(A8#>{D+Vznq_+ zo)XNkgZ;Mp-VePGXU7dZ^;#rx zxX`>S;7`8*=4R*=LoCeE>E0G%>2z0BJe_4O5?)<^3r)uha3NNQ!DhA%wE}IE(6OQG zl0B{#x)&8X_GT`fQICX9FT{i;mG>IE5YK*Nwa!k%)i=_sHUF6>i`kRnHo7onw;_U* za{j;t$0X|#D+w^>eCXh7L~e&u?4qH%^t@2VKTS(jaxK6v>K40;ih~u`9gMS5CIbeeKzS{G}^?U{vul6zV3a`NQ9m)xSyvfSSkO~#)xM9 zWegazh|)|?#j=z};;y+)mS+0Oel@FT&U9BUo69VEh0M$aX_d%K+6tN5?w7cEU;pUJqVtUu_p+&xa<6g^A+G$R1Bea3A}DO4*T_xZPn>eJp4 zEq6xO{TI1Ht<6lt)+<31d!zS*2vWi~h@^=sH~h?O=>`?^)2e^P+K|nfFcvoAU*51~ z_7z>u$Gu!t{sx(sQ{<6%oAT}z99_Xi%qv>9%)PSD`PlbY{_Qu&zk()@4BV7~N$50U z-^?*FL!322h&mHAg#?W~%E)aa+~g-`>XVk&Xr}Y|7V99@$v3!aC6(5E*~SjZtBbZ= zdEnTeH*&0aQ8cuL8EfM@WkOnBklBjEJIj||BbGt2j;o?(h}!YJ`wi<|YFFzPv& z@DHYFDnQIPl5cv+FjM$BXZ^}^VpRuTP@1)+93_H2MTjm9DK99ip)|WIQHvfXX>RR0sT*rcqd!te7&M5N>cAM zOu3WBEsipvkotB+kx03-oCu1{{1;xb%)p4oCXl-lnxUJ_w`-WU=c@~(G?s~-X1CQw zHD;My7q)qbOU*KAT6x#Gid`x3-(I6V36u1`WEMB?HrujtCC*p7W0_JUp;bXl?K%{4 zUyI1z$JpKW&6_DMtS>D87{NQ6o~XIXc1$@sOA3?1m6=l~XZ*4xrO6ZqaEwS^d9-ne zL|~dd#V*_#{SD95SPC{x6U=gHd7c6fZaKS;-=TKVY#O_KfgmDEHo62`L_)RJ_&Fcl^T^ffz|}t)^YX~s^YM1s0lOK8>#vu@;sjC7AN*Su`o?gQ z?lbcwpX7hSslQJMyw%;ex$|YI`AEox2|05{g-2SJr>9seV^e)A6W?(?m>lyM&6ji*i4hg~JH8`IjppgOBG9L@r+@M|H zQ4nC@<6w*kpivlN!jKC-2Im++$3Y#_c+U4d<-m(YT40U1)i55igfCrcE7IUwEi@4d@OhS*_-WkAQF@;r7yu;r zLlR|6wv$Rdr?Dsy7z_r3`GpzvUOyYJ2KMdg)EF<Tm z200P)--4Y^DiNnFpx)F$&MA&@5Rkyh(MSz!Lbud|H9D0`F)!RGSAfaXiC!~HUO=8} z;yCp;e-%M4rW728OaL%<7~~-La-}PMsbo!K;$8A&l66~Of2_yQ=B}X`YK|+&(UO}p zH|fKST~{+v#9gk9o|ejxEnfM&2W&|;lz(f%NMP$fO@g4WoF=oi>1UB} z!+c_$iOY<7V!c|2jSYvAK&DHMa*(~YV1Ov547OK*Iag#~c^nm+$#n=wT%W_{FmJ!P zP@>4^o>bIz7+^Xv2V@1)E8PQU@#4s6)a`+ZO7)TG+`U_%mbLV>e}=~OeZ>C#inFK220Il?{+b3eq{KO)RdkrL=k(5&Ie6AQjrvh!DP%sx_an!d zHJ5ENiNv)0q7DX;P_1TGxyw!@M?v@McMjyMV{_YljCb~)^JJ2-@*FU0+R`~m>#6MJ zx;Qh-XI97(I4fmT>-ROGvmm^G?g+J!XR9=61N-5cP?~8fPX(Js<(lsdu`*8OWHly= zEU}1XGvgU|#?#>)yK%Kvmg}y>9OuAf23Z9_)qO2woi(r(F~2r!R@)gGtkv0_P<3x; zDtlTLosxB#>DRIb$6AGqjZ)POLZ8wNe@r|5XyxaMbt4#7_bm zj*dqmOCKNI5HHaN)kPtl#%}ZzndT!qb3fFYRrZ25WcQ!2Lna@qT_E_S){(QJSb80! zm<&n0%7wfpbToz(3idubC-KCYz1Gd*+m)v5;=EPkEYVwOxDC0L$!&!c=OtXQ$pV_I zU}$wlP<=0Ez`4JdJTLCWl^6E7Ix7rLyIh%!H_tx!L`1#v-Rt>=;fKAy7F~JkkH@LJ zVpE89S)&)YR8Ty13r}R%1y=R}N0FPqm?S$`Rjt0N{%Obs4n0zF=ccN;$0iXANhnqZ zQ*$wODx6u#XD1UDD#l%MgfH+<&K$$)rKU@I-sLTIE$=P!NqPs$IV0HrMRxEm^vKeQ zf6G}&^i-V1bK~@Pf~?8|3nlMa{pecI0p@(3xLo6PxUg7xUPM=(w(r~RP3+Jt3t7z$ zmYd@0j-TktTkpwJ_P;!#BgkB}en5xgLnhOz@HlSH(e=b{8tz`1rfj*yV9m{0TyYjJ zyJJoZIG!23Hgo&j=TyHhwDZH@X7iTMOFqz?zdo{lAR@SkA%x1xRP{9Xp&qAa5TTA7eiC2heFGnD4JGK_lhsR}3c z0??j_bYkCdn&EKI*`w;YOdi@IRm4{dZC%+3YV$tC8EaC)$vi)^zPYv7lsUmS{Y!EU zw#=fz(77Iy@aK?YLHUqM2`_I)OyAw!x^nfGthzw}#M8OKi z=yto^=exV`Z@1gc|J&Pp@w~hHr{3<1o$gL=@A=NNKXv6lJAXpm6^y;`lW>9KKXvat zR&jEl$wzLA&Nt`>5|S7T;v>0db>bLF0uK77Gly3lBt8{y*l0wL3wg_t-x0YDp;fk}kAmDvhqjg@jhi zVnqk=uOoF6E+o`iE#8-u3g-xZtICs;iYqf^p!GX}5>8?(3-Ge}#pM5HEvjqWV1 z0rLY9@2*IE8nY|PDGUFlvZ`k56R+cKF39gj z<#@h(2Mtv|UQY>+dl0prG`k{kWR{QkrQ2{TH{Q;Sh)5^T*TgJ577my5%+?1SB0swghO1a+0Q8V|t^|m`MzE{+ttNN%&gZROOA?bc6CbkSw zj-0=62MrQ|3XRgiDMv8Q2Me;ahx?X`lc2Ah0ICZQ)>!#S%Y+Y*R{oUpNknfpS(R`~@xVemSTjGJ0u$oEU60d7zc85D4bg=4Ya+#eFJU z?mc_{?ThYry`9W9vdqd(Xh`!PIFbsco z-R@rQ!O}>X(69nCXuCY!)NsB+qC8K+S-z%q1p&|THK`>{6F=H|R}!j{Cg}=q@k+Jq z#UrU@X|0P1j^6);{|ZGpjjHBAz|;_X1bw`f0ya$NUUuUbIi+k;{+Tz zam*#|ps1ymie0u{RiZ=3E}z@}i|@+anjv?K7V!v)aAHWI6S#5Yx$>KtMiYG*w?Z=d zJ@6+qlwZFvx?SDX64=%XLuHS!L5Gtks{9NkC1HtYo0it%FwWMs?~Ta>pOF#eBA#v* zccC zVMoq+oNyskW1UBEoAh-R>PkfgYMIPwVG*0)^}JP8xTw0Z9>BD#l!Pc| z|0SNFEUY(THjb;1ewubrF|Mc@vuH8OKyVd~7G&WR>lo2<3^n!iGX=bXBlX+oYEd8*O|DXptaH+h(ZJc_wK@>go%Em2`6 zv`a!>laZGb5>`r10FJ(Pvsg|SL|HZ!sO_@3_uI#c2!;s)T<#^AE@{iXcwVsAersEE zbpXxt^nu4hK|_n$bNj+zbbb{OXp>%{k#Ntrkyn_Qin)JqO(O+(t*S;%yX^Y348dzE z2S4HAC9bU@xR-#oAlmgF7EfPAkuiqsvMb`K39o&foM8 zNi3xP_%`9<2V$EKC$srt*(SI;#+V+B-#yj|KhYDsmz(yxoSW7o%KVvcu+URmzDnT8 z^`b-SVL{MeenU`jf`lINTX2a$b~0p1=pz~;F(ya^+?AtqG?5za)|?x(wdqjyw?Zn+ zUq4R29femkX5oZ{HdPL0Q)RWadS#SZU(=ak_gV5D_E~h9LqUm72icT!*^U<_;^7@i|^mPJMW*L9h_eL+&?;Vbhai3Ia}Ljr$52N=Dzy-^q}82fA*9sYQ5 za@>F01Wjg@y3DK_>NUt>rEzfsWtF>o_?ziq9ii@7O5nCs9AXv(Bwl4y`+WNRjJD`K zc8H>TvoT)BY;I+of??_>GChO4#7nY*zIl62D$q)9U`!5ooNAs2tT2(pAP?eQ;mfm~ zyF>Z|5pRh%#v$dCh0v~#ujRpb2;N41lPqas1}!97sL6Nwhi3WmYMyt~uV0+)6Xhv=dHZC(ruwV?>zqYZm(} zwys(()a=jKG$4hW&W~M_J40FrB2zm=c%7Wlc`0}C840kUS9+FZSMho>2FwIt-DobA zq|ZFA_uYW$%BUVEIFc*WhJeJ)T16cJIKF8SSu@nusU9PXX;zrcLhpk6vz{3i&l97 z*So$ac}K^c*7$Lkv6l1#a>*7g@QO8|_O3$8W9*`h{IYPr&e*Gk7?=k*ch<;lz61ft zp8S#u+GFiJJI#LOm6pfOu%9LOSR3tuS70%&fDDkB}i@SS0hUY?H;~@(<3&{DK z{-ei_!fUflK533(^`7Hl$+}bfk0ZBv{>deo<{!|I6EBHL|B^=M0sj|?>2PW~Y?cOE z-O>iG#9JYTwW3yiMpt)G5fHW479}Vu}AS4=vC1r*rU5X*5e?35{3KccJU%#vg)RZTN>ljcEhZPB6x3_{>ck~OuU$)RzKvg2) zz$N-fEfH(Yn0a#~&*z7fR{=Eta)`p#ya07*QOKF1-42&l))UHeIZv`oDo)ph|D4Ck zf}+7+J7qtC!@fZI73ml1-6g5s5c0IC+7mD##dK%f|Gs+?eFJyB^!ZEDa@Kn_S=Qgl zEMEI=uG#+#)v2m?H(R&aw?O7I4^OKG^~kEeUXh2cDvtiXY%3KRl3s3M0 zVc|?j6Mn8&AIsS!m1JIFmt6Y3oHe4|-&{t1(Si&0)#(Z{&Ta#v`Myb2V6lJMQ?qmk ze0c{!&a!3L%G?#4e`GARyyf8@fm5vZe&ft_U%OuPP!T3+6;FLNJYxl;k^*IkajP`P zt5;7NsnXEoFg` zy7n9$xmHfBHR#CS-Ou*&-HaKjY=sYJdVvk_IoVzwjx-k=aTbtfulq=}+3ViVfYa;F zrOtVWGPHOS_8Se!+K-ASV81CajX#_TXIZj*1Vhdee0F2WnPbUWa;Z1=oQ*x_L63!v zO=n}%`I63qjZtT{Mx6q?sJuRPxw$^I+Urx7Pw@H_oI~>1T;~4NAln31fs*m?!g!c0M%gbn>~;AOo`G zkm{=hHSI(vCj$z(!)vhI%f9tTRp)a$JW6BM>LMKxd8dm0MTGV-!yGc*AA6budr-Y0uboR z=jSmFd4L63f3fpo;$rU}dBO`du$S3{%amL%n_tN!5>vEwHDePlF2(-&TG>vR{|HpG zhV{y-o!7Gj-?^GQ=3z1+G4(1q!PTP5?H9dgC|{esw_{gtm&Bu5EkTGHvj#<%H1v-- zat4eAPOfGBzUDOF7VO`666Dc8YcqTqo8&M^xFGT8vQKR4dbZZRAf^!!gjc+oQeV-; zHEUn&75Bw6dtYn~E_%BaEqbM$v$u%aWluFV;LQPnb*17nGIS4kpCz$J>M6YsBf2eJ z4Sl6$f~D3`sFSD#@)!ymuDa@Awid_yUpS!tQ(6j;qSFcyMjqsGCJ^TKl0s3lS$+() zl~*erQxX%uFIbF6*4UV2OXh70NEK=Ml~?RLomJOrOWt$Cw|$t3N5DZf=S>{%-xS_q67&7|5OGo>qA; z&V6sz+@C+Kx#QoHm|XBNj){La48W@u7FD1Ma;|WYkk>Jr)G@eL9pQDSkD7D*fvZD&dP>g-X2>mlKWkjm!;(J$lo!|XjVGsADJ%tM~7!e=WC^ls@2KUML`A4FPGr~b$03+R_duN z)WQGp^V!iw|Hp%~qgRi-Ts1WG+8RfSur-NmvuI%Ly0>*&)yhM=mSeg4M3!1BrXi`Y zn$A0r)7Oq}C>OkVCcl^^mDEa?`he57#8Q@oVmTz}m#R_lZ4L#?s6Hj+<_B7zI-~Z- zp+u8;guOB8)88M$KxN^sR>Gk5P|1fpm3R^X7o7f1J}gBV?6OD?-{t55*mXsdUddv# z#V#M#0aBM+!xYv`i^~~Ex4fA6>xz%C^!156#0z$uCOE8$L$%DIRxhBkj&-3-voL8n zdPOP@9RU@vYZ9Yvo(#B%?-8m5d1o`R?Lha<^86#uz~IEBbtQ#sIlM zM!zc5W)E6=z7v1=(<6QiHFN}-M3VLJ4hcm(ZAXlT!kywtaPKj?-EQ~!?k@b>?RJa* z_V&6vf9mbN*y--{_MY!N`%|~~y!T@FPpG?+87}xFT;TXm-FuH!oZM&fk%ZX!rtyY) zB;>?Lf*~;`=pd5Y4)xhkT;rIa*DMKrxPpVW5Bjg0C<%QMBNh_GVl-hfX-F|Hrh`PV z7zL_3ghw$U6A}vUBGe}Y`aXGgetdX@hBP3^r(C^6d~{94xFN=rqiYslq9KbB_I)Y` z#Q~z>ki`=PLQF9|MWcZb8VeEacRJVC*DeMqT^5fzW>TFu$A?EJ{iC*owDEHo z5YCZ~;_}g8if|MK)Wd^-pa5UXWrEd!C8i;g8aWL|EyVR2H|({@5M+R&JhxaZL^wpw zK_4CW9rXP{|G3|3{BnH$~O+gxCg@cWzu3;6$TxA!d1|985*-rk1)Kg8$b#|`)2aQ{Cr_aDmU$OVOg zyTJR>s8r=7VX>uXh=8}#kbM_@LPi;Bx&y`nt0l)gnAcQm95|wy>h{r9uW?C3e;=JP zzcC>K`&i)p20~I#+(*vGkEpE14U-^H_H!5A-nI*T+tF|H2zz87ef)^rGZGNYiF;xm zqfh9!gb9LfZyN{&ct8R!N0s=IRGbYe$8uEzHJqeWXeZ|v(om}KXjlDUbR77C!;tCq z*oT*#F$pFvA9u!#T{`rOvUipt7kvX5OmCsfk8tbvuBHJ*!F^L$bg2hvGd%IuVnZTo5 zUmlxGaOm&ruWi&xc-$G#up{V%utcOkIK7>&lYSduK2E>1z4Xsd`Y(i%P|yIy(IxU! zcpz|h^q;f=Lhbe-W|t)9s1C_@-O5(xp0w+;38tZHyl){Vy*ueb@+lQ>H zNQ8D8*`tu?FIOx`Cgd$kLbc2p3?`M%1b)kt)3@0Wa|tu0g$3lP`%}QofJ6USLDv@f zJ+>&a`8>jBf&8ENRJ>uM5e-Lo*8mpC|1Y}Fx<&bacXwwa|3AbB;5_b zLaWdM5L%TUfY3@b0fg?R3n0{3N*RFmt566Ky1z<*(8`p8jC$^)79dnlG3b1QfQ00_ z5-gG!<~zbdA#;qcWbfDzR|}K~D$pe1LjFpS6#tPH|6AyqAk29(ff;Zjw~C@_j^y^5 z5V_EpqX@@B5&6h13p2d*@mES-V@Ql;Ad7lK99yO1b&>0G3;6k;-$60KK5EB#B`vyaYtzRS zjaewq{`M7)spL3%YoWiRzi*FX5+TPyTiZh#`UtN5s{lOSNjQml=Nr@puX(d+jcwe^ zb2-;eyElt-Wj&pp{&dkl=)bvmdvy5Y!O3y|?aQr?<%j$296~jVb0@?bw4$=Gfs2w6_%OYk6{rcEj(ma8M>>9;M2xqNe$R|P`%ps9IUK4d<%HNb6r|x3$Jc*8368Oj`+>7Zz_7YJK z_!dh9B5}-Ot9=|@>K5q>TOW(N>$Ylu5fK21*;xnze{5J3bT7BIvq8W^^a%k;SBzuR zFKp|rZQ_ktdjIVc!q=DR>yJR~XsdVowf%;*wdcRLlYdVx7IL;e0tgQJ^Go@q1e=5O z+F5TR1j9Hf4%95+#+J_r2f=rOg*SHcZ{1LVde);MEyA<)F`Led&!y0;0(M4a&bhHdB58s+WY>Yvh&trb(+kZTh_P%{Z zvHZqaK$bQH&A0#Tbocg({@;Zp^Bd0KW z6FJ(Z;-uCUlWJTJ|Ph&p@;T%Q?p&R1hyRU zL?ROqSm@encJsk4+4^d~`G+zKewOhLB)qZ>f(nlFH~ovFlY{Ty9KEu%N7$1vY{m^> zL$yuFL3>e{P>!zA44dSDhMl`x8?8S@j3boMW?yQh=;-Xsw$T)S-fp6gW$oJ=6YtV$ zE6;CveyU)jTzfBxgZx6uCv6tN{?Ud&E#(wcUBj;>ccmUtS=I}ONj{Xrddd1z?vGOy z)X~Wv|5L&IvI6G0bCfdZ=QYC;#8val+kHQe33j#)-<_Ns9iG2CyEr*`d$f3xV8QxK z2(&o6P6_zi>V2*S+OoOWl1>XOgOu(3jRGp2{z3nZaXapV(I1qr?7|*!w>pM=XX8Zp zjGPE^8b9}s&R#mjp5;?XnYT`%`RPHwUv4g+{_^hZRjGMl0;LzzpK@=m)VX1G@jnL# z{fonQC$Eoxxahz8`RwrMrSl(0S#4b%tEe#dUyNZN59#PX&OZ8&!{U)q)0KcO&vO>K zM$&S*7vqWBm;ZmmMl^iO{3IZm$}Wi&Tm%34&wu{o{Krv5B=LN!pP&eHe$8S(-$dfp zH2K?qoR%|VLgxo(KOCLQ2?-pJi1;igq@!c}zGMF8cj9IgfO(VA!QPPp4Hi#C@U91D+Im<)w{R0%!~#4 z``^*mNAF&LjsAf;ViI*^OSzHU|MHwPl^3QnAp&HFedOc^bXuk6LppNy3*Fcqxn6)d zmt9rtU1;M@XdJWHeGC7nOgL#_+ro$lIZEnqRD4d36w7U60_H|3Ik`g&{p};CSJ5fv zm)xD;n;E|sxb1*3!KM1*Docw5M?#Y~ZDiV1#dtYpx9a|IKrx^Q_y`MwY1@br3+I-; ztDcwJUy`X@x+@Y363<=Ov=w*1p9*pi$5?9r`pr_upun!DYc-elKQx|<4!o~7=L~$d z|DkbXwTFZh6$4B|&jr%d=M`6h{#Q7VhZ75Z!0Fz+H+lN%LimcOKM&lj(iEiemG7P& zy`43+JH0x8)PSj-CSUKcNOWMui~<4mdwIvhrs%|yfZenAvJf?=ff7m<&EAL{QOpGM zSRf%Q@$<#gykj?2@?R=BLm&AAZXq0tI>^0$J45R`diT1KlY@NJrpV!)g6ddQB}dNu zV=C(?4^^k)EMKOxBAz>2lMGd-F0g zDnLGyZQHZ}Zj{%lJ-sU5sP^QjOuwme3VBGB(P37Wl+;UO%&w;_o{`hkjA0U`pxfIH zj;LY=#?IZ*G|g?}MfPV-0PlQ*SR$fC#Wf3tIzGATgh>#f0r9YMs1n`A7=}4Kld43j zEGTbH*0YkQ55Y7Zj?iSXlUaT2tyIg})BX{C4Oa6|w9lsz**AVv*{CDe_G{#9ef;_C z&8>slKKlPxEPl1Zz(R=r*36_RP)TXIS2n!7B3#65x`KKAFM4(K=IH#$K;PN=m}d;P zPBq{K?Zu9(3rK|uG;@X$No+XeM6~5WtX!>mi7CCYx2oW*O-R+k&%*ehJ4O8DKMU@E zJ$v!uc_IJLi@ok9|IdSbHt|23_@7Pu&*J!>T#(P&@;2y!Hc1;cK@3kUX~SKerL)N0 zY^iG6zP)w%l_w`XGvi}TU1ob;tXpA!H+8mesqQq5!lPB3FI6O+FaM?SET%Rz1h!}g zYi+4;zWmqgz33J1|37=N^I{|aJ;Y}t|83;Ijr=z&|5yFAUx@scc4C+%*!Yoi!hE6* zCp#dxGW>g$akxgNEb(v-HhjayH=^c7)LhXe`sHF(bM{6e;%O=3G+-VM;5SP6OJ}R+ zRQ#;rchb$z&i8 z;Gw}zE4^K9ddDM7^C1vAXd;CkwL^ls5C)=qLG6)1-Rb}ey+~+ldpm26dQx0AsB#J~ zkbslIqp#2zBvUUS3E~GW=*uI^cQVj(zvnI)>o6IsDuLVuEwm+h9#o*vH!9L%{~1Y} zwEOb0t_5^PhN$drkh}=w4-zYG0fX3VGJQk$Nq#GKtLk4mxrlM~qf;@W({8u_k&bI# zLL%T!aT}pM^fik}$a#SHg$D)wQTvL-bU4+i>@VQDJZeX=#ArD#Qi1B>qpGmc_Td2t zJs&@&K~xZSDFWV6&S9u<0Mom@)o$WN(R=MnGOgRAF5hpztvw?-#*O_64IvX|63gRg z3*Fv+-Kc<~_F7daL5tVQyrkBujB7dCj7vVL9HDi(lx9<0R1H0A@O=cmA{^2DMg?&M zf+zQ1qHQ#!F;wKP2^03ONGvEPzLaq|D#py+mn0vCDA!Jw2A>)JAStCjZ?|;n$**fg zGHRK1yOMOcHzpH&Mn+OxpDv=IW>pOI&Q5!$ebd&tH6VmmZlC#q&^72!fhP4gfbC9H zxM+GCa(r6kDAm{}MT8QdJM+Nm*=%U;0cox}_&;6u^oT9AE4}u`S#t08nQ#BCxYc-v zau5sr|9kT9g8jGqth=%QKE!8Z|J~SsH}>C!_TMG1cdNn?^-DoOM1ht<^qo>Wc}PJC zvs)Xp#)yb)5~*p!be0KRONK7gwldE=DK_@yjeYrPg)*$P{=^;1Po$etOT2}VE#3mZ z)RO(-t?Uv9DoE+}s3|M3m4K>?#;P=+N`g%}!rA#Uq$KbWXXu(B6S!^a!Bb`1HE2LS z8BiQ%lvRx1t_Gd+pkr>DfV)caeJP#V@aDCE`L#N-JdHricTdy!h3O4-VvHrvJ7n}NT5AxZ_{~P&#Bmd8m|9v{rvj2r)f*1N)G;-em>Yyzvgm6el z=8|8Uj%_Psui!Pf2V;kO6y9(vM_GBPg(c;A1J0d=_y+Mxa)GGz&lqPZd?o~14 z6afD^W|RFwSON+BGcw#S1T(<%Q!K{&$m~y8jM;HD>nct`bdpZ1=Kt#ekAO=#4zg~DUkaqGici69{)kQht_;V-}KqPB-P8A%C3 zKih?8Rwd>M6Oux)|56p^FaIb{Is(5s^r7q;MM$1`?v~+5_3U7kR%{*rir`fw8 zMkmzIPfdE6M@(tG9u>6em{@-f`_Jv#Hw+Ue;Q{}dlXxFJ-`jh(mp%L;W=WJi{d_dg z2@M4aIzIC*N!-RkL_^Y+I$;}9#Q*oVeUK|eLDxj@k&~9VcUs74dk*?lH^T9V@6S*p zb^NE!?j*)oplc#U@soGwDhd>bh(%J^2eHkZ1m!}q#1_gY_~wENqRODZ>~*c5Ao+d! zYVr)V+e1tP)NZS!PM`^!Z|w=bX-jQcKVE${e4CTx)6;h(FTA4U8ht|l{SCPm@M0Q~ zms{Iv4*WBkL_0<)OVvvV8I^5i`+6+T-}mp)R&M!pBGbSA6>U3PP-zkB!%CvK(A754 zr%%ZK&1r&?=;sUO=ZRu#dm9zTK|Pey{=aa17j#<_#9b4`)$!b)AEw+TBFjs*DaF2w zj4at0)V3qO>pVi7^&@zh3MX{eQcAoB9tA^4aKrPf`Ed z`2U_l{O_7{CCyTwY>_Wp5waAd+4|AOQTMoUz5S!Je;pqlRffgZ3q0@6@dM8A0e<|5 zCP}ruT*$o`0ulTWV~?DYm@>bwinF7gLRfFndw4@;`44SSQ2R>G%%@j(1VI;ixIvvO z9Cy-P*@qvTzi=N{YSQLC zz=4!!UO`}ySjCCK}65~g9CRzH+=G?idQCFS0ve%(Jk zI6Qi}we4Ynwm#S9-W=PEWc2y-(tIEqKklX z@zQase~$^A1^lIDlgJ0Wso%@7mB`upXnwtQP&*LF={cynV4(7Jq@8)N)zN?;IGn^7 zhp1Po893LOV$T7GBl2=nYD;=bbdNvlB6cKQs(6P16$#1BOw&2}nb-(&zZsl+C z#G&%E+_L-4xyK6AIequ);?+_AFm(vFJ*)~JeN-!Zi`wlm!SWn(4iYhDG5sBQ*FO55 z;F!c{>myLkt&__WE1D{BcY;B?nk5ttkuBOR zKtLn80&V5fgTv-vWEgIRSwyHN)F)V)eeTJn=w9O;P zv+4CQD0V)f)u~9hGC#8kSb=txIg?mx%d1{bF=HcyLAHfz@zCM5AGI z+Q;@qY(5YFneYD#nNQ?ld3WF6pX&Jkp1mm6f7*S%@&7%@XXF3d`2RNkzxDh7PMA;B zb-u^({n?!SY5M(E9dsQlc>Z#|Z9IR=c>b36`>n$3SJ{59 z|F7irL#uK7tOYiBl+~qiJSN5-NBvrbR2r;g+jt=k`Ibi3HTjn?bqTSTK9Ki`IOS4g>w3GNT) z@7qw-eW+$_P;R&zI1Gs38%liQrW9?DAflqlc zAHpZNaS8r`KJ)#5@KY4Cn`xVdwidfoF^C2EUta9)?iKuhyS+{RmxuXm^1p2Izx=`T zztl+qDpw=V0_PQjC>OO;N?)nl`DT`io-Nm*KE~~06Z!G%#>T`sA|mIyRAx@oSEd!) z<2-Z$%=w4TQ_Y&QDRJ?%Gw0kn?dYah#im%rdWuy@?EKt6I(z9TOv%6Z+eP5z)02a@ zM|RdE_3r6Gzi-}^f0y5tPk(uL_A3AGGDR|GSzPa!w9`DsLC^*}BuDKw=RrFrzxg>s zo~BF|&#uDssot?G*O`QZdca)Y5;10lrEDiCTY=mC45POtkV<4w$6}f~fD6{lj~^?J z-fDws<=7@DqVi}pXQ%5!0bWIY)g^ZUP1;D>8N}?8#C)^Ze}u(`8Z3NOmg_IEdgd2y z1*>iUSzrCn=exa9{m;E;&o}m;hxlylKO6hc#{M(Q{v((Ajz*y716hF{yxwT(On9=1 zj5j8kjY;P2CYk+>L1tr+`OFM5xqSzhG*|=-Q4{9psB_P&^P=_Xj7#0azOljGLz@ep zke2^tEBSLi3-te(O^6tigtrBbN91k=fEMZhd(TVy|BG&SqyIm|XLJAiiQoTT?)LZQ z?)Uxge%HVJJz=3#d1yFVd)c5eC*BlT{i7+}=2DY8q9VWp*JG28`m^oPb|PrNJL@UA zYRaW%Ppm(GJUV!D{^P%2Zf(~Sq%}LUD4Ini#)9~6_RQs1o~x@bx&iZWu>W26yKbl5 z8510c@w8dcpU{?u1O53W+Ua)Z+)U0!k&H|-aouMNE+R|SEB{vA+sRekr(Jtv;$2F< zM2BEmn7Xc;yV-embnxoIum}*8aR@Nn1%uGvI`F4EmdBZ?_zV2c76yu#EU0!DS&!RI z^s$ix?kjYbgm4b%UD5)^&+(NyaR7La`K0icRPXjvr>uo?$~r#txb>)`He=_vgv3)C zj^M_2t~*#7bavGL`OW#mP=LNPuFsNxaxcaaIb|$(srACQ>TH{Rm%PT&)#<7`;$OS+ z*mJQb=oL9vL%#pjRa*mnLYxG|6WcCSiA^G>`8E24u07Na5NbBc^tYujW&KdRE9b*i zIk@lNL(jU+Qeoc|*98J8Twd3kLbjE_EzX)SBNh4}CipVg`z%;f~ro zD`gJ4Ki>m7ouvRGJ3b$(atpK2b-~93g~?lPX$0$pQ{RBOp?79+Jz3i~H(XPB@5$Jo1UW2q8^gx@&>+~WGb&x-lqUhHo4 z{|EVO{Qn#O{~z4{zl!?5we|QsM_p2ducx+aHNRSY|Du%lwW#h--CLgC)lD_|^hugu z&DP#^L7NJrmZZgl^l+aOmy)`kciPX|-9@hF+TOI1uY1wGs(iwwZJ&-(ACH5aG#=MM zLmY5YzUb7P5vg0uGNJp_p}8gpSA~adRWZ5PpU^P%vR(B$A@j+F$HE~Up-%{63BGpZ zdO7>>&--3`_gClZMzte;p4;yMp;EZ2a#zREB{C2p7zXKXAtC~`+hfK>HCMgs1Tu&f ziCsvDFH%IzI=k0vX^(M4-yfzetbiV~ehv&k8;Z^uI_R_Jd^99web3 zkag7m?Y`LCE%|?YoBZDo^V#Ts8~yK(s{b`~@B>1PbGep~YSc^On1mvjq9LXMM+4$v zx!P=qFd8HybUh|9k^c|TBnbqK0%EBNh}=*vfCzC!kxIEHK|*i?&PBfv#K$ZNe8^{- zc{Kty;vnxLg1vFpquW@*Aq|<2>Im}B+C7LNEk>!;jV#w~5>EP@gK%w#hjBx(=WZH}mIjkvcelL61iI3|8u z?sE(A@cJnh<9*agc-(Hbb5Iqb}&i+8t;LjNSr^Q1w-rvrAAk6U_B zCNsN|h2{qJnSuHwp~PV|Vtv#Rlc=Lblk^pkK-)w6$Bq;XXZp+AU02+Qd%WMf=leVG zexZZh>^h(tvLGPw{E1$E%b`Gl`(Mt&g)NoIZGxj*`zK@|lcKa#Gag&RpZ}R}{{cpo zL_UOntf~H6cW?Ju$^XB*v+@5w$Y*2!+1P*n!1kZo2_Or%`^tjuwpIHrlNvKyhr`)~ zv_Z^vR0+7X+!IjDS~G4K?29&hY_15bKhgjMV5u=kAz07}VTrAJL#{9D`%*RE$VS8c zV`{ji%O&=cuheA;B*s_(--fkA0p$Yu)JKZRSuemPfs2^%BoG(mhKdW1`Q)V?gnK=f zC-wXHXzOEj>s!J8ZZ?(~(qX43ty70PvtF@OK>Jnua#)c@%1bT{`u9_E7V4S{oFrlp|hjYvv;q4K9rAJ z(CXE3|NQLu`=8|#=%DAKR|Fi>QUi63G?iL*5Fg_pKof%1HBdp~3D^*%N~R1@983@i zCz88GG4m4-yzaUy**3L~NDN?(d^w~t#q^1%I_V)Xj#)Aqqwkc_hjQdIFOdRr5iS;& z04rF#5Q`BB1r<|dYF)v2x}T~yKx(8Mjba?CtF*RFBn5zsaDa}W>k<%2C?}{*R#;t; zGf;#+!a<hZYQ&q462S$A!gR{N#Z8a2i3TJjL+Vi+Y1*rfL%_)u z^%L1wjBNVQ9grImdz2RqaX@Ek6Tq^RNUaa*fFrlpq)2H}J|J;SeD&)PFb)^!C(Nfq zoiU4>1y(Y?{CSWFP>H|E6p~uOZ!_W%mD&j*?gjEFcbKpudA^ zcV*CVI91P-vL^w8s4lHtd)RCc5#x|&R&7bj@=2h-4iQEQJo(+y@VL}kfgM13((L^ zBi#TBb$VJ8>=T5qFb%+1U9#1-BsY}==wVGtSK@zymuy7{dA6k9 z4GFF8VjG8u+~7$RfQdVb*%j3{V?tsQOr@f535Xle5a=Yt6Vfz`4!1^z*n>l&Wu1{J zQcFNd><~80R{hZUxF`!NSG>3f(k*L^mm*MaICGY!aLCSbYl19Sm_aGb3JdiXi)RAg zvNnZ~T%UzF2n^fi$zVc-W*$cFP_>37R;jj=;%6@?|~0*l7t%jNbUj~ z=_Esx#FOCJW&!;3*4(4WGO=f4u+V}DO)w20BA9Z)TlSHaib8zK1(|T0g;UNGB99Q2 zWJb48%P&tpC9R~gmW}k5#YS>eU}0P0&8OT;IGpk@;sp4m79)QFj+Y%x*QsL}GQ+a(JQz3tMlq#r%{PgRop0vEn!f-l7)hnYBQt zSTfx&V0E^2hy&&-%36y^lq0Sbq9%&eT&>lc;7ig%V|+zG$}<3g9?gbBDd#c7Nf5O3 z|LG)Ru}}+>@&PR}jF}nS#DFzQLr$V7km@E2gQ>!@Pg}vX zke3He4{-yw1(z}GyXLQXXxBXtO9XWcKEd@UJWo-58{aBwClz`0hnvwo}qqp6veS&s=w zst^tQ6t;r_|Y6G50*rVjl`$Pq^0OcN;ImFgb{>tYO^}RXK=DsrV0T< zGSZq5qE>mxf`DDC^WE^S{YI)+HPuWLF3?EAE5TFxMoc^!Q6ia^E&4J$Y`-*7J5(xL zvA@AFYQ`K`V=BW*s1r*PirIvQl1`NN$Ze0b6y*#_%RZ&*J_2MA)lYt8 z&l))<0@JW%~w5t>TXH4=o2Y7wJc!*NK|CoP0vl4 zAS&P~vedlfrnsl+1Ay}x2(%H2A%smZz2jn$9b8CD@WqMdk>)og(@NK0D}HjR9Tg+! zAVF?~im=1nj3GsC+d*#aE{g?J?35B_VZE%bjOvNOTMs&>9iLZ)R^yYl(XW{ra0V;b zu~i4JRyWlcuEZ-48x{ycRS*kpE4_Xt+pST6p+K7k6B`&aTw8&DHdXPtF#OGC<~bsZ zbKwlO0SeJ!#%JV_Im%AJa{nxDm9dPCtY=xdv~Ey=rD0*GfBtMD$G)_AUJj*t2BfiggG+QSh0g!rSPCs>D0)F150_85=tH%y|;j4P4nrZ&9Q-f zU;Z6SeaEIqs}}>h#!#J|&{EjvG?(R)fj)&pIVcJJWMahD9K{&MqVzwroJF1n2)5#R zD>oBZtI&WbIUr7o^rsLr%WqMMqD-p*u@#K(hHIo9lYqFHfMI$#+Ks_qeU+B?tkfipFX;F%_j9Hc$Yo_Tc zll0|?MMI7f^#-=}c^TDAi&+4sMKG!hCA#{?`>5VOVM4x?dT-!-88D@k$!$9V^-dlm z02)ss5_96~czd}GtR>L{Dd|EPNChcJ;im!Yppg-{cbjf8V7w_pvJm@{?xB4F&s}tG z1Q713xDX>p`;4fdG!VHhkB~&XcBm=w#keu>gm6ou;Zh+~)$R3H79&l=s&PJOK06vR zH8l-}AHsYvXAr!tmNemlO>jH~XlRIh!o8Rd^irfs2OZI}eb($Ivu^q{s5k-?re3({ z73H8hshp(0;8@~i>efotZ?-^X^nSWvdhhcL)NKhX!QQy2qS~#g;Q7UE&dTL4Klcpq zH_E9B^S8{T*$&F0_FKxRu22OEQCw!RY>3W}&)*!i(8;@#_VLN1 zqqD;w4^GYxzCV6*eEx4Bq1VUfCr5o1K5(G>I6XK!KR*2V&A}Nu{rT+lUH?d(w#r)= zkU;8cJYpfI;B^4cjM578HL~cn%XDq6BQEKz|v>wd|$J+Q@k_0bRwgYs!JM zbLP=hO;$`@`&q#nYdc!Y%B-TjZ(Z~zMX7x04aEZ*fb;xVp1g=$N!pcgs6Il50x))p zF=6r4GPM{_mSC~4O$H$u1$0D0k2G7Ux4V@y<))UOh4j9y1O<+K63_t%bO78aW}K&f z3p1oZ*b}@t=XMKl&)o6BVl*&I7C=a{u?WD@;t3w*ZTRwS6B3XG2f$sF%*aMVkNQ%u zRjvdnz$lw8#ewP6aAIn_?Vp@FFwis;B z^@$s(wl>8t5G9`9u0?0zTz8w1LcK9#$_fgW&YZIyY_15SApw5ULKq-~TVpVZNSQ%3 z_nQLUkx58Jx*t>TZD3$WY!GNG6v!lBOGc243r^OkALG3K1aa{Fi_YO8EF9!#~c zkxghSF_7Uj73QxkYP7`06c$CmM<=i3xmpzl2frVjo*tdNI{x2%xrAUXh@xOxal29e z2B2K0z9fXudCeDEI*cN3O)z3LqXCK4wIZd>wK7e9NJ-#xL_#lMTrvGYjJ-=DIC9?q z>SRhvfIV~CO${*tSJhgdUGV{JzhdFnX}o~7M@{E{ZmJqkpr&Rimr^*ic3>UbmTy+> z6+R6GzDXUSpwue>Ad3?YI72Z}t+k!haB*m>=!SEUSe4oZVrFCxW8+#KkSt^cJfsE^ zE?;!uz7p|~GW6h z9^hufqL=koXrA5~u63KXR6|R4afb`Fs8FzJsVlW;$!oP}RmHScQcY`><+N5*Pis*@ zt;Y^--h38*()j=MUd8Iim>d7!d-38$Z?_o#|7>S-|K~wIU!gOThxtbmOwi#N#{%^= z8&Hw4?RL9i9bNnAH4T+7Oy8$NS8&&_c*cQBp)(e7bKd5Mld`aIVT8t?->28%_uTK? z-p;SvCcieFj9fkjLBgf1Gr<0cbad;sYTVA*+5gGKG$1dB0TylkTY_WKM1OvNK8?t} zVc@dif)Qlk36r{|YODw~s&phs?H}oY+p{SU8v6H>8)9QCP35Jj~o%o$BO`-K?Tff?L8*;lX z@o5|+f@SVC@c6(4kx5jc4PEbHoh6*;s^|8exxGr-2w8m1nE&5S+Po91j1;`1-)lA+ zUwviVh=cH7+#jm9T*mL*E~ zgifU7`zaM*KQ%tt2>F!zNB-6Ll$HWe!{?R`eUdvWgk+W+eM0|u*>!vF4*Gk~?V?)m zg8r;t+%vBMhV;geU%o=`O-9ZP?Q*jZu?P5~tYfZn0;UScGvEF>VLlFCD#HD1gvI!! z>9^Tvm>i$lM~A6o6H4=*t?)e(%D3CujuHdl#Wjg%W(Fl9PGCrp?XC0HaeXfVp3 zo!;Y6UKb5!dbi{sFVWS`GxwR>Eg-ki`0(LFGz{65(;@(b7wzHf}rK7SPSBx#x(S3goDyA=TOStJT+Kx_8n7S z!f82hR;sEc`@Nl(^IJj^@=6l@v21jOgSXt--|KeuPdT_xN!%af*mw4O-Q92ZUOaC( zx@es2@ims*Kn;HjlP^=2TY-&rQd`w{%|-)mPin~^tE@Me%5Aw#L-iK~0y57Iz%Yo^ zWTZN`=xRbZ*M{2sJ~QiGi4(o#YsG^equFSviZa@1ul$Gho@l{zGVi+CkQ`kT#FNp8 zaOHMYJ+`FipvTY!_P_7X%ylLBm->AncBL*vmG|L*OwR zO=1)rPH?MChlZr4IS)sYn>^kO$UrQJXX;6)i z5}#NvLQ2Cm8;v)VgJ&m7A4*oMn<{Y&IstmKa3NX8(i2r|??EQ1hO#Co;K3RuXST*# zr)36dHX1+WPtp)iRN#iWf+(!>_(T3&eM`ic`5z$ZkznY9+{Yi3{6lUuzf21lwNf3V z^qU^kxJy51)O{%7EIZFCQI{QYYeil*OtaCDhv$gIN;lHCx3pJ0J72OlBoY))Kq0vf zrU;V1NgWV)1W;A^4B4riZq*6C)`?dQ2q-`k-anOdBsQ^z++PZ{_y>53lE-FQq^<$)R*n+Gv!8df0Ob~|rQ<5eoWWrR?j&DmI zTHa6?7(llYpWyZbRF(GVJF9iVC}1ZEQ{vEfgmOj3#y}l7c@UGca1KqBqPNd zq*@UvBN*Ip!P#>NLe~M0t<2a35|v?^9}MfefH5vCTwZ8g>KT1772KeINEl)cq7U*U z`Y`t-664jAh!}(Jms81%8Elri+&}2QS<;@QgeKc!WRk0OAcddxLs1_#Dw}NQ?0<9y zj0rAc9R19t9`(^l^9efpPXF-i;BCAA<3W38@40hZ*5s-i@AY<^mXjt?b@sE&j4HWl z%TfRCzyI|%uSS`yhB>g-u}&4kz#fLxL3qFtVJwDfw<<5SX|J*f8vmQAsSciNHSeFu z^o$Jcy%0=|pHAQWqClzXvsPw<%r*o@5$61w#eRCx*<2!5; z87?N6EGgy#kxn)s82L%jER!Ya)G=R%a*Av6PP<^F=(gTEy zubdPlLoTBsMcn$(kPab_MYDWqQYlPBu40DLX-iJ#s{qVLIxxRVIBDzb!)0S~@gyr_ z6`rpTqtJb`(Rdf7foEK2veGC7QI2qnmUzmHzF1F!`3Tn|g&}Qy3bpcR2 z_2e5+Caz`oIO|=tp>Y6-b(L6YU@=mv$`=m1U-`bWW6?!FhbGJmHj7FDq`*)N<(l#_ zoRG1))B$F4Xa%M>g$*ePr!Ee)|4igsX~EzBYL-|7_zLP5uX=%VohxMmL|Mz1Vi2SX zD3>YI2q6LUEVF^i$)+l=tsH2pZ@Iy(Xh?Vl3a$^jFAf5GE-KR%Hx?9Fp%(funYx$X za#!CX*-u>&W#*PSb(9LQ`l-oYjmKVROURhkl};dex1*raM8 zFa%};AJBGYt(0ch!pnJX%;?!w-IU6XLoNtb!mW*{5fLC?6JOsI$W-hUT>~0o$xPrb zVl0x#9839t8P#(Xvxvlk68pT$qh+~+%jEwC`#F`8A~-~IUCz|;^vllv$J>?@GM`BO z&WkZ0Uj&Rr7Z3;N?C;&S92ho=+0FDqnW@xEadfHv;NF-_@I_2U5{P^wk$@BjoiiW^ z;$H-8biv6;&h&zVKk)gBUiaH?pYOIDaA{s>=ekturCwp6>2eCe%#p}x zN=5VNLzlemK#U3rJ<`djFQpsnQF9RwbtQ?cY0k21IpObPc1dEi4d3rHZ5?@H<_sD1 z^Ybhp7L`O_F?qMxZjIO|jn!;44&@^xAE_8!bfEv$3^uc~!&N0Ofx9e%P9On;LIp%{ zK;I^KoP`99rF^4BD=N5Z&`$G?1#Cn;Dayr!6QON^YUn72%VyR9U|1Y!yB`;ccd0U& zAR0mp20`A`3lvY5!w~MuQ%XT*9I_xldd2ywG6~u;oMk`2o{C^Z-=KG9G9qB<(xXfbs!s{Y za#U2jmT%?D5L+f`dP%1!CD0{hpp399PPMP*08u&!%-YUCd8*){MZaAs-NPmBW`%mhy$#cw2*^VeycUiZ>cokXj+KtT2c9 zJao+noIm&jqH+Ns<@f?~vRGKv!Om+yneMsSXrzkuTbc{2^gk* zTYtix63-fDCf6yk3vgRVev$j-w&jRvB#Hlo`Q((vA{WD8aI-Gge6jz`GfxUjp^_1J zW7JnOQ7M%?93sI+qj@i+@vSsOAJRZr_wObjm?Y1CxG5xmH%;352L)N#%_GrQ!jtZF zZFtiC!{$=p;~-$y;Hp*$vLziUkB2U3tTLcv_{nH2O^K$gL}k-to>XQ{cJ0Jb7$+qX zAJY4%uxB{^lrI^aMOj=_I&m{wN$@H4a6y&%M!8vytp{8Hgg|@0Sw)gEDUYnq?JG~Z z`)#w6I&T>EzsCU%eG)ez98sATQ*gCoIL4}MidwrgQHhy$Ey9zNTH6B1&MVlXe5`9M zelU~P@gM2bJraLVna_+D5`6SYs9pIc!>)fNl?6`xELJ^>4A3H-a{d|l4N616B8<~} z-z5UTd48cXITwCPZJaLp1w&$reG>zeaDwcq@Rs)E2LTG`B?+d8+(aa%AbpPM2ofk^ z0Rh-59kv{eL#`F?k_bpo+@QS86jXqZ3Ihf*>54{3$)IYJB67GE`-(5bCKykg#^JPG9U>~ya_L8BxH zPIaYt=XiL+#HlLE;=r{#eYMxwcYNqHf2f-;IS8GWBk)KHn)Vs1s;XzBtpy2I|2pa` zEiJE}!mj+F+6p}SAZhMvxn^8^-O6QVpd5WT2(IyzSHyMY@RXlnhO_m|FzdhBXy}Eu zYSn{hNSC-`NTMU}OSeg*k|LH^=hEs5yz(fJv}3)VXN9Y=E@b3Uv-&X^NO@=orU%t?iKtYj37qD%kYtzPR+6w% zG*)gKD)!%OG~_oOQp}B;2QH6Dn$oeLR+u0pfB*xaWOP+>V5V(4t zmNM^1%5KA$?Fdo|lD3JAsBk}LA!J$|ySOAP-=9|3a%&!)o*f+?oFBbHmgT_K1}!c3 z>6;PkL(EK65y(ZndWE|@LLQ?7eMt7{QbgC=@snU&7p<)!U0S@eV zvs5C4B-c7kcUoX8Q}bpJP$p!qP*2acWZL~q{Tza(KpodYwftKjvGUJMAeNFHclO^u z>pkDy{k7#tDcafp?)mOs%Mk$w6Cja~vaW7#Z>@H_#dc;GDaSxIlS7D@I!MGgH6ykh zi3xzD;p(^2m(ShBT%jAH?3SR1ER-9tq5gofzg^f)t+ZNoiI7M476sZsH1@~YWrbk}7x zo;8kr`=Mw)TA**P5TP{?;_BfZ3NdE9W}|VUlfYJHA((kw-U}m3AjB1`zl>04Os&Sr z>DbmV2>CWi>OvBK%`=>-KxghEl@24+Z=35TSXHJmcb6gcFEmI^<2q<^``YA70lP8g zMBUs}IoMKLm9ag$=v`KC9xk{D19)-V;z&?F+gD+tR^BdiC!H5|X{wS}&YIf;P_QD{l+~TT z>8BS_w$s$cbZ7*3`8(w(GvHS`%4>7{IonwT+?5?Y00Ll~0zW&H`xeriYP*13b2+~dCfYO;} zK+p5IV#R$xEa+BmaWwxTZ3d8>==!EB`)xKFKc1hT=42?2w(%uKr?P|7nBA0e{-p=n zMyskL#lc|fTSn+UO}~^|$h)lD=cn+^MtWIDDa>QdtFmx>#a60?g&94}mmc)8)W*kp zMTj|r+A>9Y$P}bPTbd{f58dx7gaS-tD;S`i4p4RfwK~Ww>txlq%zAD%8gJ7t`eG@B_7o$8bSs@528XHFcQ8e#F`E!E zCJAr9i%5)RI~JpVQBU@Z-x3j1&-zU;#Jw0tY6T|h=S4xBIv8K2uK54h`}g&@Z6t9R z-oN`Qu(Y#LXS%6_4@r8*Ge1R^9ZhUWKeasBStl!@Npv?xY=Qwu$sOC@^WDaKd+(LJ z52^qVWU~)CwCv1U&y!dpL7-45)Cq+ud+S|yVpBi{z2MQ7s>GG7GXQ9L@XyMDKdFdW zpCxP^c@h1-wV^IzMil&QGG^R1-~4*g%vUog%p{oC|5tWa3yy6wq4G0Re&Xz(Vi2w? zng85@7F_F}`DRT)r1Qp^0nLx9ocSmd@u?+c$U;filHhjLajOY!ycb@zK6D^zLUyG; z|0V|4As2t}WGzX0Rv2<_?w)nbQf2JUO^BrfLi#aP3>1T0StaZETF%;2TjR*QGo{qZ8K5N_R!)+Wgp)Rgy**yH`{~o#VS+flBAv zh|?O9d$9D9N3Hp7<3+p#m>RGywLLGt%3-ts&Hs1Zo)3CKE;5mb(KM_ImET3mg1J~; z7sG8Fq}^)$JZ348MVeyWO)@ExoM#Cm`UA*&W=efv?O6@H$yQ!TMFldvtRBn(9wurGW|8CU^geECdZa0npq51H@Zdionz2;+-|jwMeJ6T zl+{m+X>1R86_kA)a;D10rc{r9J(!wEXt)+h6i-J9BknbZp}JAwZjf=|hsaD7%a!4v zu7BgsaV3WtIakIGQ!F>N1A&9OE7syL zu`9-7{AONlN?VCORXk=kZ6Qp_s0l3YxX4>kCMkp_v+3}ymw%2b;;+x`H4%K$bsf&X z!JZYEKu!4 z8eBdogMp*0C|@*YfU}5g#8wEe*NQV7!oMgrp%)B}$>8=V$;Xn>7%GYAreq>wmNa6P zEAn=b2+wO*L7#rLnP*WKi)ttn;crwkszmCQUNHGJK_wV4;GiiP7D)m?=nZ`+a@KQq zIqhXTe2w=5V+PMOFM_AG(u2uNmQ4MNiSAy;OP>E&3tNMX@gE@-1XL!gq+avP>9i%IA;IwIV$N zStLWK#Sb-4`0tD`sN>4gXj&El0w&6%bE3Bl(y$~MTnN*A921yL@qRmD8vWc<+R;4I z-)F>v4nP}75d)?_y?m-P*RB3tCNqT)G373onwm~Z%gw#xH_9a%6fwi4T6#yuI;NTI z8ejFM-i)PW>jG?$qXsd74`%OJZqIH_cn)S| zL!)TGena=!x^Y{Mt(zqD07BvZMAxUZ*0CAhSvDrXb2A(=LO84_~4syN{w8pV3s zYp&iG9(FXnlvtU)E{)-&dXA~mmbb&#m?}b1TI{^!sQh{Q*Ko+9T=QU@n^7LST?49n ztkrjA6EXY8Y9J2(w zh21S@b>SM)5H21~3l>uj%}fRzUoK?3Mpz-)uc|LIdWqRGb5xVxt|hA9VNpk}#(rfVDg}A%>cz zC?2zjN)?vnuGB(LPos}`&FH~Fu7`-SWXodDRc$Cu@@t-r9>O@JQ!h5ZJ`eOqgA-6& zgj%r!C7=;E5H^ZRUx!dvkfy9WhL>f~HEQ+iYh^(3{aMr3nV(*uc^n&@v7Q<*tBg7Ce0jh$%R`;d>jzs98-8&YMPe#Yu94X{ z4^vGaa11r_Kw$gr=Y%1I#1|4&nxH7~*Jw53yzlj)G8Tny8%$UZNkIJW&XI%q_rhYq z&|QPNT{IcvQ8w53Z2oC!SHZh{q#D*i5#V!~c) zF0@v1m>Fya#%3<%eRp5*tqK}XdA?`W-GepfA6j|fS>OkSnhwOfRp+pVJVMJyoP`?m zLM;axlpYhxCglAR^|b)G302klT-yQNwE@to&s@KOTE%J5;LCLmUvMFyJ^3%-EYLIZ zJq75}zLuMy?4sr)@cUX#Le-WR$n>D{>>i1$Vf34Alc55~7w)|EgaKS{^qFZ??Ufb# zdY7>%XYq^vr<#ldV0KyF4b`<*<`XjKg>c-S=spE&ZXEv$XZ{!A%!=jDX-=PWd32>8 zjCuA6Sla?9+O5_>>W8t|l(JHY+@66$>Sz{YkW&Qq6p6+(H3_7J?UaZi+|);^v*p2{ z4webHI&T2w+)pB6qi!ZV<(dRtqUFk6hb4}rYhvOPGPIT8xfx??>iSbKxP@?hVRZjG zjP8^($>M%4BptCm8jacKw9T#y-HkWhl7T+a7F-poFB|e-WJBgf%G1#&-F5RoxY^b+ zy?u)PQy==vCi$aol7wHvt(0Ra1}q#>o)nUujwMrLk*rlEUp(^6mUy%rdQGI9CeK+y zr+pTQG+yhTSUULZfyLJHNn}iN5#Kxbm0?!|e4Q82=Z$mi%joWQYbBrzL)!dLz3b{O zYxcQ6^0~bh_ZeSYuN^(^uIbwPoMFIp&YA3LmS-OlStRTlEAt7k3kj6qZ+rb7s)f-s z=kCdMu%71pzA*0%1(8P{#Q!pg$NEEbN*IT@8Wx+&VAeI_lH0>|q*)wvh{gd%a7TVpEI>w)&kb%T@c#Ab!l`Y;ey?n=ABC zexLa8hBd)b-V+l719|euo|o|^7er-n8Hh$wDCON^1NPn_yZ@~^kPA$tim*JI4SAYF zRV(3Y4Q0-jjn{6qFmk)P;q)tvdO25On4fpZx!w-vuum-sh2)K5B|+6vGpho!SUA#Z z+R^s9V>3CQo7#P|NQSMs3QBSF-X~IV#CEIoGyHKk)WI!+JE8 zf}ewg`$*`r!jLz~gN$@+#D))Eu>nXu<7flCcSvaDQMQf=6aifhm9DS_tz`D+t&Ss3(T&gD*%@q`1 z2s(i*(p~jNF$tf|6Jm&Di%b)ef>|O%c7LU9zap5Z6+~>*BsxYj0bTp^CdpSE= zHujgpqtE+_?&o*3^{uAB9`poyXy$aC`L?HCg9B6^&MhZ=lcb zx4zq1eKz;5{>_g3MfoG2p?>xGLG(rA`!pI~xnqm;?bfgN&nRHnSx!fjWOY9GiFDO@ z7%X z&Pz!nc6?tB?1cksd0M_FBi+ERBTtFKR*?UWPrQ7}z@u1HdMtu@D#JYRscC z$%#;?G**KUWR>CY#Oq3Q+kU1%tn!9P0@y1kprYJ;MJI=Z&F2bu7-TwX@af? z$*dCD$GBLwn@+Fjv{9cdGA$zdx!$g$^+(Y)3^xn*2@1G3(AI+*uCm=dbkJ?P)jDQU zL4DGQEiL_HzPfcX<oV*4r+TI@=$hy9Bvev)c!+0g5MHR#Al}QSwy2TJHw8iJbL=w zw_D$XE?RA65+h4C5xM?{ItUlFGmy@2=nA7iE=`+zvCksO@)I@$41v800nBz1hT&sS zbG2J+eRjd7diDxBTJ>9Ojo*Ik)D{ntM4n=tG@E4k^f{NSu4$#vV||TkaaZs*v}3Pn zc z6ZZk6@;|Sm&U)=3HzSY?Ij_Te4vJ(d2!o8z3uCMB%latm!f1UQtY^N;Bq=$rHQGxk zpXdfABPSRaE?&ENNsjU{lUH0dW39PJ`tqtpcfo`j$a@AWYYp06KIZCCyLLqymuykl zq`6?MD|&a~a4UuH-u+xF#B*;`u8i7lwT?1dz|5paF}x~*ZD*5OVp3ShsSYxfSoNXo z-!ZwNX%jjrL9kW`+&`%UbbfuV75cmC-Vo;xif1A*SCAnlo~CrdBRup_T%D^d0+NAjn7d1DBQsJ#{6QeNSBnXQzK+YwZ?9F&49p}j%CS%^B^#q`M~krC zpZgu6ay?%e>jy7?+VAM6EXjO|wVH*Z-D;WYg#@eOS%!;k2;32@SWqAuQ+7pik?}}<;+1Nc(aeff zLzk|LrM2oT*92qPYC)qv&T`?L?r6O};fB(?=p{P9u}kS@ty6-y*KXwB4E@v{ONz>c9U(q*j@K{($XgW~8nxBCvKv8`B|}b@O{|Y#?Fj8wYaa_{5&MYb ziK-c&MT&Q*F(ezbkuf6@^2J;*r>m8C1k=f&QNNlHnkZq6DXfi~l=rc*@~Kc>4>#KI zb_Vyc<7dbEvgN;Q`I~I{bt%J%uL_&e09y6L7(Y`LPU}1Qg%kUIMdXojj5^>!t~X( zM(deqeH4&9k%Rzu2+B6cH)U=UQRHB?!(AmcO{1|CsVEdVI3jof6WmVRRGY`MITPQ` z6&WzSiz)Cm3X$LD;)A)v1iM_7QRxuJe!;W^n9y`e6rU7HPE%%vEN??8k_n~wAYmQN zY4jXWI7(5B##xbv1Z4n_xWJ=-t_&-QJEn3zIEl36%p||$2?Oy^)=@tg;>8kcHIqyV zEr`mJmdK~{Ag%z5^U0v3c9+ctQ>VC`*A@a3R$88;x8Foa*02W+d0x*85VI^1Q}Yj8 z$wGW=DwYhpW1(^u`#u8SHBh9iiwSOKeFPqdBd;-?S()MtlTlh=j0EOdVZ=fxmg`u5^G75-C+bdvoF z!uPG8xy?kd@(90adEcl>_NyU9uDM!@7AcPj!_X_K@TLkbn~;`ug7(Q-5~~)dtXj5c za=@}W$yCdJp;$~VImNA^=O4COUGf~7z^y&|l`67KNT|WwCE%{WzKQGGw2_;3! ze=E%4L0ZXC*MEIXHdr_cTZEjK*CEb3=+#sYe*|@3ad@l1 z=w-kvLmC1%ov#&vrBKnBO=zui-IwR3EukS5gk_Q`%`(ij5Fz;p(&r%yfi4e^PF*42 zu+?%4xA0a7UQR@fuj>&s5}Vq@;N~vPxOoJPqCDwlnmjfi6pD3eS6SNW!mRLRHy2&| zeYf0IEuReU12{d@DscVV4Swv#-Gr3}@ts1-Z?(Axq&%gQ+Gf+M9p+yKGUC`=#q@)peOb9gVk)=5u$`5;&+u>IDXuHy{%r36kq5Y$W zHEw4oU`}9rWH+PHn00r;t)@ol#mpq1`=Zx?Rmh~=?=wQU@_7Jy$Hrftkw@XvaH}0O zb)j{;P>qpU@HCfVlcy@DNwV3Z8UH(zii@;IE_Yfq%gR3u?qa4Q$w9>TO5Ms@zk3eZ zWDGix-p(x^>BbfST;DLthg2zT5~M8O%;;~Ic{Uw>C$EalN6|liyn6EH_wj%24Sp(4 zb{@Zc{^I4)=C_ZAgQwr^u&3KkzKyrHqwTHu$zW&jB&OT(6FS`5R2P~(flk>)45`ae zOS3mOjsMvWcecZ=?p6!#G@{h#wH!70I&Z6nxe5E~0rM0&gS|3Np*v4-EMcdqp);hGYUs?}9?UQ^^ z=zx)N~iuSs+q2~aB5pJlt=!F=8`$UpI|M}0Y2O3R# zVlolVURKa$w@Z$!zwx{jBXB+A+@T|E+3Om*VUGmCf=`Dt^*_ z#y#@(*A~KD=067g8nx}x71~1WyG01JHjT=JZbgkyic!XBUk`V z{k{!thVW8z1sv?hVxV^@0{wP3Nr=jU-UG4>$0tDrjoik-v z_>I$_X&AfEZ8wwrQri}ijkE}wZnhjU@C4P6x}LbE2lV~+;5KHf<(Z&9J~JV6&4CS7 zj~V%i4lk%RqR7d9|CH<=ADDwE$j!yzfw_8V^cBpJrMKKABQPc004hHgGVhV^w!V90 z$KBP6!i07e%P4XUdxNHy)JroliAhHv{KRDT(l8H%$n{LJK9ic>9R?WC@MfSR}E@%tq5G`5V2YwJ3*5 z&95qsE51(8ooeGSxjCTt(OKf*!Vz>=nYPKDT3#K`%(3OEXd2zppVx zT@QQ_=7gk2;5Y&vVI3&*2>}#}gdIyZZQ09CBCrV_(lZ2ZTRUNaAH88Iz&+8CT193UKko-(RkG7{>kj>0?lnXMVFf};w zu^2HML(vH{9ctP&6Pq)yS3Dgt`MTdD+j?a&iWk?kVG(Ri1Rz=nXEcTe6vBgW9=I`r zQ=jD=p`i@t`*=b1;`fX{%P17?Eg8aVr=W}B5KmMy9);!`eAXk~?G-zzZjwr0`05&c zshsA8s&<0UTqn>)8LGpFcs)w54Bou)PDE|Dl4(-}**@YE!w~Q^1uw!RQ;SUfm&Ks& z+x}kSrrebNEUQl~*#1)h@UFUpnN(I9XiF1oBN5G`q4LIt$#&^@hyhU5N#o3Rd{(lX zGt>4i;VA)ucz3EUs>G)1bk+zMzFaq8hH~-bN7ZS!5iopN3OaM7s4aJM0!uh3ZbNQ_ zY857{50HcWYa?hYqTEDgHB3;?U3CacRZ)&LDUzIL$(&IX9IDq86yS_bA2Kb$ts;sX z2OTmP0phff!D&9L@iUU5$PS+SK46=?RBJe(T%Eq^&y|M}T}b>UU=P#b0iS}vw$gt9 z2cC)~LNk)st(d*9?L?|&IYV-;%FEoDu%;z#7|M&aqD4N2id1A{Z?~;S1n-n}aJV7- zs6k9(Ylb`YGblieg0O!Po)Z?1LT#7JtZRCxPNnjBsV6X*FGQd6=VXHWFmZ7;?9m}` z1^l^p9`;rr$Dz&jY61o^h;__TnoBI1)E+QZ^kIH(fN0eu-X94 zn9?ur22&Sox&%|k=Tqphax3dgAI5yYOMkcj>h7-BD5?_gXn(V9{m(-#RZbukW_8_w zJGi__eOpUVw^l{QWTEh8m9?>HIYm}C+e(8?x6)Lj;hD?N968Y{+9oU-)0C@;EeYk6 zB@0kUFsq6!p&Cg#>8dg9?mT&laj@RAC)+!QL%5E6r1H9iX4kSd5D?Dk3ei}wQh*L^ z3S9|lSm-Q0>qduo?rJIHl^AvL@^ncQi5QJ|I&zl(D>1?g*6;w!#u|6;1~|Di34>Xw#Gq^oHHqfJnxY6D=Jg{FHeWUAR}gjVgyKl{(D5XF_66$DR@QFk){<0 zUbC51OboY1eQ7Cr(QC&dHeVZjd9{8AQ*tcDMB7h=>K>V@3EIg1JJ+I*)7O~EzkH|n zdL(IPq5|=C*qS&1HKu0h2tR?U>z6d?kw;rv!$?ZUDDkhVnkS$SWHfT6?U6`nI`up= z=zu}jpq5qXg*MrKLVZ2|9`yNu{_?m@U#a9#$<)bnCvDEP66XNZN6T2lkDR_Tvz z6yd&#XkrX)iy!owiMUMeUM5L5-XMDpjru>tI+iT|u$VB(BTI?Eh0&N$kVBYd;6rqp zX;$<|ux%MTmLBMlokvf$UUPVe>EwGWw}%OUcftmWjv37`*$0GtYwkZ_?pPon)6|PY zD+?`zCXqdkVR*tn=_P$l-~GsFhQ|5M%N9O;x%Wzp_AR*ufX|@SDi;qo?uoT%qgtiw zh$f6YFXN$fV{87l>YhOTau2F9>uI5tIhla6jXV%1CZ(5@CmI)M=hu%oR;xYCRSn$PooPD0 zK>~L8xFTltgHM%+UDNp`b7d+KlMNZydt`eH-qn+|_sAo7UdhJpTGy*y;;ImEB#9y~ zo43%U=c_>SbRHx-*Mj6xBP35+4P?X8OD;t^!SHQ+oN1XVo>>tBCI9x*OGDESTv*e| z?%q#l2hZUdK@Nq?#13Vhj|}^mH=Y)*##;{p6F+-Rv&!%9xh=k)(5&Tq1TC+F9Q9t>dTw#8eW^_86AdA(ELy)*YXAV#bCZUB|6Rmb3?3+| zAdc;Ui{Dj+9MY&X={>;EZxE70ksHUmn=E{d0swkrD(4e828gYtkKWZP(zqfS#T=Ey zb!MUT_QO`I*_SMm*fRb;Lo-D(ylY@D5ot^gXmn8qdQ&uNz)E?b8^&B|>0WR(CIgmV zF_xCMw|-|*m@8d*namU=Hl{rIk*i$D=_@VOU^}*)voL3}t7ZOfr5ZjEkKy(jHwzf^ z`Z#Izs2Ga_!SPxuVz&7J5CnhQ;{0%sTq)NN>@^dyot-Z_4n@pvGwoBbGe#p#NScsE zk;HhIP88(W#?NUK326@lY!YtryGYr3u~$x`%Px7;j6?nZDzfyGCT#8cX#E!?k_Rrj z$;R`w6l5|PgSm|#HOLcVU(rVH0N#|sz&g+m#F^S zFlx)8Ks&6dmq?5>l0qpG^C3h4pA}lv&3*HbtQpNvRs9cMr5-2o4 zt5ekqq&2$5FxO`0n9BIP1KA)WP+-q3#BbnsEj}Y0?lh4riXuxDpdo_#Ca%&(j2c03 zUc*~xyEOMUJo0 z7H0h&UbnK)LkSlXu;9>8`^+Fh+gvy%emukP6j-sEUqxjFfa|h7#VTJn71}u0)MZWP zb5m>MQ!)aeb_0)Nbk3&t&~z+0_@vA9LL;r7>lOJ77@VF^W+3cllCcTilzU(wLeV@F zd-aJ_4!l<@vC_Qw*RQg2j~JR4QbtHUsO+AtK+96Q$dJ3<7P9cosnDVMf0vkIE6#rN zIrM_cB*=m4^*wr|TF+yi*T@vR*Srgdb!F|#M-2t>d!$+qU(aq)8KoY1v}NLrsLX92 z80*z)d7%QB*%}dIllu3ZM=0jSq(@$Z*T%Zx`R~l=y-$pr$X?p%n$xvzKFM6ySSj9M zT>pMd^Kp-CVw*W1w~WgV0)BR*NPkyxo~gJ!vDGV0!nn|L2vt0H zO`X{oBwFo_7P)}Qk=^5i?p_%L*COS+Dj=ugg4KP6yERu%?1Fx(-!Aaq%pOfvW{;|p zixLC_hvmj^UmXK+g2@rk9gRVdCZmHQBbFL2S14=mEeqPU>+QVr2EL}n?X8TKYv98L zku@Tsb9d7t5K3sAt=4OjIlsKwO&J6Oe*bvuliwU#aR0|euy3AW#M(%Nd3J-lK+Eob zZa;Zkz5lbbz4c`K%l)7G_<8@nOE$kDFCEo`Yc8-09*}P~N%!N&R!cX;Xhsrv+d;B4 zW-@>_y2-;>ax?R3}c*fP4WO;$NH+s*INtW*? zH049c3gJHA7_l6W>i(ugst3hfG(Lo-?iG-Ym`6DYXkfnA(6&jt-6nwy+ADQe9>Lv7 zcZQYSWnYGqFY9tH=AXd~h-u>%qWB$zRy;c?r3 z3!x;|rxYw0rCpAeM`OI27pyA9UGv3)SO4oKvtd@kR%|672v75NZHl&$_pou!w%yDt zJ$k#5kod4pt}759SR|g(G=J6HvHG!)xn8^WoHrYm4lAl4-g0tC(Z)|e0{y&8Gais2 zlOh+9NCFa^?i~ljpQcCda2v}bc4NJTIFZ`C7Ev&?SbHiv<>c%EIGH~Pt4{2T~|IrHcSmwtH^dFhpyxa~*aKY0!Ac1d@wA&36T%ZfA zFzJeNu*zn5VZ6pm_ku0POEw_kUpea)2U&5;HBi4_cL=mzv#|3q_4$*Q(r> zdH|TN;O1~;R^M;>ZVA(`EZQ>7)|l03S>r{E2A*eH&E9+sNB{{_0cX$|S>v&q}XZ<;KD)y;Z*`9WGVgw7j3n2d zM_;lHJUMJGVbuh&_hx}0o`0*B1YVG6v##jHwgz(#nu0|~S7u?awWcesrstBnNua}= zV^Yv38cs3Sa74<|%asm%oGw|{8~2V55BK*@&-RWEUmU!AbFzDSaCE3QlZJXVjJsbe z3CUJmfZM>l`y3O@?!KA_e#7b2ocw9Gh2@8%qtpKB$?ox4fB)p~`zQT{K-81&RSwAP zk@f~w^lkWjCe586*qD-jDmQch64tUmo;NPyTWC=H%7Fsm{PU z|CDUqpxd>2xp(&J=;hh|;qDKw_MbOGZzNa!w)$iQ0Mc z^fl@J*W}$-O9W}{a{aBhlE%lY{lD)wtffh&5n|qicAZjJU=X`SJ`Vf4{a3bb<2=?7 z(jp&w{NcU{L&JFXroVr3xchp4786i_PEnPFHV?^d(GCN?-rxIi_wbXy40 z@_4u3|M}?T`PqwuSKdSe8FjrBubVa<%Yu{b`&ydQSN+)yTRJu_o7t?*{N)ND&eHE< zPFwa6(a_yX_t|YkK>*u%2bei)2{^8^O1`7}C-~EoH~rK7=VyESCyhKQqMN{pBHCUU z+^{+pnat3les}BlldJX^ny*B@p-|f zv*^6=kDHhD_qky6r~Q94AoGGv5tkQix&W2ei1}MMotek;J%D#?Ow7}+@5jDKc*^{c zGK+p~#)dS$WHRT9#Sj+t?5lXCfU$P1o9lh6S6(;JLo@kI$dRpc`?1~Y5Cr2p&BU^x}JoX;WVe4fiZ8a~0S)@Gq+8Pd#p+`(Ab=j>QBn7f0q zOzz;Bv20H9FoC4v;Y7{tyqq1jnf z=W6B?iAiXx)%`OnRL;_Yka_}6Ea^_@l?wZn&uep=q3OB9W>nINc^GDp>;KtTY97b0 zprlecV5R1jk^-|EZwZik)|h)`u0*N~h;8R8hqqopmR??y3is2?ztj3!-QbSi#yvUf9`%yE^aLYp6Z)vLAQ5G$@X>&~rX8BN(`;1_!wDN!4`vPAxhzx;Ip`PPTet(${(lwTD_Cg6yl!$wIG=0%|8GKh1qqE9 z2e-#Ugx`x7`(JcXN+Y0;!M zBf55#;8P$1#QP?Wu3N0YJSc9q zD7U3KjU!k12s@j(w|&3(nH~LRh*>|V-W8@Ucz)}ko9(v7{bn!k-NTMs`9gX1>ae-+ z!IDX+#wh4lLpqS~ikA}unq{@LxtQED?hdB4g|XQ`SI)S%8Vq;4w%)Lx2{XOj`p>S< z>ets-yTv#=0#8*=(}*=~%!cNXm}DZwOpSL1Rok<|CKHk3n%*s`RQAa|5DS)t)1Nl6 zKVR^af16|p_bNy>B!klGB=}Q6g0sLtzAkRuXOqi&%0;>=?sCZ|<`gto@z&`o7isSp zZL=4aKNF7U9ltlGslNV#IH$s0CheF5qtQIpp)tAWP4i1|cQC9-E}s>hd{)c92Al&= z_*`(E)6qO@XE)1?oT**x&*{kba6-@z79sCFBfzJ-Tn3LR`+}RJ2clltlYl+O}qV9_~=g?{+mBxN0mp= z_F*ty zf)t9p+xcPvp1UMhqYgMY)^)UX9Vy%|h9HHz@OP0$WaH^0dw%)wf2{-gdj8)VrT<@+ z|Nrr~J2U>@t?jKZ{@?rfdH;U%o7O8HvDB0~%g2oDLckj7i(!66B_l6Hk;Zr(c4N2y zqK&2BiAWg{l1zkTP`z35L6Hkd66}u9kz`QYLxlv2G3&k$k4_Kv_OS|j%oTpbV&HKt zD3)|3HxEXxT`iMC)9u1#J$A=i6I zTxmQpfXbB=CSXgHys}u!TP;G!IM1`*=H}Jam5m=1aN(5P;xT-9cNC{0zu-hjG z{eb+i+dt@cT0bA0{&@7}l>EGVa6&M21TE11!J%PhHcj<<*JT$P$;kArU+5uSQQjhNir*6H@|7^p{YY% z1;t^JBvbNRK@+G@s@ED|4_iMo0<*7Ew*IN=z8>DssV$hnyub)))k= zSw6rO*%(Z*`+x7CQ&i_l(-n4wdgm*Qr=j=c;&4n2A_GG@udl%OYnBIxNcf6s!d zzX+3>yJllCkn=o{O<aZwdArrBw!J z;_@LW%{8uUHL-$F!omy{`VZn*OgD&IGF--5>^JiT=Oy^zoB={g<7cCtvjc z`}ld^9RHDtxLoh0As~KDtk1+tRj>bIX2a7_ne*Y=euP^TfcY$PfoCFq&2q^jwV%dN z8h3YCg5nUlD^v~s6S@Q{cBD}C^}7ROo*OMZ#0Y;I+&DpKyda@Oadgw51D2@*l$A810;h}}}L@>M9e zEk6hSX`%W3X)B=E?Q`w&CuK(K>;;|hgqLNPf`jAB$9gK})zsw$?(=k%uzpUXi(n=V zv!|@wsqzsh2A=V<;6ZRGQn&*)%~+YO_`v4s{_M1rFF))0xt9KCoQ&611DE-Kww`R) z{XgG6{Zjw;UVawqf8~O&ss_5^dm!E{y3LOLu@=e2PI^2rKWkHg)%|5;J~kNM=L(O=8t|IU-gJCAGf zf9vtLU;ID!@-s*NyFvtWMZcwqX~uGy4R6#)(G zfkFrok{d{V?+PijS(Eg~VE`X60H{D$zmYo#DEF3(D#c_iVel>1?ba&;G1Cpp(;Ox3 zu064L8H*rbX_`S4!B@YLk;r@GtJ7dkKQ{`HHneg_3!wY0?U~7Z%-e+BpJ2a?srrdc zHFTIx`({LJU~|3vAvaAVCK-+VC8Kh*uDEtln3VUZo7Xz!9r6&iB7#ucAd2PKf!idf zkb`xD#xdF0b`kHq?J}-DWcTl5)ga#8hGLQpy`{-=xt^6Vg~&Gy)OsMT$`?rz%(>5z z@`M0*OtLg$x4o$W1KttV5|*ySf$kJzlO}wvxVyI;#jb^SFaYn)(3|D*?D;ha^I^<} zYZS0-Db=ot1Xu1jX2Uy0{{C+TO?-wuAN7OvA)cmjbqCNA_m$@Z_x$>c0wQ%SyMq0u z5%+L#cl#m{;-bj>b#XqY1xgT4U^QFvHg~}W)?(L(ylGc)`B0+(TbE`}VLH9s3 z`F|=55|iU#M>kfps{XVa=s(v~v&_7&ug)!^4yw{(!X%IC=`q(Qo{ZTM3==`~r;meA zWg7ah@boi+w*(g>L>FYcfJ&)co;_rLyW126vn`hKhP z^ke(48y6oYA6|cW`Qh}#@rR%Ihu8eWOa9@Me>mptzdk&_*<5<$tKVkPP@!Y}u5XNp zT-ba9we>7gj_L@^kv7sN4jk!l;zM(mD9%iQE zor$?#Z`7Zj^-O23Q#YJ9$$XNX2_^yA z3b(elNpKO6jqR;1hv?w7dEh^LSw8b0pH?3GZ;tD4{Fgs*c)L^PbbpOc9)I`b+o$EA z`0(3D-#*^{&TD*%&%giv$@ccsoo~POJ~@V0+dEIb`~Lgyx1N6Yc;{*PVcU>v{Xo4; z5H*`eTwH+n%UizibfN7OpVmCqY0{kS}J_8+P;yx z9;#e=p~#SjJAm!2ceLKYdb{e43HuMW9BeVzPkQInA@zFGJOlYfg;&)1L<5g#<_~ju zLxnBWIYI+7Xyya+Sb#S}9>3Gm>u%SnkatWH8HwmYE#YSqx*MTWUL2l_i! zYQ10X^XQMreI8wt`#hS*eO9FqFfhqR#56r_Op0VUBa!^Qv<~salZ1Z~3VHlTq>#tg zq>#sJppZJDXz3Ad`Gm4w+R6EZoqA^lidkT z`LGrknI%46s)zs8TM`wl*sfHmsyG^lP8(y*n-V*Dv{rG!zWtS_Ig>*gG4lRn;0@Ub zhF!X*W^?$nZ3&{R?8yhni%_r)?2$P6__5XPc3bb?o5WNbMXEF&@Sn1Gd$+RPbmgGE z#KgO44xK;p&ua1C=AOaLuKzE)|F!k)lbQUVJ5Rpk|Gbx<_s#L&Zo!w{`?| zCMlq(O3Y}`fnQ)K!iuAXV)78va5sMT3=c0W&zky~uxLzEt|sl<_T-iNyFt*E*ZbXG z-&tw@vox2}E+laYr*v{%4zOhZZ$H_p-~ZTt`smv)`~N3tM~e!vshfEiJb-e% zrXPLOkAC?j{Usnlv-8pB&(O@?FRxX`viHd4cI$$tagQ8}xMdSR^jZY6IQPi=_oOL3 zLYWUfBp*M55YdB}&mbxuzHP{X@PYhRh@6p+A6vv^M(+W@kTKm2R>|ldVr$(hBp*ns z4bU_vk83HN3GuQ>=sA$GM&?+Ei=amgl(iS#m?bP{-3*gD^~it?g=AfLXT44>O{}_C z$)JW0W`OFELw3oefez+i(GHoUkBcP1yq5|=tUv9+hsFsuGdt|o&Ce8-WztNqYnBNY zSFZy+Hly@NETRi0L#q-%R#y9mUTF7657dI(d>x6&gr;%N{He#;9Po5=K-JiL){VSB zKDgfrQ7k9jcdX?-$|cQ6NkRQw6XX8LiQlIFdZSI=d#?#$(O8gZ%%Tggt!6mdUdO#x zX|Gv;CPSvE!y6&&7VJe_`dl?uj^s7oV0UTk`JWFGA7B#%KZ6|ynRc$DG44n&MYAR@gMlQ zVT$F;W|#u<>#zT*6|L$nme~c#qySY}qg&(PS@ZBDqe?w%8k82_KXC23Uhex?Dzrn-0#2gw+KsC0O48#xM?;Gb5}E|PNKTcH93QxLlQo-P4R`d zjl1w2@NY*V+?JUINPs%XhoqX)AV_DE12C+JjLAu|tpwXcb%#D!5pmC{`` zaC>MIPPmjphOgnDKFG*D`+03dLIPAeb%!NpW?M-Hjw`KdhC>QH^+>SY&>dA5DxA=F zbKcivcA3#kA?pm#=dc2gEu9bzKvbmVy$nJVPD?b3G?^})y!*riBG0tHU{ejtM{8STeVSuY*#+~*lPZL|L8^4Qiw^HlR$0O+$VK+ z$|zVYqRWn|^Vxh@`}-Ol)mLZp;q0U3-GT3;ssCA8-F(>aY;}NVX}j8?dA173-FMga zR&{?QU+%=e7#nW7U{<1|1?a@o5urkI%d9dDpFNU7>PuY!~{;B z>_OO&OO=x$yMlutMW`ac*Q^_oq>RO?(swS1%IH-J-)q$ginikUW6G>1i_w2@)&^S} zK?%vJAW9^c=FC&lNQ0H)>1=fvJq0)&Q)7U8z~EdDj)7TBcuEFTjbSFUQx%d3I2A0t zSoxUdl@TJEqQh8DERY_W;jBfElPkjBv8VtxKz0?OWJopA_&fa{i^-!cfW0Gg3HQIq^Zi%*r~CKo=Kfs0!6o|f z5Y98Q8WuwDwW@@$8Z#<#DNRh@mm(=9?6oM;91hEF<4NffNWOkd^Kp;VTqfRB@GP!; zP3y;Z{z;#KL#sD*#6llj?-1}i{1D&XY98H2@Q?xPrsZLuQJP+hnDxlkeC$1^Y2121QZ_PyWSL|rh#?H(-`gQMN)yyZG6acaOp=7BENq3(`)7S^+qF*i zcb~uB4<~Ur68R)cS`Ww`7S8|sUZ2EVs#ZAS`6m1y=hF%YzspVdzkM(sZR-EoKh9Bl8;*7{Qp`H$ls~tqEO`E`Mzpt^XZ=~ z%3C3i8QsL@Qv9DmO>Cu(TezHi@l>-K~kHaWc?THe-mPM`!SZp ze?HxQRIC5J{p88km-x?n`60`Gsv(lC1uebc$qxA&O$#cgWM^yZ@!XG=#5jWDce;P_ zx=(fwpZk%7FOE*goBn=>oa`T;96f)tryqBq)$@b?>B+$lZ}b!BU^^tw85F+L`f6yk zNf+5k)R-m-nJ{XMBPJ)xSVzXhQDCnWifQhK?tT5(dLwjO7agfFK$VFrgiy>ri?EYz zl8>b*Mq~0l27PixVi6VEHmbuVaR|btIRvChk#q=^%>I!8 z&>e_SmCVFy;&HNzFN20CC!il3FeERGJ)9LX6N;%4t8T&V8U?180H&hI25;l1;)=-* z!H`RcLQV1aj+TcJ#Xw(6_xK7hAjyQLbOeU29#<97*Z|hi0u-h{m?HEP`t~t%#Wghv zNj5ldm*LC0ry(EaQ!V=<-Sx(kt*_cP%-SH{c2wjlrzr?&HKvj&+aqt20ZZACN1P_r z-aRBDru-Z2?*RS(1kI>Su>%Q8c1eUleu zD6}ySwBh4pF=_k zq6fO`R3~Wqs7*5xlZ@*PB>*@x&5^s?S(&iUz3}7(7cCdg2@`V)l~ufH|19Li3{!xJ zeGM`2Ax&xJ7T~F!hT8y$Iy0>ajTxbrlqV3ZJ`=0m(cDxMU_=cmQO6f7cS}XiBj(tf zaY2B$Nwbwa*RsXkZqU%0E;eXNjQ*uR%%r&F=0m(5kg+u8@5q29;;LO@;W?B1617~7 z5EaxZK#$Rk12cQm6XL)EKA;MN>-AQQ^%&+tF7hfp6fBqC3s++vjXh?-VkpK>6C&9q zho$WJ5zZaL5;_pl{#E+g{M}?a(^8HpmgazcO0LEtflWbNN}AaRM2Ok=_%OQzaTxB$crcnWladDhLMyZi=PNOU|I z>5w`Dl*SGd!*bR4>>U@#HPo=;^*!LWtT&!RpxJO%mO40eXO%S}-c=ZjQkWIZ@hc(c z0^jjAMXtHNNNJK-wylc6gy)8NSiJ+N3m^yZ%vOMbfRE3p6?TrRMO!+*_JMiJDmjhaxAG_$4PBaGNy_Q7)yy{5d%&>m{!IqH=$y`6)epYJ!~XoCQw{!h1c7D$cT1A z@=~i+de}WTeRs#KU!ZU`wAyIQc-ze9%8W*1;vtA=7BZNk7N_jxIjS|hjO7JQEcsmt znZ#FI>l&#@yRh<#U&5c=XiViu8%|Flm=BxRR7lX1qGh%}{2i}4U^vGMF zW2%|%zrgBjm@AGHj@WXmB5_3&8boc9;at7do6rl^A!B;UK+CfLfgLS|L#^itqF9o2 z%>Vf$6EeqzaeTli%0?>$He+X|QGjdYuAF9BqRmZ_CR4<+=3NG~D4~3!Oj~bqgDH06 zW7qM`ltoM_Dmm=Vq2%evS~QGX+2?Qk4b>(zF?VCZ0GteX>a=?Jtp0(W5L&oK+UCM2 zc~#)d5LbFBtgH*k!BDTivxQX7b4}B3QF3nlu5?88YhZH5aNj5emeZ}JP^t?EBXC2f z(E1bp4L4U4dZh}U>!~JeghGJk4){_hsBy(b3=U)h0_0(_ z+A#;-nCQ4ERcUQUY5N_WI#QF66ce6mIzj8vKbqAn&XKh4Q=9H1KnBBpsv}3<$dcuh zryZ*|dnP*+3dWV(Lv16#aquFB2wBFS5lnEfwyxeYPZe?6Y4W2qn zt!i$_J#8NVTr5DL&6tEM?71*IPUfZHB1VI+Pqd1(xUHF%TYqEt>7@=ZM?gSw_AbX8 z_Egz1w94&`R-F!Ao|~Sp~0N zH_aGs#48XR%}K(j(&m)!r8l3HyERL+5!|z2QVU~=Ywx1JPgQCm4FBmf^9qsq`?~6Y zB79i#87(qLr39SqU&ziZmZ{bCJTI5A4H~dCtnCy~ATF82#mdKA#$7$hsau;=$cZ+X zwPL}j3?W9#+^bi!X!es^XypM-Y3JmliD$fO4W$Z>*;~M|rWN136B{&+_3u*KJ3dAF zaU}+HgP~P+LI<(0cw8YJu%~DWfl+B(Osv{kp%}|p(EhW_S?6hhU@xCX<7NVH6&Wzp z17uOBKSa#DbBjh4l~x6)t>COj1)%2m@|Hq(V&>t4EF_8f5bC&kT5f{|U%K`hj*PGy z@2p4+8=&cw+XfP$q|-U3i0_?qTM7EpLwnx55`dZ0s)`hLS~q4gF?3XM%Q#D=W(ial zH} zs(J(8`+ObK%&1uarbjT?1*)#GJ$=OQ4@Is&a;G;SUj_n=GQDj_VBTpl0-&iPV^Xo$ ze^2WqIk*kcSjVan5Jlr{(PE6`n zKU1mkGIg6^Vcs6Q1sb#WxCJwNUzMOjR!T;raot4qTk~917q{J<+6TM1Wr81ToMM_E z&rMqHpfYPu2c7DODlmxTEQ=LGa(Zz3YQIAcj}E&Bhc8YJ4qxuS-akC;kk|Vsdq3_T zp6>o|@ao|7A3#Dc4o(mE`xrj3Yx+3eJvlwtd-H1dgdD#)IX>#|qqN1-!h|K-R#TZs z6^By?IGI7Kuu3j8%cRI8*XlV;ct{FmD$+^M3iSM?=xtOGMod$?r6pIu*_DX6Gn0|2 zn{!t1#`*`Xv&Jma-ghB+lxN@E6XDPjJprW8i%o08Tg${rlNuiWGx3ELzghsh) zFUW2M+_NG+gd_vIWC@3XjYj~MmQLuX>ciJx+mL`VH~?}{l}E;eT8cYa4MlZphAv>Ua6G2KCpG4(HW3aLCOx!}Hr=18S z*pU$N6;FKM;RR8-$TB)&9nc914fv4qq>w0$XfiC)Qn>*k*boU4iOED0ua6HLn5lLL z=uj)@bw`}(!#UGwe97UEbZEjil;Q>nHn_obk2~P|knBcUCTJ{J&Z|e>Ed{l=DSjSv zNK@c%*ZN`M!s9lpg+^l`&s?58M;9Y_nQLUu}R8v zw;$cZ6-cM{;W4V?sve=(BUR# zLzc$)#aJY9gX^5i32-8-Tsth5+qsakJS{VxW2zK`>m|mC+L`qm52i-hC?_=47$|Y- zl=&-<8a=hq!GZ+5fB0O>)uu2wc)xpmynp!o;JOK_tW0#!qUwIJ8B&Q3^CxG`m2}%&aiBN2>!?hOEE|sf9%84+FTr%3`8< zaG+&H_2kn8zi2QSRotD&8_d~rSLdE7og7p~V}5BlWqFwRb~>F-emkP|}zWUstN z`y)#xWKUBB=^KuKL9*R$x8+H(9)Wsba2#rqCt!N;y0`=DLa|)4MrB3s+>wD6Ll~^} z?{8i9*{yIp+a0}T=}*ql(FHn1eG?{-M`wLWSfC}~SU;G9;{9SIJsVr6F2@lTt;zON8( z*lN81^IGMyFn2dZO2(*P>&NI-h@CSNAoZOFrmdEp63!8v*OC9uYAC}&I|Sn0t#A5m z%(6sGK@qK-nw8j$MWm|9dckN(^G*DAv+Tm$*4|Vs8Ft4)qi6G?7%-W#oT<%=E;j9Y zsBVWXy#cTB)7mX^F{&04f>{!qDcU&1-okQg@bzBUeiUvul1M7#l@ReiH(m2hi3y_B zrunYjYCU*hj~n+y%v!B)$e*u6ZhwIuPEfytT=lKiPYyFZa{fQt;m&rr)!jPBu?(H* zKOT^`w8+OL@OtMAX#}Hkv1u<(!gw_hyj-~x5!2)uQo(;@G#@|Hy|!B#pJT1VyGT?V z8Y5w2mQ$X9ryL3DZGX4_YIRxxd}2_jPYN~_%%-9$>3T2Pc=m~@Cla2ra_2>onWJN_ z^p=Q2(idK$3OKze6qEKnn5pIDm?e70ooqswR_mK@p5xx^ee+GLb$)){dLL-eg5LYU zWmJOvO`X8Y91}nS%B~vI?vw4EpcA;;4ULFke@Hsu*qBJB&M!-_Z$ay*KohMJvf$f}EP;p+vDLJp9Y8DX=b?Zb#Ssts^ z+9jCnyu36K+GobPqi9Jb3$yLnt z9J7(l{gVzkpG?Dx?_9QwGWo*nn!W#6PSIskD1AtK{>7zrOnljxu!!K#8H+@lh1Svb zH+o5H_o|%a)@^=*G&V*#@q#c#?jIA|%a!)z*;5)9j-b2JWK-S+s*VTQV~UKR+PaXi z<|gu6E4u500iGfMe%GG+#-RRa=IppBrrFT6D49~s>EEbL>ZS+BJ;=KvBzb<=hu^~* zZVFdQ1umMI1*-DxP5h*pd(Xq)l7wpO#pkkYZmrhAkeoZ_bWWfM9&T;Rr7#Q`bUG%D z$Bo&mF8P#f?CrL-FE)cnm>KF6_IzC{_5v;eUVFk!=AV+Z<_wR-Ri?cuNlW?oh!PIo zXg<;`&nK}eO(hC&cEP3?2AP4X43yO{cr#rAS(%=0j^ul!tID7al(jl04Q*X>)urDxj$9cK_zdOihj&By7i@Y>8YpLXe}rEdb49wZ zA@Di`Ka!%z4xX=da%K!rX^NEpRxqNVvb?!6XpXat2db)^SdD`mor}=8U3j4nkiAf}^^+{p#YH@b)o-5y0sLN78W0JuA#goODe; zO-o{~kH{Zr9*z6__x0}Onb9oG6_Wu*wGE~@hPX%;2^lLwZ6b7yh6F->*(3vm4RkLg z7bBA;1L|iH#Y`}yaEJ`a4<>(?q_Vpc)lezd*y?al&Zz2fPJ$=CgR!Id4% zpepAR2H_PGo+RAlk2d$S>$tk2Jg=jL8nl%t4$03Hufx(L5m(Bj%`hG1f{duS;V+q6 z7PBvaUa`aSE-zb%+y=bbgpF&(rya!LF#|&-EfXNrcInA}|CH<=AD|mJRp__U53KhI zYfDae%C#*8Q9PJTzCPvew!VARFl!Z!*@T|3k^X-A=H%5{r#~~=jQDS4*(d>CgM&|c zNf(bH?b>=FUO4m(!B-+-p91!B+?xP?ANpbAh%4)e)vqNRt=nbPG~kM;H7P$On}{{* zuGOKmqG~eGD8h$W8%(oJ)FDO2Oj;G^pOs8yEJD@-WdOkU1Z?{MWAE+z+qRv=!TX!9 z0!yb?t3Qj9>?BTgm)&)3C-o+Fe74hGFW;UGlaPd(B3J^nqb9k}y^VW&_ey>r3;+^* z(t|D8?$+GzrWOed27|$1Fc{2`04b>9q`|%|!Mpu0S&|NI-d2%pv!5zUp#J%7!v$Ox zt!A6PYrCJFa=w93>i0zSQmYkZLzm#%>nT45ENXZ9vQyQN)j)VdxpprnoBZ3*tle9b zUOM~3!;nok-g2Ci{1Z|!@iR^>no3o?@A7PH*RB1{%_`D8P@h%f)BCK-ET^-IHy)_7 zs`2TaRb_6|Sv&Q~y>!rSux3+R+PXE&ZLl8*mRND&K~_W1`vSMuivjoCv~!-Lc&@X! zxYOsq>cBnnzun*xC{_-ruV>04gwi$UBGf(39lOERu$G=@X&gv3VF8Ni)ul)e}#%1gYd>PJO z35R$BmW`L>2f zjAIF8Vfnlo=~&-X%W+Qi8+DlUS!9c2oj+U-2;8K>&;KI#r7DBJ0AR-~XouvQgt?ne zJu|`{;5ebzG$cc^&wU)~TvbXVxA@3v(+cFce9G0gQ*>#tK3JDblBa)QVAVfZk1n)=JD@DmP zQe+4cUDJd`;GlSo6Szs4?|&srRL1|)?^C+)CSfb^v}$OmmRyAl2fPzA^-nvb1L9BokaX5EaobjCwHgGczH@pu zN(djZFmU@@8!p8C#Ni$Z@#NH`WbAb}T-D{mE1vp3;oJhy+i(RP6PAj+V1odTSU`3L z5NC9<(qXh4YB|mk3kWj5QIeWT#{CfqQiv1UB!0o}&C}tKaCHOBT!DjJU|_?7s@V5g zVoqKJi&@Bq6Z990$ZFUjN4-t1Dfm}+Fz0j_wIypv0(92ozin*jFyB%l>zqO$)m0d( z8X7WV#NoH3vx;7W;VgTBq2i=aGjko66d#7{5{Kx*Zumkuj<05n3j5^x(cy*w^9@eS zf_s@iRy$y}6(niP?ZPeR&;t+`_K5J?@P8XeK^sScE;=J5F(N_ljqp}mas{$6{_jHf z?8d3NU>Q(RxByk~XT?<#z=d*k&vJqya#L5vxO>xx3n`~f$Vt^iqxl*xn7I8f-!@z$ z$KMgTOD$4m#JGSo;Tx_>4eX9^61W@g4WYx4kgH|4VHqq9vZtE7PrlMkN(~NzGNOxe z0of<;o4im(l^eW?=#||pFICfoACZLIYHoQJ#qX6KR=e7;bz!{%LR=DkEn^o)=7*&P zV2Ji=MK=TSzJYfBFSwO7giRk2RqJsRU(G|UNxWKhxURvLQ+FN$S^tQAgP+Y z_exaNWXo}Wg+D;#DH_&Mz(ac`GMKU-46-mLH3L$0K&Km(E}d3Z@6vXPXOXRzF6P_krI z+CfYHrcnxesW@Ri1e1ZPRxM>QzFk|ED>dPcv(B?zs8DipIxYFzS4`Aa|}bl=5e1LC^THPq|SkQ**0^Z*q7U`bYN>X{zWs= zePUm1xq|zPTHN8H+c68Nzgk_j&{Fk0aVNaN6JEFAm>gC=Q!ZFCfgpw}#lbi$Z8q#Tki&odB78tw3poUGPd+Suy6gCPWWBwIM z5WJt|1r(=YsFrcJ?;Z?}m^fBBB;5@+Au;1rDF3nmfEGjdm>(q^-3?dZAw;yXI26$F z^7d9l2&)CHHpA=V>@B1yyHI5X9$rY*_eN%bX!#) z^A=i;qlY_xr<_IfwKRq#L5eZqN(zm!d95-6WHs&bHPe`Cb%!B@<1W(3~lyDfEDM}37 zddxH!0%xC@J5EP3a2tTO_0{oqqHiH~niZOm4Tm&Z0Vis}EysD!hSPm5(Zv@R3b=ju z1}BmGt%RKiUsr~s0p!y4HLT{S%&vk16g6+@B3ZaL0j_QONJjtGQXg40*+>i4>?4)kRmPD=GZVPhgjB<1Z7aKTPxT>gdnkmvl6h=lsqH^C716C5k8eylz> zIpOBstm?SD97;|_@KWC(L_m!F%=55g*AA!O4B?F z)7;9E4nDSgEHz+o#x|*aX87$_Mk&$}`!?K|C4#&CPhZTtIO7)m)$RZIy!-sy@Af!o z99HX1UDF8o!W8|dgDeD@CdU+~0|PNyiD}Pe7jh6CA0WA*9lSFJFtV&XDW#3aF zK2?OPTPp0j$sHfk&aSM-8h*}^`o%366Q_cWW!)mAGj>IyOr|Kwm;E%%T*IKc`n~XJ zO18$NNDHypuL-GU{mkgm(W?& zJ%ZY18v0k_`8+{}s#QI9nAV|{N+!FJ+Td}8j#TB8j)Gc88`y;!MP*geOy5AfW??!e zhq85LP?LWh<5k2Dp4nv8^=)-qu>_smdZpDUa>= z*ZD@|4VoCDgVoTJeJzucMvKGCb0hT zKKcsjv)Z5_<#EZggsyl<`e+{8wPdaS^`^J&ZB`r8Nx1qtj~L|Oswos*RS?><<(A1c znuLASnEs$p-39a1`oF(MTi#2r+j8qbNYU)^krID25((?*OduTx$28CGvgu$u*^BCI zA!m+d4HHbeVHR$pOEP&5^=08aNem>l^u+*k2+0u<(TVY&*CL(_UL`kaXUqTX=bINF z{~GjPPb2gR(YR_-e+JAElLB_Gk)bJkSA&(k*s6K-Xe)VZGL zN?PfxRnk`8CTAsdE6<8Jf6mG^XKlfhm9oY%QdX`lA!Fs*@)B0AEhS&&+N^Yy&KlY) zX0aRST;8xAuURg=zwI2pZ!3<3Tvt>T*du-@=S&_zLT$!$(h(Y&l)A=l#68E+Vcm9F z8i_vYNi^E+iayZfUZS)w2O)DdTdRpV2m#c)IxQfpYQE;%>YZt+&IQClD0dU-Bion5 zu2$)~@il-#Reu9`eHWhtv*>|i06@FD+ku8z@j8&u|I@g-wA(d)2M$645Btbn?#{!>F=99Z+=1VVFkM>p7f_ETzBVr=gp z(U))bG_E^E#6>GT6kpgYkdRLILK`KfKzrMi&uThF3k(vu~U6PH=P-jvYauU zGKn0xMO%GmgO9;?+xD6V5pNvl`{>6X9fb6)0QlwbhVn-Yt_4_Q?BiIan5Tp*o<%4~ zSZw}oqn-Ef;qQdt;6oHnB!D+GBz(dJ8C#$lTCfo9b-UecqR1B125nbmHaIwzYXVC| zAHC|n>O$p+1>_iBZOQF{VW|(ck2kE(Qg_J)TFEU)o<()2yRizZ`vuOkKpJ_PET{gx2~pC)z(l^u4-T&RP3W@NTbiS1x3i)*axnZ zM06d5MvMzULk@`i(N{KuwoVx5h0MpHHdVw}jC5gDLB8mtPWDC>QK@bZWcAEmViNpH z(u7KK0~@rhW^geV;WI8oN(w^hzg*)Vbw_^)m5RhlY}9=q0taPhcuE! za2B|0ETKolC!FJCvH_h>$XF$6AjnUXaDpxq41^g7lA!N%I)CqJpkta3kRPWoCCB== zis9Htz0FsLRQC_UUCvnpR!Q#TkVeDWDKn;#zA?w8Zi~NXYn<~DY&fdIkHj!FyeFK;4Ax|-pyIVGB$h4@I=!^svg?_Ot zwONCiqOMx)09xwrOspg$pj%5F~Nx%*iA$%!U3tuNsP@zV$%%E9xSrfn` z>-_i1XsGmQ53F{^95rGrK-6}W);y+yiP$XNEUfYv#tyfT)|}lqOQ%dstwCzG&IED( zRqJYpOzy(F+b>>dqU}OIBNSIPwQfL&X0v1?E_pj|8fvHZp zA_dXAUo5B(I;Eu67ze}}1hqGF*5r~c0hYA2loQ*kjmT$pS>MEem8-fe@8c*-{C{Cf z-3yg^7d-mq=u8PIt25h4B<=CZ>jHOVvwt_wRauNlYlgR9HXdkG8PG@@Giii;%!$=! z$&uz5(l^7TDtTxp42$jJgcw?@9k}LUrIX98G8Q96WX6g4mgECU0+U~?fi#>cMQ?;f z&dG9;6-G9u{*}^>)7UejN(JlBsDc#tS{pNtd3dZ-hWGV5e8Ug<)d3!>dhf`@d=Vkv z#r6-Pwu|~_v7`hWj}pv@d0EWaRc^NU^~`Rn`pIgz^3g&gPMBbq>EJCDKVeS&om7lW zyFjD;NRT8>D9=op#-ykfnA6h_nUQh5S{ih%kPT^Mn#?kO%enPmzn&>RgO7jQ2t`s* zJLQ`pW5bYS;{m%gNK1K|@vnLdX(0J&#ju8uI{uvlL`)Jc7p)x?*99zG@R3~!JV*V2 zCa`;$?8MZrO#^>QZP@)7s#%O@+!`D(o+~-6074GBotPGY#sy|6@nVG=ZGLpBD!n<1 zgB;UXEm$FBpwOwQ^oV;o=ICZbB4-WZtTN9eZ6-<`tEZAJRLRp^+04~6J^oi@V%cU( zNUFfqdV8y*+vp(GOW#>dw{qw24OZ<8BORX_B37HqCSr9V__orYYN9&zk=)4^q9w^a zu-pO{qWGwtayc%MdRvZn)kj;7Q;Z3e>2Gfn5c71b);_|8NnAp&AQ6Aa{@vJW>$UcCNRg-YI&Iaa>vDax-gn0W`5Z^d{ffG%^bXlzQmn_XmGw z_Q@c($e`TRx6|6}`kulMBtaUahY2O;;F8fLeTTdv+Fz;)cg!kEHPwS-x=900H;K6J-`nf&yR`sXb zO6LdZ*#9;3%>?aTsB5md%}d-SOr#i^mof5n;K4C3nPuwm!AXKAZnf5abiH74x$9h{ zif!duyxzQ3%7^lG)zk*KSWiieIR>yIZ1meKZi;^S`^+J?fuqFIC|}2$(t1sb%1@FUOpNu8%tJGXDzKYU{gTPyTYxv(wpz z%AYcdA~#CI(EYs@%w1LoI1Fv7sfbn>PAbT_T)vrb)5&L{Q1gBY8&tYs+QDK}*TmE= zP3_n`-J7SA7J`jmXLh)u+ZOCIRsU}AYu;AhmERP9+rPfmPx^2M*Ugyoh3)HIrf@Y$ z(=BwI+N4gmfK$o=bqfg9lu@@)*-9yv&nY7t{bQVn7op9v6+{}l>zlWcP0gO##m}^qf@~t z%55sbNx_VY1yyLug70R>33Uq3v{ksYy1VKKVH%WjpK77NS;k$VFdF!GhH)jzqca=E zOl`v01eY~@=A2_mnAXl@`xJG~9SdLHvSYi!-qC)b?eGt{k5bXIZXueDYk?a zzwCly=jg-P{;4NEi(9ubEB?pJUOE29_VcIsANTWo`O^8pS;7_Y~_cAVf&$#OSL+9H!=gXHidKNK3IO@Mf>q8>Y`Z|sL zFbzm{1nC{g0xnt)s4tLz@Toz*M49Kt3Z6qi%IdKmnLSz5L^|bIQ*X zB2qP*`>)jnvi$oPM|2>y(Y(5vux0|H>dY-}BC1nZqT51p9>d(710L9*?hGfpw6hG9 zl(pc_fDZKW?VSPT*QD+a>t~kGzvR{@JZ8a;cK(qJHyv;zTfGLSzwE1qlDHOoNtrGf z;A4tiCInw)zof7(|NS@Kpv)uxjaSfZ*MJ%Fe{;LHS(5*~&F+)`-@QCd^4}Ws>1%)` z% zfCYxWDrkOwzt%?i`?s;i`*+31uk+e(a~zv;L(iiJh6zVT8jyoJL({Ftp8Rlo7*V>)7Ss!FJAPv z%j^I1t?twMe;-f7`d=9HnF@e9n}D;s$D#y0%Oe0mBkQlauZ-w6|0yU8L<(n^b4CuE z#5noMWJ@0qwrZPsJ*8&7)K-i3`y!?R9je1TxzTZR_!SY?qyl8%#W+3}X&jRCUT)xO zULAcljn=r5z?%vsEUI6ohNa+3)3-xM- zRl!?$mCRZ(OZ_4W-@IGS&?3ogs@wr(AH z`aH8$15h%gu3@{CmASHjO({ypY@F61RY!(evA$PxUTo{BrPf}nIROwT@7FCA(w!v1 z6Q!cg4|=LXYA18COm@vGol?GB7r9vo75G_F zc{{%e^4t1IX8@l)hJMjJ*{y7|Mnc4HrCjq_QiI)dM%T0zz=b$% zJ_}vsp6wpHs(`KMyQTd>>2B_H-C(xfAba~3oLHJk7MCd%>#ZkTdrwIt= zyiB0i+&Rq6BZVG$HDz;Z74951K`4~U>Xt4FHdQVb%W7BdDmK+G7tA13E^jtLC>Jyk zfOU#@N&h>Hez8lp8vYW91;@WsdvOLR0k{nZlt4^pfo$o?YnyQRE{U$^Ut%+nwGXvs z2xFq-%M|SlI_iuviA*<16s(Ze|CVR(F0U_-#OD1>;9*um=>$7jexI2(U0CV_9@+c>lYyR_$3ypd|d+#%5hh#k{$VjVVW`Q-_WMtnpvbsf&WW zOa`n@tVhCy<#UXJnY(4fQb!NvX+Db|@|)#eIRL22(_L<3s;RTs_9Du8S)tQcBV6PH zP$k3WSRAp8opbWbaXN+VTv+C010iAlj0WZ4;!}wU_n#AJu6=ua_~($0r}oKK%6Y&H3Ad zv-6*JP7ii>KA!#j&m4C{>-La}_NAmYPQ~c4a6&bb`_g9l&abD3r|%AS4$n{bcTe`u z-tGVPj~aNG@c4$e$NZ{I@mME}X+xO@9drnczKn4`dw+VqyYuGY{r>UJ+0SNl8xGr5 zN|&|>dE3YCL-w5{VrjkKKRLTa|4AYqk^)Pb=8^#K_J3Qv|JD?^e~qS^L}Do-Z};c@ z!=01;w+E+ZC%@flW+=?ecJ84kN^M4sRZ(i;SyV@>hn!S(DMnUAtc7P>4Xqx}1YGLo zqDZWNq`Il7o28h306i1-z;_zW_aELK9G(ByuV+ee{D+JmME-04aU-;%_+UyRAmXWD zeV(1GXBngV_QQv_@AuDl-yiHB{S(Jmk+lse3EPUek7~T@(nu|F-1iPn_IJ-docwlv zx_|P^!S4Rf?(T<=M{}?K1tKb3+uF0GZL+KX!CCYGtD7bxM9N(Lv^hBY`QuOj;AsP7 zeT>sajdxAzv?UIEK5LHmPfkA^?Y!UF-Q7PuJ^S!(|LC8{2Zr2o&J)htLOGW`C?~Kh zftNn-KfF8J`RC4hNzz9(+hL3=X%3e*(D^*yIX?L3O>P+OjJjrx}(EVcS4h5X%pKdRZOpB^+v1M|v?cehr}>%!pr0pgS9->nXH=MY@4R4`Yw6 zXQDeFb2PBg0%sgejFg{nEaHY{U0pU_MNq!rV$|fbW(p}+xdmO*lI%Wn4o6Y8!J+ET zSAF*1I}t+QAx@8#7`4&@eOU zJx3S?e!oH39`KnX{@aLzF-iFCBY@9{|N3Hkvl9P%yZ03T?OvXS_;2}`PY?d4gvVo1 z5euu6cGdnZv9f!opMUa+;Ul(peXSs8mh-BvN* zV3;8m#=XoqSfER{`tm;8JeU90R}Sx+ht?AkhY;82f4Im!cQx`W83hx*Vbub>YuxHWY#W2cs$$&uY&>R>4s)|SRxM+54=g(`eKlPwgF2^4 zW6p>=74S6T0!Ouh!O$|ViQB>|qYZyxnu~;vPt(DGenxH^ey5R-)?aR!+yBq*VH>)@ z{_nQwpJwKN+S-0z-v4cGKjnYAmk09y?SGa$02$Ii3Dp_tR1zrXBUdTqAQ@;!{@eCh z6cJxg7D2S3Je^v3<`wrNO&Qi|rAJ+YwNl132e98&CQgiu5-zp-3Hmd|AstW>ARNcg zFVFdvAed!PUZ9s-&_|9giH}oG5NBh8-en?6QDZov;o|D`QhmzNYoOJ}IA+pb(O;UBv#O=iXy@=8^v~zDxGMnezYn%S!&I zZnyg+|L^5#vj4%DPq+OwW@mdOTd~FBxZgwU`7sd*^{q3^nJFl2lvOf`-Q$lR1r6z6 z5NGk2BtD4*gtV!orZCM-JB89^<~W6dl-&h40sZDg2cxp0B+ln=pi}<4H7!&QJLA+Y ze+w)vqPfV$*CfG1Qh2#I&1Z#GnR`$V$(SXRf8e-|q2muYv{NX*te`n7j;t&-l1dgF@n z500KbU*PjQaX}N1DSn-GfNMv3T1@;^ILx?X8s)uPubcT+i7ZrOfhP5}@)CJ1Gbb{c ze24gk52OFhq5o5r8hB;r|IfEyR_s69n@{;)@8xOG|MM}Qz6Z$CMn6)W-}K`_^nDRd zOX*~}l@(md49c>025Q7i>hqbvWKoqu%~Q2XK&GjUP$E+rAsrNeQ<3JF*p>*q}$Q>HBhh(vmbJiw;U@kV_*JV=<&ea%X_{;b)!;Abki-L*uMm&>OI z@;F`P_O7}^3mFc6!Xb`)lGxlm*SKgMJX^Gjx_U&!4NI=1vU~MP9qIS}(Oa+jtW-vH zFPfdo3Xcx}Y7(s&(7u&uMdAs|r3*9EHFJ4MJB>N?|A+~42kn2h|L@Bey|VtlwY~ME z|KG>cp#PgOpW*#0OFbIh|C!FJV;R^ldLDX91f0?07ZSv^D-v0UVhm*6{&(^QfOX7VbZ}hijzp2q=oA%X z4E<4>l!t>r@;8BZ`o}l7v0E+VB1HTVLvlLxJDq15mHxAg$ga(f56=!42qARz;cUN; z4g?zG2@?2t7cCCWLZ>;) z*3FF=l}n&x22cK@9Z#B>ZB<>i**EWa|GVH~>Ta|(7hms&DHkL;IDP;*cl=@R{AlNJ zzchw13#wuvY;tgY{T<(E_Dy{)SEDAGV)jJf=ys=poy&!`=5j`rCc7Vw&UOxt_D|{- zfS3hk!aOrXtX&TBOp3C<+2T-0mp4^>8vb*Cp_~fChP};guj_TaUjJ41RaZ)#loK>z zX<{pCZbAB(ew6T+IJE~XxxqZ_eeUtq5 z8^G!Nzh1YyUAh1HV)Mn*{_j4XhW%eQ=F>NTr~0z_BiRAYoAK%%&VK&5F+tWU(E@Zh zw!DOmKKawGTeyXjzkZF@6C4FQVLZY|=@_kVZC3VykHMC?xMzs%DsY+yRQsn|Amx9x zm(zzB{|S+HI4D?q_E^+rW}0Pnh(&U~M-t0jq+)xRl0wV1yFF)ypk-q;J^fP+hEr47 zEE~JJlteW+naEnpZeGU`Yif~9y^DBS$No|DVmEcnosk#oSnqa(3N2eM? zxqwMs9NFdJP#5F3(EQX8r^~}*T8P?N_$+_DYmA{f7b;6$>!!rwoClpHuXD}OQ*C7a zZa<&+?wR?0?FHzbgOl&F$wE|BvnNQ~bAkc^d71X3S?90JTfzBe4KJgA))5ev0!U zoWXX@rL$xGvwSyA`EnTd&Z$nD<~|4*BzzXS$UWOV2FulqyMWp8ScXc?g+D9&4zyZ8 zd>W*tONlrNZh0_0tq;auAnU=jE<{nNuvFdUpMdOrY7(Tun?Lb!2x> zewv1#ZtbV346k()LCQxJ%4v>HEEt0d1P*uec;kuj3SWteHvjr>j0cOW0W;SBt#d5E9+SvK$({6s@#W7y|a(CSd6lcn=d#bAAt^ zRbXd)d`xul=>%G4>^&R$W8%)ziFFN&-tWovV?HY`>P6XLRyC*xSD5M~;=SKrnL`(w zraBoeENf6W6$}FX7dv^TEWk}brc`>eKRwtpkNyWn$J>YhnxX$~ZuZLYAA8%|Px{~e zJPrEaC1Zk%1jmi4pJ9thOa$TfiYg{?f4RCImW(#;_Ndq9^mgda3neta;@=)_-gyFF0*%+|6?Of5g zWl;W>lg4M`82k2+;bgd~2+}MSc>wteP`ZJhsmynPLY<9O0>~!G*>{19*4J?mp!HrB zTbi~qm(geB{;$nT6qh%l)M03T2q2QxjEwfs%`D)tNE+?+AgSDlh6vCj35k5--cb-i zgG-_sTsxgZ0xgwd<2riHIlJ@At}Brp1khU=d973Wxft_VKn5#ZV989bT@ee;4LBf! zr4oPt&lKCKS#UGyFIPu+IBTI6zUd=I{#NeK&l+I3ec_9 ztfIl{7W&VEYL@Qz;_BQq?!Y`s$0VV?J9Y1|%;iaMJKRCYuz300eW9S<=W1wL|kDJOXQ5|b^bd5tAp#LMqk)UFNG82#j zgIIzLhT0N@*1x-MY4DXsYB5X5kbFLb*cKQ6_or_A$KU_Q`oBE*<4bqr<+s*}UmU0?d>yFaUBD8}(4adN6R5xK8cX*|=2 zDs=?<@kZ(&?lgp-RartW!U}0k&UKz%a*+K>&6=}1 zDaP@+NaK*4_n@OQn$1i=<)&v<%j z_cniLzdkFxw!a*gzt|t&QTV#~Ja1FIdH(9f_RG9c^>TY_`+4t`RrpN3|MABcz23{s z?QN^dF?{N6zIgTHk3V)_zIwj-GOyUu>{>pt&b<(_5zWSpU8(rC`S5vXoB3ymV-5pa zEYd??jc909=KM2uHDk7>(N)B5A|%n(GZk3wj(&Ra#MNh0Jtjs^ykV$xt=iQjm+q^0nOcjElqyN9VdQ$>sExGg{7IIbG$% zg!u8AS=ppqDDs4%ZEnUP!J1ciBKa9>g7O_2(WrcgU_;i z?OvG+>4r|%XoyhQJ^zW;pK+V~>v~l4SEWW?qi1x1nf2wC#&8qRK{na$%_(01^*;LU z+RdfGog_>iT<<$xaPij6+{#X9fLkTDxAn)ECV{~J>At1U*56V3Y%M5#wwk2Ryc_}> zOtkJ3$&c&fG#pe`BzrEcVtJxrNFRhlp8p*=KlU%u#!nd@o9B^}g%a_Hv%ORLUz zvNdBVHGe;}@6*#WkN+QuAan|&k$~*2i?=c3{zvacw|xJz*L%wUb3e})@c(n(t8fB3 zvoS$CG4@9Uow9+r!3jZcSQ-T?cJ}(t>6;cxrSL^8B8Vku%o5`GED{O5Oa)7jiB5or z2_a(=3GN|uN(jI{`fzrzyN?DmBq*R)7%aHT)eP+k2C-`u_EtxA|2L31w%hc& z&bln%>Q8R#e?t?NLO5M1(^F0?xa6}>Vu5Icq^b~79Qnj_D1+{)z_}6vyA+s42tx-< zzU}vhYQk|4GLbTGZf-mbSb8iOc1))_?+w}66cWx+LjFu?qVg~6Fq)Sk zK_R}8!vv!NLrf!dlTbmU;RfP*j2(L{asnBoC@%~aix7^GyK{;TPF?iV&gsGFhV$#e z+0P$7o}piNPEK}?&JOlZ(T5YX`{8Ks;OyYT(JA`y2JIaEhTa_6KQ_jIl9Y=u!xw^I2dZjyF zo`brqvQ_j7y>~ax_v*Wgyw-n*MQpbGZ_eXAZyU4ZfA2-NB>%U1Px+tk=g~@`xt#=q zouxSV_RYyX8T#nD=UmY!=%Zs6IObkW-$9VBz7KJ+D_2$WJoFy=_N`rFBUe`j&xk(y z@&(o0QTdAgOqn1O8>ExW%SI6@%-(Vec@KR>k<{`dfu5_n);$&lz#Wlr?D0`&#MqVF zhm`e>lrepf3{rk)l%ZohB*$qOs<=N~fh@o615#RfuAuNG&pnS&9#~l+)7E6X84}^B zFzW!lk1kU_xn!U9OC3hIk3M}bi+=yRevgwOmoI0JLSNGPmzr<}-@XB~MC$R0IA$UB zCw+88u1Vq`6epA=R7|qOHEO^#pvu=`haZ~HpPu@sN&b6sYS3ZC5_0D@X2}2U%Wf(E zfA3|lyZI#l@8elR$5;rGL>%-&7;tnmA`!YwX$U%YjQuM-B;0e>(3#YDc^X5I0>noo z4AC%TmuQTIKLUL+At4s@njpv%lfRcb*&2$-P;VpRgbe6st@opUYkBBH6i#4E5i69W zN{2!k5zq1VPR~z;+-98Y@9Z7!d*i?xGBJ)rXASML@t8&Em)%no(1bhQkctlctNP=3 zmwzQ4_}9D`4LkB5^OIjkogC05_OH?y6npOc;PIQ-`N6xySI!Tf7|Xv|LWj-||BthV ze!&T4DMtr;``q#3g#AH$;dnG4xTA_E><`Dg<~|EZ$8mn}hRl)6j9fZ9j!!!etUxx+ z|BTE_Xk+^P-`eW+%Jcul=GN2x|6ZOobfP%`?W&ge-TubDx%G~PLSKe_HAgdsxh2ccV{U(=tPg$kDS>QqsT5|sFQ>J-#y=`x+`};a% zwCZ;{bUgI|dXR2`Q%7?O@I-ByL$mcamr|G~v1B(Db{7H$4#iWAa8|Mux@5|h52 zZ(>FZvV7YrK2IAvahxmAo8Gp!Iir!hLR*!e*^1+USdQg>Sdsk_j2;BB!GQV{htmex zLkAIxaU!UnhB(L;Kp15WA*?4zyBXcpDy&BZ@DYH0Ku7e(u7`R<4zXz z5Tu{fFxpz|T!!qjGsZM3%OMMJ%X9XzKQhhd48@V$p_9PkyGv!F$hxwDaLA&eT5E7L zDRHdlfYE3QPs&!bS{)$F5k@?{)L%*rZB^n7i4hiHIP!6X0?2+3c={|F&|#Wb73J#+ z3W5!Z7?H$t-mnDGh>Ilk^{k4}h}|fA4i`8K0fI72>EV&f@qi@8toJF%((j{y`KkP) z#P|X8c^)@Xj+%VaQ58FR{WgQS-Qgr0v`0+Rzmq4>vHoo9s;#L#VAmu`Xh0NgQZCq- z{zXcBrUq*RaYE3i-6{b!&1QCHj3YcGHoDnpv~#ZPtmSVr&eeR`@*F9o7I>VUR1Rg~ znzdpQvy(+8R2Avq!Yc z0^&G7p#Oc5dHL@E;Y3*#!H(-V?=q_O(Z#>NMm=xyh1YF&FH~!KR>~i1=o20cXhg*% z?}8LG1MEZFly!`939Xh8(X{@LF$-|`S`GgH3dxBK*p}n`@WY;(%KaaHKo?)WU6_{h z&Hl0*&mp%QXU7VTAsE6zW<$^CiZ=z#DPb{|jrWwMWJk?x72W_BfI5`M`11*YMSbb4Qr}7iwO+Sd zix`dW1F^i7Dq?kLsSuO9#~(im8q&Xj`HxBB%f)0!R*32JhAYUw%82U2#!iLJSu%b$ z=qchzEhS?d>zGbU$D#IWEQ zm!+kqXO>`PG%z}!QUO4tsVGc~=`~qnnZ~JFl*huKVp9l-30KEE2q%nb((1l_GSxat48YQk@(2HxN(#ktC2L8YH^d zY{v=vJgG3(r{4?M??>0GKzl#BR`?oRNpwvU7Qu$#8Yff^Lq1b0b8D|zrKxt{O~S@2 z>VyP6Z$~Pf7~?oL8n{m4z!Ic{(jks#_3RfGreks_HK3KSmJPqkT-WdwfudI8ue0~3 zazgU?IHcm-kCH3-9z-IB2cm@UVt zPDkcnkwhI6W^1EYFGk}u4AqIA+jkEJM@$?igp)|P8?H&UUbecI!EH5|(5{s&(*yS})q$VWOF94h=+jOZA}+v3 zNtd(4lEh21BN!<om)Bof+L*orR{Rg(+JzQ`$G43oF7VgI~cVqG1`C)tE_2(5IV7 zOyLpZD(AQSV?_uR+NhxAf;F;DKI3s55-(&v4&6pHCE)CjRpVP|tcrMNPBhOZ@v7La zxxp&B2a>+o=GmP7Rr(;7Zbh*mSFo}r2Nf&Z*A;<-Wp{##FZC6a0Pzt^!$3;hn}iBM zA~YfisfZXCl;VQ|4A7D4JLJ_AUuh@n8Z2(BxZE5KfDG2YwpslR={1Q6=f?@VTsA`& zU{@^?>LX|Z3Bdt{U$HF9m1QX)0@Kj89py(EO;)3Ym&E+N!Kj^K(^lBn=Su2LSm8qJX>oUU$RgsmdIgm+Nh~f{qDGMPAU>%vZRl znz^5vdoLBSfSBwl%SO@yJw-K$S+KJ*Eu{#2Iu%&gSTip{8Ln=x^2wh`O%V59Srjgrj5AuR4DeP1nsT9} zINT#4o@mLtT1;yiY&p)`1V;kN6#x#S35V4iobIown8=rD%tb=*7-3zSZ%fF2XV%O<(LH?Iv9Za+6_n) z2JU6nwNFGoQ!dqT-3;HzoZXBg+J${;a{<135|HvWX*jn@*w_Sgljtb|sWXwhE;wjs zVr!Skp`bn%27tz>LAh2Zt8QN;DcP_Rcf0*B-!|MUDFoG@konu~e{q$^lzOR>-K)R< zxY5bL)tMxtfv-NWD*-URZDht-3CAR3hEKLut`AM2?Uk^Y0^M>PCFAP}RAu*-9Cq2D zVK-+DF;z#(ms}(mTm@m!@s*q!nw@iI)&7^+9_)K{CznsSAY%`G%cx$im2T zgw1K1WHDSgT5CQ6&6=5VYQ^gm#UmD-Ft!5G(b&{fuYsEMm`g{k(!x~1nqNd)5h9RF zv+5+2y9rfu=&lG8D@m`lLzeueBAn7F-!3Z=4;S@F;(@1gBx_!n=px#D+-Op^GncNa zKeg7x-7w{XBnQWC36+|}Vyi){rlF}Wo4Oh@c`s+O>pa=bR@}AeUY**8OE|h2fgd@- zc)vXPwN=mqtqulpg`I&=i*6icZyfc@JvLM4{pO71{ zQ`U&W?erx#Uw}PzG|i%MF~=OGJX{@)fkkcIt6^=$mX$ z&uyNj`=9!(HG9#{H%JRdftqpu`(?Kh|6_A=`^D4!&--}R&=NvFt)b-ve_BJ!2>-N( zmK6YM4J{=E)Ec^75U4e04J{T2O4e9LD5y1b_h3+KXldb~*3dEnLam`0A)y=&&K^9yFYH4crhU* zkvItYsC^yi)S=8KnEfs~U(#jhy> zM`#VjnDZN!1bt9kuc^Kwt8V~w(0+8C+5U7j5%L<8z�GgH6tqP`0>PT`152`*JIQ zlrE4<0Ba5~#by-jioML?w z-AKMuQG>22xq*m6inH=KQieo_=0I|x4&OLHXLJ5-_=1(vGAim&s^9G_4E)y`h4-=NgAeAJiXajRV2XK2x7-M_F z!4XLN@bVE>IA6*oG_x_t{a9kpkTz0bwV(}akPXm2dJ8;ieNw$4(U3-jBs3b<4809n zBE1M?xkFTwq6V-%mcVz7L#cr6SY@j8zAcK-vK&cP=6grY9+0K5BhI+n5~ot?9cO~c zH8R0ze~lduZXwjbnbs4WiqUzRP+20|7b|#1 z=z||P>!^!a9rx;lk*d-GZoSC5=S-X?1gH0sQn*G~{xqNz_o~P&Od3s9E{|o>C|NoJ1 JWljL@6adxIbD97E literal 0 HcmV?d00001 diff --git a/charts/redpanda/redpanda/5.9.12/.helmignore b/charts/redpanda/redpanda/5.9.12/.helmignore new file mode 100644 index 000000000..d5bb5e6ba --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/.helmignore @@ -0,0 +1,28 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +README.md.gotmpl +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +*.go +testdata/ +ci/ diff --git a/charts/redpanda/redpanda/5.9.12/Chart.lock b/charts/redpanda/redpanda/5.9.12/Chart.lock new file mode 100644 index 000000000..5a800ffdb --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: console + repository: https://charts.redpanda.com + version: 0.7.30 +- name: connectors + repository: https://charts.redpanda.com + version: 0.1.14 +digest: sha256:f83ed4d31b640367a327361d6a431bc14be379efc74fa1df157bd6431b095b68 +generated: "2024-11-21T19:38:03.064791+01:00" diff --git a/charts/redpanda/redpanda/5.9.12/Chart.yaml b/charts/redpanda/redpanda/5.9.12/Chart.yaml new file mode 100644 index 000000000..c57308504 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/Chart.yaml @@ -0,0 +1,38 @@ +annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v24.2.7 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.10.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda +apiVersion: v2 +appVersion: v24.2.7 +dependencies: +- condition: console.enabled + name: console + repository: https://charts.redpanda.com + version: '>=0.5 <1.0' +- condition: connectors.enabled + name: connectors + repository: https://charts.redpanda.com + version: '>=0.1.2 <1.0' +description: Redpanda is the real-time engine for modern apps. +icon: file://assets/icons/redpanda.svg +kubeVersion: '>=1.21-0' +maintainers: +- name: redpanda-data + url: https://github.com/orgs/redpanda-data/people +name: redpanda +sources: +- https://github.com/redpanda-data/helm-charts +type: application +version: 5.9.12 diff --git a/charts/redpanda/redpanda/5.9.12/LICENSE b/charts/redpanda/redpanda/5.9.12/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/redpanda/redpanda/5.9.12/README.md b/charts/redpanda/redpanda/5.9.12/README.md new file mode 100644 index 000000000..209a6cd0c --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/README.md @@ -0,0 +1,1220 @@ +# Redpanda Helm Chart Specification +--- +description: Find the default values and descriptions of settings in the Redpanda Helm chart. +--- + +![Version: 5.9.12](https://img.shields.io/badge/Version-5.9.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v24.2.7](https://img.shields.io/badge/AppVersion-v24.2.7-informational?style=flat-square) + +This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/redpanda/values.yaml). Each of the settings is listed and described on this page, along with any default values. + +For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the [deployment documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-deploy/). + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) + +## Source Code + +* + +## Requirements + +Kubernetes: `>= 1.25.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.redpanda.com | connectors | >=0.1.2 <1.0 | +| https://charts.redpanda.com | console | >=0.5 <1.0 | + +## Settings + +### [affinity](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=affinity) + +Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). + +**Default:** `{}` + +### [auditLogging](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging) + +Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0. + +**Default:** + +``` +{"clientMaxBufferSize":16777216,"enabled":false,"enabledEventTypes":null,"excludedPrincipals":null,"excludedTopics":null,"listener":"internal","partitions":12,"queueDrainIntervalMs":500,"queueMaxBufferSizePerShard":1048576,"replicationFactor":null} +``` + +### [auditLogging.clientMaxBufferSize](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.clientMaxBufferSize) + +Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages. + +**Default:** `16777216` + +### [auditLogging.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.enabled) + +Enable or disable audit logging, for production clusters we suggest you enable, however, this will only work if you also enable sasl and a listener with sasl enabled. + +**Default:** `false` + +### [auditLogging.enabledEventTypes](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.enabledEventTypes) + +Event types that should be captured by audit logs, default is [`admin`, `authenticate`, `management`]. + +**Default:** `nil` + +### [auditLogging.excludedPrincipals](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.excludedPrincipals) + +List of principals to exclude from auditing, default is null. + +**Default:** `nil` + +### [auditLogging.excludedTopics](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.excludedTopics) + +List of topics to exclude from auditing, default is null. + +**Default:** `nil` + +### [auditLogging.listener](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.listener) + +Kafka listener name, note that it must have `authenticationMethod` set to `sasl`. For external listeners, use the external listener name, such as `default`. + +**Default:** `"internal"` + +### [auditLogging.partitions](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.partitions) + +Integer value defining the number of partitions used by a newly created audit topic. + +**Default:** `12` + +### [auditLogging.queueDrainIntervalMs](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.queueDrainIntervalMs) + +In ms, frequency in which per shard audit logs are batched to client for write to audit log. + +**Default:** `500` + +### [auditLogging.queueMaxBufferSizePerShard](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.queueMaxBufferSizePerShard) + +Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard. + +**Default:** `1048576` + +### [auditLogging.replicationFactor](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auditLogging.replicationFactor) + +Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the `internal_topic_replication_factor cluster` config value. Default is `null` + +**Default:** `nil` + +### [auth](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth) + +Authentication settings. For details, see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/). + +**Default:** + +``` +{"sasl":{"bootstrapUser":{"mechanism":"SCRAM-SHA-256"},"enabled":false,"mechanism":"SCRAM-SHA-512","secretRef":"redpanda-users","users":[]}} +``` + +### [auth.sasl.bootstrapUser](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth.sasl.bootstrapUser) + +Details about how to create the bootstrap user for the cluster. The secretKeyRef is optionally specified. If it is specified, the chart will use a password written to that secret when creating the "kubernetes-controller" bootstrap user. If it is unspecified, then the secret will be generated and stored in the secret "releasename"-bootstrap-user, with the key "password". + +**Default:** + +``` +{"mechanism":"SCRAM-SHA-256"} +``` + +### [auth.sasl.bootstrapUser.mechanism](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth.sasl.bootstrapUser.mechanism) + +The authentication mechanism to use for the bootstrap user. Options are `SCRAM-SHA-256` and `SCRAM-SHA-512`. + +**Default:** `"SCRAM-SHA-256"` + +### [auth.sasl.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth.sasl.enabled) + +Enable SASL authentication. If you enable SASL authentication, you must provide a Secret in `auth.sasl.secretRef`. + +**Default:** `false` + +### [auth.sasl.mechanism](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth.sasl.mechanism) + +The authentication mechanism to use for the superuser. Options are `SCRAM-SHA-256` and `SCRAM-SHA-512`. + +**Default:** `"SCRAM-SHA-512"` + +### [auth.sasl.secretRef](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth.sasl.secretRef) + +A Secret that contains your superuser credentials. For details, see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/#use-secrets). + +**Default:** `"redpanda-users"` + +### [auth.sasl.users](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=auth.sasl.users) + +Optional list of superusers. These superusers will be created in the Secret whose name is defined in `auth.sasl.secretRef`. If this list is empty, the Secret in `auth.sasl.secretRef` must already exist in the cluster before you deploy the chart. Uncomment the sample list if you wish to try adding sample sasl users or override to use your own. + +**Default:** `[]` + +### [clusterDomain](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=clusterDomain) + +Default Kubernetes cluster domain. + +**Default:** `"cluster.local"` + +### [commonLabels](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=commonLabels) + +Additional labels to add to all Kubernetes objects. For example, `my.k8s.service: redpanda`. + +**Default:** `{}` + +### [config](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config) + +This section contains various settings supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these settings comes with some risk. Use these settings to customize various Redpanda configurations that are not covered in other sections. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. For descriptions of these properties, see the [configuration documentation](https://docs.redpanda.com/docs/cluster-administration/configuration/). + +**Default:** + +``` +{"cluster":{},"node":{"crash_loop_limit":5},"pandaproxy_client":{},"rpk":{},"schema_registry_client":{},"tunable":{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}} +``` + +### [config.cluster](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.cluster) + +[Cluster Configuration Properties](https://docs.redpanda.com/current/reference/properties/cluster-properties/) + +**Default:** `{}` + +### [config.node](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.node) + +[Broker (node) Configuration Properties](https://docs.redpanda.com/docs/reference/broker-properties/). + +**Default:** `{"crash_loop_limit":5}` + +### [config.node.crash_loop_limit](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.node.crash_loop_limit) + +Crash loop limit A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. This limit prevents a broker from getting stuck in an infinite cycle of crashes. User can disable this crash loop limit check by the following action: * One hour elapses since the last crash * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects * The startup_log file in the node’s data_directory is manually deleted Default to 5 REF: https://docs.redpanda.com/current/reference/broker-properties/#crash_loop_limit + +**Default:** `5` + +### [config.tunable](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.tunable) + +Tunable cluster properties. Deprecated: all settings here may be specified via `config.cluster`. + +**Default:** + +``` +{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912} +``` + +### [config.tunable.compacted_log_segment_size](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.tunable.compacted_log_segment_size) + +See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#compacted_log_segment_size). + +**Default:** `67108864` + +### [config.tunable.kafka_connection_rate_limit](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.tunable.kafka_connection_rate_limit) + +See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#kafka_connection_rate_limit). + +**Default:** `1000` + +### [config.tunable.log_segment_size_max](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.tunable.log_segment_size_max) + +See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#log_segment_size_max). + +**Default:** `268435456` + +### [config.tunable.log_segment_size_min](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.tunable.log_segment_size_min) + +See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#log_segment_size_min). + +**Default:** `16777216` + +### [config.tunable.max_compacted_log_segment_size](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=config.tunable.max_compacted_log_segment_size) + +See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#max_compacted_log_segment_size). + +**Default:** `536870912` + +### [connectors](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=connectors) + +Redpanda Managed Connectors settings For a reference of configuration settings, see the [Redpanda Connectors documentation](https://docs.redpanda.com/docs/deploy/deployment-option/cloud/managed-connectors/). + +**Default:** + +``` +{"deployment":{"create":false},"enabled":false,"test":{"create":false}} +``` + +### [console](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=console) + +Redpanda Console settings. For a reference of configuration settings, see the [Redpanda Console documentation](https://docs.redpanda.com/docs/reference/console/config/). + +**Default:** + +``` +{"config":{},"configmap":{"create":false},"deployment":{"create":false},"enabled":true,"secret":{"create":false}} +``` + +### [enterprise](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=enterprise) + +Enterprise (optional) For details, see the [License documentation](https://docs.redpanda.com/docs/get-started/licenses/?platform=kubernetes#redpanda-enterprise-edition). + +**Default:** + +``` +{"license":"","licenseSecretRef":{}} +``` + +### [enterprise.license](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=enterprise.license) + +license (optional). + +**Default:** `""` + +### [enterprise.licenseSecretRef](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=enterprise.licenseSecretRef) + +Secret name and key where the license key is stored. + +**Default:** `{}` + +### [external](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=external) + +External access settings. For details, see the [Networking and Connectivity documentation](https://docs.redpanda.com/docs/manage/kubernetes/networking/networking-and-connectivity/). + +**Default:** + +``` +{"enabled":true,"service":{"enabled":true},"type":"NodePort"} +``` + +### [external.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=external.enabled) + +Enable external access for each Service. You can toggle external access for each listener in `listeners..external..enabled`. + +**Default:** `true` + +### [external.service](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=external.service) + +Service allows you to manage the creation of an external kubernetes service object + +**Default:** `{"enabled":true}` + +### [external.service.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=external.service.enabled) + +Enabled if set to false will not create the external service type You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). Set this to false if you rather manage your own service. + +**Default:** `true` + +### [external.type](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=external.type) + +External access type. Only `NodePort` and `LoadBalancer` are supported. If undefined, then advertised listeners will be configured in Redpanda, but the helm chart will not create a Service. You must create a Service manually. Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. NodePort is recommended in cases where latency is a priority. + +**Default:** `"NodePort"` + +### [fullnameOverride](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=fullnameOverride) + +Override `redpanda.fullname` template. + +**Default:** `""` + +### [image](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=image) + +Redpanda Docker image settings. + +**Default:** + +``` +{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""} +``` + +### [image.pullPolicy](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=image.pullPolicy) + +The imagePullPolicy. If `image.tag` is 'latest', the default is `Always`. + +**Default:** `"IfNotPresent"` + +### [image.repository](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=image.repository) + +Docker repository from which to pull the Redpanda Docker image. + +**Default:** + +``` +"docker.redpanda.com/redpandadata/redpanda" +``` + +### [image.tag](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=image.tag) + +The Redpanda version. See DockerHub for: [All stable versions](https://hub.docker.com/r/redpandadata/redpanda/tags) and [all unstable versions](https://hub.docker.com/r/redpandadata/redpanda-unstable/tags). + +**Default:** `Chart.appVersion`. + +### [imagePullSecrets](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=imagePullSecrets) + +Pull secrets may be used to provide credentials to image repositories See the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + +**Default:** `[]` + +### [license_key](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=license_key) + +DEPRECATED Enterprise license key (optional). For details, see the [License documentation](https://docs.redpanda.com/docs/get-started/licenses/?platform=kubernetes#redpanda-enterprise-edition). + +**Default:** `""` + +### [license_secret_ref](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=license_secret_ref) + +DEPRECATED Secret name and secret key where the license key is stored. + +**Default:** `{}` + +### [listeners](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners) + +Listener settings. Override global settings configured above for individual listeners. For details, see the [listeners documentation](https://docs.redpanda.com/docs/manage/kubernetes/networking/configure-listeners/). + +**Default:** + +``` +{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}} +``` + +### [listeners.admin](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin) + +Admin API listener (only one). + +**Default:** + +``` +{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}} +``` + +### [listeners.admin.external](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.external) + +Optional external access settings. + +**Default:** + +``` +{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}} +``` + +### [listeners.admin.external.default](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.external.default) + +Name of the external listener. + +**Default:** + +``` +{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}} +``` + +### [listeners.admin.external.default.tls](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.external.default.tls) + +The port advertised to this listener's external clients. List one port if you want to use the same port for each broker (would be the case when using NodePort service). Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. If undefined, `listeners.admin.port` is used. + +**Default:** `{"cert":"external"}` + +### [listeners.admin.port](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.port) + +The port for both internal and external connections to the Admin API. + +**Default:** `9644` + +### [listeners.admin.tls](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.tls) + +Optional TLS section (required if global TLS is enabled) + +**Default:** + +``` +{"cert":"default","requireClientAuth":false} +``` + +### [listeners.admin.tls.cert](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.tls.cert) + +Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs). + +**Default:** `"default"` + +### [listeners.admin.tls.requireClientAuth](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.admin.tls.requireClientAuth) + +If true, the truststore file for this listener is included in the ConfigMap. + +**Default:** `false` + +### [listeners.http](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.http) + +HTTP API listeners (aka PandaProxy). + +**Default:** + +``` +{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}} +``` + +### [listeners.kafka](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.kafka) + +Kafka API listeners. + +**Default:** + +``` +{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}} +``` + +### [listeners.kafka.external.default.advertisedPorts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.kafka.external.default.advertisedPorts) + +If undefined, `listeners.kafka.external.default.port` is used. + +**Default:** `[31092]` + +### [listeners.kafka.external.default.port](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.kafka.external.default.port) + +The port used for external client connections. + +**Default:** `9094` + +### [listeners.kafka.port](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.kafka.port) + +The port for internal client connections. + +**Default:** `9093` + +### [listeners.rpc](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.rpc) + +RPC listener (this is never externally accessible). + +**Default:** + +``` +{"port":33145,"tls":{"cert":"default","requireClientAuth":false}} +``` + +### [listeners.schemaRegistry](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=listeners.schemaRegistry) + +Schema registry listeners. + +**Default:** + +``` +{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}} +``` + +### [logging](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=logging) + +Log-level settings. + +**Default:** + +``` +{"logLevel":"info","usageStats":{"enabled":true}} +``` + +### [logging.logLevel](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=logging.logLevel) + +Log level Valid values (from least to most verbose) are: `warn`, `info`, `debug`, and `trace`. + +**Default:** `"info"` + +### [logging.usageStats](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=logging.usageStats) + +Send usage statistics back to Redpanda Data. For details, see the [stats reporting documentation](https://docs.redpanda.com/docs/cluster-administration/monitoring/#stats-reporting). + +**Default:** `{"enabled":true}` + +### [monitoring](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=monitoring) + +Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. + +**Default:** + +``` +{"enabled":false,"labels":{},"scrapeInterval":"30s"} +``` + +### [nameOverride](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=nameOverride) + +Override `redpanda.name` template. + +**Default:** `""` + +### [nodeSelector](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=nodeSelector) + +Node selection constraints for scheduling Pods, can override this for StatefulSets. