andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CI Updated Charts 

Updated:
  redpanda/redpanda:
    - 2.2.0
pull/535/head
Samuel Attwood 2022-10-18 02:35:48 -04:00
parent 959c351079
commit 976c372244
33 changed files with 3983 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/redpanda/redpanda-2.2.0.tgz Normal file
View File

Binary file not shown.

23
charts/redpanda/redpanda/2.2.0/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

26
charts/redpanda/redpanda/2.2.0/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
annotations:
artifacthub.io/images: |
- name: redpanda
image: vectorized/redpanda:v22.2.4
- name: busybox
image: busybox:latest
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
url: https://docs.redpanda.com
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Redpanda
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: redpanda
apiVersion: v2
appVersion: v22.2.6
description: Redpanda is the real-time engine for modern apps.
icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
maintainers:
- name: redpanda-data
url: https://github.com/orgs/redpanda-data/people
name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
version: 2.2.0

201
charts/redpanda/redpanda/2.2.0/LICENSE Normal file
View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

40
charts/redpanda/redpanda/2.2.0/README.md Normal file
View File

@ -0,0 +1,40 @@
# Redpanda Helm Chart
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/redpanda-data)](https://artifacthub.io/packages/search?repo=redpanda-data)
This Helm chart (`redpanda`) deploys a Redpanda cluster.
Once deployed, you continue to use the Helm command and override values to change and/or upgrade your Redpanda deployment.
The defaults are in [values.yaml][values].
## Overview
This is the Helm Chart for [Redpanda](https://redpanda.com). It provides the ability to set up a multi node redpanda cluster with the following optional features:
- Schema registry (enabled by default)
- REST (aka PandaProxy, enabled by default)
- TLS
- SASL
- External access
See the [examples folder][examples] with more details on how to use this helm chart.
Each example focuses on specific features like the ones listed above.
We recommend completing the instructions in the [60-Second Guide for Kubernetes][kubernetes-qs-dev] before continuing steps in any of these examples.
The [values.yaml][values] file is documented throughout.
Please see this file for more details.
## Installation
See the [60-Second Guide for Kubernetes][kubernetes-qs-dev]
## Contributing
If you have improvements that can be made to this Helm chart, please consider becoming a contributor.
See our [Contributing][contributing] document for more details.
[values]: https://github.com/redpanda-data/helm-charts/blob/main/redpanda/values.yaml
[examples]: https://github.com/redpanda-data/helm-charts/blob/main/examples/README.md
[contributing]: https://github.com/redpanda-data/helm-charts/blob/main/CONTRIBUTING.md
[kubernetes-qs-dev]: https://docs.redpanda.com/docs/quickstart/kubernetes-qs-dev/

21
charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml Normal file
View File

@ -0,0 +1,21 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
statefulset:
replicas: 1
tls:
enabled: false
auth:
sasl:
enabled: false

21
charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml Normal file
View File

@ -0,0 +1,21 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
statefulset:
replicas: 1
tls:
enabled: true
auth:
sasl:
enabled: false

21
charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml Normal file
View File

@ -0,0 +1,21 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
statefulset:
replicas: 1
tls:
enabled: false
auth:
sasl:
enabled: true

21
charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml Normal file
View File

@ -0,0 +1,21 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
statefulset:
replicas: 1
tls:
enabled: true
auth:
sasl:
enabled: true

18
charts/redpanda/redpanda/2.2.0/ci/ct.yaml Normal file
View File

@ -0,0 +1,18 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
chart-dirs: .
target-branch: main
helm-extra-args: --timeout 600s
remote: origin

