From 976c372244b04c03099e0ce9ad57924e10e03362 Mon Sep 17 00:00:00 2001 From: Samuel Attwood Date: Tue, 18 Oct 2022 02:35:48 -0400 Subject: [PATCH] CI Updated Charts Updated: redpanda/redpanda: - 2.2.0 --- assets/redpanda/redpanda-2.2.0.tgz | Bin 0 -> 27891 bytes charts/redpanda/redpanda/2.2.0/.helmignore | 23 + charts/redpanda/redpanda/2.2.0/Chart.yaml | 26 + charts/redpanda/redpanda/2.2.0/LICENSE | 201 +++++ charts/redpanda/redpanda/2.2.0/README.md | 40 + .../01-one-node-cluster-no-tls-no-sasl.yaml | 21 + .../ci/02-one-node-cluster-tls-no-sasl.yaml | 21 + .../ci/03-one-node-cluster-no-tls-sasl.yaml | 21 + .../ci/04-one-node-cluster-tls-sasl.yaml | 21 + charts/redpanda/redpanda/2.2.0/ci/ct.yaml | 18 + .../redpanda/2.2.0/templates/NOTES.txt | 76 ++ .../redpanda/2.2.0/templates/_helpers.tpl | 407 +++++++++ .../2.2.0/templates/cert-issuers.yaml | 91 ++ .../redpanda/2.2.0/templates/certs.yaml | 46 + .../redpanda/2.2.0/templates/configmap.yaml | 224 +++++ .../2.2.0/templates/poddisruptionbudget.yaml | 37 + .../templates/post-install-upgrade-job.yaml | 102 +++ .../2.2.0/templates/post-upgrade.yaml | 89 ++ .../2.2.0/templates/service.internal.yaml | 41 + .../2.2.0/templates/serviceaccount.yaml | 37 + .../2.2.0/templates/services.nodeport.yaml | 82 ++ .../redpanda/2.2.0/templates/statefulset.yaml | 364 ++++++++ .../templates/tests/test-api-status.yaml | 55 ++ .../tests/test-kafka-internal-tls-status.yaml | 79 ++ .../tests/test-kafka-sasl-status.yaml | 94 ++ .../tests/test-kafka-sasl-tls-status.yaml | 101 +++ .../test-pandaproxy-internal-tls-status.yaml | 79 ++ .../tests/test-pandaproxy-status.yaml | 44 + ...st-schemaregistry-internal-tls-status.yaml | 77 ++ .../tests/test-schemaregistry-status.yaml | 46 + .../redpanda/2.2.0/values.schema.json | 810 ++++++++++++++++++ charts/redpanda/redpanda/2.2.0/values.yaml | 580 +++++++++++++ index.yaml | 30 + 33 files changed, 3983 insertions(+) create mode 100644 assets/redpanda/redpanda-2.2.0.tgz create mode 100644 charts/redpanda/redpanda/2.2.0/.helmignore create mode 100644 charts/redpanda/redpanda/2.2.0/Chart.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/LICENSE create mode 100644 charts/redpanda/redpanda/2.2.0/README.md create mode 100644 charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/ci/ct.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/NOTES.txt create mode 100644 charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl create mode 100644 charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/certs.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/configmap.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml create mode 100644 charts/redpanda/redpanda/2.2.0/values.schema.json create mode 100644 charts/redpanda/redpanda/2.2.0/values.yaml diff --git a/assets/redpanda/redpanda-2.2.0.tgz b/assets/redpanda/redpanda-2.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fb06a9e10a9213244fe80a3a35b119b1936b3025 GIT binary patch literal 27891 zcmV)GK)$~piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYacN;gdC_eu_ehNIwd69BOidvIl#&eHGc09WAqGvgi-`q?t z4R(VhMopjtpd~T3-)H|F6qZJBTqIht6ZV{m#crTbC=?1+g+f7)IK?c+duJ0YRCk7_ z$)DE!^m@JC$N7xCqBR*{*6k&xEKJG?Xsf1|Q5z%c? z68BMxg%gruDH(U*UHyx%?8@AST`Ei6bvuq2(* z0N|AV!$G({XyG&sernR6v|=J7K~n`U9YTmoq$UIjf|HJ-Q-TN^Q%2B;3pC|15e(rp zmE9JNbUjBa!w=m^jj)tN$u1*mFU7xHt8_N{M%-k3htWU(eslc8uap1pZ1{cl`rzo< zlkc9r+WY!&G(7p{fSl|fe;x1dNBh0_cz7^8j`4ncj7Pmad4(0}NQGJ4F(VvLnzV({98=(ih)?&p7|Xpv;k}gbG$E}L6(!F^M4*KlFhvLxl1w|1 zmX)%lW+~}wIwdqR?B$13)4tdGtta;qkC*?~ILV0oC=0+``M=-m?VlW!Vf|jD$s(e57u$Am}@uu^8AJZJ%C#w}Ubk6M;A*2!w?ott}LBrUV^k ziVI|AHNs;-h!(xFi_j$@0R82wH|J+h(TFAl#Z;O~Bt|z>OO{hdSTwH-9!f{M> z!#F{djkuT^Gz1xA5mPos5l?4=jwcH78!aRzH0`#w&>P*2%kLZ}(tw3F6-WQ%ne9W+ zT}y>sWCbYF^LGnv>mqIYvAy#xn(+)x@eDDpP$o$LncPMsRfsYa@oAb+%p#I^%eT-) zfPjXFd|0FW;O$y+p5GqqA2ppPaurfA#Vb zz4{KFzWgWp{`}>WT|}sw5P`^TDm4CFAgakoVm+dceH;RsJM?dvl8BCIgc8ig86Fcf z=GR0p%^WEaQ!4dfN`zV5+CmAPQmgD#JJoFg=eXh29E~ZH$OuMg@fr)Nsi>(tB7(4p z#Aqb=6lt*u^`s`KhN{Rk1#Je!RDfzU>%#ba#|0W?0y-OVHD~DWB$>L3x(CwsIu3Oh zgjHWNhFhxiiqw@8&|~&sWg57)2jh&!#ESL-ptq-cdB&$x&a@(fr$iAU0kK!tL=Z!c#Wt) z45O8{5E3NilIp>$Rd8Df1t9F|k7Cm`sZlXzRj!z|5K?#yG|+Xmq=LpSvLw0S35{mx zh9-%Fp+TG`H+Uw|&4gIa!ec!FzcjkC))!M>xsT3AFS)u9L=vW2TUyrS68VbE&^AvE z)plC;_27!k03qOl(@aeWQ%Hg1Yaka`${Q|X zF9>w4u9?0-zahK=ZWt3rgl-KZNg_d104KF@`u?xrg+uKr+0L@GNj3CDV#(vjmA&CQNutO%wO4M~Lc3hPmZ zHPci9Bq)pNHH|ZzBr~+FWu-6L{fqCFM*XjVi*0SERl}%TP!~v4=*y5K{KgKrm-$8F zd?`J7NP(V9prpZQe1J@SH$f}`G=o(JK~1pIA02aJDS1To=W=nadLZl(u)r@Ha2gAq zr8!d85ELX_q5y>DC^tbtkZa2kGeo7#h>9Z&+Qa=@vruP@GwNO09m z8z|-kB%f9xXL?*;Uz`QCF|g?jX+wdLYtY{efMjM{ro+TdY$AzMry?^n+$aSxVOm-h z=MNnrMo3KJaKc(@HTP2+1T@MWhjPcX(>`a0MD3Pacf>V~NOwpS?p}F4sZ04DzLA|e z7%UlTZRt55k0~3s67#R&xaWL~5^_xp;{U)2jom13gL0e@EMZlga;cE5y8~l$g9Y0K z8MBLGGR(%iNC_P2Ax`-CxrW+@&$$XhSd22MRehE$|t-Cn3h_GuaIMaWdPFx5cXF$CU$N&dbj|PWzGvZ9rm=I7$H@LBPkY zjVu`nIwUdDW948txls@q!-S9bR2p@LnMOwjG8tSzf?&znZjOMZBWKA>FLYozAZ-f+ z0upVTfBbYX;{aS~dZod?eD&sOAN)mny`)T=O_CT0yJ(mx6cc!7oM9RumEfC-GNEaf z%-oVi;&T5Q*Ddc8wu{!`aj$^Y(_b=rjS~WZ2l0cAOG9s1iMrmf|W&RCZ zFz_XyVCtEukB+pSHU{(1XlT%_KH4v!@amcf;392PlNe12W-=%K4F{b?%1kTf3Qe#C zwa5C{!kT9nKXgOI+m73ifYe5r@uq?D$L(GOfIGYR0pZbzGOA{1n~b|?stq3&qba^c zc*w7f93;PFIB~;TB^`|u(n)z@wqZJ%L_O5$7z}73+_qO0USS5m(>1_Qluy$Z&6@Y_hR1bi~ z!B0hJ!TZ4*QijE>FetW;Hj40-o<~j+D6VkgKASnFxX~m1a5+dnl6=|vruT(o24C(= z-%g-S>}uq%LGr?WnFQ0wLe#J9auO^%+k$8fi@X3}J4I1wIVcreYpZ721cikMgz6qY zqd9>}bfpY&0lrI)2$PuzNC$jwq|CuHT9hRP^&5{yBvPo;u|3u}b~+Yu_flIz5?ml= zI14I*?z<`H6d^n7_skS`HqoVBpDu}VeKjhg%tj-6tEcuAdV!vy?M zzQV>NqEnoh31{deur<#x({GNS(Vd{*p5(bz`GPV!&8BX!BQV%B7Z#1Rq2O16k$65r zd`gufu~9zsY&SL)csF30n-BQbe%Q7oA%OraI0p@-c6=Kp=};q41B%zp-2I-OV@3I? z%S|clNgiA3I^x`&8jYA*`FXNoT1iwL&4+0+sWzK9JUIQnbiRG42d1IZL6Q6P^%1A6N{3@*KkkZl{0H&fR|Bt zBAi570?IPZ6rW;6BW+K6$U`j6rb{kQ43NC>ADGpvOz%S-m&ID?gb%^wFUYK115FYX zQ;CfUZ$NvTJff7dZiTPTN3d6>JLH-xYO=PCDQ4io+eKG|q*`iBsik{f7WOd`aK~(q z4K&}7*)kNIjSapjSGwQefk?E{r?{4-;KgDQF@7egjZUfXkS0{kc2UBm)C+>ve|8a3 zQFo_b@DE|**U8tf&k-_2**c45JEtH3V$e+_F^ zxCG{+}FZ?!!?dqTzA;ZUf%sbE_=OE8^!WX(QV4Exu1 zGc9hUM8M1FtwZCj+bz(zmAln%@Kfoh*%Z@p0Dg?>qW&m-9gS-R;XndJ7<%8Z@U6E@F?F2cIc6Y&GW$XWajP5 zY&s-DuPY_BQEG{7Eto(XpwhL^d`-sVJch!0EO*RCd_p5E`{=NRP?pA6kxM18B4cai z8b|eOo+Olwe}Dp-<9Yl7GdzYsB)3O?fdx(ya99tscueeW))e3V!0R`j_FdcR|buc%wS6? z?4@_4p6ca>1fgibY(ORd`s;!Z7^LAu@N7J>E{xQ=PIDvCE9-gzw~JJrgQd`z)2Lzc zVC8{?2J(bxRTA5XI1p;%3=7N@G23dnr^RWvF~X7HX4lci;_e3S5oaV-wathNK_ZpR z0#AExJUH7UaZYoyp^DN3gDPS+|6h}$$D!JajdL^33bS?Q<4GJH%rvX0@P4X$pHZN5 zhT9EjTkEdLEF9#WG7%hV(}D@5M_keIL?vKbr-}3aYq0`*2j1=P#tZfh+lhK64nHGR^<4$DAJ4uguq0VU*C|Ri62hyGDQt(>iJkAT z!0Nk;PXAl(YS9Kg)W)z`VDlFGs7QIOY%)A`UgI~jlr;3J@96ke@{xMGi{4JKh~MVQ zn{}OmDrmuZg|G&m)vCQ!im{6F)O;RWbE5w9o>kna|7V@ zO3^c_50CX&CUy!(oJl1xW$NJ>8^#bY0YA0=d1-(833wqW7gWu>I-L8?oAA3MdK$0P zw$@1n(SxktZ@HI|MnSW78Kpc%($LW`wc-f`^MPMw-L%xpn*uRlo6#>@2<5+IAN}<6 z($H(PFgJ-hW(sx!PBAT+&zJD^EdS^=)XOV!l&#EQxh zH45&fVM}t#W;fVKyC1c|lu7Fvu*QHhT0m}HgJs|sC|Fdrk|2@bTy@d8+n>;k?|rj2 zA}j}B_Q-AAq+6m#@|oaz-8MRPMnU=szs?#1kxI1R+c)Cyl0+G>4QGnnT1DQ1>Dyx9 zg~-^ce975s&Q)QD3qJfHiGa!6YeBF%#K#~U8E^R18xSoUI&*5i81?Sb`VR6?G3-KY zJcxW((VAKq3AFnCN9bblWLibE zL5iceOSFW5l!hJE~J~srj~Zct+{TALPaT* zp=-76DZjSikeNtkXee-WMU=GeFlrprne&h%%w}O!3bYjJTV~T;mJC(cWB|UOv1lSV zzE@v!~=;fP>yl|B8=*sAW<yggZsJ`mEIrjz8X=hc5f`yEb>l1|_Q-}-@ZG+NLpLCp#RSePl!>4@9K3=i zx~777$!}($h5!etan0>rW3iXeVIJ%Np%0F-g$4^PNct3w)EKj+zJ)IN6t*(*ct36Jw8v4} zj}AJ{E7sXR>9gx8Y44&ozL9-;*u71#7?Zx8y=}V`B+1~4@f$Xv+^zk72!a5pvbgYD z0>CLIq{!_`1mQ}CTT5n@5#Y%19V1FF*x{>~%Bz9zb>$1=QzFJhRz6ViOZaXim7vq` zjfsEpKjjThQ}APiZ$Tn_2ITo|L5-9 zjy*wOeR6qZu@-C~Ej1hDf%dJfAb7mB)$%{A<365JhE6Ze!>DsJfLC~Ql?S7naC427 zUW10jsrY(Xgm}!*vVjNy$Byt77B;(qqQCahpHGgCT;PD)7xt0C`Dq1&!eD7s4QJN? zytDpo7-;WFW)@cC!?f${TL<-R;LW)rvjFJG1&VpB94)$qpgg}n&jg2B`TM>A=R(kAu@khx;`o4$gv@Xa_iPNJqiR z6y2lXVW%kQh^}qKQ4q0miOW z1o&Q+j<2{aOZ}to1}fa=HX0N7@gg>>x<9cv%%fhRcxzH?)Y~9$@QE*O2 z3mhKyv^)^pMuWW3EF+@OI6Mv zERrX03Oo!Vq_CapPPzmPq9sSI80r1_z=S`)d2>b z-;C{RS1(QGTqnvH{Uw7Prs6@cLJtqie91?ZV>N{nHSQSI#jasH}3lNX`k%X-l%(kK+1hll$|#~+0kw!lX-#dd)bvjRg% z`1aanp61?8E{tqp%PA@l?o=5skVK)Kk;_Y&cBak$R7v;gRAg4x(Q zs3ZwZnyEcZgQPZC1(jDO6T{z$ATY579&;xDcg1dUk)%@|+dxv+h5VR@YX%NoXzkU8 zXoDlr+h2Agw-kjPbEu|?hbeOl`c)-!fsfCCUO>W!))qRq`$ML`fk8Yb%0+FP+!J|} zLMg~T*ei8eHtu$6uINW^nV)(F+VVk23eFTCm<|oVRU`+6xr63CTjo@*tTgru>0A|Hn>#V z44pqg9&n*WyCw~$L598v-Y>Q8<&g{$|6BG=fYyfom|26OIP*b7btAL3y$LopmO zy1~Y=9!=ofuoj)g#skJ#VSIe!VRZ`_Y`Vb|-wq^!{5Atcr-Wx}FqI&cC2W-@jyB!OVnXN$7^MnBSNPe~2Sb z5-LqhPmywz)l$wc^K&U@&r7UMxyy-O>jKgVBEjXu&@UN{u8445v^_RQQVX;J@{Zs* z2vZ(-PD~dVzhzXgf$6XyurkfceA4Sp>siIQ7>xJ8Rrh_gIhxE$S3_pg_AhZ{CHqQp z!*jmTNPo#lrU{ZNbEHe~q|%C>3JKQoV+LLOrm0_HD=+XZvXvkzA40rf_!=9wzZ}C^ zJQ6-0LvbT;l}#dOW4`TiHT? z=QoIt6k%H7xX~hoj`jQ+;^<0`FpE(Rz0{;|^8}PnCtg?WR1PS2SC}@eXaLTX3Qtqp zl2Z`02w18OFJnBUuqi>{PzYy(;Y<;!)o8ZDLNLX*2r7cnkYb^z%h?rEd4+~#1ai+1 z*2HyHNGhfSIb%^_5+1-D%nMvoZVuGsbJnp`B(R*!r@1-JEX`qh?&hsA*x>vyBrszN z`DV}rrzv5^g#)puzHct211MEkjENe6yafsl1Z-U&Jp0=+|J5#(ditAQt~ zksz+UMp7*`TyN~caf7KcF?%QiZ*P{mp%O%E)-D1MPS@pa|K_96q-++(Brk)L0gVUb zHl;=Z2YT)Idf)V#go8V{PXwZ|u|c6apy1q|F!?4}B9h=#OM5(0_RtONhu#S4@(h7n z6+(!-h&X@Jf^90Z0Oaa_qKGhx{~#KT3qyRoV0cR-3#SyB5)=~h<+`)o0u($+w29Bh z#`Q~XNtBr(*Ep0mLW@jbCohQyT1ZJUo)V_)Chx)V$qPDf`&qpDxEOZn? zM+xVtM?|Z1u-*>!gt8PlJh&RpA35ZfT%$YrNL)i3m?hYzQq+Rkh;;p~+Aw9KgpMc5 zN%H;Piv>cc+%UB4z*rQ3LnL7klpAA(4VTHO&5T@!$CyZu#mP}`Ar0yX;F>bZhweXR zX$DzxKwT~zv9_)A(MS?C7$upU6vrNPx&|p3@PVEqqud>HfvwDt`;Eg_HGskItpsWtO< zAW3B6!j@cl?rfQu=$S#Trz{lVg?4T5jTI#l@g#O3{~*e}VA)4Egk0^E+y`bdM>v|S zpsVNZ1E`Lmy6&D9Y9?mR+2JFi;p_P<2QeA)j77vTPao~iCvJ_@XXI8HkwKXO?&PS<^~@OFHpo{5~1K3Rw1LwjUJYjT>Vif7Tpg?efz8B;W|!FIL@ zay!A9RDL2A`U=J)PH_Z>KK2)Ob_<=^(k`MV1P3Tk7D#YMf^X3)IMMHCbrB7zrcUj$ z8kg&lMH*O65LNPwEK);59`rhuOUI^RYI75`(nanO8Yg<jv7iyK}{f2Z}(Ux`sbju&b^Tj<9? zxw+f;Uqi@LNukv&u!PpNg}x`VjyW}CBd;_VV<&KKmD*UwS>oDSU_mz7jr-4B`?`=g(E1^}t1EWc9BWDI~$EuGG(bg$Un+djt9-uqs*RlJIdvgdC-dsaR1dt0R!x>5XlITBii3vj09O$5yysH;93CDY9~~VY zYzeX1D+|rQ3seAUsSzA=5UTf z=81EA)cQ~?aPLDYIAcN|i6Bve=~R#WjdE;0M~5h3@tm-+nt&}!&CL)75ewGl`qRKm z?SWznlj&%oJ{q*=W<}_S3)?EULYbSg2j6_ZWIMUBvt%n0Q~^)B{iRm@3hm4(Btt$k z8YT^jBss^}>0w3xN|t=lk<=vpt(?4>(1e)WLpI|}lCJ?C8@Q;^@-Jsz>lQpo7Wr1U z(076mOIo`lVI8`;hG*FF71I|y2D;nv#~2_F>!q}VDw507Fysy$ppsZa1T@e9MHJG zfVrBm_`$>znEJ~3>5VRL?-5(E-7RzhM_F7#`tV#SGJ28)f#_~ge`n^Zm0bc|*75sKq0qcP` zfVDegGE4QEEx8z&BZ6AQeckPKd)@v1(c%6#f37Fcd3qYh!sUGR2M%*^?!1#94>=if zEMn7-Rf0*7y@10++UAh7al3~y;b%FHu2zK{H1QfoSB|}C&POJdKM{i|a5SGE@m2m(5=w=nQ2Ut&;bM;CRe5<5AvhmV+Uc)jp zbMp*WE*{SukLE$5$71?hNlkbInYo)MVv;5tW?+6_1PhWsnX}F>@D*{_3BWm2SeJZ! zH(YKK+tfaJfVWHG19{urO$R}ye>>SiF8%Y#(b2+zsBkMEl~2Zo^H?RaZz!i%4KP0! zHc`2K%-+bU8-b%+g_f@MXh;%U_YY3#a=e>&g^z+`jcGPasM~xt;*k1FB7)XnxIkho z-6W)AQ_u=7Q&Dl(GDP%3o8=}&8r`vb+UWI%XbL^F$#m@wLcULCFZdbQL;VADbi~}( zw`B7_Ub+J(<~(u*WJ(9bAJkb6sE?D?M0AxGz#f=`HAhE>i{We5GhA&C1J}SFX3-T{ z8e>fcQ^Tf&^XXWM303VXSZ>U1lfyh(W_vu}8rOYsmu_7i2Hu;x@hx6Ux42t2P!@}5 zLa%Y+l1bD+wq6p~b{`!qu>tu4-v)-Zq|+=>m=T^yl%k`E z!gBH$vJP zHMJV1sS=sbh_W2W3#^P33r@i|@V;9atVl0ZvA!YA#uLn9Il))Nrh75IraSDf*9GMS zd+aI6&$yJ^3EW2DRb9FzQGd3^M;)2zXpe08m2(k%cSge}rqB{`!Q*eRvyDkC7wTWO z9k_lK7cOXpUYLb5nBR-w<;P3?dcCMht;)fSyLbdA<$X?x93@Q-Z&WUL0u{&|5%w7i>5vGCZQBbQeok|%NY_KI zo|Cc=7~=LBtgiPhqz|z*9F^fFS}JX}37>(>nMT+vih^@VTHqR&Yc)yEHp=VMGbpI_mTU#5wUaxm@bOitQdcD%W zM<>UJCx6;MIy^W$IyyS;?fGAJaUf^Q9Xa3x3@9N@emJ(gooK83IT=J)OAN>T*rZ!w_-)Ea&>#xL9W3W-dFIpZ{4;3 zzNGGgzh=K}U;gaj)O4>5DSTh;Yq>|YC_punG_Q}^*Wd!BzmnLyPm5(;r=`+LeDPa~ zl_CO~{-2+4=ht56&z-?u_vin3)b_c$0+yXXg-_|^N@>?R4)>mvj* zys()$u=VdrGQEaNg~*8By1WM%eR=(5w~-oW6D(90r|CZo)Vq=5db{`jr~S^KfBx6M z;;(l8^{?*S-`oG$?`&`XXFquNUjIiE^tAKeou7Z|b^h%BhTkJwG(393jeizXeTrxOcHHWhXSLa>0-10+5hRZ^WTQY|6}jxcSj#~zN)-D`0)7g z`{Jv^507{L(_-fE(AHNS0?Wx2ZR;&BJD_xFv>MuLZWF#($5NpH;A1wepk|&z&K!?S>CJ~$)2|OjcAOBlR>U36hnyz_vvwJ;-7+*o*SWB; z5O~%u*F>m2rR-dhsjj|X^O@RjRnUw2Xv=6tz42>xM%5Op^w_nJrM%&yo{X!&uX$VB zW}7qeYSh3~s2PdInNlbPq^j>KDs;D@NST4n(?GnBjH~f3zSN~w!?xyawPd-}vQw2L zvdWAfbE-DuwP5{GiM+emcPK9{`Rn`G+`Dk4hn%IWEE`kGElW~f<}qpik6ktg zKj-V`;ODO%)s5a9M4Abh_YFTSlF~gtR{$-Lg>49N5wA&gjVoc=B&cfUae&_fpbh+4 z4>h)~tR*q66_kNO)cxuwIi39csHX9?O&6C^?*4NoG(j|g;CIZYn6ihNRkl!V#YK9r zOWD_;n%i!y0NkX0*I#MOI_~nFg(@^3k2R<}4@ttu&&f4O!ZFAs9+OLjm8=;DpOUUP z4j#@O>A6jW;Ntxa7VJG`BmO=n!)*Ls2^^7~1|kP|u2rLMRG#O^pE*m|d;zh_4D{E+ z-F>{HGz*8?M654A-E{S}&^qFR%rR5uQQB0ULubkq852>WbIDHP*F@x(fv#=bs{ zU2k{)!}itt7w@0F|DL{oLEk^4J9VpXoi&JWe{;0frWDvk@VNHZPyO35iWl-w*Z&l1{X#>@TyhUojE`n82aAKT)`tG;bMH| z!m=b^EZgQn35RG^P%F(te~ane=c2oixu6Udu4OLF(&{zL;b(ITbND7CMesVjr8sSNE zMe+I2JdkSd1MD%L`^nv2EDi){IV@$&b=MdNp) zdmR?{HE=3u-xpx9pX=w1qP*XX?(b`KON;hqcz<8R8){y65bR|QZ9UpaewA{0*h_9_ zcxUeazN0!5G<8q2V=bD|1dI5+$`A7MFGEqNgpce4b{!2eM9Xg zeSTdE+vOFxsjy}<*H*6kzO$AG4c}L$tdZ%fJ-hD=DBgqq{t17{m3wz53!!Yat%V2d zt>$+dM_2j2;~3tfes52Zzk7XMGNl#%>)joNJKOKE9Rit;mvB;qn{i8QlNhjf*_6De zg;Wy?)GR4$Noy`+UWTMiy)Rvnez(2Ztax+!-GPKxdfy33<*M7aG&=5 zM%mx>clWsir{lso0!O>T7Zat@g5xfY3XZ?RRfo&ZF4OQ@^x+eN!nZCpKxzRufEfo<2#a4(4S_UyRcW`_OcROKSlv`z25G@!DUuIs+Sqc5d z$R0E&aI!&9n z&7!g3&1TWqEE=u>up>TZG)~=8Qn>H@qpvgT3dC8P#h@;;jW&HQaDEr!@pLBO z5`TWf+sX~;&m6-{JOR#N+JoGMt#x(>!R2Xhh)E#h1W1l;!sg{-@HWA~^ z%}o~rmXL?hb!zYV`PtK#mrpwy)7B3xA<|smqvbIg&Ja%F_}4HYD8V;+m|!$uh$(|x zbtoI}B5B9C6^=ztAcqu{g~8$sVTRhLm+1VmjsA9ed49Ru`tkhD-(UUk2K{*Y`t|9{ zH|I|;(W}?!?A6OB=Wotmy}U%PzC))k|B1dofB9q=5ekf>e`^#NC!