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). + +**Default:** `{}` + +### [post_install_job.affinity](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=post_install_job.affinity) + +**Default:** `{}` + +### [post_install_job.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=post_install_job.enabled) + +**Default:** `true` + +### [post_install_job.podTemplate.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=post_install_job.podTemplate.annotations) + +Additional annotations to apply to the Pods of this Job. + +**Default:** `{}` + +### [post_install_job.podTemplate.labels](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=post_install_job.podTemplate.labels) + +Additional labels to apply to the Pods of this Job. + +**Default:** `{}` + +### [post_install_job.podTemplate.spec](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=post_install_job.podTemplate.spec) + +A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See [Merge Semantics](#merging-semantics) for details. + +**Default:** + +``` +{"containers":[{"env":[],"name":"post-install","securityContext":{}}],"securityContext":{}} +``` + +### [rackAwareness](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rackAwareness) + +Rack Awareness settings. For details, see the [Rack Awareness documentation](https://docs.redpanda.com/docs/manage/kubernetes/kubernetes-rack-awareness/). + +**Default:** + +``` +{"enabled":false,"nodeAnnotation":"topology.kubernetes.io/zone"} +``` + +### [rackAwareness.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rackAwareness.enabled) + +When running in multiple racks or availability zones, use a Kubernetes Node annotation value as the Redpanda rack value. Enabling this requires running with a service account with "get" Node permissions. To have the Helm chart configure these permissions, set `serviceAccount.create=true` and `rbac.enabled=true`. + +**Default:** `false` + +### [rackAwareness.nodeAnnotation](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rackAwareness.nodeAnnotation) + +The common well-known annotation to use as the rack ID. Override this only if you use a custom Node annotation. + +**Default:** + +``` +"topology.kubernetes.io/zone" +``` + +### [rbac](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac) + +Role Based Access Control. + +**Default:** + +``` +{"annotations":{},"enabled":false} +``` + +### [rbac.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac.annotations) + +Annotations to add to the `rbac` resources. + +**Default:** `{}` + +### [rbac.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=rbac.enabled) + +Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. + +**Default:** `false` + +### [resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources) + +Pod resource management. This section simplifies resource allocation by providing a single location where resources are defined. Helm sets these resource values within the `statefulset.yaml` and `configmap.yaml` templates. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. For details, see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/). + +**Default:** + +``` +{"cpu":{"cores":1},"memory":{"container":{"max":"2.5Gi"}}} +``` + +### [resources.cpu](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources.cpu) + +CPU resources. For details, see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/#configure-cpu-resources). + +**Default:** `{"cores":1}` + +### [resources.cpu.cores](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources.cpu.cores) + +Redpanda makes use of a thread per core model. For details, see this [blog](https://redpanda.com/blog/tpc-buffers). For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the [GitHub issue](https://github.com/redpanda-data/redpanda/issues/350). This setting is equivalent to `--smp`, `resources.requests.cpu`, and `resources.limits.cpu`. For production, use `4` or greater. To maximize efficiency, use the `static` CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy. + +**Default:** `1` + +### [resources.memory](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources.memory) + +Memory resources For details, see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/#configure-memory-resources). + +**Default:** + +``` +{"container":{"max":"2.5Gi"}} +``` + +### [resources.memory.container](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources.memory.container) + +Enables memory locking. For production, set to `true`. enable_memory_locking: false It is recommended to have at least 2Gi of memory per core for the Redpanda binary. This memory is taken from the total memory given to each container. The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for the Seastar subsystem (reserveMemory) and other container processes. So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. These values affect `--memory` and `--reserve-memory` flags passed to Redpanda and the memory requests/limits in the StatefulSet. Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi To create `Guaranteed` Pod QoS for Redpanda brokers, provide both container max and min values for the container. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. + +**Default:** `{"max":"2.5Gi"}` + +### [resources.memory.container.max](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=resources.memory.container.max) + +Maximum memory count for each Redpanda broker. Equivalent to `resources.limits.memory`. For production, use `10Gi` or greater. + +**Default:** `"2.5Gi"` + +### [serviceAccount](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount) + +Service account management. + +**Default:** + +``` +{"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""} +``` + +### [serviceAccount.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.annotations) + +Annotations to add to the service account. + +**Default:** `{}` + +### [serviceAccount.automountServiceAccountToken](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.automountServiceAccountToken) + +Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers + +**Default:** `false` + +### [serviceAccount.create](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.create) + +Specifies whether a service account should be created. + +**Default:** `false` + +### [serviceAccount.name](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=serviceAccount.name) + +The name of the service account to use. If not set and `serviceAccount.create` is `true`, a name is generated using the `redpanda.fullname` template. + +**Default:** `""` + +### [statefulset.additionalRedpandaCmdFlags](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.additionalRedpandaCmdFlags) + +Additional flags to pass to redpanda, + +**Default:** `[]` + +### [statefulset.additionalSelectorLabels](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.additionalSelectorLabels) + +Additional labels to be added to statefulset label selector. For example, `my.k8s.service: redpanda`. + +**Default:** `{}` + +### [statefulset.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.annotations) + +DEPRECATED Please use statefulset.podTemplate.annotations. Annotations are used only for `Statefulset.spec.template.metadata.annotations`. The StatefulSet does not have any dedicated annotation. + +**Default:** `{}` + +### [statefulset.budget.maxUnavailable](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.budget.maxUnavailable) + +**Default:** `1` + +### [statefulset.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.extraVolumes](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.extraVolumes) + +**Default:** `""` + +### [statefulset.initContainerImage.repository](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainerImage.repository) + +**Default:** `"busybox"` + +### [statefulset.initContainerImage.tag](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainerImage.tag) + +**Default:** `"latest"` + +### [statefulset.initContainers.configurator.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.configurator.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.initContainers.configurator.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.configurator.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. + +**Default:** `{}` + +### [statefulset.initContainers.extraInitContainers](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.extraInitContainers) + +**Default:** `""` + +### [statefulset.initContainers.fsValidator.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.fsValidator.enabled) + +**Default:** `false` + +### [statefulset.initContainers.fsValidator.expectedFS](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.fsValidator.expectedFS) + +**Default:** `"xfs"` + +### [statefulset.initContainers.fsValidator.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.fsValidator.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.initContainers.fsValidator.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.fsValidator.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. + +**Default:** `{}` + +### [statefulset.initContainers.setDataDirOwnership.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.setDataDirOwnership.enabled) + +In environments where root is not allowed, you cannot change the ownership of files and directories. Enable `setDataDirOwnership` when using default minikube cluster configuration. + +**Default:** `false` + +### [statefulset.initContainers.setDataDirOwnership.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.setDataDirOwnership.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.initContainers.setDataDirOwnership.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.setDataDirOwnership.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. + +**Default:** `{}` + +### [statefulset.initContainers.setTieredStorageCacheDirOwnership.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.setTieredStorageCacheDirOwnership.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.initContainers.setTieredStorageCacheDirOwnership.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.setTieredStorageCacheDirOwnership.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. + +**Default:** `{}` + +### [statefulset.initContainers.tuning.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.tuning.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.initContainers.tuning.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.initContainers.tuning.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. + +**Default:** `{}` + +### [statefulset.livenessProbe.failureThreshold](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.livenessProbe.failureThreshold) + +**Default:** `3` + +### [statefulset.livenessProbe.initialDelaySeconds](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.livenessProbe.initialDelaySeconds) + +**Default:** `10` + +### [statefulset.livenessProbe.periodSeconds](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.livenessProbe.periodSeconds) + +**Default:** `10` + +### [statefulset.nodeSelector](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.nodeSelector) + +Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global `nodeSelector` value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). + +**Default:** `{}` + +### [statefulset.podAffinity](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAffinity) + +Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). + +**Default:** `{}` + +### [statefulset.podAntiAffinity](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAntiAffinity) + +Anti-affinity rules for scheduling Pods of this StatefulSet. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). You may either edit the default settings for anti-affinity rules, or specify new anti-affinity rules to use instead of the defaults. + +**Default:** + +``` +{"custom":{},"topologyKey":"kubernetes.io/hostname","type":"hard","weight":100} +``` + +### [statefulset.podAntiAffinity.custom](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAntiAffinity.custom) + +Change `podAntiAffinity.type` to `custom` and provide your own podAntiAffinity rules here. + +**Default:** `{}` + +### [statefulset.podAntiAffinity.topologyKey](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAntiAffinity.topologyKey) + +The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc. + +**Default:** `"kubernetes.io/hostname"` + +### [statefulset.podAntiAffinity.type](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAntiAffinity.type) + +Valid anti-affinity types are `soft`, `hard`, or `custom`. Use `custom` if you want to supply your own anti-affinity rules in the `podAntiAffinity.custom` object. + +**Default:** `"hard"` + +### [statefulset.podAntiAffinity.weight](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podAntiAffinity.weight) + +Weight for `soft` anti-affinity rules. Does not apply to other anti-affinity types. + +**Default:** `100` + +### [statefulset.podTemplate.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podTemplate.annotations) + +Additional annotations to apply to the Pods of the StatefulSet. + +**Default:** `{}` + +### [statefulset.podTemplate.labels](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podTemplate.labels) + +Additional labels to apply to the Pods of the StatefulSet. + +**Default:** `{}` + +### [statefulset.podTemplate.spec](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.podTemplate.spec) + +A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See [Merge Semantics](#merging-semantics) for details. + +**Default:** + +``` +{"containers":[{"env":[],"name":"redpanda","securityContext":{}}],"securityContext":{}} +``` + +### [statefulset.priorityClassName](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.priorityClassName) + +PriorityClassName given to Pods of this StatefulSet. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). + +**Default:** `""` + +### [statefulset.readinessProbe.failureThreshold](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.readinessProbe.failureThreshold) + +**Default:** `3` + +### [statefulset.readinessProbe.initialDelaySeconds](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.readinessProbe.initialDelaySeconds) + +**Default:** `1` + +### [statefulset.readinessProbe.periodSeconds](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.readinessProbe.periodSeconds) + +**Default:** `10` + +### [statefulset.readinessProbe.successThreshold](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.readinessProbe.successThreshold) + +**Default:** `1` + +### [statefulset.replicas](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.replicas) + +Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster) + +**Default:** `3` + +### [statefulset.securityContext](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.securityContext) + +DEPRECATED: Prefer to use podTemplate.spec.securityContext or podTemplate.spec.containers[0].securityContext. + +**Default:** + +``` +{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":101} +``` + +### [statefulset.sideCars.configWatcher.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.configWatcher.enabled) + +**Default:** `true` + +### [statefulset.sideCars.configWatcher.extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.configWatcher.extraVolumeMounts) + +**Default:** `""` + +### [statefulset.sideCars.configWatcher.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.configWatcher.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the `static` CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy + +**Default:** `{}` + +### [statefulset.sideCars.configWatcher.securityContext](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.configWatcher.securityContext) + +**Default:** `{}` + +### [statefulset.sideCars.controllers.createRBAC](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.createRBAC) + +**Default:** `true` + +### [statefulset.sideCars.controllers.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.enabled) + +**Default:** `false` + +### [statefulset.sideCars.controllers.healthProbeAddress](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.healthProbeAddress) + +**Default:** `":8085"` + +### [statefulset.sideCars.controllers.image.repository](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.image.repository) + +**Default:** + +``` +"docker.redpanda.com/redpandadata/redpanda-operator" +``` + +### [statefulset.sideCars.controllers.image.tag](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.image.tag) + +**Default:** `"v2.3.0-24.3.1"` + +### [statefulset.sideCars.controllers.metricsAddress](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.metricsAddress) + +**Default:** `":9082"` + +### [statefulset.sideCars.controllers.resources](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.resources) + +To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the `static` CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy + +**Default:** `{}` + +### [statefulset.sideCars.controllers.run[0]](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.run[0]) + +**Default:** `"all"` + +### [statefulset.sideCars.controllers.securityContext](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.sideCars.controllers.securityContext) + +**Default:** `{}` + +### [statefulset.startupProbe](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.startupProbe) + +Adjust the period for your probes to meet your needs. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + +**Default:** + +``` +{"failureThreshold":120,"initialDelaySeconds":1,"periodSeconds":10} +``` + +### [statefulset.terminationGracePeriodSeconds](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.terminationGracePeriodSeconds) + +Termination grace period in seconds is time required to execute preStop hook which puts particular Redpanda Pod (process/container) into maintenance mode. Before settle down on particular value please put Redpanda under load and perform rolling upgrade or rolling restart. That value needs to accommodate two processes: * preStop hook needs to put Redpanda into maintenance mode * after preStop hook Redpanda needs to handle gracefully SIGTERM signal Both processes are executed sequentially where preStop hook has hard deadline in the middle of terminationGracePeriodSeconds. REF: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + +**Default:** `90` + +### [statefulset.tolerations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.tolerations) + +Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). + +**Default:** `[]` + +### [statefulset.topologySpreadConstraints[0].maxSkew](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.topologySpreadConstraints[0].maxSkew) + +**Default:** `1` + +### [statefulset.topologySpreadConstraints[0].topologyKey](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.topologySpreadConstraints[0].topologyKey) + +**Default:** + +``` +"topology.kubernetes.io/zone" +``` + +### [statefulset.topologySpreadConstraints[0].whenUnsatisfiable](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.topologySpreadConstraints[0].whenUnsatisfiable) + +**Default:** `"ScheduleAnyway"` + +### [statefulset.updateStrategy.type](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=statefulset.updateStrategy.type) + +**Default:** `"RollingUpdate"` + +### [storage](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage) + +Persistence settings. For details, see the [storage documentation](https://docs.redpanda.com/docs/manage/kubernetes/configure-storage/). + +**Default:** + +``` +{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}} +``` + +### [storage.hostPath](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.hostPath) + +Absolute path on the host to store Redpanda's data. If unspecified, then an `emptyDir` volume is used. If specified but `persistentVolume.enabled` is true, `storage.hostPath` has no effect. + +**Default:** `""` + +### [storage.persistentVolume](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume) + +If `persistentVolume.enabled` is true, a PersistentVolumeClaim is created and used to store Redpanda's data. Otherwise, `storage.hostPath` is used. + +**Default:** + +``` +{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""} +``` + +### [storage.persistentVolume.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.annotations) + +Additional annotations to apply to the created PersistentVolumeClaims. + +**Default:** `{}` + +### [storage.persistentVolume.labels](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.labels) + +Additional labels to apply to the created PersistentVolumeClaims. + +**Default:** `{}` + +### [storage.persistentVolume.nameOverwrite](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.nameOverwrite) + +Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to `persistentVolume` + +**Default:** `""` + +### [storage.persistentVolume.storageClass](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.persistentVolume.storageClass) + +To disable dynamic provisioning, set to `-`. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack). + +**Default:** `""` + +### [storage.tiered.config](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config) + +Tiered Storage settings Requires `enterprise.licenseKey` or `enterprised.licenseSecretRef` For details, see the [Tiered Storage documentation](https://docs.redpanda.com/docs/manage/kubernetes/tiered-storage/). For a list of properties, see [Object Storage Properties](https://docs.redpanda.com/current/reference/properties/object-storage-properties/). + +**Default:** + +``` +{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false} +``` + +### [storage.tiered.config.cloud_storage_cache_size](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_cache_size) + +Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_cache_size). + +**Default:** `5368709120` + +### [storage.tiered.config.cloud_storage_enable_remote_read](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_enable_remote_read) + +Cluster level default remote read configuration for new topics. See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_enable_remote_read). + +**Default:** `true` + +### [storage.tiered.config.cloud_storage_enable_remote_write](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_enable_remote_write) + +Cluster level default remote write configuration for new topics. See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_enable_remote_write). + +**Default:** `true` + +### [storage.tiered.config.cloud_storage_enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_enabled) + +Global flag that enables Tiered Storage if a license key is provided. See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_enabled). + +**Default:** `false` + +### [storage.tiered.hostPath](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.hostPath) + +Absolute path on the host to store Redpanda's Tiered Storage cache. + +**Default:** `""` + +### [storage.tiered.persistentVolume.annotations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.persistentVolume.annotations) + +Additional annotations to apply to the created PersistentVolumeClaims. + +**Default:** `{}` + +### [storage.tiered.persistentVolume.labels](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.persistentVolume.labels) + +Additional labels to apply to the created PersistentVolumeClaims. + +**Default:** `{}` + +### [storage.tiered.persistentVolume.storageClass](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.persistentVolume.storageClass) + +To disable dynamic provisioning, set to "-". If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack). + +**Default:** `""` + +### [tests.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tests.enabled) + +**Default:** `true` + +### [tls](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls) + +TLS settings. For details, see the [TLS documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/kubernetes-tls/). + +**Default:** + +``` +{"certs":{"default":{"caEnabled":true},"external":{"caEnabled":true}},"enabled":true} +``` + +### [tls.certs](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls.certs) + +List all Certificates here, then you can reference a specific Certificate's name in each listener's `listeners..tls.cert` setting. + +**Default:** + +``` +{"default":{"caEnabled":true},"external":{"caEnabled":true}} +``` + +### [tls.certs.default](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls.certs.default) + +This key is the Certificate name. To apply the Certificate to a specific listener, reference the Certificate's name in `listeners..tls.cert`. + +**Default:** `{"caEnabled":true}` + +### [tls.certs.default.caEnabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls.certs.default.caEnabled) + +Indicates whether or not the Secret holding this certificate includes a `ca.crt` key. When `true`, chart managed clients, such as rpk, will use `ca.crt` for certificate verification and listeners with `require_client_auth` and no explicit `truststore` will use `ca.crt` as their `truststore_file` for verification of client certificates. When `false`, chart managed clients will use `tls.crt` for certificate verification and listeners with `require_client_auth` and no explicit `truststore` will use the container's CA certificates. + +**Default:** `true` + +### [tls.certs.external](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls.certs.external) + +Example external tls configuration uncomment and set the right key to the listeners that require them also enable the tls setting for those listeners. + +**Default:** `{"caEnabled":true}` + +### [tls.certs.external.caEnabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls.certs.external.caEnabled) + +Indicates whether or not the Secret holding this certificate includes a `ca.crt` key. When `true`, chart managed clients, such as rpk, will use `ca.crt` for certificate verification and listeners with `require_client_auth` and no explicit `truststore` will use `ca.crt` as their `truststore_file` for verification of client certificates. When `false`, chart managed clients will use `tls.crt` for certificate verification and listeners with `require_client_auth` and no explicit `truststore` will use the container's CA certificates. + +**Default:** `true` + +### [tls.enabled](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tls.enabled) + +Enable TLS globally for all listeners. Each listener must include a Certificate name in its `.tls` object. To allow you to enable TLS for individual listeners, Certificates in `auth.tls.certs` are always loaded, even if `tls.enabled` is `false`. See `listeners..tls.enabled`. + +**Default:** `true` + +### [tolerations](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tolerations) + +Taints to be tolerated by Pods, can override this for StatefulSets. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). + +**Default:** `[]` + +### [tuning](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tuning) + +Redpanda tuning settings. Each is set to their default values in Redpanda. + +**Default:** `{"tune_aio_events":true}` + +### [tuning.tune_aio_events](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=tuning.tune_aio_events) + +Increase the maximum number of outstanding asynchronous IO operations if the current value is below a certain threshold. This allows Redpanda to make as many simultaneous IO requests as possible, increasing throughput. When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting `tune_aio_events` to `false`. For more details, see the [tuning documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-tune-workers/). + +**Default:** `true` + +## Merging Semantics + +The redpanda chart implements a form of object merging that's roughly a +middleground of [JSON Merge Patch][k8s.jsonmp] and [Kubernetes' Strategic Merge +Patch][k8s.smp]. This is done to aid end users in setting or overriding fields +that are not directly exposed via the chart. + +- Directives are not supported. +- List fields that are merged by a unique key in Kubernetes' SMP (e.g. + `containers`, `env`) will be merged in a similar awy. +- Only fields explicitly allowed by the chart's JSON schema will be merged. +- Additional containers that are not present in the original value will NOT be added. + +[k8s.smp]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/#use-a-strategic-merge-patch-to-update-a-deployment +[k8s.jsonmp]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/#use-a-json-merge-patch-to-update-a-deployment diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/.helmignore b/charts/redpanda/redpanda/5.9.12/charts/connectors/.helmignore new file mode 100644 index 000000000..2e271ea0f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/.helmignore @@ -0,0 +1,29 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +README.md.gotmpl +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +*.go +testdata/ +ci/ +examples/ \ No newline at end of file diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/Chart.yaml b/charts/redpanda/redpanda/5.9.12/charts/connectors/Chart.yaml new file mode 100644 index 000000000..cdb579815 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + artifacthub.io/images: | + - name: connectors + image: docker.redpanda.com/redpandadata/connectors:v1.0.31 + - name: rpk + image: docker.redpanda.com/redpandadata/redpanda:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ +apiVersion: v2 +appVersion: v1.0.31 +description: Redpanda managed Connectors helm chart +icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg +kubeVersion: ^1.21.0-0 +maintainers: +- name: redpanda-data + url: https://github.com/orgs/redpanda-data/people +name: connectors +sources: +- https://github.com/redpanda-data/helm-charts +type: application +version: 0.1.14 diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/LICENSE b/charts/redpanda/redpanda/5.9.12/charts/connectors/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/README.md b/charts/redpanda/redpanda/5.9.12/charts/connectors/README.md new file mode 100644 index 000000000..a8357bf0e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/README.md @@ -0,0 +1,580 @@ +# Redpanda Connectors Helm Chart Specification +--- +description: Find the default values and descriptions of settings in the Redpanda Connectors Helm chart. +--- + +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.31](https://img.shields.io/badge/AppVersion-v1.0.31-informational?style=flat-square) + +This page describes the official Redpanda Connectors Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/connectors/values.yaml). Each of the settings is listed and described on this page, along with any default values. + +For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the [deployment documentation](https://docs.redpanda.com/current/deploy/deployment-option/self-hosted/kubernetes/k-deploy-connectors/). + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) + +## Source Code + +* + +## Requirements + +Kubernetes: `^1.21.0-0` + +## Settings + +### [auth](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=auth) + +Authentication settings. For details, see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/). The first line of the secret file is used. So the first superuser is used to authenticate to the Redpanda cluster. + +**Default:** + +``` +{"sasl":{"enabled":false,"mechanism":"scram-sha-512","secretRef":"","userName":""}} +``` + +### [auth.sasl.mechanism](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=auth.sasl.mechanism) + +The authentication mechanism to use for the superuser. Options are `scram-sha-256` and `scram-sha-512`. + +**Default:** `"scram-sha-512"` + +### [auth.sasl.secretRef](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=auth.sasl.secretRef) + +A Secret that contains your SASL user password. + +**Default:** `""` + +### [commonLabels](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=commonLabels) + +Additional labels to add to all Kubernetes objects. For example, `my.k8s.service: redpanda`. + +**Default:** `{}` + +### [connectors.additionalConfiguration](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.additionalConfiguration) + +A placeholder for any Java configuration settings for Kafka Connect that are not explicitly defined in this Helm chart. Java configuration settings are passed to the Kafka Connect startup script. + +**Default:** `""` + +### [connectors.bootstrapServers](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.bootstrapServers) + +A comma-separated list of Redpanda broker addresses in the format of IP:Port or DNS:Port. Kafka Connect uses this to connect to the Redpanda/Kafka cluster. + +**Default:** `""` + +### [connectors.brokerTLS.ca.secretNameOverwrite](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.ca.secretNameOverwrite) + +If `secretRef` points to a Secret where the certificate authority (CA) is not under the `ca.crt` key, use `secretNameOverwrite` to overwrite it e.g. `corp-ca.crt`. + +**Default:** `""` + +### [connectors.brokerTLS.ca.secretRef](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.ca.secretRef) + +The name of the Secret where the ca.crt file content is located. + +**Default:** `""` + +### [connectors.brokerTLS.cert.secretNameOverwrite](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.cert.secretNameOverwrite) + +If secretRef points to secret where client signed certificate is not under tls.crt key then please use secretNameOverwrite to overwrite it e.g. corp-tls.crt + +**Default:** `""` + +### [connectors.brokerTLS.cert.secretRef](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.cert.secretRef) + +The name of the secret where client signed certificate is located + +**Default:** `""` + +### [connectors.brokerTLS.enabled](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.enabled) + +**Default:** `false` + +### [connectors.brokerTLS.key.secretNameOverwrite](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.key.secretNameOverwrite) + +If secretRef points to secret where client private key is not under tls.key key then please use secretNameOverwrite to overwrite it e.g. corp-tls.key + +**Default:** `""` + +### [connectors.brokerTLS.key.secretRef](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.brokerTLS.key.secretRef) + +The name of the secret where client private key is located + +**Default:** `""` + +### [connectors.groupID](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.groupID) + +A unique string that identifies the Kafka Connect cluster. It's used in the formation of the internal topic names, ensuring that multiple Kafka Connect clusters can connect to the same Redpanda cluster without interfering with each other. + +**Default:** `"connectors-cluster"` + +### [connectors.producerBatchSize](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.producerBatchSize) + +The number of bytes of records a producer will attempt to batch together before sending to Redpanda. Batching improves throughput. + +**Default:** `131072` + +### [connectors.producerLingerMS](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.producerLingerMS) + +The time, in milliseconds, that a producer will wait before sending a batch of records. Waiting allows the producer to gather more records in the same batch and improve throughput. + +**Default:** `1` + +### [connectors.restPort](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.restPort) + +The port on which the Kafka Connect REST API listens. The API is used for administrative tasks. + +**Default:** `8083` + +### [connectors.schemaRegistryURL](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.schemaRegistryURL) + +**Default:** `""` + +### [connectors.secretManager.connectorsPrefix](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.secretManager.connectorsPrefix) + +**Default:** `""` + +### [connectors.secretManager.consolePrefix](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.secretManager.consolePrefix) + +**Default:** `""` + +### [connectors.secretManager.enabled](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.secretManager.enabled) + +**Default:** `false` + +### [connectors.secretManager.region](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.secretManager.region) + +**Default:** `""` + +### [connectors.storage.remote](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.remote) + +Indicates if read and write operations for the respective topics are allowed remotely. + +**Default:** + +``` +{"read":{"config":false,"offset":false,"status":false},"write":{"config":false,"offset":false,"status":false}} +``` + +### [connectors.storage.replicationFactor](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor) + +The number of replicas for each of the internal topics that Kafka Connect uses. + +**Default:** + +``` +{"config":-1,"offset":-1,"status":-1} +``` + +### [connectors.storage.replicationFactor.config](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor.config) + +Replication factor for the configuration topic. + +**Default:** `-1` + +### [connectors.storage.replicationFactor.offset](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor.offset) + +Replication factor for the offset topic. + +**Default:** `-1` + +### [connectors.storage.replicationFactor.status](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.replicationFactor.status) + +Replication factor for the status topic. + +**Default:** `-1` + +### [connectors.storage.topic.config](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.topic.config) + +The name of the internal topic that Kafka Connect uses to store connector and task configurations. + +**Default:** + +``` +"_internal_connectors_configs" +``` + +### [connectors.storage.topic.offset](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.topic.offset) + +The name of the internal topic that Kafka Connect uses to store source connector offsets. + +**Default:** + +``` +"_internal_connectors_offsets" +``` + +### [connectors.storage.topic.status](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=connectors.storage.topic.status) + +The name of the internal topic that Kafka Connect uses to store connector and task status updates. + +**Default:** + +``` +"_internal_connectors_status" +``` + +### [container.javaGCLogEnabled](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=container.javaGCLogEnabled) + +**Default:** `"false"` + +### [container.resources](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=container.resources) + +Pod resource management. + +**Default:** + +``` +{"javaMaxHeapSize":"2G","limits":{"cpu":"1","memory":"2350Mi"},"request":{"cpu":"1","memory":"2350Mi"}} +``` + +### [container.resources.javaMaxHeapSize](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=container.resources.javaMaxHeapSize) + +Java maximum heap size must not be greater than `container.resources.limits.memory`. + +**Default:** `"2G"` + +### [container.securityContext](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=container.securityContext) + +Security context for the Redpanda Connectors container. See also `deployment.securityContext` for Pod-level settings. + +**Default:** + +``` +{"allowPrivilegeEscalation":false} +``` + +### [deployment.annotations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.annotations) + +Additional annotations to apply to the Pods of this Deployment. + +**Default:** `{}` + +### [deployment.budget.maxUnavailable](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.budget.maxUnavailable) + +**Default:** `1` + +### [deployment.create](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.create) + +**Default:** `true` + +### [deployment.extraEnv](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.extraEnv) + +Additional environment variables for the Pods. + +**Default:** `[]` + +### [deployment.extraEnvFrom](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.extraEnvFrom) + +Configure extra environment variables from Secrets and ConfigMaps. + +**Default:** `[]` + +### [deployment.livenessProbe](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.livenessProbe) + +Adjust the period for your probes to meet your needs. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + +**Default:** + +``` +{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1} +``` + +### [deployment.nodeAffinity](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.nodeAffinity) + +Node Affinity rules for scheduling Pods of this Deployment. The suggestion would be to spread Pods according to topology zone. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + +**Default:** `{}` + +### [deployment.nodeSelector](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.nodeSelector) + +Node selection constraints for scheduling Pods of this Deployment. These constraints override the global `nodeSelector` value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). + +**Default:** `{}` + +### [deployment.podAffinity](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAffinity) + +Inter-Pod Affinity rules for scheduling Pods of this Deployment. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). + +**Default:** `{}` + +### [deployment.podAntiAffinity](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAntiAffinity) + +Anti-affinity rules for scheduling Pods of this Deployment. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). You may either edit the default settings for anti-affinity rules, or specify new anti-affinity rules to use instead of the defaults. + +**Default:** + +``` +{"custom":{},"topologyKey":"kubernetes.io/hostname","type":"hard","weight":100} +``` + +### [deployment.podAntiAffinity.custom](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAntiAffinity.custom) + +Change `podAntiAffinity.type` to `custom` and provide your own podAntiAffinity rules here. + +**Default:** `{}` + +### [deployment.podAntiAffinity.topologyKey](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAntiAffinity.topologyKey) + +The `topologyKey` to be used. Can be used to spread across different nodes, AZs, regions etc. + +**Default:** `"kubernetes.io/hostname"` + +### [deployment.podAntiAffinity.type](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAntiAffinity.type) + +Valid anti-affinity types are `soft`, `hard`, or `custom`. Use `custom` if you want to supply your own anti-affinity rules in the `podAntiAffinity.custom` object. + +**Default:** `"hard"` + +### [deployment.podAntiAffinity.weight](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.podAntiAffinity.weight) + +Weight for `soft` anti-affinity rules. Does not apply for other anti-affinity types. + +**Default:** `100` + +### [deployment.priorityClassName](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.priorityClassName) + +PriorityClassName given to Pods of this Deployment. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). + +**Default:** `""` + +### [deployment.progressDeadlineSeconds](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.progressDeadlineSeconds) + +The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. + +**Default:** `600` + +### [deployment.readinessProbe.failureThreshold](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.readinessProbe.failureThreshold) + +**Default:** `2` + +### [deployment.readinessProbe.initialDelaySeconds](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.readinessProbe.initialDelaySeconds) + +**Default:** `60` + +### [deployment.readinessProbe.periodSeconds](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.readinessProbe.periodSeconds) + +**Default:** `10` + +### [deployment.readinessProbe.successThreshold](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.readinessProbe.successThreshold) + +**Default:** `3` + +### [deployment.readinessProbe.timeoutSeconds](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.readinessProbe.timeoutSeconds) + +**Default:** `5` + +### [deployment.restartPolicy](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.restartPolicy) + +**Default:** `"Always"` + +### [deployment.revisionHistoryLimit](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.revisionHistoryLimit) + +The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. + +**Default:** `10` + +### [deployment.schedulerName](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.schedulerName) + +**Default:** `""` + +### [deployment.securityContext.fsGroup](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.securityContext.fsGroup) + +**Default:** `101` + +### [deployment.securityContext.fsGroupChangePolicy](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.securityContext.fsGroupChangePolicy) + +**Default:** `"OnRootMismatch"` + +### [deployment.securityContext.runAsUser](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.securityContext.runAsUser) + +**Default:** `101` + +### [deployment.strategy.type](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.strategy.type) + +**Default:** `"RollingUpdate"` + +### [deployment.terminationGracePeriodSeconds](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.terminationGracePeriodSeconds) + +**Default:** `30` + +### [deployment.tolerations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.tolerations) + +Taints to be tolerated by Pods of this Deployment. These tolerations override the global tolerations value. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). + +**Default:** `[]` + +### [deployment.topologySpreadConstraints[0].maxSkew](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.topologySpreadConstraints[0].maxSkew) + +**Default:** `1` + +### [deployment.topologySpreadConstraints[0].topologyKey](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.topologySpreadConstraints[0].topologyKey) + +**Default:** + +``` +"topology.kubernetes.io/zone" +``` + +### [deployment.topologySpreadConstraints[0].whenUnsatisfiable](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=deployment.topologySpreadConstraints[0].whenUnsatisfiable) + +**Default:** `"ScheduleAnyway"` + +### [fullnameOverride](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=fullnameOverride) + +Override `connectors.fullname` template. + +**Default:** `""` + +### [image](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=image) + +Redpanda Docker image settings. + +**Default:** + +``` +{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/connectors","tag":""} +``` + +### [image.pullPolicy](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=image.pullPolicy) + +The imagePullPolicy. If `image.tag` is 'latest', the default is `Always`. + +**Default:** `"IfNotPresent"` + +### [image.repository](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=image.repository) + +Docker repository from which to pull the Redpanda Docker image. + +**Default:** + +``` +"docker.redpanda.com/redpandadata/connectors" +``` + +### [image.tag](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=image.tag) + +The Redpanda version. See DockerHub for: [All stable versions](https://hub.docker.com/r/redpandadata/redpanda/tags) and [all unstable versions](https://hub.docker.com/r/redpandadata/redpanda-unstable/tags). + +**Default:** `Chart.appVersion`. + +### [imagePullSecrets](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=imagePullSecrets) + +Pull secrets may be used to provide credentials to image repositories See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + +**Default:** `[]` + +### [logging](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=logging) + +Log-level settings. + +**Default:** `{"level":"warn"}` + +### [logging.level](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=logging.level) + +Log level Valid values (from least to most verbose) are: `error`, `warn`, `info` and `debug`. + +**Default:** `"warn"` + +### [monitoring](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=monitoring) + +Monitoring. When set to `true`, the Helm chart creates a PodMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. + +**Default:** + +``` +{"annotations":{},"enabled":false,"labels":{},"namespaceSelector":{"any":true},"scrapeInterval":"30s"} +``` + +### [nameOverride](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=nameOverride) + +Override `connectors.name` template. + +**Default:** `""` + +### [service](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=service) + +Service management. + +**Default:** + +``` +{"annotations":{},"name":"","ports":[{"name":"prometheus","port":9404}]} +``` + +### [service.annotations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=service.annotations) + +Annotations to add to the Service. + +**Default:** `{}` + +### [service.name](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=service.name) + +The name of the service to use. If not set, a name is generated using the `connectors.fullname` template. + +**Default:** `""` + +### [serviceAccount](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount) + +ServiceAccount management. + +**Default:** + +``` +{"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""} +``` + +### [serviceAccount.annotations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.annotations) + +Annotations to add to the ServiceAccount. + +**Default:** `{}` + +### [serviceAccount.automountServiceAccountToken](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.automountServiceAccountToken) + +Specifies whether a service account should automount API-Credentials + +**Default:** `false` + +### [serviceAccount.create](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.create) + +Specifies whether a ServiceAccount should be created. + +**Default:** `false` + +### [serviceAccount.name](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=serviceAccount.name) + +The name of the ServiceAccount to use. If not set and `serviceAccount.create` is `true`, a name is generated using the `connectors.fullname` template. + +**Default:** `""` + +### [storage.volumeMounts[0].mountPath](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=storage.volumeMounts[0].mountPath) + +**Default:** `"/tmp"` + +### [storage.volumeMounts[0].name](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=storage.volumeMounts[0].name) + +**Default:** `"rp-connect-tmp"` + +### [storage.volume[0].emptyDir.medium](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=storage.volume[0].emptyDir.medium) + +**Default:** `"Memory"` + +### [storage.volume[0].emptyDir.sizeLimit](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=storage.volume[0].emptyDir.sizeLimit) + +**Default:** `"5Mi"` + +### [storage.volume[0].name](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=storage.volume[0].name) + +**Default:** `"rp-connect-tmp"` + +### [test.create](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=test.create) + +**Default:** `true` + +### [tolerations](https://artifacthub.io/packages/helm/redpanda-data/connectors?modal=values&path=tolerations) + +Taints to be tolerated by Pods. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). + +**Default:** `[]` + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_chart.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_chart.go.tpl new file mode 100644 index 000000000..04402ab8d --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_chart.go.tpl @@ -0,0 +1,13 @@ +{{- /* Generated from "chart.go" */ -}} + +{{- define "connectors.render" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $manifests := (list (get (fromJson (include "connectors.Deployment" (dict "a" (list $dot) ))) "r") (get (fromJson (include "connectors.PodMonitor" (dict "a" (list $dot) ))) "r") (get (fromJson (include "connectors.Service" (dict "a" (list $dot) ))) "r") (get (fromJson (include "connectors.ServiceAccount" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $manifests) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_deployment.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_deployment.go.tpl new file mode 100644 index 000000000..9db8224ef --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_deployment.go.tpl @@ -0,0 +1,136 @@ +{{- /* Generated from "deployment.go" */ -}} + +{{- define "connectors.Deployment" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.deployment.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $topologySpreadConstraints := (coalesce nil) -}} +{{- range $_, $spread := $values.deployment.topologySpreadConstraints -}} +{{- $topologySpreadConstraints = (concat (default (list ) $topologySpreadConstraints) (list (mustMergeOverwrite (dict "maxSkew" 0 "topologyKey" "" "whenUnsatisfiable" "" ) (dict "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") )) "maxSkew" ($spread.maxSkew | int) "topologyKey" $spread.topologyKey "whenUnsatisfiable" $spread.whenUnsatisfiable )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $ports := (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "containerPort" ($values.connectors.restPort | int) "name" "rest-api" "protocol" "TCP" ))) -}} +{{- range $_, $port := $values.service.ports -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" $port.name "containerPort" ($port.port | int) "protocol" "TCP" )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $podAntiAffinity := (coalesce nil) -}} +{{- if (ne (toJson $values.deployment.podAntiAffinity) "null") -}} +{{- if (eq $values.deployment.podAntiAffinity.type "hard") -}} +{{- $podAntiAffinity = (mustMergeOverwrite (dict ) (dict "requiredDuringSchedulingIgnoredDuringExecution" (list (mustMergeOverwrite (dict "topologyKey" "" ) (dict "topologyKey" $values.deployment.podAntiAffinity.topologyKey "namespaces" (list $dot.Release.Namespace) "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") )) ))) )) -}} +{{- else -}}{{- if (eq $values.deployment.podAntiAffinity.type "soft") -}} +{{- $podAntiAffinity = (mustMergeOverwrite (dict ) (dict "preferredDuringSchedulingIgnoredDuringExecution" (list (mustMergeOverwrite (dict "weight" 0 "podAffinityTerm" (dict "topologyKey" "" ) ) (dict "weight" $values.deployment.podAntiAffinity.weight "podAffinityTerm" (mustMergeOverwrite (dict "topologyKey" "" ) (dict "topologyKey" $values.deployment.podAntiAffinity.topologyKey "namespaces" (list $dot.Release.Namespace) "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") )) )) ))) )) -}} +{{- else -}}{{- if (eq $values.deployment.podAntiAffinity.type "custom") -}} +{{- $podAntiAffinity = $values.deployment.podAntiAffinity.custom -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "strategy" (dict ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "apps/v1" "kind" "Deployment" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "connectors.Fullname" (dict "a" (list $dot) ))) "r") "labels" (merge (dict ) (get (fromJson (include "connectors.FullLabels" (dict "a" (list $dot) ))) "r") $values.deployment.annotations) )) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "strategy" (dict ) ) (dict "replicas" $values.deployment.replicas "progressDeadlineSeconds" ($values.deployment.progressDeadlineSeconds | int) "revisionHistoryLimit" $values.deployment.revisionHistoryLimit "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") )) "strategy" $values.deployment.strategy "template" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "annotations" $values.deployment.annotations "labels" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "automountServiceAccountToken" false "terminationGracePeriodSeconds" $values.deployment.terminationGracePeriodSeconds "affinity" (mustMergeOverwrite (dict ) (dict "nodeAffinity" $values.deployment.nodeAffinity "podAffinity" $values.deployment.podAffinity "podAntiAffinity" $podAntiAffinity )) "serviceAccountName" (get (fromJson (include "connectors.ServiceAccountName" (dict "a" (list $dot) ))) "r") "containers" (list (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "connectors-cluster" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "connectors.Tag" (dict "a" (list $dot) ))) "r")) "imagePullPolicy" $values.image.pullPolicy "securityContext" $values.container.securityContext "command" $values.deployment.command "env" (get (fromJson (include "connectors.env" (dict "a" (list $values) ))) "r") "envFrom" $values.deployment.extraEnvFrom "livenessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/" "port" "rest-api" "scheme" "HTTP" )) )) (dict "initialDelaySeconds" ($values.deployment.livenessProbe.initialDelaySeconds | int) "timeoutSeconds" ($values.deployment.livenessProbe.timeoutSeconds | int) "periodSeconds" ($values.deployment.livenessProbe.periodSeconds | int) "successThreshold" ($values.deployment.livenessProbe.successThreshold | int) "failureThreshold" ($values.deployment.livenessProbe.failureThreshold | int) )) "readinessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/connectors" "port" "rest-api" "scheme" "HTTP" )) )) (dict "initialDelaySeconds" ($values.deployment.readinessProbe.initialDelaySeconds | int) "timeoutSeconds" ($values.deployment.readinessProbe.timeoutSeconds | int) "periodSeconds" ($values.deployment.readinessProbe.periodSeconds | int) "successThreshold" ($values.deployment.readinessProbe.successThreshold | int) "failureThreshold" ($values.deployment.readinessProbe.failureThreshold | int) )) "ports" $ports "resources" (mustMergeOverwrite (dict ) (dict "requests" $values.container.resources.request "limits" $values.container.resources.limits )) "terminationMessagePath" "/dev/termination-log" "terminationMessagePolicy" "File" "volumeMounts" (get (fromJson (include "connectors.volumeMountss" (dict "a" (list $values) ))) "r") ))) "dnsPolicy" "ClusterFirst" "restartPolicy" $values.deployment.restartPolicy "schedulerName" $values.deployment.schedulerName "nodeSelector" $values.deployment.nodeSelector "imagePullSecrets" $values.imagePullSecrets "securityContext" $values.deployment.securityContext "tolerations" $values.deployment.tolerations "topologySpreadConstraints" $topologySpreadConstraints "volumes" (get (fromJson (include "connectors.volumes" (dict "a" (list $values) ))) "r") )) )) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.env" -}} +{{- $values := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $env := (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_CONFIGURATION" "value" (get (fromJson (include "connectors.connectorConfiguration" (dict "a" (list $values) ))) "r") )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_ADDITIONAL_CONFIGURATION" "value" $values.connectors.additionalConfiguration )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_BOOTSTRAP_SERVERS" "value" $values.connectors.bootstrapServers ))) -}} +{{- if (not (empty $values.connectors.schemaRegistryURL)) -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "SCHEMA_REGISTRY_URL" "value" $values.connectors.schemaRegistryURL )))) -}} +{{- end -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_GC_LOG_ENABLED" "value" $values.container.javaGCLogEnabled )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_HEAP_OPTS" "value" (printf "-Xms256M -Xmx%s" $values.container.resources.javaMaxHeapSize) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_LOG_LEVEL" "value" $values.logging.level )))) -}} +{{- if (get (fromJson (include "connectors.Auth.SASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_SASL_USERNAME" "value" $values.auth.sasl.userName )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_SASL_MECHANISM" "value" $values.auth.sasl.mechanism )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_SASL_PASSWORD_FILE" "value" "rc-credentials/password" )))) -}} +{{- end -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_TLS_ENABLED" "value" (printf "%v" $values.connectors.brokerTLS.enabled) )))) -}} +{{- if (not (empty $values.connectors.brokerTLS.ca.secretRef)) -}} +{{- $ca := (default "ca.crt" $values.connectors.brokerTLS.ca.secretNameOverwrite) -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_TRUSTED_CERTS" "value" (printf "ca/%s" $ca) )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.cert.secretRef)) -}} +{{- $cert := (default "tls.crt" $values.connectors.brokerTLS.cert.secretNameOverwrite) -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_TLS_AUTH_CERT" "value" (printf "cert/%s" $cert) )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.key.secretRef)) -}} +{{- $key := (default "tls.key" $values.connectors.brokerTLS.key.secretNameOverwrite) -}} +{{- $env = (concat (default (list ) $env) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_TLS_AUTH_KEY" "value" (printf "key/%s" $key) )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $env) (default (list ) $values.deployment.extraEnv))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.connectorConfiguration" -}} +{{- $values := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $lines := (list (printf "rest.advertised.port=%d" ($values.connectors.restPort | int)) (printf "rest.port=%d" ($values.connectors.restPort | int)) "key.converter=org.apache.kafka.connect.converters.ByteArrayConverter" "value.converter=org.apache.kafka.connect.converters.ByteArrayConverter" (printf "group.id=%s" $values.connectors.groupID) (printf "offset.storage.topic=%s" $values.connectors.storage.topic.offset) (printf "config.storage.topic=%s" $values.connectors.storage.topic.config) (printf "status.storage.topic=%s" $values.connectors.storage.topic.status) (printf "offset.storage.redpanda.remote.read=%t" $values.connectors.storage.remote.read.offset) (printf "offset.storage.redpanda.remote.write=%t" $values.connectors.storage.remote.write.offset) (printf "config.storage.redpanda.remote.read=%t" $values.connectors.storage.remote.read.config) (printf "config.storage.redpanda.remote.write=%t" $values.connectors.storage.remote.write.config) (printf "status.storage.redpanda.remote.read=%t" $values.connectors.storage.remote.read.status) (printf "status.storage.redpanda.remote.write=%t" $values.connectors.storage.remote.write.status) (printf "offset.storage.replication.factor=%d" ($values.connectors.storage.replicationFactor.offset | int)) (printf "config.storage.replication.factor=%d" ($values.connectors.storage.replicationFactor.config | int)) (printf "status.storage.replication.factor=%d" ($values.connectors.storage.replicationFactor.status | int)) (printf "producer.linger.ms=%d" ($values.connectors.producerLingerMS | int)) (printf "producer.batch.size=%d" ($values.connectors.producerBatchSize | int)) "config.providers=file,secretsManager,env" "config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider") -}} +{{- if $values.connectors.secretManager.enabled -}} +{{- $lines = (concat (default (list ) $lines) (list "config.providers.secretsManager.class=com.github.jcustenborder.kafka.config.aws.SecretsManagerConfigProvider" (printf "config.providers.secretsManager.param.secret.prefix=%s%s" $values.connectors.secretManager.consolePrefix $values.connectors.secretManager.connectorsPrefix) (printf "config.providers.secretsManager.param.aws.region=%s" $values.connectors.secretManager.region))) -}} +{{- end -}} +{{- $lines = (concat (default (list ) $lines) (list "config.providers.env.class=org.apache.kafka.common.config.provider.EnvVarConfigProvider")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (join "\n" $lines)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.volumes" -}} +{{- $values := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $volumes := (coalesce nil) -}} +{{- if (not (empty $values.connectors.brokerTLS.ca.secretRef)) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" (0o444 | int) "secretName" $values.connectors.brokerTLS.ca.secretRef )) )) (dict "name" "truststore" )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.cert.secretRef)) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" (0o444 | int) "secretName" $values.connectors.brokerTLS.cert.secretRef )) )) (dict "name" "cert" )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.key.secretRef)) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" (0o444 | int) "secretName" $values.connectors.brokerTLS.key.secretRef )) )) (dict "name" "key" )))) -}} +{{- end -}} +{{- if (get (fromJson (include "connectors.Auth.SASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" (0o444 | int) "secretName" $values.auth.sasl.secretRef )) )) (dict "name" "rc-credentials" )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $volumes) (default (list ) $values.storage.volume))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.volumeMountss" -}} +{{- $values := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $mounts := (coalesce nil) -}} +{{- if (get (fromJson (include "connectors.Auth.SASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "mountPath" "/opt/kafka/connect-password/rc-credentials" "name" "rc-credentials" )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.ca.secretRef)) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "truststore" "mountPath" "/opt/kafka/connect-certs/ca" )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.cert.secretRef)) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "cert" "mountPath" "/opt/kafka/connect-certs/cert" )))) -}} +{{- end -}} +{{- if (not (empty $values.connectors.brokerTLS.key.secretRef)) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "key" "mountPath" "/opt/kafka/connect-certs/key" )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $mounts) (default (list ) $values.storage.volumeMounts))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.go.tpl new file mode 100644 index 000000000..aa57f996e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.go.tpl @@ -0,0 +1,131 @@ +{{- /* Generated from "helpers.go" */ -}} + +{{- define "connectors.Name" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $name := (default $dot.Chart.Name $values.nameOverride) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "connectors.trunc" (dict "a" (list $name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.Fullname" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (empty $values.fullnameOverride)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "connectors.trunc" (dict "a" (list $values.fullnameOverride) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $name := (default $dot.Chart.Name $values.nameOverride) -}} +{{- if (contains $name $dot.Release.Name) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "connectors.trunc" (dict "a" (list $dot.Release.Name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "connectors.trunc" (dict "a" (list (printf "%s-%s" $dot.Release.Name $name)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.FullLabels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) (dict "helm.sh/chart" (get (fromJson (include "connectors.ChartLabels" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/managed-by" $dot.Release.Service ) (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.PodLabels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) (dict "app.kubernetes.io/name" (get (fromJson (include "connectors.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/component" (get (fromJson (include "connectors.Name" (dict "a" (list $dot) ))) "r") ) $values.commonLabels)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.ChartLabels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $chart := (printf "%s-%s" $dot.Chart.Name $dot.Chart.Version) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "connectors.trunc" (dict "a" (list (replace "+" "_" $chart)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.Semver" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (trimPrefix "v" (get (fromJson (include "connectors.Tag" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.ServiceAccountName" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if $values.serviceAccount.create -}} +{{- $_is_returning = true -}} +{{- (dict "r" (default (get (fromJson (include "connectors.Fullname" (dict "a" (list $dot) ))) "r") $values.serviceAccount.name)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (default "default" $values.serviceAccount.name)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.ServiceName" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (default (get (fromJson (include "connectors.Fullname" (dict "a" (list $dot) ))) "r") $values.service.name)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.Tag" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tag := (default $dot.Chart.AppVersion $values.image.tag) -}} +{{- $matchString := "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" -}} +{{- if (not (mustRegexMatch $matchString $tag)) -}} +{{- $_ := (fail "image.tag must start with a 'v' and be a valid semver") -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tag) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "connectors.trunc" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (trimSuffix "-" (trunc (63 | int) $s))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.tpl new file mode 100644 index 000000000..89c888eee --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{/* +Expand the name of the chart. +*/}} +{{- define "connectors.name" -}} +{{- get ((include "connectors.Name" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "connectors.fullname" }} +{{- get ((include "connectors.Fullname" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +full helm labels + common labels +*/}} +{{- define "full.labels" -}} +{{- (get ((include "connectors.FullLabels" (dict "a" (list .))) | fromJson) "r") | toYaml }} +{{- end -}} + +{{/* +pod labels merged with common labels +*/}} +{{- define "connectors-pod-labels" -}} +{{- (get ((include "connectors.PodLabels" (dict "a" (list .))) | fromJson) "r") | toYaml }} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "connectors.chart" -}} +{{- get ((include "connectors.Chart" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Get the version of redpanda being used as an image +*/}} +{{- define "connectors.semver" -}} +{{- get ((include "connectors.Tag" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "connectors.serviceAccountName" -}} +{{- get ((include "connectors.ServiceAccountName" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Create the name of the service to use +*/}} +{{- define "connectors.serviceName" -}} +{{- get ((include "connectors.ServiceName" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Use AppVersion if image.tag is not set +*/}} +{{- define "connectors.tag" -}} +{{- get ((include "connectors.Tag" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_pod-monitor.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_pod-monitor.go.tpl new file mode 100644 index 000000000..4e12b2008 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_pod-monitor.go.tpl @@ -0,0 +1,18 @@ +{{- /* Generated from "podmonitor.go" */ -}} + +{{- define "connectors.PodMonitor" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.monitoring.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "podMetricsEndpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "monitoring.coreos.com/v1" "kind" "PodMonitor" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "connectors.Fullname" (dict "a" (list $dot) ))) "r") "labels" $values.monitoring.labels "annotations" $values.monitoring.annotations )) "spec" (mustMergeOverwrite (dict "podMetricsEndpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) (dict "namespaceSelector" $values.monitoring.namespaceSelector "podMetricsEndpoints" (list (mustMergeOverwrite (dict "bearerTokenSecret" (dict "key" "" ) ) (dict "path" "/" "port" "prometheus" ))) "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") )) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_service.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_service.go.tpl new file mode 100644 index 000000000..54a7ce8a0 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_service.go.tpl @@ -0,0 +1,20 @@ +{{- /* Generated from "service.go" */ -}} + +{{- define "connectors.Service" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $ports := (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "rest-api" "port" ($values.connectors.restPort | int) "targetPort" ($values.connectors.restPort | int) "protocol" "TCP" ))) -}} +{{- range $_, $port := $values.service.ports -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" $port.name "port" ($port.port | int) "targetPort" ($port.port | int) "protocol" "TCP" )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "connectors.ServiceName" (dict "a" (list $dot) ))) "r") "labels" (merge (dict ) (get (fromJson (include "connectors.FullLabels" (dict "a" (list $dot) ))) "r") $values.service.annotations) )) "spec" (mustMergeOverwrite (dict ) (dict "ipFamilies" (list "IPv4") "ipFamilyPolicy" "SingleStack" "ports" $ports "selector" (get (fromJson (include "connectors.PodLabels" (dict "a" (list $dot) ))) "r") "sessionAffinity" "None" "type" "ClusterIP" )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_serviceaccount.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_serviceaccount.go.tpl new file mode 100644 index 000000000..dedade21c --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_serviceaccount.go.tpl @@ -0,0 +1,18 @@ +{{- /* Generated from "serviceaccount.go" */ -}} + +{{- define "connectors.ServiceAccount" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.serviceAccount.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "ServiceAccount" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "annotations" $values.serviceAccount.annotations "labels" (get (fromJson (include "connectors.FullLabels" (dict "a" (list $dot) ))) "r") "name" (get (fromJson (include "connectors.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace )) "automountServiceAccountToken" $values.serviceAccount.automountServiceAccountToken ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_shims.