76
charts/redpanda/redpanda/2.2.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1,76 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
Congratulations on installing {{ .Chart.Name }}!
The pods will rollout in a few seconds. To check the status:
kubectl -n {{ .Release.Namespace }} rollout status statefulset {{ template "redpanda.fullname" . }} --watch
Try some sample commands, like creating a topic called test-topic:
{{- $anyTLS := (include "tls-enabled" . | fromJson).bool -}}
{{- $anySASL := (include "sasl-enabled" . | fromJson).bool }}
{{- $brokers := printf "%s-0.%s:%d"
(include "redpanda.fullname" .)
(include "redpanda.internal.domain" .)
(int .Values.listeners.kafka.port)
-}}
{{- $rpk :=
printf "kubectl -n %s exec -ti %s-0 -c redpanda -- rpk --brokers=%s"
.Release.Namespace
(include "redpanda.fullname" .)
$brokers
}}
{{- $rpkAdmin := "" }}
{{- if $anyTLS }}
{{ $rpk = printf "%s --tls-enabled --tls-truststore=/etc/tls/certs/%s/ca.crt" $rpk .Values.listeners.kafka.tls.cert }}
{{ $rpkAdmin = printf "%s --admin-api-tls-enabled --admin-api-tls-truststore=/etc/tls/certs/%s/ca.crt --api-urls=%s-0.%s:%d"
$rpk
.Values.listeners.admin.tls.cert
(include "redpanda.fullname" .)
(include "redpanda.internal.domain" .)
(int .Values.listeners.admin.port)
}}
{{- else }}
{{ $rpkAdmin = $rpk }}
{{- end }}
{{- if $anySASL }}
{{ $rpk = printf "%s --user %s --password $YOUR_PASSWORD --sasl-mechanism SCRAM-SHA-256" $rpk (.Values.auth.sasl.users | first).name }}
{{ $rpkAdmin = printf "%s --user %s --password $YOUR_PASSWORD --sasl-mechanism SCRAM-SHA-256" $rpkAdmin (.Values.auth.sasl.users | first).name }}
{{- end }}
{{- if and $anySASL }}
Create a user:
{{ $rpkAdmin }} acl user create myuser -p changeme
{{- end }}
Get the api status:
{{ $rpk }} cluster info
Create a topic
{{ $rpk }} topic create test-topic
Describe the topic:
{{ $rpk }} topic describe test-topic
Delete the topic:
{{ $rpk }} topic delete test-topic