-71y}t z1xS*cl8BCIgc8ig86Fcf=GR0pxPq97DK)pLBh2DfLZ{S*##Ou1ZGE-(;X~_;v$4P` zOKdsL;KB|J2gT64cc^P}3ckcsfQy!*kxEd90r=M@4T4u-ca$Xwgz}-T zuHWh0U=>YTtv6zZB%cx_@ia}${Ueyga@SlW3UP<#;vsXjXM~ePGYFBY18@4R*1LBd z^a!)ro9CCP{}^pk7A09sKs)R>4GVSAd$>dGza(cnU9F=a)cNqi*M_|1h3XQ^WNv*| zdnou75mMJq1!Zc4+F!^{ult4Ue*xJya+q}l*{Lt#?r-nf+$+AILS2(|wCjW3x?tRP zwN0|q^1Tx273x23A&*rsv|mU>Zb^hXiXx3H>O}dqOPvnVbvqr~v&Uap2SAk@;PvAE zAy1`NfStL9ss9+Y+m4uY%qn8<>imBUOz#d4$Rvri6)p)IYpOeuTNieF8_YoIXFJCEU@jmfipGf>Iz+xSNuI1 zQ6be%ml=7wfDzV%jsd+qP66#4@i2=E1U!R)ZG<83If(T_H$HqoI7;B7k+B3#XYi|& zB8};oOi7`gXK*bIf%N>rV&R7A!v~+uU8_N@907AnMzN@s<)%n3%Ui7{kmq%1mR2X< zYpTY+T%mG8)Dl%qsl4KEt=?{)1y7CrH<*wl)zU|$$y(Z&Z~q;h93CE&?7!o~<4yke z2YEL3-^Tv?quPJK`%iDR{4>|AXdS>`Y^g0jSFYpk9>}#hqw#g}&v4CDXfZmSLzjGI zZ?Z%0krEk;(8(eENvD_DXhd&OyVI_!AA4WrYrShhYnwClONJ9Vq9oP>4TyJJKN15Q z$}8Q1?u0}`5@F4+U<(GR-J!c9N|M;zq6s8(LV!xNJv6t^Jb8Jk%fgk%DT#LGQ6<-f zJGu7h2;n|@V%Q>$-=JK9_}&25kc+$XruO^y)r*JUDI^{uIIO=>5%9#hW=m)mwQd| zn9S*ixu(H&1XWEQg~!Ia*O*b4#9smK z*A%0K;}{KbqSbz3bf>Ak&To`Ev?&2-C-B7B6q`Q`ms?n7gf$a0xAKr})B(|Ci(pZO1fHCbFuHwzdAV9n-Oif6JrDJT#TauG^LJ z&F!FVEr++wm91fYh!{idc2HJ7^T!rwe7~*&h|i|0j-Beex*GPm%{GsWHCxWzhAx)i z6>v3u?%u7Vrm}Y-l_|M!FV%mU-||GM^nT2wA$$hB1Rb5vN{>_`?G-&>?at+&IfR?X zK8q<8Vo}d()vhehX-#!kU^ES4Wj+&WbSLf-Y4jN|SMhMk{pM2<*5}vxHO{f6$ojEo z+q~{AKkpVpSz!hifvr3j8wZBu15?L9WhYip!+EkgNPzV`pT})+Q^5pL+j(!2M^<8%bZ1=sD+<%;-;1%PbPAv@<(ZRvl zDb`p>3tw+1tQjJ+kSKM8sV7zbyX+ne|E`;uLGz1dRUuMv?qmmoln7Y~{8==M{j_!7 z#F}|z95?~r=bwW4rDadWwcx&QlV7SI)hs2b?R+!s9MctM-0B>fb7wsXbDjdME#J*j z(sq<6^&qHF?o7adOHIj@`Dz|h?R|w_+gs7*8Jf=2?U*aD-tZT+UE|01k+>0O+S-=j z7NacUuvKa*8($w%9NkQKLJ-TQLn6?W4C!#Di0rlyI%jF7z%Mx@eRPH1qwmpsG)3>x z3-lh1(R=hvzoYtv{?9WS`t>{L(UeSqBLbQ|5=3SR*!jKSH60-?(DnpN=hgbY4fS^l zFR$Foa8Mozd}CXJ7K`4o@7tvpSM4%`*(<;#xY8W75>wc>kNsco(J0|qog7t4nht9H z;(CO(r&%)cmGm$44chPZdOJJ$uY)7_PqACDKereQ%9g_6ZYY$*Y7Tdla4!7sU`lAD ztAqKXZZM~-59W*VU`{`c!TeN4^nr)3RXS0C1AP>#Zj z>vyNH30v8Ns#VNOg^Numq{B1v8tf)coZ81oTwx4Y~jEJ(kF zP^Wo3^ZjYlsTZcb?TAmOghA+XrqFQaHu85()RjdjW47GR{8ow_x+-w*2eM%(ibH6w znrO2z;WrRNg4vQxyF9A+7HvxsBDhmBBpZ#!MRPu9!qumH!;meSi$wt*u4n5KP&kh5 znv;8qt1`2@gL>Uw?_dWV^m^r$aI8E$P%E2Oo5IJ2_2rXCa*jys{YDaTMM?O(l7Q2V z==*F$-}GKGufEmggu*vbM$`g4#tLm~LF#H$!~QF}Racvy^N8!{y3^3Bmk_rJF`@Z-k!lKc)mYCvM{+tr`N4LXHt!@`|zRv?%muI z_2sDcQY^z&M=t}iU=-O58d^$dh;^SH>rsfX%HM25(RQAVAl&}W-*wT>PD%3QrRIdb z)$ENI;_PV7)AGtHngJiT`kfCc&APENi)E}j2BIXphtod17_XLJ64bN>I2 zd;Y()rY=$PR|fIf~StoLAf@D=HN{J8j{V+9}zGzI3LT z;V}_i%J;7KTUV6DeRK{0TT`O2My%gLaDcqOFkRjwZBb}l!XCHo=+;f+cKx%U;FM1S zK0{WAd=c-ux`x(qXE-a?zO-jb7Xr}2kTb#>J6}RyGY~l1+;q@79%s*irl{bRRQ#WK zn!p@ol*NQ8bc9N-$qye|dSd9o&;xr31KUUMDy1BsQrN7kvY}^GUPf~v{1kDi`AxjZ#9lKx8i=-~JSdS}%fQ+|z_ z1ww^ILcbUbo~4x;S&Z-q{#=9o*I@sz$MCn$0{j2)_@t8muXnhy{~zSJhYhq+0u)<5l<7nXDAJm!4!{ ztgIUqd_MMAV#ztQ<2qc>q5>_m>`bcBIUBX2a`f$bbhV?`03_UF8JxniJ@2X)A`!#_S1D8+kubH8@@F@x_KVDK+Q12Truw}xtlc%^Yw;{vk18#h2cz=#cj`I zmJ$JP46V%h{;*6%y#i{Pj0EnENCf!+atdnR-&uxu^TE4&B-aDJ(2^gMkh})+K(8-- z1R-T!RV$P)3#EjQ$CQn`nZ#pqsj$kEyVP|nFV;qFF2V;hL(1)9wM+oh^FsUUlMFt(T8ahgnf*>&kgM#C zDO?|2t;`s!KwX(vmIb~v`vj@xs#n&RQ}-=a07M!M-~f{7-)k)vY1F(DSJIKr6COE6 z#r3zIW0qfNG=_~+ZYlO_hS?;MR$H*^poI)~r^UJq)G}Iy5hNk8rMq1>6x>1)$ep9L#Cq9#%pP)CM_TF{Uj`)BE!C-LUvYg&s_ zDL=YeoipzS{~p@cvdw%PJ**nBIZrFguMu&JK>p?pARr1$@EKaC9O8g4s${bon(tBtt%J;kT=UN5( zoQp3Oi1S60^D zL<6){#>fCuJ|NeGDcR03Dt#%C$kgtZiqu(LD)%ACgb;?GFrJW18rxUQjQ>?Gn3+7fbuhkDuJ3gw69{Pp$qZRRKu=VA%TTCAqd|jZvP}+taZ#R}=-=vO~u4B%o6~E?NrkrYlIwB~@I^ zOz!L&&*AwztDdYYZDWb_3gIY$YYAM! z!FTV%!*w4%piY{B>Jsq4KxGvc)~NmOw&)Yrdjmn%Et2wn3eo01niW2!XdE3Kya16OBVzy`venx=b0 zEJ??l7pVbX`A`H9o~pV>Hqhc`Flo1FXg&12%s`1!Qh~&_P;dh)n*CA{A`zj~6^9eROotD}1DiOl4Va zUXfWJ)oolOWH!y}z6I6FJJMk__stzh(;etW_-T0$xB#?fm)pS%KGjTobl=2=mcBJi z+}Zf6*7r2|f2@Z2Ao<^qzCNtve?Q#h|9FsR4F|+GCiKRH{wz%BW~(_ce~&lT@9)X_ z4aXdPEbABj)ZQCXwkId;UDWPG?Vsn`x}lB~T4wgxJDozXac5MqaQ2FsIEo6Jzh7!8 z`MUf~T4?#JwAOMG-gl?&KB~E8^61X{ohYwb>+3k3Y%p%_%N=@9ygh2k9xS{#s)954 zOy0d)>Q<;~ZSP1~0)j7Ffimx&sEy-c<9M*o#_@nQj)#xwczDp@+y{7S?0=Wv!K(uI z^#Lr3|J^?++y7thpKRiPALQA@e{AAE{>bqk)pz)tJeg_vr}_^nMi*$Q_WJ+M`t#*;zi3RP&~irqnDhKN+|PhGDN@i zlDBz+r&<5QQKW6ZHS7Q_(EkojzAoo~Kl%FbXruo<#Iw==Hu~QmS^q1=omts;YGt2Q z|2m~z&ay^ki!ZB~6&rcEQPDno6|DwdiIakz(T1(kr5jtT3#xhjmtDqVl5%lx6<|^P z$H9Ji{r~##Bc114lcNGFkBsfGNUH(^CR6m4?_Q_sSjo9bAe+P=a_7hUo613BUgSq zN8y5mPBn>HD!AeiPx|Q1*@b)8oSnBA(_)G<+h{rIrF}h5KU;NF>azHM&ZAg@j@am-q7fSqsu zAD(<&vHwpFPB#Ak2YEL3|Hl6RquT$AE`Y`HH4%zRVz=6LnW}|ubao#s=PPw>f^oe< z)?Lqv(^Tdsr7o?|z1*ak`{Z2$>pL;^NhX-HdLa;Qxfoj8lDm|rF%6w75N4i3C`)6k z$fXikk@2j$8BznNSf%Q3NqPJNI6|*J&XdxBR83g}Wd8B5Ki=Uk^DKYDt7eZ&KhcCl zS2COKnSlF(-*X!d7@$YpHx}9M->@VXSWQsdmY>?gPwgFZGIfFvj!$GZEp*~h-9T5i z;B1HPc4keIC=*o8&Nx%#HVD99z`7}qFN;;njT$hNQFT^1{1(`dM0GSj##D5?_7grs+R=pHFtp#>@9+2aQRg+Cb%&qyr zO^&g}wiMGJ9*e1MWyzBwfs@=YN+z)4qDqnV9Q|AB@E<~iUDp%i^6Be;oS!`%ygYsJ zv_uh5NWK$%+An=TXhca8zb2#V7yHc+(#a|yN>H?X7_oXB5ovwxyYpv{=iE5`ZK=k~ zS5KY}&YwJf^e*hw*49^@59Oj!T0PTPfQ{OZ3pcG?rR%8M(ti3{rs&~ZdrvVR%kf9 zh!1`F)6ZX`PRCeWsIIRg`t3?nf92D5%bvHJd*W`+nY(~U?ox>&<_n~FeicP7y!Q|C zUQ~}QFE777p2+&Nq*31d#j7WS^NY1NtOqQUdc`dPckTZD)#aOy*zkl)Re%ns+_UsT z@F6LJAh)?@;hx&uY6g9~;M9Bx(yX~>)sxxtj{~FHRRi$NL;`LL+27ksc!U$Uh;#AT z@xAN)JsYXMHz7DtlYzGDuPM2yX{IBuL9AgoN_n4y-spV|czkn(zI<2n0U;Wr$LLY- zTQrv0aC@)&RU5osJV}Tc(74@4d%LLJ-bFOtafNofU*#`rp|W@&l_*2jD}fxu{D!sr z=wCls7^bWT{;!`sbo-^Yh3_sOw|CpMpJbX)wQVW`5KXmuC?hV=Hbs>AVkk%QC;RRv z`t#3^+x2acTdL4DjRAzOS=ZQyFKd~YB(ie89L;CPj=XlBv^8<$hG{-Crm3oA+O(oL zc|sCAyCe~3akI-J6xrRHie=a%Op{EIHxohRgeUQGfXlVYP*Wl(*p18MTBuTlm(Xj% zh?JXk=+jt-K3!q=F=kYO`_?+8ijdbcr;0G=Oe#TeOgFRY)0tJ9h59pFs6PdPw_%#k zjA`z-78Ql|S{I`d==H2dC7^SbBZOoYMMTP#FxF?-#H&du~3bpQbV%omO2R^ zcM@_>JNrLIy9t?Yzx zpp8B21ZM>5(0T0hsy*5cJ+V98FJw)>O=iZRZI_#>Bp<^oy~|9LH*VOduFH;lYGiDY zX+;_tmR*TYMH-a?S?gfum+RkeRzO7eohL;x9(*3HtE4VsRvVw&KaYm`fJ{UEsL61;{#FcxjOGJB> zcSVq2G9t@kicpkh1wCpBH3cElP(wZQvFo|BJEg3#cL+gT<8Oi%zRf{2X7O~~UQVl^ zxWHpjSS3gX^$&nhyxqq=rIZx>baZzhNYCXoCN^OdGTlk$R>dWNegYK+rZGMd= z6au=0@B2-Ge*3-3%CexjutPy>!RyrTLP3ZpFBKUk^HiJ-Sz~F zxLsa;%@KqrnV@WZ8BIu>C6tZN$Bg^ePj5+-Dau)SMk=22gpX(6leyu#MO5-S)g=ys zbT13R)!|bUXdOQH4(Xi-YL(#LaA{jx3jEK1N5Sg1YmL45bycq8tKEa%M zLqtu)&DvRFAyX`5i?uSwT391r4XXOc;&9}GfT@bAr7R*VJ}Tjt``!JMPOpu+XE?<} znovcF?0%mOi9H9?eMXf#b>(q(19+JVg5xvJq!O40CRV3;5E}ewSEfqCJh+(<_5+hxQ8}VoA2FpXuNRH?+~wE}4JsT{_5-$T)cw5m zOi&I{^a+;oW$74o=~J`lr~|TWKNU}iC?6;YUf#Wz%UDa-xozZ5OIVKYR1T}424_V1 z5X)L-$$by9e1wcGjTB9mN#e4chPXmjm}OPY2BaGfvV^B?R%#iQj6Kme)I$Y%@#ZM1Ngh{)C$I|4QQr|Am{CY%udZG65{e|95oIJ1(C8Kj`i6 zpKQ+mKg6>+|Gzo^|3^LlZx>Hmkl zqmBOmAkRks-{}8;aQz>%cop3r%!Q9<04%NlH_GOXHL$S;HrBv;tbvba43zGIU-SL% z%NQJ$*snRsQXU|t>z=`&cEpR(pLa~)^0`<~4-%WV>=>3~@*3muO0js2ad`DHc#ZLQ zcZt1gio07T=I(cL$M`b#ALuyu*an(!|LymB`=$H85B3j_H~F6*n;Q=e3bp4ifrC&18oeyjp2u^;fJF{OKE`&h0Fy}f$@b?+Q~%nP#Z#Z7fUTP zMDJ>2=E*r_LP&}ZzpW>Yz1|jZL!A^AQUw3DBtrk^|CBoszS7-LJf)HA1BgWPrqhAW z*ppF~@ilFHO&ed+=J~vzrTu?*jQ#l2V*lU%(cyl{|97x|vcK{F zJ;bx||84w#8~@)*{=cQwppO>%T`QJ1?!S%uZ{z+$OIq~nkG23m0pwoBDZLB)h3Ub6 z-+qWSIW0E>``Ni#KXx3{@5Y_`yCc-caT)(^$h29+KDR||6M4DuhHt##8*lh$^UU}E z2HCgoaR_kH`M=|nUdjJ^w12$u|31jG@&9i8zZ?JW=Xm~azHHt&gE!9L-?KAVqY`Bz z34V6u_4F|O-H|fs2=Yr@cxkSd3tp|qto3)}-PfKBZz|cdM(W0_+?bUcvvOlruK!uu z{`+X>|9Xc<$L0Jl`^QHI8~g7eo{jytvH$+y_TOik|FI&QHvvE!o9~Zq^I566#3Wk5 z`1*v^w|hVH^*fDzo9gNu)NL0>A%FfsKRz(|7QH z-d5pC_TNW2|Jyq}`MMncb#T->+}M8)@oenBjs5pWw*U6NLT_F@d1X$Rj4(~4UV$!8 zFQ4l^yHh0f#mQ}|^)P@uqCzU`q3BD%i&GXADkdMCS@UgZWYL|n}w!_BK{G(f% z^R^wTQ{ zY<0&}?ZJNy`mOHpSFs2GbuT94J^df|Q(m*Z9MBL)S6K?0oNRs7l{abYtL_kAwZ7`A zss5V_I&OXS|5{ta$@%4**XMuxLB9b2`(5;ej3@(B zQg&Mw8*kYmIl)PSrUWz4+B1fF+7` zlg1RgB#{BKkJLo)Y&=1KHb$Ses(6%X6S<5R7Zt=x)~+_02vbze5YE(u3;HXxXW`V< zP!p`QSu+-xY4fjW6L|#47$@i{fUY2sG2KCHvf>D!I4oF;(jE6^e$Maf>>M4XtlYcRTnht1icF}j%FibO%a&78+s`>$UW7M`#+Rzn= zw&{+k%5R9+)e8xU6j-6m{JpE!!w4Hg-|@Zq1QZa+sQ!BJbh|Q(CKj<>y?{dZhckmc z2G}8GZm8xaumI^!?!M5FMs%cRdhLre=`Z7DPITbO#Ly zBO@A7oD`u4c;-X?PoA~G9@T$|_D(qJm;p_$X`E?T0)_nHoYuEQL{ydyao{sE31C<% ztab_B`L>>3(=w-N{eTETV)Jzb6u;6(9eXfqe}w0ORp+UJhio z1CU;xcm3Q0K+Y)+1$N#1AJK6pjKTu?L5}(>(8;T)V>UDI1d&++^Fy2G$fm7`u$v%C zU?y{~mS$!BCb2(92qQxt0JmH0poLNDrnV)io=_Z+v)vqP;{xj1IVzKZg-WlUEj$wO|I~WF*lGxpZDN#dGw)Nj1s){dl zw;xH240gBmVX^L!_$U^C^{WRN=|80KU?P#j)iMJEQG=5U+ueveiA!1J?tQ_8 z;-xm>FKxmy=esFp*g7MuXdOzQv-_o1xG5NLVcBxEVa?a^IN;QLwEYXVDn2hg(B|Mj z-{bEn7$d-Mj!CPI8`Kn#3r?dEMyLTCgN} zrp}I+NQLZRooH+h;nLb(fC;J4M*25s`N8t} zKxN=sxzLLYMn+nYNgL!=OI!68tvvSFAYOVJ`56%}nI`cNgfO0K(8o%*wv$z_d#eW4 zaB~aLXA(OKluKB-Xc7BU-r^BW1hCpU(~fbL@73AP`W9Z{*Kyim2R=)AasdK9HY=U7 zCAX{;qGd)@0+GBNM*XBsXvOcnXq|#?D{VSW<{AiZw*3f*eweXefL1}b@8k4ij_HzO zg+W(0Iy2ce%TZbIYRNJIF@TVAAQops@{9w+>xApM3hH;SjjHb@aE(^CQ(So~@9@uQ zwd7_2j*}j^a>I0PgeaIaM%-!4Ppw(=kUn%edRw9ZI@p08uOVH6^R6$ItkeLC+9^I1 z>6cCzGPM?e@x&tc+j5#8u^7qnT8|sdIbsVf(2v;yopS))e}UE6^C?bl8P?Z$iX<(w z)JUc+xiL3uD>d0{~4N9*~V(qvXBRrvpvO{a~cg^4)eiLz&f2s2@3AOc#W zm~!qq1@5M9)j(1P?D9ja6qk+l?`D%L2WljjZp6)2RKi+rB<{|+k?kUQG(ra3mv8(% zyU)1txp8y=n^Lxs)#GQYAA|{!hwH7a)1Ksw2j{!EhouO%ZpKdMu>R2(vQ9eC>9{CP z`nW4!aQM#%a^7*@O9m@)Yoo25qQGDpmF|H*(chT4R{Y-f(!o@fSdbCmE)G6%f)!MJ z3gFNt(7>&CwNpD;fx!@_71pCcrs|f0sMuH&17!-%=t>bl+GF121y)7Y0k$ZtUeFb8 z17WMVi^>nj3kf`Yd*b|Lb}&@7e!L}XhKna7c-AJGmrA4+`!kx+&}W(TNr9V0rNNH^|DA$522{xCMz)|QvcB0(euA zkqJ~$m$sXq8-*Y?jAs>6$IOk;Gqiz&t2GkZP8cj z>stq-6QN9tWV9oF|+CletJ1aJ_wPighXT!1b~ym-h`eNNK*ZQ;@N*dBD9Mf1`C*0NP2D;!xjRWf=# z8ii$|r?TP+j27f4bas3ufPB@&0_}|Xl0{fF@z5z*NpOF$#VkP*;~T>&i_C&qSs3fl z&{bmk(Bo<#hp1keN1wmMHS;tJhnXo1H9^$14%tWg{!BagC}wZazLc7rGT62Ybnn27 z;LvQ}31da=>uq5hWJ}^ZB6dLmQYY4{aAN^0dSv23R2jr0@J4~865BQ3!{-9t&Dd2S zAa+J|A%REN8j;fx<<2rfAb6ipBl;537`zcSV>A{VLaLwhe`>?L4%5ryqS<5`lA9Wf zVdpp>ZZ%d+(vtSp>4uvDM_{IX?Sg40( zzFC+w?Vwb(TToD)M1>BKS%+9XXIH0JA5RK)_UUYTdiJ-A)3aYremgn4D%fu)7w>;P zKD#>p@6(T`SO149^taQivy)3IA2{}HoF89YoxcD3$Kwlj{`ZUXPnRcTZ7Ex*gaTj9 zcDl6^vksV&&nt?SM#>E3_N*vBYR_~@hLrBs+aKLyLn#2x4^jDy-}HB%VubW5SlkcC=8 zCd+B#@{mC*7D_HeTZ#Q5X1j|~C^trap4Im~A_|t(Ldg;d9S&|`w6!sB5xR7YSI+J~ zQQeN{IWiyGure%}lGw422;kE4hA+l3eE2$)1f=2stVK^jHrZCP24YL81RyXJ)0JF> zMgu}uOAaCuhH*nVbFkvkR@+{=RYw=4*+-1&=@;4h#msOuj~MJdnG+AAf@v#F3cJv{ zzLzSG9o{nQbl35PD3BBMFz`8-syAefxSIEEA~$FRH&lXDx@kapb9qq5!tNKShd|I* z1985M7)gxaf5H3cEEql*l`6m0i+O+7kWNUhC166pO--0$J=!^ zS@>kSEwIpPsWnAGG156owqwkdaW)r-Ck5j;LOeBsljtZ6>d|jNy%S9xrZ1LS)f+Hi+V5@NKV>(sE}bQAnH9LjynB{9aXUid-b%P7Xtgg~pc zRKieMJ$Z9Q^5o}IsM<2oR!Um}{nGI2RyfOcu5WgdlcIPPtlbcl2~pL1eVHdcV|yQT z`ya7hAlsv%@jvY|^w!Z$wM*Tr8Yq4ohxZOLvz_H;VXxSsb^IYFLeZ(G0nFHE!ML)T z89{IRIB7s}e3$gbT4b!`b|KB|f-w%M)l#IA70i%^ky!X}2Tw_hngIsyfUOv3K7H{E z3{!9`V?N$XF63QfcqRooxT%)%E+Az}CSDK2Fx;?f9JijYW?66W^>}9RMW^Z5>S;P? z;wui+jXi(%Wk>4R7apr)>_rUyxs!Eyl=7<&*L^$vPUq`bI*s`)N9>S5J$cIRk1lTB zKF>a}{{Q0S_``1}v!;IiKAt=O{lmMrtM&gs9&YRZzss}BF1!Y?UxjMe`z1GSGP(ZK z^|5hs4m9uAzP#BBcbdp%F|$iF=`*PhL|b=Sw(hUJQGW^VaR249FX5e%*9&ow&f&!? zN2WD*d_T3l@?AK0bYKNos=q=De;I!}nPA`vM~;U?+1@|G8~@m6wdj-{EaPdCmFle% zW;Xc*CWT%Qb%C}BoLAZQA`eqh({vz^IOv@)M%IGe;psh0C}MUnknX-)7+wpaFtK0i zi7NepmH5jxEXEmR%dV+8yj$VM|8X;$Om=tKr#oTpq`3E!l{O6wR|~=WI`ovpnU2ru zW`D*`-8f2=`HogN)_07vrdLj~R@Wll9ug#$5xSU5(w*n5bHQD2ggu%}rtA_=F|u$> znC*oF(B%-Oy+4_|$o{e6=JDgsMO1Cxpr3Wp8wf&!XVEE=b z9Uh+kZl|@lyYXjlgZ84^=0s;hQ2=ovE5c-e?tunw)HtGF*|`) zht*il9+XO#2Mw2PeCHrrt4Y%8uWmQAkgWb>Jgu*8`TeIefBfp~7i@NYJyYAYuIwy_ zDg5Q&_g+@Fct-qS?dyZdWJ@bw@rfE%$%Df;Q{9Rw!2i^v{;IqQ ze{X*J@!iV(KZkFB-roQ7U7lU`3YY)vve&u(XP3Rk1wgy(wXOi#T?<=$)g?f??CY)p z+MVovVaNi$c#V+7?khwrc3&@GvHL3VirweJ71_;!bWaIN%^tBg6G!*ecy@Zk=3H4Z z;k{eJ&j5{dTgb`_fAsEt{u$x_59|2<&EWqc{9nEQ`|$AH_TT^fF3%SKxA?!s|1ZXW zXZn8$_#fl{kB{>I?