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_shims.tpl new file mode 100644 index 000000000..c16b6d178 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_shims.tpl @@ -0,0 +1,339 @@ +{{- /* Generated from "bootstrap.go" */ -}} + +{{- define "_shims.typetest" -}} +{{- $typ := (index .a 0) -}} +{{- $value := (index .a 1) -}} +{{- $zero := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs $typ $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $zero false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.typeassertion" -}} +{{- $typ := (index .a 0) -}} +{{- $value := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not (typeIs $typ $value)) -}} +{{- $_ := (fail (printf "expected type of %q got: %T" $typ $value)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.dicttest" -}} +{{- $m := (index .a 0) -}} +{{- $key := (index .a 1) -}} +{{- $zero := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (hasKey $m $key) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (index $m $key) true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $zero false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.compact" -}} +{{- $args := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $out := (dict ) -}} +{{- range $i, $e := $args -}} +{{- $_ := (set $out (printf "T%d" ((add (1 | int) $i) | int)) $e) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $out) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.deref" -}} +{{- $ptr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $ptr) "null") -}} +{{- $_ := (fail "nil dereference") -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ptr) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.len" -}} +{{- $m := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $m) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (0 | int)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (len $m)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.ptr_Deref" -}} +{{- $ptr := (index .a 0) -}} +{{- $def := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $ptr) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ptr) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $def) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.ptr_Equal" -}} +{{- $a := (index .a 0) -}} +{{- $b := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (and (eq (toJson $a) "null") (eq (toJson $b) "null")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (eq $a $b)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.lookup" -}} +{{- $apiVersion := (index .a 0) -}} +{{- $kind := (index .a 1) -}} +{{- $namespace := (index .a 2) -}} +{{- $name := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (lookup $apiVersion $kind $namespace $name) -}} +{{- if (empty $result) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (coalesce nil) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $result true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.asnumeric" -}} +{{- $value := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs "float64" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (typeIs "int64" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (typeIs "int" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (0 | int) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.asintegral" -}} +{{- $value := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (or (typeIs "int64" $value) (typeIs "int" $value)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (and (typeIs "float64" $value) (eq (floor $value) $value)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (0 | int) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.parseResource" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs "float64" $repr) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (float64 $repr) 1.0)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (not (typeIs "string" $repr)) -}} +{{- $_ := (fail (printf "invalid Quantity expected string or float64 got: %T (%v)" $repr $repr)) -}} +{{- end -}} +{{- if (not (regexMatch `^[0-9]+(\.[0-9]{0,6})?(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$` $repr)) -}} +{{- $_ := (fail (printf "invalid Quantity: %q" $repr)) -}} +{{- end -}} +{{- $reprStr := (toString $repr) -}} +{{- $unit := (regexFind "(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)$" $repr) -}} +{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int)) | int) $reprStr)) -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int) ) $unit (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_1.T2 -}} +{{- $scale := ($tmp_tuple_1.T1 | float64) -}} +{{- if (not $ok) -}} +{{- $_ := (fail (printf "unknown unit: %q" $unit)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $numeric $scale)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_MustParse" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_2.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_2.T1 | float64) -}} +{{- $strs := (list "" "m" "k" "M" "G" "T" "P" "Ki" "Mi" "Gi" "Ti" "Pi") -}} +{{- $scales := (list 1.0 0.001 (1000 | int) (1000000 | int) (1000000000 | int) (1000000000000 | int) (1000000000000000 | int) (1024 | int) (1048576 | int) (1073741824 | int) (1099511627776 | int) (1125899906842624 | int)) -}} +{{- $idx := -1 -}} +{{- range $i, $s := $scales -}} +{{- if (eq ($s | float64) ($scale | float64)) -}} +{{- $idx = $i -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (eq $idx -1) -}} +{{- $_ := (fail (printf "unknown scale: %v" $scale)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s%s" (toString $numeric) (index $strs $idx))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_Value" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_3.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_3.T1 | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (int64 (ceil ((mulf $numeric $scale) | float64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_MilliValue" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_4.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_4.T1 | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (int64 (ceil ((mulf ((mulf $numeric 1000.0) | float64) $scale) | float64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.time_ParseDuration" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $unitMap := (dict "s" (1000000000 | int64) "m" (60000000000 | int64) "h" (3600000000000 | int64) ) -}} +{{- $original := $repr -}} +{{- $value := ((0 | int64) | int64) -}} +{{- if (eq $repr "") -}} +{{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} +{{- end -}} +{{- if (eq $repr "0") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (0 | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- range $_, $_ := (list (0 | int) (0 | int) (0 | int)) -}} +{{- if (eq $repr "") -}} +{{- break -}} +{{- end -}} +{{- $n := (regexFind `^\d+` $repr) -}} +{{- if (eq $n "") -}} +{{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} +{{- end -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $n) ))) "r") | int) -1 $repr) -}} +{{- $unit := (regexFind `^(h|m|s)` $repr) -}} +{{- if (eq $unit "") -}} +{{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} +{{- end -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int) -1 $repr) -}} +{{- $value = ((add $value (((mul (int64 $n) (index $unitMap $unit)) | int64))) | int64) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.time_Duration_String" -}} +{{- $dur := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (duration ((div $dur (1000000000 | int64)) | int64))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.render-manifest" -}} +{{- $tpl := (index . 0) -}} +{{- $dot := (index . 1) -}} +{{- $manifests := (get ((include $tpl (dict "a" (list $dot))) | fromJson) "r") -}} +{{- if not (typeIs "[]interface {}" $manifests) -}} +{{- $manifests = (list $manifests) -}} +{{- end -}} +{{- range $_, $manifest := $manifests -}} +{{- if ne (toJson $manifest) "null" }} +--- +{{toYaml (unset (unset $manifest "status") "creationTimestamp")}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_values.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_values.go.tpl new file mode 100644 index 000000000..9b304d4bf --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/_values.go.tpl @@ -0,0 +1,15 @@ +{{- /* Generated from "values.go" */ -}} + +{{- define "connectors.Auth.SASLEnabled" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $saslEnabled := (not (empty $c.sasl.userName)) -}} +{{- $saslEnabled = (and $saslEnabled (not (empty $c.sasl.mechanism))) -}} +{{- $saslEnabled = (and $saslEnabled (not (empty $c.sasl.secretRef))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $saslEnabled) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/entry-point.yaml b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/entry-point.yaml new file mode 100644 index 000000000..b6c6467d5 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/entry-point.yaml @@ -0,0 +1,17 @@ +{{- /* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- include "_shims.render-manifest" (list "connectors.render" .) -}} diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/tests/01-mm2-values.yaml b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/tests/01-mm2-values.yaml new file mode 100644 index 000000000..c369806c8 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/templates/tests/01-mm2-values.yaml @@ -0,0 +1,176 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- define "curl-options" -}} +{{- print " -svm3 --fail --retry \"120\" --retry-max-time \"120\" --retry-all-errors -o - -w \"\\nstatus=%{http_code} %{redirect_url} size=%{size_download} time=%{time_total} content-type=\\\"%{content_type}\\\"\\n\" "}} +{{- end -}} +{{- if .Values.test.create -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "connectors.fullname" . }}-mm2-test + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: create-mm2 + image: docker.redpanda.com/redpandadata/redpanda:latest + command: + - /bin/bash + - -c + - | + set -xe + + trap connectorsState ERR + + connectorsState () { + echo check connectors expand status + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors?expand=status + echo check connectors expand info + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors?expand=info + echo check connector configuration + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors/$CONNECTOR_NAME + echo check connector topics + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors/$CONNECTOR_NAME/topics + } + + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors + + SASL_MECHANISM="PLAIN" + {{- if .Values.auth.sasl.enabled }} + set -e + set +x + + IFS=: read -r CONNECT_SASL_USERNAME KAFKA_SASL_PASSWORD CONNECT_SASL_MECHANISM < $(find /mnt/users/* -print) + CONNECT_SASL_MECHANISM=${CONNECT_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + if [[ -n "$CONNECT_SASL_USERNAME" && -n "$KAFKA_SASL_PASSWORD" && -n "$CONNECT_SASL_MECHANISM" ]]; then + rpk profile set user=$CONNECT_SASL_USERNAME pass=$KAFKA_SASL_PASSWORD sasl.mechanism=$CONNECT_SASL_MECHANISM + SASL_MECHANISM=$CONNECT_SASL_MECHANISM + JAAS_CONFIG_SOURCE="\"source.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${CONNECT_SASL_USERNAME}\\\\"\" password=\\\\"\"${KAFKA_SASL_PASSWORD}\\\\"\";\"," + JAAS_CONFIG_TARGET="\"target.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${CONNECT_SASL_USERNAME}\\\\"\" password=\\\\"\"${KAFKA_SASL_PASSWORD}\\\\"\";\"," + fi + + set -x + set +e + {{- end }} + + rpk profile create test + rpk profile set tls.enabled={{.Values.connectors.brokerTLS.enabled}} brokers={{ .Values.connectors.bootstrapServers }} + {{- if .Values.connectors.brokerTLS.ca.secretRef }} + rpk profile set tls.ca={{ printf "/redpanda-certs/%s" (default "ca.crt" .Values.connectors.brokerTLS.ca.secretNameOverwrite) }} + {{- end }} + + {{- if .Values.connectors.brokerTLS.enabled }} + CONNECT_TLS_ENABLED=true + {{- else }} + CONNECT_TLS_ENABLED=false + {{- end }} + SECURITY_PROTOCOL=PLAINTEXT + if [[ -n "$CONNECT_SASL_MECHANISM" && $CONNECT_TLS_ENABLED == "true" ]]; then + SECURITY_PROTOCOL="SASL_SSL" + elif [[ -n "$CONNECT_SASL_MECHANISM" ]]; then + SECURITY_PROTOCOL="SASL_PLAINTEXT" + elif [[ $CONNECT_TLS_ENABLED == "true" ]]; then + SECURITY_PROTOCOL="SSL" + fi + + rpk topic list + rpk topic create test-topic + rpk topic list + echo "Test message!" | rpk topic produce test-topic + + CONNECTOR_NAME=mm2-$RANDOM + cat << 'EOF' > /tmp/mm2-conf.json + { + "name": "CONNECTOR_NAME", + "config": { + "connector.class": "org.apache.kafka.connect.mirror.MirrorSourceConnector", + "topics": "test-topic", + "replication.factor": "1", + "tasks.max": "1", + "source.cluster.bootstrap.servers": {{ .Values.connectors.bootstrapServers | quote }}, + "target.cluster.bootstrap.servers": {{ .Values.connectors.bootstrapServers | quote }}, + "target.cluster.alias": "test-only", + "source.cluster.alias": "source", + "key.converter": "org.apache.kafka.connect.converters.ByteArrayConverter", + "value.converter": "org.apache.kafka.connect.converters.ByteArrayConverter", + "source->target.enabled": "true", + "target->source.enabled": "false", + "sync.topic.configs.interval.seconds": "5", + "sync.topics.configs.enabled": "true", + "source.cluster.ssl.truststore.type": "PEM", + "target.cluster.ssl.truststore.type": "PEM", + "source.cluster.ssl.truststore.location": {{ printf "/opt/kafka/connect-certs/ca/%s" (default "ca.crt" .Values.connectors.brokerTLS.ca.secretNameOverwrite) | quote }}, + "target.cluster.ssl.truststore.location": {{ printf "/opt/kafka/connect-certs/ca/%s" (default "ca.crt" .Values.connectors.brokerTLS.ca.secretNameOverwrite) | quote }}, + JAAS_CONFIG_SOURCE + JAAS_CONFIG_TARGET + "source.cluster.security.protocol": "SECURITY_PROTOCOL", + "target.cluster.security.protocol": "SECURITY_PROTOCOL", + "source.cluster.sasl.mechanism": "SASL_MECHANISM", + "target.cluster.sasl.mechanism": "SASL_MECHANISM", + "offset-syncs.topic.replication.factor": 1 + } + } + EOF + + sed -i "s/CONNECTOR_NAME/$CONNECTOR_NAME/g" /tmp/mm2-conf.json + sed -i "s/SASL_MECHANISM/$SASL_MECHANISM/g" /tmp/mm2-conf.json + sed -i "s/SECURITY_PROTOCOL/$SECURITY_PROTOCOL/g" /tmp/mm2-conf.json + set +x + sed -i "s/JAAS_CONFIG_SOURCE/$JAAS_CONFIG_SOURCE/g" /tmp/mm2-conf.json + sed -i "s/JAAS_CONFIG_TARGET/$JAAS_CONFIG_TARGET/g" /tmp/mm2-conf.json + set -x + + curl {{ template "curl-options" . }} -H 'Content-Type: application/json' http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors -d @/tmp/mm2-conf.json + + # The rpk topic consume could fail for the first few times as kafka connect needs + # to spawn the task and copy one message from the source topic. To solve this race condition + # the retry should be implemented in bash for rpk topic consume or other mechanism that + # can confirm source connectors started its execution. As a fast fix fixed 30 second fix is added. + sleep 30 + + rpk topic consume source.test-topic -n 1 | grep "Test message!" + + curl {{ template "curl-options" . }} -X DELETE http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors/$CONNECTOR_NAME + + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors + + rpk topic delete test-topic source.test-topic mm2-offset-syncs.test-only.internal + volumeMounts: + {{- if .Values.connectors.brokerTLS.ca.secretRef }} + - mountPath: /redpanda-certs + name: redpanda-ca + {{- end }} + {{- toYaml .Values.storage.volumeMounts | nindent 8 }} + volumes: + {{- if .Values.connectors.brokerTLS.ca.secretRef }} + - name: redpanda-ca + secret: + defaultMode: 0444 + secretName: {{ .Values.connectors.brokerTLS.ca.secretRef }} + {{- end }} + {{- toYaml .Values.storage.volume | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/charts/connectors/values.yaml b/charts/redpanda/redpanda/5.9.12/charts/connectors/values.yaml new file mode 100644 index 000000000..99cb3c580 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/connectors/values.yaml @@ -0,0 +1,313 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file contains values for variables referenced from yaml files in the templates directory. +# +# For further information on Helm templating see the documentation at: +# https://helm.sh/docs/chart_template_guide/values_files/ + +# +# >>> This chart requires Helm version 3.6.0 or greater <<< +# + +# Common settings +# +# -- Override `connectors.name` template. +nameOverride: "" +# -- Override `connectors.fullname` template. +fullnameOverride: "" +# -- Additional labels to add to all Kubernetes objects. +# For example, `my.k8s.service: redpanda`. +commonLabels: {} +# -- Taints to be tolerated by Pods. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). +tolerations: [] + +# -- Redpanda Docker image settings. +image: + # -- Docker repository from which to pull the Redpanda Docker image. + repository: docker.redpanda.com/redpandadata/connectors + # -- The Redpanda version. + # See DockerHub for: + # [All stable versions](https://hub.docker.com/r/redpandadata/redpanda/tags) + # and [all unstable versions](https://hub.docker.com/r/redpandadata/redpanda-unstable/tags). + # @default -- `Chart.appVersion`. + tag: "" + # -- The imagePullPolicy. + # If `image.tag` is 'latest', the default is `Always`. + pullPolicy: IfNotPresent + +# -- Pull secrets may be used to provide credentials to image repositories +# See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] + +test: + create: true + +connectors: + # -- The port on which the Kafka Connect REST API listens. The API is used for administrative tasks. + restPort: 8083 + # -- A comma-separated list of Redpanda broker addresses in the format of IP:Port or DNS:Port. Kafka Connect uses this to connect to the Redpanda/Kafka cluster. + bootstrapServers: "" + # A comma-separated list of Schema Registry addresses in the format IP:Port or DNS:Port. The Schema Registry is a service that manages the schemas used by producers and consumers. + schemaRegistryURL: "" + # -- A placeholder for any Java configuration settings for Kafka Connect that are not explicitly defined in this Helm chart. Java configuration settings are passed to the Kafka Connect startup script. + additionalConfiguration: "" + secretManager: + enabled: false + region: "" + consolePrefix: "" + connectorsPrefix: "" + # -- The number of bytes of records a producer will attempt to batch together before sending to Redpanda. Batching improves throughput. + producerBatchSize: 131072 + # -- The time, in milliseconds, that a producer will wait before sending a batch of records. Waiting allows the producer to gather more records in the same batch and improve throughput. + producerLingerMS: 1 + storage: + # -- The number of replicas for each of the internal topics that Kafka Connect uses. + replicationFactor: + # -- Replication factor for the offset topic. + offset: -1 + # -- Replication factor for the configuration topic. + config: -1 + # -- Replication factor for the status topic. + status: -1 + # -- Indicates if read and write operations for the respective topics are allowed remotely. + remote: + read: + offset: false + config: false + status: false + write: + offset: false + config: false + status: false + topic: + # -- The name of the internal topic that Kafka Connect uses to store source connector offsets. + offset: _internal_connectors_offsets + # -- The name of the internal topic that Kafka Connect uses to store connector and task configurations. + config: _internal_connectors_configs + # -- The name of the internal topic that Kafka Connect uses to store connector and task status updates. + status: _internal_connectors_status + # -- A unique string that identifies the Kafka Connect cluster. It's used in the formation of the internal topic names, ensuring that multiple Kafka Connect clusters can connect to the same Redpanda cluster without interfering with each other. + groupID: connectors-cluster + brokerTLS: + enabled: false + ca: + # -- The name of the Secret where the ca.crt file content is located. + secretRef: "" + # -- If `secretRef` points to a Secret where the certificate authority (CA) is not under the + # `ca.crt` key, use `secretNameOverwrite` to overwrite it e.g. `corp-ca.crt`. + secretNameOverwrite: "" + cert: + # -- The name of the secret where client signed certificate is located + secretRef: "" + # -- If secretRef points to secret where client signed certificate is not under + # tls.crt key then please use secretNameOverwrite to overwrite it e.g. corp-tls.crt + secretNameOverwrite: "" + key: + # -- The name of the secret where client private key is located + secretRef: "" + # -- If secretRef points to secret where client private key is not under + # tls.key key then please use secretNameOverwrite to overwrite it e.g. corp-tls.key + secretNameOverwrite: "" + +# -- Authentication settings. +# For details, +# see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/). +# The first line of the secret file is used. So the first superuser is used to authenticate to the Redpanda cluster. +auth: + sasl: + enabled: false + # -- The authentication mechanism to use for the superuser. Options are `scram-sha-256` and `scram-sha-512`. + mechanism: scram-sha-512 + # -- A Secret that contains your SASL user password. + secretRef: "" + userName: "" + +# -- Log-level settings. +logging: + # -- Log level + # Valid values (from least to most verbose) are: `error`, `warn`, `info` and `debug`. + level: warn + +# -- Monitoring. +# When set to `true`, the Helm chart creates a PodMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. +monitoring: + enabled: false + scrapeInterval: 30s + labels: {} + annotations: {} + namespaceSelector: + any: true + +container: + # + # -- Security context for the Redpanda Connectors container. + # See also `deployment.securityContext` for Pod-level settings. + securityContext: + allowPrivilegeEscalation: false + # -- Pod resource management. + resources: + request: + # Numeric values here are also acceptable. + cpu: "1" + memory: 2350Mi + limits: + cpu: "1" + memory: 2350Mi + # -- Java maximum heap size must not be greater than `container.resources.limits.memory`. + javaMaxHeapSize: 2G + javaGCLogEnabled: "false" + +deployment: + # Replicas can be used to scale Deployment + # replicas + + create: true + # Customize the command to use as the entrypoint of the Deployment. + # command: [] + strategy: + type: RollingUpdate + schedulerName: "" + budget: + maxUnavailable: 1 + # -- Additional annotations to apply to the Pods of this Deployment. + annotations: {} + # -- Adjust the period for your probes to meet your needs. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + livenessProbe: + initialDelaySeconds: 10 + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + initialDelaySeconds: 60 + failureThreshold: 2 + periodSeconds: 10 + successThreshold: 3 + timeoutSeconds: 5 + + # -- Additional environment variables for the Pods. + extraEnv: [] + # - name: RACK_ID + # value: "1" + + # -- Configure extra environment variables from Secrets and ConfigMaps. + extraEnvFrom: [] + # - secretRef: + # name: my-secret + # - configMapRef: + # name: my-configmap + + # -- The maximum time in seconds for a deployment to make progress before it is + # considered to be failed. The deployment controller will continue to process + # failed deployments and a condition with a ProgressDeadlineExceeded reason + # will be surfaced in the deployment status. Note that progress will not be + # estimated during the time a deployment is paused. + progressDeadlineSeconds: 600 + + # -- The number of old ReplicaSets to retain to allow rollback. This is a pointer + # to distinguish between explicit zero and not specified. + revisionHistoryLimit: 10 + + # -- Inter-Pod Affinity rules for scheduling Pods of this Deployment. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). + podAffinity: {} + # -- Node Affinity rules for scheduling Pods of this Deployment. + # The suggestion would be to spread Pods according to topology zone. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + nodeAffinity: {} + # -- Anti-affinity rules for scheduling Pods of this Deployment. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). + # You may either edit the default settings for anti-affinity rules, + # or specify new anti-affinity rules to use instead of the defaults. + podAntiAffinity: + # -- The `topologyKey` to be used. + # Can be used to spread across different nodes, AZs, regions etc. + topologyKey: kubernetes.io/hostname + # -- Valid anti-affinity types are `soft`, `hard`, or `custom`. + # Use `custom` if you want to supply your own anti-affinity rules in the `podAntiAffinity.custom` object. + type: hard + # -- Weight for `soft` anti-affinity rules. + # Does not apply for other anti-affinity types. + weight: 100 + # -- Change `podAntiAffinity.type` to `custom` and provide your own podAntiAffinity rules here. + custom: {} + # -- Node selection constraints for scheduling Pods of this Deployment. + # These constraints override the global `nodeSelector` value. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). + nodeSelector: {} + # -- PriorityClassName given to Pods of this Deployment. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). + priorityClassName: "" + # -- Taints to be tolerated by Pods of this Deployment. + # These tolerations override the global tolerations value. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). + tolerations: [] + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + securityContext: + fsGroup: 101 + runAsUser: 101 + fsGroupChangePolicy: OnRootMismatch + terminationGracePeriodSeconds: 30 + restartPolicy: Always + +storage: + volume: + - emptyDir: + medium: Memory + sizeLimit: 5Mi + name: rp-connect-tmp + volumeMounts: + - mountPath: /tmp + name: rp-connect-tmp + +# -- ServiceAccount management. +serviceAccount: + # -- Specifies whether a ServiceAccount should be created. + create: false + # -- Specifies whether a service account should automount API-Credentials + automountServiceAccountToken: false + # -- Annotations to add to the ServiceAccount. + annotations: {} + # -- The name of the ServiceAccount to use. + # If not set and `serviceAccount.create` is `true`, + # a name is generated using the `connectors.fullname` template. + name: "" + +# -- Service management. +service: + # -- Annotations to add to the Service. + annotations: {} + # -- The name of the service to use. + # If not set, a name is generated using the `connectors.fullname` template. + name: "" + ports: + - name: prometheus + port: 9404 diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/.helmignore b/charts/redpanda/redpanda/5.9.12/charts/console/.helmignore new file mode 100644 index 000000000..d5bb5e6ba --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/.helmignore @@ -0,0 +1,28 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +README.md.gotmpl +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +*.go +testdata/ +ci/ diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/Chart.yaml b/charts/redpanda/redpanda/5.9.12/charts/console/Chart.yaml new file mode 100644 index 000000000..37a546db9 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/console:v2.7.2 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ +apiVersion: v2 +appVersion: v2.7.2 +description: Helm chart to deploy Redpanda Console. +icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg +kubeVersion: '>= 1.25.0-0' +maintainers: +- name: redpanda-data + url: https://github.com/orgs/redpanda-data/people +name: console +sources: +- https://github.com/redpanda-data/helm-charts +type: application +version: 0.7.30 diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/README.md b/charts/redpanda/redpanda/5.9.12/charts/console/README.md new file mode 100644 index 000000000..9fb393273 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/README.md @@ -0,0 +1,353 @@ +# Redpanda Console Helm Chart Specification +--- +description: Find the default values and descriptions of settings in the Redpanda Console Helm chart. +--- + +![Version: 0.7.30](https://img.shields.io/badge/Version-0.7.30-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.7.2](https://img.shields.io/badge/AppVersion-v2.7.2-informational?style=flat-square) + +This page describes the official Redpanda Console Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/console/values.yaml). +Each of the settings is listed and described on this page, along with any default values. + +The Redpanda Console Helm chart is included as a subchart in the Redpanda Helm chart so that you can deploy and configure Redpanda and Redpanda Console together. +For instructions on how to install and use the chart, refer to the [deployment documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-deploy/). +For instructions on how to override and customize the chart’s values, see [Configure Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console). + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) + +## Source Code + +* + +## Requirements + +Kubernetes: `>= 1.25.0-0` + +## Settings + +### [affinity](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=affinity) + +**Default:** `{}` + +### [annotations](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=annotations) + +Annotations to add to the deployment. + +**Default:** `{}` + +### [automountServiceAccountToken](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=automountServiceAccountToken) + +Automount API credentials for the Service Account into the pod. + +**Default:** `true` + +### [autoscaling.enabled](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=autoscaling.enabled) + +**Default:** `false` + +### [autoscaling.maxReplicas](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=autoscaling.maxReplicas) + +**Default:** `100` + +### [autoscaling.minReplicas](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=autoscaling.minReplicas) + +**Default:** `1` + +### [autoscaling.targetCPUUtilizationPercentage](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=autoscaling.targetCPUUtilizationPercentage) + +**Default:** `80` + +### [commonLabels](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=commonLabels) + +**Default:** `{}` + +### [configmap.create](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=configmap.create) + +**Default:** `true` + +### [console.config](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=console.config) + +Settings for the `Config.yaml` (required). For a reference of configuration settings, see the [Redpanda Console documentation](https://docs.redpanda.com/docs/reference/console/config/). + +**Default:** `{}` + +### [deployment.create](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=deployment.create) + +**Default:** `true` + +### [enterprise](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=enterprise) + +Settings for license key, as an alternative to secret.enterprise when a license secret is available + +**Default:** + +``` +{"licenseSecretRef":{"key":"","name":""}} +``` + +### [extraContainers](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=extraContainers) + +Add additional containers, such as for oauth2-proxy. + +**Default:** `[]` + +### [extraEnv](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=extraEnv) + +Additional environment variables for the Redpanda Console Deployment. + +**Default:** `[]` + +### [extraEnvFrom](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=extraEnvFrom) + +Additional environment variables for Redpanda Console mapped from Secret or ConfigMap. + +**Default:** `[]` + +### [extraVolumeMounts](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=extraVolumeMounts) + +Add additional volume mounts, such as for TLS keys. + +**Default:** `[]` + +### [extraVolumes](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=extraVolumes) + +Add additional volumes, such as for TLS keys. + +**Default:** `[]` + +### [fullnameOverride](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=fullnameOverride) + +Override `console.fullname` template. + +**Default:** `""` + +### [image](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=image) + +Redpanda Console Docker image settings. + +**Default:** + +``` +{"pullPolicy":"IfNotPresent","registry":"docker.redpanda.com","repository":"redpandadata/console","tag":""} +``` + +### [image.pullPolicy](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=image.pullPolicy) + +The imagePullPolicy. + +**Default:** `"IfNotPresent"` + +### [image.repository](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=image.repository) + +Docker repository from which to pull the Redpanda Docker image. + +**Default:** `"redpandadata/console"` + +### [image.tag](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=image.tag) + +The Redpanda Console version. See DockerHub for: [All stable versions](https://hub.docker.com/r/redpandadata/console/tags) and [all unstable versions](https://hub.docker.com/r/redpandadata/console-unstable/tags). + +**Default:** `Chart.appVersion` + +### [imagePullSecrets](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=imagePullSecrets) + +Pull secrets may be used to provide credentials to image repositories See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + +**Default:** `[]` + +### [ingress.annotations](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.annotations) + +**Default:** `{}` + +### [ingress.className](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.className) + +**Default:** `nil` + +### [ingress.enabled](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.enabled) + +**Default:** `false` + +### [ingress.hosts[0].host](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.hosts[0].host) + +**Default:** `"chart-example.local"` + +### [ingress.hosts[0].paths[0].path](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.hosts[0].paths[0].path) + +**Default:** `"/"` + +### [ingress.hosts[0].paths[0].pathType](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.hosts[0].paths[0].pathType) + +**Default:** `"ImplementationSpecific"` + +### [ingress.tls](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=ingress.tls) + +**Default:** `[]` + +### [initContainers](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=initContainers) + +Any initContainers defined should be written here + +**Default:** `{"extraInitContainers":""}` + +### [initContainers.extraInitContainers](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=initContainers.extraInitContainers) + +Additional set of init containers + +**Default:** `""` + +### [livenessProbe](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=livenessProbe) + +Settings for liveness and readiness probes. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes). + +**Default:** + +``` +{"failureThreshold":3,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1} +``` + +### [nameOverride](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=nameOverride) + +Override `console.name` template. + +**Default:** `""` + +### [nodeSelector](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=nodeSelector) + +**Default:** `{}` + +### [podAnnotations](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=podAnnotations) + +**Default:** `{}` + +### [podLabels](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=podLabels) + +**Default:** `{}` + +### [podSecurityContext.fsGroup](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=podSecurityContext.fsGroup) + +**Default:** `99` + +### [podSecurityContext.runAsUser](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=podSecurityContext.runAsUser) + +**Default:** `99` + +### [priorityClassName](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=priorityClassName) + +PriorityClassName given to Pods. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). + +**Default:** `""` + +### [readinessProbe.failureThreshold](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=readinessProbe.failureThreshold) + +**Default:** `3` + +### [readinessProbe.initialDelaySeconds](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=readinessProbe.initialDelaySeconds) + +Grant time to test connectivity to upstream services such as Kafka and Schema Registry. + +**Default:** `10` + +### [readinessProbe.periodSeconds](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=readinessProbe.periodSeconds) + +**Default:** `10` + +### [readinessProbe.successThreshold](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=readinessProbe.successThreshold) + +**Default:** `1` + +### [readinessProbe.timeoutSeconds](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=readinessProbe.timeoutSeconds) + +**Default:** `1` + +### [replicaCount](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=replicaCount) + +**Default:** `1` + +### [resources](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=resources) + +**Default:** `{}` + +### [secret](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=secret) + +Create a new Kubernetes Secret for all sensitive configuration inputs. Each provided Secret is mounted automatically and made available to the Pod. If you want to use one or more existing Secrets, you can use the `extraEnvFrom` list to mount environment variables from string and secretMounts to mount files such as Certificates from Secrets. + +**Default:** + +``` +{"create":true,"enterprise":{},"kafka":{},"login":{"github":{},"google":{},"jwtSecret":"","oidc":{},"okta":{}},"redpanda":{"adminApi":{}}} +``` + +### [secret.kafka](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=secret.kafka) + +Kafka Secrets. + +**Default:** `{}` + +### [secretMounts](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=secretMounts) + +SecretMounts is an abstraction to make a Secret available in the container's filesystem. Under the hood it creates a volume and a volume mount for the Redpanda Console container. + +**Default:** `[]` + +### [securityContext.runAsNonRoot](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=securityContext.runAsNonRoot) + +**Default:** `true` + +### [service.annotations](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=service.annotations) + +**Default:** `{}` + +### [service.port](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=service.port) + +**Default:** `8080` + +### [service.targetPort](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=service.targetPort) + +Override the value in `console.config.server.listenPort` if not `nil` + +**Default:** `nil` + +### [service.type](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=service.type) + +**Default:** `"ClusterIP"` + +### [serviceAccount.annotations](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=serviceAccount.annotations) + +Annotations to add to the service account. + +**Default:** `{}` + +### [serviceAccount.automountServiceAccountToken](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=serviceAccount.automountServiceAccountToken) + +Specifies whether a service account should automount API-Credentials + +**Default:** `true` + +### [serviceAccount.create](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=serviceAccount.create) + +Specifies whether a service account should be created. + +**Default:** `true` + +### [serviceAccount.name](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=serviceAccount.name) + +The name of the service account to use. If not set and `serviceAccount.create` is `true`, a name is generated using the `console.fullname` template + +**Default:** `""` + +### [strategy](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=strategy) + +**Default:** `{}` + +### [tests.enabled](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=tests.enabled) + +**Default:** `true` + +### [tolerations](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=tolerations) + +**Default:** `[]` + +### [topologySpreadConstraints](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values&path=topologySpreadConstraints) + +**Default:** `[]` + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/examples/console-enterprise.yaml b/charts/redpanda/redpanda/5.9.12/charts/console/examples/console-enterprise.yaml new file mode 100644 index 000000000..dc3f29197 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/examples/console-enterprise.yaml @@ -0,0 +1,94 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +image: + tag: master-8fcce39 + +resources: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 100m + memory: 512Mi + +console: + config: + kafka: + brokers: + - bootstrap.mybrokers.com:9092 + clientId: redpanda-console + sasl: + enabled: true + mechanism: SCRAM-SHA-256 + username: console + # password: set via Helm secret / Env variable + tls: + enabled: false + login: + google: + enabled: true + clientId: redacted.apps.googleusercontent.com + # clientSecret: set via Helm secret / Env variable + directory: + # serviceAccountFilepath: set via Helm secret / Env variable + targetPrincipal: admin@mycompany.com + enterprise: + rbac: + enabled: true + roleBindingsFilepath: /etc/console/configs/role-bindings.yaml + roleBindings: + - roleName: viewer + metadata: + # Metadata properties will be shown in the UI. You can omit it if you want to + name: Developers + subjects: + # You can specify all groups or users from different providers here which shall be bound to the same role + - kind: group + provider: Google + name: engineering@mycompany.com + - kind: user + provider: Google + name: singleuser@mycompany.com + - roleName: admin + metadata: + name: Admin + subjects: + - kind: user + provider: Google + name: adminperson@mycompany.com + +secret: + create: true + kafka: + saslPassword: "redacted" + enterprise: + license: "redacted" + login: + google: + clientSecret: "redacted" + groupsServiceAccount: | + { + "type": "service_account", + "project_id": "redacted", + "private_key_id": "redacted", + "private_key": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n", + "client_email": "redacted@projectid.iam.gserviceaccount.com", + "client_id": "redacted", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/redacted.iam.gserviceaccount.com" + } diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/NOTES.txt b/charts/redpanda/redpanda/5.9.12/charts/console/templates/NOTES.txt new file mode 100644 index 000000000..7541881fc --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/NOTES.txt @@ -0,0 +1,20 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- $notes := (get ((include "console.Notes" (dict "a" (list .))) | fromJson) "r") -}} +{{- range $_, $note := $notes }} +{{ $note }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_chart.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_chart.go.tpl new file mode 100644 index 000000000..47f236d6f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_chart.go.tpl @@ -0,0 +1,13 @@ +{{- /* Generated from "chart.go" */ -}} + +{{- define "console.render" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $manifests := (list (get (fromJson (include "console.ServiceAccount" (dict "a" (list $dot) ))) "r") (get (fromJson (include "console.Secret" (dict "a" (list $dot) ))) "r") (get (fromJson (include "console.ConfigMap" (dict "a" (list $dot) ))) "r") (get (fromJson (include "console.Service" (dict "a" (list $dot) ))) "r") (get (fromJson (include "console.Ingress" (dict "a" (list $dot) ))) "r") (get (fromJson (include "console.Deployment" (dict "a" (list $dot) ))) "r") (get (fromJson (include "console.HorizontalPodAutoscaler" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $manifests) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_configmap.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_configmap.go.tpl new file mode 100644 index 000000000..14673b024 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_configmap.go.tpl @@ -0,0 +1,25 @@ +{{- /* Generated from "configmap.go" */ -}} + +{{- define "console.ConfigMap" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.configmap.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $data := (dict "config.yaml" (printf "# from .Values.console.config\n%s\n" (tpl (toYaml $values.console.config) $dot)) ) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.console.roles) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $data "roles.yaml" (tpl (toYaml (dict "roles" $values.console.roles )) $dot)) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.console.roleBindings) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $data "role-bindings.yaml" (tpl (toYaml (dict "roleBindings" $values.console.roleBindings )) $dot)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "ConfigMap" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") )) "data" $data ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_deployment.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_deployment.go.tpl new file mode 100644 index 000000000..67aaf598f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_deployment.go.tpl @@ -0,0 +1,133 @@ +{{- /* Generated from "deployment.go" */ -}} + +{{- define "console.ContainerPort" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $listenPort := ((8080 | int) | int) -}} +{{- if (ne (toJson $values.service.targetPort) "null") -}} +{{- $listenPort = $values.service.targetPort -}} +{{- end -}} +{{- $configListenPort := (dig "server" "listenPort" (coalesce nil) $values.console.config) -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asintegral" (dict "a" (list $configListenPort) ))) "r")) ))) "r") -}} +{{- $ok_2 := $tmp_tuple_1.T2 -}} +{{- $asInt_1 := ($tmp_tuple_1.T1 | int) -}} +{{- if $ok_2 -}} +{{- $_is_returning = true -}} +{{- (dict "r" ($asInt_1 | int)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $listenPort) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.Deployment" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.deployment.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $replicas := (coalesce nil) -}} +{{- if (not $values.autoscaling.enabled) -}} +{{- $replicas = ($values.replicaCount | int) -}} +{{- end -}} +{{- $initContainers := (coalesce nil) -}} +{{- if (not (empty $values.initContainers.extraInitContainers)) -}} +{{- $initContainers = (fromYamlArray (tpl $values.initContainers.extraInitContainers $dot)) -}} +{{- end -}} +{{- $volumeMounts := (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "configs" "mountPath" "/etc/console/configs" "readOnly" true ))) -}} +{{- if $values.secret.create -}} +{{- $volumeMounts = (concat (default (list ) $volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "secrets" "mountPath" "/etc/console/secrets" "readOnly" true )))) -}} +{{- end -}} +{{- range $_, $mount := $values.secretMounts -}} +{{- $volumeMounts = (concat (default (list ) $volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $mount.name "mountPath" $mount.path "subPath" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $mount.subPath "") ))) "r") )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $volumeMounts = (concat (default (list ) $volumeMounts) (default (list ) $values.extraVolumeMounts)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "strategy" (dict ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "apps/v1" "kind" "Deployment" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "annotations" $values.annotations )) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "strategy" (dict ) ) (dict "replicas" $replicas "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "console.SelectorLabels" (dict "a" (list $dot) ))) "r") )) "strategy" $values.strategy "template" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "annotations" (merge (dict ) (dict "checksum/config" (sha256sum (toYaml (get (fromJson (include "console.ConfigMap" (dict "a" (list $dot) ))) "r"))) ) $values.podAnnotations) "labels" (merge (dict ) (get (fromJson (include "console.SelectorLabels" (dict "a" (list $dot) ))) "r") $values.podLabels) )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "imagePullSecrets" $values.imagePullSecrets "serviceAccountName" (get (fromJson (include "console.ServiceAccountName" (dict "a" (list $dot) ))) "r") "automountServiceAccountToken" $values.automountServiceAccountToken "securityContext" $values.podSecurityContext "nodeSelector" $values.nodeSelector "affinity" $values.affinity "topologySpreadConstraints" $values.topologySpreadConstraints "priorityClassName" $values.priorityClassName "tolerations" $values.tolerations "volumes" (get (fromJson (include "console.consolePodVolumes" (dict "a" (list $dot) ))) "r") "initContainers" $initContainers "containers" (concat (default (list ) (list (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" $dot.Chart.Name "command" $values.deployment.command "args" (concat (default (list ) (list "--config.filepath=/etc/console/configs/config.yaml")) (default (list ) $values.deployment.extraArgs)) "securityContext" $values.securityContext "image" (get (fromJson (include "console.containerImage" (dict "a" (list $dot) ))) "r") "imagePullPolicy" $values.image.pullPolicy "ports" (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "http" "containerPort" ((get (fromJson (include "console.ContainerPort" (dict "a" (list $dot) ))) "r") | int) "protocol" "TCP" ))) "volumeMounts" $volumeMounts "livenessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/admin/health" "port" "http" )) )) (dict "initialDelaySeconds" ($values.livenessProbe.initialDelaySeconds | int) "periodSeconds" ($values.livenessProbe.periodSeconds | int) "timeoutSeconds" ($values.livenessProbe.timeoutSeconds | int) "successThreshold" ($values.livenessProbe.successThreshold | int) "failureThreshold" ($values.livenessProbe.failureThreshold | int) )) "readinessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "httpGet" (mustMergeOverwrite (dict "port" 0 ) (dict "path" "/admin/health" "port" "http" )) )) (dict "initialDelaySeconds" ($values.readinessProbe.initialDelaySeconds | int) "periodSeconds" ($values.readinessProbe.periodSeconds | int) "timeoutSeconds" ($values.readinessProbe.timeoutSeconds | int) "successThreshold" ($values.readinessProbe.successThreshold | int) "failureThreshold" ($values.readinessProbe.failureThreshold | int) )) "resources" $values.resources "env" (get (fromJson (include "console.consoleContainerEnv" (dict "a" (list $dot) ))) "r") "envFrom" $values.extraEnvFrom )))) (default (list ) $values.extraContainers)) )) )) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.containerImage" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tag := $dot.Chart.AppVersion -}} +{{- if (not (empty $values.image.tag)) -}} +{{- $tag = $values.image.tag -}} +{{- end -}} +{{- $image := (printf "%s:%s" $values.image.repository $tag) -}} +{{- if (not (empty $values.image.registry)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s/%s" $values.image.registry $image)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $image) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.consoleContainerEnv" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.secret.create) -}} +{{- $vars := $values.extraEnv -}} +{{- if (not (empty $values.enterprise.licenseSecretRef.name)) -}} +{{- $vars = (concat (default (list ) $values.extraEnv) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "LICENSE" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" $values.enterprise.licenseSecretRef.name )) (dict "key" (default "enterprise-license" $values.enterprise.licenseSecretRef.key) )) )) )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $vars) | toJson -}} +{{- break -}} +{{- end -}} +{{- $possibleVars := (list (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.saslPassword "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_SASL_PASSWORD" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "kafka-sasl-password" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.protobufGitBasicAuthPassword "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_PROTOBUF_GIT_BASICAUTH_PASSWORD" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "kafka-protobuf-git-basicauth-password" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.awsMskIamSecretKey "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_SASL_AWSMSKIAM_SECRETKEY" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "kafka-sasl-aws-msk-iam-secret-key" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.tlsCa "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_TLS_CAFILEPATH" "value" "/etc/console/secrets/kafka-tls-ca" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.tlsCert "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_TLS_CERTFILEPATH" "value" "/etc/console/secrets/kafka-tls-cert" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.tlsKey "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_TLS_KEYFILEPATH" "value" "/etc/console/secrets/kafka-tls-key" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.schemaRegistryTlsCa "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_SCHEMAREGISTRY_TLS_CAFILEPATH" "value" "/etc/console/secrets/kafka-schemaregistry-tls-ca" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.schemaRegistryTlsCert "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_SCHEMAREGISTRY_TLS_CERTFILEPATH" "value" "/etc/console/secrets/kafka-schemaregistry-tls-cert" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.schemaRegistryTlsKey "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_SCHEMAREGISTRY_TLS_KEYFILEPATH" "value" "/etc/console/secrets/kafka-schemaregistry-tls-key" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.kafka.schemaRegistryPassword "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "KAFKA_SCHEMAREGISTRY_PASSWORD" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "kafka-schema-registry-password" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" true "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_JWTSECRET" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-jwt-secret" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.google.clientSecret "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_GOOGLE_CLIENTSECRET" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-google-oauth-client-secret" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.google.groupsServiceAccount "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_GOOGLE_DIRECTORY_SERVICEACCOUNTFILEPATH" "value" "/etc/console/secrets/login-google-groups-service-account.json" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.github.clientSecret "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_GITHUB_CLIENTSECRET" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-github-oauth-client-secret" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.github.personalAccessToken "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_GITHUB_DIRECTORY_PERSONALACCESSTOKEN" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-github-personal-access-token" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.okta.clientSecret "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_OKTA_CLIENTSECRET" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-okta-client-secret" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.okta.directoryApiToken "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_OKTA_DIRECTORY_APITOKEN" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-okta-directory-api-token" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.login.oidc.clientSecret "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LOGIN_OIDC_CLIENTSECRET" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "login-oidc-client-secret" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.enterprise.license "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "LICENSE" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "enterprise-license" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.redpanda.adminApi.password "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_ADMINAPI_PASSWORD" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict "key" "redpanda-admin-api-password" )) )) )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.redpanda.adminApi.tlsCa "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_ADMINAPI_TLS_CAFILEPATH" "value" "/etc/console/secrets/redpanda-admin-api-tls-ca" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.redpanda.adminApi.tlsKey "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_ADMINAPI_TLS_KEYFILEPATH" "value" "/etc/console/secrets/redpanda-admin-api-tls-key" )) )) (mustMergeOverwrite (dict "Value" (coalesce nil) "EnvVar" (dict "name" "" ) ) (dict "Value" $values.secret.redpanda.adminApi.tlsCert "EnvVar" (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_ADMINAPI_TLS_CERTFILEPATH" "value" "/etc/console/secrets/redpanda-admin-api-tls-cert" )) ))) -}} +{{- $vars := $values.extraEnv -}} +{{- range $_, $possible := $possibleVars -}} +{{- if (not (empty $possible.Value)) -}} +{{- $vars = (concat (default (list ) $vars) (list $possible.EnvVar)) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $vars) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.consolePodVolumes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $volumes := (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) (dict )) )) (dict "name" "configs" ))) -}} +{{- if $values.secret.create -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) )) (dict "name" "secrets" )))) -}} +{{- end -}} +{{- range $_, $mount := $values.secretMounts -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $mount.secretName "defaultMode" $mount.defaultMode )) )) (dict "name" $mount.name )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $volumes) (default (list ) $values.extraVolumes))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.go.tpl new file mode 100644 index 000000000..05ad60965 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.go.tpl @@ -0,0 +1,82 @@ +{{- /* Generated from "helpers.go" */ -}} + +{{- define "console.Name" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $name := (default $dot.Chart.Name $values.nameOverride) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "console.cleanForK8s" (dict "a" (list $name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.Fullname" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (ne $values.fullnameOverride "") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "console.cleanForK8s" (dict "a" (list $values.fullnameOverride) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $name := (default $dot.Chart.Name $values.nameOverride) -}} +{{- if (contains $name $dot.Release.Name) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "console.cleanForK8s" (dict "a" (list $dot.Release.Name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "console.cleanForK8s" (dict "a" (list (printf "%s-%s" $dot.Release.Name $name)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.ChartLabel" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $chart := (printf "%s-%s" $dot.Chart.Name $dot.Chart.Version) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "console.cleanForK8s" (dict "a" (list (replace "+" "_" $chart)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.Labels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $labels := (dict "helm.sh/chart" (get (fromJson (include "console.ChartLabel" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/managed-by" $dot.Release.Service ) -}} +{{- if (ne $dot.Chart.AppVersion "") -}} +{{- $_ := (set $labels "app.kubernetes.io/version" $dot.Chart.AppVersion) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $labels (get (fromJson (include "console.SelectorLabels" (dict "a" (list $dot) ))) "r") $values.commonLabels)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.SelectorLabels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "app.kubernetes.io/name" (get (fromJson (include "console.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.cleanForK8s" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (trimSuffix "-" (trunc (63 | int) $s))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.tpl new file mode 100644 index 000000000..ee2ab5d9b --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* +Expand the name of the chart. +Used by tests/test-connection.yaml +*/}} +{{- define "console.name" -}} +{{- get ((include "console.Name" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Used by tests/test-connection.yaml +*/}} +{{- define "console.fullname" -}} +{{- get ((include "console.Fullname" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Common labels +Used by tests/test-connection.yaml +*/}} +{{- define "console.labels" -}} +{{- (get ((include "console.Labels" (dict "a" (list .))) | fromJson) "r") | toYaml -}} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_hpa.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_hpa.go.tpl new file mode 100644 index 000000000..5c3b33bed --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_hpa.go.tpl @@ -0,0 +1,25 @@ +{{- /* Generated from "hpa.go" */ -}} + +{{- define "console.HorizontalPodAutoscaler" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.autoscaling.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $metrics := (list ) -}} +{{- if (ne (toJson $values.autoscaling.targetCPUUtilizationPercentage) "null") -}} +{{- $metrics = (concat (default (list ) $metrics) (list (mustMergeOverwrite (dict "type" "" ) (dict "type" "Resource" "resource" (mustMergeOverwrite (dict "name" "" "target" (dict "type" "" ) ) (dict "name" "cpu" "target" (mustMergeOverwrite (dict "type" "" ) (dict "type" "Utilization" "averageUtilization" $values.autoscaling.targetCPUUtilizationPercentage )) )) )))) -}} +{{- end -}} +{{- if (ne (toJson $values.autoscaling.targetMemoryUtilizationPercentage) "null") -}} +{{- $metrics = (concat (default (list ) $metrics) (list (mustMergeOverwrite (dict "type" "" ) (dict "type" "Resource" "resource" (mustMergeOverwrite (dict "name" "" "target" (dict "type" "" ) ) (dict "name" "memory" "target" (mustMergeOverwrite (dict "type" "" ) (dict "type" "Utilization" "averageUtilization" $values.autoscaling.targetMemoryUtilizationPercentage )) )) )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "scaleTargetRef" (dict "kind" "" "name" "" ) "maxReplicas" 0 ) "status" (dict "desiredReplicas" 0 "currentMetrics" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "autoscaling/v2" "kind" "HorizontalPodAutoscaler" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "scaleTargetRef" (dict "kind" "" "name" "" ) "maxReplicas" 0 ) (dict "scaleTargetRef" (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "apiVersion" "apps/v1" "kind" "Deployment" "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") )) "minReplicas" ($values.autoscaling.minReplicas | int) "maxReplicas" ($values.autoscaling.maxReplicas | int) "metrics" $metrics )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_ingress.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_ingress.go.tpl new file mode 100644 index 000000000..0df05e870 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_ingress.go.tpl @@ -0,0 +1,46 @@ +{{- /* Generated from "ingress.go" */ -}} + +{{- define "console.Ingress" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.ingress.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $tls := (coalesce nil) -}} +{{- range $_, $t := $values.ingress.tls -}} +{{- $hosts := (coalesce nil) -}} +{{- range $_, $host := $t.hosts -}} +{{- $hosts = (concat (default (list ) $hosts) (list (tpl $host $dot))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $tls = (concat (default (list ) $tls) (list (mustMergeOverwrite (dict ) (dict "secretName" $t.secretName "hosts" $hosts )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $rules := (coalesce nil) -}} +{{- range $_, $host := $values.ingress.hosts -}} +{{- $paths := (coalesce nil) -}} +{{- range $_, $path := $host.paths -}} +{{- $paths = (concat (default (list ) $paths) (list (mustMergeOverwrite (dict "pathType" (coalesce nil) "backend" (dict ) ) (dict "path" $path.path "pathType" $path.pathType "backend" (mustMergeOverwrite (dict ) (dict "service" (mustMergeOverwrite (dict "name" "" "port" (dict ) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "port" (mustMergeOverwrite (dict ) (dict "number" ($values.service.port | int) )) )) )) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $rules = (concat (default (list ) $rules) (list (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "http" (mustMergeOverwrite (dict "paths" (coalesce nil) ) (dict "paths" $paths )) )) (dict "host" (tpl $host.host $dot) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "kind" "Ingress" "apiVersion" "networking.k8s.io/v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.ingress.annotations )) "spec" (mustMergeOverwrite (dict ) (dict "ingressClassName" $values.ingress.className "tls" $tls "rules" $rules )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_notes.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_notes.go.tpl new file mode 100644 index 000000000..6b58b21ef --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_notes.go.tpl @@ -0,0 +1,40 @@ +{{- /* Generated from "notes.go" */ -}} + +{{- define "console.Notes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $commands := (list `1. Get the application URL by running these commands:`) -}} +{{- if $values.ingress.enabled -}} +{{- $scheme := "http" -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.ingress.tls) ))) "r") | int) (0 | int)) -}} +{{- $scheme = "https" -}} +{{- end -}} +{{- range $_, $host := $values.ingress.hosts -}} +{{- range $_, $path := $host.paths -}} +{{- $commands = (concat (default (list ) $commands) (list (printf "%s://%s%s" $scheme $host.host $path.path))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- else -}}{{- if (contains "NodePort" (toString $values.service.type)) -}} +{{- $commands = (concat (default (list ) $commands) (list (printf ` export NODE_PORT=$(kubectl get --namespace %s -o jsonpath="{.spec.ports[0].nodePort}" services %s)` $dot.Release.Namespace (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r")) (printf ` export NODE_IP=$(kubectl get nodes --namespace %s -o jsonpath="{.items[0].status.addresses[0].address}")` $dot.Release.Namespace) " echo http://$NODE_IP:$NODE_PORT")) -}} +{{- else -}}{{- if (contains "NodePort" (toString $values.service.type)) -}} +{{- $commands = (concat (default (list ) $commands) (list ` NOTE: It may take a few minutes for the LoadBalancer IP to be available.` (printf ` You can watch the status of by running 'kubectl get --namespace %s svc -w %s'` $dot.Release.Namespace (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r")) (printf ` export SERVICE_IP=$(kubectl get svc --namespace %s %s --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")` $dot.Release.Namespace (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r")) (printf ` echo http://$SERVICE_IP:%d` ($values.service.port | int)))) -}} +{{- else -}}{{- if (contains "ClusterIP" (toString $values.service.type)) -}} +{{- $commands = (concat (default (list ) $commands) (list (printf ` export POD_NAME=$(kubectl get pods --namespace %s -l "app.kubernetes.io/name=%s,app.kubernetes.io/instance=%s" -o jsonpath="{.items[0].metadata.name}")` $dot.Release.Namespace (get (fromJson (include "console.Name" (dict "a" (list $dot) ))) "r") $dot.Release.Name) (printf ` export CONTAINER_PORT=$(kubectl get pod --namespace %s $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")` $dot.Release.Namespace) ` echo "Visit http://127.0.0.1:8080 to use your application"` (printf ` kubectl --namespace %s port-forward $POD_NAME 8080:$CONTAINER_PORT` $dot.Release.Namespace))) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $commands) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_secret.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_secret.go.tpl new file mode 100644 index 000000000..6af16b1c8 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_secret.go.tpl @@ -0,0 +1,22 @@ +{{- /* Generated from "secret.go" */ -}} + +{{- define "console.Secret" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.secret.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $jwtSecret := $values.secret.login.jwtSecret -}} +{{- if (eq $jwtSecret "") -}} +{{- $jwtSecret = (randAlphaNum (32 | int)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict "kafka-sasl-password" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.saslPassword "") ))) "r") "kafka-protobuf-git-basicauth-password" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.protobufGitBasicAuthPassword "") ))) "r") "kafka-sasl-aws-msk-iam-secret-key" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.awsMskIamSecretKey "") ))) "r") "kafka-tls-ca" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.tlsCa "") ))) "r") "kafka-tls-cert" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.tlsCert "") ))) "r") "kafka-tls-key" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.tlsKey "") ))) "r") "kafka-schema-registry-password" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.schemaRegistryPassword "") ))) "r") "kafka-schemaregistry-tls-ca" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.schemaRegistryTlsCa "") ))) "r") "kafka-schemaregistry-tls-cert" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.schemaRegistryTlsCert "") ))) "r") "kafka-schemaregistry-tls-key" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.kafka.schemaRegistryTlsKey "") ))) "r") "login-jwt-secret" $jwtSecret "login-google-oauth-client-secret" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.google.clientSecret "") ))) "r") "login-google-groups-service-account.json" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.google.groupsServiceAccount "") ))) "r") "login-github-oauth-client-secret" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.github.clientSecret "") ))) "r") "login-github-personal-access-token" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.github.personalAccessToken "") ))) "r") "login-okta-client-secret" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.okta.clientSecret "") ))) "r") "login-okta-directory-api-token" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.okta.directoryApiToken "") ))) "r") "login-oidc-client-secret" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.login.oidc.clientSecret "") ))) "r") "enterprise-license" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.enterprise.license "") ))) "r") "redpanda-admin-api-password" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.redpanda.adminApi.password "") ))) "r") "redpanda-admin-api-tls-ca" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.redpanda.adminApi.tlsCa "") ))) "r") "redpanda-admin-api-tls-cert" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.redpanda.adminApi.tlsCert "") ))) "r") "redpanda-admin-api-tls-key" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.secret.redpanda.adminApi.tlsKey "") ))) "r") ) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_service.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_service.go.tpl new file mode 100644 index 000000000..8fac3d454 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_service.go.tpl @@ -0,0 +1,20 @@ +{{- /* Generated from "service.go" */ -}} + +{{- define "console.Service" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $port := (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "http" "port" (($values.service.port | int) | int) "protocol" "TCP" )) -}} +{{- if (ne (toJson $values.service.targetPort) "null") -}} +{{- $_ := (set $port "targetPort" $values.service.targetPort) -}} +{{- end -}} +{{- if (and (contains "NodePort" (toString $values.service.type)) (ne (toJson $values.service.nodePort) "null")) -}} +{{- $_ := (set $port "nodePort" $values.service.nodePort) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") "annotations" $values.service.annotations )) "spec" (mustMergeOverwrite (dict ) (dict "type" $values.service.type "selector" (get (fromJson (include "console.SelectorLabels" (dict "a" (list $dot) ))) "r") "ports" (list $port) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_serviceaccount.go.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_serviceaccount.go.tpl new file mode 100644 index 000000000..5a49ba3fd --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_serviceaccount.go.tpl @@ -0,0 +1,39 @@ +{{- /* Generated from "serviceaccount.go" */ -}} + +{{- define "console.ServiceAccountName" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if $values.serviceAccount.create -}} +{{- if (ne $values.serviceAccount.name "") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $values.serviceAccount.name) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "console.Fullname" (dict "a" (list $dot) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (default "default" $values.serviceAccount.name)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "console.ServiceAccount" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.serviceAccount.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ServiceAccount" "apiVersion" "v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "console.ServiceAccountName" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "console.Labels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "annotations" $values.serviceAccount.annotations )) "automountServiceAccountToken" $values.serviceAccount.automountServiceAccountToken ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/_shims.tpl b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_shims.tpl new file mode 100644 index 000000000..1e6d0425c --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/_shims.tpl @@ -0,0 +1,289 @@ +{{- /* Generated from "bootstrap.go" */ -}} + +{{- define "_shims.typetest" -}} +{{- $typ := (index .a 0) -}} +{{- $value := (index .a 1) -}} +{{- $zero := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs $typ $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $zero false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.typeassertion" -}} +{{- $typ := (index .a 0) -}} +{{- $value := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not (typeIs $typ $value)) -}} +{{- $_ := (fail (printf "expected type of %q got: %T" $typ $value)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.dicttest" -}} +{{- $m := (index .a 0) -}} +{{- $key := (index .a 1) -}} +{{- $zero := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (hasKey $m $key) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (index $m $key) true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $zero false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.compact" -}} +{{- $args := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $out := (dict ) -}} +{{- range $i, $e := $args -}} +{{- $_ := (set $out (printf "T%d" ((add (1 | int) $i) | int)) $e) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $out) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.deref" -}} +{{- $ptr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $ptr) "null") -}} +{{- $_ := (fail "nil dereference") -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ptr) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.len" -}} +{{- $m := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $m) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (0 | int)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (len $m)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.ptr_Deref" -}} +{{- $ptr := (index .a 0) -}} +{{- $def := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $ptr) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ptr) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $def) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.ptr_Equal" -}} +{{- $a := (index .a 0) -}} +{{- $b := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (and (eq (toJson $a) "null") (eq (toJson $b) "null")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (eq $a $b)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.lookup" -}} +{{- $apiVersion := (index .a 0) -}} +{{- $kind := (index .a 1) -}} +{{- $namespace := (index .a 2) -}} +{{- $name := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (lookup $apiVersion $kind $namespace $name) -}} +{{- if (empty $result) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (coalesce nil) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $result true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.asnumeric" -}} +{{- $value := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs "float64" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (typeIs "int64" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (typeIs "int" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (0 | int) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.asintegral" -}} +{{- $value := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (or (typeIs "int64" $value) (typeIs "int" $value)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (and (typeIs "float64" $value) (eq (floor $value) $value)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (0 | int) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.parseResource" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs "float64" $repr) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (float64 $repr) 1.0)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (not (typeIs "string" $repr)) -}} +{{- $_ := (fail (printf "invalid Quantity expected string or float64 got: %T (%v)" $repr $repr)) -}} +{{- end -}} +{{- if (not (regexMatch `^[0-9]+(\.