407
charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,407 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
Expand the name of the chart.
*/}}
{{- define "redpanda.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redpanda.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "redpanda.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Get the version of redpanda being used as an image
*/}}
{{- define "redpanda.semver" -}}
{{ include "redpanda.tag" . | trimPrefix "v" }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "redpanda.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "redpanda.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Use AppVersion if image.tag is not set
*/}}
{{- define "redpanda.tag" -}}
{{- $tag := default .Chart.AppVersion .Values.image.tag -}}
{{- $matchString := "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" -}}
{{- $match := mustRegexMatch $matchString $tag -}}
{{- if not $match -}}
{{/*
This error message is for end users. This can also occur if
AppVersion doesn't start with a 'v' in Chart.yaml.
*/}}
{{ fail "image.tag must start with a 'v' and be valid semver" }}
{{- end -}}
{{- $tag -}}
{{- end -}}
{{/*
Generate configuration needed for rpk
*/}}
{{- define "listen.address" -}}
{{- "$(POD_IP)" -}}
{{- end -}}
{{- define "nodeport.listen.address" -}}
{{- "$(HOST_IP)" -}}
{{- end -}}
{{- define "redpanda.internal.domain" -}}
{{- $service := include "redpanda.fullname" . -}}
{{- $ns := .Release.Namespace -}}
{{- $domain := .Values.clusterDomain | trimSuffix "." -}}
{{- printf "%s.%s.svc.%s." $service $ns $domain -}}
{{- end -}}
{{- define "redpanda.kafka.internal.advertise.address" -}}
{{- $host := "$(SERVICE_NAME)" -}}
{{- $domain := include "redpanda.internal.domain" . -}}
{{- printf "%s.%s" $host $domain -}}
{{- end -}}
{{/*
The external advertised address can change depending on the externalisation method.
If the method is to expose via load balancer this must be provided through the values
load balancers configuration for parent zone. If the load balancer is not enabled
then then services are externalised using NodePorts, in which case the external node
IP is required for the advertised address.
*/}}
{{- define "redpanda.kafka.external.domain-lb-bkp" -}}
{{- .Values.loadBalancer.parentZone | trimSuffix "." -}}
{{- end -}}
{{- define "redpanda.kafka.external.domain" -}}
{{- .Values.external.domain | trimSuffix "." | default "$(HOST_IP)" -}}
{{- end -}}
{{- define "redpanda.kafka.external.advertise.address" -}}
{{- $host := "$(SERVICE_NAME)" -}}
{{- $domain := include "redpanda.kafka.external.domain" . -}}
{{- printf "%s.%s" $host $domain -}}
{{- end -}}
{{- define "redpanda.rpc.advertise.address" -}}
{{- $host := "$(SERVICE_NAME)" -}}
{{- $domain := include "redpanda.internal.domain" . -}}
{{- printf "%s.%s" $host $domain -}}
{{- end -}}
{{- define "redpanda.pandaproxy.internal.advertise.address" -}}
{{- $host := "$(SERVICE_NAME)" -}}
{{- $domain := include "redpanda.internal.domain" . -}}
{{- printf "%s.%s" $host $domain -}}
{{- end -}}
{{- define "redpanda.pandaproxy.external.advertise.address" -}}
{{- $host := "$(SERVICE_NAME)" -}}
{{- $domain := include "redpanda.kafka.external.domain" . -}}
{{- printf "%s.%s" $host $domain -}}
{{- end -}}
{{/* ConfigMap variables */}}
{{- define "admin-internal-tls-enabled" -}}
{{- $listener := .Values.listeners.admin -}}
{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}}
{{- end -}}
{{- define "kafka-internal-tls-enabled" -}}
{{- $listener := .Values.listeners.kafka -}}
{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}}
{{- end -}}
{{- define "kafka-external-tls-enabled" -}}
{{- toJson (dict "bool" (and (dig "tls" "enabled" (include "kafka-internal-tls-enabled" . | fromJson).bool .listener) (not (empty (include "kafka-external-tls-cert" .))))) -}}
{{- end -}}
{{- define "kafka-external-tls-cert" -}}
{{- dig "tls" "cert" .Values.listeners.kafka.tls.cert .listener -}}
{{- end -}}
{{- define "http-internal-tls-enabled" -}}
{{- $listener := .Values.listeners.http -}}
{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}}
{{- end -}}
{{- define "http-external-tls-enabled" -}}
{{- $tlsEnabled := dig "tls" "enabled" (include "http-internal-tls-enabled" . | fromJson).bool .listener -}}
{{- toJson (dict "bool" (and $tlsEnabled (not (empty (include "http-external-tls-cert" .))))) -}}
{{- end -}}
{{- define "http-external-tls-cert" -}}
{{- dig "tls" "cert" .Values.listeners.http.tls.cert .listener -}}
{{- end -}}
{{- define "rpc-tls-enabled" -}}
{{- $listener := .Values.listeners.rpc -}}
{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}}
{{- end -}}
{{- define "schemaRegistry-internal-tls-enabled" -}}
{{- $listener := .Values.listeners.schemaRegistry -}}
{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}}
{{- end -}}
{{- define "schemaRegistry-external-tls-enabled" -}}
{{- $tlsEnabled := dig "tls" "enabled" (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool .listener -}}
{{- toJson (dict "bool" (and $tlsEnabled (not (empty (include "schemaRegistry-external-tls-cert" .))))) -}}
{{- end -}}
{{- define "schemaRegistry-external-tls-cert" -}}
{{- dig "tls" "cert" .Values.listeners.schemaRegistry.tls.cert .listener -}}
{{- end -}}
{{- define "tls-enabled" -}}
{{- $tlsenabled := .Values.tls.enabled -}}
{{- if not $tlsenabled -}}
{{- range $listener := .Values.listeners -}}
{{- if and
(dig "tls" "enabled" false $listener)
(not (empty (dig "tls" "cert" "" $listener )))
-}}
{{- $tlsenabled = true -}}
{{- end -}}
{{- if not $tlsenabled -}}
{{- range $external := $listener.external -}}
{{- if and
(dig "tls" "enabled" false $external)
(not (empty (dig "tls" "cert" "" $external)))
-}}
{{- $tlsenabled = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- toJson (dict "bool" $tlsenabled) -}}
{{- end -}}
{{- define "sasl-enabled" -}}
{{- toJson (dict "bool" (dig "enabled" false .Values.auth.sasl)) -}}
{{- end -}}
{{- define "external-nodeport-enabled" -}}
{{- $values := .Values -}}
{{- $enabled := and .Values.external.enabled (eq .Values.external.type "NodePort") -}}
{{- range $listener := .Values.listeners -}}
{{- range $external := $listener.external -}}
{{- if and (dig "enabled" false $external) (eq (dig "type" $values.external.type $external) "NodePort") -}}
{{- $enabled = true -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- toJson (dict "bool" $enabled) -}}
{{- end -}}
{{/* Resource variables */}}
{{- define "redpanda-memoryToMi" -}}
{{/*