~ni6fB);dJX`$V;{O)^U!VV@f%v00_Y0m8{=ePK|Gx?RUxfdw z`M;mv{&cv-|L^f^@qdf|Tl{}@{{PPc|0Ddb+_#|o=1.21-0' + catalog.cattle.io/release-name: redpanda +apiVersion: v2 +appVersion: v22.2.6 +description: Redpanda is the real-time engine for modern apps. +icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg +maintainers: +- name: redpanda-data + url: https://github.com/orgs/redpanda-data/people +name: redpanda +sources: +- https://github.com/redpanda-data/helm-charts +type: application +version: 2.2.0 diff --git a/charts/redpanda/redpanda/2.2.0/LICENSE b/charts/redpanda/redpanda/2.2.0/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/redpanda/redpanda/2.2.0/README.md b/charts/redpanda/redpanda/2.2.0/README.md new file mode 100644 index 000000000..e4fa74153 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/README.md @@ -0,0 +1,40 @@ +# Redpanda Helm Chart + +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/redpanda-data)](https://artifacthub.io/packages/search?repo=redpanda-data) + +This Helm chart (`redpanda`) deploys a Redpanda cluster. +Once deployed, you continue to use the Helm command and override values to change and/or upgrade your Redpanda deployment. +The defaults are in [values.yaml][values]. + +## Overview + +This is the Helm Chart for [Redpanda](https://redpanda.com). It provides the ability to set up a multi node redpanda cluster with the following optional features: + +- Schema registry (enabled by default) +- REST (aka PandaProxy, enabled by default) +- TLS +- SASL +- External access + +See the [examples folder][examples] with more details on how to use this helm chart. +Each example focuses on specific features like the ones listed above. +We recommend completing the instructions in the [60-Second Guide for Kubernetes][kubernetes-qs-dev] before continuing steps in any of these examples. + +The [values.yaml][values] file is documented throughout. +Please see this file for more details. + +## Installation + +See the [60-Second Guide for Kubernetes][kubernetes-qs-dev] + +## Contributing + +If you have improvements that can be made to this Helm chart, please consider becoming a contributor. +See our [Contributing][contributing] document for more details. + +[values]: https://github.com/redpanda-data/helm-charts/blob/main/redpanda/values.yaml +[examples]: https://github.com/redpanda-data/helm-charts/blob/main/examples/README.md +[contributing]: https://github.com/redpanda-data/helm-charts/blob/main/CONTRIBUTING.md +[kubernetes-qs-dev]: https://docs.redpanda.com/docs/quickstart/kubernetes-qs-dev/ + + diff --git a/charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml new file mode 100644 index 000000000..a45266d25 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: false +auth: + sasl: + enabled: false diff --git a/charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml new file mode 100644 index 000000000..98620ec14 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: true +auth: + sasl: + enabled: false diff --git a/charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml new file mode 100644 index 000000000..e8ebf751a --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: false +auth: + sasl: + enabled: true diff --git a/charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml new file mode 100644 index 000000000..b33c0037e --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: true +auth: + sasl: + enabled: true diff --git a/charts/redpanda/redpanda/2.2.0/ci/ct.yaml b/charts/redpanda/redpanda/2.2.0/ci/ct.yaml new file mode 100644 index 000000000..a94c77e1f --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/ct.yaml @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +chart-dirs: . +target-branch: main +helm-extra-args: --timeout 600s +remote: origin diff --git a/charts/redpanda/redpanda/2.2.0/templates/NOTES.txt b/charts/redpanda/redpanda/2.2.0/templates/NOTES.txt new file mode 100644 index 000000000..f795e9e7f --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/NOTES.txt @@ -0,0 +1,76 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +Congratulations on installing {{ .Chart.Name }}! + +The pods will rollout in a few seconds. To check the status: + + kubectl -n {{ .Release.Namespace }} rollout status statefulset {{ template "redpanda.fullname" . }} --watch + +Try some sample commands, like creating a topic called test-topic: + +{{- $anyTLS := (include "tls-enabled" . | fromJson).bool -}} +{{- $anySASL := (include "sasl-enabled" . | fromJson).bool }} +{{- $brokers := printf "%s-0.%s:%d" + (include "redpanda.fullname" .) + (include "redpanda.internal.domain" .) + (int .Values.listeners.kafka.port) +-}} +{{- $rpk := + printf "kubectl -n %s exec -ti %s-0 -c redpanda -- rpk --brokers=%s" + .Release.Namespace + (include "redpanda.fullname" .) + $brokers +}} +{{- $rpkAdmin := "" }} +{{- if $anyTLS }} + {{ $rpk = printf "%s --tls-enabled --tls-truststore=/etc/tls/certs/%s/ca.crt" $rpk .Values.listeners.kafka.tls.cert }} + {{ $rpkAdmin = printf "%s --admin-api-tls-enabled --admin-api-tls-truststore=/etc/tls/certs/%s/ca.crt --api-urls=%s-0.%s:%d" + $rpk + .Values.listeners.admin.tls.cert + (include "redpanda.fullname" .) + (include "redpanda.internal.domain" .) + (int .Values.listeners.admin.port) + }} +{{- else }} + {{ $rpkAdmin = $rpk }} +{{- end }} +{{- if $anySASL }} + {{ $rpk = printf "%s --user %s --password $YOUR_PASSWORD --sasl-mechanism SCRAM-SHA-256" $rpk (.Values.auth.sasl.users | first).name }} + {{ $rpkAdmin = printf "%s --user %s --password $YOUR_PASSWORD --sasl-mechanism SCRAM-SHA-256" $rpkAdmin (.Values.auth.sasl.users | first).name }} +{{- end }} + +{{- if and $anySASL }} +Create a user: + + {{ $rpkAdmin }} acl user create myuser -p changeme +{{- end }} + +Get the api status: + + {{ $rpk }} cluster info + +Create a topic + + {{ $rpk }} topic create test-topic + +Describe the topic: + + {{ $rpk }} topic describe test-topic + +Delete the topic: + + {{ $rpk }} topic delete test-topic diff --git a/charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl b/charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl new file mode 100644 index 000000000..afbf71640 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl @@ -0,0 +1,407 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{/* +Expand the name of the chart. +*/}} +{{- define "redpanda.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redpanda.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "redpanda.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Get the version of redpanda being used as an image +*/}} +{{- define "redpanda.semver" -}} +{{ include "redpanda.tag" . | trimPrefix "v" }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redpanda.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "redpanda.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Use AppVersion if image.tag is not set +*/}} +{{- define "redpanda.tag" -}} +{{- $tag := default .Chart.AppVersion .Values.image.tag -}} +{{- $matchString := "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" -}} +{{- $match := mustRegexMatch $matchString $tag -}} +{{- if not $match -}} + {{/* + This error message is for end users. This can also occur if + AppVersion doesn't start with a 'v' in Chart.yaml. + */}} + {{ fail "image.tag must start with a 'v' and be valid semver" }} +{{- end -}} +{{- $tag -}} +{{- end -}} + +{{/* +Generate configuration needed for rpk +*/}} + +{{- define "listen.address" -}} +{{- "$(POD_IP)" -}} +{{- end -}} + +{{- define "nodeport.listen.address" -}} +{{- "$(HOST_IP)" -}} +{{- end -}} + +{{- define "redpanda.internal.domain" -}} +{{- $service := include "redpanda.fullname" . -}} +{{- $ns := .Release.Namespace -}} +{{- $domain := .Values.clusterDomain | trimSuffix "." -}} +{{- printf "%s.%s.svc.%s." $service $ns $domain -}} +{{- end -}} + +{{- define "redpanda.kafka.internal.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.internal.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{/* +The external advertised address can change depending on the externalisation method. +If the method is to expose via load balancer this must be provided through the values +load balancers configuration for parent zone. If the load balancer is not enabled +then then services are externalised using NodePorts, in which case the external node +IP is required for the advertised address. +*/}} + +{{- define "redpanda.kafka.external.domain-lb-bkp" -}} +{{- .Values.loadBalancer.parentZone | trimSuffix "." -}} +{{- end -}} + +{{- define "redpanda.kafka.external.domain" -}} +{{- .Values.external.domain | trimSuffix "." | default "$(HOST_IP)" -}} +{{- end -}} + +{{- define "redpanda.kafka.external.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.kafka.external.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{- define "redpanda.rpc.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.internal.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{- define "redpanda.pandaproxy.internal.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.internal.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{- define "redpanda.pandaproxy.external.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.kafka.external.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{/* ConfigMap variables */}} +{{- define "admin-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.admin -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "kafka-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.kafka -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "kafka-external-tls-enabled" -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" (include "kafka-internal-tls-enabled" . | fromJson).bool .listener) (not (empty (include "kafka-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "kafka-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.kafka.tls.cert .listener -}} +{{- end -}} + +{{- define "http-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.http -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "http-external-tls-enabled" -}} +{{- $tlsEnabled := dig "tls" "enabled" (include "http-internal-tls-enabled" . | fromJson).bool .listener -}} +{{- toJson (dict "bool" (and $tlsEnabled (not (empty (include "http-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "http-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.http.tls.cert .listener -}} +{{- end -}} + +{{- define "rpc-tls-enabled" -}} +{{- $listener := .Values.listeners.rpc -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "schemaRegistry-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.schemaRegistry -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "schemaRegistry-external-tls-enabled" -}} +{{- $tlsEnabled := dig "tls" "enabled" (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool .listener -}} +{{- toJson (dict "bool" (and $tlsEnabled (not (empty (include "schemaRegistry-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "schemaRegistry-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.schemaRegistry.tls.cert .listener -}} +{{- end -}} + +{{- define "tls-enabled" -}} +{{- $tlsenabled := .Values.tls.enabled -}} +{{- if not $tlsenabled -}} + {{- range $listener := .Values.listeners -}} + {{- if and + (dig "tls" "enabled" false $listener) + (not (empty (dig "tls" "cert" "" $listener ))) + -}} + {{- $tlsenabled = true -}} + {{- end -}} + {{- if not $tlsenabled -}} + {{- range $external := $listener.external -}} + {{- if and + (dig "tls" "enabled" false $external) + (not (empty (dig "tls" "cert" "" $external))) + -}} + {{- $tlsenabled = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- toJson (dict "bool" $tlsenabled) -}} +{{- end -}} + +{{- define "sasl-enabled" -}} +{{- toJson (dict "bool" (dig "enabled" false .Values.auth.sasl)) -}} +{{- end -}} + +{{- define "external-nodeport-enabled" -}} +{{- $values := .Values -}} +{{- $enabled := and .Values.external.enabled (eq .Values.external.type "NodePort") -}} +{{- range $listener := .Values.listeners -}} + {{- range $external := $listener.external -}} + {{- if and (dig "enabled" false $external) (eq (dig "type" $values.external.type $external) "NodePort") -}} + {{- $enabled = true -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- toJson (dict "bool" $enabled) -}} +{{- end -}} + +{{/* Resource variables */}} +{{- define "redpanda-memoryToMi" -}} + {{/* + This template converts the incoming memory value to whole number mebibytes. + Input can be: k | K | m | M | g | G | Ki | Mi | Gi + */}} + {{- $mem := . -}} + {{- $result := 0 -}} + {{- if or (hasSuffix "K" $mem) (hasSuffix "k" $mem) -}} + {{- $rawmem := $mem | trimSuffix "K" | trimSuffix "k" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1000)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1000)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if or (hasSuffix "M" $mem) (hasSuffix "m" $mem) -}} + {{- $rawmem := $mem | trimSuffix "M" | trimSuffix "m" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1000 1000)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1000 1000)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if or (hasSuffix "G" $mem) (hasSuffix "g" $mem) -}} + {{- $rawmem := $mem | trimSuffix "G" | trimSuffix "g" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1000 1000 1000)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1000 1000 1000)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if hasSuffix "Ki" $mem }} + {{- $rawmem := $mem | trimSuffix "Ki" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1024)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1024)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if hasSuffix "Mi" $mem -}} + {{- $result = $mem | trimSuffix "Mi" -}} + {{- if contains "." $result -}} + {{- $result = $result | float64 -}} + {{- else -}} + {{- $result = $result | int64 -}} + {{- end -}} + {{- else if hasSuffix "Gi" $mem -}} + {{- $rawmem := $mem | trimSuffix "Gi" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = (mulf $rawmem 1024) | floor -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = (mul $rawmem 1024) -}} + {{- end -}} + {{- else }} + {{- printf "\n%s is invalid memory amount\nSuffixes can be: k | K | m | M | g | G | Ki | Mi | Gi" $mem | fail -}} + {{- end }} + {{- $result -}} +{{- end -}} + +{{- define "container-memory" -}} + {{- $result := "" -}} + {{- if (hasKey .Values.resources.memory.container "min") -}} + {{- $result = .Values.resources.memory.container.min | include "redpanda-memoryToMi" -}} + {{- else -}} + {{- $result = .Values.resources.memory.container.max | include "redpanda-memoryToMi" -}} + {{- end -}} + {{- if eq $result "" -}} + {{- "unable to get memory value" | fail -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "redpanda-reserve-memory" -}} + {{/* + Determines the value of --reserve-memory flag (in mebibytes with M suffix, per Seastar). + This template looks at all locations where memory could be set. + These locations, in order of priority, are: + - .Values.resources.memory.redpanda.reserveMemory (commented out by default, users could uncomment) + - .Values.resources.memory.container.min (commented out by default, users could uncomment and + change to something lower than .Values.resources.memory.container.max) + - .Values.resources.memory.container.max (set by default) + */}} + {{- $result := 0 -}} + {{- if (hasKey .Values.resources.memory "redpanda") -}} + {{- $result = .Values.resources.memory.redpanda.reserveMemory | include "redpanda-memoryToMi" | int64 -}} + {{- else if (hasKey .Values.resources.memory.container "min") -}} + {{- $result = add (mulf (include "container-memory" .) 