[0-9]{0,6})?(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$` $repr)) -}} +{{- $_ := (fail (printf "invalid Quantity: %q" $repr)) -}} +{{- end -}} +{{- $reprStr := (toString $repr) -}} +{{- $unit := (regexFind "(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)$" $repr) -}} +{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int)) | int) $reprStr)) -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int) ) $unit (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_1.T2 -}} +{{- $scale := ($tmp_tuple_1.T1 | float64) -}} +{{- if (not $ok) -}} +{{- $_ := (fail (printf "unknown unit: %q" $unit)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $numeric $scale)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_MustParse" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_2.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_2.T1 | float64) -}} +{{- $strs := (list "" "m" "k" "M" "G" "T" "P" "Ki" "Mi" "Gi" "Ti" "Pi") -}} +{{- $scales := (list 1.0 0.001 (1000 | int) (1000000 | int) (1000000000 | int) (1000000000000 | int) (1000000000000000 | int) (1024 | int) (1048576 | int) (1073741824 | int) (1099511627776 | int) (1125899906842624 | int)) -}} +{{- $idx := -1 -}} +{{- range $i, $s := $scales -}} +{{- if (eq ($s | float64) ($scale | float64)) -}} +{{- $idx = $i -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (eq $idx -1) -}} +{{- $_ := (fail (printf "unknown scale: %v" $scale)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s%s" (toString $numeric) (index $strs $idx))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_Value" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_3.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_3.T1 | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (int64 (ceil ((mulf $numeric $scale) | float64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_MilliValue" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_4.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_4.T1 | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (int64 (ceil ((mulf ((mulf $numeric 1000.0) | float64) $scale) | float64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.render-manifest" -}} +{{- $tpl := (index . 0) -}} +{{- $dot := (index . 1) -}} +{{- $manifests := (get ((include $tpl (dict "a" (list $dot))) | fromJson) "r") -}} +{{- if not (typeIs "[]interface {}" $manifests) -}} +{{- $manifests = (list $manifests) -}} +{{- end -}} +{{- range $_, $manifest := $manifests -}} +{{- if ne (toJson $manifest) "null" }} +--- +{{toYaml (unset (unset $manifest "status") "creationTimestamp")}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/entry-point.yaml b/charts/redpanda/redpanda/5.9.12/charts/console/templates/entry-point.yaml new file mode 100644 index 000000000..01fb6d68b --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/entry-point.yaml @@ -0,0 +1,17 @@ +{{- /* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- include "_shims.render-manifest" (list "console.render" .) -}} diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/templates/tests/test-connection.yaml b/charts/redpanda/redpanda/5.9.12/charts/console/templates/tests/test-connection.yaml new file mode 100644 index 000000000..de17fb2b1 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/templates/tests/test-connection.yaml @@ -0,0 +1,22 @@ +{{- if .Values.tests.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "console.fullname" . }}-test-connection" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "console.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: +{{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} +{{- end }} + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "console.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + priorityClassName: {{ .Values.priorityClassName }} +{{- end }} \ No newline at end of file diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/values.schema.json b/charts/redpanda/redpanda/5.9.12/charts/console/values.schema.json new file mode 100644 index 000000000..f4f369e98 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/values.schema.json @@ -0,0 +1,323 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "required": [ + "image" + ], + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "configmap": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "console": { + "type": "object" + }, + "deployment": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "extraContainers": { + "type": "array" + }, + "extraEnv": { + "type": "array" + }, + "extraEnvFrom": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "fullnameOverride": { + "type": "string" + }, + "image": { + "type": "object", + "required": [ + "repository" + ], + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string", + "minLength": 1 + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": ["string", "null"] + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "annotations": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object" + }, + "secret": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "enterprise": { + "type": "object" + }, + "kafka": { + "type": "object" + }, + "login": { + "type": "object", + "properties": { + "jwtSecret": { + "type": "string" + }, + "github": { + "type": "object" + }, + "google": { + "type": "object" + }, + "oidc": { + "type": "object" + }, + "okta": { + "type": "object" + } + } + }, + "redpanda": { + "type": "object", + "properties": { + "adminApi": { + "type": "object" + } + } + } + } + }, + "secretMounts": { + "type": "array" + }, + "securityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "port": { + "type": "integer" + }, + "nodePort": { + "type": "integer" + }, + "targetPort": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ] + }, + "type": { + "type": "string" + } + } + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "initContainers": { + "type": "object", + "properties": { + "extraInitContainers": { + "type": "string" + } + } + }, + "strategy": { + "type": "object" + }, + "tests": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + } + } +} diff --git a/charts/redpanda/redpanda/5.9.12/charts/console/values.yaml b/charts/redpanda/redpanda/5.9.12/charts/console/values.yaml new file mode 100644 index 000000000..4825fc487 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/charts/console/values.yaml @@ -0,0 +1,279 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for console. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +# -- Redpanda Console Docker image settings. +image: + registry: docker.redpanda.com + # -- Docker repository from which to pull the Redpanda Docker image. + repository: redpandadata/console + # -- The imagePullPolicy. + pullPolicy: IfNotPresent + # -- The Redpanda Console version. + # See DockerHub for: + # [All stable versions](https://hub.docker.com/r/redpandadata/console/tags) + # and [all unstable versions](https://hub.docker.com/r/redpandadata/console-unstable/tags). + # @default -- `Chart.appVersion` + tag: "" + +# -- Pull secrets may be used to provide credentials to image repositories +# See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] + +# -- Override `console.name` template. +nameOverride: "" +# -- Override `console.fullname` template. +fullnameOverride: "" + +# -- Automount API credentials for the Service Account into the pod. +automountServiceAccountToken: true + +serviceAccount: + # -- Specifies whether a service account should be created. + create: true + # -- Specifies whether a service account should automount API-Credentials + automountServiceAccountToken: true + # -- Annotations to add to the service account. + annotations: {} + # -- The name of the service account to use. + # If not set and `serviceAccount.create` is `true`, + # a name is generated using the `console.fullname` template + name: "" + +# Common labels to add to all the pods +commonLabels: {} + +# -- Annotations to add to the deployment. +annotations: {} + +podAnnotations: {} + +podLabels: {} + +podSecurityContext: + runAsUser: 99 + fsGroup: 99 + +securityContext: + runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + # nodePort: 30001 + # -- Override the value in `console.config.server.listenPort` if not `nil` + targetPort: + annotations: {} + +ingress: + enabled: false + className: + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as minikube. If you want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +topologySpreadConstraints: [] + +# -- PriorityClassName given to Pods. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). +priorityClassName: "" + +console: + # -- Settings for the `Config.yaml` (required). + # For a reference of configuration settings, + # see the [Redpanda Console documentation](https://docs.redpanda.com/docs/reference/console/config/). + config: {} + # roles: + # roleBindings: + +# -- Additional environment variables for the Redpanda Console Deployment. +extraEnv: [] + # - name: KAFKA_RACKID + # value: "1" + +# -- Additional environment variables for Redpanda Console mapped from Secret or ConfigMap. +extraEnvFrom: [] +# - secretRef: +# name: kowl-config-secret + +# -- Add additional volumes, such as for TLS keys. +extraVolumes: [] +# - name: kafka-certs +# secret: +# secretName: kafka-certs +# - name: config +# configMap: +# name: console-config + +# -- Add additional volume mounts, such as for TLS keys. +extraVolumeMounts: [] +# - name: kafka-certs # Must match the volume name +# mountPath: /etc/kafka/certs +# readOnly: true + +# -- Add additional containers, such as for oauth2-proxy. +extraContainers: [] + +# -- Any initContainers defined should be written here +initContainers: + # -- Additional set of init containers + extraInitContainers: |- +# - name: "test-init-container" +# image: "mintel/docker-alpine-bash-curl-jq:latest" +# command: [ "/bin/bash", "-c" ] +# args: +# - | +# set -xe +# echo "Hello World!" + +# -- SecretMounts is an abstraction to make a Secret available in the container's filesystem. +# Under the hood it creates a volume and a volume mount for the Redpanda Console container. +secretMounts: [] +# - name: kafka-certs +# secretName: kafka-certs +# path: /etc/console/certs +# defaultMode: 0755 + +# -- Create a new Kubernetes Secret for all sensitive configuration inputs. +# Each provided Secret is mounted automatically and made available to the +# Pod. +# If you want to use one or more existing Secrets, +# you can use the `extraEnvFrom` list to mount environment variables from string and secretMounts to mount files such as Certificates from Secrets. +secret: + create: true + + # Secret values in case you want the chart to create a Secret. All Certificates are mounted + # as files and the path to those files are configured through environment variables so + # that Console can automatically pick them up. + # -- Kafka Secrets. + kafka: {} + # saslPassword: + # awsMskIamSecretKey: + # tlsCa: + # tlsCert: + # tlsKey: + # tlsPassphrase: + # schemaRegistryPassword: + # schemaRegistryTlsCa: + # schemaRegistryTlsCert: + # schemaRegistryTlsKey: + # protobufGitBasicAuthPassword + # Enterprise version secrets + # - SSO secrets (Enterprise version). + login: + # Configurable JWT value + jwtSecret: "" + google: {} + # clientSecret: + # groupsServiceAccount: + github: {} + # clientSecret: + # personalAccessToken: + okta: {} + # clientSecret: + # directoryApiToken: + oidc: {} + # clientSecret: + + enterprise: {} + # license: + + redpanda: + adminApi: {} + # password: + # tlsCa: + # tlsCert: + # tlsKey: + +# -- Settings for license key, as an alternative to secret.enterprise when +# a license secret is available +enterprise: + licenseSecretRef: + name: "" + key: "" + +# -- Settings for liveness and readiness probes. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes). +livenessProbe: + # initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + # -- Grant time to test connectivity to upstream services such as Kafka and Schema Registry. + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + +configmap: + create: true +deployment: + create: true + +strategy: {} + +tests: + enabled: true diff --git a/charts/redpanda/redpanda/5.9.12/templates/NOTES.txt b/charts/redpanda/redpanda/5.9.12/templates/NOTES.txt new file mode 100644 index 000000000..6992f8e36 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/NOTES.txt @@ -0,0 +1,26 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $warnings := (get ((include "redpanda.Warnings" (dict "a" (list .))) | fromJson) "r") }} +{{- range $_, $warning := $warnings }} +{{ $warning }} +{{- end }} + +{{- $notes := (get ((include "redpanda.Notes" (dict "a" (list .))) | fromJson) "r") }} +{{- range $_, $note := $notes }} +{{ $note }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/_cert-issuers.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_cert-issuers.go.tpl new file mode 100644 index 000000000..acfd4c46c --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_cert-issuers.go.tpl @@ -0,0 +1,57 @@ +{{- /* Generated from "cert_issuers.go" */ -}} + +{{- define "redpanda.CertIssuers" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "redpanda.certIssuersAndCAs" (dict "a" (list $dot) ))) "r")) ))) "r") -}} +{{- $issuers := $tmp_tuple_1.T1 -}} +{{- $_is_returning = true -}} +{{- (dict "r" $issuers) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RootCAs" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "redpanda.certIssuersAndCAs" (dict "a" (list $dot) ))) "r")) ))) "r") -}} +{{- $cas := $tmp_tuple_2.T2 -}} +{{- $_is_returning = true -}} +{{- (dict "r" $cas) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.certIssuersAndCAs" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $issuers := (coalesce nil) -}} +{{- $certs := (coalesce nil) -}} +{{- if (not (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $issuers $certs)) | toJson -}} +{{- break -}} +{{- end -}} +{{- range $name, $data := $values.tls.certs -}} +{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.enabled true) ))) "r"))) -}} +{{- continue -}} +{{- end -}} +{{- if (eq (toJson $data.issuerRef) "null") -}} +{{- $issuers = (concat (default (list ) $issuers) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf `%s-%s-selfsigned-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "selfSigned" (mustMergeOverwrite (dict ) (dict )) )) (dict )) )))) -}} +{{- end -}} +{{- $issuers = (concat (default (list ) $issuers) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Issuer" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf `%s-%s-root-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "ca" (mustMergeOverwrite (dict "secretName" "" ) (dict "secretName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) )) )) (dict )) )))) -}} +{{- $certs = (concat (default (list ) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list (default "43800h" $data.duration)) ))) "r")) ))) "r") "isCA" true "commonName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "secretName" (printf `%s-%s-root-certificate` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "privateKey" (mustMergeOverwrite (dict ) (dict "algorithm" "ECDSA" "size" (256 | int) )) "issuerRef" (mustMergeOverwrite (dict "name" "" ) (dict "name" (printf `%s-%s-selfsigned-issuer` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $name) "kind" "Issuer" "group" "cert-manager.io" )) )) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $issuers $certs)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_certs.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_certs.go.tpl new file mode 100644 index 000000000..b87a68b94 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_certs.go.tpl @@ -0,0 +1,71 @@ +{{- /* Generated from "certs.go" */ -}} + +{{- define "redpanda.ClientCerts" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list )) | toJson -}} +{{- break -}} +{{- end -}} +{{- $values := $dot.Values.AsMap -}} +{{- $fullname := (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") -}} +{{- $service := (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") -}} +{{- $ns := $dot.Release.Namespace -}} +{{- $domain := (trimSuffix "." $values.clusterDomain) -}} +{{- $certs := (coalesce nil) -}} +{{- range $name, $data := $values.tls.certs -}} +{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.enabled true) ))) "r"))) -}} +{{- continue -}} +{{- end -}} +{{- $names := (coalesce nil) -}} +{{- if (or (eq (toJson $data.issuerRef) "null") (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.applyInternalDNSNames false) ))) "r")) -}} +{{- $names = (concat (default (list ) $names) (list (printf "%s-cluster.%s.%s.svc.%s" $fullname $service $ns $domain))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "%s-cluster.%s.%s.svc" $fullname $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "%s-cluster.%s.%s" $fullname $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s-cluster.%s.%s.svc.%s" $fullname $service $ns $domain))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s-cluster.%s.%s.svc" $fullname $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s-cluster.%s.%s" $fullname $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "%s.%s.svc.%s" $service $ns $domain))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "%s.%s.svc" $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "%s.%s" $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s.%s.svc.%s" $service $ns $domain))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s.%s.svc" $service $ns))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s.%s" $service $ns))) -}} +{{- end -}} +{{- if (ne (toJson $values.external.domain) "null") -}} +{{- $names = (concat (default (list ) $names) (list (tpl $values.external.domain $dot))) -}} +{{- $names = (concat (default (list ) $names) (list (printf "*.%s" (tpl $values.external.domain $dot)))) -}} +{{- end -}} +{{- $duration := (default "43800h" $data.duration) -}} +{{- $issuerRef := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $data.issuerRef (mustMergeOverwrite (dict "name" "" ) (dict "kind" "Issuer" "group" "cert-manager.io" "name" (printf "%s-%s-root-issuer" $fullname $name) ))) ))) "r") -}} +{{- $certs = (concat (default (list ) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-%s-cert" $fullname $name) "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "dnsNames" $names "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list $duration) ))) "r")) ))) "r") "isCA" false "issuerRef" $issuerRef "secretName" (printf "%s-%s-cert" $fullname $name) "privateKey" (mustMergeOverwrite (dict ) (dict "algorithm" "ECDSA" "size" (256 | int) )) )) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $name := $values.listeners.kafka.tls.cert -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.tls.certs $name (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_1.T2 -}} +{{- $data := $tmp_tuple_1.T1 -}} +{{- if (not $ok) -}} +{{- $_ := (fail (printf "Certificate %q referenced but not defined" $name)) -}} +{{- end -}} +{{- if (or (not (empty $data.secretRef)) (not (get (fromJson (include "redpanda.ClientAuthRequired" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $certs) | toJson -}} +{{- break -}} +{{- end -}} +{{- $issuerRef := (mustMergeOverwrite (dict "name" "" ) (dict "group" "cert-manager.io" "kind" "Issuer" "name" (printf "%s-%s-root-issuer" $fullname $name) )) -}} +{{- if (ne (toJson $data.issuerRef) "null") -}} +{{- $issuerRef = $data.issuerRef -}} +{{- $_ := (set $issuerRef "group" "cert-manager.io") -}} +{{- end -}} +{{- $duration := (default "43800h" $data.duration) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $certs) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "secretName" "" "issuerRef" (dict "name" "" ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "cert-manager.io/v1" "kind" "Certificate" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-client" $fullname) "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "secretName" "" "issuerRef" (dict "name" "" ) ) (dict "commonName" (printf "%s-client" $fullname) "duration" (get (fromJson (include "_shims.time_Duration_String" (dict "a" (list (get (fromJson (include "_shims.time_ParseDuration" (dict "a" (list $duration) ))) "r")) ))) "r") "isCA" false "secretName" (printf "%s-client" $fullname) "privateKey" (mustMergeOverwrite (dict ) (dict "algorithm" "ECDSA" "size" (256 | int) )) "issuerRef" $issuerRef )) ))))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_chart.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_chart.go.tpl new file mode 100644 index 000000000..5852b1063 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_chart.go.tpl @@ -0,0 +1,63 @@ +{{- /* Generated from "chart.go" */ -}} + +{{- define "redpanda.render" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $manifests := (list (get (fromJson (include "redpanda.NodePortService" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.PodDisruptionBudget" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.ServiceAccount" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.ServiceInternal" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.ServiceMonitor" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.SidecarControllersRole" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.SidecarControllersRoleBinding" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.StatefulSet" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.PostInstallUpgradeJob" (dict "a" (list $dot) ))) "r")) -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ConfigMaps" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.CertIssuers" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.RootCAs" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ClientCerts" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ClusterRoleBindings" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.ClusterRoles" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.LoadBalancerServices" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $obj := (get (fromJson (include "redpanda.Secrets" (dict "a" (list $dot) ))) "r") -}} +{{- $manifests = (concat (default (list ) $manifests) (list $obj)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $manifests = (concat (default (list ) $manifests) (default (list ) (get (fromJson (include "redpanda.consoleChartIntegration" (dict "a" (list $dot) ))) "r"))) -}} +{{- $manifests = (concat (default (list ) $manifests) (default (list ) (get (fromJson (include "redpanda.connectorsChartIntegration" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $manifests) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_configmap.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_configmap.go.tpl new file mode 100644 index 000000000..28b06b00e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_configmap.go.tpl @@ -0,0 +1,574 @@ +{{- /* Generated from "configmap.tpl.go" */ -}} + +{{- define "redpanda.ConfigMaps" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $cms := (list (get (fromJson (include "redpanda.RedpandaConfigMap" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.RPKProfile" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $cms) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaConfigMap" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ConfigMap" "apiVersion" "v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "data" (dict "bootstrap.yaml" (get (fromJson (include "redpanda.BootstrapFile" (dict "a" (list $dot) ))) "r") "redpanda.yaml" (get (fromJson (include "redpanda.RedpandaConfigFile" (dict "a" (list $dot true) ))) "r") ) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BootstrapFile" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $bootstrap := (dict "kafka_enable_authorization" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") "enable_sasl" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") "enable_rack_awareness" $values.rackAwareness.enabled "storage_min_free_bytes" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage) ))) "r") | int64) ) -}} +{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.AuditLogging.Translate" (dict "a" (list $values.auditLogging $dot (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} +{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.Logging.Translate" (dict "a" (list $values.logging) ))) "r")) -}} +{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.TunableConfig.Translate" (dict "a" (list $values.config.tunable) ))) "r")) -}} +{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.ClusterConfig.Translate" (dict "a" (list $values.config.cluster) ))) "r")) -}} +{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.Auth.Translate" (dict "a" (list $values.auth (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} +{{- $bootstrap = (merge (dict ) $bootstrap (get (fromJson (include "redpanda.TieredStorageConfig.Translate" (dict "a" (list (deepCopy (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r")) $values.storage.tiered.credentialsSecretRef) ))) "r")) -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "default_topic_replications" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_1 := $tmp_tuple_1.T2 -}} +{{- if (and (not $ok_1) (ge ($values.statefulset.replicas | int) (3 | int))) -}} +{{- $_ := (set $bootstrap "default_topic_replications" (3 | int)) -}} +{{- end -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "storage_min_free_bytes" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_2 := $tmp_tuple_2.T2 -}} +{{- if (not $ok_2) -}} +{{- $_ := (set $bootstrap "storage_min_free_bytes" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage) ))) "r") | int64)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (toYaml $bootstrap)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaConfigFile" -}} +{{- $dot := (index .a 0) -}} +{{- $includeSeedServer := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $redpanda := (dict "empty_seed_starts_cluster" false ) -}} +{{- if $includeSeedServer -}} +{{- $_ := (set $redpanda "seed_servers" (get (fromJson (include "redpanda.Listeners.CreateSeedServers" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ))) "r")) -}} +{{- end -}} +{{- $redpanda = (merge (dict ) $redpanda (get (fromJson (include "redpanda.NodeConfig.Translate" (dict "a" (list $values.config.node) ))) "r")) -}} +{{- $_ := (get (fromJson (include "redpanda.configureListeners" (dict "a" (list $redpanda $dot) ))) "r") -}} +{{- $redpandaYaml := (dict "redpanda" $redpanda "schema_registry" (get (fromJson (include "redpanda.schemaRegistry" (dict "a" (list $dot) ))) "r") "schema_registry_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot) ))) "r") "pandaproxy" (get (fromJson (include "redpanda.pandaProxyListener" (dict "a" (list $dot) ))) "r") "pandaproxy_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot) ))) "r") "rpk" (get (fromJson (include "redpanda.rpkNodeConfig" (dict "a" (list $dot) ))) "r") "config_file" "/etc/redpanda/redpanda.yaml" ) -}} +{{- if (and (and (get (fromJson (include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list $dot) ))) "r") $values.auditLogging.enabled) (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) -}} +{{- $_ := (set $redpandaYaml "audit_log_client" (get (fromJson (include "redpanda.kafkaClient" (dict "a" (list $dot) ))) "r")) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (toYaml $redpandaYaml)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RPKProfile" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.external.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "kind" "ConfigMap" "apiVersion" "v1" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-rpk" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "data" (dict "profile" (toYaml (get (fromJson (include "redpanda.rpkProfile" (dict "a" (list $dot) ))) "r")) ) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpkProfile" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $brokerList := (list ) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- $brokerList = (concat (default (list ) $brokerList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedKafkaPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $adminAdvertisedList := (list ) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- $adminAdvertisedList = (concat (default (list ) $adminAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedAdminPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $schemaAdvertisedList := (list ) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- $schemaAdvertisedList = (concat (default (list ) $schemaAdvertisedList) (list (printf "%s:%d" (get (fromJson (include "redpanda.advertisedHost" (dict "a" (list $dot $i) ))) "r") (((get (fromJson (include "redpanda.advertisedSchemaPort" (dict "a" (list $dot $i) ))) "r") | int) | int)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $kafkaTLS := (get (fromJson (include "redpanda.rpkKafkaClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $kafkaTLS "ca_file" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_3 := $tmp_tuple_3.T2 -}} +{{- if $ok_3 -}} +{{- $_ := (set $kafkaTLS "ca_file" "ca.crt") -}} +{{- end -}} +{{- $adminTLS := (get (fromJson (include "redpanda.rpkAdminAPIClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $adminTLS "ca_file" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_4 := $tmp_tuple_4.T2 -}} +{{- if $ok_4 -}} +{{- $_ := (set $adminTLS "ca_file" "ca.crt") -}} +{{- end -}} +{{- $schemaTLS := (get (fromJson (include "redpanda.rpkSchemaRegistryClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} +{{- $tmp_tuple_5 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $schemaTLS "ca_file" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_5 := $tmp_tuple_5.T2 -}} +{{- if $ok_5 -}} +{{- $_ := (set $schemaTLS "ca_file" "ca.crt") -}} +{{- end -}} +{{- $ka := (dict "brokers" $brokerList "tls" (coalesce nil) ) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $kafkaTLS) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $ka "tls" $kafkaTLS) -}} +{{- end -}} +{{- $aa := (dict "addresses" $adminAdvertisedList "tls" (coalesce nil) ) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $adminTLS) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $aa "tls" $adminTLS) -}} +{{- end -}} +{{- $sa := (dict "addresses" $schemaAdvertisedList "tls" (coalesce nil) ) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $schemaTLS) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $sa "tls" $schemaTLS) -}} +{{- end -}} +{{- $result := (dict "name" (get (fromJson (include "redpanda.getFirstExternalKafkaListener" (dict "a" (list $dot) ))) "r") "kafka_api" $ka "admin_api" $aa "schema_registry" $sa ) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.advertisedKafkaPort" -}} +{{- $dot := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $externalKafkaListenerName := (get (fromJson (include "redpanda.getFirstExternalKafkaListener" (dict "a" (list $dot) ))) "r") -}} +{{- $listener := (index $values.listeners.kafka.external $externalKafkaListenerName) -}} +{{- $port := (($values.listeners.kafka.port | int) | int) -}} +{{- if (gt (($listener.port | int) | int) ((1 | int) | int)) -}} +{{- $port = (($listener.port | int) | int) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = ((index $listener.advertisedPorts $i) | int) -}} +{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = ((index $listener.advertisedPorts (0 | int)) | int) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $port) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.advertisedAdminPort" -}} +{{- $dot := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $keys := (keys $values.listeners.admin.external) -}} +{{- $_ := (sortAlpha $keys) -}} +{{- $externalAdminListenerName := (first $keys) -}} +{{- $listener := (index $values.listeners.admin.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalAdminListenerName) ))) "r")) -}} +{{- $port := (($values.listeners.admin.port | int) | int) -}} +{{- if (gt (($listener.port | int) | int) (1 | int)) -}} +{{- $port = (($listener.port | int) | int) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = ((index $listener.advertisedPorts $i) | int) -}} +{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = ((index $listener.advertisedPorts (0 | int)) | int) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $port) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.advertisedSchemaPort" -}} +{{- $dot := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $keys := (keys $values.listeners.schemaRegistry.external) -}} +{{- $_ := (sortAlpha $keys) -}} +{{- $externalSchemaListenerName := (first $keys) -}} +{{- $listener := (index $values.listeners.schemaRegistry.external (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" $externalSchemaListenerName) ))) "r")) -}} +{{- $port := (($values.listeners.schemaRegistry.port | int) | int) -}} +{{- if (gt (($listener.port | int) | int) (1 | int)) -}} +{{- $port = (($listener.port | int) | int) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = ((index $listener.advertisedPorts $i) | int) -}} +{{- else -}}{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = ((index $listener.advertisedPorts (0 | int)) | int) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $port) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.advertisedHost" -}} +{{- $dot := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $address := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") ($i | int)) -}} +{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") "") -}} +{{- $address = (printf "%s.%s" $address (tpl $values.external.domain $dot)) -}} +{{- end -}} +{{- if (le ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (0 | int)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $address) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (1 | int)) -}} +{{- $address = (index $values.external.addresses (0 | int)) -}} +{{- else -}} +{{- $address = (index $values.external.addresses $i) -}} +{{- end -}} +{{- if (ne (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") "") -}} +{{- $address = (printf "%s.%s" $address (tpl $values.external.domain $dot)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $address) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.getFirstExternalKafkaListener" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $keys := (keys $values.listeners.kafka.external) -}} +{{- $_ := (sortAlpha $keys) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "_shims.typeassertion" (dict "a" (list "string" (first $keys)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BrokerList" -}} +{{- $dot := (index .a 0) -}} +{{- $replicas := (index .a 1) -}} +{{- $port := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $bl := (coalesce nil) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} +{{- $bl = (concat (default (list ) $bl) (list (printf "%s-%d.%s:%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") $port))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $bl) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpkNodeConfig" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $brokerList := (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int)) ))) "r") -}} +{{- $adminTLS := (coalesce nil) -}} +{{- $tls_6 := (get (fromJson (include "redpanda.rpkAdminAPIClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_6) ))) "r") | int) (0 | int)) -}} +{{- $adminTLS = $tls_6 -}} +{{- end -}} +{{- $brokerTLS := (coalesce nil) -}} +{{- $tls_7 := (get (fromJson (include "redpanda.rpkKafkaClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_7) ))) "r") | int) (0 | int)) -}} +{{- $brokerTLS = $tls_7 -}} +{{- end -}} +{{- $schemaRegistryTLS := (coalesce nil) -}} +{{- $tls_8 := (get (fromJson (include "redpanda.rpkSchemaRegistryClientTLSConfiguration" (dict "a" (list $dot) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_8) ))) "r") | int) (0 | int)) -}} +{{- $schemaRegistryTLS = $tls_8 -}} +{{- end -}} +{{- $result := (dict "overprovisioned" (get (fromJson (include "redpanda.RedpandaResources.GetOverProvisionValue" (dict "a" (list $values.resources) ))) "r") "enable_memory_locking" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.resources.memory.enable_memory_locking false) ))) "r") "additional_start_flags" (get (fromJson (include "redpanda.RedpandaAdditionalStartFlags" (dict "a" (list $dot ((get (fromJson (include "redpanda.RedpandaSMP" (dict "a" (list $dot) ))) "r") | int64)) ))) "r") "kafka_api" (dict "brokers" $brokerList "tls" $brokerTLS ) "admin_api" (dict "addresses" (get (fromJson (include "redpanda.Listeners.AdminList" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ))) "r") "tls" $adminTLS ) "schema_registry" (dict "addresses" (get (fromJson (include "redpanda.Listeners.SchemaRegistryList" (dict "a" (list $values.listeners ($values.statefulset.replicas | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) ))) "r") "tls" $schemaRegistryTLS ) ) -}} +{{- $result = (merge (dict ) $result (get (fromJson (include "redpanda.Tuning.Translate" (dict "a" (list $values.tuning) ))) "r")) -}} +{{- $result = (merge (dict ) $result (get (fromJson (include "redpanda.Config.CreateRPKConfiguration" (dict "a" (list $values.config) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpkKafkaClientTLSConfiguration" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tls := $values.listeners.kafka.tls -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict )) | toJson -}} +{{- break -}} +{{- end -}} +{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls) ))) "r") ) -}} +{{- if $tls.requireClientAuth -}} +{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpkAdminAPIClientTLSConfiguration" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tls := $values.listeners.admin.tls -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict )) | toJson -}} +{{- break -}} +{{- end -}} +{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls) ))) "r") ) -}} +{{- if $tls.requireClientAuth -}} +{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpkSchemaRegistryClientTLSConfiguration" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tls := $values.listeners.schemaRegistry.tls -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tls $values.tls) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict )) | toJson -}} +{{- break -}} +{{- end -}} +{{- $result := (dict "ca_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $tls $values.tls) ))) "r") ) -}} +{{- if $tls.requireClientAuth -}} +{{- $_ := (set $result "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $result "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.kafkaClient" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $brokerList := (list ) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- $brokerList = (concat (default (list ) $brokerList) (list (dict "address" (printf "%s-%d.%s" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) "port" ($values.listeners.kafka.port | int) ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $kafkaTLS := $values.listeners.kafka.tls -}} +{{- $brokerTLS := (coalesce nil) -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.kafka.tls $values.tls) ))) "r") -}} +{{- $brokerTLS = (dict "enabled" true "require_client_auth" $kafkaTLS.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $kafkaTLS $values.tls) ))) "r") ) -}} +{{- if $kafkaTLS.requireClientAuth -}} +{{- $_ := (set $brokerTLS "cert_file" (printf "%s/%s-client/tls.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- $_ := (set $brokerTLS "key_file" (printf "%s/%s-client/tls.key" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) -}} +{{- end -}} +{{- end -}} +{{- $cfg := (dict "brokers" $brokerList ) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $brokerTLS) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $cfg "broker_tls" $brokerTLS) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $cfg) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.configureListeners" -}} +{{- $redpanda := (index .a 0) -}} +{{- $dot := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_ := (set $redpanda "admin" (get (fromJson (include "redpanda.AdminListeners.Listeners" (dict "a" (list $values.listeners.admin) ))) "r")) -}} +{{- $_ := (set $redpanda "kafka_api" (get (fromJson (include "redpanda.KafkaListeners.Listeners" (dict "a" (list $values.listeners.kafka $values.auth) ))) "r")) -}} +{{- $_ := (set $redpanda "rpc_server" (get (fromJson (include "redpanda.rpcListeners" (dict "a" (list $dot) ))) "r")) -}} +{{- $_ := (set $redpanda "admin_api_tls" (coalesce nil)) -}} +{{- $tls_9 := (get (fromJson (include "redpanda.AdminListeners.ListenersTLS" (dict "a" (list $values.listeners.admin $values.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_9) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $redpanda "admin_api_tls" $tls_9) -}} +{{- end -}} +{{- $_ := (set $redpanda "kafka_api_tls" (coalesce nil)) -}} +{{- $tls_10 := (get (fromJson (include "redpanda.KafkaListeners.ListenersTLS" (dict "a" (list $values.listeners.kafka $values.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_10) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $redpanda "kafka_api_tls" $tls_10) -}} +{{- end -}} +{{- $tls_11 := (get (fromJson (include "redpanda.rpcListenersTLS" (dict "a" (list $dot) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_11) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $redpanda "rpc_server_tls" $tls_11) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.pandaProxyListener" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $pandaProxy := (dict ) -}} +{{- $_ := (set $pandaProxy "pandaproxy_api" (get (fromJson (include "redpanda.HTTPListeners.Listeners" (dict "a" (list $values.listeners.http (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} +{{- $_ := (set $pandaProxy "pandaproxy_api_tls" (coalesce nil)) -}} +{{- $tls_12 := (get (fromJson (include "redpanda.HTTPListeners.ListenersTLS" (dict "a" (list $values.listeners.http $values.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_12) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $pandaProxy "pandaproxy_api_tls" $tls_12) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $pandaProxy) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.schemaRegistry" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $schemaReg := (dict ) -}} +{{- $_ := (set $schemaReg "schema_registry_api" (get (fromJson (include "redpanda.SchemaRegistryListeners.Listeners" (dict "a" (list $values.listeners.schemaRegistry (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r")) ))) "r")) -}} +{{- $_ := (set $schemaReg "schema_registry_api_tls" (coalesce nil)) -}} +{{- $tls_13 := (get (fromJson (include "redpanda.SchemaRegistryListeners.ListenersTLS" (dict "a" (list $values.listeners.schemaRegistry $values.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $tls_13) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $schemaReg "schema_registry_api_tls" $tls_13) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $schemaReg) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpcListenersTLS" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $r := $values.listeners.rpc -}} +{{- if (and (not ((or (or (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_atleast_22_2_10" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_atleast_22_3_13" (dict "a" (list $dot) ))) "r")) (get (fromJson (include "redpanda.RedpandaAtLeast_23_1_2" (dict "a" (list $dot) ))) "r")))) ((or (and (eq (toJson $r.tls.enabled) "null") $values.tls.enabled) (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $r.tls.enabled false) ))) "r")))) -}} +{{- $_ := (fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")))) -}} +{{- end -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $r.tls $values.tls) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict )) | toJson -}} +{{- break -}} +{{- end -}} +{{- $certName := $r.tls.cert -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" $r.tls.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.TrustStoreFilePath" (dict "a" (list $r.tls $values.tls) ))) "r") )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpcListeners" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "address" "0.0.0.0" "port" ($values.listeners.rpc.port | int) )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.createInternalListenerTLSCfg" -}} +{{- $tls := (index .a 0) -}} +{{- $internal := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $internal $tls) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict )) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "name" "internal" "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $internal.cert) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $internal.cert) "require_client_auth" $internal.requireClientAuth "truststore_file" (get (fromJson (include "redpanda.InternalTLS.TrustStoreFilePath" (dict "a" (list $internal $tls) ))) "r") )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.createInternalListenerCfg" -}} +{{- $port := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "name" "internal" "address" "0.0.0.0" "port" $port )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAdditionalStartFlags" -}} +{{- $dot := (index .a 0) -}} +{{- $smp := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $chartFlags := (dict "smp" (printf "%d" ($smp | int)) "memory" (printf "%dM" (((get (fromJson (include "redpanda.RedpandaMemory" (dict "a" (list $dot) ))) "r") | int64) | int)) "reserve-memory" (printf "%dM" (((get (fromJson (include "redpanda.RedpandaReserveMemory" (dict "a" (list $dot) ))) "r") | int64) | int)) "default-log-level" $values.logging.logLevel ) -}} +{{- if (eq (index $values.config.node "developer_mode") true) -}} +{{- $_ := (unset $chartFlags "reserve-memory") -}} +{{- end -}} +{{- range $flag, $_ := $chartFlags -}} +{{- range $_, $userFlag := $values.statefulset.additionalRedpandaCmdFlags -}} +{{- if (regexMatch (printf "^--%s" $flag) $userFlag) -}} +{{- $_ := (unset $chartFlags $flag) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $keys := (keys $chartFlags) -}} +{{- $_ := (sortAlpha $keys) -}} +{{- $flags := (list ) -}} +{{- range $_, $key := $keys -}} +{{- $flags = (concat (default (list ) $flags) (list (printf "--%s=%s" $key (index $chartFlags $key)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $flags) (default (list ) $values.statefulset.additionalRedpandaCmdFlags))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_connectors.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_connectors.go.tpl new file mode 100644 index 000000000..6553d3223 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_connectors.go.tpl @@ -0,0 +1,47 @@ +{{- /* Generated from "connectors.go" */ -}} + +{{- define "redpanda.connectorsChartIntegration" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values -}} +{{- if (or (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.connectors.enabled false) ))) "r")) (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.connectors.deployment.create false) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $connectorsDot := (index $dot.Subcharts "connectors") -}} +{{- $loadedValues := $connectorsDot.Values -}} +{{- $connectorsValue := $connectorsDot.Values -}} +{{- $_ := (set $connectorsValue "deployment" (merge (dict ) $connectorsValue.deployment (mustMergeOverwrite (dict "create" false "strategy" (dict ) "schedulerName" "" "budget" (dict "maxUnavailable" 0 ) "annotations" (coalesce nil) "extraEnv" (coalesce nil) "extraEnvFrom" (coalesce nil) "progressDeadlineSeconds" 0 "nodeSelector" (coalesce nil) "tolerations" (coalesce nil) "restartPolicy" "" ) (dict "create" true )))) -}} +{{- if (eq $connectorsValue.connectors.bootstrapServers "") -}} +{{- range $_, $b := (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int)) ))) "r") -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $connectorsValue.connectors.bootstrapServers) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $connectorsValue.connectors "bootstrapServers" $b) -}} +{{- continue -}} +{{- end -}} +{{- $_ := (set $connectorsValue.connectors "bootstrapServers" (printf "%s,%s" $connectorsValue.connectors.bootstrapServers $b)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $_ := (set $connectorsValue.connectors "brokerTLS" (mustMergeOverwrite (dict "enabled" false "ca" (dict "secretRef" "" "secretNameOverwrite" "" ) "cert" (dict "secretRef" "" "secretNameOverwrite" "" ) "key" (dict "secretRef" "" "secretNameOverwrite" "" ) ) (dict "enabled" false "ca" (mustMergeOverwrite (dict "secretRef" "" "secretNameOverwrite" "" ) (dict )) "cert" (mustMergeOverwrite (dict "secretRef" "" "secretNameOverwrite" "" ) (dict )) "key" (mustMergeOverwrite (dict "secretRef" "" "secretNameOverwrite" "" ) (dict )) ))) -}} +{{- $_ := (set $connectorsValue.connectors "brokerTLS" (get (fromJson (include "redpanda.KafkaListeners.ConnectorsTLS" (dict "a" (list $values.listeners.kafka $values.tls (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")) -}} +{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $command := (list "bash" "-c" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" "set -e; IFS=':' read -r CONNECT_SASL_USERNAME CONNECT_SASL_PASSWORD CONNECT_SASL_MECHANISM < <(grep \"\" $(find /mnt/users/* -print));" (printf " CONNECT_SASL_MECHANISM=${CONNECT_SASL_MECHANISM:-%s};" (get (fromJson (include "redpanda.SASLMechanism" (dict "a" (list $dot) ))) "r"))) " export CONNECT_SASL_USERNAME CONNECT_SASL_PASSWORD CONNECT_SASL_MECHANISM;") " [[ $CONNECT_SASL_MECHANISM == \"SCRAM-SHA-256\" ]] && CONNECT_SASL_MECHANISM=scram-sha-256;") " [[ $CONNECT_SASL_MECHANISM == \"SCRAM-SHA-512\" ]] && CONNECT_SASL_MECHANISM=scram-sha-512;") " export CONNECT_SASL_MECHANISM;") " echo $CONNECT_SASL_PASSWORD > /opt/kafka/connect-password/rc-credentials/password;") " exec /opt/kafka/bin/kafka_connect_run.sh")) -}} +{{- $_ := (set $connectorsValue.deployment "command" $command) -}} +{{- $_ := (set $connectorsValue.auth "sasl" (merge (dict ) $connectorsValue.auth.sasl (mustMergeOverwrite (dict "enabled" false "mechanism" "" "secretRef" "" "userName" "" ) (dict "enabled" true )))) -}} +{{- $_ := (set $connectorsValue.storage "volume" (concat (default (list ) $connectorsValue.storage.volume) (default (list ) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $values.auth.sasl.secretRef )) )) (dict "name" (get (fromJson (include "redpanda.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "users") ))) "r") )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $values.auth.sasl.secretRef )) )) (dict "name" (get (fromJson (include "redpanda.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "user-password") ))) "r") )))))) -}} +{{- $_ := (set $connectorsValue.storage "volumeMounts" (concat (default (list ) $connectorsValue.storage.volumeMounts) (default (list ) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (get (fromJson (include "redpanda.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "users") ))) "r") "mountPath" "/mnt/users" "readOnly" true )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (get (fromJson (include "redpanda.cleanForK8sWithSuffix" (dict "a" (list (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "user-password") ))) "r") "mountPath" "/opt/kafka/connect-password/rc-credentials" )))))) -}} +{{- $_ := (set $connectorsValue.deployment "extraEnv" (concat (default (list ) $connectorsValue.deployment.extraEnv) (default (list ) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONNECT_SASL_PASSWORD_FILE" "value" "rc-credentials/password" )))))) -}} +{{- end -}} +{{- $_ := (set $connectorsDot "Values" $connectorsValue) -}} +{{- $manifests := (list (get (fromJson (include "connectors.Deployment" (dict "a" (list $connectorsDot) ))) "r")) -}} +{{- $_ := (set $connectorsDot "Values" $loadedValues) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $manifests) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_console.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_console.go.tpl new file mode 100644 index 000000000..fcd14703b --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_console.go.tpl @@ -0,0 +1,163 @@ +{{- /* Generated from "console.tpl.go" */ -}} + +{{- define "redpanda.consoleChartIntegration" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.enabled true) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $consoleDot := (index $dot.Subcharts "console") -}} +{{- $loadedValues := $consoleDot.Values -}} +{{- $consoleValue := $consoleDot.Values -}} +{{- $license_1 := (get (fromJson (include "redpanda.GetLicenseLiteral" (dict "a" (list $dot) ))) "r") -}} +{{- if (and (ne $license_1 "") (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.secret.create false) ))) "r"))) -}} +{{- $_ := (set $consoleValue.secret "create" true) -}} +{{- $_ := (set $consoleValue.secret "enterprise" (mustMergeOverwrite (dict ) (dict "license" $license_1 ))) -}} +{{- end -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.configmap.create false) ))) "r")) -}} +{{- $_ := (set $consoleValue.configmap "create" true) -}} +{{- $_ := (set $consoleValue.console "config" (get (fromJson (include "redpanda.ConsoleConfig" (dict "a" (list $dot) ))) "r")) -}} +{{- end -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.console.deployment.create false) ))) "r")) -}} +{{- $_ := (set $consoleValue.deployment "create" true) -}} +{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $command := (list "sh" "-c" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" (printf "%s%s" "set -e; IFS=':' read -r KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM < <(grep \"\" $(find /mnt/users/* -print));" (printf " KAFKA_SASL_MECHANISM=${KAFKA_SASL_MECHANISM:-%s};" (get (fromJson (include "redpanda.SASLMechanism" (dict "a" (list $dot) ))) "r"))) " export KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM;") " export KAFKA_SCHEMAREGISTRY_USERNAME=$KAFKA_SASL_USERNAME;") " export KAFKA_SCHEMAREGISTRY_PASSWORD=$KAFKA_SASL_PASSWORD;") " export REDPANDA_ADMINAPI_USERNAME=$KAFKA_SASL_USERNAME;") " export REDPANDA_ADMINAPI_PASSWORD=$KAFKA_SASL_PASSWORD;") " /app/console $@") " --") -}} +{{- $_ := (set $consoleValue.deployment "command" $command) -}} +{{- end -}} +{{- $secret_2 := (get (fromJson (include "redpanda.GetLicenseSecretReference" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $secret_2) "null") -}} +{{- $_ := (set $consoleValue "enterprise" (mustMergeOverwrite (dict "licenseSecretRef" (dict "name" "" "key" "" ) ) (dict "licenseSecretRef" (mustMergeOverwrite (dict "name" "" "key" "" ) (dict "name" $secret_2.name "key" $secret_2.key )) ))) -}} +{{- end -}} +{{- $_ := (set $consoleValue "extraVolumes" (get (fromJson (include "redpanda.consoleTLSVolumes" (dict "a" (list $dot) ))) "r")) -}} +{{- $_ := (set $consoleValue "extraVolumeMounts" (get (fromJson (include "redpanda.consoleTLSVolumesMounts" (dict "a" (list $dot) ))) "r")) -}} +{{- $_ := (set $consoleDot "Values" $consoleValue) -}} +{{- $cfg := (get (fromJson (include "console.ConfigMap" (dict "a" (list $consoleDot) ))) "r") -}} +{{- if (eq (toJson $consoleValue.podAnnotations) "null") -}} +{{- $_ := (set $consoleValue "podAnnotations" (dict )) -}} +{{- end -}} +{{- $_ := (set $consoleValue.podAnnotations "checksum-redpanda-chart/config" (sha256sum (toYaml $cfg))) -}} +{{- end -}} +{{- $_ := (set $consoleDot "Values" $consoleValue) -}} +{{- $manifests := (list (get (fromJson (include "console.Secret" (dict "a" (list $consoleDot) ))) "r") (get (fromJson (include "console.ConfigMap" (dict "a" (list $consoleDot) ))) "r") (get (fromJson (include "console.Deployment" (dict "a" (list $consoleDot) ))) "r")) -}} +{{- $_ := (set $consoleDot "Values" $loadedValues) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $manifests) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.consoleTLSVolumesMounts" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $mounts := (list ) -}} +{{- $sasl_3 := $values.auth.sasl -}} +{{- if (and $sasl_3.enabled (ne $sasl_3.secretRef "")) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf "%s-users" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" "/mnt/users" "readOnly" true )))) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $values.listeners $values.tls) ))) "r")) ))) "r") | int) (0 | int)) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "truststores" "mountPath" "/etc/truststores" "readOnly" true )))) -}} +{{- end -}} +{{- $visitedCert := (dict ) -}} +{{- range $_, $tlsCfg := (list $values.listeners.kafka.tls $values.listeners.schemaRegistry.tls $values.listeners.admin.tls) -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $visitedCert $tlsCfg.cert (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $visited := $tmp_tuple_1.T2 -}} +{{- if (or (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tlsCfg $values.tls) ))) "r")) $visited) -}} +{{- continue -}} +{{- end -}} +{{- $_ := (set $visitedCert $tlsCfg.cert true) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf "redpanda-%s-cert" $tlsCfg.cert) "mountPath" (printf "%s/%s" "/etc/tls/certs" $tlsCfg.cert) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $mounts) (default (list ) $values.console.extraVolumeMounts))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.consoleTLSVolumes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $volumes := (list ) -}} +{{- $sasl_4 := $values.auth.sasl -}} +{{- if (and $sasl_4.enabled (ne $sasl_4.secretRef "")) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $values.auth.sasl.secretRef )) )) (dict "name" (printf "%s-users" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) )))) -}} +{{- end -}} +{{- $vol_5 := (get (fromJson (include "redpanda.Listeners.TrustStoreVolume" (dict "a" (list $values.listeners $values.tls) ))) "r") -}} +{{- if (ne (toJson $vol_5) "null") -}} +{{- $volumes = (concat (default (list ) $volumes) (list $vol_5)) -}} +{{- end -}} +{{- $visitedCert := (dict ) -}} +{{- range $_, $tlsCfg := (list $values.listeners.kafka.tls $values.listeners.schemaRegistry.tls $values.listeners.admin.tls) -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $visitedCert $tlsCfg.cert (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $visited := $tmp_tuple_2.T2 -}} +{{- if (or (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $tlsCfg $values.tls) ))) "r")) $visited) -}} +{{- continue -}} +{{- end -}} +{{- $_ := (set $visitedCert $tlsCfg.cert true) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "defaultMode" (0o420 | int) "secretName" (get (fromJson (include "redpanda.CertSecretName" (dict "a" (list $dot $tlsCfg.cert (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $values.tls.certs) $tlsCfg.cert) ))) "r")) ))) "r") )) )) (dict "name" (printf "redpanda-%s-cert" $tlsCfg.cert) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $volumes) (default (list ) $values.console.extraVolumes))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ConsoleConfig" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $schemaURLs := (coalesce nil) -}} +{{- if $values.listeners.schemaRegistry.enabled -}} +{{- $schema := "http" -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.schemaRegistry.tls $values.tls) ))) "r") -}} +{{- $schema = "https" -}} +{{- end -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- $schemaURLs = (concat (default (list ) $schemaURLs) (list (printf "%s://%s-%d.%s:%d" $schema (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.schemaRegistry.port | int)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $schema := "http" -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") -}} +{{- $schema = "https" -}} +{{- end -}} +{{- $c := (dict "kafka" (dict "brokers" (get (fromJson (include "redpanda.BrokerList" (dict "a" (list $dot ($values.statefulset.replicas | int) ($values.listeners.kafka.port | int)) ))) "r") "sasl" (dict "enabled" (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") ) "tls" (get (fromJson (include "redpanda.KafkaListeners.ConsoleTLS" (dict "a" (list $values.listeners.kafka $values.tls) ))) "r") "schemaRegistry" (dict "enabled" $values.listeners.schemaRegistry.enabled "urls" $schemaURLs "tls" (get (fromJson (include "redpanda.SchemaRegistryListeners.ConsoleTLS" (dict "a" (list $values.listeners.schemaRegistry $values.tls) ))) "r") ) ) "redpanda" (dict "adminApi" (dict "enabled" true "urls" (list (printf "%s://%s:%d" $schema (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.admin.port | int))) "tls" (get (fromJson (include "redpanda.AdminListeners.ConsoleTLS" (dict "a" (list $values.listeners.admin $values.tls) ))) "r") ) ) ) -}} +{{- if (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.connectors.enabled false) ))) "r") -}} +{{- $port := (dig "connectors" "connectors" "restPort" (8083 | int) $dot.Values.AsMap) -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asintegral" (dict "a" (list $port) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_3.T2 -}} +{{- $p := ($tmp_tuple_3.T1 | int) -}} +{{- if (not $ok) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $c) | toJson -}} +{{- break -}} +{{- end -}} +{{- $connectorsDot := (index $dot.Subcharts "connectors") -}} +{{- $connectorsURL := (printf "http://%s.%s.svc.%s:%d" (get (fromJson (include "connectors.Fullname" (dict "a" (list $connectorsDot) ))) "r") $dot.Release.Namespace (trimSuffix "." $values.clusterDomain) $p) -}} +{{- $_ := (set $c "connect" (dict "enabled" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.connectors.enabled false) ))) "r") "clusters" (list (dict "name" "connectors" "url" $connectorsURL "tls" (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) "username" "" "password" "" "token" "" )) "connectTimeout" (0 | int) "readTimeout" (0 | int) "requestTimeout" (0 | int) )) -}} +{{- end -}} +{{- if (eq (toJson $values.console.console) "null") -}} +{{- $_ := (set $values.console "console" (mustMergeOverwrite (dict ) (dict "config" (dict ) ))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $values.console.console.config $c)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_example-commands.tpl b/charts/redpanda/redpanda/5.9.12/templates/_example-commands.tpl new file mode 100644 index 000000000..9a5c695e3 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_example-commands.tpl @@ -0,0 +1,58 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + + +{{/* +Any rpk command that's given to the user in NOTES.txt must be defined in this template file +and tested in a test. +*/}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-acl-user-create" -}} +{{- $cmd := (get ((include "redpanda.RpkACLUserCreate" (dict "a" (list .))) | fromJson) "r") }} +{{- $cmd }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-acl-create" -}} +{{- $cmd := (get ((include "redpanda.RpkACLCreate" (dict "a" (list .))) | fromJson) "r") }} +{{- $cmd }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-cluster-info" -}} +{{- $cmd := (get ((include "redpanda.RpkClusterInfo" (dict "a" (list .))) | fromJson) "r") }} +{{- $cmd }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-topic-create" -}} +{{- $cmd := (get ((include "redpanda.RpkTopicCreate" (dict "a" (list .))) | fromJson) "r") }} +{{- $cmd }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-topic-describe" -}} +{{- $cmd := (get ((include "redpanda.RpkTopicDescribe" (dict "a" (list .))) | fromJson) "r") }} +{{- $cmd }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-topic-delete" -}} +{{- $cmd := (get ((include "redpanda.RpkTopicDelete" (dict "a" (list .))) | fromJson) "r") }} +{{- $cmd }} +{{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/5.9.12/templates/_helpers.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_helpers.go.tpl new file mode 100644 index 000000000..f38efee79 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_helpers.go.tpl @@ -0,0 +1,585 @@ +{{- /* Generated from "helpers.go" */ -}} + +{{- define "redpanda.ChartLabel" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list (replace "+" "_" (printf "%s-%s" $dot.Chart.Name $dot.Chart.Version))) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Name" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $dot.Values "nameOverride") "") ))) "r")) ))) "r") -}} +{{- $ok_2 := $tmp_tuple_1.T2 -}} +{{- $override_1 := $tmp_tuple_1.T1 -}} +{{- if (and $ok_2 (ne $override_1 "")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $override_1) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $dot.Chart.Name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Fullname" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $dot.Values "fullnameOverride") "") ))) "r")) ))) "r") -}} +{{- $ok_4 := $tmp_tuple_2.T2 -}} +{{- $override_3 := $tmp_tuple_2.T1 -}} +{{- if (and $ok_4 (ne $override_3 "")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $override_3) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $dot.Release.Name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.FullLabels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $labels := (dict ) -}} +{{- if (ne (toJson $values.commonLabels) "null") -}} +{{- $labels = $values.commonLabels -}} +{{- end -}} +{{- $defaults := (dict "helm.sh/chart" (get (fromJson (include "redpanda.ChartLabel" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/managed-by" $dot.Release.Service "app.kubernetes.io/component" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $labels $defaults)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ServiceAccountName" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $serviceAccount := $values.serviceAccount -}} +{{- if (and $serviceAccount.create (ne $serviceAccount.name "")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $serviceAccount.name) | toJson -}} +{{- break -}} +{{- else -}}{{- if $serviceAccount.create -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) | toJson -}} +{{- break -}} +{{- else -}}{{- if (ne $serviceAccount.name "") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $serviceAccount.name) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "default") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Tag" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tag := (toString $values.image.tag) -}} +{{- if (eq $tag "") -}} +{{- $tag = $dot.Chart.AppVersion -}} +{{- end -}} +{{- $pattern := "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" -}} +{{- if (not (regexMatch $pattern $tag)) -}} +{{- $_ := (fail "image.tag must start with a 'v' and be a valid semver") -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tag) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ServiceName" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (and (ne (toJson $values.service) "null") (ne (toJson $values.service.name) "null")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.cleanForK8s" (dict "a" (list $values.service.name) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.InternalDomain" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $service := (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") -}} +{{- $ns := $dot.Release.Namespace -}} +{{- $domain := (trimSuffix "." $values.clusterDomain) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s.%s.svc.%s." $service $ns $domain)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TLSEnabled" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if $values.tls.enabled -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- $listeners := (list "kafka" "admin" "schemaRegistry" "rpc" "http") -}} +{{- range $_, $listener := $listeners -}} +{{- $tlsCert := (dig "listeners" $listener "tls" "cert" false $dot.Values.AsMap) -}} +{{- $tlsEnabled := (dig "listeners" $listener "tls" "enabled" false $dot.Values.AsMap) -}} +{{- if (and (not (empty $tlsEnabled)) (not (empty $tlsCert))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- $external := (dig "listeners" $listener "external" false $dot.Values.AsMap) -}} +{{- if (empty $external) -}} +{{- continue -}} +{{- end -}} +{{- $keys := (keys (get (fromJson (include "_shims.typeassertion" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $external) ))) "r")) -}} +{{- range $_, $key := $keys -}} +{{- $enabled := (dig "listeners" $listener "external" $key "enabled" false $dot.Values.AsMap) -}} +{{- $tlsCert := (dig "listeners" $listener "external" $key "tls" "cert" false $dot.Values.AsMap) -}} +{{- $tlsEnabled := (dig "listeners" $listener "external" $key "tls" "enabled" false $dot.Values.AsMap) -}} +{{- if (and (and (not (empty $enabled)) (not (empty $tlsCert))) (not (empty $tlsEnabled))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" false) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ClientAuthRequired" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $listeners := (list "kafka" "admin" "schemaRegistry" "rpc" "http") -}} +{{- range $_, $listener := $listeners -}} +{{- $required := (dig "listeners" $listener "tls" "requireClientAuth" false $dot.Values.AsMap) -}} +{{- if (not (empty $required)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" false) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.DefaultMounts" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/etc/redpanda" )))) (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.CommonMounts" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $mounts := (list ) -}} +{{- $sasl_5 := $values.auth.sasl -}} +{{- if (and $sasl_5.enabled (ne $sasl_5.secretRef "")) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "users" "mountPath" "/etc/secrets/users" "readOnly" true )))) -}} +{{- end -}} +{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r") -}} +{{- $certNames := (keys $values.tls.certs) -}} +{{- $_ := (sortAlpha $certNames) -}} +{{- range $_, $name := $certNames -}} +{{- $cert := (index $values.tls.certs $name) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $cert.enabled true) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf "redpanda-%s-cert" $name) "mountPath" (printf "%s/%s" "/etc/tls/certs" $name) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $adminTLS := $values.listeners.admin.tls -}} +{{- if $adminTLS.requireClientAuth -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "mtls-client" "mountPath" (printf "%s/%s-client" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) )))) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $mounts) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.DefaultVolumes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") )) (dict )) )) (dict "name" "base-config" )))) (default (list ) (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot) ))) "r")))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.CommonVolumes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $volumes := (list ) -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r") -}} +{{- $certNames := (keys $values.tls.certs) -}} +{{- $_ := (sortAlpha $certNames) -}} +{{- range $_, $name := $certNames -}} +{{- $cert := (index $values.tls.certs $name) -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $cert.enabled true) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (get (fromJson (include "redpanda.CertSecretName" (dict "a" (list $dot $name $cert) ))) "r") "defaultMode" (0o440 | int) )) )) (dict "name" (printf "redpanda-%s-cert" $name) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $adminTLS := $values.listeners.admin.tls -}} +{{- $cert := (index $values.tls.certs $adminTLS.cert) -}} +{{- if $adminTLS.requireClientAuth -}} +{{- $secretName := (printf "%s-client" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- if (ne (toJson $cert.clientSecretRef) "null") -}} +{{- $secretName = $cert.clientSecretRef.name -}} +{{- end -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $secretName "defaultMode" (0o440 | int) )) )) (dict "name" "mtls-client" )))) -}} +{{- end -}} +{{- end -}} +{{- $sasl_6 := $values.auth.sasl -}} +{{- if (and $sasl_6.enabled (ne $sasl_6.secretRef "")) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" $sasl_6.secretRef )) )) (dict "name" "users" )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $volumes) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.CertSecretName" -}} +{{- $dot := (index .a 0) -}} +{{- $certName := (index .a 1) -}} +{{- $cert := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $cert.secretRef) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $cert.secretRef.name) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s-%s-cert" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $certName)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.PodSecurityContext" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $sc := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.statefulset.podSecurityContext $values.statefulset.securityContext) ))) "r") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict ) (dict "fsGroup" $sc.fsGroup "fsGroupChangePolicy" $sc.fsGroupChangePolicy ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ContainerSecurityContext" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $sc := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.statefulset.podSecurityContext $values.statefulset.securityContext) ))) "r") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict ) (dict "runAsUser" $sc.runAsUser "runAsGroup" (get (fromJson (include "redpanda.coalesce" (dict "a" (list (list $sc.runAsGroup $sc.fsGroup)) ))) "r") "allowPrivilegeEscalation" (get (fromJson (include "redpanda.coalesce" (dict "a" (list (list $sc.allowPrivilegeEscalation $sc.allowPriviledgeEscalation)) ))) "r") "runAsNonRoot" $sc.runAsNonRoot ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_22_2_0" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.2.0-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_22_3_0" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.3.0-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_23_1_1" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.1.1-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_23_1_2" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.1.2-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_22_3_atleast_22_3_13" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.3.13-0,<22.4") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_22_2_atleast_22_2_10" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=22.2.10-0,<22.3") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_23_2_1" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.2.1-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaAtLeast_23_3_0" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.redpandaAtLeast" (dict "a" (list $dot ">=23.3.0-0 || <0.0.1-0") ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.redpandaAtLeast" -}} +{{- $dot := (index .a 0) -}} +{{- $constraint := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $version := (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (list (semverCompare $constraint $version) nil)) ))) "r") -}} +{{- $err := $tmp_tuple_3.T2 -}} +{{- $result := $tmp_tuple_3.T1 -}} +{{- if (ne (toJson $err) "null") -}} +{{- $_ := (fail $err) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.cleanForK8s" -}} +{{- $in := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (trimSuffix "-" (trunc (63 | int) $in))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.cleanForK8sWithSuffix" -}} +{{- $s := (index .a 0) -}} +{{- $suffix := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $lengthToTruncate := ((sub (((add ((get (fromJson (include "_shims.len" (dict "a" (list $s) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $suffix) ))) "r") | int)) | int)) (63 | int)) | int) -}} +{{- if (gt $lengthToTruncate (0 | int)) -}} +{{- $s = (trunc $lengthToTruncate $s) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s-%s" $s $suffix)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaSMP" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $coresInMillies := ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $values.resources.cpu.cores) ))) "r") | int64) -}} +{{- if (lt $coresInMillies (1000 | int64)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (1 | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $values.resources.cpu.cores) ))) "r") | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.coalesce" -}} +{{- $values := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- range $_, $v := $values -}} +{{- if (ne (toJson $v) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $v) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StrategicMergePatch" -}} +{{- $overrides := (index .a 0) -}} +{{- $original := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $overrides.labels) "null") -}} +{{- $_ := (set $original.metadata "labels" (merge (dict ) $overrides.labels (default (dict ) $original.metadata.labels))) -}} +{{- end -}} +{{- if (ne (toJson $overrides.annotations) "null") -}} +{{- $_ := (set $original.metadata "annotations" (merge (dict ) $overrides.annotations (default (dict ) $original.metadata.annotations))) -}} +{{- end -}} +{{- if (ne (toJson $overrides.spec.securityContext) "null") -}} +{{- $_ := (set $original.spec "securityContext" (merge (dict ) $overrides.spec.securityContext (default (mustMergeOverwrite (dict ) (dict )) $original.spec.securityContext))) -}} +{{- end -}} +{{- if (ne (toJson $overrides.spec.automountServiceAccountToken) "null") -}} +{{- $_ := (set $original.spec "automountServiceAccountToken" $overrides.spec.automountServiceAccountToken) -}} +{{- end -}} +{{- $overrideContainers := (dict ) -}} +{{- range $i, $_ := $overrides.spec.containers -}} +{{- $container := (index $overrides.spec.containers $i) -}} +{{- $_ := (set $overrideContainers (toString $container.name) $container) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (and (ne (toJson $overrides.spec.volumes) "null") (gt ((get (fromJson (include "_shims.len" (dict "a" (list $overrides.spec.volumes) ))) "r") | int) (0 | int))) -}} +{{- $newVolumes := (list ) -}} +{{- $overrideVolumes := (dict ) -}} +{{- range $i, $_ := $overrides.spec.volumes -}} +{{- $vol := (index $overrides.spec.volumes $i) -}} +{{- $_ := (set $overrideVolumes $vol.name $vol) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $vol := $original.spec.volumes -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideVolumes $vol.name (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_8 := $tmp_tuple_4.T2 -}} +{{- $overrideVol_7 := $tmp_tuple_4.T1 -}} +{{- if $ok_8 -}} +{{- $newVolumes = (concat (default (list ) $newVolumes) (list $overrideVol_7)) -}} +{{- $_ := (unset $overrideVolumes $vol.name) -}} +{{- continue -}} +{{- end -}} +{{- $newVolumes = (concat (default (list ) $newVolumes) (list $vol)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $vol := $overrideVolumes -}} +{{- $newVolumes = (concat (default (list ) $newVolumes) (list $vol)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $original.spec "volumes" $newVolumes) -}} +{{- end -}} +{{- $merged := (coalesce nil) -}} +{{- range $_, $container := $original.spec.containers -}} +{{- $tmp_tuple_5 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $overrideContainers $container.name (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_10 := $tmp_tuple_5.T2 -}} +{{- $override_9 := $tmp_tuple_5.T1 -}} +{{- if $ok_10 -}} +{{- $env := (concat (default (list ) $container.env) (default (list ) $override_9.env)) -}} +{{- $container = (merge (dict ) $override_9 $container) -}} +{{- $_ := (set $container "env" $env) -}} +{{- end -}} +{{- if (eq (toJson $container.env) "null") -}} +{{- $_ := (set $container "env" (list )) -}} +{{- end -}} +{{- $merged = (concat (default (list ) $merged) (list $container)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $original.spec "containers" $merged) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $original) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_helpers.tpl b/charts/redpanda/redpanda/5.9.12/templates/_helpers.tpl new file mode 100644 index 000000000..a885f9dcd --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_helpers.tpl @@ -0,0 +1,368 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{/* +Expand the name of the chart. +*/}} +{{- define "redpanda.name" -}} +{{- get ((include "redpanda.Name" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redpanda.fullname" -}} +{{- get ((include "redpanda.Fullname" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} + +{{/* +Create a default service name +*/}} +{{- define "redpanda.servicename" -}} +{{- get ((include "redpanda.ServiceName" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} + +{{/* +full helm labels + common labels +*/}} +{{- define "full.labels" -}} +{{- (get ((include "redpanda.FullLabels" (dict "a" (list .))) | fromJson) "r") | toYaml }} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "redpanda.chart" -}} +{{- get ((include "redpanda.Chart" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redpanda.serviceAccountName" -}} +{{- get ((include "redpanda.ServiceAccountName" (dict "a" (list .))) | fromJson) "r" }} +{{- end }} + +{{/* +Use AppVersion if image.tag is not set +*/}} +{{- define "redpanda.tag" -}} +{{- get ((include "redpanda.Tag" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} + +{{/* Generate internal fqdn */}} +{{- define "redpanda.internal.domain" -}} +{{- get ((include "redpanda.InternalDomain" (dict "a" (list .))) | fromJson) "r" }} +{{- end -}} + +{{/* ConfigMap variables */}} +{{- define "admin-internal-tls-enabled" -}} +{{- toJson (dict "bool" (get ((include "redpanda.InternalTLS.IsEnabled" (dict "a" (list .Values.listeners.admin.tls .Values.tls))) | fromJson) "r")) -}} +{{- end -}} + +{{- define "kafka-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.kafka -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "kafka-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.kafka.tls.cert .listener -}} +{{- end -}} + +{{- define "http-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.http -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "schemaRegistry-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.schemaRegistry -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "tls-enabled" -}} +{{- $tlsenabled := get ((include "redpanda.TLSEnabled" (dict "a" (list .))) | fromJson) "r" }} +{{- toJson (dict "bool" $tlsenabled) -}} +{{- end -}} + +{{- define "sasl-enabled" -}} +{{- toJson (dict "bool" (dig "enabled" false .Values.auth.sasl)) -}} +{{- end -}} + +{{- define "admin-api-urls" -}} +{{ printf "${SERVICE_NAME}.