This template converts the incoming memory value to whole number mebibytes.
Input can be: k | K | m | M | g | G | Ki | Mi | Gi
*/}}
{{- $mem := . -}}
{{- $result := 0 -}}
{{- if or (hasSuffix "K" $mem) (hasSuffix "k" $mem) -}}
{{- $rawmem := $mem | trimSuffix "K" | trimSuffix "k" -}}
{{- if contains "." $rawmem -}}
{{- $rawmem = $rawmem | float64 -}}
{{- $result = divf (mulf $rawmem (mul 8 1000)) (mul 8 1024 1024) -}}
{{- else -}}
{{- $rawmem = $rawmem | int64 -}}
{{- $result = divf (mul $rawmem (mul 8 1000)) (mul 8 1024 1024) -}}
{{- end -}}
{{- $result = floor $result -}}
{{- else if or (hasSuffix "M" $mem) (hasSuffix "m" $mem) -}}
{{- $rawmem := $mem | trimSuffix "M" | trimSuffix "m" -}}
{{- if contains "." $rawmem -}}
{{- $rawmem = $rawmem | float64 -}}
{{- $result = divf (mulf $rawmem (mul 8 1000 1000)) (mul 8 1024 1024) -}}
{{- else -}}
{{- $rawmem = $rawmem | int64 -}}
{{- $result = divf (mul $rawmem (mul 8 1000 1000)) (mul 8 1024 1024) -}}
{{- end -}}
{{- $result = floor $result -}}
{{- else if or (hasSuffix "G" $mem) (hasSuffix "g" $mem) -}}
{{- $rawmem := $mem | trimSuffix "G" | trimSuffix "g" -}}
{{- if contains "." $rawmem -}}
{{- $rawmem = $rawmem | float64 -}}
{{- $result = divf (mulf $rawmem (mul 8 1000 1000 1000)) (mul 8 1024 1024) -}}
{{- else -}}
{{- $rawmem = $rawmem | int64 -}}
{{- $result = divf (mul $rawmem (mul 8 1000 1000 1000)) (mul 8 1024 1024) -}}
{{- end -}}
{{- $result = floor $result -}}
{{- else if hasSuffix "Ki" $mem }}
{{- $rawmem := $mem | trimSuffix "Ki" -}}
{{- if contains "." $rawmem -}}
{{- $rawmem = $rawmem | float64 -}}
{{- $result = divf (mulf $rawmem (mul 8 1024)) (mul 8 1024 1024) -}}
{{- else -}}
{{- $rawmem = $rawmem | int64 -}}
{{- $result = divf (mul $rawmem (mul 8 1024)) (mul 8 1024 1024) -}}
{{- end -}}
{{- $result = floor $result -}}
{{- else if hasSuffix "Mi" $mem -}}
{{- $result = $mem | trimSuffix "Mi" -}}
{{- if contains "." $result -}}
{{- $result = $result | float64 -}}
{{- else -}}
{{- $result = $result | int64 -}}
{{- end -}}
{{- else if hasSuffix "Gi" $mem -}}
{{- $rawmem := $mem | trimSuffix "Gi" -}}
{{- if contains "." $rawmem -}}
{{- $rawmem = $rawmem | float64 -}}
{{- $result = (mulf $rawmem 1024) | floor -}}
{{- else -}}
{{- $rawmem = $rawmem | int64 -}}
{{- $result = (mul $rawmem 1024) -}}
{{- end -}}
{{- else }}
{{- printf "\n%s is invalid memory amount\nSuffixes can be: k | K | m | M | g | G | Ki | Mi | Gi" $mem | fail -}}
{{- end }}
{{- $result -}}
{{- end -}}
{{- define "container-memory" -}}
{{- $result := "" -}}
{{- if (hasKey .Values.resources.memory.container "min") -}}
{{- $result = .Values.resources.memory.container.min | include "redpanda-memoryToMi" -}}
{{- else -}}
{{- $result = .Values.resources.memory.container.max | include "redpanda-memoryToMi" -}}
{{- end -}}
{{- if eq $result "" -}}
{{- "unable to get memory value" | fail -}}
{{- end -}}
{{- $result -}}
{{- end -}}
{{- define "redpanda-reserve-memory" -}}
{{/*
Determines the value of --reserve-memory flag (in mebibytes with M suffix, per Seastar).
This template looks at all locations where memory could be set.
These locations, in order of priority, are:
- .Values.resources.memory.redpanda.reserveMemory (commented out by default, users could uncomment)
- .Values.resources.memory.container.min (commented out by default, users could uncomment and
change to something lower than .Values.resources.memory.container.max)
- .Values.resources.memory.container.max (set by default)
*/}}
{{- $result := 0 -}}
{{- if (hasKey .Values.resources.memory "redpanda") -}}
{{- $result = .Values.resources.memory.redpanda.reserveMemory | include "redpanda-memoryToMi" | int64 -}}
{{- else if (hasKey .Values.resources.memory.container "min") -}}
{{- $result = add (mulf (include "container-memory" .) 0.002) 200 -}}
{{- if gt $result 1000 -}}
{{- $result = 1000 -}}
{{- end -}}
{{- else -}}
{{- $result = add (mulf (include "container-memory" .) 0.002) 200 -}}
{{- if gt $result 1000 -}}
{{- $result = 1000 -}}
{{- end -}}
{{- end -}}
{{- if eq $result 0 -}}
{{- "unable to get memory value" | fail -}}
{{- end -}}
{{- $result -}}
{{- end -}}
{{- define "redpanda-memory" -}}
{{/*
Determines the value of --memory flag (in mebibytes with M suffix, per Seastar).
This template looks at all locations where memory could be set.
These locations, in order of priority, are:
- .Values.resources.memory.redpanda.memory (commented out by default, users could uncomment)
- .Values.resources.memory.container.min (commented out by default, users could uncomment and
change to something lower than .Values.resources.memory.container.max)
- .Values.resources.memory.container.max (set by default)
*/}}
{{- $result := 0 -}}
{{- if (hasKey .Values.resources.memory "redpanda") -}}
{{- $result = .Values.resources.memory.redpanda.memory | include "redpanda-memoryToMi" | int64 -}}
{{- else -}}
{{- $result = mulf (include "container-memory" .) 0.8 | int64 -}}
{{- end -}}
{{- if eq $result 0 -}}
{{- "unable to get memory value" | fail -}}
{{- end -}}
{{- if lt $result 2000 -}}
{{- printf "\n%d is below the minimum recommended value for Redpanda" $result | fail -}}
{{- end -}}
{{- if gt (add $result (include "redpanda-reserve-memory" .)) (include "container-memory" . | int64) -}}
{{- printf "\nNot enough container memory for Redpanda memory values\nredpanda: %d, reserve: %d, container: %d" $result (include "redpanda-reserve-memory" . | int64) (include "container-memory" . | int64) | fail -}}
{{- end -}}
{{- $result -}}
{{- end -}}
{{- define "api-urls" -}}
{{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" .}}:{{ .Values.listeners.admin.port }}
{{- end -}}
{{- define "rpk-flags" -}}
{{- $command := list -}}
{{- $command = concat $command (list "--api-urls" (include "api-urls" . )) -}}
{{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}}
{{- $command = concat $command (list
"--admin-api-tls-enabled"
"--admin-api-tls-truststore"
(printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.admin.tls.cert))
-}}
{{- end -}}
{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool -}}
{{- $command = concat $command (list
"--tls-enabled"
"--tls-truststore"
(printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.kafka.tls.cert))
-}}
{{- end -}}
{{- if (include "sasl-enabled" . | fromJson).bool -}}
{{- $command = concat $command (list
"--user" (first .Values.auth.sasl.users).name
"--password" (first .Values.auth.sasl.users).password
"--sasl-mechanism SCRAM-SHA-256")
-}}
{{- end -}}
{{ $command | join " " }}
{{- end -}}