0.002) 200 -}} + {{- if gt $result 1000 -}} + {{- $result = 1000 -}} + {{- end -}} + {{- else -}} + {{- $result = add (mulf (include "container-memory" .) 0.002) 200 -}} + {{- if gt $result 1000 -}} + {{- $result = 1000 -}} + {{- end -}} + {{- end -}} + {{- if eq $result 0 -}} + {{- "unable to get memory value" | fail -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "redpanda-memory" -}} + {{/* + Determines the value of --memory flag (in mebibytes with M suffix, per Seastar). + This template looks at all locations where memory could be set. + These locations, in order of priority, are: + - .Values.resources.memory.redpanda.memory (commented out by default, users could uncomment) + - .Values.resources.memory.container.min (commented out by default, users could uncomment and + change to something lower than .Values.resources.memory.container.max) + - .Values.resources.memory.container.max (set by default) + */}} + {{- $result := 0 -}} + {{- if (hasKey .Values.resources.memory "redpanda") -}} + {{- $result = .Values.resources.memory.redpanda.memory | include "redpanda-memoryToMi" | int64 -}} + {{- else -}} + {{- $result = mulf (include "container-memory" .) 0.8 | int64 -}} + {{- end -}} + {{- if eq $result 0 -}} + {{- "unable to get memory value" | fail -}} + {{- end -}} + {{- if lt $result 2000 -}} + {{- printf "\n%d is below the minimum recommended value for Redpanda" $result | fail -}} + {{- end -}} + {{- if gt (add $result (include "redpanda-reserve-memory" .)) (include "container-memory" . | int64) -}} + {{- printf "\nNot enough container memory for Redpanda memory values\nredpanda: %d, reserve: %d, container: %d" $result (include "redpanda-reserve-memory" . | int64) (include "container-memory" . | int64) | fail -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "api-urls" -}} +{{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" .}}:{{ .Values.listeners.admin.port }} +{{- end -}} + +{{- define "rpk-flags" -}} + {{- $command := list -}} + {{- $command = concat $command (list "--api-urls" (include "api-urls" . )) -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} + {{- $command = concat $command (list + "--admin-api-tls-enabled" + "--admin-api-tls-truststore" + (printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.admin.tls.cert)) + -}} + {{- end -}} + {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool -}} + {{- $command = concat $command (list + "--tls-enabled" + "--tls-truststore" + (printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.kafka.tls.cert)) + -}} + {{- end -}} + {{- if (include "sasl-enabled" . | fromJson).bool -}} + {{- $command = concat $command (list + "--user" (first .Values.auth.sasl.users).name + "--password" (first .Values.auth.sasl.users).password + "--sasl-mechanism SCRAM-SHA-256") + -}} + {{- end -}} +{{ $command | join " " }} +{{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml b/charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml new file mode 100644 index 000000000..2372086f1 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml @@ -0,0 +1,91 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- $release := .Release }} + {{- $values := .Values }} + {{- range $name, $data := $values.tls.certs }} + {{/* If issuerRef is defined, use the specified issuer for the certs + If it's not defined, create and use our own issuer. */}} + {{- $r := $data.issuerRef }} + {{- if not $r }} +--- +# The self-signed issuer is used to create the self-signed CA +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-selfsigned-issuer + namespace: {{ $release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" $ }} + app.kubernetes.io/name: {{ template "redpanda.name" $ }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" $ }} + {{- with $values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selfSigned: {} + {{- end }} +--- +# This is the self-signed CA used to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-issuer + namespace: {{ $release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" $ }} + app.kubernetes.io/name: {{ template "redpanda.name" $ }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" $ }} + {{- with $values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ca: + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate +--- +# This is the root CA certificate +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate + namespace: {{ $release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" $ }} + app.kubernetes.io/name: {{ template "redpanda.name" $ }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" $ }} + {{- with $values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + isCA: true + commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-selfsigned-issuer + kind: Issuer + group: cert-manager.io + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/certs.yaml b/charts/redpanda/redpanda/2.2.0/templates/certs.yaml new file mode 100644 index 000000000..bf5763587 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/certs.yaml @@ -0,0 +1,46 @@ +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- $service := include "redpanda.fullname" . -}} + {{- $ns := .Release.Namespace -}} + {{- $domain := .Values.clusterDomain | trimSuffix "." -}} + {{- $listeners := .Values.listeners -}} + {{- range $name, $data := .Values.tls.certs }} + {{- $d := $data.duration }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + namespace: {{ .Release.Namespace | quote }} +spec: + dnsNames: + - {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }} + - {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }} + - {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }} + - "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }}" + - "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }}" + - "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }}" + - {{ printf "%s.%s.svc.%s" $service $ns $domain }} + - {{ printf "%s.%s.svc" $service $ns }} + - {{ printf "%s.%s" $service $ns }} + - {{ printf "*.%s.%s.svc.%s" $service $ns $domain | quote }} + - {{ printf "*.%s.%s.svc" $service $ns | quote }} + - {{ printf "*.%s.%s" $service $ns | quote }} + duration: {{ $d | default "43800h" }} + isCA: false + commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + privateKey: + algorithm: ECDSA + size: 256 + {{- if not (empty $data.issuerRef) }} + issuerRef: + {{- toYaml $data.issuerRef | nindent 4 }} + group: cert-manager.io + {{- else }} + issuerRef: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-issuer + kind: Issuer + group: cert-manager.io + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/configmap.yaml b/charts/redpanda/redpanda/2.2.0/templates/configmap.yaml new file mode 100644 index 000000000..901cc22a8 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/configmap.yaml @@ -0,0 +1,224 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- $values := .Values }} +{{- $users := list -}} +{{- if .Values.auth.sasl.enabled -}} + {{- range $user := .Values.auth.sasl.users -}} + {{- $users = append $users $user.name -}} + {{- end -}} +{{- end -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +data: +{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }} + bootstrap.yaml: | + enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }} + {{- if $users }} + superusers: {{ toJson $users }} + {{- end }} + {{- with (dig "cluster" dict .Values.config) }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (dig "tunable" dict .Values.config) }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + redpanda.yaml: | + config_file: /etc/redpanda/redpanda.yaml +{{- if .Values.logging.usageStats.enabled }} + {{- with (dig "usageStats" "organization" "" .Values.logging) }} + organization: {{ . }} + {{- end }} + {{- with (dig "usageStats" "clusterId" "" .Values.logging) }} + cluster_id: {{ . }} + {{- end }} +{{- end }} + redpanda: +{{- if not (include "redpanda.semver" . | semverCompare ">=22.1.1") }} + enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }} + {{- if $users }} + superusers: {{ toJson $users }} + {{- end }} + {{- with (dig "cluster" dict .Values.config) }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (dig "tunable" dict .Values.config) }} + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} + {{- with dig "node" dict .Values.config }} + {{- . | toYaml | nindent 6 }} + {{- end }} + admin: + name: admin + address: 0.0.0.0 + port: {{ .Values.listeners.admin.port }} +{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} + admin_api_tls: + - name: admin + enabled: true + cert_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + require_client_auth: {{ .Values.listeners.admin.tls.requireClientAuth }} +{{- end }} + kafka_api: + - name: internal + address: 0.0.0.0 + port: {{ .Values.listeners.kafka.port }} +{{- range $name, $listener := .Values.listeners.kafka.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} +{{- end }} + kafka_api_tls: +{{- $service := .Values.listeners.kafka }} +{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + require_client_auth: {{ $service.tls.requireClientAuth }} +{{- end }} +{{- range $name, $listener := $service.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }} + - name: {{ $name }} + enabled: true + cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.crt + key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.key + truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt + require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }} + {{- end }} +{{- end }} + rpc_server: + address: 0.0.0.0 + port: {{ .Values.listeners.rpc.port }} +{{- if (include "rpc-tls-enabled" . | fromJson).bool }} + rpc_server_tls: + enabled: true + require_client_auth: {{ .Values.listeners.rpc.tls.requireClientAuth }} + cert_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/ca.crt +{{- end }} + seed_servers: +{{- range untilStep 0 (.Values.statefulset.replicas|int) 1 }} + - host: + address: "{{ template "redpanda.fullname" $ }}-{{ . }}.{{ template "redpanda.internal.domain" $ }}" + port: {{ $values.listeners.rpc.port }} +{{- end }} +{{- if .Values.listeners.http.enabled }} +{{- if .Values.listeners.schemaRegistry.enabled }} + schema_registry: + schema_registry: + - name: internal + address: 0.0.0.0 + port: {{ .Values.listeners.schemaRegistry.port }} +{{- range $name, $listener := .Values.listeners.schemaRegistry.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} +{{- end }} + schema_registry_api_tls: + {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt + require_client_auth: {{ .Values.listeners.schemaRegistry.tls.requireClientAuth }} + {{- end }} + {{- range $i, $listener := .Values.listeners.schemaRegistry.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }} + - name: {{ $listener.name }} + enabled: true + cert_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.crt + key_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.key + truststore_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/ca.crt + require_client_auth: {{ dig "tls" "requireClientAuth" false $listener}} + {{- end }} + {{- end }} +{{- end }} + pandaproxy: + pandaproxy_api: + - name: internal + address: 0.0.0.0 + port: {{ .Values.listeners.http.port }} + {{- range $name, $listener := .Values.listeners.http.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} + {{- end }} + pandaproxy_api_tls: + {{- if (include "http-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/ca.crt + require_client_auth: {{ .Values.listeners.http.tls.requireClientAuth }} + {{- end }} + {{- range $name, $listener := .Values.listeners.http.