%s" (include "redpanda.internal.domain" .) }}:{{.Values.listeners.admin.port }} +{{- end -}} + +{{- define "admin-api-service-url" -}} +{{ include "redpanda.internal.domain" .}}:{{.Values.listeners.admin.port }} +{{- end -}} + +{{- define "sasl-mechanism" -}} +{{- dig "sasl" "mechanism" "SCRAM-SHA-512" .Values.auth -}} +{{- end -}} + +{{- define "fail-on-insecure-sasl-logging" -}} +{{- if (include "sasl-enabled" .|fromJson).bool -}} + {{- $check := list + (include "redpanda-atleast-23-1-1" .|fromJson).bool + (include "redpanda-22-3-atleast-22-3-13" .|fromJson).bool + (include "redpanda-22-2-atleast-22-2-10" .|fromJson).bool + -}} + {{- if not (mustHas true $check) -}} + {{- fail "SASL is enabled and the redpanda version specified leaks secrets to the logs. Please choose a newer version of redpanda." -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{- define "fail-on-unsupported-helm-version" -}} + {{- $helmVer := (fromYaml (toYaml .Capabilities.HelmVersion)).version -}} + {{- if semverCompare "<3.8.0-0" $helmVer -}} + {{- fail (printf "helm version %s is not supported. Please use helm version v3.8.0 or newer." $helmVer) -}} + {{- end -}} +{{- end -}} + +{{- define "redpanda-atleast-22-2-0" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_22_2_0" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-atleast-22-3-0" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-atleast-23-1-1" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_23_1_1" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-atleast-23-1-2" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_23_1_2" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-22-3-atleast-22-3-13" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_22_3_atleast_22_3_13" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-22-2-atleast-22-2-10" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_22_2_atleast_22_2_10" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-atleast-23-2-1" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_23_2_1" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} +{{- define "redpanda-atleast-23-3-0" -}} +{{- toJson (dict "bool" (get ((include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list .))) | fromJson) "r")) }} +{{- end -}} + +{{- define "redpanda-22-2-x-without-sasl" -}} +{{- $result := (include "redpanda-atleast-22-3-0" . | fromJson).bool -}} +{{- if or (include "sasl-enabled" . | fromJson).bool .Values.listeners.kafka.authenticationMethod -}} +{{- $result := false -}} +{{- end -}} +{{- toJson (dict "bool" $result) -}} +{{- end -}} + +{{- define "pod-security-context" -}} +{{- get ((include "redpanda.PodSecurityContext" (dict "a" (list .))) | fromJson) "r" | toYaml }} +{{- end -}} + +{{- define "container-security-context" -}} +{{- get ((include "redpanda.ContainerSecurityContext" (dict "a" (list .))) | fromJson) "r" | toYaml }} +{{- end -}} + +{{- define "admin-tls-curl-flags" -}} + {{- $result := "" -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} + {{- $path := (printf "/etc/tls/certs/%s" .Values.listeners.admin.tls.cert) -}} + {{- $result = (printf "--cacert %s/tls.crt" $path) -}} + {{- if .Values.listeners.admin.tls.requireClientAuth -}} + {{- $result = (printf "--cacert %s/ca.crt --cert %s/tls.crt --key %s/tls.key" $path $path $path) -}} + {{- end -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "admin-http-protocol" -}} + {{- $result := "http" -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} + {{- $result = "https" -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- /* +advertised-port returns either the only advertised port if only one is specified, +or the port specified for this pod ordinal when there is a full list provided. + +This will return a string int or panic if there is more than one port provided, +but not enough ports for the number of replicas requested. +*/ -}} +{{- define "advertised-port" -}} + {{- $port := dig "port" .listenerVals.port .externalVals -}} + {{- if .externalVals.advertisedPorts -}} + {{- if eq (len .externalVals.advertisedPorts) 1 -}} + {{- $port = mustFirst .externalVals.advertisedPorts -}} + {{- else -}} + {{- $port = index .externalVals.advertisedPorts .replicaIndex -}} + {{- end -}} + {{- end -}} + {{ $port }} +{{- end -}} + +{{- /* +advertised-host returns a json string with the data needed for configuring the advertised listener +*/ -}} +{{- define "advertised-host" -}} + {{- $host := dict "name" .externalName "address" .externalAdvertiseAddress "port" .port -}} + {{- if .values.external.addresses -}} + {{- $address := "" -}} + {{- if gt (len .values.external.addresses) 1 -}} + {{- $address = (index .values.external.addresses .replicaIndex) -}} + {{- else -}} + {{- $address = (index .values.external.addresses 0) -}} + {{- end -}} + {{- if ( .values.external.domain | default "" ) }} + {{- $host = dict "name" .externalName "address" (printf "%s.%s" $address .values.external.domain) "port" .port -}} + {{- else -}} + {{- $host = dict "name" .externalName "address" $address "port" .port -}} + {{- end -}} + {{- end -}} + {{- toJson $host -}} +{{- end -}} + +{{- define "is-licensed" -}} +{{- toJson (dict "bool" (or (not (empty (include "enterprise-license" . ))) (not (empty (include "enterprise-secret" . ))))) -}} +{{- end -}} + +{{- define "seed-server-list" -}} + {{- $brokers := list -}} + {{- range $ordinal := until (.Values.statefulset.replicas | int) -}} + {{- $brokers = append $brokers (printf "%s-%d.%s" + (include "redpanda.fullname" $) + $ordinal + (include "redpanda.internal.domain" $)) + -}} + {{- end -}} + {{- toJson $brokers -}} +{{- end -}} + +{{/* +return license checks deprecated values if current values is empty +*/}} +{{- define "enterprise-license" -}} +{{- if dig "license" dict .Values.enterprise -}} + {{- .Values.enterprise.license -}} +{{- else -}} + {{- .Values.license_key -}} +{{- end -}} +{{- end -}} + +{{/* +return licenseSecretRef checks deprecated values entry if current values empty +*/}} +{{- define "enterprise-secret" -}} +{{- if ( dig "licenseSecretRef" dict .Values.enterprise ) -}} + {{- .Values.enterprise.licenseSecretRef -}} +{{- else if not (empty .Values.license_secret_ref ) -}} + {{- .Values.license_secret_ref -}} +{{- end -}} +{{- end -}} + +{{/* +return licenseSecretRef.name checks deprecated values entry if current values empty +*/}} +{{- define "enterprise-secret-name" -}} +{{- if ( dig "licenseSecretRef" dict .Values.enterprise ) -}} + {{- dig "name" "" .Values.enterprise.licenseSecretRef -}} +{{- else if not (empty .Values.license_secret_ref ) -}} + {{- dig "secret_name" "" .Values.license_secret_ref -}} +{{- end -}} +{{- end -}} + +{{/* +return licenseSecretRef.key checks deprecated values entry if current values empty +*/}} +{{- define "enterprise-secret-key" -}} +{{- if ( dig "licenseSecretRef" dict .Values.enterprise ) -}} + {{- dig "key" "" .Values.enterprise.licenseSecretRef -}} +{{- else if not (empty .Values.license_secret_ref ) -}} + {{- dig "secret_key" "" .Values.license_secret_ref -}} +{{- end -}} +{{- end -}} + +{{/* mounts that are common to all containers */}} +{{- define "common-mounts" -}} +{{- $mounts := get ((include "redpanda.CommonMounts" (dict "a" (list .))) | fromJson) "r" }} +{{- if $mounts -}} +{{- toYaml $mounts -}} +{{- end -}} +{{- end -}} + +{{/* mounts that are common to most containers */}} +{{- define "default-mounts" -}} +{{- $mounts := get ((include "redpanda.DefaultMounts" (dict "a" (list .))) | fromJson) "r" }} +{{- if $mounts -}} +{{- toYaml $mounts -}} +{{- end -}} +{{- end -}} + +{{/* volumes that are common to all pods */}} +{{- define "common-volumes" -}} +{{- $volumes := get ((include "redpanda.CommonVolumes" (dict "a" (list .))) | fromJson) "r" }} +{{- if $volumes -}} +{{- toYaml $volumes -}} +{{- end -}} +{{- end -}} + +{{/* the default set of volumes for most pods, except the sts pod */}} +{{- define "default-volumes" -}} +{{- $volumes := get ((include "redpanda.DefaultVolumes" (dict "a" (list .))) | fromJson) "r" }} +{{- if $volumes -}} +{{- toYaml $volumes -}} +{{- end -}} +{{- end -}} + +{{/* support legacy storage.tieredConfig */}} +{{- define "storage-tiered-config" -}} +{{- $cfg := get ((include "redpanda.StorageTieredConfig" (dict "a" (list .))) | fromJson) "r" }} +{{- if $cfg -}} +{{- toYaml $cfg -}} +{{- end -}} +{{- end -}} + +{{/* + rpk sasl environment variables + + this will return a string with the correct environment variables to use for SASL based on the + version of the redpada container being used +*/}} +{{- define "rpk-sasl-environment-variables" -}} +{{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool -}} +RPK_USER RPK_PASS RPK_SASL_MECHANISM +{{- else -}} +REDPANDA_SASL_USERNAME REDPANDA_SASL_PASSWORD REDPANDA_SASL_MECHANISM +{{- end -}} +{{- end -}} + +{{- define "curl-options" -}} +{{- print " -svm3 --fail --retry \"120\" --retry-max-time \"120\" --retry-all-errors -o - -w \"\\nstatus=%{http_code} %{redirect_url} size=%{size_download} time=%{time_total} content-type=\\\"%{content_type}\\\"\\n\" "}} +{{- end -}} + +{{- define "advertised-address-template" -}} + {{- $prefixTemplate := dig "prefixTemplate" "" .externalListener -}} + {{- if empty $prefixTemplate -}} + {{- $prefixTemplate = dig "prefixTemplate" "" .externalVals -}} + {{- end -}} + {{ quote $prefixTemplate }} +{{- end -}} + +{{/* check if client auth is enabled for any of the listeners */}} +{{- define "client-auth-required" -}} +{{- $requireClientAuth := get ((include "redpanda.ClientAuthRequired" (dict "a" (list .))) | fromJson) "r" }} +{{- toJson (dict "bool" $requireClientAuth) -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/templates/_memory.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_memory.go.tpl new file mode 100644 index 000000000..015a771b4 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_memory.go.tpl @@ -0,0 +1,63 @@ +{{- /* Generated from "memory.go" */ -}} + +{{- define "redpanda.RedpandaReserveMemory" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $rpMem_1 := $values.resources.memory.redpanda -}} +{{- if (and (ne (toJson $rpMem_1) "null") (ne (toJson $rpMem_1.reserveMemory) "null")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rpMem_1.reserveMemory) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" ((add (((mulf (((get (fromJson (include "redpanda.ContainerMemory" (dict "a" (list $dot) ))) "r") | int64) | float64) 0.002) | float64) | int64) (200 | int64)) | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaMemory" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $memory := ((0 | int64) | int64) -}} +{{- $containerMemory := ((get (fromJson (include "redpanda.ContainerMemory" (dict "a" (list $dot) ))) "r") | int64) -}} +{{- $rpMem_2 := $values.resources.memory.redpanda -}} +{{- if (and (ne (toJson $rpMem_2) "null") (ne (toJson $rpMem_2.memory) "null")) -}} +{{- $memory = ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $rpMem_2.memory) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64) -}} +{{- else -}} +{{- $memory = (((mulf ($containerMemory | float64) 0.8) | float64) | int64) -}} +{{- end -}} +{{- if (eq $memory (0 | int64)) -}} +{{- $_ := (fail "unable to get memory value redpanda-memory") -}} +{{- end -}} +{{- if (lt $memory (256 | int64)) -}} +{{- $_ := (fail (printf "%d is below the minimum value for Redpanda" $memory)) -}} +{{- end -}} +{{- if (gt ((add $memory ((get (fromJson (include "redpanda.RedpandaReserveMemory" (dict "a" (list $dot) ))) "r") | int64)) | int64) $containerMemory) -}} +{{- $_ := (fail (printf "Not enough container memory for Redpanda memory values where Redpanda: %d, reserve: %d, container: %d" $memory ((get (fromJson (include "redpanda.RedpandaReserveMemory" (dict "a" (list $dot) ))) "r") | int64) $containerMemory)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $memory) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ContainerMemory" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (ne (toJson $values.resources.memory.container.min) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $values.resources.memory.container.min) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" ((div ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $values.resources.memory.container.max) ))) "r") | int64) ((mul (1024 | int) (1024 | int)))) | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_notes.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_notes.go.tpl new file mode 100644 index 000000000..e547ce092 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_notes.go.tpl @@ -0,0 +1,167 @@ +{{- /* Generated from "notes.go" */ -}} + +{{- define "redpanda.Warnings" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $warnings := (coalesce nil) -}} +{{- $w_1 := (get (fromJson (include "redpanda.cpuWarning" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $w_1 "") -}} +{{- $warnings = (concat (default (list ) $warnings) (list (printf `**Warning**: %s` $w_1))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $warnings) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.cpuWarning" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $coresInMillis := ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $values.resources.cpu.cores) ))) "r") | int64) -}} +{{- if (lt $coresInMillis (1000 | int64)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%dm is below the minimum recommended CPU value for Redpanda" $coresInMillis)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Notes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $anySASL := (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $values.auth) ))) "r") -}} +{{- $notes := (coalesce nil) -}} +{{- $notes = (concat (default (list ) $notes) (list `` `` `` `` (printf `Congratulations on installing %s!` $dot.Chart.Name) `` `The pods will rollout in a few seconds. To check the status:` `` (printf ` kubectl -n %s rollout status statefulset %s --watch` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")))) -}} +{{- if (and $values.external.enabled (eq $values.external.type "LoadBalancer")) -}} +{{- $notes = (concat (default (list ) $notes) (list `` `If you are using the load balancer service with a cloud provider, the services will likely have automatically-generated addresses. In this scenario the advertised listeners must be updated in order for external access to work. Run the following command once Redpanda is deployed:` `` (printf ` helm upgrade %s redpanda/redpanda --reuse-values -n %s --set $(kubectl get svc -n %s -o jsonpath='{"external.addresses={"}{ range .items[*]}{.status.loadBalancer.ingress[0].ip }{.status.loadBalancer.ingress[0].hostname}{","}{ end }{"}\n"}')` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") $dot.Release.Namespace $dot.Release.Namespace))) -}} +{{- end -}} +{{- $profiles := (keys $values.listeners.kafka.external) -}} +{{- $_ := (sortAlpha $profiles) -}} +{{- $profileName := (index $profiles (0 | int)) -}} +{{- $notes = (concat (default (list ) $notes) (list `` `Set up rpk for access to your external listeners:`)) -}} +{{- $profile := (index $values.listeners.kafka.external $profileName) -}} +{{- if (get (fromJson (include "redpanda.TLSEnabled" (dict "a" (list $dot) ))) "r") -}} +{{- $external := "" -}} +{{- if (and (ne (toJson $profile.tls) "null") (ne (toJson $profile.tls.cert) "null")) -}} +{{- $external = $profile.tls.cert -}} +{{- else -}} +{{- $external = $values.listeners.kafka.tls.cert -}} +{{- end -}} +{{- $notes = (concat (default (list ) $notes) (list (printf ` kubectl get secret -n %s %s-%s-cert -o go-template='{{ index .data "ca.crt" | base64decode }}' > ca.crt` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $external))) -}} +{{- if (or $values.listeners.kafka.tls.requireClientAuth $values.listeners.admin.tls.requireClientAuth) -}} +{{- $notes = (concat (default (list ) $notes) (list (printf ` kubectl get secret -n %s %s-client -o go-template='{{ index .data "tls.crt" | base64decode }}' > tls.crt` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) (printf ` kubectl get secret -n %s %s-client -o go-template='{{ index .data "tls.key" | base64decode }}' > tls.key` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")))) -}} +{{- end -}} +{{- end -}} +{{- $notes = (concat (default (list ) $notes) (list (printf ` rpk profile create --from-profile <(kubectl get configmap -n %s %s-rpk -o go-template='{{ .data.profile }}') %s` $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $profileName) `` `Set up dns to look up the pods on their Kubernetes Nodes. You can use this query to get the list of short-names to IP addresses. Add your external domain to the hostnames and you could test by adding these to your /etc/hosts:` `` (printf ` kubectl get pod -n %s -o custom-columns=node:.status.hostIP,name:.metadata.name --no-headers -l app.kubernetes.io/name=redpanda,app.kubernetes.io/component=redpanda-statefulset` $dot.Release.Namespace))) -}} +{{- if $anySASL -}} +{{- $notes = (concat (default (list ) $notes) (list `` `Set the credentials in the environment:` `` (printf ` kubectl -n %s get secret %s -o go-template="{{ range .data }}{{ . | base64decode }}{{ end }}" | IFS=: read -r %s` $dot.Release.Namespace $values.auth.sasl.secretRef (get (fromJson (include "redpanda.RpkSASLEnvironmentVariables" (dict "a" (list $dot) ))) "r")) (printf ` export %s` (get (fromJson (include "redpanda.RpkSASLEnvironmentVariables" (dict "a" (list $dot) ))) "r")))) -}} +{{- end -}} +{{- $notes = (concat (default (list ) $notes) (list `` `Try some sample commands:`)) -}} +{{- if $anySASL -}} +{{- $notes = (concat (default (list ) $notes) (list `Create a user:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkACLUserCreate" (dict "a" (list $dot) ))) "r")) `` `Give the user permissions:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkACLCreate" (dict "a" (list $dot) ))) "r")))) -}} +{{- end -}} +{{- $notes = (concat (default (list ) $notes) (list `` `Get the api status:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkClusterInfo" (dict "a" (list $dot) ))) "r")) `` `Create a topic` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicCreate" (dict "a" (list $dot) ))) "r")) `` `Describe the topic:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicDescribe" (dict "a" (list $dot) ))) "r")) `` `Delete the topic:` `` (printf ` %s` (get (fromJson (include "redpanda.RpkTopicDelete" (dict "a" (list $dot) ))) "r")))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $notes) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkACLUserCreate" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf `rpk acl user create myuser --new-password changeme --mechanism %s` (get (fromJson (include "redpanda.SASLMechanism" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SASLMechanism" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (ne (toJson $values.auth.sasl) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $values.auth.sasl.mechanism) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "SCRAM-SHA-512") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkACLCreate" -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" `rpk acl create --allow-principal 'myuser' --allow-host '*' --operation all --topic 'test-topic'`) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkClusterInfo" -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" `rpk cluster info`) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkTopicCreate" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf `rpk topic create test-topic -p 3 -r %d` (min (3 | int64) (($values.statefulset.replicas | int) | int64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkTopicDescribe" -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" `rpk topic describe test-topic`) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkTopicDelete" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" `rpk topic delete test-topic`) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RpkSASLEnvironmentVariables" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (get (fromJson (include "redpanda.RedpandaAtLeast_23_2_1" (dict "a" (list $dot) ))) "r") -}} +{{- $_is_returning = true -}} +{{- (dict "r" `RPK_USER RPK_PASS RPK_SASL_MECHANISM`) | toJson -}} +{{- break -}} +{{- else -}} +{{- $_is_returning = true -}} +{{- (dict "r" `REDPANDA_SASL_USERNAME REDPANDA_SASL_PASSWORD REDPANDA_SASL_MECHANISM`) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_poddisruptionbudget.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_poddisruptionbudget.go.tpl new file mode 100644 index 000000000..763b7b0bd --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_poddisruptionbudget.go.tpl @@ -0,0 +1,21 @@ +{{- /* Generated from "poddisruptionbudget.go" */ -}} + +{{- define "redpanda.PodDisruptionBudget" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $budget := ($values.statefulset.budget.maxUnavailable | int) -}} +{{- $minReplicas := ((div ($values.statefulset.replicas | int) (2 | int)) | int) -}} +{{- if (and (gt $budget (1 | int)) (gt $budget $minReplicas)) -}} +{{- $_ := (fail (printf "statefulset.budget.maxUnavailable is set too high to maintain quorum: %d > %d" $budget $minReplicas)) -}} +{{- end -}} +{{- $maxUnavailable := ($budget | int) -}} +{{- $matchLabels := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") -}} +{{- $_ := (set $matchLabels "redpanda.com/poddisruptionbudget" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "disruptionsAllowed" 0 "currentHealthy" 0 "desiredHealthy" 0 "expectedPods" 0 ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "policy/v1" "kind" "PodDisruptionBudget" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict ) (dict "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" $matchLabels )) "maxUnavailable" $maxUnavailable )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_post-install-upgrade-job.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_post-install-upgrade-job.go.tpl new file mode 100644 index 000000000..617d6dbf3 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_post-install-upgrade-job.go.tpl @@ -0,0 +1,123 @@ +{{- /* Generated from "post_install_upgrade_job.go" */ -}} + +{{- define "redpanda.bootstrapYamlTemplater" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $env := (get (fromJson (include "redpanda.TieredStorageCredentials.AsEnvVars" (dict "a" (list $values.storage.tiered.credentialsSecretRef (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r")) ))) "r") -}} +{{- $image := (printf `%s:%s` $values.statefulset.sideCars.controllers.image.repository $values.statefulset.sideCars.controllers.image.tag) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "bootstrap-yaml-envsubst" "image" $image "command" (list "/redpanda-operator" "envsubst" "/tmp/base-config/bootstrap.yaml" "--output" "/tmp/config/.bootstrap.yaml") "env" $env "resources" (mustMergeOverwrite (dict ) (dict "limits" (dict "cpu" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "100m") ))) "r") "memory" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "125Mi") ))) "r") ) "requests" (dict "cpu" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "100m") ))) "r") "memory" (get (fromJson (include "_shims.resource_MustParse" (dict "a" (list "125Mi") ))) "r") ) )) "securityContext" (mustMergeOverwrite (dict ) (dict "allowPrivilegeEscalation" false "readOnlyRootFilesystem" true "runAsNonRoot" true )) "volumeMounts" (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/tmp/config/" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config/" ))) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.PostInstallUpgradeJob" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.post_install_job.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $image := (printf `%s:%s` $values.statefulset.sideCars.controllers.image.repository $values.statefulset.sideCars.controllers.image.tag) -}} +{{- $job := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "batch/v1" "kind" "Job" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-configuration" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (merge (dict ) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") (default (dict ) $values.post_install_job.labels)) "annotations" (merge (dict ) (dict "helm.sh/hook" "post-install,post-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation" "helm.sh/hook-weight" "-5" ) (default (dict ) $values.post_install_job.annotations)) )) "spec" (mustMergeOverwrite (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) ) (dict "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list $values.post_install_job.podTemplate (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "generateName" (printf "%s-post-" $dot.Release.Name) "labels" (merge (dict ) (dict "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/component" (printf "%.50s-post-install" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r")) ) (default (dict ) $values.commonLabels)) )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "nodeSelector" $values.nodeSelector "affinity" (get (fromJson (include "redpanda.postInstallJobAffinity" (dict "a" (list $dot) ))) "r") "tolerations" (get (fromJson (include "redpanda.tolerations" (dict "a" (list $dot) ))) "r") "restartPolicy" "Never" "securityContext" (get (fromJson (include "redpanda.PodSecurityContext" (dict "a" (list $dot) ))) "r") "imagePullSecrets" (default (coalesce nil) $values.imagePullSecrets) "initContainers" (list (get (fromJson (include "redpanda.bootstrapYamlTemplater" (dict "a" (list $dot) ))) "r")) "automountServiceAccountToken" false "containers" (list (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "post-install" "image" $image "env" (get (fromJson (include "redpanda.PostInstallUpgradeEnvironmentVariables" (dict "a" (list $dot) ))) "r") "command" (list "/redpanda-operator" "sync-cluster-config" "--users-directory" "/etc/secrets/users" "--redpanda-yaml" "/tmp/base-config/redpanda.yaml" "--bootstrap-yaml" "/tmp/config/.bootstrap.yaml") "resources" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.post_install_job.resources (mustMergeOverwrite (dict ) (dict ))) ))) "r") "securityContext" (merge (dict ) (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.post_install_job.securityContext (mustMergeOverwrite (dict ) (dict ))) ))) "r") (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r")) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/tmp/config" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config" )))) ))) "volumes" (concat (default (list ) (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") )) (dict )) )) (dict "name" "base-config" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) (dict "name" "config" )))) "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") )) ))) ))) "r") )) )) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $job) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.postInstallJobAffinity" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (empty $values.post_install_job.affinity)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $values.post_install_job.affinity) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $values.post_install_job.affinity $values.affinity)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.tolerations" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $result := (coalesce nil) -}} +{{- range $_, $t := $values.tolerations -}} +{{- $result = (concat (default (list ) $result) (list (merge (dict ) $t))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.PostInstallUpgradeEnvironmentVariables" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $envars := (list ) -}} +{{- $license_1 := (get (fromJson (include "redpanda.GetLicenseLiteral" (dict "a" (list $dot) ))) "r") -}} +{{- $secretReference_2 := (get (fromJson (include "redpanda.GetLicenseSecretReference" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne $license_1 "") -}} +{{- $envars = (concat (default (list ) $envars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_LICENSE" "value" $license_1 )))) -}} +{{- else -}}{{- if (ne (toJson $secretReference_2) "null") -}} +{{- $envars = (concat (default (list ) $envars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_LICENSE" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" $secretReference_2 )) )))) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.bootstrapEnvVars" (dict "a" (list $dot $envars) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.GetLicenseLiteral" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (ne $values.enterprise.license "") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $values.enterprise.license) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $values.license_key) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.GetLicenseSecretReference" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (empty $values.enterprise.licenseSecretRef)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" $values.enterprise.licenseSecretRef.name )) (dict "key" $values.enterprise.licenseSecretRef.key ))) | toJson -}} +{{- break -}} +{{- else -}}{{- if (not (empty $values.license_secret_ref)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" $values.license_secret_ref.secret_name )) (dict "key" $values.license_secret_ref.secret_key ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_post_upgrade_job.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_post_upgrade_job.go.tpl new file mode 100644 index 000000000..6a95bb94e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_post_upgrade_job.go.tpl @@ -0,0 +1,87 @@ +{{- /* Generated from "post_upgrade_job.go" */ -}} + +{{- define "redpanda.PostUpgrade" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.post_upgrade_job.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $labels := (default (dict ) $values.post_upgrade_job.labels) -}} +{{- $annotations := (default (dict ) $values.post_upgrade_job.annotations) -}} +{{- $annotations = (merge (dict ) (dict "helm.sh/hook" "post-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation" "helm.sh/hook-weight" "-10" ) $annotations) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) ) "status" (dict ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "batch/v1" "kind" "Job" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-post-upgrade" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (merge (dict ) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") $labels) "annotations" $annotations )) "spec" (mustMergeOverwrite (dict "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) ) (dict "backoffLimit" $values.post_upgrade_job.backoffLimit "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list $values.post_upgrade_job.podTemplate (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $dot.Release.Name "labels" (merge (dict ) (dict "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/component" (printf "%s-post-upgrade" (trunc (50 | int) (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r"))) ) $values.commonLabels) )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "nodeSelector" $values.nodeSelector "affinity" (merge (dict ) $values.post_upgrade_job.affinity $values.affinity) "tolerations" $values.tolerations "restartPolicy" "Never" "securityContext" (get (fromJson (include "redpanda.PodSecurityContext" (dict "a" (list $dot) ))) "r") "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "imagePullSecrets" (default (coalesce nil) $values.imagePullSecrets) "containers" (list (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "post-upgrade" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list "/bin/bash" "-c") "args" (list (get (fromJson (include "redpanda.PostUpgradeJobScript" (dict "a" (list $dot) ))) "r")) "env" (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot $values.post_upgrade_job.extraEnv) ))) "r") "envFrom" $values.post_upgrade_job.extraEnvFrom "securityContext" (merge (dict ) (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.post_upgrade_job.securityContext (mustMergeOverwrite (dict ) (dict ))) ))) "r") (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r")) "resources" $values.post_upgrade_job.resources "volumeMounts" (get (fromJson (include "redpanda.DefaultMounts" (dict "a" (list $dot) ))) "r") ))) "volumes" (get (fromJson (include "redpanda.DefaultVolumes" (dict "a" (list $dot) ))) "r") )) ))) ))) "r") )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.PostUpgradeJobScript" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $script := (list `set -e` ``) -}} +{{- range $key, $value := $values.config.cluster -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asintegral" (dict "a" (list $value) ))) "r")) ))) "r") -}} +{{- $isInt64 := $tmp_tuple_1.T2 -}} +{{- $asInt64 := ($tmp_tuple_1.T1 | int64) -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $value false) ))) "r")) ))) "r") -}} +{{- $ok_2 := $tmp_tuple_2.T2 -}} +{{- $asBool_1 := $tmp_tuple_2.T1 -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" $value "") ))) "r")) ))) "r") -}} +{{- $ok_4 := $tmp_tuple_3.T2 -}} +{{- $asStr_3 := $tmp_tuple_3.T1 -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "[]%s" "interface {}") $value (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_6 := $tmp_tuple_4.T2 -}} +{{- $asSlice_5 := $tmp_tuple_4.T1 -}} +{{- if (and $ok_2 $asBool_1) -}} +{{- $script = (concat (default (list ) $script) (list (printf "rpk cluster config set %s %t" $key $asBool_1))) -}} +{{- else -}}{{- if (and $ok_4 (ne $asStr_3 "")) -}} +{{- $script = (concat (default (list ) $script) (list (printf "rpk cluster config set %s %s" $key $asStr_3))) -}} +{{- else -}}{{- if (and $isInt64 (gt $asInt64 (0 | int64))) -}} +{{- $script = (concat (default (list ) $script) (list (printf "rpk cluster config set %s %d" $key $asInt64))) -}} +{{- else -}}{{- if (and $ok_6 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $asSlice_5) ))) "r") | int) (0 | int))) -}} +{{- $script = (concat (default (list ) $script) (list (printf `rpk cluster config set %s "[ %s ]"` $key (join "," $asSlice_5)))) -}} +{{- else -}}{{- if (not (empty $value)) -}} +{{- $script = (concat (default (list ) $script) (list (printf "rpk cluster config set %s %v" $key $value))) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $tmp_tuple_5 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "default_topic_replications" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_7 := $tmp_tuple_5.T2 -}} +{{- if (and (not $ok_7) (ge ($values.statefulset.replicas | int) (3 | int))) -}} +{{- $script = (concat (default (list ) $script) (list "rpk cluster config set default_topic_replications 3")) -}} +{{- end -}} +{{- $tmp_tuple_6 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $values.config.cluster "storage_min_free_bytes" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_8 := $tmp_tuple_6.T2 -}} +{{- if (not $ok_8) -}} +{{- $script = (concat (default (list ) $script) (list (printf "rpk cluster config set storage_min_free_bytes %d" ((get (fromJson (include "redpanda.Storage.StorageMinFreeBytes" (dict "a" (list $values.storage) ))) "r") | int64)))) -}} +{{- end -}} +{{- if (get (fromJson (include "redpanda.RedpandaAtLeast_23_2_1" (dict "a" (list $dot) ))) "r") -}} +{{- $service := $values.listeners.admin -}} +{{- $caCert := "" -}} +{{- $scheme := "http" -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $service.tls $values.tls) ))) "r") -}} +{{- $scheme = "https" -}} +{{- $caCert = (printf "--cacert %q" (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $service.tls $values.tls) ))) "r")) -}} +{{- end -}} +{{- $url := (printf "%s://%s:%d/v1/debug/restart_service?service=schema-registry" $scheme (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") (($service.port | int) | int64)) -}} +{{- $script = (concat (default (list ) $script) (list `if [ -d "/etc/secrets/users/" ]; then` ` IFS=":" read -r USER_NAME PASSWORD MECHANISM < <(grep "" $(find /etc/secrets/users/* -print))` ` curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors --ssl-reqd \` (printf ` %s \` $caCert) ` -X PUT -u ${USER_NAME}:${PASSWORD} \` (printf ` %s || true` $url) `fi`)) -}} +{{- end -}} +{{- $script = (concat (default (list ) $script) (list "")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (join "\n" $script)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_rbac.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_rbac.go.tpl new file mode 100644 index 000000000..162092626 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_rbac.go.tpl @@ -0,0 +1,116 @@ +{{- /* Generated from "rbac.go" */ -}} + +{{- define "redpanda.ClusterRoles" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $crs := (coalesce nil) -}} +{{- $cr_1 := (get (fromJson (include "redpanda.SidecarControllersClusterRole" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $cr_1) "null") -}} +{{- $crs = (concat (default (list ) $crs) (list $cr_1)) -}} +{{- end -}} +{{- if (not $values.rbac.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $crs) | toJson -}} +{{- break -}} +{{- end -}} +{{- $rpkBundleName := (printf "%s-rpk-bundle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $crs = (concat (default (list ) $crs) (default (list ) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "nodes") "verbs" (list "get" "list") ))) )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $rpkBundleName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "configmaps" "endpoints" "events" "limitranges" "persistentvolumeclaims" "pods" "pods/log" "replicationcontrollers" "resourcequotas" "serviceaccounts" "services") "verbs" (list "get" "list") ))) ))))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $crs) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ClusterRoleBindings" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $crbs := (coalesce nil) -}} +{{- $crb_2 := (get (fromJson (include "redpanda.SidecarControllersClusterRoleBinding" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $crb_2) "null") -}} +{{- $crbs = (concat (default (list ) $crbs) (list $crb_2)) -}} +{{- end -}} +{{- if (not $values.rbac.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $crbs) | toJson -}} +{{- break -}} +{{- end -}} +{{- $rpkBundleName := (printf "%s-rpk-bundle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $crbs = (concat (default (list ) $crbs) (default (list ) (list (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) )) (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $rpkBundleName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" $rpkBundleName )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $crbs) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SidecarControllersClusterRole" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.statefulset.sideCars.controllers.enabled) (not $values.statefulset.sideCars.controllers.createRBAC)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRole" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "nodes") "verbs" (list "get" "list" "watch") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "persistentvolumes") "verbs" (list "delete" "get" "list" "patch" "update" "watch") ))) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SidecarControllersClusterRoleBinding" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.statefulset.sideCars.controllers.enabled) (not $values.statefulset.sideCars.controllers.createRBAC)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "ClusterRoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "ClusterRole" "name" $sidecarControllerName )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SidecarControllersRole" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.statefulset.sideCars.controllers.enabled) (not $values.statefulset.sideCars.controllers.createRBAC)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "rules" (coalesce nil) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "Role" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "rules" (list (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "apps") "resources" (list "statefulsets/status") "verbs" (list "patch" "update") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "secrets" "pods") "verbs" (list "get" "list" "watch") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "apps") "resources" (list "statefulsets") "verbs" (list "get" "patch" "update" "list" "watch") )) (mustMergeOverwrite (dict "verbs" (coalesce nil) ) (dict "apiGroups" (list "") "resources" (list "persistentvolumeclaims") "verbs" (list "delete" "get" "list" "patch" "update" "watch") ))) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SidecarControllersRoleBinding" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.statefulset.sideCars.controllers.enabled) (not $values.statefulset.sideCars.controllers.createRBAC)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $sidecarControllerName := (printf "%s-sidecar-controllers" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "roleRef" (dict "apiGroup" "" "kind" "" "name" "" ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "rbac.authorization.k8s.io/v1" "kind" "RoleBinding" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $sidecarControllerName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "roleRef" (mustMergeOverwrite (dict "apiGroup" "" "kind" "" "name" "" ) (dict "apiGroup" "rbac.authorization.k8s.io" "kind" "Role" "name" $sidecarControllerName )) "subjects" (list (mustMergeOverwrite (dict "kind" "" "name" "" ) (dict "kind" "ServiceAccount" "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace ))) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_secrets.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_secrets.go.tpl new file mode 100644 index 000000000..5e95f3f82 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_secrets.go.tpl @@ -0,0 +1,419 @@ +{{- /* Generated from "secrets.go" */ -}} + +{{- define "redpanda.Secrets" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $secrets := (coalesce nil) -}} +{{- $secrets = (concat (default (list ) $secrets) (list (get (fromJson (include "redpanda.SecretSTSLifecycle" (dict "a" (list $dot) ))) "r"))) -}} +{{- $saslUsers_1 := (get (fromJson (include "redpanda.SecretSASLUsers" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $saslUsers_1) "null") -}} +{{- $secrets = (concat (default (list ) $secrets) (list $saslUsers_1)) -}} +{{- end -}} +{{- $configWatcher_2 := (get (fromJson (include "redpanda.SecretConfigWatcher" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $configWatcher_2) "null") -}} +{{- $secrets = (concat (default (list ) $secrets) (list $configWatcher_2)) -}} +{{- end -}} +{{- $secrets = (concat (default (list ) $secrets) (list (get (fromJson (include "redpanda.SecretConfigurator" (dict "a" (list $dot) ))) "r"))) -}} +{{- $fsValidator_3 := (get (fromJson (include "redpanda.SecretFSValidator" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $fsValidator_3) "null") -}} +{{- $secrets = (concat (default (list ) $secrets) (list $fsValidator_3)) -}} +{{- end -}} +{{- $bootstrapUser_4 := (get (fromJson (include "redpanda.SecretBootstrapUser" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $bootstrapUser_4) "null") -}} +{{- $secrets = (concat (default (list ) $secrets) (list $bootstrapUser_4)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $secrets) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretSTSLifecycle" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-sts-lifecycle" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} +{{- $adminCurlFlags := (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") -}} +{{- $_ := (set $secret.stringData "common.sh" (join "\n" (list `#!/usr/bin/env bash` `` `# the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME` (printf `CURL_URL="%s"` (get (fromJson (include "redpanda.adminInternalURL" (dict "a" (list $dot) ))) "r")) `` `# commands used throughout` (printf `CURL_NODE_ID_CMD="curl --silent --fail %s ${CURL_URL}/v1/node_config"` $adminCurlFlags) `` `CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"'` `CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"'` (printf `CURL_MAINTENANCE_GET_CMD="curl -X GET --silent %s ${CURL_URL}/v1/maintenance"` $adminCurlFlags)))) -}} +{{- $postStartSh := (list `#!/usr/bin/env bash` `# This code should be similar if not exactly the same as that found in the panda-operator, see` `# https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go` `` `# path below should match the path defined on the statefulset` `source /var/lifecycle/common.sh` `` `postStartHook () {` ` set -x` `` ` touch /tmp/postStartHookStarted` `` ` until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do` ` sleep 0.5` ` done` `` ` echo "Clearing maintenance mode on node ${NODE_ID}"` (printf ` CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} %s ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"` $adminCurlFlags) ` # a 400 here would mean not in maintenance mode` ` until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do` ` status=$(${CURL_MAINTENANCE_DELETE_CMD})` ` sleep 0.5` ` done` `` ` touch /tmp/postStartHookFinished` `}` `` `postStartHook` `true`) -}} +{{- $_ := (set $secret.stringData "postStart.sh" (join "\n" $postStartSh)) -}} +{{- $preStopSh := (list `#!/usr/bin/env bash` `# This code should be similar if not exactly the same as that found in the panda-operator, see` `# https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go` `` `touch /tmp/preStopHookStarted` `` `# path below should match the path defined on the statefulset` `source /var/lifecycle/common.sh` `` `set -x` `` `preStopHook () {` ` until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do` ` sleep 0.5` ` done` `` ` echo "Setting maintenance mode on node ${NODE_ID}"` (printf ` CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} %s ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance"` $adminCurlFlags) ` until [ "${status:-}" = '"200"' ]; do` ` status=$(${CURL_MAINTENANCE_PUT_CMD})` ` sleep 0.5` ` done` `` ` until [ "${finished:-}" = "true" ] || [ "${draining:-}" = "false" ]; do` ` res=$(${CURL_MAINTENANCE_GET_CMD})` ` finished=$(echo $res | grep -o '\"finished\":[^,}]*' | grep -o '[^: ]*$')` ` draining=$(echo $res | grep -o '\"draining\":[^,}]*' | grep -o '[^: ]*$')` ` sleep 0.5` ` done` `` ` touch /tmp/preStopHookFinished` `}`) -}} +{{- if (and (gt ($values.statefulset.replicas | int) (2 | int)) (not (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" (dig "recovery_mode_enabled" false $values.config.node)) ))) "r"))) -}} +{{- $preStopSh = (concat (default (list ) $preStopSh) (list `preStopHook`)) -}} +{{- else -}} +{{- $preStopSh = (concat (default (list ) $preStopSh) (list `touch /tmp/preStopHookFinished` `echo "Not enough replicas or in recovery mode, cannot put a broker into maintenance mode."`)) -}} +{{- end -}} +{{- $preStopSh = (concat (default (list ) $preStopSh) (list `true`)) -}} +{{- $_ := (set $secret.stringData "preStop.sh" (join "\n" $preStopSh)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $secret) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretSASLUsers" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (and (and (ne $values.auth.sasl.secretRef "") $values.auth.sasl.enabled) (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.auth.sasl.users) ))) "r") | int) (0 | int))) -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $values.auth.sasl.secretRef "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} +{{- $usersTxt := (list ) -}} +{{- range $_, $user := $values.auth.sasl.users -}} +{{- if (empty $user.mechanism) -}} +{{- $usersTxt = (concat (default (list ) $usersTxt) (list (printf "%s:%s" $user.name $user.password))) -}} +{{- else -}} +{{- $usersTxt = (concat (default (list ) $usersTxt) (list (printf "%s:%s:%s" $user.name $user.password $user.mechanism))) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $secret.stringData "users.txt" (join "\n" $usersTxt)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $secret) | toJson -}} +{{- break -}} +{{- else -}}{{- if (and $values.auth.sasl.enabled (eq $values.auth.sasl.secretRef "")) -}} +{{- $_ := (fail "auth.sasl.secretRef cannot be empty when auth.sasl.enabled=true") -}} +{{- else -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretBootstrapUser" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.auth.sasl.enabled) (ne (toJson $values.auth.sasl.bootstrapUser.secretKeyRef) "null")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $secretName := (printf "%s-bootstrap-user" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- if $dot.Release.IsUpgrade -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.lookup" (dict "a" (list "v1" "Secret" $dot.Release.Namespace $secretName) ))) "r")) ))) "r") -}} +{{- $ok_6 := $tmp_tuple_1.T2 -}} +{{- $existing_5 := $tmp_tuple_1.T1 -}} +{{- if $ok_6 -}} +{{- $_is_returning = true -}} +{{- (dict "r" $existing_5) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $password := (randAlphaNum (32 | int)) -}} +{{- $userPassword := $values.auth.sasl.bootstrapUser.password -}} +{{- if (ne (toJson $userPassword) "null") -}} +{{- $password = $userPassword -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" $secretName "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict "password" $password ) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretConfigWatcher" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.statefulset.sideCars.configWatcher.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $bootstrapUser := (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $values.auth.sasl.bootstrapUser) ))) "r") -}} +{{- $sasl := $values.auth.sasl -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-config-watcher" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} +{{- $saslUserSh := (coalesce nil) -}} +{{- $saslUserSh = (concat (default (list ) $saslUserSh) (list `#!/usr/bin/env bash` `` `trap 'error_handler $? $LINENO' ERR` `` `error_handler() {` ` echo "Error: ($1) occurred at line $2"` `}` `` `set -e` `` `# rpk cluster health can exit non-zero if it's unable to dial brokers. This` `# can happen for many reasons but we never want this script to crash as it` `# would take down yet another broker and make a bad situation worse.` `# Instead, just wait for the command to eventually exit zero.` `echo "Waiting for cluster to be ready"` `until rpk cluster health --watch --exit-when-healthy; do` ` echo "rpk cluster health failed. Waiting 5 seconds before trying again..."` ` sleep 5` `done`)) -}} +{{- if (and $sasl.enabled (ne $sasl.secretRef "")) -}} +{{- $saslUserSh = (concat (default (list ) $saslUserSh) (list `while true; do` ` echo "RUNNING: Monitoring and Updating SASL users"` ` USERS_DIR="/etc/secrets/users"` `` ` new_users_list(){` ` LIST=$1` ` NEW_USER=$2` ` if [[ -n "${LIST}" ]]; then` ` LIST="${NEW_USER},${LIST}"` ` else` ` LIST="${NEW_USER}"` ` fi` `` ` echo "${LIST}"` ` }` `` ` process_users() {` ` USERS_DIR=${1-"/etc/secrets/users"}` ` USERS_FILE=$(find ${USERS_DIR}/* -print)` (printf ` USERS_LIST="%s"` $bootstrapUser) ` READ_LIST_SUCCESS=0` ` # Read line by line, handle a missing EOL at the end of file` ` while read p || [ -n "$p" ] ; do` ` IFS=":" read -r USER_NAME PASSWORD MECHANISM <<< $p` ` # Do not process empty lines` ` if [ -z "$USER_NAME" ]; then` ` continue` ` fi` ` if [[ "${USER_NAME// /}" != "$USER_NAME" ]]; then` ` continue` ` fi` ` echo "Creating user ${USER_NAME}..."` (printf ` MECHANISM=${MECHANISM:-%s}` (dig "auth" "sasl" "mechanism" "SCRAM-SHA-512" $dot.Values.AsMap)) ` creation_result=$(rpk acl user create ${USER_NAME} -p ${PASSWORD} --mechanism ${MECHANISM} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code` ` if [[ $creation_result_exit_code -ne 0 ]]; then` ` # Check if the stderr contains "User already exists"` ` # this error occurs when password has changed` ` if [[ $creation_result == *"User already exists"* ]]; then` ` echo "Update user ${USER_NAME}"` ` # we will try to update by first deleting` ` deletion_result=$(rpk acl user delete ${USER_NAME} 2>&1) && deletion_result_exit_code=$? || deletion_result_exit_code=$?` ` if [[ $deletion_result_exit_code -ne 0 ]]; then` ` echo "deletion of user ${USER_NAME} failed: ${deletion_result}"` ` READ_LIST_SUCCESS=1` ` break` ` fi` ` # Now we update the user` ` update_result=$(rpk acl user create ${USER_NAME} -p ${PASSWORD} --mechanism ${MECHANISM} 2>&1) && update_result_exit_code=$? || update_result_exit_code=$? # On a non-success exit code` ` if [[ $update_result_exit_code -ne 0 ]]; then` ` echo "updating user ${USER_NAME} failed: ${update_result}"` ` READ_LIST_SUCCESS=1` ` break` ` else` ` echo "Updated user ${USER_NAME}..."` ` USERS_LIST=$(new_users_list "${USERS_LIST}" "${USER_NAME}")` ` fi` ` else` ` # Another error occurred, so output the original message and exit code` ` echo "error creating user ${USER_NAME}: ${creation_result}"` ` READ_LIST_SUCCESS=1` ` break` ` fi` ` # On a success, the user was created so output that` ` else` ` echo "Created user ${USER_NAME}..."` ` USERS_LIST=$(new_users_list "${USERS_LIST}" "${USER_NAME}")` ` fi` ` done < $USERS_FILE` `` ` if [[ -n "${USERS_LIST}" && ${READ_LIST_SUCCESS} ]]; then` ` echo "Setting superusers configurations with users [${USERS_LIST}]"` ` superuser_result=$(rpk cluster config set superusers [${USERS_LIST}] 2>&1) && superuser_result_exit_code=$? || superuser_result_exit_code=$?` ` if [[ $superuser_result_exit_code -ne 0 ]]; then` ` echo "Setting superusers configurations failed: ${superuser_result}"` ` else` ` echo "Completed setting superusers configurations"` ` fi` ` fi` ` }` `` ` # before we do anything ensure we have the bootstrap user` ` echo "Ensuring bootstrap user ${RPK_USER}..."` ` creation_result=$(rpk acl user create ${RPK_USER} -p ${RPK_PASS} --mechanism ${RPK_SASL_MECHANISM} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code` ` if [[ $creation_result_exit_code -ne 0 ]]; then` ` if [[ $creation_result == *"User already exists"* ]]; then` ` echo "Bootstrap user already created"` ` else` ` echo "error creating user ${RPK_USER}: ${creation_result}"` ` fi` ` fi` `` ` # first time processing` ` process_users $USERS_DIR` `` ` # subsequent changes detected here` ` # watching delete_self as documented in https://ahmet.im/blog/kubernetes-inotify/` ` USERS_FILE=$(find ${USERS_DIR}/* -print)` ` while RES=$(inotifywait -q -e delete_self ${USERS_FILE}); do` ` process_users $USERS_DIR` ` done` `done`)) -}} +{{- else -}} +{{- $saslUserSh = (concat (default (list ) $saslUserSh) (list `echo "Nothing to do. Sleeping..."` `sleep infinity`)) -}} +{{- end -}} +{{- $_ := (set $secret.stringData "sasl-user.sh" (join "\n" $saslUserSh)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $secret) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretFSValidator" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.statefulset.initContainers.fsValidator.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-fs-validator" (substr 0 (49 | int) (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r"))) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} +{{- $_ := (set $secret.stringData "fsValidator.sh" `set -e +EXPECTED_FS_TYPE=$1 + +DATA_DIR="/var/lib/redpanda/data" +TEST_FILE="testfile" + +echo "checking data directory exist..." +if [ ! -d "${DATA_DIR}" ]; then + echo "data directory does not exists, exiting" + exit 1 +fi + +echo "checking filesystem type..." +FS_TYPE=$(df -T $DATA_DIR | tail -n +2 | awk '{print $2}') + +if [ "${FS_TYPE}" != "${EXPECTED_FS_TYPE}" ]; then + echo "file system found to be ${FS_TYPE} when expected ${EXPECTED_FS_TYPE}" + exit 1 +fi + +echo "checking if able to create a test file..." + +touch ${DATA_DIR}/${TEST_FILE} +result=$(touch ${DATA_DIR}/${TEST_FILE} 2> /dev/null; echo $?) +if [ "${result}" != "0" ]; then + echo "could not write testfile, may not have write permission" + exit 1 +fi + +echo "checking if able to delete a test file..." + +result=$(rm ${DATA_DIR}/${TEST_FILE} 2> /dev/null; echo $?) +if [ "${result}" != "0" ]; then + echo "could not delete testfile" + exit 1 +fi + +echo "passed"`) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $secret) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretConfigurator" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $secret := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Secret" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%.51s-configurator" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "type" "Opaque" "stringData" (dict ) )) -}} +{{- $configuratorSh := (list ) -}} +{{- $configuratorSh = (concat (default (list ) $configuratorSh) (list `set -xe` `SERVICE_NAME=$1` `KUBERNETES_NODE_NAME=$2` `POD_ORDINAL=${SERVICE_NAME##*-}` "BROKER_INDEX=`expr $POD_ORDINAL + 1`" `` `CONFIG=/etc/redpanda/redpanda.yaml` `` `# Setup config files` `cp /tmp/base-config/redpanda.yaml "${CONFIG}"`)) -}} +{{- if (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list $dot) ))) "r")) -}} +{{- $configuratorSh = (concat (default (list ) $configuratorSh) (list `` `# Configure bootstrap` `## Not used for Redpanda v22.3.0+` `rpk --config "${CONFIG}" redpanda config set redpanda.node_id "${POD_ORDINAL}"` `if [ "${POD_ORDINAL}" = "0" ]; then` ` rpk --config "${CONFIG}" redpanda config set redpanda.seed_servers '[]' --format yaml` `fi`)) -}} +{{- end -}} +{{- $kafkaSnippet := (get (fromJson (include "redpanda.secretConfiguratorKafkaConfig" (dict "a" (list $dot) ))) "r") -}} +{{- $configuratorSh = (concat (default (list ) $configuratorSh) (default (list ) $kafkaSnippet)) -}} +{{- $httpSnippet := (get (fromJson (include "redpanda.secretConfiguratorHTTPConfig" (dict "a" (list $dot) ))) "r") -}} +{{- $configuratorSh = (concat (default (list ) $configuratorSh) (default (list ) $httpSnippet)) -}} +{{- if (and (get (fromJson (include "redpanda.RedpandaAtLeast_22_3_0" (dict "a" (list $dot) ))) "r") $values.rackAwareness.enabled) -}} +{{- $configuratorSh = (concat (default (list ) $configuratorSh) (list `` `# Configure Rack Awareness` `set +x` (printf `RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep %s | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/')` (squote (quote $values.rackAwareness.nodeAnnotation))) `set -x` `rpk --config "$CONFIG" redpanda config set redpanda.rack "${RACK}"`)) -}} +{{- end -}} +{{- $_ := (set $secret.stringData "configurator.sh" (join "\n" $configuratorSh)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $secret) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.secretConfiguratorKafkaConfig" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $internalAdvertiseAddress := (printf "%s.%s" "${SERVICE_NAME}" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} +{{- $snippet := (coalesce nil) -}} +{{- $listenerName := "kafka" -}} +{{- $listenerAdvertisedName := $listenerName -}} +{{- $redpandaConfigPart := "redpanda" -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `LISTENER=%s` (quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" ($values.listeners.kafka.port | int) )))) (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[0] "$LISTENER"` $redpandaConfigPart $listenerAdvertisedName))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.listeners.kafka.external) ))) "r") | int) (0 | int)) -}} +{{- $externalCounter := (0 | int) -}} +{{- range $externalName, $externalVals := $values.listeners.kafka.external -}} +{{- $externalCounter = ((add $externalCounter (1 | int)) | int) -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} +{{- range $_, $replicaIndex := (until (($values.statefulset.replicas | int) | int)) -}} +{{- $port := ($externalVals.port | int) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = (index $externalVals.advertisedPorts (0 | int)) -}} +{{- else -}} +{{- $port = (index $externalVals.advertisedPorts $replicaIndex) -}} +{{- end -}} +{{- end -}} +{{- $host := (get (fromJson (include "redpanda.advertisedHostJSON" (dict "a" (list $dot $externalName $port $replicaIndex) ))) "r") -}} +{{- $address := (toJson $host) -}} +{{- $prefixTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $externalVals.prefixTemplate "") ))) "r") -}} +{{- if (eq $prefixTemplate "") -}} +{{- $prefixTemplate = (default "" $values.external.prefixTemplate) -}} +{{- end -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `PREFIX_TEMPLATE=%s` (quote $prefixTemplate)) (printf `ADVERTISED_%s_ADDRESSES+=(%s)` (upper $listenerName) (quote $address)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[%d] "${ADVERTISED_%s_ADDRESSES[$POD_ORDINAL]}"` $redpandaConfigPart $listenerAdvertisedName $externalCounter (upper $listenerName)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $snippet) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.secretConfiguratorHTTPConfig" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $internalAdvertiseAddress := (printf "%s.%s" "${SERVICE_NAME}" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} +{{- $snippet := (coalesce nil) -}} +{{- $listenerName := "http" -}} +{{- $listenerAdvertisedName := "pandaproxy" -}} +{{- $redpandaConfigPart := "pandaproxy" -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `LISTENER=%s` (quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" ($values.listeners.http.port | int) )))) (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[0] "$LISTENER"` $redpandaConfigPart $listenerAdvertisedName))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.listeners.http.external) ))) "r") | int) (0 | int)) -}} +{{- $externalCounter := (0 | int) -}} +{{- range $externalName, $externalVals := $values.listeners.http.external -}} +{{- $externalCounter = ((add $externalCounter (1 | int)) | int) -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `ADVERTISED_%s_ADDRESSES=()` (upper $listenerName)))) -}} +{{- range $_, $replicaIndex := (until (($values.statefulset.replicas | int) | int)) -}} +{{- $port := ($externalVals.port | int) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $externalVals.advertisedPorts) ))) "r") | int) (1 | int)) -}} +{{- $port = (index $externalVals.advertisedPorts (0 | int)) -}} +{{- else -}} +{{- $port = (index $externalVals.advertisedPorts $replicaIndex) -}} +{{- end -}} +{{- end -}} +{{- $host := (get (fromJson (include "redpanda.advertisedHostJSON" (dict "a" (list $dot $externalName $port $replicaIndex) ))) "r") -}} +{{- $address := (toJson $host) -}} +{{- $prefixTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $externalVals.prefixTemplate "") ))) "r") -}} +{{- if (eq $prefixTemplate "") -}} +{{- $prefixTemplate = (default "" $values.external.prefixTemplate) -}} +{{- end -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `PREFIX_TEMPLATE=%s` (quote $prefixTemplate)) (printf `ADVERTISED_%s_ADDRESSES+=(%s)` (upper $listenerName) (quote $address)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $snippet = (concat (default (list ) $snippet) (list `` (printf `rpk redpanda config --config "$CONFIG" set %s.advertised_%s_api[%d] "${ADVERTISED_%s_ADDRESSES[$POD_ORDINAL]}"` $redpandaConfigPart $listenerAdvertisedName $externalCounter (upper $listenerName)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $snippet) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.adminTLSCurlFlags" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" "") | toJson -}} +{{- break -}} +{{- end -}} +{{- if $values.listeners.admin.tls.requireClientAuth -}} +{{- $path := (printf "%s/%s-client" "/etc/tls/certs" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "--cacert %s/ca.crt --cert %s/tls.crt --key %s/tls.key" $path $path $path)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $path := (get (fromJson (include "redpanda.InternalTLS.ServerCAPath" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "--cacert %s" $path)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.externalAdvertiseAddress" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $eaa := "${SERVICE_NAME}" -}} +{{- $externalDomainTemplate := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") -}} +{{- $expanded := (tpl $externalDomainTemplate $dot) -}} +{{- if (not (empty $expanded)) -}} +{{- $eaa = (printf "%s.%s" "${SERVICE_NAME}" $expanded) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $eaa) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.advertisedHostJSON" -}} +{{- $dot := (index .a 0) -}} +{{- $externalName := (index .a 1) -}} +{{- $port := (index .a 2) -}} +{{- $replicaIndex := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $host := (dict "name" $externalName "address" (get (fromJson (include "redpanda.externalAdvertiseAddress" (dict "a" (list $dot) ))) "r") "port" $port ) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (0 | int)) -}} +{{- $address := "" -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (1 | int)) -}} +{{- $address = (index $values.external.addresses $replicaIndex) -}} +{{- else -}} +{{- $address = (index $values.external.addresses (0 | int)) -}} +{{- end -}} +{{- $domain_7 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r") -}} +{{- if (ne $domain_7 "") -}} +{{- $host = (dict "name" $externalName "address" (printf "%s.%s" $address (tpl $domain_7 $dot)) "port" $port ) -}} +{{- else -}} +{{- $host = (dict "name" $externalName "address" $address "port" $port ) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $host) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.adminInternalHTTPProtocol" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") -}} +{{- $_is_returning = true -}} +{{- (dict "r" "https") | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "http") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.adminInternalURL" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s://%s.%s.%s.svc.%s:%d" (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") `${SERVICE_NAME}` (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") $dot.Release.Namespace (trimSuffix "." $values.clusterDomain) ($values.listeners.admin.port | int))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_service.internal.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_service.internal.go.tpl new file mode 100644 index 000000000..0719ec5fa --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_service.internal.go.tpl @@ -0,0 +1,38 @@ +{{- /* Generated from "service_internal.go" */ -}} + +{{- define "redpanda.MonitoringEnabledLabel" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "monitoring.redpanda.com/enabled" (printf "%t" $values.monitoring.enabled) )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ServiceInternal" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $ports := (list ) -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "admin" "protocol" "TCP" "appProtocol" $values.listeners.admin.appProtocol "port" ($values.listeners.admin.port | int) "targetPort" ($values.listeners.admin.port | int) )))) -}} +{{- if $values.listeners.http.enabled -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "http" "protocol" "TCP" "port" ($values.listeners.http.port | int) "targetPort" ($values.listeners.http.port | int) )))) -}} +{{- end -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "kafka" "protocol" "TCP" "port" ($values.listeners.kafka.port | int) "targetPort" ($values.listeners.kafka.port | int) )))) -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "rpc" "protocol" "TCP" "port" ($values.listeners.rpc.port | int) "targetPort" ($values.listeners.rpc.port | int) )))) -}} +{{- if $values.listeners.schemaRegistry.enabled -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" "schemaregistry" "protocol" "TCP" "port" ($values.listeners.schemaRegistry.port | int) "targetPort" ($values.listeners.schemaRegistry.port | int) )))) -}} +{{- end -}} +{{- $annotations := (dict ) -}} +{{- if (ne (toJson $values.service) "null") -}} +{{- $annotations = $values.service.internal.annotations -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (merge (dict ) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.MonitoringEnabledLabel" (dict "a" (list $dot) ))) "r")) "annotations" $annotations )) "spec" (mustMergeOverwrite (dict ) (dict "type" "ClusterIP" "publishNotReadyAddresses" true "clusterIP" "None" "selector" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") "ports" $ports )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_service.loadbalancer.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_service.loadbalancer.go.tpl new file mode 100644 index 000000000..bb34c583e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_service.loadbalancer.go.tpl @@ -0,0 +1,105 @@ +{{- /* Generated from "service.loadbalancer.go" */ -}} + +{{- define "redpanda.LoadBalancerServices" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.external.enabled) (not $values.external.service.enabled)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (ne $values.external.type "LoadBalancer") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $externalDNS := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.externalDns (mustMergeOverwrite (dict "enabled" false ) (dict ))) ))) "r") -}} +{{- $labels := (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") -}} +{{- $_ := (set $labels "repdanda.com/type" "loadbalancer") -}} +{{- $selector := (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") -}} +{{- $services := (coalesce nil) -}} +{{- $replicas := ($values.statefulset.replicas | int) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) (($values.statefulset.replicas | int)|int) (1|int) -}} +{{- $podname := (printf "%s-%d" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") $i) -}} +{{- $annotations := (dict ) -}} +{{- range $k, $v := $values.external.annotations -}} +{{- $_ := (set $annotations $k $v) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if $externalDNS.enabled -}} +{{- $prefix := $podname -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (0 | int)) -}} +{{- if (eq ((get (fromJson (include "_shims.len" (dict "a" (list $values.external.addresses) ))) "r") | int) (1 | int)) -}} +{{- $prefix = (index $values.external.addresses (0 | int)) -}} +{{- else -}} +{{- $prefix = (index $values.external.addresses $i) -}} +{{- end -}} +{{- end -}} +{{- $address := (printf "%s.