91
charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml Normal file
View File

@ -0,0 +1,91 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- $release := .Release }}
{{- $values := .Values }}
{{- range $name, $data := $values.tls.certs }}
{{/* If issuerRef is defined, use the specified issuer for the certs
If it's not defined, create and use our own issuer. */}}
{{- $r := $data.issuerRef }}
{{- if not $r }}
---
# The self-signed issuer is used to create the self-signed CA
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "redpanda.fullname" $ }}-{{ $name }}-selfsigned-issuer
namespace: {{ $release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" $ }}
app.kubernetes.io/name: {{ template "redpanda.name" $ }}
app.kubernetes.io/instance: {{ $release.Name | quote }}
app.kubernetes.io/managed-by: {{ $release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" $ }}
{{- with $values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selfSigned: {}
{{- end }}
---
# This is the self-signed CA used to issue certs
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-issuer
namespace: {{ $release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" $ }}
app.kubernetes.io/name: {{ template "redpanda.name" $ }}
app.kubernetes.io/instance: {{ $release.Name | quote }}
app.kubernetes.io/managed-by: {{ $release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" $ }}
{{- with $values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ca:
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate
---
# This is the root CA certificate
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate
namespace: {{ $release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" $ }}
app.kubernetes.io/name: {{ template "redpanda.name" $ }}
app.kubernetes.io/instance: {{ $release.Name | quote }}
app.kubernetes.io/managed-by: {{ $release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" $ }}
{{- with $values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
isCA: true
commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: {{ template "redpanda.fullname" $ }}-{{ $name }}-selfsigned-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}

46
charts/redpanda/redpanda/2.2.0/templates/certs.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- $service := include "redpanda.fullname" . -}}
{{- $ns := .Release.Namespace -}}
{{- $domain := .Values.clusterDomain | trimSuffix "." -}}
{{- $listeners := .Values.listeners -}}
{{- range $name, $data := .Values.tls.certs }}
{{- $d := $data.duration }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
namespace: {{ .Release.Namespace | quote }}
spec:
dnsNames:
- {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }}
- {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }}
- {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }}
- "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }}"
- "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }}"
- "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }}"
- {{ printf "%s.%s.svc.%s" $service $ns $domain }}
- {{ printf "%s.%s.svc" $service $ns }}
- {{ printf "%s.%s" $service $ns }}
- {{ printf "*.%s.%s.svc.%s" $service $ns $domain | quote }}
- {{ printf "*.%s.%s.svc" $service $ns | quote }}
- {{ printf "*.%s.%s" $service $ns | quote }}
duration: {{ $d | default "43800h" }}
isCA: false
commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
privateKey:
algorithm: ECDSA
size: 256
{{- if not (empty $data.issuerRef) }}
issuerRef:
{{- toYaml $data.issuerRef | nindent 4 }}
group: cert-manager.io
{{- else }}
issuerRef:
name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}
{{- end }}