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "http-external-tls-enabled" $k | fromJson).bool }} + - name: {{ $name }} + enabled: true + cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.crt + key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.key + truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt + require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }} + {{- end }} + {{- end }} +{{- end }} + rpk: + enable_usage_stats: {{ .Values.logging.usageStats.enabled }} + overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }} + enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }} +{{- if hasKey .Values.tuning "tune_aio_events" }} + tune_aio_events: {{ .Values.tuning.tune_aio_events }} +{{- end }} +{{- if hasKey .Values.tuning "tune_clocksource" }} + tune_clocksource: {{ .Values.tuning.tune_clocksource }} +{{- end }} +{{- if hasKey .Values.tuning "tune_ballast_file" }} + tune_ballast_file: {{ .Values.tuning.tune_ballast_file }} +{{- end }} +{{- if hasKey .Values.tuning "ballast_file_path" }} + ballast_file_path: {{ .Values.tuning.ballast_file_path }} +{{- end }} +{{- if hasKey .Values.tuning "ballast_file_size" }} + ballast_file_size: {{ .Values.tuning.ballast_file_size }} +{{- end }} +{{- if hasKey .Values.tuning "well_known_io" }} + well_known_io: {{ .Values.tuning.well_known_io }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml b/charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..e3efea930 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml @@ -0,0 +1,37 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml new file mode 100644 index 000000000..8f17a7533 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml @@ -0,0 +1,102 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "-10" +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} +{{- end }} + spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }}-post-install + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - bash + - -c + args: + - > +{{- if .Values.auth.sasl.enabled }} + {{- range $user := .Values.auth.sasl.users }} + rpk acl user create {{ $user.name }} -p {{ $user.password | quote }} {{ template "rpk-flags" $ }} + ; + {{- end }} +{{- end }} +{{- if and (include "redpanda.semver" . | semverCompare ">=22.2.0") (not (empty .Values.license_key)) }} + rpk cluster license set {{ .Values.license_key | quote }} {{ template "rpk-flags" $ }} + ; +{{- end }} + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} diff --git a/charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml b/charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml new file mode 100644 index 000000000..569eabefc --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml @@ -0,0 +1,89 @@ +{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} +{{- end }} + spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }}-post-upgrade + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: ["/bin/sh", "-c"] + args: + - > + rpk cluster config import -f /tmp/base-config/bootstrap.yaml + --api-urls {{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} +{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} + --admin-api-tls-enabled + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt +{{- end }} +{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} + --tls-enabled + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt +{{- end }} +{{- if (include "sasl-enabled" . | fromJson).bool }} + --user {{ (first .Values.auth.sasl.users).name }} + --password {{ (first .Values.auth.sasl.users).password }} + --sasl-mechanism SCRAM-SHA-256 +{{- end }} + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml b/charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml new file mode 100644 index 000000000..6f2d2e05e --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml @@ -0,0 +1,41 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +# This service is only used to create the DNS enteries for each pod in +# the stateful set. This service should not be used by any client +# application +apiVersion: v1 +kind: Service +metadata: + name: {{ include "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + publishNotReadyAddresses: true + type: ClusterIP + clusterIP: None + selector: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml b/charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..8969c764a --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml @@ -0,0 +1,37 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "redpanda.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml b/charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml new file mode 100644 index 000000000..3729f0c1a --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml @@ -0,0 +1,82 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- $values := .Values }} +{{- if (include "external-nodeport-enabled" . | fromJson).bool }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "redpanda.fullname" . }}-external + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: NodePort + externalTrafficPolicy: Local + sessionAffinity: None + ports: +{{- range $name, $listener := $values.listeners.admin.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: admin-{{ $name }} + protocol: TCP + port: {{ $values.listeners.admin.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} +{{- range $name, $listener := $values.listeners.kafka.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: kafka-{{ $name }} + protocol: TCP + port: {{ $listener.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} +{{- range $name, $listener := $values.listeners.http.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: http-{{ $name }} + protocol: TCP + port: {{ $listener.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} +{{- range $name, $listener := $values.listeners.schemaRegistry.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: schema-{{ $name }} + protocol: TCP + port: {{ $listener.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} + selector: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml b/charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml new file mode 100644 index 000000000..8297e25d3 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml @@ -0,0 +1,364 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $values := .Values }} +{{- $advertiseAddress := include "redpanda.kafka.internal.advertise.address" . -}} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + serviceName: {{ template "redpanda.fullname" . }} + replicas: {{ .Values.statefulset.replicas | int64 }} + updateStrategy: + {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} + podManagementPolicy: {{ .Values.statefulset.podManagementPolicy }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {- toYaml . | nindent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with $.Values.statefulset.annotations }} + {{- toYaml . | nindent 8 }} +{{- end }} + spec: + securityContext: + {{- toYaml .Values.statefulset.podSecurityContext | nindent 8 }} + initContainers: + - name: set-datadir-ownership + image: busybox:latest + command: ["/bin/sh", "-c", "chown 101:101 -R /var/lib/redpanda/data"] + volumeMounts: + - name: datadir + mountPath: /var/lib/redpanda/data + - name: {{ template "redpanda.name" . }}-configurator + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: ["/bin/sh", "-c"] + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - > + CONFIG=/etc/redpanda/redpanda.yaml; + NODE_ID=${SERVICE_NAME##*-}; + cp /tmp/base-config/redpanda.yaml "$CONFIG"; + {{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }} + cp /tmp/base-config/bootstrap.yaml /etc/redpanda/.bootstrap.yaml; + {{- end }} + rpk --config "$CONFIG" config set redpanda.node_id $NODE_ID; + if [ "$NODE_ID" = "0" ]; then + rpk --config "$CONFIG" config set redpanda.seed_servers '[]' --format yaml; + fi; + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + - name: config + mountPath: /etc/redpanda + resources: + {{- toYaml .Values.statefulset.resources | nindent 12 }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + startupProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "admin-internal-tls-enabled" . |fromJson).bool }} + - > + curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + -svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- else }} + - > + curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- end }} + initialDelaySeconds: {{ .Values.statefulset.startupProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.statefulset.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.statefulset.startupProbe.periodSeconds }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "admin-internal-tls-enabled" . |fromJson).bool }} + - > + curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + -svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + {{- else }} + - > + curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + {{- end }} + initialDelaySeconds: {{ .Values.statefulset.livenessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.statefulset.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.statefulset.livenessProbe.periodSeconds }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "admin-internal-tls-enabled" . |fromJson).bool }} + - > + curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + -svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- else }} + - > + curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- end }} + initialDelaySeconds: {{ .Values.statefulset.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.statefulset.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.statefulset.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.statefulset.readinessProbe.initialDelaySeconds }} + command: + - rpk + - redpanda + - start + - --smp={{ .Values.resources.cpu.cores }} + - --memory={{ template "redpanda-memory" . }}M + - --reserve-memory={{ template "redpanda-reserve-memory" . }} + - --default-log-level={{ .Values.logging.logLevel }} + - --advertise-kafka-addr=internal://{{ $advertiseAddress }}:{{ .Values.listeners.kafka.port }}, +{{- range $name, $listener := .Values.listeners.kafka.external -}} + {{- $enabled := dig "enabled" $values.external.enabled $listener -}} + {{- $listenerNodePortEnabled := and $enabled (eq (dig "type" $values.external.type $listener) "NodePort") -}} + {{- $advertiseKafkaHost := $advertiseAddress -}} + {{- $advertiseKafkaPort := $listener.nodePort -}} + {{- if $listenerNodePortEnabled -}} + {{- $advertiseKafkaHost = printf "$(SERVICE_NAME).%s" $values.external.domain -}} + {{- end -}} + {{ $name }}://{{ $advertiseKafkaHost }}:{{ $advertiseKafkaPort }}, +{{- end }} + - --advertise-rpc-addr={{ $advertiseAddress }}:{{ .Values.listeners.rpc.port }} + - --advertise-pandaproxy-addr=internal://{{ $advertiseAddress }}:{{ .Values.listeners.http.port }}, +{{- range $name, $listener := .Values.listeners.http.external -}} + {{ $name}}://{{ $advertiseAddress }}:{{ $listener.nodePort }}, +{{- end }} + ports: +{{- range $name, $listener := .Values.listeners }} + - name: {{ lower $name }} + containerPort: {{ $listener.port }} + {{- range $externalName, $external := $listener.external }} + {{- if $external.port }} + - name: {{ lower $name | trunc 6 }}-{{ lower $externalName | trunc 8}} + containerPort: {{ $external.port }} + {{- end }} + {{- end }} +{{- end }} + volumeMounts: + - name: datadir + mountPath: /var/lib/redpanda/data + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + resources: +{{- if hasKey .Values.resources.memory "min" }} + requests: + cpu: {{ .Values.resources.cpu.cores }} + memory: {{ .Values.resources.memory.container.min }} +{{- end }} + limits: + cpu: {{ .Values.resources.cpu.cores }} + memory: {{ .Values.resources.memory.container.max }} + volumes: + - name: datadir +{{- if .Values.storage.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: datadir +{{- else if .Values.storage.hostPath }} + hostPath: + path: {{ .Values.storage.hostPath | quote }} +{{- else }} + emptyDir: {} +{{- end }} + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} + affinity: + {{- with .Values.statefulset.nodeAffinity }} + nodeAffinity: {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.statefulset.podAffinity }} + podAffinity: {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.statefulset.podAntiAffinity }} + podAntiAffinity: + {{- if .Values.statefulset.podAntiAffinity.type }} + {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} + podAffinityTerm: + topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- end }} + {{- else }} + {{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }} + {{- end }} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.topologySpreadConstraints }} + maxSkew: {{ .maxSkew }} + topologyKey: {{ .topologyKey }} + whenUnsatisfiable: {{ .whenUnsatisfiable }} + {{- end }} +{{- end }} +{{- with .Values.statefulset.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} +{{- end }} +{{- if .Values.statefulset.priorityClassName }} + priorityClassName: {{ .Values.statefulset.priorityClassName }} +{{- end }} +{{- with .Values.statefulset.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} +{{- end }} +{{- if .Values.storage.