%s" $prefix (tpl $values.external.domain $dot)) -}} +{{- $_ := (set $annotations "external-dns.alpha.kubernetes.io/hostname" $address) -}} +{{- end -}} +{{- $podSelector := (dict ) -}} +{{- range $k, $v := $selector -}} +{{- $_ := (set $podSelector $k $v) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $podSelector "statefulset.kubernetes.io/pod-name" $podname) -}} +{{- $ports := (coalesce nil) -}} +{{- range $name, $listener := $values.listeners.admin.external -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($values.listeners.admin.port | int))) -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "admin-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $name, $listener := $values.listeners.kafka.external -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($listener.port | int))) -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "kafka-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $name, $listener := $values.listeners.http.external -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($listener.port | int))) -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "http-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $name, $listener := $values.listeners.schemaRegistry.external -}} +{{- if (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.enabled $values.external.enabled) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $fallbackPorts := (concat (default (list ) $listener.advertisedPorts) (list ($listener.port | int))) -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "schema-%s" $name) "protocol" "TCP" "targetPort" ($listener.port | int) "port" ((get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $listener.nodePort (index $fallbackPorts (0 | int))) ))) "r") | int) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $svc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "lb-%s" $podname) "namespace" $dot.Release.Namespace "labels" $labels "annotations" $annotations )) "spec" (mustMergeOverwrite (dict ) (dict "externalTrafficPolicy" "Local" "loadBalancerSourceRanges" $values.external.sourceRanges "ports" $ports "publishNotReadyAddresses" true "selector" $podSelector "sessionAffinity" "None" "type" "LoadBalancer" )) )) -}} +{{- $services = (concat (default (list ) $services) (list $svc)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $services) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_service.nodeport.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_service.nodeport.go.tpl new file mode 100644 index 000000000..bc199951d --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_service.nodeport.go.tpl @@ -0,0 +1,80 @@ +{{- /* Generated from "service.nodeport.go" */ -}} + +{{- define "redpanda.NodePortService" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.external.enabled) (not $values.external.service.enabled)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (ne $values.external.type "NodePort") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $ports := (coalesce nil) -}} +{{- range $name, $listener := $values.listeners.admin.external -}} +{{- if (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $nodePort := ($listener.port | int) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} +{{- end -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "admin-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $name, $listener := $values.listeners.kafka.external -}} +{{- if (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $nodePort := ($listener.port | int) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} +{{- end -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "kafka-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $name, $listener := $values.listeners.http.external -}} +{{- if (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $nodePort := ($listener.port | int) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} +{{- end -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "http-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $name, $listener := $values.listeners.schemaRegistry.external -}} +{{- if (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $listener) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $nodePort := ($listener.port | int) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $listener.advertisedPorts) ))) "r") | int) (0 | int)) -}} +{{- $nodePort = (index $listener.advertisedPorts (0 | int)) -}} +{{- end -}} +{{- $ports = (concat (default (list ) $ports) (list (mustMergeOverwrite (dict "port" 0 "targetPort" 0 ) (dict "name" (printf "schema-%s" $name) "protocol" "TCP" "port" ($listener.port | int) "nodePort" $nodePort )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $annotations := $values.external.annotations -}} +{{- if (eq (toJson $annotations) "null") -}} +{{- $annotations = (dict ) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict ) "status" (dict "loadBalancer" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "Service" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (printf "%s-external" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r")) "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $annotations )) "spec" (mustMergeOverwrite (dict ) (dict "externalTrafficPolicy" "Local" "ports" $ports "publishNotReadyAddresses" true "selector" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") "sessionAffinity" "None" "type" "NodePort" )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_serviceaccount.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_serviceaccount.go.tpl new file mode 100644 index 000000000..82ec5be75 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_serviceaccount.go.tpl @@ -0,0 +1,18 @@ +{{- /* Generated from "serviceaccount.go" */ -}} + +{{- define "redpanda.ServiceAccount" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.serviceAccount.create) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "v1" "kind" "ServiceAccount" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") "annotations" $values.serviceAccount.annotations )) "automountServiceAccountToken" $values.serviceAccount.automountServiceAccountToken ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_servicemonitor.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_servicemonitor.go.tpl new file mode 100644 index 000000000..7f5a62130 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_servicemonitor.go.tpl @@ -0,0 +1,26 @@ +{{- /* Generated from "servicemonitor.go" */ -}} + +{{- define "redpanda.ServiceMonitor" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.monitoring.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $endpoint := (mustMergeOverwrite (dict ) (dict "interval" $values.monitoring.scrapeInterval "path" "/public_metrics" "port" "admin" "enableHttp2" $values.monitoring.enableHttp2 "scheme" "http" )) -}} +{{- if (or (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $values.listeners.admin.tls $values.tls) ))) "r") (ne (toJson $values.monitoring.tlsConfig) "null")) -}} +{{- $_ := (set $endpoint "scheme" "https") -}} +{{- $_ := (set $endpoint "tlsConfig" $values.monitoring.tlsConfig) -}} +{{- if (eq (toJson $endpoint.tlsConfig) "null") -}} +{{- $_ := (set $endpoint "tlsConfig" (mustMergeOverwrite (dict "ca" (dict ) "cert" (dict ) ) (mustMergeOverwrite (dict "ca" (dict ) "cert" (dict ) ) (dict "insecureSkipVerify" true )) (dict ))) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "endpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "monitoring.coreos.com/v1" "kind" "ServiceMonitor" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (merge (dict ) (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") $values.monitoring.labels) )) "spec" (mustMergeOverwrite (dict "endpoints" (coalesce nil) "selector" (dict ) "namespaceSelector" (dict ) ) (dict "endpoints" (list $endpoint) "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (dict "monitoring.redpanda.com/enabled" "true" "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "app.kubernetes.io/instance" $dot.Release.Name ) )) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_shims.tpl b/charts/redpanda/redpanda/5.9.12/templates/_shims.tpl new file mode 100644 index 000000000..c16b6d178 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_shims.tpl @@ -0,0 +1,339 @@ +{{- /* Generated from "bootstrap.go" */ -}} + +{{- define "_shims.typetest" -}} +{{- $typ := (index .a 0) -}} +{{- $value := (index .a 1) -}} +{{- $zero := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs $typ $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $zero false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.typeassertion" -}} +{{- $typ := (index .a 0) -}} +{{- $value := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not (typeIs $typ $value)) -}} +{{- $_ := (fail (printf "expected type of %q got: %T" $typ $value)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.dicttest" -}} +{{- $m := (index .a 0) -}} +{{- $key := (index .a 1) -}} +{{- $zero := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (hasKey $m $key) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (index $m $key) true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $zero false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.compact" -}} +{{- $args := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $out := (dict ) -}} +{{- range $i, $e := $args -}} +{{- $_ := (set $out (printf "T%d" ((add (1 | int) $i) | int)) $e) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $out) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.deref" -}} +{{- $ptr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $ptr) "null") -}} +{{- $_ := (fail "nil dereference") -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ptr) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.len" -}} +{{- $m := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $m) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (0 | int)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (len $m)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.ptr_Deref" -}} +{{- $ptr := (index .a 0) -}} +{{- $def := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $ptr) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ptr) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $def) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.ptr_Equal" -}} +{{- $a := (index .a 0) -}} +{{- $b := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (and (eq (toJson $a) "null") (eq (toJson $b) "null")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (eq $a $b)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.lookup" -}} +{{- $apiVersion := (index .a 0) -}} +{{- $kind := (index .a 1) -}} +{{- $namespace := (index .a 2) -}} +{{- $name := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (lookup $apiVersion $kind $namespace $name) -}} +{{- if (empty $result) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (coalesce nil) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $result true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.asnumeric" -}} +{{- $value := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs "float64" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (typeIs "int64" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (typeIs "int" $value) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (0 | int) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.asintegral" -}} +{{- $value := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (or (typeIs "int64" $value) (typeIs "int" $value)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (and (typeIs "float64" $value) (eq (floor $value) $value)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $value true)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (0 | int) false)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.parseResource" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (typeIs "float64" $repr) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (float64 $repr) 1.0)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (not (typeIs "string" $repr)) -}} +{{- $_ := (fail (printf "invalid Quantity expected string or float64 got: %T (%v)" $repr $repr)) -}} +{{- end -}} +{{- if (not (regexMatch `^[0-9]+(\.[0-9]{0,6})?(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$` $repr)) -}} +{{- $_ := (fail (printf "invalid Quantity: %q" $repr)) -}} +{{- end -}} +{{- $reprStr := (toString $repr) -}} +{{- $unit := (regexFind "(k|m|M|G|T|P|Ki|Mi|Gi|Ti|Pi)$" $repr) -}} +{{- $numeric := (float64 (substr (0 | int) ((sub ((get (fromJson (include "_shims.len" (dict "a" (list $reprStr) ))) "r") | int) ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int)) | int) $reprStr)) -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list (dict "" 1.0 "m" 0.001 "k" (1000 | int) "M" (1000000 | int) "G" (1000000000 | int) "T" (1000000000000 | int) "P" (1000000000000000 | int) "Ki" (1024 | int) "Mi" (1048576 | int) "Gi" (1073741824 | int) "Ti" (1099511627776 | int) "Pi" (1125899906842624 | int) ) $unit (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_1.T2 -}} +{{- $scale := ($tmp_tuple_1.T1 | float64) -}} +{{- if (not $ok) -}} +{{- $_ := (fail (printf "unknown unit: %q" $unit)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $numeric $scale)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_MustParse" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_2.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_2.T1 | float64) -}} +{{- $strs := (list "" "m" "k" "M" "G" "T" "P" "Ki" "Mi" "Gi" "Ti" "Pi") -}} +{{- $scales := (list 1.0 0.001 (1000 | int) (1000000 | int) (1000000000 | int) (1000000000000 | int) (1000000000000000 | int) (1024 | int) (1048576 | int) (1073741824 | int) (1099511627776 | int) (1125899906842624 | int)) -}} +{{- $idx := -1 -}} +{{- range $i, $s := $scales -}} +{{- if (eq ($s | float64) ($scale | float64)) -}} +{{- $idx = $i -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (eq $idx -1) -}} +{{- $_ := (fail (printf "unknown scale: %v" $scale)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s%s" (toString $numeric) (index $strs $idx))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_Value" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_3.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_3.T1 | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (int64 (ceil ((mulf $numeric $scale) | float64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.resource_MilliValue" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.parseResource" (dict "a" (list $repr) ))) "r")) ))) "r") -}} +{{- $scale := ($tmp_tuple_4.T2 | float64) -}} +{{- $numeric := ($tmp_tuple_4.T1 | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (int64 (ceil ((mulf ((mulf $numeric 1000.0) | float64) $scale) | float64)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.time_ParseDuration" -}} +{{- $repr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $unitMap := (dict "s" (1000000000 | int64) "m" (60000000000 | int64) "h" (3600000000000 | int64) ) -}} +{{- $original := $repr -}} +{{- $value := ((0 | int64) | int64) -}} +{{- if (eq $repr "") -}} +{{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} +{{- end -}} +{{- if (eq $repr "0") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (0 | int64)) | toJson -}} +{{- break -}} +{{- end -}} +{{- range $_, $_ := (list (0 | int) (0 | int) (0 | int)) -}} +{{- if (eq $repr "") -}} +{{- break -}} +{{- end -}} +{{- $n := (regexFind `^\d+` $repr) -}} +{{- if (eq $n "") -}} +{{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} +{{- end -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $n) ))) "r") | int) -1 $repr) -}} +{{- $unit := (regexFind `^(h|m|s)` $repr) -}} +{{- if (eq $unit "") -}} +{{- $_ := (fail (printf "invalid Duration: %q" $original)) -}} +{{- end -}} +{{- $repr = (substr ((get (fromJson (include "_shims.len" (dict "a" (list $unit) ))) "r") | int) -1 $repr) -}} +{{- $value = ((add $value (((mul (int64 $n) (index $unitMap $unit)) | int64))) | int64) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.time_Duration_String" -}} +{{- $dur := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (duration ((div $dur (1000000000 | int64)) | int64))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "_shims.render-manifest" -}} +{{- $tpl := (index . 0) -}} +{{- $dot := (index . 1) -}} +{{- $manifests := (get ((include $tpl (dict "a" (list $dot))) | fromJson) "r") -}} +{{- if not (typeIs "[]interface {}" $manifests) -}} +{{- $manifests = (list $manifests) -}} +{{- end -}} +{{- range $_, $manifest := $manifests -}} +{{- if ne (toJson $manifest) "null" }} +--- +{{toYaml (unset (unset $manifest "status") "creationTimestamp")}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/templates/_statefulset.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_statefulset.go.tpl new file mode 100644 index 000000000..6c1f9bbaf --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_statefulset.go.tpl @@ -0,0 +1,777 @@ +{{- /* Generated from "statefulset.go" */ -}} + +{{- define "redpanda.statefulSetRedpandaEnv" -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "SERVICE_NAME" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "metadata.name" )) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "POD_IP" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "status.podIP" )) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "HOST_IP" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "status.hostIP" )) )) )))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetPodLabelsSelector" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if $dot.Release.IsUpgrade -}} +{{- $tmp_tuple_1 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.lookup" (dict "a" (list "apps/v1" "StatefulSet" $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")) ))) "r") -}} +{{- $ok_2 := $tmp_tuple_1.T2 -}} +{{- $existing_1 := $tmp_tuple_1.T1 -}} +{{- if (and $ok_2 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $existing_1.spec.selector.matchLabels) ))) "r") | int) (0 | int))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $existing_1.spec.selector.matchLabels) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $values := $dot.Values.AsMap -}} +{{- $additionalSelectorLabels := (dict ) -}} +{{- if (ne (toJson $values.statefulset.additionalSelectorLabels) "null") -}} +{{- $additionalSelectorLabels = $values.statefulset.additionalSelectorLabels -}} +{{- end -}} +{{- $component := (printf "%s-statefulset" (trimSuffix "-" (trunc (51 | int) (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r")))) -}} +{{- $defaults := (dict "app.kubernetes.io/component" $component "app.kubernetes.io/instance" $dot.Release.Name "app.kubernetes.io/name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $additionalSelectorLabels $defaults)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetPodLabels" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if $dot.Release.IsUpgrade -}} +{{- $tmp_tuple_2 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.lookup" (dict "a" (list "apps/v1" "StatefulSet" $dot.Release.Namespace (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")) ))) "r") -}} +{{- $ok_4 := $tmp_tuple_2.T2 -}} +{{- $existing_3 := $tmp_tuple_2.T1 -}} +{{- if (and $ok_4 (gt ((get (fromJson (include "_shims.len" (dict "a" (list $existing_3.spec.template.metadata.labels) ))) "r") | int) (0 | int))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $existing_3.spec.template.metadata.labels) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} +{{- $values := $dot.Values.AsMap -}} +{{- $statefulSetLabels := (dict ) -}} +{{- if (ne (toJson $values.statefulset.podTemplate.labels) "null") -}} +{{- $statefulSetLabels = $values.statefulset.podTemplate.labels -}} +{{- end -}} +{{- $defaults := (dict "redpanda.com/poddisruptionbudget" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") ) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $statefulSetLabels (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") $defaults (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetPodAnnotations" -}} +{{- $dot := (index .a 0) -}} +{{- $configMapChecksum := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $configMapChecksumAnnotation := (dict "config.redpanda.com/checksum" $configMapChecksum ) -}} +{{- if (ne (toJson $values.statefulset.podTemplate.annotations) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $values.statefulset.podTemplate.annotations $configMapChecksumAnnotation)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (merge (dict ) $values.statefulset.annotations $configMapChecksumAnnotation)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetVolumes" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $fullname := (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") -}} +{{- $volumes := (get (fromJson (include "redpanda.CommonVolumes" (dict "a" (list $dot) ))) "r") -}} +{{- $values := $dot.Values.AsMap -}} +{{- $volumes = (concat (default (list ) $volumes) (default (list ) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%.50s-sts-lifecycle" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" "lifecycle-scripts" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $fullname )) (dict )) )) (dict "name" "base-config" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) (dict "name" "config" )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%.51s-configurator" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" (printf "%.51s-configurator" $fullname) )) (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%s-config-watcher" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" (printf "%s-config-watcher" $fullname) ))))) -}} +{{- if $values.statefulset.initContainers.fsValidator.enabled -}} +{{- $volumes = (concat (default (list ) $volumes) (list (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (dict "secretName" (printf "%.49s-fs-validator" $fullname) "defaultMode" (0o775 | int) )) )) (dict "name" (printf "%.49s-fs-validator" $fullname) )))) -}} +{{- end -}} +{{- $vol_5 := (get (fromJson (include "redpanda.Listeners.TrustStoreVolume" (dict "a" (list $values.listeners $values.tls) ))) "r") -}} +{{- if (ne (toJson $vol_5) "null") -}} +{{- $volumes = (concat (default (list ) $volumes) (list $vol_5)) -}} +{{- end -}} +{{- $volumes = (concat (default (list ) $volumes) (default (list ) (get (fromJson (include "redpanda.templateToVolumes" (dict "a" (list $dot $values.statefulset.extraVolumes) ))) "r"))) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (get (fromJson (include "redpanda.statefulSetVolumeDataDir" (dict "a" (list $dot) ))) "r"))) -}} +{{- $v_6 := (get (fromJson (include "redpanda.statefulSetVolumeTieredStorageDir" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $v_6) "null") -}} +{{- $volumes = (concat (default (list ) $volumes) (list $v_6)) -}} +{{- end -}} +{{- if (and (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.automountServiceAccountToken false) ))) "r")) ((or ((and (and $values.rbac.enabled $values.statefulset.sideCars.controllers.enabled) $values.statefulset.sideCars.controllers.createRBAC)) $values.rackAwareness.enabled))) -}} +{{- $foundK8STokenVolume := false -}} +{{- range $_, $v := $volumes -}} +{{- if (hasPrefix $v.name (printf "%s%s" "kube-api-access" "-")) -}} +{{- $foundK8STokenVolume = true -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (not $foundK8STokenVolume) -}} +{{- $volumes = (concat (default (list ) $volumes) (list (get (fromJson (include "redpanda.kubeTokenAPIVolume" (dict "a" (list "kube-api-access") ))) "r"))) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $volumes) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.kubeTokenAPIVolume" -}} +{{- $name := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil) ) (dict "defaultMode" (420 | int) "sources" (list (mustMergeOverwrite (dict ) (dict "serviceAccountToken" (mustMergeOverwrite (dict "path" "" ) (dict "path" "token" "expirationSeconds" ((3607 | int) | int64) )) )) (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" "kube-root-ca.crt" )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" "ca.crt" "path" "ca.crt" ))) )) )) (mustMergeOverwrite (dict ) (dict "downwardAPI" (mustMergeOverwrite (dict ) (dict "items" (list (mustMergeOverwrite (dict "path" "" ) (dict "path" "namespace" "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "apiVersion" "v1" "fieldPath" "metadata.namespace" )) ))) )) ))) )) )) (dict "name" $name ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetVolumeDataDir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $datadirSource := (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict )) )) -}} +{{- if $values.storage.persistentVolume.enabled -}} +{{- $datadirSource = (mustMergeOverwrite (dict ) (dict "persistentVolumeClaim" (mustMergeOverwrite (dict "claimName" "" ) (dict "claimName" "datadir" )) )) -}} +{{- else -}}{{- if (ne $values.storage.hostPath "") -}} +{{- $datadirSource = (mustMergeOverwrite (dict ) (dict "hostPath" (mustMergeOverwrite (dict "path" "" ) (dict "path" $values.storage.hostPath )) )) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) $datadirSource (dict "name" "datadir" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetVolumeTieredStorageDir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $tieredType := (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") -}} +{{- if (or (eq $tieredType "none") (eq $tieredType "persistentVolume")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (eq $tieredType "hostPath") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "hostPath" (mustMergeOverwrite (dict "path" "" ) (dict "path" (get (fromJson (include "redpanda.Storage.GetTieredStorageHostPath" (dict "a" (list $values.storage) ))) "r") )) )) (dict "name" "tiered-storage-dir" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "emptyDir" (mustMergeOverwrite (dict ) (dict "sizeLimit" (get (fromJson (include "redpanda.TieredStorageConfig.CloudStorageCacheSize" (dict "a" (list (deepCopy (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r"))) ))) "r") )) )) (dict "name" "tiered-storage-dir" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetVolumeMounts" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} +{{- $values := $dot.Values.AsMap -}} +{{- $mounts = (concat (default (list ) $mounts) (default (list ) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/etc/redpanda" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "lifecycle-scripts" "mountPath" "/var/lifecycle" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data" ))))) -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $values.listeners $values.tls) ))) "r")) ))) "r") | int) (0 | int)) -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "truststores" "mountPath" "/etc/truststores" "readOnly" true )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $mounts) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetInitContainers" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $containers := (coalesce nil) -}} +{{- $c_7 := (get (fromJson (include "redpanda.statefulSetInitContainerTuning" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $c_7) "null") -}} +{{- $containers = (concat (default (list ) $containers) (list $c_7)) -}} +{{- end -}} +{{- $c_8 := (get (fromJson (include "redpanda.statefulSetInitContainerSetDataDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $c_8) "null") -}} +{{- $containers = (concat (default (list ) $containers) (list $c_8)) -}} +{{- end -}} +{{- $c_9 := (get (fromJson (include "redpanda.statefulSetInitContainerFSValidator" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $c_9) "null") -}} +{{- $containers = (concat (default (list ) $containers) (list $c_9)) -}} +{{- end -}} +{{- $c_10 := (get (fromJson (include "redpanda.statefulSetInitContainerSetTieredStorageCacheDirOwnership" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $c_10) "null") -}} +{{- $containers = (concat (default (list ) $containers) (list $c_10)) -}} +{{- end -}} +{{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.statefulSetInitContainerConfigurator" (dict "a" (list $dot) ))) "r"))) -}} +{{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.bootstrapYamlTemplater" (dict "a" (list $dot) ))) "r"))) -}} +{{- $containers = (concat (default (list ) $containers) (default (list ) (get (fromJson (include "redpanda.templateToContainers" (dict "a" (list $dot $values.statefulset.initContainers.extraInitContainers) ))) "r"))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $containers) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetInitContainerTuning" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.tuning.tune_aio_events) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "tuning" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/bash` `-c` `rpk redpanda tune all`) "securityContext" (mustMergeOverwrite (dict ) (dict "capabilities" (mustMergeOverwrite (dict ) (dict "add" (list `SYS_RESOURCE`) )) "privileged" true "runAsUser" ((0 | int64) | int64) "runAsGroup" ((0 | int64) | int64) )) "volumeMounts" (concat (default (list ) (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.initContainers.tuning.extraVolumeMounts) ))) "r")))) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/etc/redpanda" )))) "resources" $values.statefulset.initContainers.tuning.resources ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetInitContainerSetDataDirOwnership" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.statefulset.initContainers.setDataDirOwnership.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-datadir-ownership") ))) "r")) ))) "r") -}} +{{- $gid := ($tmp_tuple_3.T2 | int64) -}} +{{- $uid := ($tmp_tuple_3.T1 | int64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "set-datadir-ownership" "image" (printf "%s:%s" $values.statefulset.initContainerImage.repository $values.statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `chown %d:%d -R /var/lib/redpanda/data` $uid $gid)) "volumeMounts" (concat (default (list ) (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.initContainers.setDataDirOwnership.extraVolumeMounts) ))) "r")))) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data` )))) "resources" $values.statefulset.initContainers.setDataDirOwnership.resources ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.securityContextUidGid" -}} +{{- $dot := (index .a 0) -}} +{{- $containerName := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $uid := $values.statefulset.securityContext.runAsUser -}} +{{- if (and (ne (toJson $values.statefulset.podSecurityContext) "null") (ne (toJson $values.statefulset.podSecurityContext.runAsUser) "null")) -}} +{{- $uid = $values.statefulset.podSecurityContext.runAsUser -}} +{{- end -}} +{{- if (eq (toJson $uid) "null") -}} +{{- $_ := (fail (printf `%s container requires runAsUser to be specified` $containerName)) -}} +{{- end -}} +{{- $gid := $values.statefulset.securityContext.fsGroup -}} +{{- if (and (ne (toJson $values.statefulset.podSecurityContext) "null") (ne (toJson $values.statefulset.podSecurityContext.fsGroup) "null")) -}} +{{- $gid = $values.statefulset.podSecurityContext.fsGroup -}} +{{- end -}} +{{- if (eq (toJson $gid) "null") -}} +{{- $_ := (fail (printf `%s container requires fsGroup to be specified` $containerName)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list $uid $gid)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetInitContainerFSValidator" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.statefulset.initContainers.fsValidator.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "fs-validator" "image" (printf "%s:%s" $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/sh`) "args" (list `-c` (printf `trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh %s & wait $!` $values.statefulset.initContainers.fsValidator.expectedFS)) "securityContext" (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r") "volumeMounts" (concat (default (list ) (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.initContainers.fsValidator.extraVolumeMounts) ))) "r")))) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf `%.49s-fs-validator` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" `/etc/secrets/fs-validator/scripts/` )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" `datadir` "mountPath" `/var/lib/redpanda/data` )))) "resources" $values.statefulset.initContainers.fsValidator.resources ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetInitContainerSetTieredStorageCacheDirOwnership" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "redpanda.securityContextUidGid" (dict "a" (list $dot "set-tiered-storage-cache-dir-ownership") ))) "r")) ))) "r") -}} +{{- $gid := ($tmp_tuple_4.T2 | int64) -}} +{{- $uid := ($tmp_tuple_4.T1 | int64) -}} +{{- $cacheDir := (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot) ))) "r") -}} +{{- $mounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "datadir" "mountPath" "/var/lib/redpanda/data" )))) -}} +{{- if (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "none") -}} +{{- $name := "tiered-storage-dir" -}} +{{- if (and (ne (toJson $values.storage.persistentVolume) "null") (ne $values.storage.persistentVolume.nameOverwrite "")) -}} +{{- $name = $values.storage.persistentVolume.nameOverwrite -}} +{{- end -}} +{{- $mounts = (concat (default (list ) $mounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $name "mountPath" $cacheDir )))) -}} +{{- end -}} +{{- $mounts = (concat (default (list ) $mounts) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.initContainers.setTieredStorageCacheDirOwnership.extraVolumeMounts) ))) "r"))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" `set-tiered-storage-cache-dir-ownership` "image" (printf `%s:%s` $values.statefulset.initContainerImage.repository $values.statefulset.initContainerImage.tag) "command" (list `/bin/sh` `-c` (printf `mkdir -p %s; chown %d:%d -R %s` $cacheDir $uid $gid $cacheDir)) "volumeMounts" $mounts "resources" $values.statefulset.initContainers.setTieredStorageCacheDirOwnership.resources ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetInitContainerConfigurator" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $volMounts := (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r") -}} +{{- $volMounts = (concat (default (list ) $volMounts) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.initContainers.configurator.extraVolumeMounts) ))) "r"))) -}} +{{- $volMounts = (concat (default (list ) $volMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/etc/redpanda" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "base-config" "mountPath" "/tmp/base-config" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf `%.51s-configurator` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" "/etc/secrets/configurator/scripts/" )))) -}} +{{- if (and (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.automountServiceAccountToken false) ))) "r")) $values.rackAwareness.enabled) -}} +{{- $mountName := "kube-api-access" -}} +{{- range $_, $vol := (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") -}} +{{- if (hasPrefix $vol.name (printf "%s%s" "kube-api-access" "-")) -}} +{{- $mountName = $vol.name -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $volMounts = (concat (default (list ) $volMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $mountName "readOnly" true "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" (printf `%.51s-configurator` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r")) "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/bash` `-c` `trap "exit 0" TERM; exec $CONFIGURATOR_SCRIPT "${SERVICE_NAME}" "${KUBERNETES_NODE_NAME}" & wait $!`) "env" (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "CONFIGURATOR_SCRIPT" "value" "/etc/secrets/configurator/scripts/configurator.sh" )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "SERVICE_NAME" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "metadata.name" )) "resourceFieldRef" (coalesce nil) "configMapKeyRef" (coalesce nil) "secretKeyRef" (coalesce nil) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "KUBERNETES_NODE_NAME" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "fieldPath" "spec.nodeName" )) )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "HOST_IP_ADDRESS" "valueFrom" (mustMergeOverwrite (dict ) (dict "fieldRef" (mustMergeOverwrite (dict "fieldPath" "" ) (dict "apiVersion" "v1" "fieldPath" "status.hostIP" )) )) )))) ))) "r") "securityContext" (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r") "volumeMounts" $volMounts "resources" $values.statefulset.initContainers.configurator.resources ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSetContainers" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $containers := (coalesce nil) -}} +{{- $containers = (concat (default (list ) $containers) (list (get (fromJson (include "redpanda.statefulSetContainerRedpanda" (dict "a" (list $dot) ))) "r"))) -}} +{{- $c_11 := (get (fromJson (include "redpanda.statefulSetContainerConfigWatcher" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $c_11) "null") -}} +{{- $containers = (concat (default (list ) $containers) (list $c_11)) -}} +{{- end -}} +{{- $c_12 := (get (fromJson (include "redpanda.statefulSetContainerControllers" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $c_12) "null") -}} +{{- $containers = (concat (default (list ) $containers) (list $c_12)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $containers) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.wrapLifecycleHook" -}} +{{- $hook := (index .a 0) -}} +{{- $timeoutSeconds := (index .a 1) -}} +{{- $cmd := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $wrapped := (join " " $cmd) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list "bash" "-c" (printf "timeout -v %d %s 2>&1 | sed \"s/^/lifecycle-hook %s $(date): /\" | tee /proc/1/fd/1; true" $timeoutSeconds $wrapped $hook))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetContainerRedpanda" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $internalAdvertiseAddress := (printf "%s.%s" "$(SERVICE_NAME)" (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r")) -}} +{{- $container := (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "env" (get (fromJson (include "redpanda.bootstrapEnvVars" (dict "a" (list $dot (get (fromJson (include "redpanda.statefulSetRedpandaEnv" (dict "a" (list ) ))) "r")) ))) "r") "lifecycle" (mustMergeOverwrite (dict ) (dict "postStart" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (get (fromJson (include "redpanda.wrapLifecycleHook" (dict "a" (list "post-start" ((div ($values.statefulset.terminationGracePeriodSeconds | int64) (2 | int64)) | int64) (list "bash" "-x" "/var/lifecycle/postStart.sh")) ))) "r") )) )) "preStop" (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (get (fromJson (include "redpanda.wrapLifecycleHook" (dict "a" (list "pre-stop" ((div ($values.statefulset.terminationGracePeriodSeconds | int64) (2 | int64)) | int64) (list "bash" "-x" "/var/lifecycle/preStop.sh")) ))) "r") )) )) )) "startupProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -e` (printf `RESULT=$(curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready")` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r")) `echo $RESULT` `echo $RESULT | grep ready` ``))) )) )) (dict "initialDelaySeconds" ($values.statefulset.startupProbe.initialDelaySeconds | int) "periodSeconds" ($values.statefulset.startupProbe.periodSeconds | int) "failureThreshold" ($values.statefulset.startupProbe.failureThreshold | int) )) "livenessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (printf `curl --silent --fail -k -m 5 %s "%s://%s/v1/status/ready"` (get (fromJson (include "redpanda.adminTLSCurlFlags" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminInternalHTTPProtocol" (dict "a" (list $dot) ))) "r") (get (fromJson (include "redpanda.adminApiURLs" (dict "a" (list $dot) ))) "r"))) )) )) (dict "initialDelaySeconds" ($values.statefulset.livenessProbe.initialDelaySeconds | int) "periodSeconds" ($values.statefulset.livenessProbe.periodSeconds | int) "failureThreshold" ($values.statefulset.livenessProbe.failureThreshold | int) )) "command" (list `rpk` `redpanda` `start` (printf `--advertise-rpc-addr=%s:%d` $internalAdvertiseAddress ($values.listeners.rpc.port | int))) "volumeMounts" (concat (default (list ) (get (fromJson (include "redpanda.StatefulSetVolumeMounts" (dict "a" (list $dot) ))) "r")) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.extraVolumeMounts) ))) "r"))) "securityContext" (get (fromJson (include "redpanda.ContainerSecurityContext" (dict "a" (list $dot) ))) "r") "resources" (mustMergeOverwrite (dict ) (dict )) )) -}} +{{- if (not (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" (dig `recovery_mode_enabled` false $values.config.node)) ))) "r")) -}} +{{- $_ := (set $container "readinessProbe" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "exec" (mustMergeOverwrite (dict ) (dict "command" (list `/bin/sh` `-c` (join "\n" (list `set -x` `RESULT=$(rpk cluster health)` `echo $RESULT` `echo $RESULT | grep 'Healthy:.*true'` ``))) )) )) (dict "initialDelaySeconds" ($values.statefulset.readinessProbe.initialDelaySeconds | int) "timeoutSeconds" ($values.statefulset.readinessProbe.timeoutSeconds | int) "periodSeconds" ($values.statefulset.readinessProbe.periodSeconds | int) "successThreshold" ($values.statefulset.readinessProbe.successThreshold | int) "failureThreshold" ($values.statefulset.readinessProbe.failureThreshold | int) ))) -}} +{{- end -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "admin" "containerPort" ($values.listeners.admin.port | int) ))))) -}} +{{- range $externalName, $external := $values.listeners.admin.external -}} +{{- if (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "admin-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "http" "containerPort" ($values.listeners.http.port | int) ))))) -}} +{{- range $externalName, $external := $values.listeners.http.external -}} +{{- if (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "http-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "kafka" "containerPort" ($values.listeners.kafka.port | int) ))))) -}} +{{- range $externalName, $external := $values.listeners.kafka.external -}} +{{- if (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "kafka-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "rpc" "containerPort" ($values.listeners.rpc.port | int) ))))) -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" "schemaregistry" "containerPort" ($values.listeners.schemaRegistry.port | int) ))))) -}} +{{- range $externalName, $external := $values.listeners.schemaRegistry.external -}} +{{- if (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $external) ))) "r") -}} +{{- $_ := (set $container "ports" (concat (default (list ) $container.ports) (list (mustMergeOverwrite (dict "containerPort" 0 ) (dict "name" (printf "schema-%.8s" (lower $externalName)) "containerPort" ($external.port | int) ))))) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "none")) -}} +{{- $name := "tiered-storage-dir" -}} +{{- if (and (ne (toJson $values.storage.persistentVolume) "null") (ne $values.storage.persistentVolume.nameOverwrite "")) -}} +{{- $name = $values.storage.persistentVolume.nameOverwrite -}} +{{- end -}} +{{- $_ := (set $container "volumeMounts" (concat (default (list ) $container.volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $name "mountPath" (get (fromJson (include "redpanda.Storage.TieredCacheDirectory" (dict "a" (list $values.storage $dot) ))) "r") ))))) -}} +{{- end -}} +{{- $_ := (set $container.resources "limits" (dict "cpu" $values.resources.cpu.cores "memory" $values.resources.memory.container.max )) -}} +{{- if (ne (toJson $values.resources.memory.container.min) "null") -}} +{{- $_ := (set $container.resources "requests" (dict "cpu" $values.resources.cpu.cores "memory" $values.resources.memory.container.min )) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $container) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.adminApiURLs" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf `${SERVICE_NAME}.%s:%d` (get (fromJson (include "redpanda.InternalDomain" (dict "a" (list $dot) ))) "r") ($values.listeners.admin.port | int))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetContainerConfigWatcher" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.statefulset.sideCars.configWatcher.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "config-watcher" "image" (printf `%s:%s` $values.image.repository (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r")) "command" (list `/bin/sh`) "args" (list `-c` `trap "exit 0" TERM; exec /etc/secrets/config-watcher/scripts/sasl-user.sh & wait $!`) "env" (get (fromJson (include "redpanda.rpkEnvVars" (dict "a" (list $dot (coalesce nil)) ))) "r") "resources" $values.statefulset.sideCars.configWatcher.resources "securityContext" $values.statefulset.sideCars.configWatcher.securityContext "volumeMounts" (concat (default (list ) (concat (default (list ) (get (fromJson (include "redpanda.CommonMounts" (dict "a" (list $dot) ))) "r")) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" "config" "mountPath" "/etc/redpanda" )) (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" (printf `%s-config-watcher` (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) "mountPath" "/etc/secrets/config-watcher/scripts" ))))) (default (list ) (get (fromJson (include "redpanda.templateToVolumeMounts" (dict "a" (list $dot $values.statefulset.sideCars.configWatcher.extraVolumeMounts) ))) "r"))) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetContainerControllers" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not $values.rbac.enabled) (not $values.statefulset.sideCars.controllers.enabled)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $volumeMounts := (list ) -}} +{{- if (and (and (and $values.rbac.enabled $values.statefulset.sideCars.controllers.enabled) $values.statefulset.sideCars.controllers.createRBAC) (not (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.serviceAccount.automountServiceAccountToken false) ))) "r"))) -}} +{{- $mountName := "kube-api-access" -}} +{{- range $_, $vol := (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") -}} +{{- if (hasPrefix $vol.name (printf "%s%s" "kube-api-access" "-")) -}} +{{- $mountName = $vol.name -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $volumeMounts = (concat (default (list ) $volumeMounts) (list (mustMergeOverwrite (dict "name" "" "mountPath" "" ) (dict "name" $mountName "readOnly" true "mountPath" "/var/run/secrets/kubernetes.io/serviceaccount" )))) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" "resources" (dict ) ) (dict "name" "redpanda-controllers" "image" (printf `%s:%s` $values.statefulset.sideCars.controllers.image.repository $values.statefulset.sideCars.controllers.image.tag) "command" (list `/manager`) "args" (list `--operator-mode=false` (printf `--namespace=%s` $dot.Release.Namespace) (printf `--health-probe-bind-address=%s` $values.statefulset.sideCars.controllers.healthProbeAddress) (printf `--metrics-bind-address=%s` $values.statefulset.sideCars.controllers.metricsAddress) (printf `--additional-controllers=%s` (join "," $values.statefulset.sideCars.controllers.run))) "env" (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_HELM_RELEASE_NAME" "value" $dot.Release.Name ))) "resources" $values.statefulset.sideCars.controllers.resources "securityContext" $values.statefulset.sideCars.controllers.securityContext "volumeMounts" $volumeMounts ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.rpkEnvVars" -}} +{{- $dot := (index .a 0) -}} +{{- $envVars := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (and (ne (toJson $values.auth.sasl) "null") $values.auth.sasl.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $envVars) (default (list ) (get (fromJson (include "redpanda.BootstrapUser.RpkEnvironment" (dict "a" (list $values.auth.sasl.bootstrapUser (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")))) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $envVars) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.bootstrapEnvVars" -}} +{{- $dot := (index .a 0) -}} +{{- $envVars := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (and (ne (toJson $values.auth.sasl) "null") $values.auth.sasl.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) $envVars) (default (list ) (get (fromJson (include "redpanda.BootstrapUser.BootstrapEnvironment" (dict "a" (list $values.auth.sasl.bootstrapUser (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r")) ))) "r")))) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $envVars) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.templateToVolumeMounts" -}} +{{- $dot := (index .a 0) -}} +{{- $template := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (tpl $template $dot) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (fromYamlArray $result)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.templateToVolumes" -}} +{{- $dot := (index .a 0) -}} +{{- $template := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (tpl $template $dot) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (fromYamlArray $result)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.templateToContainers" -}} +{{- $dot := (index .a 0) -}} +{{- $template := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (tpl $template $dot) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (fromYamlArray $result)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StatefulSet" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (and (not (get (fromJson (include "redpanda.RedpandaAtLeast_22_2_0" (dict "a" (list $dot) ))) "r")) (not $values.force)) -}} +{{- $sv := (get (fromJson (include "redpanda.semver" (dict "a" (list $dot) ))) "r") -}} +{{- $_ := (fail (printf "Error: The Redpanda version (%s) is no longer supported \nTo accept this risk, run the upgrade again adding `--force=true`\n" $sv)) -}} +{{- end -}} +{{- $ss := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "serviceName" "" "updateStrategy" (dict ) ) "status" (dict "replicas" 0 "availableReplicas" 0 ) ) (mustMergeOverwrite (dict ) (dict "apiVersion" "apps/v1" "kind" "StatefulSet" )) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (get (fromJson (include "redpanda.Fullname" (dict "a" (list $dot) ))) "r") "namespace" $dot.Release.Namespace "labels" (get (fromJson (include "redpanda.FullLabels" (dict "a" (list $dot) ))) "r") )) "spec" (mustMergeOverwrite (dict "selector" (coalesce nil) "template" (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) "serviceName" "" "updateStrategy" (dict ) ) (dict "selector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) "serviceName" (get (fromJson (include "redpanda.ServiceName" (dict "a" (list $dot) ))) "r") "replicas" ($values.statefulset.replicas | int) "updateStrategy" $values.statefulset.updateStrategy "podManagementPolicy" "Parallel" "template" (get (fromJson (include "redpanda.StrategicMergePatch" (dict "a" (list $values.statefulset.podTemplate (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "containers" (coalesce nil) ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "labels" (get (fromJson (include "redpanda.StatefulSetPodLabels" (dict "a" (list $dot) ))) "r") "annotations" (get (fromJson (include "redpanda.StatefulSetPodAnnotations" (dict "a" (list $dot (get (fromJson (include "redpanda.statefulSetChecksumAnnotation" (dict "a" (list $dot) ))) "r")) ))) "r") )) "spec" (mustMergeOverwrite (dict "containers" (coalesce nil) ) (dict "automountServiceAccountToken" false "terminationGracePeriodSeconds" ($values.statefulset.terminationGracePeriodSeconds | int64) "securityContext" (get (fromJson (include "redpanda.PodSecurityContext" (dict "a" (list $dot) ))) "r") "serviceAccountName" (get (fromJson (include "redpanda.ServiceAccountName" (dict "a" (list $dot) ))) "r") "imagePullSecrets" (default (coalesce nil) $values.imagePullSecrets) "initContainers" (get (fromJson (include "redpanda.StatefulSetInitContainers" (dict "a" (list $dot) ))) "r") "containers" (get (fromJson (include "redpanda.StatefulSetContainers" (dict "a" (list $dot) ))) "r") "volumes" (get (fromJson (include "redpanda.StatefulSetVolumes" (dict "a" (list $dot) ))) "r") "topologySpreadConstraints" (get (fromJson (include "redpanda.statefulSetTopologySpreadConstraints" (dict "a" (list $dot) ))) "r") "nodeSelector" (get (fromJson (include "redpanda.statefulSetNodeSelectors" (dict "a" (list $dot) ))) "r") "affinity" (get (fromJson (include "redpanda.statefulSetAffinity" (dict "a" (list $dot) ))) "r") "priorityClassName" $values.statefulset.priorityClassName "tolerations" (get (fromJson (include "redpanda.statefulSetTolerations" (dict "a" (list $dot) ))) "r") )) ))) ))) "r") "volumeClaimTemplates" (coalesce nil) )) )) -}} +{{- if (or $values.storage.persistentVolume.enabled ((and (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r") (eq (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "persistentVolume")))) -}} +{{- $t_13 := (get (fromJson (include "redpanda.volumeClaimTemplateDatadir" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $t_13) "null") -}} +{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list ) $ss.spec.volumeClaimTemplates) (list $t_13))) -}} +{{- end -}} +{{- $t_14 := (get (fromJson (include "redpanda.volumeClaimTemplateTieredStorageDir" (dict "a" (list $dot) ))) "r") -}} +{{- if (ne (toJson $t_14) "null") -}} +{{- $_ := (set $ss.spec "volumeClaimTemplates" (concat (default (list ) $ss.spec.volumeClaimTemplates) (list $t_14))) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $ss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.semver" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (trimPrefix "v" (get (fromJson (include "redpanda.Tag" (dict "a" (list $dot) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetChecksumAnnotation" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $dependencies := (coalesce nil) -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list (get (fromJson (include "redpanda.RedpandaConfigFile" (dict "a" (list $dot false) ))) "r"))) -}} +{{- if $values.external.enabled -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $values.external.domain "") ))) "r"))) -}} +{{- if (empty $values.external.addresses) -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list "")) -}} +{{- else -}} +{{- $dependencies = (concat (default (list ) $dependencies) (list $values.external.addresses)) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (sha256sum (toJson $dependencies))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetTolerations" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (default $values.tolerations $values.statefulset.tolerations)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetNodeSelectors" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (default $values.statefulset.nodeSelector $values.nodeSelector)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetAffinity" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $affinity := (mustMergeOverwrite (dict ) (dict )) -}} +{{- if (not (empty $values.statefulset.nodeAffinity)) -}} +{{- $_ := (set $affinity "nodeAffinity" $values.statefulset.nodeAffinity) -}} +{{- else -}}{{- if (not (empty $values.affinity.nodeAffinity)) -}} +{{- $_ := (set $affinity "nodeAffinity" $values.affinity.nodeAffinity) -}} +{{- end -}} +{{- end -}} +{{- if (not (empty $values.statefulset.podAffinity)) -}} +{{- $_ := (set $affinity "podAffinity" $values.statefulset.podAffinity) -}} +{{- else -}}{{- if (not (empty $values.affinity.podAffinity)) -}} +{{- $_ := (set $affinity "podAffinity" $values.affinity.podAffinity) -}} +{{- end -}} +{{- end -}} +{{- if (not (empty $values.statefulset.podAntiAffinity)) -}} +{{- $_ := (set $affinity "podAntiAffinity" (mustMergeOverwrite (dict ) (dict ))) -}} +{{- if (eq $values.statefulset.podAntiAffinity.type "hard") -}} +{{- $_ := (set $affinity.podAntiAffinity "requiredDuringSchedulingIgnoredDuringExecution" (list (mustMergeOverwrite (dict "topologyKey" "" ) (dict "topologyKey" $values.statefulset.podAntiAffinity.topologyKey "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) )))) -}} +{{- else -}}{{- if (eq $values.statefulset.podAntiAffinity.type "soft") -}} +{{- $_ := (set $affinity.podAntiAffinity "preferredDuringSchedulingIgnoredDuringExecution" (list (mustMergeOverwrite (dict "weight" 0 "podAffinityTerm" (dict "topologyKey" "" ) ) (dict "weight" ($values.statefulset.podAntiAffinity.weight | int) "podAffinityTerm" (mustMergeOverwrite (dict "topologyKey" "" ) (dict "topologyKey" $values.statefulset.podAntiAffinity.topologyKey "labelSelector" (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) )) )))) -}} +{{- else -}}{{- if (eq $values.statefulset.podAntiAffinity.type "custom") -}} +{{- $_ := (set $affinity "podAntiAffinity" $values.statefulset.podAntiAffinity.custom) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- else -}}{{- if (not (empty $values.affinity.podAntiAffinity)) -}} +{{- $_ := (set $affinity "podAntiAffinity" $values.affinity.podAntiAffinity) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $affinity) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.volumeClaimTemplateDatadir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (not $values.storage.persistentVolume.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "resources" (dict ) ) "status" (dict ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" "datadir" "labels" (merge (dict ) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) $values.storage.persistentVolume.labels $values.commonLabels) "annotations" (default (coalesce nil) $values.storage.persistentVolume.annotations) )) "spec" (mustMergeOverwrite (dict "resources" (dict ) ) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict ) (dict "requests" (dict "storage" $values.storage.persistentVolume.size ) )) )) )) -}} +{{- if (not (empty $values.storage.persistentVolume.storageClass)) -}} +{{- if (eq $values.storage.persistentVolume.storageClass "-") -}} +{{- $_ := (set $pvc.spec "storageClassName" "") -}} +{{- else -}} +{{- $_ := (set $pvc.spec "storageClassName" $values.storage.persistentVolume.storageClass) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $pvc) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.volumeClaimTemplateTieredStorageDir" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- if (or (not (get (fromJson (include "redpanda.Storage.IsTieredStorageEnabled" (dict "a" (list $values.storage) ))) "r")) (ne (get (fromJson (include "redpanda.Storage.TieredMountType" (dict "a" (list $values.storage) ))) "r") "persistentVolume")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $pvc := (mustMergeOverwrite (dict "metadata" (dict "creationTimestamp" (coalesce nil) ) "spec" (dict "resources" (dict ) ) "status" (dict ) ) (dict "metadata" (mustMergeOverwrite (dict "creationTimestamp" (coalesce nil) ) (dict "name" (default "tiered-storage-dir" $values.storage.persistentVolume.nameOverwrite) "labels" (merge (dict ) (dict `app.kubernetes.io/name` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") `app.kubernetes.io/instance` $dot.Release.Name `app.kubernetes.io/component` (get (fromJson (include "redpanda.Name" (dict "a" (list $dot) ))) "r") ) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeLabels" (dict "a" (list $values.storage) ))) "r") $values.commonLabels) "annotations" (default (coalesce nil) (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeAnnotations" (dict "a" (list $values.storage) ))) "r")) )) "spec" (mustMergeOverwrite (dict "resources" (dict ) ) (dict "accessModes" (list "ReadWriteOnce") "resources" (mustMergeOverwrite (dict ) (dict "requests" (dict "storage" (index (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") `cloud_storage_cache_size`) ) )) )) )) -}} +{{- $sc_15 := (get (fromJson (include "redpanda.Storage.TieredPersistentVolumeStorageClass" (dict "a" (list $values.storage) ))) "r") -}} +{{- if (eq $sc_15 "-") -}} +{{- $_ := (set $pvc.spec "storageClassName" "") -}} +{{- else -}}{{- if (not (empty $sc_15)) -}} +{{- $_ := (set $pvc.spec "storageClassName" $sc_15) -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $pvc) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.statefulSetTopologySpreadConstraints" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $result := (coalesce nil) -}} +{{- $labelSelector := (mustMergeOverwrite (dict ) (dict "matchLabels" (get (fromJson (include "redpanda.StatefulSetPodLabelsSelector" (dict "a" (list $dot) ))) "r") )) -}} +{{- range $_, $v := $values.statefulset.topologySpreadConstraints -}} +{{- $result = (concat (default (list ) $result) (list (mustMergeOverwrite (dict "maxSkew" 0 "topologyKey" "" "whenUnsatisfiable" "" ) (dict "maxSkew" ($v.maxSkew | int) "topologyKey" $v.topologyKey "whenUnsatisfiable" $v.whenUnsatisfiable "labelSelector" $labelSelector )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.StorageTieredConfig" -}} +{{- $dot := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/_values.go.tpl b/charts/redpanda/redpanda/5.9.12/templates/_values.go.tpl new file mode 100644 index 000000000..96b4d5068 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/_values.go.tpl @@ -0,0 +1,1370 @@ +{{- /* Generated from "values.go" */ -}} + +{{- define "redpanda.AuditLogging.Translate" -}} +{{- $a := (index .a 0) -}} +{{- $dot := (index .a 1) -}} +{{- $isSASLEnabled := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (dict ) -}} +{{- if (not (get (fromJson (include "redpanda.RedpandaAtLeast_23_3_0" (dict "a" (list $dot) ))) "r")) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- $enabled := (and $a.enabled $isSASLEnabled) -}} +{{- $_ := (set $result "audit_enabled" $enabled) -}} +{{- if (not $enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (ne (($a.clientMaxBufferSize | int) | int) (16777216 | int)) -}} +{{- $_ := (set $result "audit_client_max_buffer_size" ($a.clientMaxBufferSize | int)) -}} +{{- end -}} +{{- if (ne (($a.queueDrainIntervalMs | int) | int) (500 | int)) -}} +{{- $_ := (set $result "audit_queue_drain_interval_ms" ($a.queueDrainIntervalMs | int)) -}} +{{- end -}} +{{- if (ne (($a.queueMaxBufferSizePerShard | int) | int) (1048576 | int)) -}} +{{- $_ := (set $result "audit_queue_max_buffer_size_per_shard" ($a.queueMaxBufferSizePerShard | int)) -}} +{{- end -}} +{{- if (ne (($a.partitions | int) | int) (12 | int)) -}} +{{- $_ := (set $result "audit_log_num_partitions" ($a.partitions | int)) -}} +{{- end -}} +{{- if (ne ($a.replicationFactor | int) (0 | int)) -}} +{{- $_ := (set $result "audit_log_replication_factor" ($a.replicationFactor | int)) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.enabledEventTypes) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $result "audit_enabled_event_types" $a.enabledEventTypes) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.excludedTopics) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $result "audit_excluded_topics" $a.excludedTopics) -}} +{{- end -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $a.excludedPrincipals) ))) "r") | int) (0 | int)) -}} +{{- $_ := (set $result "audit_excluded_principals" $a.excludedPrincipals) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Auth.IsSASLEnabled" -}} +{{- $a := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $a.sasl) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" false) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $a.sasl.enabled) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Auth.Translate" -}} +{{- $a := (index .a 0) -}} +{{- $isSASLEnabled := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (not $isSASLEnabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $users := (list (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $a.sasl.bootstrapUser) ))) "r")) -}} +{{- range $_, $u := $a.sasl.users -}} +{{- $users = (concat (default (list ) $users) (list $u.name)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict "superusers" $users )) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Logging.Translate" -}} +{{- $l := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (dict ) -}} +{{- $clusterID_1 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.usageStats.clusterId "") ))) "r") -}} +{{- if (ne $clusterID_1 "") -}} +{{- $_ := (set $result "cluster_id" $clusterID_1) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.RedpandaResources.GetOverProvisionValue" -}} +{{- $rr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (lt ((get (fromJson (include "_shims.resource_MilliValue" (dict "a" (list $rr.cpu.cores) ))) "r") | int64) (1000 | int64)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" true) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $rr.cpu.overprovisioned false) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.IsTieredStorageEnabled" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $conf := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $s) ))) "r") -}} +{{- $tmp_tuple_3 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $conf "cloud_storage_enabled" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_3.T2 -}} +{{- $b := $tmp_tuple_3.T1 -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and $ok (get (fromJson (include "_shims.typeassertion" (dict "a" (list "bool" $b) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.GetTieredStorageConfig" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $s.tieredConfig) ))) "r") | int) (0 | int)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tieredConfig) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tiered.config) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.GetTieredStorageHostPath" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $hp := $s.tieredStorageHostPath -}} +{{- if (empty $hp) -}} +{{- $hp = $s.tiered.hostPath -}} +{{- end -}} +{{- if (empty $hp) -}} +{{- $_ := (fail (printf `storage.tiered.mountType is "%s" but storage.tiered.hostPath is empty` $s.tiered.mountType)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $hp) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredCacheDirectory" -}} +{{- $s := (index .a 0) -}} +{{- $dot := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $values := $dot.Values.AsMap -}} +{{- $tmp_tuple_4 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $values.config.node "cloud_storage_cache_directory") "") ))) "r")) ))) "r") -}} +{{- $ok_3 := $tmp_tuple_4.T2 -}} +{{- $dir_2 := $tmp_tuple_4.T1 -}} +{{- if $ok_3 -}} +{{- $_is_returning = true -}} +{{- (dict "r" $dir_2) | toJson -}} +{{- break -}} +{{- end -}} +{{- $tieredConfig := (get (fromJson (include "redpanda.Storage.GetTieredStorageConfig" (dict "a" (list $values.storage) ))) "r") -}} +{{- $tmp_tuple_5 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "string" (index $tieredConfig "cloud_storage_cache_directory") "") ))) "r")) ))) "r") -}} +{{- $ok_5 := $tmp_tuple_5.T2 -}} +{{- $dir_4 := $tmp_tuple_5.T1 -}} +{{- if $ok_5 -}} +{{- $_is_returning = true -}} +{{- (dict "r" $dir_4) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "/var/lib/redpanda/data/cloud_storage_cache") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredMountType" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (and (ne (toJson $s.tieredStoragePersistentVolume) "null") $s.tieredStoragePersistentVolume.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" "persistentVolume") | toJson -}} +{{- break -}} +{{- end -}} +{{- if (not (empty $s.tieredStorageHostPath)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" "hostPath") | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tiered.mountType) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredPersistentVolumeLabels" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $s.tieredStoragePersistentVolume) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tieredStoragePersistentVolume.labels) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tiered.persistentVolume.labels) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredPersistentVolumeAnnotations" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $s.tieredStoragePersistentVolume) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tieredStoragePersistentVolume.annotations) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tiered.persistentVolume.annotations) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.TieredPersistentVolumeStorageClass" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $s.tieredStoragePersistentVolume) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tieredStoragePersistentVolume.storageClass) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $s.tiered.persistentVolume.storageClass) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Storage.StorageMinFreeBytes" -}} +{{- $s := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (and (ne (toJson $s.persistentVolume) "null") (not $s.persistentVolume.enabled)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (5368709120 | int)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $minimumFreeBytes := ((mulf (((get (fromJson (include "_shims.resource_Value" (dict "a" (list $s.persistentVolume.size) ))) "r") | int64) | float64) 0.05) | float64) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (min (5368709120 | int) ($minimumFreeBytes | int64))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Tuning.Translate" -}} +{{- $t := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (dict ) -}} +{{- $s := (toJson $t) -}} +{{- $tune := (fromJson $s) -}} +{{- $tmp_tuple_7 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list (printf "map[%s]%s" "string" "interface {}") $tune (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_7.T2 -}} +{{- $m := $tmp_tuple_7.T1 -}} +{{- if (not $ok) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (dict )) | toJson -}} +{{- break -}} +{{- end -}} +{{- range $k, $v := $m -}} +{{- $_ := (set $result $k $v) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Listeners.CreateSeedServers" -}} +{{- $l := (index .a 0) -}} +{{- $replicas := (index .a 1) -}} +{{- $fullname := (index .a 2) -}} +{{- $internalDomain := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (coalesce nil) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} +{{- $result = (concat (default (list ) $result) (list (dict "host" (dict "address" (printf "%s-%d.%s" $fullname $i $internalDomain) "port" ($l.rpc.port | int) ) ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Listeners.AdminList" -}} +{{- $l := (index .a 0) -}} +{{- $replicas := (index .a 1) -}} +{{- $fullname := (index .a 2) -}} +{{- $internalDomain := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.ServerList" (dict "a" (list $replicas "" $fullname $internalDomain ($l.admin.port | int)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Listeners.SchemaRegistryList" -}} +{{- $l := (index .a 0) -}} +{{- $replicas := (index .a 1) -}} +{{- $fullname := (index .a 2) -}} +{{- $internalDomain := (index .a 3) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.ServerList" (dict "a" (list $replicas "" $fullname $internalDomain ($l.schemaRegistry.port | int)) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ServerList" -}} +{{- $replicas := (index .a 0) -}} +{{- $prefix := (index .a 1) -}} +{{- $fullname := (index .a 2) -}} +{{- $internalDomain := (index .a 3) -}} +{{- $port := (index .a 4) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (coalesce nil) -}} +{{- range $_, $i := untilStep (((0 | int) | int)|int) ($replicas|int) (1|int) -}} +{{- $result = (concat (default (list ) $result) (list (printf "%s%s-%d.