224
charts/redpanda/redpanda/2.2.0/templates/configmap.yaml Normal file
View File

@ -0,0 +1,224 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $values := .Values }}
{{- $users := list -}}
{{- if .Values.auth.sasl.enabled -}}
{{- range $user := .Values.auth.sasl.users -}}
{{- $users = append $users $user.name -}}
{{- end -}}
{{- end -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "redpanda.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }}
bootstrap.yaml: |
enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }}
{{- if $users }}
superusers: {{ toJson $users }}
{{- end }}
{{- with (dig "cluster" dict .Values.config) }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (dig "tunable" dict .Values.config) }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
redpanda.yaml: |
config_file: /etc/redpanda/redpanda.yaml
{{- if .Values.logging.usageStats.enabled }}
{{- with (dig "usageStats" "organization" "" .Values.logging) }}
organization: {{ . }}
{{- end }}
{{- with (dig "usageStats" "clusterId" "" .Values.logging) }}
cluster_id: {{ . }}
{{- end }}
{{- end }}
redpanda:
{{- if not (include "redpanda.semver" . | semverCompare ">=22.1.1") }}
enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }}
{{- if $users }}
superusers: {{ toJson $users }}
{{- end }}
{{- with (dig "cluster" dict .Values.config) }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with (dig "tunable" dict .Values.config) }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- with dig "node" dict .Values.config }}
{{- . | toYaml | nindent 6 }}
{{- end }}
admin:
name: admin
address: 0.0.0.0
port: {{ .Values.listeners.admin.port }}
{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }}
admin_api_tls:
- name: admin
enabled: true
cert_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.crt
key_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.key
truststore_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
require_client_auth: {{ .Values.listeners.admin.tls.requireClientAuth }}
{{- end }}
kafka_api:
- name: internal
address: 0.0.0.0
port: {{ .Values.listeners.kafka.port }}
{{- range $name, $listener := .Values.listeners.kafka.external }}
- name: {{ $name }}
address: 0.0.0.0
port: {{ $listener.port }}
{{- end }}
kafka_api_tls:
{{- $service := .Values.listeners.kafka }}
{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }}
- name: internal
enabled: true
cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt
key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key
truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt
require_client_auth: {{ $service.tls.requireClientAuth }}
{{- end }}
{{- range $name, $listener := $service.external }}
{{- $k := dict "Values" $values "listener" $listener }}
{{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }}
- name: {{ $name }}
enabled: true
cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.crt
key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.key
truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt
require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }}
{{- end }}
{{- end }}
rpc_server:
address: 0.0.0.0
port: {{ .Values.listeners.rpc.port }}
{{- if (include "rpc-tls-enabled" . | fromJson).bool }}
rpc_server_tls:
enabled: true
require_client_auth: {{ .Values.listeners.rpc.tls.requireClientAuth }}
cert_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.crt
key_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.key
truststore_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/ca.crt
{{- end }}
seed_servers:
{{- range untilStep 0 (.Values.statefulset.replicas|int) 1 }}
- host:
address: "{{ template "redpanda.fullname" $ }}-{{ . }}.{{ template "redpanda.internal.domain" $ }}"
port: {{ $values.listeners.rpc.port }}
{{- end }}
{{- if .Values.listeners.http.enabled }}
{{- if .Values.listeners.schemaRegistry.enabled }}
schema_registry:
schema_registry:
- name: internal
address: 0.0.0.0
port: {{ .Values.listeners.schemaRegistry.port }}
{{- range $name, $listener := .Values.listeners.schemaRegistry.external }}
- name: {{ $name }}
address: 0.0.0.0
port: {{ $listener.port }}
{{- end }}
schema_registry_api_tls:
{{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }}
- name: internal
enabled: true
cert_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.crt
key_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.key
truststore_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt
require_client_auth: {{ .Values.listeners.schemaRegistry.tls.requireClientAuth }}
{{- end }}
{{- range $i, $listener := .Values.listeners.schemaRegistry.external }}
{{- $k := dict "Values" $values "listener" $listener }}
{{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }}
- name: {{ $listener.name }}
enabled: true
cert_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.crt
key_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.key
truststore_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/ca.crt
require_client_auth: {{ dig "tls" "requireClientAuth" false $listener}}
{{- end }}
{{- end }}
{{- end }}
pandaproxy:
pandaproxy_api:
- name: internal
address: 0.0.0.0
port: {{ .Values.listeners.http.port }}
{{- range $name, $listener := .Values.listeners.http.external }}
- name: {{ $name }}
address: 0.0.0.0
port: {{ $listener.port }}
{{- end }}
pandaproxy_api_tls:
{{- if (include "http-internal-tls-enabled" . | fromJson).bool }}
- name: internal
enabled: true
cert_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.crt
key_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.key
truststore_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/ca.crt
require_client_auth: {{ .Values.listeners.http.tls.requireClientAuth }}
{{- end }}
{{- range $name, $listener := .Values.listeners.http.external }}
{{- $k := dict "Values" $values "listener" $listener }}
{{- if (include "http-external-tls-enabled" $k | fromJson).bool }}
- name: {{ $name }}
enabled: true
cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.crt
key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.key
truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt
require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }}
{{- end }}
{{- end }}
{{- end }}
rpk:
enable_usage_stats: {{ .Values.logging.usageStats.enabled }}
overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }}
enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }}
{{- if hasKey .Values.tuning "tune_aio_events" }}
tune_aio_events: {{ .Values.tuning.tune_aio_events }}
{{- end }}
{{- if hasKey .Values.tuning "tune_clocksource" }}
tune_clocksource: {{ .Values.tuning.tune_clocksource }}
{{- end }}
{{- if hasKey .Values.tuning "tune_ballast_file" }}
tune_ballast_file: {{ .Values.tuning.tune_ballast_file }}
{{- end }}
{{- if hasKey .Values.tuning "ballast_file_path" }}
ballast_file_path: {{ .Values.tuning.ballast_file_path }}
{{- end }}
{{- if hasKey .Values.tuning "ballast_file_size" }}
ballast_file_size: {{ .Values.tuning.ballast_file_size }}
{{- end }}
{{- if hasKey .Values.tuning "well_known_io" }}
well_known_io: {{ .Values.tuning.well_known_io }}
{{- end }}