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.storage.persistentVolume.labels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.storage.persistentVolume.annotations }} + annotations: {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: ["ReadWriteOnce"] + {{- if .Values.storage.persistentVolume.storageClass }} + {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote }} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.persistentVolume.size | quote }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml new file mode 100644 index 000000000..02e40fb4f --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml @@ -0,0 +1,55 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-api-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk cluster info + --brokers {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml new file mode 100644 index 000000000..cbef84ff3 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml @@ -0,0 +1,79 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-kafka-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk cluster info + --brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml new file mode 100644 index 000000000..dcce83c39 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml @@ -0,0 +1,94 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "sasl-enabled" . | fromJson).bool (not (include "tls-enabled" . | fromJson).bool) }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk acl user delete admin + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}; + sleep 3; + rpk acl user create admin -p test + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} && + sleep 3 && + rpk topic create test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic describe test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic delete test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk acl user delete admin + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + volumeMounts: + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml new file mode 100644 index 000000000..3e787fa20 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml @@ -0,0 +1,101 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "sasl-enabled" . | fromJson).bool (include "tls-enabled" . | fromJson).bool -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-tls-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk acl user delete admin + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}; + sleep 3; + rpk acl user create admin -p test + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} && + sleep 3 && + rpk topic create test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic describe test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic delete test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk acl user delete admin + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml new file mode 100644 index 000000000..b4c6ca9d9 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml @@ -0,0 +1,79 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-pandaproxy-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - --ssl-reqd + - --cacert + - /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.http.port }}/brokers + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml new file mode 100644 index 000000000..b1221e6a0 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml @@ -0,0 +1,44 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-pandaproxy-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.http.port }}/brokers +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml new file mode 100644 index 000000000..8d6205845 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml @@ -0,0 +1,77 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-schemaregistry-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - --ssl-reqd + - --cacert + - /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt + - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml new file mode 100644 index 000000000..b6272afd2 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml @@ -0,0 +1,46 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- /* TODO test fails if SASL is enabled */}} +{{- /* TODO test expects the first listener to have TLS enabled */}} +{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-schemaregistry-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/values.schema.json b/charts/redpanda/redpanda/2.2.0/values.schema.json new file mode 100644 index 000000000..610476dd6 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/values.schema.json @@ -0,0 +1,810 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "required": [ + "image" + ], + "properties": { + "image": { + "description": "Values used to define the container image to be used for Redpanda", + "type": "object", + "required": [ + "repository", + "pullPolicy" + ], + "properties": { + "repository": { + "description": "container image repository", + "default": "vectorized/redpanda", + "type": "string", + "pattern": "^[a-z0-9-_/.]+$" + }, + "tag": { + "description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.", + "default": "Chart.appVersion", + "type": "string", + "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$" + }, + "pullPolicy": { + "description": "The Kubernetes Pod image pull policy.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + } + } + }, + "license_key": { + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "auth": { + "type": "object", + "required": [ + "sasl" + ], + "properties": { + "sasl": { + "type": "object", + "required": [ + "enabled", + "users" + ], + "if": { + "properties": { + "enabled": { + "enum": [ + true + ] + } + } + }, + "then": { + "properties": { + "enabled": { + "type": "boolean" + }, + "users": { + "type": "array", + "minItems": 1, + "items": { + "properties": { + "name": { + "type": "string" + }, + "password": { + "type": "string" + } + }, + "oneOf": [ + { + "required": [ + "name", + "password" + ] + }, + { + "required": [ + "name", + "secretName" + ] + } + ] + } + } + } + }, + "else": { + "properties": { + "enabled": { + "type": "boolean" + } + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "certs": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "caEnabled" + ], + "properties": { + "issuerRef": { + "type": "string" + }, + "caEnabled": { + "type": "boolean" + }, + "duration": { + "type": "string", + "pattern": ".*[smh]$" + } + } + } + } + } + } + }, + "external": { + "type": "object", + "required": [ + "enabled", + "type", + "domain" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "domain": { + "type": "string", + "format": "idn-hostname" + } + } + }, + "logging": { + "type": "object", + "required": [ + "logLevel", + "usageStats" + ], + "parameters": { + "logLevel": { + "type": "string", + "pattern": "^(error|warn|info|debug|trace)$" + }, + "usageStats": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + } + } + } + } + }, + "resources": { + "type": "object", + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "type": "object", + "required": [ + "cores" + ], + "properties": { + "cores": { + "type": "integer" + }, + "overprovisioned": { + "type": "boolean" + } + } + }, + "memory": { + "type": "object", + "required": [ + "container" + ], + "properties": { + "enable_memory_locking": { + "type": "boolean" + }, + "container": { + "type": "object", + "required": [ + "max" + ], + "properties": { + "min": { + "type": "string", + "pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$" + }, + "max": { + "type": "string", + "pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$" + } + } + } + } + } + } + }, + "storage": { + "type": "object", + "required": [ + "hostPath", + "persistentVolume" + ], + "properties": { + "hostPath": { + "type": "string" + }, + "persistentVolume": { + "type": "object", + "required": [ + "enabled", + "size", + "storageClass", + "labels", + "annotations" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "size": { + "type": "string", + "pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$" + }, + "storageClass": { + "type": "string" + }, + "labels": { + "type": "object" + }, + "annotations": { + "type": "object" + } + } + } + } + }, + "statefulset": { + "type": "object", + "required": [ + "replicas", + "updateStrategy", + "podManagementPolicy", + "budget", + "annotations", + "startupProbe", + "livenessProbe", + "readinessProbe", + "podAffinity", + "podAntiAffinity", + "nodeSelector", + "priorityClassName", + "tolerations", + "topologySpreadConstraints", + "podSecurityContext" + ], + "properties": { + "replicas": { + "type": "integer" + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "pattern": "^(RollingUpdate|OnDelete)$" + } + } + }, + "podManagementPolicy": { + "type": "string", + "pattern": "^(OrderedReady|Parallel)$" + }, + "budget": { + "type": "object", + "required": [ + "maxUnavailable" + ], + "properties": { + "maxUnavailable": { + "type": "integer" + } + } + }, + "annotations": { + "type": "object" + }, + "startupProbe": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "livenessProbe": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object", + "required": [ + "topologyKey", + "type", + "weight" + ], + "properties": { + "topologyKey": { + "type": "string" + }, + "type": { + "type": "string", + "pattern": "^(hard|soft)$" + }, + "weight": { + "type": "integer" + } + } + }, + "nodeSelector": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "properties": { + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string", + "pattern": "^(ScheduleAnyway|DoNotSchedule)$" + } + } + }, + "podSecurityContext": { + "type": "object", + "required": [ + "fsGroup" + ], + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "required": [ + "create", + "annotations", + "name" + ], + "properties": { + "create": { + "type": "boolean" + }, + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + } + } + }, + "tuning": { + "type": "object", + "properties": { + "tune_aio_events": { + "type": "boolean" + }, + "tune_clocksource": { + "type": "boolean" + }, + "tune_ballast_file": { + "type": "boolean" + }, + "ballast_file_path": { + "type": "string" + }, + "ballast_file_size": { + "type": "string" + }, + "well_known_io": { + "type": "string" + } + } + }, + "listeners": { + "type": "object", + "required": [ + "admin", + "kafka", + "http", + "rpc", + "schemaRegistry" + ], + "properties": { + "admin": { + "type": "object", + "required": [ + "port", + "external", + "tls" + ], + "properties": { + "port": { + "type": "integer" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "kafka": { + "type": "object", + "required": [ + "port", + "external", + "tls" + ], + "properties": { + "port": { + "type": "integer" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "port", + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "http": { + "type": "object", + "required": [ + "enabled", + "port", + "kafkaEndpoint", + "external", + "tls" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "kafkaEndpoint": { + "type": "string", + "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "port", + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "rpc": { + "type": "object", + "required": [ + "port", + "tls" + ], + "properties": { + "port": { + "type": "integer" + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "schemaRegistry": { + "type": "object", + "required": [ + "enabled", + "port", + "kafkaEndpoint", + "external", + "tls" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "kafkaEndpoint": { + "type": "string", + "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "port", + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + } + } + }, + "config": { + "type": "object", + "required": [ + "cluster", + "tunable", + "node" + ], + "properties": { + "cluster": { + "type": "object" + }, + "tunable": { + "type": "object" + }, + "node": { + "type": "object" + } + } + } + } +} diff --git a/charts/redpanda/redpanda/2.2.0/values.yaml b/charts/redpanda/redpanda/2.2.0/values.yaml new file mode 100644 index 000000000..1ebe71991 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/values.yaml @@ -0,0 +1,580 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file contains values for variables referenced from yaml files in the templates directory. +# +# For further information on Helm templating see the documentation at: +# https://helm.sh/docs/chart_template_guide/values_files/ + +# Common parameters +# +# Override redpanda.name template +nameOverride: "" +# Override redpanda.fullname template +fullnameOverride: "" +# Default kuberentes cluster domain +clusterDomain: cluster.local +# Additional labels added to all Kubernetes objects +commonLabels: {} + +# Redpanda parameters +# +image: + repository: vectorized/redpanda + # Redpanda version defaults to Chart.appVersion + tag: "" + # The imagePullPolicy will default to Always when the tag is 'latest' + pullPolicy: IfNotPresent +# Your license key (optional) +license_key: "" + +# +# Authentication +auth: + # + # SASL configuration + sasl: + enabled: false + # user list + # TODO create user at startup + users: + - name: admin + # Password for the user. This will be used to generate a secret + # password: password + # If password isn't given, then the secretName must point to an already existing secret + # secretName: adminPassword + +# +# TLS configuration +tls: + # Enable global TLS, which turns on TLS by default for all listeners + # Each listener must include a certificate name in its