%s:%d" $prefix $fullname $i $internalDomain ($port | int)))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Listeners.TrustStoreVolume" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $cmSources := (dict ) -}} +{{- $secretSources := (dict ) -}} +{{- range $_, $ts := (get (fromJson (include "redpanda.Listeners.TrustStores" (dict "a" (list $l $tls) ))) "r") -}} +{{- $projection := (get (fromJson (include "redpanda.TrustStore.VolumeProjection" (dict "a" (list $ts) ))) "r") -}} +{{- if (ne (toJson $projection.secret) "null") -}} +{{- $_ := (set $secretSources $projection.secret.name (concat (default (list ) (index $secretSources $projection.secret.name)) (default (list ) $projection.secret.items))) -}} +{{- else -}} +{{- $_ := (set $cmSources $projection.configMap.name (concat (default (list ) (index $cmSources $projection.configMap.name)) (default (list ) $projection.configMap.items))) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $sources := (coalesce nil) -}} +{{- range $_, $name := (sortAlpha (keys $cmSources)) -}} +{{- $keys := (index $cmSources $name) -}} +{{- $sources = (concat (default (list ) $sources) (list (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $name )) (dict "items" (get (fromJson (include "redpanda.dedupKeyToPaths" (dict "a" (list $keys) ))) "r") )) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- range $_, $name := (sortAlpha (keys $secretSources)) -}} +{{- $keys := (index $secretSources $name) -}} +{{- $sources = (concat (default (list ) $sources) (list (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $name )) (dict "items" (get (fromJson (include "redpanda.dedupKeyToPaths" (dict "a" (list $keys) ))) "r") )) )))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- if (lt ((get (fromJson (include "_shims.len" (dict "a" (list $sources) ))) "r") | int) (1 | int)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "name" "" ) (mustMergeOverwrite (dict ) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil) ) (dict "sources" $sources )) )) (dict "name" "truststores" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.dedupKeyToPaths" -}} +{{- $items := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $seen := (dict ) -}} +{{- $deduped := (coalesce nil) -}} +{{- range $_, $item := $items -}} +{{- $tmp_tuple_8 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $seen $item.key (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok_6 := $tmp_tuple_8.T2 -}} +{{- if $ok_6 -}} +{{- continue -}} +{{- end -}} +{{- $deduped = (concat (default (list ) $deduped) (list $item)) -}} +{{- $_ := (set $seen $item.key true) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $deduped) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Listeners.TrustStores" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tss := (get (fromJson (include "redpanda.KafkaListeners.TrustStores" (dict "a" (list $l.kafka $tls) ))) "r") -}} +{{- $tss = (concat (default (list ) $tss) (default (list ) (get (fromJson (include "redpanda.AdminListeners.TrustStores" (dict "a" (list $l.admin $tls) ))) "r"))) -}} +{{- $tss = (concat (default (list ) $tss) (default (list ) (get (fromJson (include "redpanda.HTTPListeners.TrustStores" (dict "a" (list $l.http $tls) ))) "r"))) -}} +{{- $tss = (concat (default (list ) $tss) (default (list ) (get (fromJson (include "redpanda.SchemaRegistryListeners.TrustStores" (dict "a" (list $l.schemaRegistry $tls) ))) "r"))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.Config.CreateRPKConfiguration" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (dict ) -}} +{{- range $k, $v := $c.rpk -}} +{{- $_ := (set $result $k $v) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TLSCertMap.MustGet" -}} +{{- $m := (index .a 0) -}} +{{- $name := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_9 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $m $name (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_9.T2 -}} +{{- $cert := $tmp_tuple_9.T1 -}} +{{- if (not $ok) -}} +{{- $_ := (fail (printf "Certificate %q referenced, but not found in the tls.certs map" $name)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $cert) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BootstrapUser.BootstrapEnvironment" -}} +{{- $b := (index .a 0) -}} +{{- $fullname := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (concat (default (list ) (get (fromJson (include "redpanda.BootstrapUser.RpkEnvironment" (dict "a" (list $b $fullname) ))) "r")) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "RP_BOOTSTRAP_USER" "value" "$(RPK_USER):$(RPK_PASS):$(RPK_SASL_MECHANISM)" ))))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BootstrapUser.Username" -}} +{{- $b := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $b.name) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $b.name) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "kubernetes-controller") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BootstrapUser.RpkEnvironment" -}} +{{- $b := (index .a 0) -}} +{{- $fullname := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "RPK_PASS" "valueFrom" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (get (fromJson (include "redpanda.BootstrapUser.SecretKeySelector" (dict "a" (list $b $fullname) ))) "r") )) )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "RPK_USER" "value" (get (fromJson (include "redpanda.BootstrapUser.Username" (dict "a" (list $b) ))) "r") )) (mustMergeOverwrite (dict "name" "" ) (dict "name" "RPK_SASL_MECHANISM" "value" (get (fromJson (include "redpanda.BootstrapUser.GetMechanism" (dict "a" (list $b) ))) "r") )))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BootstrapUser.GetMechanism" -}} +{{- $b := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq $b.mechanism "") -}} +{{- $_is_returning = true -}} +{{- (dict "r" "SCRAM-SHA-256") | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $b.mechanism) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.BootstrapUser.SecretKeySelector" -}} +{{- $b := (index .a 0) -}} +{{- $fullname := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $b.secretKeyRef) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" $b.secretKeyRef) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" (printf "%s-bootstrap-user" $fullname) )) (dict "key" "password" ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TrustStore.TrustStoreFilePath" -}} +{{- $t := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s/%s" "/etc/truststores" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TrustStore.RelativePath" -}} +{{- $t := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $t.configMapKeyRef) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "configmaps/%s-%s" $t.configMapKeyRef.name $t.configMapKeyRef.key)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "secrets/%s-%s" $t.secretKeyRef.name $t.secretKeyRef.key)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TrustStore.VolumeProjection" -}} +{{- $t := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $t.configMapKeyRef) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict ) (dict "configMap" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $t.configMapKeyRef.name )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" $t.configMapKeyRef.key "path" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t) ))) "r") ))) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict ) (dict "secret" (mustMergeOverwrite (dict ) (mustMergeOverwrite (dict ) (dict "name" $t.secretKeyRef.name )) (dict "items" (list (mustMergeOverwrite (dict "key" "" "path" "" ) (dict "key" $t.secretKeyRef.key "path" (get (fromJson (include "redpanda.TrustStore.RelativePath" (dict "a" (list $t) ))) "r") ))) )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.InternalTLS.IsEnabled" -}} +{{- $t := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.enabled $tls.enabled) ))) "r") (ne $t.cert ""))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.InternalTLS.TrustStoreFilePath" -}} +{{- $t := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $t.trustStore) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $t.cert) ))) "r").caEnabled -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" $t.cert)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "/etc/ssl/certs/ca-certificates.crt") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.InternalTLS.ServerCAPath" -}} +{{- $t := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $t.cert) ))) "r").caEnabled -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" $t.cert)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s/%s/tls.crt" "/etc/tls/certs" $t.cert)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ExternalTLS.GetCert" -}} +{{- $t := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- $tls := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i) ))) "r")) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ExternalTLS.GetCertName" -}} +{{- $t := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.cert $i.cert) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ExternalTLS.TrustStoreFilePath" -}} +{{- $t := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- $tls := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (ne (toJson $t.trustStore) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (get (fromJson (include "redpanda.TrustStore.TrustStoreFilePath" (dict "a" (list $t.trustStore) ))) "r")) | toJson -}} +{{- break -}} +{{- end -}} +{{- if (get (fromJson (include "redpanda.ExternalTLS.GetCert" (dict "a" (list $t $i $tls) ))) "r").caEnabled -}} +{{- $_is_returning = true -}} +{{- (dict "r" (printf "%s/%s/ca.crt" "/etc/tls/certs" (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" "/etc/ssl/certs/ca-certificates.crt") | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ExternalTLS.IsEnabled" -}} +{{- $t := (index .a 0) -}} +{{- $i := (index .a 1) -}} +{{- $tls := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $t) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" false) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (ne (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $t $i) ))) "r") "") (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $t.enabled (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $i $tls) ))) "r")) ))) "r"))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.AdminListeners.ConsoleTLS" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") )) -}} +{{- if (not $t.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $adminAPIPrefix := (printf "%s/%s" "/etc/tls/certs" $l.tls.cert) -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $l.tls.cert) ))) "r").caEnabled -}} +{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $adminAPIPrefix)) -}} +{{- else -}} +{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $adminAPIPrefix)) -}} +{{- end -}} +{{- if (not $l.tls.requireClientAuth) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $adminAPIPrefix)) -}} +{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $adminAPIPrefix)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.AdminListeners.Listeners" -}} +{{- $l := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $admin := (list (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r")) -}} +{{- range $k, $lis := $l.external -}} +{{- if (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $admin = (concat (default (list ) $admin) (list (dict "name" $k "port" ($lis.port | int) "address" "0.0.0.0" ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $admin) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.AdminListeners.ListenersTLS" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $admin := (list ) -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} +{{- $admin = (concat (default (list ) $admin) (list $internal)) -}} +{{- end -}} +{{- range $k, $lis := $l.external -}} +{{- if (or (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} +{{- continue -}} +{{- end -}} +{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} +{{- $admin = (concat (default (list ) $admin) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $admin) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.AdminListeners.TrustStores" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tss := (list ) -}} +{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} +{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} +{{- end -}} +{{- range $_, $key := (sortAlpha (keys $l.external)) -}} +{{- $lis := (index $l.external $key) -}} +{{- if (or (or (not (get (fromJson (include "redpanda.AdminExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} +{{- continue -}} +{{- end -}} +{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.AdminExternal.IsEnabled" -}} +{{- $l := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.HTTPListeners.Listeners" -}} +{{- $l := (index .a 0) -}} +{{- $saslEnabled := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r") -}} +{{- if $saslEnabled -}} +{{- $_ := (set $internal "authentication_method" "http_basic") -}} +{{- end -}} +{{- $am_7 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- if (ne $am_7 "") -}} +{{- $_ := (set $internal "authentication_method" $am_7) -}} +{{- end -}} +{{- $result := (list $internal) -}} +{{- range $k, $l := $l.external -}} +{{- if (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0" ) -}} +{{- if $saslEnabled -}} +{{- $_ := (set $listener "authentication_method" "http_basic") -}} +{{- end -}} +{{- $am_8 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- if (ne $am_8 "") -}} +{{- $_ := (set $listener "authentication_method" $am_8) -}} +{{- end -}} +{{- $result = (concat (default (list ) $result) (list $listener)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.HTTPListeners.ListenersTLS" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $pp := (list ) -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} +{{- $pp = (concat (default (list ) $pp) (list $internal)) -}} +{{- end -}} +{{- range $k, $lis := $l.external -}} +{{- if (or (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} +{{- continue -}} +{{- end -}} +{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} +{{- $pp = (concat (default (list ) $pp) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $pp) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.HTTPListeners.TrustStores" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tss := (coalesce nil) -}} +{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} +{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} +{{- end -}} +{{- range $_, $key := (sortAlpha (keys $l.external)) -}} +{{- $lis := (index $l.external $key) -}} +{{- if (or (or (not (get (fromJson (include "redpanda.HTTPExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} +{{- continue -}} +{{- end -}} +{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.HTTPExternal.IsEnabled" -}} +{{- $l := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.KafkaListeners.Listeners" -}} +{{- $l := (index .a 0) -}} +{{- $auth := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($l.port | int)) ))) "r") -}} +{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $auth) ))) "r") -}} +{{- $_ := (set $internal "authentication_method" "sasl") -}} +{{- end -}} +{{- $am_9 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- if (ne $am_9 "") -}} +{{- $_ := (set $internal "authentication_method" $am_9) -}} +{{- end -}} +{{- $kafka := (list $internal) -}} +{{- range $k, $l := $l.external -}} +{{- if (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0" ) -}} +{{- if (get (fromJson (include "redpanda.Auth.IsSASLEnabled" (dict "a" (list $auth) ))) "r") -}} +{{- $_ := (set $listener "authentication_method" "sasl") -}} +{{- end -}} +{{- $am_10 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- if (ne $am_10 "") -}} +{{- $_ := (set $listener "authentication_method" $am_10) -}} +{{- end -}} +{{- $kafka = (concat (default (list ) $kafka) (list $listener)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $kafka) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.KafkaListeners.ListenersTLS" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $kafka := (list ) -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} +{{- $kafka = (concat (default (list ) $kafka) (list $internal)) -}} +{{- end -}} +{{- range $k, $lis := $l.external -}} +{{- if (or (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} +{{- continue -}} +{{- end -}} +{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} +{{- $kafka = (concat (default (list ) $kafka) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $kafka) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.KafkaListeners.TrustStores" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tss := (coalesce nil) -}} +{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} +{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} +{{- end -}} +{{- range $_, $key := (sortAlpha (keys $l.external)) -}} +{{- $lis := (index $l.external $key) -}} +{{- if (or (or (not (get (fromJson (include "redpanda.KafkaExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} +{{- continue -}} +{{- end -}} +{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.KafkaListeners.ConsoleTLS" -}} +{{- $k := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $k.tls $tls) ))) "r") )) -}} +{{- if (not $t.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $kafkaPathPrefix := (printf "%s/%s" "/etc/tls/certs" $k.tls.cert) -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $k.tls.cert) ))) "r").caEnabled -}} +{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $kafkaPathPrefix)) -}} +{{- else -}} +{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $kafkaPathPrefix)) -}} +{{- end -}} +{{- if (not $k.tls.requireClientAuth) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $kafkaPathPrefix)) -}} +{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $kafkaPathPrefix)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.KafkaListeners.ConnectorsTLS" -}} +{{- $k := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- $fullName := (index .a 2) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $t := (mustMergeOverwrite (dict "enabled" false "ca" (dict "secretRef" "" "secretNameOverwrite" "" ) "cert" (dict "secretRef" "" "secretNameOverwrite" "" ) "key" (dict "secretRef" "" "secretNameOverwrite" "" ) ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $k.tls $tls) ))) "r") )) -}} +{{- if (not $t.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $t "ca" (mustMergeOverwrite (dict "secretRef" "" "secretNameOverwrite" "" ) (dict "secretRef" (printf "%s-default-cert" $fullName) ))) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.KafkaExternal.IsEnabled" -}} +{{- $l := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SchemaRegistryListeners.Listeners" -}} +{{- $sr := (index .a 0) -}} +{{- $saslEnabled := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerCfg" (dict "a" (list ($sr.port | int)) ))) "r") -}} +{{- if $saslEnabled -}} +{{- $_ := (set $internal "authentication_method" "http_basic") -}} +{{- end -}} +{{- $am_11 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $sr.authenticationMethod "") ))) "r") -}} +{{- if (ne $am_11 "") -}} +{{- $_ := (set $internal "authentication_method" $am_11) -}} +{{- end -}} +{{- $result := (list $internal) -}} +{{- range $k, $l := $sr.external -}} +{{- if (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $l) ))) "r")) -}} +{{- continue -}} +{{- end -}} +{{- $listener := (dict "name" $k "port" ($l.port | int) "address" "0.0.0.0" ) -}} +{{- if $saslEnabled -}} +{{- $_ := (set $listener "authentication_method" "http_basic") -}} +{{- end -}} +{{- $am_12 := (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.authenticationMethod "") ))) "r") -}} +{{- if (ne $am_12 "") -}} +{{- $_ := (set $listener "authentication_method" $am_12) -}} +{{- end -}} +{{- $result = (concat (default (list ) $result) (list $listener)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SchemaRegistryListeners.ListenersTLS" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $listeners := (list ) -}} +{{- $internal := (get (fromJson (include "redpanda.createInternalListenerTLSCfg" (dict "a" (list $tls $l.tls) ))) "r") -}} +{{- if (gt ((get (fromJson (include "_shims.len" (dict "a" (list $internal) ))) "r") | int) (0 | int)) -}} +{{- $listeners = (concat (default (list ) $listeners) (list $internal)) -}} +{{- end -}} +{{- range $k, $lis := $l.external -}} +{{- if (or (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) -}} +{{- continue -}} +{{- end -}} +{{- $certName := (get (fromJson (include "redpanda.ExternalTLS.GetCertName" (dict "a" (list $lis.tls $l.tls) ))) "r") -}} +{{- $listeners = (concat (default (list ) $listeners) (list (dict "name" $k "enabled" true "cert_file" (printf "%s/%s/tls.crt" "/etc/tls/certs" $certName) "key_file" (printf "%s/%s/tls.key" "/etc/tls/certs" $certName) "require_client_auth" (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $lis.tls.requireClientAuth false) ))) "r") "truststore_file" (get (fromJson (include "redpanda.ExternalTLS.TrustStoreFilePath" (dict "a" (list $lis.tls $l.tls $tls) ))) "r") ))) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $listeners) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SchemaRegistryListeners.TrustStores" -}} +{{- $l := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tss := (coalesce nil) -}} +{{- if (and (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $l.tls $tls) ))) "r") (ne (toJson $l.tls.trustStore) "null")) -}} +{{- $tss = (concat (default (list ) $tss) (list $l.tls.trustStore)) -}} +{{- end -}} +{{- range $_, $key := (sortAlpha (keys $l.external)) -}} +{{- $lis := (index $l.external $key) -}} +{{- if (or (or (not (get (fromJson (include "redpanda.SchemaRegistryExternal.IsEnabled" (dict "a" (list $lis) ))) "r")) (not (get (fromJson (include "redpanda.ExternalTLS.IsEnabled" (dict "a" (list $lis.tls $l.tls $tls) ))) "r"))) (eq (toJson $lis.tls.trustStore) "null")) -}} +{{- continue -}} +{{- end -}} +{{- $tss = (concat (default (list ) $tss) (list $lis.tls.trustStore)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $tss) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SchemaRegistryListeners.ConsoleTLS" -}} +{{- $sr := (index .a 0) -}} +{{- $tls := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $t := (mustMergeOverwrite (dict "enabled" false "caFilepath" "" "certFilepath" "" "keyFilepath" "" "insecureSkipTlsVerify" false ) (dict "enabled" (get (fromJson (include "redpanda.InternalTLS.IsEnabled" (dict "a" (list $sr.tls $tls) ))) "r") )) -}} +{{- if (not $t.enabled) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $schemaRegistryPrefix := (printf "%s/%s" "/etc/tls/certs" $sr.tls.cert) -}} +{{- if (get (fromJson (include "redpanda.TLSCertMap.MustGet" (dict "a" (list (deepCopy $tls.certs) $sr.tls.cert) ))) "r").caEnabled -}} +{{- $_ := (set $t "caFilepath" (printf "%s/ca.crt" $schemaRegistryPrefix)) -}} +{{- else -}} +{{- $_ := (set $t "caFilepath" (printf "%s/tls.crt" $schemaRegistryPrefix)) -}} +{{- end -}} +{{- if (not $sr.tls.requireClientAuth) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_ := (set $t "certFilepath" (printf "%s/tls.crt" $schemaRegistryPrefix)) -}} +{{- $_ := (set $t "keyFilepath" (printf "%s/tls.key" $schemaRegistryPrefix)) -}} +{{- $_is_returning = true -}} +{{- (dict "r" $t) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SchemaRegistryExternal.IsEnabled" -}} +{{- $l := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (get (fromJson (include "_shims.ptr_Deref" (dict "a" (list $l.enabled true) ))) "r") (gt ($l.port | int) (0 | int)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TunableConfig.Translate" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- if (eq (toJson $c) "null") -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $result := (dict ) -}} +{{- range $k, $v := $c -}} +{{- if (not (empty $v)) -}} +{{- $_ := (set $result $k $v) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.NodeConfig.Translate" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (dict ) -}} +{{- range $k, $v := $c -}} +{{- if (not (empty $v)) -}} +{{- $tmp_tuple_12 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.asnumeric" (dict "a" (list $v) ))) "r")) ))) "r") -}} +{{- $ok_13 := $tmp_tuple_12.T2 -}} +{{- if $ok_13 -}} +{{- $_ := (set $result $k $v) -}} +{{- else -}}{{- if (kindIs "bool" $v) -}} +{{- $_ := (set $result $k $v) -}} +{{- else -}} +{{- $_ := (set $result $k (toYaml $v)) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.ClusterConfig.Translate" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $result := (dict ) -}} +{{- range $k, $v := $c -}} +{{- $tmp_tuple_13 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.typetest" (dict "a" (list "bool" $v false) ))) "r")) ))) "r") -}} +{{- $ok_15 := $tmp_tuple_13.T2 -}} +{{- $b_14 := $tmp_tuple_13.T1 -}} +{{- if $ok_15 -}} +{{- $_ := (set $result $k $b_14) -}} +{{- continue -}} +{{- end -}} +{{- if (not (empty $v)) -}} +{{- $_ := (set $result $k $v) -}} +{{- end -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $result) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretRef.AsSource" -}} +{{- $sr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (mustMergeOverwrite (dict ) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "" ) (mustMergeOverwrite (dict ) (dict "name" $sr.name )) (dict "key" $sr.key )) ))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.SecretRef.IsValid" -}} +{{- $sr := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and (and (ne (toJson $sr) "null") (not (empty $sr.key))) (not (empty $sr.name)))) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TieredStorageCredentials.AsEnvVars" -}} +{{- $tsc := (index .a 0) -}} +{{- $config := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_14 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_access_key" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $hasAccessKey := $tmp_tuple_14.T2 -}} +{{- $tmp_tuple_15 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_secret_key" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $hasSecretKey := $tmp_tuple_15.T2 -}} +{{- $tmp_tuple_16 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $config "cloud_storage_azure_shared_key" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $hasSharedKey := $tmp_tuple_16.T2 -}} +{{- $envvars := (coalesce nil) -}} +{{- if (and (not $hasAccessKey) (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.accessKey) ))) "r")) -}} +{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_ACCESS_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.accessKey) ))) "r") )))) -}} +{{- end -}} +{{- if (get (fromJson (include "redpanda.SecretRef.IsValid" (dict "a" (list $tsc.secretKey) ))) "r") -}} +{{- if (and (not $hasSecretKey) (not (get (fromJson (include "redpanda.TieredStorageConfig.HasAzureCanaries" (dict "a" (list (deepCopy $config)) ))) "r"))) -}} +{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_SECRET_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.secretKey) ))) "r") )))) -}} +{{- else -}}{{- if (and (not $hasSharedKey) (get (fromJson (include "redpanda.TieredStorageConfig.HasAzureCanaries" (dict "a" (list (deepCopy $config)) ))) "r")) -}} +{{- $envvars = (concat (default (list ) $envvars) (list (mustMergeOverwrite (dict "name" "" ) (dict "name" "REDPANDA_CLOUD_STORAGE_AZURE_SHARED_KEY" "valueFrom" (get (fromJson (include "redpanda.SecretRef.AsSource" (dict "a" (list $tsc.secretKey) ))) "r") )))) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $envvars) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TieredStorageConfig.HasAzureCanaries" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_17 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_container" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $containerExists := $tmp_tuple_17.T2 -}} +{{- $tmp_tuple_18 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $c "cloud_storage_azure_storage_account" (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $accountExists := $tmp_tuple_18.T2 -}} +{{- $_is_returning = true -}} +{{- (dict "r" (and $containerExists $accountExists)) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TieredStorageConfig.CloudStorageCacheSize" -}} +{{- $c := (index .a 0) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $tmp_tuple_19 := (get (fromJson (include "_shims.compact" (dict "a" (list (get (fromJson (include "_shims.dicttest" (dict "a" (list $c `cloud_storage_cache_size` (coalesce nil)) ))) "r")) ))) "r") -}} +{{- $ok := $tmp_tuple_19.T2 -}} +{{- $value := $tmp_tuple_19.T1 -}} +{{- if (not $ok) -}} +{{- $_is_returning = true -}} +{{- (dict "r" (coalesce nil)) | toJson -}} +{{- break -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $value) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + +{{- define "redpanda.TieredStorageConfig.Translate" -}} +{{- $c := (index .a 0) -}} +{{- $creds := (index .a 1) -}} +{{- range $_ := (list 1) -}} +{{- $_is_returning := false -}} +{{- $config := (merge (dict ) (dict ) $c) -}} +{{- range $_, $envvar := (get (fromJson (include "redpanda.TieredStorageCredentials.AsEnvVars" (dict "a" (list $creds $c) ))) "r") -}} +{{- $key := (lower (substr ((get (fromJson (include "_shims.len" (dict "a" (list "REDPANDA_") ))) "r") | int) -1 $envvar.name)) -}} +{{- $_ := (set $config $key (printf "$%s" $envvar.name)) -}} +{{- end -}} +{{- if $_is_returning -}} +{{- break -}} +{{- end -}} +{{- $size_16 := (get (fromJson (include "redpanda.TieredStorageConfig.CloudStorageCacheSize" (dict "a" (list (deepCopy $c)) ))) "r") -}} +{{- if (ne (toJson $size_16) "null") -}} +{{- $_ := (set $config "cloud_storage_cache_size" ((get (fromJson (include "_shims.resource_Value" (dict "a" (list $size_16) ))) "r") | int64)) -}} +{{- end -}} +{{- $_is_returning = true -}} +{{- (dict "r" $config) | toJson -}} +{{- break -}} +{{- end -}} +{{- end -}} + diff --git a/charts/redpanda/redpanda/5.9.12/templates/entry-point.yaml b/charts/redpanda/redpanda/5.9.12/templates/entry-point.yaml new file mode 100644 index 000000000..6cdf646ad --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/entry-point.yaml @@ -0,0 +1,17 @@ +{{- /* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- include "_shims.render-manifest" (list "redpanda.render" .) -}} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-api-status.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-api-status.yaml new file mode 100644 index 000000000..330a2c4a4 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-api-status.yaml @@ -0,0 +1,52 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool)) -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-api-status" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + until rpk cluster info \ + --brokers {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + do sleep 2 + done + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-auditLogging.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-auditLogging.yaml new file mode 100644 index 000000000..fea34776f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-auditLogging.yaml @@ -0,0 +1,86 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +{{/* + This feature is gated by having a license, and it must have sasl enabled, we assume these conditions are met + as part of setting auditLogging being enabled. +*/}} +{{- if and .Values.tests.enabled .Values.auditLogging.enabled (include "redpanda-atleast-23-3-0" . | fromJson).bool }} +{{- $sasl := .Values.auth.sasl }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-audit-logging" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: { { - toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -xe + old_setting=${-//[^x]/} + audit_topic_name="_redpanda.audit_log" + expected_partitions={{ .Values.auditLogging.partitions }} + + # sasl configurations + set +x + IFS=":" read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + if [[ -n "$old_setting" ]]; then set -x; fi + + # now run the to determine if we have the right results + # should describe topic without error + rpk topic describe ${audit_topic_name} + # should get the expected values + result=$(rpk topic list | grep ${audit_topic_name}) + name=$(echo $result | awk '{print $1}') + partitions=$(echo $result | awk '{print $2}') + if [ "${name}" != "${audit_topic_name}" ]; then + echo "expected topic name does not match" + exit 1 + fi + if [ ${partitions} != ${expected_partitions} ]; then + echo "expected partition size did not match" + exit 1 + fi + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-connector-via-console.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-connector-via-console.yaml new file mode 100644 index 000000000..67619a829 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-connector-via-console.yaml @@ -0,0 +1,166 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled .Values.connectors.enabled .Values.console.enabled }} +{{- $sasl := .Values.auth.sasl }} +{{- $values := .Values }} +{{- $consoleValues := (merge (dict) .Values.console .Subcharts.console.Values) -}} +{{- $consoleDot := dict "Values" (dict "AsMap" $consoleValues) "Release" .Release "Chart" .Subcharts.console.Chart -}} +{{- $connectorsDot := dict "Values" (merge (dict) .Values.connectors .Subcharts.connectors.Values) "Release" .Release "Chart" .Subcharts.connectors.Chart -}} +{{/* brokers */}} +{{- $kafkaBrokers := list }} +{{- range (include "seed-server-list" . | mustFromJson) }} + {{- $kafkaBrokers = append $kafkaBrokers (printf "%s:%s" . ($values.listeners.kafka.port | toString)) }} +{{- end }} +{{- $brokersString := join "," $kafkaBrokers}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . | trunc 54 }}-test-connectors-via-console + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + test-name: test-connectors-via-console + annotations: + test-name: test-connectors-via-console + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + env: + - name: TLS_ENABLED + value: {{ (include "kafka-internal-tls-enabled" . | fromJson).bool | quote }} + command: + - /bin/bash + - -c + - | + set -xe + + trap connectorsState ERR + + connectorsState () { + echo check connectors expand status + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsDot }}:{{ .Values.connectors.connectors.restPort }}/connectors?expand=status + echo check connectors expand info + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsDot }}:{{ .Values.connectors.connectors.restPort }}/connectors?expand=info + echo check connector configuration + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsDot }}:{{ .Values.connectors.connectors.restPort }}/connectors/$CONNECTOR_NAME + echo check connector topics + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" $connectorsDot }}:{{ .Values.connectors.connectors.restPort }}/connectors/$CONNECTOR_NAME/topics + } + + {{- if .Values.auth.sasl.enabled }} + set -e + set +x + + echo "SASL enabled: reading credentials from $(find /etc/secrets/users/* -print)" + IFS=":" read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + RPK_USER="${REDPANDA_SASL_USERNAME}" + RPK_PASS="${REDPANDA_SASL_PASSWORD}" + RPK_SASL_MECHANISM="${REDPANDA_SASL_MECHANISM}" + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + + JAAS_CONFIG_SOURCE="\"source.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${RPK_USER}\\\\"\" password=\\\\"\"${RPK_PASS}\\\\"\";\"," + JAAS_CONFIG_TARGET="\"target.cluster.sasl.jaas.config\": \"org.apache.kafka.common.security.scram.ScramLoginModule required username=\\\\"\"${RPK_USER}\\\\"\" password=\\\\"\"${RPK_PASS}\\\\"\";\"," + set -x + set +e + {{- end }} + + {{- $testTopic := printf "test-topic-%s" (randNumeric 3) }} + rpk topic create {{ $testTopic }} + rpk topic list + echo "Test message!" | rpk topic produce {{ $testTopic }} + + SECURITY_PROTOCOL=PLAINTEXT + if [[ -n "$RPK_SASL_MECHANISM" && $TLS_ENABLED == "true" ]]; then + SECURITY_PROTOCOL="SASL_SSL" + elif [[ -n "$RPK_SASL_MECHANISM" ]]; then + SECURITY_PROTOCOL="SASL_PLAINTEXT" + elif [[ $TLS_ENABLED == "true" ]]; then + SECURITY_PROTOCOL="SSL" + fi + + CONNECTOR_NAME=mm2-$RANDOM + cat << 'EOF' > /tmp/mm2-conf.json + { + "connectorName": "CONNECTOR_NAME", + "config": { + "connector.class": "org.apache.kafka.connect.mirror.MirrorSourceConnector", + "topics": "{{ $testTopic }}", + "replication.factor": "1", + "tasks.max": "1", + "source.cluster.bootstrap.servers": {{ $brokersString | quote }}, + "target.cluster.bootstrap.servers": {{ $brokersString | quote }}, + "target.cluster.alias": "test-only-redpanda", + "source.cluster.alias": "source", + "key.converter": "org.apache.kafka.connect.converters.ByteArrayConverter", + "value.converter": "org.apache.kafka.connect.converters.ByteArrayConverter", + "source->target.enabled": "true", + "target->source.enabled": "false", + "sync.topic.configs.interval.seconds": "5", + "sync.topics.configs.enabled": "true", + "source.cluster.ssl.truststore.type": "PEM", + "target.cluster.ssl.truststore.type": "PEM", + "source.cluster.ssl.truststore.location": "/opt/kafka/connect-certs/ca/ca.crt", + "target.cluster.ssl.truststore.location": "/opt/kafka/connect-certs/ca/ca.crt", + JAAS_CONFIG_SOURCE + JAAS_CONFIG_TARGET + "source.cluster.security.protocol": "SECURITY_PROTOCOL", + "target.cluster.security.protocol": "SECURITY_PROTOCOL", + "source.cluster.sasl.mechanism": "SASL_MECHANISM", + "target.cluster.sasl.mechanism": "SASL_MECHANISM" + } + } + EOF + + sed -i "s/CONNECTOR_NAME/$CONNECTOR_NAME/g" /tmp/mm2-conf.json + sed -i "s/SASL_MECHANISM/$RPK_SASL_MECHANISM/g" /tmp/mm2-conf.json + sed -i "s/SECURITY_PROTOCOL/$SECURITY_PROTOCOL/g" /tmp/mm2-conf.json + set +x + sed -i "s/JAAS_CONFIG_SOURCE/$JAAS_CONFIG_SOURCE/g" /tmp/mm2-conf.json + sed -i "s/JAAS_CONFIG_TARGET/$JAAS_CONFIG_TARGET/g" /tmp/mm2-conf.json + set -x + + URL=http://{{ get ((include "console.Fullname" (dict "a" (list $consoleDot))) | fromJson) "r" }}:{{ get (fromJson (include "console.ContainerPort" (dict "a" (list $consoleDot) ))) "r" }}/api/kafka-connect/clusters/connectors/connectors + {{/* outputting to /dev/null because the output contains the user password */}} + echo "Creating mm2 connector" + curl {{ template "curl-options" . }} -H 'Content-Type: application/json' "${URL}" -d @/tmp/mm2-conf.json + + rpk topic consume source.{{ $testTopic }} -n 1 + + echo "Destroying mm2 connector" + curl {{ template "curl-options" . }} -X DELETE "${URL}/${CONNECTOR_NAME}" + + rpk topic list + rpk topic delete {{ $testTopic }} source.{{ $testTopic }} mm2-offset-syncs.test-only-redpanda.internal + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-console.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-console.yaml new file mode 100644 index 000000000..aeef1117a --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-console.yaml @@ -0,0 +1,49 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled .Values.console.enabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-console" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + curl {{ template "curl-options" . }} http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ (get (fromJson (include "console.ContainerPort" (dict "a" (list (dict "Values" (dict "AsMap" .Values.console)) )))) "r" ) }}/api/cluster + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-internal-external-tls-secrets.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-internal-external-tls-secrets.yaml new file mode 100644 index 000000000..53d75bb1b --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-internal-external-tls-secrets.yaml @@ -0,0 +1,122 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (include "tls-enabled" . | fromJson).bool ( eq .Values.external.type "NodePort" ) }} + {{- $values := .Values }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-internal-externals-cert-secrets + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - bash + - -c + - | + set -x + + retry() { + local retries="$1" + local command="$2" + + # Run the command, and save the exit code + bash -c $command + local exit_code=$? + + # If the exit code is non-zero (i.e. command failed), and we have not + # reached the maximum number of retries, run the command again + if [[ $exit_code -ne 0 && $retries -gt 0 ]]; then + retry $(($retries - 1)) "$command" + else + # Return the exit code from the command + return $exit_code + fi + } + + {{- range $name, $cert := $values.tls.certs }} + {{- if $cert.secretRef }} + echo testing cert: {{ $name | quote }} + + {{- if eq $cert.secretRef.name "internal-tls-secret" }} + echo "---> testing internal tls" + retry 5 'openssl s_client -verify_return_error -prexit + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key + -connect {{ include "admin-api-urls" $ }}' + {{- end }} + + {{- if eq $cert.secretRef.name "external-tls-secret" }} + echo "---> testing external tls" + + {{- if eq $values.listeners.kafka.external.default.tls.cert $name }} + echo "-----> testing external tls: kafka api" + {{- $port := ( first $values.listeners.kafka.external.default.advertisedPorts ) }} + retry 5 'openssl s_client -verify_return_error -prexit + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key + -connect {{ $values.external.domain }}:{{ $port }}' + {{- end }} + + {{- if and (eq $values.listeners.schemaRegistry.external.default.tls.cert $name) (include "redpanda-22-2-x-without-sasl" $ | fromJson).bool }} + echo "-----> testing external tls: schema registry" + {{- $port := ( first $values.listeners.schemaRegistry.external.default.advertisedPorts ) }} + retry 5 'openssl s_client -verify_return_error -prexit + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key + -connect {{ $values.external.domain }}:{{ $port }}' + {{- end }} + + {{- if and (eq $values.listeners.http.external.default.tls.cert $name) (include "redpanda-22-2-x-without-sasl" $ | fromJson).bool }} + echo "-----> testing external tls: http api" + {{- $port := ( first $values.listeners.http.external.default.advertisedPorts ) }} + retry 5 'openssl s_client -verify_return_error -prexit + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key + -connect {{ $values.external.domain }}:{{ $port }}' + {{- end }} + + {{- end }} + echo "----" + + {{- end }} + {{- end }} + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-internal-tls-status.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-internal-tls-status.yaml new file mode 100644 index 000000000..dcfc02cbd --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-internal-tls-status.yaml @@ -0,0 +1,62 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (include "kafka-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} + {{- $service := .Values.listeners.kafka -}} + {{- $cert := get .Values.tls.certs $service.tls.cert -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-kafka-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + until rpk cluster info \ + --brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ $service.port }} \ + --tls-enabled \ + {{- if $cert.caEnabled }} + --tls-truststore /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + --tls-truststore /etc/ssl/certs/ca-certificates.crt + {{- end }} + do sleep 2 + done + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-nodelete.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-nodelete.yaml new file mode 100644 index 000000000..9b5fe4237 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-nodelete.yaml @@ -0,0 +1,100 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (dig "kafka_nodelete_topics" "[]" $.Values.config.cluster) }} +{{- $noDeleteTopics := .Values.config.cluster.kafka_nodelete_topics }} +{{- $sasl := .Values.auth.sasl }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-kafka-nodelete + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} +{{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + env: + - name: REDPANDA_BROKERS + value: "{{ include "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain | trimSuffix "." }}:{{ .Values.listeners.kafka.port }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -e +{{- $cloudStorageFlags := "" }} +{{- if (include "storage-tiered-config" .|fromJson).cloud_storage_enabled }} + {{- $cloudStorageFlags = "-c retention.bytes=80 -c segment.bytes=40 -c redpanda.remote.read=true -c redpanda.remote.write=true"}} +{{- end }} +{{- if .Values.auth.sasl.enabled }} + old_setting=${-//[^x]/} + set +x + IFS=":" read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + if [[ -n "$old_setting" ]]; then set -x; fi +{{- end }} + + exists=$(rpk topic list | grep my_sample_topic | awk '{print $1}') + if [[ "$exists" != "my_sample_topic" ]]; then + until rpk topic create my_sample_topic {{ $cloudStorageFlags }} + do sleep 2 + done + fi + + {{- range $i := until 100 }} + echo "Pandas are awesome!" | rpk topic produce my_sample_topic + {{- end }} + sleep 2 + rpk topic consume my_sample_topic -n 1 | grep "Pandas are awesome!" + + # now check if we can delete the topic (we should not) + rpk topic delete my_sample_topic + + {{- if has "my_sample_topic" $noDeleteTopics }} + result=$(rpk topic list | grep my_sample_topic | awk '{print $1}') + if [[ "$result" != "my_sample_topic" ]]; then + echo "topic should not have been deleted" + exit 1 + fi + {{- end }} + + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-produce-consume.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-produce-consume.yaml new file mode 100644 index 000000000..d8f0ee751 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-produce-consume.yaml @@ -0,0 +1,83 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.tests.enabled }} +{{- $sasl := .Values.auth.sasl }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-kafka-produce-consume + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} +{{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + env: + - name: REDPANDA_BROKERS + value: "{{ include "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain | trimSuffix "." }}:{{ .Values.listeners.kafka.port }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -e +{{- $cloudStorageFlags := "" }} +{{- if (include "storage-tiered-config" .|fromJson).cloud_storage_enabled }} + {{- $cloudStorageFlags = "-c retention.bytes=80 -c segment.bytes=40 -c redpanda.remote.read=true -c redpanda.remote.write=true"}} +{{- end }} +{{- if .Values.auth.sasl.enabled }} + old_setting=${-//[^x]/} + set +x + IFS=":" read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + if [[ -n "$old_setting" ]]; then set -x; fi +{{- end }} + until rpk topic create produce.consume.test.$POD_NAME {{ $cloudStorageFlags }} + do sleep 2 + done + {{- range $i := until 100 }} + echo "Pandas are awesome!" | rpk topic produce produce.consume.test.$POD_NAME + {{- end }} + sleep 2 + rpk topic consume produce.consume.test.$POD_NAME -n 1 | grep "Pandas are awesome!" + rpk topic delete produce.consume.test.$POD_NAME + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-sasl-status.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-sasl-status.yaml new file mode 100644 index 000000000..0519c44bb --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-kafka-sasl-status.yaml @@ -0,0 +1,79 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (include "sasl-enabled" . | fromJson).bool }} +{{- $sasl := .Values.auth.sasl }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-status" + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -xe + +{{- if .Values.auth.sasl.enabled }} + old_setting=${-//[^x]/} + set +x + IFS=":" read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + if [[ -n "$old_setting" ]]; then set -x; fi +{{- end }} + + until rpk acl user delete myuser + do sleep 2 + done + sleep 3 + + {{ include "rpk-cluster-info" $ }} + {{ include "rpk-acl-user-create" $ }} + {{ include "rpk-acl-create" $ }} + sleep 3 + {{ include "rpk-topic-create" $ }} + {{ include "rpk-topic-describe" $ }} + {{ include "rpk-topic-delete" $ }} + rpk acl user delete myuser + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-license-with-console.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-license-with-console.yaml new file mode 100644 index 000000000..1edf7a350 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-license-with-console.yaml @@ -0,0 +1,61 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (include "is-licensed" . | fromJson).bool .Values.console.enabled }} +{{- $consolePort := (get (fromJson (include "console.ContainerPort" (dict "a" (list (dict "Values" (dict "AsMap" .Values.console)) )))) "r" ) }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-license-with-console" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: mintel/docker-alpine-bash-curl-jq:latest + command: [ "/bin/bash", "-c" ] + args: + - | + echo "testing that we do NOT have an open source license" + set -xe + + max_iteration=10 + curl -vm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{$consolePort}}/api/cluster/overview | jq . + type=$(curl -svm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{$consolePort}}/api/cluster/overview | jq -r .console.license.type) + while [[ $max_iteration -gt 0 && ("$type" == "open_source" || "$type" == "") ]]; do + max_iteration=$(( max_iteration - 1 )) + type=$(curl -svm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{$consolePort}}/api/cluster/overview | jq -r .console.license.type) + done + if [[ "$type" == "open_source" || "$type" == "" ]]; then + curl -svm3 --fail --retry "120" --retry-max-time "120" http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{$consolePort}}/api/cluster/overview | jq . + exit 1 + fi + set +x + echo "license test passed." +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-lifecycle-scripts.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-lifecycle-scripts.yaml new file mode 100644 index 000000000..5c72e1d9f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-lifecycle-scripts.yaml @@ -0,0 +1,66 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.tests.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-lifecycle" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + env: + - name: SERVICE_NAME + value: {{ include "redpanda.fullname" . }}-0 + command: + - /bin/timeout + - "{{ mul .Values.statefulset.terminationGracePeriodSeconds 2 }}" + - bash + - -xec + - | + /bin/timeout -v {{ div .Values.statefulset.terminationGracePeriodSeconds 2 }} bash -x /var/lifecycle/preStop.sh + ls -l /tmp/preStop* + test -f /tmp/preStopHookStarted + test -f /tmp/preStopHookFinished + + /bin/timeout -v {{ div .Values.statefulset.terminationGracePeriodSeconds 2 }} bash -x /var/lifecycle/postStart.sh + ls -l /tmp/postStart* + test -f /tmp/postStartHookStarted + test -f /tmp/postStartHookFinished + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + - name: lifecycle-scripts + mountPath: /var/lifecycle + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} + - name: lifecycle-scripts + secret: + secretName: {{ (include "redpanda.fullname" . | trunc 50 ) }}-sts-lifecycle + defaultMode: 0o775 + {{- end }} \ No newline at end of file diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-loadbalancer-tls.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-loadbalancer-tls.yaml new file mode 100644 index 000000000..4db3523d2 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-loadbalancer-tls.yaml @@ -0,0 +1,173 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */}} +{{- if and .Values.tests.enabled .Values.tls.enabled ( eq .Values.external.type "LoadBalancer" ) -}} + {{- $values := .Values }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-loadbalancer-tls + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + serviceAccountName: test-loadbalancer-tls-redpanda + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: mintel/docker-alpine-bash-curl-jq:latest + command: + - bash + - -c + - | + set -x + export APISERVER=https://kubernetes.default.svc + export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount + export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) + export TOKEN=$(cat ${SERVICEACCOUNT}/token) + export CACERT=${SERVICEACCOUNT}/ca.crt + + ip_list="" + + replicas={{ .Values.statefulset.replicas }} + if [ "${replicas}" -lt "1" ]; then + echo "replicas cannot be less than 1" + exit 1 + fi + + range=$(expr $replicas - 1) + ordinal_list=$(seq 0 $range) + + set -e + + for i in $ordinal_list + do + POD_DESC=$(curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ + -X GET ${APISERVER}/api/v1/namespaces/{{ .Release.Namespace }}/services/lb-{{ template "redpanda.fullname" . }}-$i) + ip=$(echo $POD_DESC | jq -r .status.loadBalancer.ingress[0].ip ) + ip_list="$ip $ip_list" + done + + echo test will be run against $ip_list + echo testing LoadBalancer connectivity + + {{- range $name, $cert := $values.tls.certs }} + {{- if $cert.secretRef }} + {{- if eq $cert.secretRef.name "external-tls-secret" }} + echo "---> testing external tls" + + {{- if eq $values.listeners.kafka.external.default.tls.cert $name }} + echo "-----> testing external tls: kafka api" + {{- $port := ( first $values.listeners.kafka.external.default.advertisedPorts ) }} + + for ip in $ip_list + do + openssl s_client -verify_return_error -prexit \ + {{- if $cert.caEnabled -}} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ + {{- end -}} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key -connect $ip:{{ $port }} + done + {{- end }} + + {{- if (include "redpanda-22-2-x-without-sasl" $ | fromJson).bool }} + {{- if eq $values.listeners.schemaRegistry.external.default.tls.cert $name }} + echo "-----> testing external tls: schema registry" + {{- $port := ( first $values.listeners.schemaRegistry.external.default.advertisedPorts ) }} + for ip in $ip_list + do + openssl s_client -verify_return_error -prexit \ + {{- if $cert.caEnabled -}} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ + {{- end -}} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key -connect $ip:{{ $port }} + done + {{- end }} + + {{- if eq $values.listeners.http.external.default.tls.cert $name }} + echo "-----> testing external tls: http api" + {{- $port := ( first $values.listeners.http.external.default.advertisedPorts ) }} + for ip in $ip_list + do + openssl s_client -verify_return_error -prexit \ + {{- if $cert.caEnabled -}} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ + {{- end -}} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key -connect $ip:{{ $port }} + done + {{- end }} + {{- end }} + + {{- end }} + {{- end }} + {{- end }} + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-loadbalancer-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: test-loadbalancer-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-loadbalancer-tls-redpanda +subjects: + - kind: ServiceAccount + name: test-loadbalancer-tls-redpanda + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: test-loadbalancer-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +rules: + - apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-nodeport-tls.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-nodeport-tls.yaml new file mode 100644 index 000000000..4310eaf3a --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-nodeport-tls.yaml @@ -0,0 +1,173 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */}} +{{- if and .Values.tests.enabled .Values.tls.enabled ( eq .Values.external.type "NodePort" ) -}} + {{- $values := .Values }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-nodeport-tls + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +spec: + serviceAccountName: test-nodeport-tls-redpanda-no-a-test + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: mintel/docker-alpine-bash-curl-jq:latest + command: + - bash + - -c + - | + set -x + export APISERVER=https://kubernetes.default.svc + export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount + export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) + export TOKEN=$(cat ${SERVICEACCOUNT}/token) + export CACERT=${SERVICEACCOUNT}/ca.crt + + ip_list="" + + replicas={{ .Values.statefulset.replicas }} + if [ "${replicas}" -lt "1" ]; then + echo "replicas cannot be less than 1" + exit 1 + fi + + range=$(expr $replicas - 1) + ordinal_list=$(seq 0 $range) + + set -e + + for i in $ordinal_list + do + POD_DESC=$(curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ + -X GET ${APISERVER}/api/v1/namespaces/{{ .Release.Namespace }}/pods/{{ template "redpanda.fullname" . }}-$i) + ip=$(echo $POD_DESC | jq -r .status.hostIP ) + ip_list="$ip $ip_list" + done + + echo test will be run against $ip_list + echo testing NodePort connectivity + {{- range $name, $cert := $values.tls.certs }} + {{- if $cert.secretRef }} + {{- if eq $cert.secretRef.name "external-tls-secret" }} + echo "---> testing external tls" + + {{- if eq $values.listeners.kafka.external.default.tls.cert $name }} + echo "-----> testing external tls: kafka api" + {{- $port := ( first $values.listeners.kafka.external.default.advertisedPorts ) }} + for ip in $ip_list + do + openssl s_client -verify_return_error -prexit \ + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \ + -connect ${ip}:{{ $port }} + done + {{- end }} + + {{- if (include "redpanda-22-2-x-without-sasl" $ | fromJson).bool }} + {{- if eq $values.listeners.schemaRegistry.external.default.tls.cert $name }} + echo "-----> testing external tls: schema registry" + {{- $port := ( first $values.listeners.schemaRegistry.external.default.advertisedPorts ) }} + for ip in $ip_list + do + openssl s_client -verify_return_error -prexit \ + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \ + -connect ${ip}:{{ $port }} + done + {{- end }} + + {{- if eq $values.listeners.http.external.default.tls.cert $name }} + echo "-----> testing external tls: http api" + {{- $port := ( first $values.listeners.http.external.default.advertisedPorts ) }} + for ip in $ip_list + do + openssl s_client -verify_return_error -prexit \ + {{- if $cert.caEnabled }} + -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \ + {{- end }} + -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \ + -connect ${ip}:{{ $port }} + done + {{- end }} + {{- end }} + + {{- end }} + {{- end }} + {{- end }} + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-nodeport-tls-redpanda-no-a-test + annotations: + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "-100" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: test-nodeport-tls-redpanda-no-a-test + annotations: + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "-100" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-nodeport-tls-redpanda-no-a-test +subjects: + - kind: ServiceAccount + name: test-nodeport-tls-redpanda-no-a-test + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: test-nodeport-tls-redpanda-no-a-test + annotations: + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "-100" +rules: + - apiGroups: + - "" + resources: + - pods + - services + verbs: + - get +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-internal-tls-status.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-internal-tls-status.yaml new file mode 100644 index 000000000..4cb6aaa0f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-internal-tls-status.yaml @@ -0,0 +1,81 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (include "http-internal-tls-enabled" . | fromJson).bool .Values.listeners.http.enabled (include "redpanda-22-2-x-without-sasl" . | fromJson).bool -}} + {{- $service := .Values.listeners.http -}} + {{- $cert := get .Values.tls.certs $service.tls.cert -}} + {{- $sasl := .Values.auth.sasl }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-pandaproxy-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: [ "/bin/bash", "-c" ] + args: + - | + {{- if .Values.auth.sasl.enabled }} + old_setting=${-//[^x]/} + set +x + IFS=":" read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + RPK_USER="${RPK_USER:-${REDPANDA_SASL_USERNAME}}" + RPK_PASS="${RPK_PASS:-${REDPANDA_SASL_PASSWORD}}" + if [[ -n "$old_setting" ]]; then set -x; fi + {{- end }} + + curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors --ssl-reqd \ + {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.http.authenticationMethod }} + -u ${RPK_USER}:${RPK_PASS} \ + {{- end }} + {{- if $cert.caEnabled }} + --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ + {{- end }} + https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.http.port }}/brokers + + curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors --ssl-reqd \ + {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.http.authenticationMethod }} + -u ${RPK_USER}:${RPK_PASS} \ + {{- end }} + {{- if $cert.caEnabled }} + --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ + {{- end }} + https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.http.port }}/topics + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end -}} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-status.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-status.yaml new file mode 100644 index 000000000..4f5ee6bb7 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-pandaproxy-status.yaml @@ -0,0 +1,72 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and .Values.tests.enabled (not (include "http-internal-tls-enabled" . | fromJson).bool) .Values.listeners.http.enabled (include "redpanda-22-2-x-without-sasl" . | fromJson).bool -}} + {{- $sasl := .Values.auth.sasl }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-pandaproxy-status" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: [ "/bin/bash", "-c" ] + args: + - | + {{- if .Values.auth.sasl.enabled }} + old_setting=${-//[^x]/} + set +x + IFS=: read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + RPK_USER="${RPK_USER:-${REDPANDA_SASL_USERNAME}}" + RPK_PASS="${RPK_PASS:-${REDPANDA_SASL_PASSWORD}}" + if [[ -n "$old_setting" ]]; then set -x; fi + {{- end }} + + curl {{ template "curl-options" . }} \ + {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.http.authenticationMethod }} + -u ${RPK_USER}:${RPK_PASS} \ + {{- end }} + http://{{ include "redpanda.servicename" . }}:{{ .Values.listeners.http.port }}/brokers + + curl {{ template "curl-options" . }} \ + {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.http.authenticationMethod }} + -u ${RPK_USER}:${RPK_PASS} \ + {{- end }} + http://{{ include "redpanda.servicename" . }}:{{ .Values.listeners.http.port }}/topics + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-prometheus-targets.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-prometheus-targets.yaml new file mode 100644 index 000000000..81f83a34e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-prometheus-targets.yaml @@ -0,0 +1,84 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */}} + +{{- if and .Values.tests.enabled .Values.monitoring.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-prometheus-targets" + namespace: {{ .Release.Namespace | quote }} + labels: + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: registry.gitlab.com/gitlab-ci-utils/curl-jq:latest + command: [ "/bin/bash", "-c" ] + args: + - | + set -xe + + HEALTHY=$( curl {{ template "curl-options" . }} http://prometheus-operated.prometheus.svc.cluster.local:9090/-/healthy) + if [ $HEALTHY != 200 ]; then + echo "prometheus is not healthy, exiting" + exit 1 + fi + + echo "prometheus is healthy, checking if ready..." + + READY=$( curl {{ template "curl-options" . }} http://prometheus-operated.prometheus.svc.cluster.local:9090/-/ready) + if [ $READY != 200 ]; then + echo "prometheus is not ready, exiting" + exit 1 + fi + + echo "prometheus is ready, requesting target information..." + + + curl_prometheus() { + + # Run the command, and save the exit code + # from: https://prometheus.io/docs/prometheus/latest/querying/api/ + local RESULT=$( curl {{ template "curl-options" . }} http://prometheus-operated.prometheus.svc.cluster.local:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{{ include "redpanda.fullname" . }}/0 | jq '.data.activeTargets[].health | select(. == "up")' | wc -l ) + + echo $RESULT + } + for d in $(seq 1 30); do + RESULT=$(curl_prometheus) + if [ $RESULT == {{ .Values.statefulset.replicas }} ]; then + break + fi + sleep 15 + done + + set +x + if [ $RESULT != {{ .Values.statefulset.replicas }} ]; then + curl --fail http://prometheus-operated.prometheus.svc.cluster.local:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{{ include "redpanda.fullname" . }}/0 | jq . + echo "the number of targets unexpected; got ${RESULT} targets 'up', but was expecting {{ .Values.statefulset.replicas }}" + exit 1 + fi +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-rack-awareness.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-rack-awareness.yaml new file mode 100644 index 000000000..82a31937f --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-rack-awareness.yaml @@ -0,0 +1,61 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if .Values.tests.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-rack-awareness + namespace: {{ .Release.Namespace | quote }} +{{- with include "full.labels" . }} + labels: {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} +{{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} +{{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - | + set -e +{{- if and .Values.rackAwareness.enabled (include "redpanda-atleast-22-3-0" . | fromJson).bool }} + curl {{ template "curl-options" . }} \ + {{- if (include "tls-enabled" . | fromJson).bool }} + {{- if (dig "default" "caEnabled" false .Values.tls.certs) }} + --cacert "/etc/tls/certs/default/ca.crt" \ + {{- end }} + https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}/v1/node_config | grep '"rack":"rack[1-4]"' + {{- else }} + http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}/v1/node_config | grep '"rack":"rack[1-4]"' + {{- end }} +{{- end }} + + rpk redpanda admin config print --host {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} | grep '"enable_rack_awareness": {{ .Values.rackAwareness.enabled }}' + + rpk cluster config get enable_rack_awareness + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-rpk-debug-bundle.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-rpk-debug-bundle.yaml new file mode 100644 index 000000000..3230f0881 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-rpk-debug-bundle.yaml @@ -0,0 +1,104 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* + +This test currently fails because of a bug where when multiple containers exist +The api returns an error. We should be requesting logs from each container. + + +{{- if and .Values.tests.enabled .Values.rbac.enabled (include "redpanda-atleast-23-1-1" .|fromJson).bool -}} + {{- $sasl := .Values.auth.sasl }} + {{- $useSaslSecret := and $sasl.enabled (not (empty $sasl.secretRef )) }} + + +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-rpk-debug-bundle + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + statefulset.kubernetes.io/pod-name: {{ include "redpanda.fullname" . }}-0 + topologyKey: kubernetes.io/hostname + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + initContainers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + - name: shared-data + mountPath: /usr/share/redpanda/test + - name: datadir + mountPath: /var/lib/redpanda/data + command: + - /bin/bash + - -c + - | + set -e + {{- if .Values.auth.sasl.enabled }} + old_setting=${-//[^x]/} + set +x + IFS=: read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + if [[ -n "$old_setting" ]]; then set -x; fi + {{- end }} + rpk debug bundle -o /usr/share/redpanda/test/debug-test.zip -n {{ .Release.Namespace }} + containers: + - name: {{ template "redpanda.name" . }}-tester + image: busybox:latest + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + - name: shared-data + mountPath: /test + command: + - /bin/ash + - -c + - | + set -e + unzip /test/debug-test.zip -d /tmp/bundle + + test -f /tmp/bundle/logs/{{ .Release.Namespace }}-0.txt + test -f /tmp/bundle/logs/{{ .Release.Namespace }}-1.txt + test -f /tmp/bundle/logs/{{ .Release.Namespace }}-2.txt + + test -d /tmp/bundle/controller + + test -f /tmp/bundle/k8s/pods.json + test -f /tmp/bundle/k8s/configmaps.json + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end -}} +*/}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/5.9.12/templates/tests/test-sasl-updated.yaml b/charts/redpanda/redpanda/5.9.12/templates/tests/test-sasl-updated.yaml new file mode 100644 index 000000000..5f61be552 --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/templates/tests/test-sasl-updated.yaml @@ -0,0 +1,71 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.tests.enabled (include "sasl-enabled" . | fromJson).bool (eq .Values.auth.sasl.secretRef "some-users") -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-update-sasl-users" + namespace: {{ .Release.Namespace | quote }} + labels: +{{- with include "full.labels" . }} + {{- . | nindent 4 }} +{{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation +spec: + restartPolicy: Never + securityContext: {{ include "pod-security-context" . | nindent 4 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 4 }} + {{- end }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -e + IFS=: read -r {{ include "rpk-sasl-environment-variables" . }} < <(grep "" $(find /etc/secrets/users/* -print)) + {{- if (include "redpanda-atleast-23-2-1" . | fromJson).bool }} + RPK_SASL_MECHANISM=${RPK_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- else }} + REDPANDA_SASL_MECHANISM=${REDPANDA_SASL_MECHANISM:-{{ .Values.auth.sasl.mechanism | upper }}} + {{- end }} + export {{ include "rpk-sasl-environment-variables" . }} + + set -x + + # check that the users list did update + ready_result_exit_code=1 + while [[ ${ready_result_exit_code} -ne 0 ]]; do + ready_result=$(rpk acl user list | grep anotheranotherme 2>&1) && ready_result_exit_code=$? + sleep 2 + done + + # check that sasl is not broken + {{ include "rpk-cluster-info" $ }} + volumeMounts: {{ include "default-mounts" . | nindent 8 }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + securityContext: {{ include "container-security-context" . | nindent 8 }} + volumes: {{ include "default-volumes" . | nindent 4 }} +{{- end }} diff --git a/charts/redpanda/redpanda/5.9.12/values.schema.json b/charts/redpanda/redpanda/5.9.12/values.schema.json new file mode 100644 index 000000000..1988612cd --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/values.schema.json @@ -0,0 +1,15713 @@ +{ + "$id": "https://github.com/redpanda-data/helm-charts/charts/redpanda/values", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "description": "DO NOT EDIT!. This file was generated by ./cmd/genschema/genschema.go", + "properties": { + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "oneOf": [ + { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "auditLogging": { + "properties": { + "clientMaxBufferSize": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "enabledEventTypes": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "excludedPrincipals": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "excludedTopics": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "listener": { + "type": "string" + }, + "partitions": { + "type": "integer" + }, + "queueDrainIntervalMs": { + "type": "integer" + }, + "queueMaxBufferSizePerShard": { + "type": "integer" + }, + "replicationFactor": { + "oneOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "auth": { + "properties": { + "sasl": { + "properties": { + "bootstrapUser": { + "properties": { + "mechanism": { + "pattern": "^(SCRAM-SHA-512|SCRAM-SHA-256)$", + "type": "string" + }, + "name": { + "type": "string" + }, + "password": { + "type": "string" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "mechanism": { + "type": "string" + }, + "secretRef": { + "type": "string" + }, + "users": { + "oneOf": [ + { + "items": { + "properties": { + "mechanism": { + "pattern": "^(SCRAM-SHA-512|SCRAM-SHA-256)$", + "type": "string" + }, + "name": { + "type": "string" + }, + "password": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "required": [ + "enabled" + ], + "type": "object" + } + }, + "required": [ + "sasl" + ], + "type": "object" + }, + "clusterDomain": { + "type": "string" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "config": { + "properties": { + "cluster": { + "type": "object" + }, + "node": { + "type": "object" + }, + "pandaproxy_client": { + "properties": { + "consumer_heartbeat_interval_ms": { + "type": "integer" + }, + "consumer_rebalance_timeout_ms": { + "type": "integer" + }, + "consumer_request_max_bytes": { + "type": "integer" + }, + "consumer_request_timeout_ms": { + "type": "integer" + }, + "consumer_session_timeout_ms": { + "type": "integer" + }, + "produce_batch_delay_ms": { + "type": "integer" + }, + "produce_batch_record_count": { + "type": "integer" + }, + "produce_batch_size_bytes": { + "type": "integer" + }, + "retries": { + "type": "integer" + }, + "retry_base_backoff_ms": { + "type": "integer" + } + }, + "type": "object" + }, + "rpk": { + "type": "object" + }, + "schema_registry_client": { + "properties": { + "consumer_heartbeat_interval_ms": { + "type": "integer" + }, + "consumer_rebalance_timeout_ms": { + "type": "integer" + }, + "consumer_request_max_bytes": { + "type": "integer" + }, + "consumer_request_timeout_ms": { + "type": "integer" + }, + "consumer_session_timeout_ms": { + "type": "integer" + }, + "produce_batch_delay_ms": { + "type": "integer" + }, + "produce_batch_record_count": { + "type": "integer" + }, + "produce_batch_size_bytes": { + "type": "integer" + }, + "retries": { + "type": "integer" + }, + "retry_base_backoff_ms": { + "type": "integer" + } + }, + "type": "object" + }, + "tunable": { + "additionalProperties": true, + "properties": { + "group_initial_rebalance_delay": { + "type": "integer" + }, + "log_retention_ms": { + "type": "integer" + } + }, + "type": "object" + } + }, + "required": [ + "cluster", + "node", + "tunable" + ], + "type": "object" + }, + "connectors": { + "properties": { + "auth": { + "properties": { + "sasl": { + "properties": { + "enabled": { + "type": "boolean" + }, + "mechanism": { + "type": "string" + }, + "secretRef": { + "type": "string" + }, + "userName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "connectors": { + "properties": { + "additionalConfiguration": { + "type": "string" + }, + "bootstrapServers": { + "type": "string" + }, + "brokerTLS": { + "properties": { + "ca": { + "properties": { + "secretNameOverwrite": { + "type": "string" + }, + "secretRef": { + "type": "string" + } + }, + "type": "object" + }, + "cert": { + "properties": { + "secretNameOverwrite": { + "type": "string" + }, + "secretRef": { + "type": "string" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "key": { + "properties": { + "secretNameOverwrite": { + "type": "string" + }, + "secretRef": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "groupID": { + "type": "string" + }, + "producerBatchSize": { + "type": "integer" + }, + "producerLingerMS": { + "type": "integer" + }, + "restPort": { + "type": "integer" + }, + "schemaRegistryURL": { + "type": "string" + }, + "secretManager": { + "properties": { + "connectorsPrefix": { + "type": "string" + }, + "consolePrefix": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "region": { + "type": "string" + } + }, + "type": "object" + }, + "storage": { + "properties": { + "remote": { + "properties": { + "read": { + "properties": { + "config": { + "type": "boolean" + }, + "offset": { + "type": "boolean" + }, + "status": { + "type": "boolean" + } + }, + "type": "object" + }, + "write": { + "properties": { + "config": { + "type": "boolean" + }, + "offset": { + "type": "boolean" + }, + "status": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "replicationFactor": { + "properties": { + "config": { + "type": "integer" + }, + "offset": { + "type": "integer" + }, + "status": { + "type": "integer" + } + }, + "type": "object" + }, + "topic": { + "properties": { + "config": { + "type": "string" + }, + "offset": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "container": { + "properties": { + "javaGCLogEnabled": { + "type": "string" + }, + "resources": { + "properties": { + "javaMaxHeapSize": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "request": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "drop": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "deployment": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "budget": { + "properties": { + "maxUnavailable": { + "type": "integer" + } + }, + "type": "object" + }, + "command": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "create": { + "type": "boolean" + }, + "extraEnv": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "extraEnvFrom": { + "oneOf": [ + { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "oneOf": [ + { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "custom": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "topologyKey": { + "type": "string" + }, + "type": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "progressDeadlineSeconds": { + "type": "integer" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "replicas": { + "type": "integer" + }, + "restartPolicy": { + "type": "string" + }, + "revisionHistoryLimit": { + "type": "integer" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "supplementalGroups": { + "oneOf": [ + { + "items": { + "type": "integer" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "sysctls": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "strategy": { + "properties": { + "rollingUpdate": { + "properties": { + "maxSurge": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "maxUnavailable": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "oneOf": [ + { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "topologySpreadConstraints": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "maxSkew": { + "type": "integer" + }, + "minDomains": { + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "fullnameOverride": { + "type": "string" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "logging": { + "properties": { + "level": { + "type": "string" + } + }, + "type": "object" + }, + "monitoring": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "namespaceSelector": { + "properties": { + "any": { + "type": "boolean" + }, + "matchNames": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "scrapeInterval": { + "type": "string" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "service": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "storage": { + "properties": { + "volume": { + "oneOf": [ + { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "properties": {}, + "type": "object" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "properties": {}, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "properties": {}, + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "properties": {}, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "targetPortal": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "volumeMounts": { + "oneOf": [ + { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "test": { + "properties": { + "create": { + "type": "boolean" + } + }, + "type": "object" + }, + "tolerations": { + "oneOf": [ + { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "console": { + "properties": { + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "oneOf": [ + { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "autoscaling": { + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + }, + "type": "object" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "configmap": { + "properties": { + "create": { + "type": "boolean" + } + }, + "type": "object" + }, + "console": { + "properties": { + "config": { + "type": "object" + }, + "roleBindings": { + "oneOf": [ + { + "items": { + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "roles": { + "oneOf": [ + { + "items": { + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "deployment": { + "properties": { + "command": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "create": { + "type": "boolean" + }, + "extraArgs": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "enterprise": { + "properties": { + "licenseSecretRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "extraContainers": { + "oneOf": [ + { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "type": "integer" + } + }, + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "type": "integer" + } + }, + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "extraEnv": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "extraEnvFrom": { + "oneOf": [ + { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "extraVolumeMounts": { + "oneOf": [ + { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "extraVolumes": { + "oneOf": [ + { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "properties": {}, + "type": "object" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "properties": {}, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "properties": {}, + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "properties": {}, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "targetPortal": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "fullnameOverride": { + "type": "string" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "ingress": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "oneOf": [ + { + "items": { + "properties": { + "host": { + "type": "string" + }, + "paths": { + "items": { + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "tls": { + "oneOf": [ + { + "items": { + "properties": { + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "initContainers": { + "properties": { + "extraInitContainers": { + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podSecurityContext": { + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "supplementalGroups": { + "oneOf": [ + { + "items": { + "type": "integer" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "sysctls": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "path": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "scheme": { + "type": "string" + } + }, + "type": "object" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "type": "object" + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "properties": { + "claims": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "create": { + "type": "boolean" + }, + "enterprise": { + "properties": { + "license": { + "type": "string" + } + }, + "type": "object" + }, + "kafka": { + "properties": { + "awsMskIamSecretKey": { + "type": "string" + }, + "protobufGitBasicAuthPassword": { + "type": "string" + }, + "saslPassword": { + "type": "string" + }, + "schemaRegistryPassword": { + "type": "string" + }, + "schemaRegistryTlsCa": { + "type": "string" + }, + "schemaRegistryTlsCert": { + "type": "string" + }, + "schemaRegistryTlsKey": { + "type": "string" + }, + "tlsCa": { + "type": "string" + }, + "tlsCert": { + "type": "string" + }, + "tlsKey": { + "type": "string" + }, + "tlsPassphrase": { + "type": "string" + } + }, + "type": "object" + }, + "login": { + "properties": { + "github": { + "properties": { + "clientSecret": { + "type": "string" + }, + "personalAccessToken": { + "type": "string" + } + }, + "type": "object" + }, + "google": { + "properties": { + "clientSecret": { + "type": "string" + }, + "groupsServiceAccount": { + "type": "string" + } + }, + "type": "object" + }, + "jwtSecret": { + "type": "string" + }, + "oidc": { + "properties": { + "clientSecret": { + "type": "string" + } + }, + "type": "object" + }, + "okta": { + "properties": { + "clientSecret": { + "type": "string" + }, + "directoryApiToken": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "redpanda": { + "properties": { + "adminApi": { + "properties": { + "password": { + "type": "string" + }, + "tlsCa": { + "type": "string" + }, + "tlsCert": { + "type": "string" + }, + "tlsKey": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "secretMounts": { + "oneOf": [ + { + "items": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "secretName": { + "type": "string" + }, + "subPath": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "drop": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "nodePort": { + "type": "integer" + }, + "port": { + "type": "integer" + }, + "targetPort": { + "type": "integer" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "strategy": { + "properties": { + "rollingUpdate": { + "properties": { + "maxSurge": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "maxUnavailable": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "tests": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "tolerations": { + "oneOf": [ + { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "topologySpreadConstraints": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "maxSkew": { + "type": "integer" + }, + "minDomains": { + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "enterprise": { + "properties": { + "license": { + "type": "string" + }, + "licenseSecretRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "external": { + "properties": { + "addresses": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "domain": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "externalDns": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "prefixTemplate": { + "type": "string" + }, + "service": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "sourceRanges": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "type": { + "pattern": "^(LoadBalancer|NodePort)$", + "type": "string" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "force": { + "type": "boolean" + }, + "fullnameOverride": { + "type": "string" + }, + "image": { + "description": "Values used to define the container image to be used for Redpanda", + "properties": { + "pullPolicy": { + "description": "The Kubernetes Pod image pull policy.", + "pattern": "^(Always|Never|IfNotPresent)$", + "type": "string" + }, + "repository": { + "default": "docker.redpanda.com/redpandadata/redpanda", + "description": "container image repository", + "type": "string" + }, + "tag": { + "default": "Chart.appVersion", + "description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.", + "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$", + "type": "string" + } + }, + "required": [ + "repository", + "pullPolicy" + ], + "type": "object" + }, + "imagePullSecrets": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "license_key": { + "deprecated": true, + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\\.