37
charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "redpanda.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }}

102
charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml Normal file
View File

@ -0,0 +1,102 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "redpanda.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation
"helm.sh/hook-weight": "-10"
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}-post-install
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- bash
- -c
args:
- >
{{- if .Values.auth.sasl.enabled }}
{{- range $user := .Values.auth.sasl.users }}
rpk acl user create {{ $user.name }} -p {{ $user.password | quote }} {{ template "rpk-flags" $ }}
;
{{- end }}
{{- end }}
{{- if and (include "redpanda.semver" . | semverCompare ">=22.2.0") (not (empty .Values.license_key)) }}
rpk cluster license set {{ .Values.license_key | quote }} {{ template "rpk-flags" $ }}
;
{{- end }}
volumeMounts:
- name: {{ template "redpanda.fullname" . }}
mountPath: /tmp/base-config
- name: config
mountPath: /etc/redpanda
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
{{- end }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}

89
charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml Normal file
View File

@ -0,0 +1,89 @@
{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "redpanda.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "-5"
spec:
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}-post-upgrade
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command: ["/bin/sh", "-c"]
args:
- >
rpk cluster config import -f /tmp/base-config/bootstrap.yaml
--api-urls {{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}
{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }}
--admin-api-tls-enabled
--admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
{{- end }}
{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }}
--tls-enabled
--tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
{{- end }}
{{- if (include "sasl-enabled" . | fromJson).bool }}
--user {{ (first .Values.auth.sasl.users).name }}
--password {{ (first .Values.auth.sasl.users).password }}
--sasl-mechanism SCRAM-SHA-256
{{- end }}
volumeMounts:
- name: {{ template "redpanda.fullname" . }}
mountPath: /tmp/base-config
- name: config
mountPath: /etc/redpanda
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
{{- end }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}
{{- end }}

41
charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
# This service is only used to create the DNS enteries for each pod in
# the stateful set. This service should not be used by any client
# application
apiVersion: v1
kind: Service
metadata:
name: {{ include "redpanda.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
publishNotReadyAddresses: true
type: ClusterIP
clusterIP: None
selector:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}

37
charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "redpanda.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

82
charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml Normal file
View File