TLS section + # Any certificates in auth.tls.certs will still be loaded if enabled is false + # This is because listeners may enable TLS individually (see listeners..tls.enabled) + enabled: false + # list all certificates below, then reference a certificate's name in each listener (see listeners..tls.cert) + certs: + # This is the certificate name that is used to associate the certificate with a listener + # See listeners..tls.cert for more information + default: + # Define an issuerRef to use your own custom pre-installed Issuer + # issuerRef: + # name: redpanda-default-root-issuer + # kind: Issuer # Can be Issuer or ClusterIssuer + # The caEnabled flag determines whether the ca.crt file is included in the TLS mount path on each Redpanda pod + caEnabled: true + # duration: 43800h + +# +# External access configuration +external: + # Default external access value for all listeners except RPC + # External config doesn't apply to RPC listeners as they are never externally accessible + # These values can be overridden by each listener if needed + enabled: true + # Default external access type (options are NodePort and LoadBalancer) + # TODO include IP range for load balancer that support it: https://github.com/redpanda-data/helm-charts/issues/106 + type: NodePort + domain: local + # annotations: + # For example: + # cloud.google.com/load-balancer-type: "Internal" + # service.beta.kubernetes.io/aws-load-balancer-type: nlb + +# Logging +logging: + # Log level + # Valid values (from least to most logging) are warn, info, debug, trace + logLevel: info + # + # Send usage stats back to Redpanda + # See https://docs.redpanda.com/docs/cluster-administration/monitoring/#stats-reporting + usageStats: + # rpk.enable_usage_stats + enabled: true + # Your organization name (optional) + # organization: your-org + # Your cluster ID (optional) + # clusterId: your-helm-cluster +# +resources: + # Both Redpanda and Kubernetes have multiple ways to allocate resources. + # There are also several associated parameters that impact how these resources are used by + # Kubernetes, the Redpanda app, and the subsystem Redpanda is built on (Seastar). + # This section attempts to simplify allocating resources by providing a single location + # where resources are defined. + # Helm sets these resource values within the following templates: + # - statefulset.yaml + # - configmap.yaml + # + # The default values below are what should work for a development environment. + # Production-level values and other considerations are provided in comments + # if those values are different from the default. + # + cpu: + # Redpanda makes use of a thread per core model described here: + # https://redpanda.com/blog/tpc-buffers + # For this reason, Redpanda should only be given full cores (cores parameter below). + # + # NOTE: You can increase cores, but decreasing cores is not currently supported: + # https://github.com/redpanda-data/redpanda/issues/350 + # + # Equivalent to: --smp, resources.requests.cpu, and resources.limits.cpu + # For production: 4 or greater + cores: 1 + # + # Overprovisioned means Redpanda won't assume it has all of the provisioned CPU. + # This should be true unless the container has CPU affinity (eg. min and max above are equal). + # Equivalent to: --idle-poll-time-us 0 --thread-affinity 0 --poll-aio 0 + # overprovisioned: false + # + memory: + # Enables memory locking. + # For production: true + # enable_memory_locking: false + # + # It is recommended to have at least 2Gi of memory per core for the Redpanda binary. + # This memory is taken from the total memory given to each container. + # We allocate 80% of the container's memory to Redpanda, leaving the rest for + # the Seastar subsystem (reserveMemory) and other container processes. + # So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. + # + # These values affect --memory and --reserve-memory flags passed to Redpanda and the memory + # requests/limits in the StatefulSet. + # Valid suffixes: k M G Ki Mi Gi + # Only support a single decimal (eg. 2.5Gi rather than 2.55Gi) + # + container: + # Minimum memory count for each Redpanda broker + # If omitted, the min value will equal the max value (requested resources defaults to limits) + # Equivalent to: resources.requests.memory + # For production: 10Gi or greater + # min: 2.5Gi + # + # Minimum memory count for each Redpanda broker + # Equivalent to: resources.limits.memory + # For production: 10Gi or greater + max: 2.5Gi + # + # redpanda: + # This optional redpanda section allows specifying the memory size for both the Redpanda + # process and the underlying reserved memory (used by Seastar). + # This section is omitted by default, and memory sizes are calculated automatically + # based on container memory. + # Uncommenting this section and setting memory and reserveMemory values will disable + # automatic calculation. + # + # If you are setting the following values manually, keep in mind the following guidelines (getting + # this wrong will potentially lead to performance issues, instability, loss of data, etc.): + # The amount of memory to allocate to a container is determined by the sum of three values: + # 1. Redpanda (at least 2Gi per core, ~80% of the container's total memory) + # 2. Seastar subsystem (200Mi * 0.2% of the container's total memory, 200Mi < x < 1Gi) + # 3. other container processes (whatever small amount remains) + # + # Memory for the Redpanda process. + # This must be lower the container's memory (resources.memory.container.min if provided, otherwise + # resources.memory.container.max). + # Equivalent to: --memory + # For production: 8Gi or greater + # memory: 2Gi + # + # Memory reserved for the Seastar subsystem. + # Any value above 1Gi will provide diminishing performance benefits. + # Equivalent to: --reserve-memory + # For production: 1Gi + # reserveMemory: 200Mi +# +# Persistence +storage: + # Absolute path on host to store Redpanda's data. + # If not specified, then `emptyDir` will be used instead. + # If specified, but `persistentVolume.enabled` is `true`, then has no effect. + hostPath: "" + # If `enabled` is `true` then a PersistentVolumeClaim will be created and + # used to store Redpanda's data, otherwise `hostPath` is used. + persistentVolume: + enabled: true + size: 3Gi + # If defined, then `storageClassName: `. + # If set to "-", then `storageClassName: ""`, which disables dynamic + # provisioning. + # If undefined or empty (default), then no `storageClassName` spec is set, + # so the default provisioner will be chosen (gp2 on AWS, standard on + # GKE, AWS & OpenStack). + storageClass: "" + # Additional labels to apply to the created PersistentVolumeClaims. + labels: {} + # Additional annotations to apply to the created PersistentVolumeClaims. + annotations: {} + +statefulset: + # Number of Redpanda brokers (recommend setting this to the number of nodes in the cluster) + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + budget: + maxUnavailable: 1 + # Additional annotations to apply to the Pods of this StatefulSet. + annotations: {} + # Adjust the period for your probes to meet your needs (see https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) + startupProbe: + initialDelaySeconds: 1 + failureThreshold: 120 + periodSeconds: 10 + livenessProbe: + initialDelaySeconds: 10 + failureThreshold: 3 + periodSeconds: 10 + readinessProbe: + initialDelaySeconds: 1 + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + # + # A note regarding statefulset resources: + # Resources are set through the top-level resources section above. + # It is recommended to set resources values in that section rather than here, as this will guarantee + # memory is allocated across containers, Redpanda, and the Seastar subsystem correctly. + # This automatic memory allocation is in place because Repanda and the Seastar subsystem require flags + # at startup that set the amount of memory available to each process. + # Kubernetes (mainly statefulset), Redpanda, and Seastar memory values are tightly coupled. + # Adding a resource section here will be ignored. + # + # Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity + podAffinity: {} + # Anti-affinity rules for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # You may either toggle options below for default anti-affinity rules, + # or specify the whole set of anti-affinity rules instead of them. + podAntiAffinity: + # The topologyKey to be used. + # Can be used to spread across different nodes, AZs, regions etc. + topologyKey: kubernetes.io/hostname + # Type of anti-affinity rules: either `soft`, `hard` or empty value (which + # disables anti-affinity rules). + type: soft + # Weight for `soft` anti-affinity rules. + # Does not apply for other anti-affinity types. + weight: 100 + # Node selection constraints for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + # PriorityClassName given to Pods of this StatefulSet + # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + priorityClassName: "" + # Taints to be tolerated by Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + # https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + # When using persistent storage the volume will be mounted as root. In order for redpanda to use the volume + # we must set the fsGroup to the uid of redpanda, which is 101 + podSecurityContext: + fsGroup: 101 + # runAsNonRoot: true + # runAsUser: 1000 + +# Service account management +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +tuning: {} + # This section contains Redpanda tuning parameters. + # Each parameter below is set to their default values. + # Remove the curly brackets above if you uncomment any parameters below. + # + # Increases the number of allowed asynchronous IO events. + # tune_aio_events: false + # + # Syncs NTP + # tune_clocksource: false + # + # Creates a "ballast" file so that, if a Redpanda node runs out of space, + # you can delete the ballast file to allow the node to resume operations and then + # delete a topic or records to reduce the space used by Redpanda. + # tune_ballast_file: false + # + # The path where the ballast file will be created. + # ballast_file_path: "/var/lib/redpanda/data/ballast" + # + # The ballast file size. + # ballast_file_size: "1GiB" + # + # (Optional) The vendor, VM type and storage device type that redpanda will run on, in + # the format ::. This hints to rpk which configuration values it + # should use for the redpanda IO scheduler. + # Some valid values are "gcp:c2-standard-16:nvme", "aws:i3.xlarge:default" + # well_known_io: "" + # + # The following tuning parameters must be false in container environments and will be ignored: + # tune_network + # tune_disk_scheduler + # tune_disk_nomerges + # tune_disk_irq + # tune_fstrim + # tune_cpu + # tune_swappiness + # tune_transparent_hugepages + # tune_coredump + +### Overrides +# +# This sections can be used to override global settings configured above for individual +# listeners. +# +listeners: + # Admin API listener + # The kafka listener group cannot be disabled + admin: + # The port for the admin server + port: 9644 + # Optional external section + external: + default: + # `enabled`` is used to override the setting of the `external` top-level key + # for this external listener. The default is `true`. + # enabled: true + + # External port + # `nodePort` defines the TCP port to listen on for NodePort types. + nodePort: 31644 + # Optional TLS section (required if global TLS is enabled) + tls: + # Optional flag to override the global TLS enabled flag + # enabled: true + # Name of certificate used for TLS (must match a cert registered at auth.tls.certs) + cert: default + # If true, the truststore file for this listener will be included in the ConfigMap + requireClientAuth: false + # Kafka API listeners + # The kafka listener group cannot be disabled + kafka: + port: 9093 + # Listeners internal to kubernetes service network + tls: + # enabled: true + cert: default + requireClientAuth: false + # External listeners + external: + # to disable external kafka listeners when the global `external` is enabled, + # replace this with an empty list, ie: `external: []` + default: + port: 9094 + # Type can be `NodePort or `LoadBalancer`. If unset, it will default to the type + # in the `external` section.