(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$|^$", + "type": "string" + }, + "license_secret_ref": { + "deprecated": true, + "properties": { + "secret_key": { + "type": "string" + }, + "secret_name": { + "type": "string" + } + }, + "type": "object" + }, + "listeners": { + "properties": { + "admin": { + "properties": { + "appProtocol": { + "type": "string" + }, + "external": { + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "properties": { + "advertisedPorts": { + "items": { + "type": "integer" + }, + "minItems": 1, + "type": "array" + }, + "enabled": { + "type": "boolean" + }, + "nodePort": { + "type": "integer" + }, + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "cert", + "requireClientAuth" + ], + "type": "object" + } + }, + "required": [ + "port", + "tls" + ], + "type": "object" + }, + "http": { + "properties": { + "authenticationMethod": { + "oneOf": [ + { + "enum": [ + "none", + "http_basic" + ], + "type": "string" + }, + { + "type": "null" + } + ] + }, + "enabled": { + "type": "boolean" + }, + "external": { + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "properties": { + "advertisedPorts": { + "items": { + "type": "integer" + }, + "minItems": 1, + "type": "array" + }, + "authenticationMethod": { + "oneOf": [ + { + "enum": [ + "none", + "http_basic" + ], + "type": "string" + }, + { + "type": "null" + } + ] + }, + "enabled": { + "type": "boolean" + }, + "nodePort": { + "type": "integer" + }, + "port": { + "type": "integer" + }, + "prefixTemplate": { + "type": "string" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "kafkaEndpoint": { + "pattern": "^[A-Za-z_-][A-Za-z0-9_-]*$", + "type": "string" + }, + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "cert", + "requireClientAuth" + ], + "type": "object" + } + }, + "required": [ + "enabled", + "tls", + "kafkaEndpoint", + "port" + ], + "type": "object" + }, + "kafka": { + "properties": { + "authenticationMethod": { + "oneOf": [ + { + "enum": [ + "sasl", + "none", + "mtls_identity" + ], + "type": "string" + }, + { + "type": "null" + } + ] + }, + "external": { + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "properties": { + "advertisedPorts": { + "items": { + "type": "integer" + }, + "minItems": 1, + "type": "array" + }, + "authenticationMethod": { + "oneOf": [ + { + "enum": [ + "sasl", + "none", + "mtls_identity" + ], + "type": "string" + }, + { + "type": "null" + } + ] + }, + "enabled": { + "type": "boolean" + }, + "nodePort": { + "type": "integer" + }, + "port": { + "type": "integer" + }, + "prefixTemplate": { + "type": "string" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "cert", + "requireClientAuth" + ], + "type": "object" + } + }, + "required": [ + "tls", + "port" + ], + "type": "object" + }, + "rpc": { + "properties": { + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "cert", + "requireClientAuth" + ], + "type": "object" + } + }, + "required": [ + "port", + "tls" + ], + "type": "object" + }, + "schemaRegistry": { + "properties": { + "authenticationMethod": { + "oneOf": [ + { + "enum": [ + "none", + "http_basic" + ], + "type": "string" + }, + { + "type": "null" + } + ] + }, + "enabled": { + "type": "boolean" + }, + "external": { + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "properties": { + "advertisedPorts": { + "items": { + "type": "integer" + }, + "minItems": 1, + "type": "array" + }, + "authenticationMethod": { + "oneOf": [ + { + "enum": [ + "none", + "http_basic" + ], + "type": "string" + }, + { + "type": "null" + } + ] + }, + "enabled": { + "type": "boolean" + }, + "nodePort": { + "type": "integer" + }, + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "kafkaEndpoint": { + "pattern": "^[A-Za-z_-][A-Za-z0-9_-]*$", + "type": "string" + }, + "port": { + "type": "integer" + }, + "tls": { + "properties": { + "cert": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "requireClientAuth": { + "type": "boolean" + }, + "trustStore": { + "maxProperties": 1, + "minProperties": 1, + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "cert", + "requireClientAuth" + ], + "type": "object" + } + }, + "required": [ + "enabled", + "kafkaEndpoint", + "port", + "tls" + ], + "type": "object" + } + }, + "required": [ + "admin", + "http", + "kafka", + "schemaRegistry", + "rpc" + ], + "type": "object" + }, + "logging": { + "properties": { + "logLevel": { + "pattern": "^(error|warn|info|debug|trace)$", + "type": "string" + }, + "usageStats": { + "properties": { + "clusterId": { + "type": "string" + }, + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + } + }, + "required": [ + "logLevel", + "usageStats" + ], + "type": "object" + }, + "monitoring": { + "properties": { + "enableHttp2": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "scrapeInterval": { + "type": "string" + }, + "tlsConfig": { + "properties": { + "ca": { + "properties": { + "configMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "caFile": { + "type": "string" + }, + "cert": { + "properties": { + "configMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "certFile": { + "type": "string" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "keyFile": { + "type": "string" + }, + "keySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "serverName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "enabled", + "scrapeInterval" + ], + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "post_install_job": { + "properties": { + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "oneOf": [ + { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podTemplate": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "spec": { + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "oneOf": [ + { + "items": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "enum": [ + "redpanda", + "post-install", + "post-upgrade", + "redpanda-controllers" + ], + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "env" + ], + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "securityContext": { + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "supplementalGroups": { + "oneOf": [ + { + "items": { + "type": "integer" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "sysctls": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumes": { + "oneOf": [ + { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "properties": {}, + "type": "object" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "properties": {}, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "properties": {}, + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "properties": {}, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "targetPortal": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "required": [ + "containers" + ], + "type": "object" + } + }, + "required": [ + "labels", + "annotations", + "spec" + ], + "type": "object" + }, + "resources": { + "properties": { + "claims": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "drop": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "post_upgrade_job": { + "properties": { + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "oneOf": [ + { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "weight": { + "type": "integer" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "oneOf": [ + { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "topologyKey": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "backoffLimit": { + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "extraEnv": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "extraEnvFrom": { + "oneOf": [ + { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podTemplate": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "spec": { + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "oneOf": [ + { + "items": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "enum": [ + "redpanda", + "post-install", + "post-upgrade", + "redpanda-controllers" + ], + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "env" + ], + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "securityContext": { + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "supplementalGroups": { + "oneOf": [ + { + "items": { + "type": "integer" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "sysctls": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumes": { + "oneOf": [ + { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "properties": {}, + "type": "object" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "properties": {}, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "properties": {}, + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "properties": {}, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "targetPortal": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "required": [ + "containers" + ], + "type": "object" + } + }, + "required": [ + "labels", + "annotations", + "spec" + ], + "type": "object" + }, + "resources": { + "properties": { + "claims": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "drop": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "rackAwareness": { + "properties": { + "enabled": { + "type": "boolean" + }, + "nodeAnnotation": { + "type": "string" + } + }, + "required": [ + "enabled", + "nodeAnnotation" + ], + "type": "object" + }, + "rbac": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "annotations" + ], + "type": "object" + }, + "resources": { + "properties": { + "cpu": { + "properties": { + "cores": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "overprovisioned": { + "type": "boolean" + } + }, + "required": [ + "cores" + ], + "type": "object" + }, + "memory": { + "properties": { + "container": { + "properties": { + "max": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "min": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "required": [ + "max" + ], + "type": "object" + }, + "enable_memory_locking": { + "type": "boolean" + }, + "redpanda": { + "properties": { + "memory": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "reserveMemory": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "required": [ + "container" + ], + "type": "object" + } + }, + "required": [ + "cpu", + "memory" + ], + "type": "object" + }, + "service": { + "properties": { + "internal": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "annotations", + "create", + "name" + ], + "type": "object" + }, + "statefulset": { + "properties": { + "additionalRedpandaCmdFlags": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "additionalSelectorLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "budget": { + "properties": { + "maxUnavailable": { + "type": "integer" + } + }, + "required": [ + "maxUnavailable" + ], + "type": "object" + }, + "extraVolumeMounts": { + "type": "string" + }, + "extraVolumes": { + "type": "string" + }, + "initContainerImage": { + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "initContainers": { + "properties": { + "configurator": { + "properties": { + "extraVolumeMounts": { + "type": "string" + }, + "resources": { + "type": "object" + } + }, + "type": "object" + }, + "extraInitContainers": { + "type": "string" + }, + "fsValidator": { + "properties": { + "enabled": { + "type": "boolean" + }, + "expectedFS": { + "type": "string" + }, + "extraVolumeMounts": { + "type": "string" + }, + "resources": { + "type": "object" + } + }, + "type": "object" + }, + "setDataDirOwnership": { + "properties": { + "enabled": { + "type": "boolean" + }, + "extraVolumeMounts": { + "type": "string" + }, + "resources": { + "type": "object" + } + }, + "type": "object" + }, + "setTieredStorageCacheDirOwnership": { + "properties": { + "extraVolumeMounts": { + "type": "string" + }, + "resources": { + "type": "object" + } + }, + "type": "object" + }, + "tuning": { + "properties": { + "extraVolumeMounts": { + "type": "string" + }, + "resources": { + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + }, + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "type": "object" + }, + "nodeAffinity": { + "type": "object" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "custom": { + "type": "object" + }, + "topologyKey": { + "type": "string" + }, + "type": { + "pattern": "^(hard|soft|custom)$", + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "required": [ + "topologyKey", + "type", + "weight" + ], + "type": "object" + }, + "podSecurityContext": { + "deprecated": true, + "properties": { + "allowPriviledgeEscalation": { + "type": "boolean" + }, + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + }, + "type": "object" + }, + "podTemplate": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "spec": { + "properties": { + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "oneOf": [ + { + "items": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "enum": [ + "redpanda", + "post-install", + "post-upgrade", + "redpanda-controllers" + ], + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "name", + "env" + ], + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "securityContext": { + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "supplementalGroups": { + "oneOf": [ + { + "items": { + "type": "integer" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "sysctls": { + "oneOf": [ + { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "volumes": { + "oneOf": [ + { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "creationTimestamp": { + "properties": {}, + "type": "object" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "properties": {}, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "managedFields": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "properties": {}, + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "properties": {}, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "targetPortal": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "type": "object" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "resource": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "required": [ + "containers" + ], + "type": "object" + } + }, + "required": [ + "labels", + "annotations", + "spec" + ], + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "readinessProbe": { + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "type": "object" + }, + "replicas": { + "type": "integer" + }, + "securityContext": { + "deprecated": true, + "properties": { + "allowPriviledgeEscalation": { + "type": "boolean" + }, + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "enum": [ + "OnRootMismatch", + "Always" + ], + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + }, + "type": "object" + }, + "sideCars": { + "properties": { + "configWatcher": { + "properties": { + "enabled": { + "type": "boolean" + }, + "extraVolumeMounts": { + "type": "string" + }, + "resources": { + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "drop": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "controllers": { + "properties": { + "createRBAC": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "healthProbeAddress": { + "type": "string" + }, + "image": { + "properties": { + "repository": { + "default": "docker.redpanda.com/redpandadata/redpanda-operator", + "type": "string" + }, + "tag": { + "default": "Chart.appVersion", + "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$", + "type": "string" + } + }, + "required": [ + "tag", + "repository" + ], + "type": "object" + }, + "metricsAddress": { + "type": "string" + }, + "resources": true, + "run": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "add": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "drop": { + "oneOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ] + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + }, + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "oneOf": [ + { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "topologySpreadConstraints": { + "oneOf": [ + { + "items": { + "properties": { + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "pattern": "^(ScheduleAnyway|DoNotSchedule)$", + "type": "string" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "updateStrategy": { + "properties": { + "type": { + "pattern": "^(RollingUpdate|OnDelete)$", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + } + }, + "required": [ + "additionalSelectorLabels", + "replicas", + "updateStrategy", + "podTemplate", + "budget", + "startupProbe", + "livenessProbe", + "readinessProbe", + "podAffinity", + "podAntiAffinity", + "nodeSelector", + "priorityClassName", + "topologySpreadConstraints", + "tolerations", + "securityContext", + "sideCars" + ], + "type": "object" + }, + "storage": { + "properties": { + "hostPath": { + "type": "string" + }, + "persistentVolume": { + "deprecated": true, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "nameOverwrite": { + "type": "string" + }, + "size": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "storageClass": { + "type": "string" + } + }, + "required": [ + "annotations", + "enabled", + "labels", + "size", + "storageClass" + ], + "type": "object" + }, + "tiered": { + "properties": { + "config": { + "properties": { + "cloud_storage_access_key": { + "type": "string" + }, + "cloud_storage_api_endpoint": { + "type": "string" + }, + "cloud_storage_api_endpoint_port": { + "type": "integer" + }, + "cloud_storage_azure_adls_endpoint": { + "type": "string" + }, + "cloud_storage_azure_adls_port": { + "type": "integer" + }, + "cloud_storage_bucket": { + "type": "string" + }, + "cloud_storage_cache_check_interval": { + "type": "integer" + }, + "cloud_storage_cache_directory": { + "type": "string" + }, + "cloud_storage_cache_size": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "cloud_storage_credentials_source": { + "pattern": "^(config_file|aws_instance_metadata|sts|gcp_instance_metadata)$", + "type": "string" + }, + "cloud_storage_disable_tls": { + "type": "boolean" + }, + "cloud_storage_enable_remote_read": { + "type": "boolean" + }, + "cloud_storage_enable_remote_write": { + "type": "boolean" + }, + "cloud_storage_enabled": { + "type": "boolean" + }, + "cloud_storage_initial_backoff_ms": { + "type": "integer" + }, + "cloud_storage_manifest_upload_timeout_ms": { + "type": "integer" + }, + "cloud_storage_max_connection_idle_time_ms": { + "type": "integer" + }, + "cloud_storage_max_connections": { + "type": "integer" + }, + "cloud_storage_reconciliation_interval_ms": { + "type": "integer" + }, + "cloud_storage_region": { + "type": "string" + }, + "cloud_storage_secret_key": { + "type": "string" + }, + "cloud_storage_segment_max_upload_interval_sec": { + "type": "integer" + }, + "cloud_storage_segment_upload_timeout_ms": { + "type": "integer" + }, + "cloud_storage_trust_file": { + "type": "string" + }, + "cloud_storage_upload_ctrl_d_coeff": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_max_shares": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_min_shares": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_p_coeff": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_update_interval_ms": { + "type": "integer" + } + }, + "required": [ + "cloud_storage_enabled" + ], + "type": "object" + }, + "credentialsSecretRef": { + "properties": { + "accessKey": { + "properties": { + "configurationKey": { + "type": "string" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "secretKey": { + "properties": { + "configurationKey": { + "type": "string" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "hostPath": { + "type": "string" + }, + "mountType": { + "pattern": "^(none|hostPath|emptyDir|persistentVolume)$", + "type": "string" + }, + "persistentVolume": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "nameOverwrite": { + "type": "string" + }, + "size": { + "type": "string" + }, + "storageClass": { + "type": "string" + } + }, + "required": [ + "annotations", + "labels", + "storageClass" + ], + "type": "object" + } + }, + "required": [ + "mountType" + ], + "type": "object" + }, + "tieredConfig": { + "deprecated": true, + "properties": { + "cloud_storage_access_key": { + "type": "string" + }, + "cloud_storage_api_endpoint": { + "type": "string" + }, + "cloud_storage_api_endpoint_port": { + "type": "integer" + }, + "cloud_storage_azure_adls_endpoint": { + "type": "string" + }, + "cloud_storage_azure_adls_port": { + "type": "integer" + }, + "cloud_storage_bucket": { + "type": "string" + }, + "cloud_storage_cache_check_interval": { + "type": "integer" + }, + "cloud_storage_cache_directory": { + "type": "string" + }, + "cloud_storage_cache_size": { + "oneOf": [ + { + "type": "integer" + }, + { + "pattern": "^[0-9]+(\\.[0-9]){0,1}(m|k|M|G|T|P|Ki|Mi|Gi|Ti|Pi)?$", + "type": "string" + } + ] + }, + "cloud_storage_credentials_source": { + "pattern": "^(config_file|aws_instance_metadata|sts|gcp_instance_metadata)$", + "type": "string" + }, + "cloud_storage_disable_tls": { + "type": "boolean" + }, + "cloud_storage_enable_remote_read": { + "type": "boolean" + }, + "cloud_storage_enable_remote_write": { + "type": "boolean" + }, + "cloud_storage_enabled": { + "type": "boolean" + }, + "cloud_storage_initial_backoff_ms": { + "type": "integer" + }, + "cloud_storage_manifest_upload_timeout_ms": { + "type": "integer" + }, + "cloud_storage_max_connection_idle_time_ms": { + "type": "integer" + }, + "cloud_storage_max_connections": { + "type": "integer" + }, + "cloud_storage_reconciliation_interval_ms": { + "type": "integer" + }, + "cloud_storage_region": { + "type": "string" + }, + "cloud_storage_secret_key": { + "type": "string" + }, + "cloud_storage_segment_max_upload_interval_sec": { + "type": "integer" + }, + "cloud_storage_segment_upload_timeout_ms": { + "type": "integer" + }, + "cloud_storage_trust_file": { + "type": "string" + }, + "cloud_storage_upload_ctrl_d_coeff": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_max_shares": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_min_shares": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_p_coeff": { + "type": "integer" + }, + "cloud_storage_upload_ctrl_update_interval_ms": { + "type": "integer" + } + }, + "type": "object" + }, + "tieredStorageHostPath": { + "deprecated": true, + "type": "string" + }, + "tieredStoragePersistentVolume": { + "deprecated": true, + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "storageClass": { + "type": "string" + } + }, + "required": [ + "annotations", + "enabled", + "labels", + "storageClass" + ], + "type": "object" + } + }, + "required": [ + "hostPath", + "tiered", + "persistentVolume" + ], + "type": "object" + }, + "tests": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "tls": { + "properties": { + "certs": { + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "properties": { + "applyInternalDNSNames": { + "type": "boolean" + }, + "caEnabled": { + "type": "boolean" + }, + "clientSecretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + }, + "duration": { + "pattern": ".*[smh]$", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "issuerRef": { + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "caEnabled" + ], + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "certs" + ], + "type": "object" + }, + "tolerations": { + "oneOf": [ + { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + { + "type": "null" + } + ] + }, + "tuning": { + "properties": { + "ballast_file_path": { + "type": "string" + }, + "ballast_file_size": { + "type": "string" + }, + "tune_aio_events": { + "type": "boolean" + }, + "tune_ballast_file": { + "type": "boolean" + }, + "tune_clocksource": { + "type": "boolean" + }, + "well_known_io": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "affinity", + "image" + ], + "type": "object" +} diff --git a/charts/redpanda/redpanda/5.9.12/values.yaml b/charts/redpanda/redpanda/5.9.12/values.yaml new file mode 100644 index 000000000..1a4678d7e --- /dev/null +++ b/charts/redpanda/redpanda/5.9.12/values.yaml @@ -0,0 +1,1133 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file contains values for variables referenced from yaml files in the templates directory. +# +# For further information on Helm templating see the documentation at: +# https://helm.sh/docs/chart_template_guide/values_files/ + +# +# >>> This chart requires Helm version 3.6.0 or greater <<< +# + +# Common settings +# +# -- Override `redpanda.name` template. +nameOverride: "" +# -- Override `redpanda.fullname` template. +fullnameOverride: "" +# -- Default Kubernetes cluster domain. +clusterDomain: cluster.local +# -- Additional labels to add to all Kubernetes objects. +# For example, `my.k8s.service: redpanda`. +commonLabels: {} +# -- Node selection constraints for scheduling Pods, can override this for StatefulSets. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). +nodeSelector: {} +# -- Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). +affinity: {} +# -- Taints to be tolerated by Pods, can override this for StatefulSets. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). +tolerations: [] + +# -- Redpanda Docker image settings. +image: + # -- Docker repository from which to pull the Redpanda Docker image. + repository: docker.redpanda.com/redpandadata/redpanda + # -- The Redpanda version. + # See DockerHub for: + # [All stable versions](https://hub.docker.com/r/redpandadata/redpanda/tags) + # and [all unstable versions](https://hub.docker.com/r/redpandadata/redpanda-unstable/tags). + # @default -- `Chart.appVersion`. + tag: "" + # -- The imagePullPolicy. + # If `image.tag` is 'latest', the default is `Always`. + pullPolicy: IfNotPresent + +# -- Redpanda Service settings. +# service: +# -- set service.name to override the default service name +# name: redpanda +# -- internal Service +# internal: +# -- add annotations to the internal Service +# annotations: {} +# +# -- eg. for a bare metal install using external-dns +# annotations: +# "external-dns.alpha.kubernetes.io/hostname": redpanda.domain.dom +# "external-dns.alpha.kubernetes.io/endpoints-type": HostIP + +# -- Pull secrets may be used to provide credentials to image repositories +# See the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). +imagePullSecrets: [] + +# -- DEPRECATED Enterprise license key (optional). +# For details, +# see the [License documentation](https://docs.redpanda.com/docs/get-started/licenses/?platform=kubernetes#redpanda-enterprise-edition). +license_key: "" +# -- DEPRECATED Secret name and secret key where the license key is stored. +license_secret_ref: {} + # secret_name: my-secret + # secret_key: key-where-license-is-stored + +# -- Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication +# for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0. +auditLogging: + # -- Enable or disable audit logging, for production clusters we suggest you enable, + # however, this will only work if you also enable sasl and a listener with sasl enabled. + enabled: false + # -- Kafka listener name, note that it must have `authenticationMethod` set to `sasl`. + # For external listeners, use the external listener name, such as `default`. + listener: internal + # -- Integer value defining the number of partitions used by a newly created audit topic. + partitions: 12 + # -- Event types that should be captured by audit logs, default is [`admin`, `authenticate`, `management`]. + enabledEventTypes: + # -- List of topics to exclude from auditing, default is null. + excludedTopics: + # -- List of principals to exclude from auditing, default is null. + excludedPrincipals: + # -- Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages. + clientMaxBufferSize: 16777216 + # -- In ms, frequency in which per shard audit logs are batched to client for write to audit log. + queueDrainIntervalMs: 500 + # -- Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard. + queueMaxBufferSizePerShard: 1048576 + # -- Defines the replication factor for a newly created audit log topic. This configuration applies + # only to the audit log topic and may be different from the cluster or other topic configurations. + # This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, + # Redpanda will use the `internal_topic_replication_factor cluster` config value. Default is `null` + replicationFactor: + +# -- Enterprise (optional) +# For details, +# see the [License documentation](https://docs.redpanda.com/docs/get-started/licenses/?platform=kubernetes#redpanda-enterprise-edition). +enterprise: + # -- license (optional). + license: "" + # -- Secret name and key where the license key is stored. + licenseSecretRef: {} + # name: my-secret + # key: key-where-license-is-stored + +# -- Rack Awareness settings. +# For details, +# see the [Rack Awareness documentation](https://docs.redpanda.com/docs/manage/kubernetes/kubernetes-rack-awareness/). +rackAwareness: + # -- When running in multiple racks or availability zones, use a Kubernetes Node + # annotation value as the Redpanda rack value. + # Enabling this requires running with a service account with "get" Node permissions. + # To have the Helm chart configure these permissions, + # set `serviceAccount.create=true` and `rbac.enabled=true`. + enabled: false + # -- The common well-known annotation to use as the rack ID. + # Override this only if you use a custom Node annotation. + nodeAnnotation: topology.kubernetes.io/zone + +# +# -- Redpanda Console settings. +# For a reference of configuration settings, +# see the [Redpanda Console documentation](https://docs.redpanda.com/docs/reference/console/config/). +console: + enabled: true + configmap: + create: false + secret: + create: false + deployment: + create: false + config: {} + +# +# -- Redpanda Managed Connectors settings +# For a reference of configuration settings, +# see the [Redpanda Connectors documentation](https://docs.redpanda.com/docs/deploy/deployment-option/cloud/managed-connectors/). +connectors: + enabled: false + deployment: + create: false + test: + create: false + +# -- Authentication settings. +# For details, +# see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/). +auth: + sasl: + # -- Enable SASL authentication. + # If you enable SASL authentication, you must provide a Secret in `auth.sasl.secretRef`. + enabled: false + # -- The authentication mechanism to use for the superuser. Options are `SCRAM-SHA-256` and `SCRAM-SHA-512`. + mechanism: SCRAM-SHA-512 + # -- A Secret that contains your superuser credentials. + # For details, + # see the [SASL documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/sasl-kubernetes/#use-secrets). + secretRef: "redpanda-users" + # -- Optional list of superusers. + # These superusers will be created in the Secret whose name is defined in `auth.sasl.secretRef`. + # If this list is empty, + # the Secret in `auth.sasl.secretRef` must already exist in the cluster before you deploy the chart. + # Uncomment the sample list if you wish to try adding sample sasl users or override to use your own. + users: [] + # - name: admin + # password: change-me + # mechanism: SCRAM-SHA-512 + # -- Details about how to create the bootstrap user for the cluster. + # The secretKeyRef is optionally specified. If it is specified, the + # chart will use a password written to that secret when creating the + # "kubernetes-controller" bootstrap user. If it is unspecified, then + # the secret will be generated and stored in the secret + # "releasename"-bootstrap-user, with the key "password". + bootstrapUser: + # -- The name used to override the name of the bootstrap user. If unspecified the bootstrap user is named + # "kubernetes-controller". This should only be specified when SASL authentication is enabled (usually installation) + # and should not be changed afterward. + # name: my-user + # -- The authentication mechanism to use for the bootstrap user. Options are `SCRAM-SHA-256` and `SCRAM-SHA-512`. + mechanism: SCRAM-SHA-256 + # secretKeyRef: + # name: my-password + # key: my-key + +# -- TLS settings. +# For details, see the [TLS documentation](https://docs.redpanda.com/docs/manage/kubernetes/security/kubernetes-tls/). +tls: + # -- Enable TLS globally for all listeners. + # Each listener must include a Certificate name in its `.tls` object. + # To allow you to enable TLS for individual listeners, + # Certificates in `auth.tls.certs` are always loaded, even if `tls.enabled` is `false`. + # See `listeners..tls.enabled`. + enabled: true + # -- List all Certificates here, + # then you can reference a specific Certificate's name + # in each listener's `listeners..tls.cert` setting. + certs: + # -- This key is the Certificate name. + # To apply the Certificate to a specific listener, + # reference the Certificate's name in `listeners..tls.cert`. + default: + # -- To use a custom pre-installed Issuer, + # add its name and kind to the `issuerRef` object. + # issuerRef: + # name: redpanda-default-root-issuer + # kind: Issuer # Can be Issuer or ClusterIssuer + # -- To use a secret with custom tls files, + # secretRef: + # name: my-tls-secret + # -- Indicates whether or not the Secret holding this certificate + # includes a `ca.crt` key. When `true`, chart managed clients, such as + # rpk, will use `ca.crt` for certificate verification and listeners with + # `require_client_auth` and no explicit `truststore` will use `ca.crt` as + # their `truststore_file` for verification of client certificates. When + # `false`, chart managed clients will use `tls.crt` for certificate + # verification and listeners with `require_client_auth` and no explicit + # `truststore` will use the container's CA certificates. + caEnabled: true + # duration: 43800h + # if you wish to have Kubernetes internal dns names (IE the headless service of the redpanda StatefulSet) included in `dnsNames` of the certificate even, when supplying an issuer. + # applyInternalDNSNames: false + # -- Example external tls configuration + # uncomment and set the right key to the listeners that require them + # also enable the tls setting for those listeners. + external: + # -- To use a custom pre-installed Issuer, + # add its name and kind to the `issuerRef` object. + # issuerRef: + # name: redpanda-default-root-issuer + # kind: Issuer # Can be Issuer or ClusterIssuer + # -- To use a secret with custom tls files, + # secretRef: + # name: my-tls-secret + # -- Indicates whether or not the Secret holding this certificate + # includes a `ca.crt` key. When `true`, chart managed clients, such as + # rpk, will use `ca.crt` for certificate verification and listeners with + # `require_client_auth` and no explicit `truststore` will use `ca.crt` as + # their `truststore_file` for verification of client certificates. When + # `false`, chart managed clients will use `tls.crt` for certificate + # verification and listeners with `require_client_auth` and no explicit + # `truststore` will use the container's CA certificates. + caEnabled: true + # duration: 43800h + # if you wish to for apply internal dns names to the certificate even when supplying an issuer + # applyInternalDNSNames: false + +# -- External access settings. +# For details, +# see the [Networking and Connectivity documentation](https://docs.redpanda.com/docs/manage/kubernetes/networking/networking-and-connectivity/). +external: + # -- Service allows you to manage the creation of an external kubernetes service object + service: + # -- Enabled if set to false will not create the external service type + # You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). + # Set this to false if you rather manage your own service. + enabled: true + # -- Enable external access for each Service. + # You can toggle external access for each listener in + # `listeners..external..enabled`. + enabled: true + # -- External access type. Only `NodePort` and `LoadBalancer` are supported. + # If undefined, then advertised listeners will be configured in Redpanda, + # but the helm chart will not create a Service. + # You must create a Service manually. + # Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. + # NodePort is recommended in cases where latency is a priority. + type: NodePort + # Optional source range for external access. Only applicable when external.type is LoadBalancer + # sourceRanges: [] + # -- Optional domain advertised to external clients + # If specified, then it will be appended to the `external.addresses` values as each broker's advertised address + # domain: local + # Optional list of addresses that the Redpanda brokers advertise. + # Provide one entry for each broker in order of StatefulSet replicas. + # The number of brokers is defined in statefulset.replicas. + # The values can be IP addresses or DNS names. + # If external.domain is set, the domain is appended to these values. + # There is an option to define a single external address for all brokers and leverage + # prefixTemplate as it will be calculated during initContainer execution. + # addresses: + # - redpanda-0 + # - redpanda-1 + # - redpanda-2 + # + # annotations: + # For example: + # cloud.google.com/load-balancer-type: "Internal" + # service.beta.kubernetes.io/aws-load-balancer-type: nlb + # If you enable externalDns, each LoadBalancer service instance + # will be annotated with external-dns hostname + # matching external.addresses + external.domain + # externalDns: + # enabled: true + # prefixTemplate: "" + +# -- Log-level settings. +logging: + # -- Log level + # Valid values (from least to most verbose) are: `warn`, `info`, `debug`, and `trace`. + logLevel: info + # -- Send usage statistics back to Redpanda Data. + # For details, + # see the [stats reporting documentation](https://docs.redpanda.com/docs/cluster-administration/monitoring/#stats-reporting). + usageStats: + # Enable the `rpk.enable_usage_stats` property. + enabled: true + # Your cluster ID (optional) + # clusterId: your-helm-cluster + +# -- Monitoring. +# This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. +monitoring: + enabled: false + scrapeInterval: 30s + labels: {} + # Enables http2 for scraping metrics for prometheus. Used when Istio's mTLS is enabled and using tlsConfig. + # enableHttp2: true + # tlsConfig: + # caFile: /etc/prom-certs/root-cert.pem + # certFile: /etc/prom-certs/cert-chain.pem + # insecureSkipVerify: true + # keyFile: /etc/prom-certs/key.pem + +# -- Pod resource management. +# This section simplifies resource allocation +# by providing a single location where resources are defined. +# Helm sets these resource values within the `statefulset.yaml` and `configmap.yaml` templates. +# +# The default values are for a development environment. +# Production-level values and other considerations are documented, +# where those values are different from the default. +# For details, +# see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/). +resources: + # + # -- CPU resources. + # For details, + # see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/#configure-cpu-resources). + cpu: + # -- Redpanda makes use of a thread per core model. + # For details, see this [blog](https://redpanda.com/blog/tpc-buffers). + # For this reason, Redpanda should only be given full cores. + # + # Note: You can increase cores, but decreasing cores is not currently supported. + # See the [GitHub issue](https://github.com/redpanda-data/redpanda/issues/350). + # + # This setting is equivalent to `--smp`, `resources.requests.cpu`, and `resources.limits.cpu`. + # For production, use `4` or greater. + # + # To maximize efficiency, use the `static` CPU manager policy by specifying an even integer for + # CPU resource requests and limits. This policy gives the Pods running Redpanda brokers + # access to exclusive CPUs on the node. See + # https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy. + cores: 1 + # + # -- Overprovisioned means Redpanda won't assume it has all of the provisioned CPU. + # This should be true unless the container has CPU affinity. + # Equivalent to: `--idle-poll-time-us 0 --thread-affinity 0 --poll-aio 0` + # + # If the value of full cores in `resources.cpu.cores` is less than `1`, this + # setting is set to `true`. + # overprovisioned: false + # + # -- Memory resources + # For details, + # see the [Pod resources documentation](https://docs.redpanda.com/docs/manage/kubernetes/manage-resources/#configure-memory-resources). + memory: + # -- Enables memory locking. + # For production, set to `true`. + # enable_memory_locking: false + # + # It is recommended to have at least 2Gi of memory per core for the Redpanda binary. + # This memory is taken from the total memory given to each container. + # The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for + # the Seastar subsystem (reserveMemory) and other container processes. + # So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. + # + # These values affect `--memory` and `--reserve-memory` flags passed to Redpanda and the memory + # requests/limits in the StatefulSet. + # Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi + # To create `Guaranteed` Pod QoS for Redpanda brokers, provide both container max and min values for the container. + # For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a memory limit and a memory request. + # * For every container in the Pod, the memory limit must equal the memory request. + # + container: + # Minimum memory count for each Redpanda broker. + # If omitted, the `min` value is equal to the `max` value (requested resources defaults to limits). + # This setting is equivalent to `resources.requests.memory`. + # For production, use 10Gi or greater. + # min: 2.5Gi + # + # -- Maximum memory count for each Redpanda broker. + # Equivalent to `resources.limits.memory`. + # For production, use `10Gi` or greater. + max: 2.5Gi + # + # This optional `redpanda` object allows you to specify the memory size for both the Redpanda + # process and the underlying reserved memory used by Seastar. + # This section is omitted by default, and memory sizes are calculated automatically + # based on container memory. + # Uncommenting this section and setting memory and reserveMemory values will disable + # automatic calculation. + # + # If you are setting the following values manually, keep in mind the following guidelines. + # Getting this wrong may lead to performance issues, instability, and loss of data: + # The amount of memory to allocate to a container is determined by the sum of three values: + # 1. Redpanda (at least 2Gi per core, ~80% of the container's total memory) + # 2. Seastar subsystem (200Mi * 0.2% of the container's total memory, 200Mi < x < 1Gi) + # 3. Other container processes (whatever small amount remains) + # redpanda: + # Memory for the Redpanda process. + # This must be lower than the container's memory (resources.memory.container.min if provided, otherwise + # resources.memory.container.max). + # Equivalent to --memory. + # For production, use 8Gi or greater. + # memory: 2Gi + # + # Memory reserved for the Seastar subsystem. + # Any value above 1Gi will provide diminishing performance benefits. + # Equivalent to --reserve-memory. + # For production, use 1Gi. + # reserveMemory: 200Mi + +# -- Persistence settings. +# For details, see the [storage documentation](https://docs.redpanda.com/docs/manage/kubernetes/configure-storage/). +storage: + # -- Absolute path on the host to store Redpanda's data. + # If unspecified, then an `emptyDir` volume is used. + # If specified but `persistentVolume.enabled` is true, `storage.hostPath` has no effect. + hostPath: "" + # -- If `persistentVolume.enabled` is true, a PersistentVolumeClaim is created and + # used to store Redpanda's data. Otherwise, `storage.hostPath` is used. + persistentVolume: + enabled: true + size: 20Gi + # -- To disable dynamic provisioning, set to `-`. + # If undefined or empty (default), then no storageClassName spec is set, + # and the default dynamic provisioner is chosen (gp2 on AWS, standard on + # GKE, AWS & OpenStack). + storageClass: "" + # -- Additional labels to apply to the created PersistentVolumeClaims. + labels: {} + # -- Additional annotations to apply to the created PersistentVolumeClaims. + annotations: {} + # -- Option to change volume claim template name for tiered storage persistent volume + # if tiered.mountType is set to `persistentVolume` + nameOverwrite: "" + # + # Settings for the Tiered Storage cache. + # For details, + # see the [Tiered Storage documentation](https://docs.redpanda.com/docs/manage/kubernetes/tiered-storage/#caching). + + tiered: + # mountType can be one of: + # - none: does not mount a volume. Tiered storage will use the data directory. + # - hostPath: will allow you to chose a path on the Node the pod is running on + # - emptyDir: will mount a fresh empty directory every time the pod starts + # - persistentVolume: creates and mounts a PersistentVolumeClaim + mountType: emptyDir + + # For the maximum size of the disk cache, see `tieredConfig.cloud_storage_cache_size`. + # + # -- Absolute path on the host to store Redpanda's Tiered Storage cache. + hostPath: "" + # PersistentVolumeClaim to be created for the Tiered Storage cache and + # used to store data retrieved from cloud storage, such as S3). + persistentVolume: + # -- To disable dynamic provisioning, set to "-". + # If undefined or empty (default), then no storageClassName spec is set, + # and the default dynamic provisioner is chosen (gp2 on AWS, standard on + # GKE, AWS & OpenStack). + storageClass: "" + # -- Additional labels to apply to the created PersistentVolumeClaims. + labels: {} + # -- Additional annotations to apply to the created PersistentVolumeClaims. + annotations: {} + + # credentialsSecretRef can be used to set `cloud_storage_secret_key` and/or `cloud_storage_access_key` from + # referenced Kubernetes Secret + credentialsSecretRef: + accessKey: + # https://docs.redpanda.com/current/reference/object-storage-properties/#cloud_storage_access_key + configurationKey: cloud_storage_access_key + # name: + # key: + secretKey: + # https://docs.redpanda.com/current/reference/object-storage-properties/#cloud_storage_secret_key + # or + # https://docs.redpanda.com/current/reference/object-storage-properties/#cloud_storage_azure_shared_key + configurationKey: cloud_storage_secret_key + # name: + # key + # -- DEPRECATED `configurationKey`, `name` and `key`. Please use `accessKey` and `secretKey` + # configurationKey: cloud_storage_secret_key + # name: + # key: + # + # -- Tiered Storage settings + # Requires `enterprise.licenseKey` or `enterprised.licenseSecretRef` + # For details, see the [Tiered Storage documentation](https://docs.redpanda.com/docs/manage/kubernetes/tiered-storage/). + # For a list of properties, see [Object Storage Properties](https://docs.redpanda.com/current/reference/properties/object-storage-properties/). + config: + # -- Global flag that enables Tiered Storage if a license key is provided. + # See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_enabled). + cloud_storage_enabled: false + # -- Cluster level default remote write configuration for new topics. + # See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_enable_remote_write). + cloud_storage_enable_remote_write: true + # -- Cluster level default remote read configuration for new topics. + # See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_enable_remote_read). + cloud_storage_enable_remote_read: true + # -- Maximum size of the disk cache used by Tiered Storage. + # Default is 20 GiB. + # See the [property reference documentation](https://docs.redpanda.com/docs/reference/object-storage-properties/#cloud_storage_cache_size). + cloud_storage_cache_size: 5368709120 + +post_install_job: + enabled: true + # Resource requests and limits for the post-install batch job + # resources: + # requests: + # cpu: 1 + # memory: 512Mi + # limits: + # cpu: 2 + # memory: 1024Mi + # labels: {} + # annotations: {} + affinity: {} + + podTemplate: + # -- Additional labels to apply to the Pods of this Job. + labels: {} + # -- Additional annotations to apply to the Pods of this Job. + annotations: {} + # -- A subset of Kubernetes' PodSpec type that will be merged into the + # final PodSpec. See [Merge Semantics](#merging-semantics) for details. + spec: + securityContext: {} + containers: + - name: post-install + securityContext: {} + env: [] + +statefulset: + # -- Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster) + replicas: 3 + updateStrategy: + type: RollingUpdate + budget: + maxUnavailable: 1 + # -- DEPRECATED Please use statefulset.podTemplate.annotations. + # Annotations are used only for `Statefulset.spec.template.metadata.annotations`. The StatefulSet does not have + # any dedicated annotation. + annotations: {} + # -- Additional labels to be added to statefulset label selector. + # For example, `my.k8s.service: redpanda`. + additionalSelectorLabels: {} + podTemplate: + # -- Additional labels to apply to the Pods of the StatefulSet. + labels: {} + # -- Additional annotations to apply to the Pods of the StatefulSet. + annotations: {} + # -- A subset of Kubernetes' PodSpec type that will be merged into the + # final PodSpec. See [Merge Semantics](#merging-semantics) for details. + spec: + securityContext: {} + containers: + - name: redpanda + securityContext: {} + env: [] + # -- Adjust the period for your probes to meet your needs. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + startupProbe: + initialDelaySeconds: 1 + failureThreshold: 120 + periodSeconds: 10 + livenessProbe: + initialDelaySeconds: 10 + failureThreshold: 3 + periodSeconds: 10 + readinessProbe: + initialDelaySeconds: 1 + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + # + # StatefulSet resources: + # Resources are set through the top-level resources section above. + # It is recommended to set resource values in that section rather than here, as this will guarantee + # memory is allocated across containers, Redpanda, and the Seastar subsystem correctly. + # This automatic memory allocation is in place because Repanda and the Seastar subsystem require flags + # at startup that set the amount of memory available to each process. + # Kubernetes (mainly statefulset), Redpanda, and Seastar memory values are tightly coupled. + # Adding a resource section here will be ignored. + # + # -- Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). + podAffinity: {} + # -- Anti-affinity rules for scheduling Pods of this StatefulSet. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity). + # You may either edit the default settings for anti-affinity rules, + # or specify new anti-affinity rules to use instead of the defaults. + podAntiAffinity: + # -- The topologyKey to be used. + # Can be used to spread across different nodes, AZs, regions etc. + topologyKey: kubernetes.io/hostname + # -- Valid anti-affinity types are `soft`, `hard`, or `custom`. + # Use `custom` if you want to supply your own anti-affinity rules in the `podAntiAffinity.custom` object. + type: hard + # -- Weight for `soft` anti-affinity rules. + # Does not apply to other anti-affinity types. + weight: 100 + # -- Change `podAntiAffinity.type` to `custom` and provide your own podAntiAffinity rules here. + custom: {} + # -- Node selection constraints for scheduling Pods of this StatefulSet. + # These constraints override the global `nodeSelector` value. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). + nodeSelector: {} + # -- PriorityClassName given to Pods of this StatefulSet. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). + priorityClassName: "" + # -- Taints to be tolerated by Pods of this StatefulSet. + # These tolerations override the global tolerations value. + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). + tolerations: [] + # For details, + # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + # -- DEPRECATED: Prefer to use podTemplate.spec.securityContext or podTemplate.spec.containers[0].securityContext. + securityContext: + fsGroup: 101 + runAsUser: 101 + fsGroupChangePolicy: OnRootMismatch + sideCars: + configWatcher: + enabled: true + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a memory limit and a memory request. + # * For every container in the Pod, the memory limit must equal the memory request. + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + # + # To maximize efficiency, use the `static` CPU manager policy by specifying an even integer for + # CPU resource requests and limits. This policy gives the Pods running Redpanda brokers + # access to exclusive CPUs on the node. For details, see + # https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy + resources: {} + securityContext: {} + extraVolumeMounts: |- + # Configure extra controllers to run as sidecars inside the Pods running Redpanda brokers. + # Available controllers: + # - Decommission Controller: The Decommission Controller ensures smooth scaling down operations. + # This controller is responsible for monitoring changes in the number of StatefulSet replicas and orchestrating + # the decommissioning of brokers when necessary. It also sets the reclaim policy for the decommissioned + # broker's PersistentVolume to `Retain` and deletes the corresponding PersistentVolumeClaim. + # - Node-PVC Controller: The Node-PVC Controller handles the PVCs of deleted brokers. + # By setting the PV Retain policy to retain, it facilitates the rescheduling of brokers to new, healthy nodes when + # an existing node is removed. + controllers: + image: + tag: v2.3.0-24.3.1 + repository: docker.redpanda.com/redpandadata/redpanda-operator + # You must also enable RBAC, `rbac.enabled=true`, to deploy this sidecar + enabled: false + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + # + # To maximize efficiency, use the `static` CPU manager policy by specifying an even integer for + # CPU resource requests and limits. This policy gives the Pods running Redpanda brokers + # access to exclusive CPUs on the node. For details, see + # https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy + resources: {} + securityContext: {} + healthProbeAddress: ":8085" + metricsAddress: ":9082" + run: + - all + createRBAC: true + initContainers: + fsValidator: + enabled: false + expectedFS: xfs + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + resources: {} + extraVolumeMounts: |- + tuning: + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + resources: {} + extraVolumeMounts: |- + setDataDirOwnership: + # -- In environments where root is not allowed, you cannot change the ownership of files and directories. + # Enable `setDataDirOwnership` when using default minikube cluster configuration. + enabled: false + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + resources: {} + extraVolumeMounts: |- + setTieredStorageCacheDirOwnership: + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + resources: {} + extraVolumeMounts: |- + configurator: + # -- To create `Guaranteed` Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see + # https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed + # * Every container in the Pod must have a CPU limit and a CPU request. + # * For every container in the Pod, the CPU limit must equal the CPU request. + resources: {} + extraVolumeMounts: |- + ## Additional init containers + extraInitContainers: |- +# - name: "test-init-container" +# image: "mintel/docker-alpine-bash-curl-jq:latest" +# command: [ "/bin/bash", "-c" ] +# args: +# - | +# set -xe +# echo "Hello World!" + initContainerImage: + repository: busybox + tag: latest + # -- Additional flags to pass to redpanda, + additionalRedpandaCmdFlags: [] +# - --unsafe-bypass-fsync + # -- Termination grace period in seconds is time required to execute preStop hook + # which puts particular Redpanda Pod (process/container) into maintenance mode. + # Before settle down on particular value please put Redpanda under load and perform + # rolling upgrade or rolling restart. That value needs to accommodate two processes: + # * preStop hook needs to put Redpanda into maintenance mode + # * after preStop hook Redpanda needs to handle gracefully SIGTERM signal + # + # Both processes are executed sequentially where preStop hook has hard deadline in the + # middle of terminationGracePeriodSeconds. + # + # REF: + # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution + # https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: 90 + ## Additional Volumes that you mount + extraVolumes: |- + ## Additional Volume mounts for redpanda container + extraVolumeMounts: |- + +# -- Service account management. +serviceAccount: + # -- Specifies whether a service account should be created. + create: false + # -- Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers + automountServiceAccountToken: false + # -- Annotations to add to the service account. + annotations: {} + # -- The name of the service account to use. + # If not set and `serviceAccount.create` is `true`, + # a name is generated using the `redpanda.fullname` template. + name: "" + +# -- Role Based Access Control. +rbac: + # -- Enable for features that need extra privileges. + # If you use the Redpanda Operator, + # you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag + # to give it the required ClusterRoles. + enabled: false + # -- Annotations to add to the `rbac` resources. + annotations: {} + +# -- Redpanda tuning settings. +# Each is set to their default values in Redpanda. +tuning: + # -- Increase the maximum number of outstanding asynchronous IO operations if the + # current value is below a certain threshold. This allows Redpanda to make as many + # simultaneous IO requests as possible, increasing throughput. + # + # When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting `tune_aio_events` to `false`. + # For more details, see the [tuning documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-tune-workers/). + tune_aio_events: true + # + # Syncs NTP + # tune_clocksource: false + # + # Creates a "ballast" file so that, if a Redpanda node runs out of space, + # you can delete the ballast file to allow the node to resume operations and then + # delete a topic or records to reduce the space used by Redpanda. + # tune_ballast_file: false + # + # The path where the ballast file will be created. + # ballast_file_path: "/var/lib/redpanda/data/ballast" + # + # The ballast file size. + # ballast_file_size: "1GiB" + # + # (Optional) The vendor, VM type and storage device type that redpanda will run on, in + # the format ::. This hints to rpk which configuration values it + # should use for the redpanda IO scheduler. + # Some valid values are "gcp:c2-standard-16:nvme", "aws:i3.xlarge:default" + # well_known_io: "" + # + # The following tuning parameters must be false in container environments and will be ignored: + # tune_network + # tune_disk_scheduler + # tune_disk_nomerges + # tune_disk_irq + # tune_fstrim + # tune_cpu + # tune_swappiness + # tune_transparent_hugepages + # tune_coredump + + +# -- Listener settings. +# +# Override global settings configured above for individual +# listeners. +# For details, +# see the [listeners documentation](https://docs.redpanda.com/docs/manage/kubernetes/networking/configure-listeners/). +listeners: + # -- Admin API listener (only one). + admin: + # -- The port for both internal and external connections to the Admin API. + port: 9644 + # -- Optional instrumentation hint - https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + # appProtocol: + # -- Optional external access settings. + external: + # -- Name of the external listener. + default: + port: 9645 + # Override the global `external.enabled` for only this listener. + # enabled: true + # -- The port advertised to this listener's external clients. + # List one port if you want to use the same port for each broker (would be the case when using NodePort service). + # Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. + # If undefined, `listeners.admin.port` is used. + tls: + # enabled: true + cert: external + advertisedPorts: + - 31644 + # -- Optional TLS section (required if global TLS is enabled) + tls: + # Optional flag to override the global TLS enabled flag. + # enabled: true + # -- Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs). + cert: default + # -- If true, the truststore file for this listener is included in the ConfigMap. + requireClientAuth: false + # -- Kafka API listeners. + kafka: + # -- The port for internal client connections. + port: 9093 + # default is "sasl" + authenticationMethod: + tls: + # Optional flag to override the global TLS enabled flag. + # enabled: true + cert: default + requireClientAuth: false + external: + default: + # enabled: true + # -- The port used for external client connections. + port: 9094 + # prefixTemplate: "" + # -- If undefined, `listeners.kafka.external.default.port` is used. + advertisedPorts: + - 31092 + tls: + # enabled: true + cert: external + # default is "sasl" + authenticationMethod: + # -- RPC listener (this is never externally accessible). + rpc: + port: 33145 + tls: + # Optional flag to override the global TLS enabled flag. + # enabled: true + cert: default + requireClientAuth: false + # -- Schema registry listeners. + schemaRegistry: + enabled: true + port: 8081 + kafkaEndpoint: default + # default is "http_basic" + authenticationMethod: + tls: + # Optional flag to override the global TLS enabled flag. + # enabled: true + cert: default + requireClientAuth: false + external: + default: + # enabled: true + port: 8084 + advertisedPorts: + - 30081 + tls: + # enabled: true + cert: external + requireClientAuth: false + # default is "http_basic" + authenticationMethod: + # -- HTTP API listeners (aka PandaProxy). + http: + enabled: true + port: 8082 + kafkaEndpoint: default + # default is "http_basic" + authenticationMethod: + tls: + # Optional flag to override the global TLS enabled flag. + # enabled: true + cert: default + requireClientAuth: false + external: + default: + # enabled: true + port: 8083 + # prefixTemplate: "" + advertisedPorts: + - 30082 + tls: + # enabled: true + cert: external + requireClientAuth: false + # default is "http_basic" + authenticationMethod: + +# Expert Config +# Here be dragons! +# +# -- This section contains various settings supported by Redpanda that may not work +# correctly in a Kubernetes cluster. Changing these settings comes with some risk. +# +# Use these settings to customize various Redpanda configurations that are not covered in other sections. +# These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, +# and therefore should not be modified for the purpose of configuring those objects. +# Instead, these settings get passed directly to the Redpanda binary at startup. +# For descriptions of these properties, +# see the [configuration documentation](https://docs.redpanda.com/docs/cluster-administration/configuration/). +config: + rpk: {} + # additional_start_flags: # List of flags to pass to rpk, e.g., ` "--idle-poll-time-us=0"` + # -- [Cluster Configuration Properties](https://docs.redpanda.com/current/reference/properties/cluster-properties/) + cluster: {} + + # -- Tunable cluster properties. + # Deprecated: all settings here may be specified via `config.cluster`. + tunable: + # -- See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#log_segment_size_min). + log_segment_size_min: 16777216 # 16 mb + # -- See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#log_segment_size_max). + log_segment_size_max: 268435456 # 256 mb + # -- See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#compacted_log_segment_size). + compacted_log_segment_size: 67108864 # 64 mb + # -- See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#max_compacted_log_segment_size). + max_compacted_log_segment_size: 536870912 # 512 mb + # -- See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#kafka_connection_rate_limit). + kafka_connection_rate_limit: 1000 + + # -- [Broker (node) Configuration Properties](https://docs.redpanda.com/docs/reference/broker-properties/). + node: + # -- Crash loop limit + # A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. + # This limit prevents a broker from getting stuck in an infinite cycle of crashes. + # User can disable this crash loop limit check by the following action: + # + # * One hour elapses since the last crash + # * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects + # * The startup_log file in the node’s data_directory is manually deleted + # + # Default to 5 + # REF: https://docs.redpanda.com/current/reference/broker-properties/#crash_loop_limit + crash_loop_limit: 5 + + # Reference schema registry client https://docs.redpanda.com/current/reference/node-configuration-sample/ + schema_registry_client: {} + # # Number of times to retry a request to a broker + # # Default: 5 + # retries: 5 + # + # # Delay (in milliseconds) for initial retry backoff + # # Default: 100ms + # retry_base_backoff_ms: 100 + # + # # Number of records to batch before sending to broker + # # Default: 1000 + # produce_batch_record_count: 1000 + # + # # Number of bytes to batch before sending to broker + # # Defautl 1MiB + # produce_batch_size_bytes: 1048576 + # + # # Delay (in milliseconds) to wait before sending batch + # # Default: 100ms + # produce_batch_delay_ms: 100 + # + # # Interval (in milliseconds) for consumer request timeout + # # Default: 100ms + # consumer_request_timeout_ms: 100 + # + # # Max bytes to fetch per request + # # Default: 1MiB + # consumer_request_max_bytes: 1048576 + # + # # Timeout (in milliseconds) for consumer session + # # Default: 10s + # consumer_session_timeout_ms: 10000 + # + # # Timeout (in milliseconds) for consumer rebalance + # # Default: 2s + # consumer_rebalance_timeout_ms: 2000 + # + # # Interval (in milliseconds) for consumer heartbeats + # # Default: 500ms + # consumer_heartbeat_interval_ms: 500 + + # Reference panda proxy client https://docs.redpanda.com/current/reference/node-configuration-sample/ + pandaproxy_client: {} + # # Number of times to retry a request to a broker + # # Default: 5 + # retries: 5 + # + # # Delay (in milliseconds) for initial retry backoff + # # Default: 100ms + # retry_base_backoff_ms: 100 + # + # # Number of records to batch before sending to broker + # # Default: 1000 + # produce_batch_record_count: 1000 + # + # # Number of bytes to batch before sending to broker + # # Defautl 1MiB + # produce_batch_size_bytes: 1048576 + # + # # Delay (in milliseconds) to wait before sending batch + # # Default: 100ms + # produce_batch_delay_ms: 100 + # + # # Interval (in milliseconds) for consumer request timeout + # # Default: 100ms + # consumer_request_timeout_ms: 100 + # + # # Max bytes to fetch per request + # # Default: 1MiB + # consumer_request_max_bytes: 1048576 + # + # # Timeout (in milliseconds) for consumer session + # # Default: 10s + # consumer_session_timeout_ms: 10000 + # + # # Timeout (in milliseconds) for consumer rebalance + # # Default: 2s + # consumer_rebalance_timeout_ms: 2000 + # + # # Interval (in milliseconds) for consumer heartbeats + # # Default: 500ms + # consumer_heartbeat_interval_ms: 500 + + # Invalid properties + # Any of these properties will be ignored. These otherwise valid properties are not allowed + # to be used in this section since they impact deploying Redpanda in Kubernetes. + # Make use of the above sections to modify these values instead (see comments below). + # admin: "127.0.0.1:9644" # Address and port of admin server: use listeners.admin + # admin_api_tls: validate_many # TLS configuration for admin HTTP server: use listeners.admin.tls + # advertised_kafka_api: None # Address of Kafka API published to the clients + # advertised_pandaproxy_api: None # Rest API address and port to publish to client + # advertised_rpc_api: None # Address of RPC endpoint published to other cluster members + # enable_admin_api: true # Enable the admin API + # enable_sasl: false # Enable SASL authentication for Kafka connections + # kafka_api: "127.0.0.1:9092" # Address and port of an interface to listen for Kafka API requests + # kafka_api_tls: None # TLS configuration for Kafka API endpoint + # pandaproxy_api: "0.0.0.0:8082" # Rest API listen address and port + # pandaproxy_api_tls: validate_many # TLS configuration for Pandaproxy api + # rpc_server: "127.0.0.1:33145" # IP address and port for RPC server + # rpc_server_tls: validate # TLS configuration for RPC server + # superusers: None # List of superuser usernames + +tests: + enabled: true diff --git a/index.yaml b/index.yaml index 5b404edb6..215ce1c35 100644 --- a/index.yaml +++ b/index.yaml @@ -37818,6 +37818,48 @@ entries: - assets/quobyte/quobyte-cluster-0.1.8.tgz version: 0.1.8 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v24.2.7 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.10.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v24.2.7 + created: "2024-11-23T00:02:31.850420269Z" + dependencies: + - condition: console.enabled + name: console + repository: https://charts.redpanda.com + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: https://charts.redpanda.com + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: e326d75fa671035119736ec31f29ffcfa7c53defde1cbd51261bb83a7c6e8880 + icon: file://assets/icons/redpanda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.9.12.tgz + version: 5.9.12 - annotations: artifacthub.io/images: | - name: redpanda @@ -49048,4 +49090,4 @@ entries: urls: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 -generated: "2024-11-22T00:01:48.381925448Z" +generated: "2024-11-23T00:02:26.864074855Z"