` + type: NodePort + # External port + # This listener port will be used on each kubernetes node + nodePort: 31092 + # HTTP API listeners (aka PandaProxy) + # PandaProxy is a kafka client that connects to an endpoint from listeners.kafka.endpoints + http: + enabled: true + port: 8082 + kafkaEndpoint: default + tls: + # enabled: true + cert: default + requireClientAuth: false + # External listeners + external: + default: + # Ports must be unique per listener + port: 8083 + # Type of external access (options are ClusterIP, NodePort, and LoadBalancer) + type: NodePort + # External port + # This listener port will be used for the external port if NodePort is selected + nodePort: 30082 + # RPC listener + # The RPC listener cannot be disabled + rpc: + port: 33145 + tls: + # enabled: true + cert: default + requireClientAuth: false + # Schema registry listeners + schemaRegistry: + enabled: true + port: 8081 + # Schema Registry is a kafka client that connects to an endpoint from listeners.kafka.endpoints + kafkaEndpoint: default + tls: + # enabled: true + cert: default + requireClientAuth: false + external: + default: + # Ports must be unique per listener + port: 8080 + # Optional external section + # enabled: true + # Type of external access (options are NodePort and LoadBalancer) + # type: NodePort + # External port + # This listener port will be used for the external port if this is not included + nodePort: 30081 + +# Expert Config + +# This section contains various settings supported by Redpanda that may not work +# correctly in a kubernetes cluster. Changing these settings comes with some risk. +# +# Here be dragons! +# +# This section allows modifying various Redpanda settings not covered in other sections above. +# These values do not pertain to the kubernetes objects created with helm. +# Instead these parameters get passed directly to the Redpanda binary at startup. +# See https://docs.redpanda.com/docs/cluster-administration/configuration/ +config: + cluster: {} + # auto_create_topics_enabled: true # Allow topic auto creation + # transaction_coordinator_replication: 1 # Replication factor for a transaction coordinator topic + # id_allocator_replication: 1 # Replication factor for an ID allocator topic + # disable_metrics: false # Disable registering metrics + # enable_coproc: false # Enable coprocessing mode + # enable_idempotence: false # Enable idempotent producer + # enable_pid_file: true # Enable pid file; You probably don't want to change this + # enable_transactions: false # Enable transactions + # group_max_session_timeout_ms: 300s # The maximum allowed session timeout for registered consumers; Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures; Default quota tracking window size in milliseconds + # group_min_session_timeout_ms: Optional # The minimum allowed session timeout for registered consumers; Shorter timeouts result in quicker failure detection at the cost of more frequent consumer heartbeating + # kafka_group_recovery_timeout_ms: 30000ms # Kafka group recovery timeout expressed in milliseconds + # kafka_qdc_enable: false # Enable kafka queue depth control + # kafka_qdc_max_latency_ms: 80ms # Max latency threshold for kafka queue depth control depth tracking + # log_cleanup_policy: deletion # Default topic cleanup policy + # log_compaction_interval_ms: 5min # How often do we trigger background compaction + # log_compression_type: producer # Default topic compression type + # log_message_timestamp_type: create_time # Default topic messages timestamp type + # retention_bytes: None # max bytes per partition on disk before triggering a compaction + # rm_sync_timeout_ms: 2000ms + # rm_violation_recovery_policy: crash # Describes how to recover from an invariant violation happened on the partition level + # target_quota_byte_rate: 2GB # Target quota byte rate in bytes per second + # tm_sync_timeout_ms: 2000ms # Time to wait state catch up before rejecting a request + # tm_violation_recovery_policy: crash # Describes how to recover from an invariant violation happened on the transaction coordinator level + # transactional_id_expiration_ms: 10080min # Producer ids are expired once this time has elapsed after the last write with the given producer ID + tunable: {} + # alter_topic_cfg_timeout_ms: 5s # Time to wait for entries replication in controller log when executing alter configuration request + # compacted_log_segment_size: 256MiB # How large in bytes should each compacted log segment be (default 256MiB) + # controller_backend_housekeeping_interval_ms: 1s # Interval between iterations of controller backend housekeeping loop + # coproc_max_batch_size: 32kb # Maximum amount of bytes to read from one topic read + # coproc_max_inflight_bytes: 10MB # Maximum amountt of inflight bytes when sending data to wasm engine + # coproc_max_ingest_bytes: 640kb # Maximum amount of data to hold from input logs in memory + # coproc_offset_flush_interval_ms: 300000ms # Interval for which all coprocessor offsets are flushed to disk + # create_topic_timeout_ms: 2000ms # Timeout (ms) to wait for new topic creation + # default_num_windows: 10 # Default number of quota tracking windows + # default_window_sec: 1000ms # Default quota tracking window size in milliseconds + # delete_retention_ms: 10080min # delete segments older than this (default 1 week) + # disable_batch_cache: false # Disable batch cache in log manager + # fetch_reads_debounce_timeout: 1ms # Time to wait for next read in fetch request when requested min bytes wasn't reached + # fetch_session_eviction_timeout_ms: 60s # Minimum time before which unused session will get evicted from sessions; Maximum time after which inactive session will be deleted is two time given configuration valuecache + # group_initial_rebalance_delay: 300ms # Extra delay (ms) added to rebalance phase to wait for new members + # group_new_member_join_timeout: 30000ms # Timeout for new member joins + # group_topic_partitions: 1 # Number of partitions in the internal group membership topic + # id_allocator_batch_size: 1000 # ID allocator allocates messages in batches (each batch is a one log record) and then serves requests from memory without touching the log until the batch is exhausted + # id_allocator_log_capacity: 100 # Capacity of the id_allocator log in number of messages; Once it reached id_allocator_stm should compact the log + # join_retry_timeout_ms: 5s # Time between cluster join retries in milliseconds + # kafka_qdc_idle_depth: 10 # Queue depth when idleness is detected in kafka queue depth control + # kafka_qdc_latency_alpha: 0.002 # Smoothing parameter for kafka queue depth control latency tracking + # kafka_qdc_max_depth: 100 # Maximum queue depth used in kafka queue depth control + # kafka_qdc_min_depth: 1 # Minimum queue depth used in kafka queue depth control + # kafka_qdc_window_count: 12 # Number of windows used in kafka queue depth control latency tracking + # kafka_qdc_window_size_ms: 1500ms # Window size for kafka queue depth control latency tracking + # kvstore_flush_interval: 10ms # Key-value store flush interval (ms) + # kvstore_max_segment_size: 16MB # Key-value maximum segment size (bytes) + # log_segment_size: 1GB # How large in bytes should each log segment be (default 1G) + # max_compacted_log_segment_size: 5GB # Max compacted segment size after consolidation + # max_kafka_throttle_delay_ms: 60000ms # Fail-safe maximum throttle delay on kafka requests + # metadata_dissemination_interval_ms: 3000ms # Interaval for metadata dissemination batching + # metadata_dissemination_retries: 10 # Number of attempts of looking up a topic's meta data like shard before failing a request + # metadata_dissemination_retry_delay_ms: 500ms # Delay before retry a topic lookup in a shard or other meta tables + # quota_manager_gc_sec: 30000ms # Quota manager GC frequency in milliseconds + # raft_learner_recovery_rate: 104857600 # Raft learner recovery rate in bytes per second + # raft_heartbeat_disconnect_failures: 3 #After how many failed heartbeats to forcibly close an unresponsive TCP connection. Set to 0 to disable force disconnection. + # raft_heartbeat_interval_ms: 150 #The interval in ms between raft leader heartbeats. + # raft_heartbeat_timeout_ms: 3000 #Raft heartbeat RPC timeout. + # raft_io_timeout_ms: 10000 #Raft I/O timeout. + # raft_max_concurrent_append_requests_per_follower: 16 #Maximum number of concurrent append entries requests sent by leader to one follower. + # raft_max_recovery_memory: 33554432 #Maximum memory that can be used for reads in the raft recovery process. + # raft_recovery_default_read_size: 524288 #Default size of read issued during raft follower recovery. + # raft_replicate_batch_window_size: 1048576 #Maximum size of requests cached for replication. + # raft_smp_max_non_local_requests: #Maximum number of x-core requests pending in Raft seastar::smp group. (for more details look at seastar::smp_service_group documentation). + # raft_timeout_now_timeout_ms: 1000 #Timeout for a timeout now request. + # raft_transfer_leader_recovery_timeout_ms: 1000 #Timeout waiting for follower recovery when transferring leadership. + # raft_election_timeout_ms: 1500ms # Election timeout expressed in milliseconds TBD - election_time_out + # readers_cache_eviction_timeout_ms: 30s # Duration after which inactive readers will be evicted from cache + # reclaim_growth_window: 3000ms # Length of time in which reclaim sizes grow + # reclaim_max_size: 4MB # Maximum batch cache reclaim size + # reclaim_min_size: 128KB # Minimum batch cache reclaim size + # reclaim_stable_window: 10000ms # Length of time above which growth is reset + # recovery_append_timeout_ms: 5s # Timeout for append entries requests issued while updating stale follower + # release_cache_on_segment_roll: false # Free cache when segments roll + # replicate_append_timeout_ms: 3s # Timeout for append entries requests issued while replicating entries + # segment_appender_flush_timeout_ms: 1ms # Maximum delay until buffered data is written + # wait_for_leader_timeout_ms: 5000ms # Timeout (ms) to wait for leadership in metadata cache + node: {} + # node_id: # Unique ID identifying a node in the cluster + # data_directory: # Place where redpanda will keep the data + # admin_api_doc_dir: /usr/share/redpanda/admin-api-doc # Admin API doc directory + # api_doc_dir: /usr/share/redpanda/proxy-api-doc # API doc directory + # coproc_supervisor_server: 127.0.0.1:43189 # IpAddress and port for supervisor service + # dashboard_dir: None # serve http dashboard on / url + # rack: None # Rack identifier + # developer_mode: optional # Skips most of the checks performed at startup + + # Invalid properties + # Any of these properties will be ignored. These otherwise valid properties are not allowed + # to be used in this section since they impact deploying Redpanda in Kubernetes. + # Make use of the above sections to modify these values instead (see comments below). + # admin: 127.0.0.1:9644 # Address and port of admin server + # admin_api_tls: validate_many # TLS configuration for admin HTTP server + # advertised_kafka_api: None # Address of Kafka API published to the clients + # advertised_pandaproxy_api: None # Rest API address and port to publish to client + # advertised_rpc_api: None # Address of RPC endpoint published to other cluster members + # cloud_storage_access_key: None # AWS access key + # cloud_storage_api_endpoint: None # Optional API endpoint + # cloud_storage_api_endpoint_port: 443 # TLS port override + # cloud_storage_bucket: None # AWS bucket that should be used to store data + # cloud_storage_disable_tls: false # Disable TLS for all S3 connections + # cloud_storage_enabled: false # Enable archival storage + # cloud_storage_max_connections: 20 # Max number of simultaneous uploads to S3 + # cloud_storage_reconciliation_ms: 10s # Interval at which the archival service runs reconciliation (ms) + # cloud_storage_region: None # AWS region that houses the bucket used for storage + # cloud_storage_secret_key: None # AWS secret key + # cloud_storage_trust_file: None # Path to certificate that should be used to validate server certificate during TLS handshake + # default_topic_partitions: 1 # Default number of partitions per topic + # default_topic_replications: 3 # Default replication factor for new topics + # enable_admin_api Enable the admin API true + # enable_sasl Enable SASL authentication for Kafka connections false + # kafka_api Address and port of an interface to listen for Kafka API requests 127.0.0.1:9092 + # kafka_api_tls TLS configuration for Kafka API endpoint None + # pandaproxy_api Rest API listen address and port 0.0.0.0:8082 + # pandaproxy_api_tls TLS configuration for Pandaproxy api validate_many + # rpc_server IP address and port for RPC server 127.0.0.1:33145 + # rpc_server_tls TLS configuration for RPC server validate + # seed_servers List of the seed servers used to join current cluster; If the seed_server list is empty the node will be a cluster root and it will form a new cluster None + # superusers List of superuser usernames None diff --git a/index.yaml b/index.yaml index ab382dcef..6bd599d3d 100644 --- a/index.yaml +++ b/index.yaml @@ -5154,6 +5154,36 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.2.4 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.2.6 + created: "2022-10-18T02:35:45.447471-04:00" + description: Redpanda is the real-time engine for modern apps. + digest: 7eb6443806022f19295315669b105cf3077c107ff2afb49523b5c181ef02d915 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.2.0.tgz + version: 2.2.0 - annotations: artifacthub.io/images: | - name: redpanda