@ -0,0 +1,82 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $values := .Values }}
{{- if (include "external-nodeport-enabled" . | fromJson).bool }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "redpanda.fullname" . }}-external
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: NodePort
externalTrafficPolicy: Local
sessionAffinity: None
ports:
{{- range $name, $listener := $values.listeners.admin.external }}
{{- $enabled := dig "enabled" $values.external.enabled $listener }}
{{- $type := dig "type" $values.external.type $listener }}
{{- if and $enabled (eq $type "NodePort") }}
- name: admin-{{ $name }}
protocol: TCP
port: {{ $values.listeners.admin.port }}
nodePort: {{ $listener.nodePort }}
{{- end }}
{{- end }}
{{- range $name, $listener := $values.listeners.kafka.external }}
{{- $enabled := dig "enabled" $values.external.enabled $listener }}
{{- $type := dig "type" $values.external.type $listener }}
{{- if and $enabled (eq $type "NodePort") }}
- name: kafka-{{ $name }}
protocol: TCP
port: {{ $listener.port }}
nodePort: {{ $listener.nodePort }}
{{- end }}
{{- end }}
{{- range $name, $listener := $values.listeners.http.external }}
{{- $enabled := dig "enabled" $values.external.enabled $listener }}
{{- $type := dig "type" $values.external.type $listener }}
{{- if and $enabled (eq $type "NodePort") }}
- name: http-{{ $name }}
protocol: TCP
port: {{ $listener.port }}
nodePort: {{ $listener.nodePort }}
{{- end }}
{{- end }}
{{- range $name, $listener := $values.listeners.schemaRegistry.external }}
{{- $enabled := dig "enabled" $values.external.enabled $listener }}
{{- $type := dig "type" $values.external.type $listener }}
{{- if and $enabled (eq $type "NodePort") }}
- name: schema-{{ $name }}
protocol: TCP
port: {{ $listener.port }}
nodePort: {{ $listener.nodePort }}
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
{{- end }}

364
charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml Normal file
View File

@ -0,0 +1,364 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $values := .Values }}
{{- $advertiseAddress := include "redpanda.kafka.internal.advertise.address" . -}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "redpanda.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
serviceName: {{ template "redpanda.fullname" . }}
replicas: {{ .Values.statefulset.replicas | int64 }}
updateStrategy:
{{- toYaml .Values.statefulset.updateStrategy | nindent 4 }}
podManagementPolicy: {{ .Values.statefulset.podManagementPolicy }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with $.Values.statefulset.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
securityContext:
{{- toYaml .Values.statefulset.podSecurityContext | nindent 8 }}
initContainers:
- name: set-datadir-ownership
image: busybox:latest
command: ["/bin/sh", "-c", "chown 101:101 -R /var/lib/redpanda/data"]
volumeMounts:
- name: datadir
mountPath: /var/lib/redpanda/data
- name: {{ template "redpanda.name" . }}-configurator
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command: ["/bin/sh", "-c"]
env:
- name: SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- >
CONFIG=/etc/redpanda/redpanda.yaml;
NODE_ID=${SERVICE_NAME##*-};
cp /tmp/base-config/redpanda.yaml "$CONFIG";
{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }}
cp /tmp/base-config/bootstrap.yaml /etc/redpanda/.bootstrap.yaml;
{{- end }}
rpk --config "$CONFIG" config set redpanda.node_id $NODE_ID;
if [ "$NODE_ID" = "0" ]; then
rpk --config "$CONFIG" config set redpanda.seed_servers '[]' --format yaml;
fi;
volumeMounts:
- name: {{ template "redpanda.fullname" . }}
mountPath: /tmp/base-config
- name: config
mountPath: /etc/redpanda
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
env:
- name: SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
startupProbe:
exec:
command:
- /bin/sh
- -c
{{- if (include "admin-internal-tls-enabled" . |fromJson).bool }}
- >
curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview
-svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt |
awk '{
id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id)
nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str)
FS=","
split(nd_str, nd_list)
for (i in nd_list) nodes_down[nd_list[i]]=""
exit (id in nodes_down)
}'
{{- else }}
- >
curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview |
awk '{
id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id)
nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str)
FS=","
split(nd_str, nd_list)
for (i in nd_list) nodes_down[nd_list[i]]=""
exit (id in nodes_down)
}'
{{- end }}
initialDelaySeconds: {{ .Values.statefulset.startupProbe.initialDelaySeconds }}
failureThreshold: {{ .Values.statefulset.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.statefulset.startupProbe.periodSeconds }}
livenessProbe:
exec:
command:
- /bin/sh
- -c
{{- if (include "admin-internal-tls-enabled" . |fromJson).bool }}
- >
curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview
-svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
{{- else }}
- >
curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview
{{- end }}
initialDelaySeconds: {{ .Values.statefulset.livenessProbe.initialDelaySeconds }}
failureThreshold: {{ .Values.statefulset.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.statefulset.livenessProbe.periodSeconds }}
readinessProbe:
exec:
command:
- /bin/sh
- -c
{{- if (include "admin-internal-tls-enabled" . |fromJson).bool }}
- >
curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview
-svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt |
awk '{
id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id)
nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str)
FS=","
split(nd_str, nd_list)
for (i in nd_list) nodes_down[nd_list[i]]=""
exit (id in nodes_down)
}'
{{- else }}
- >
curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview |
awk '{
id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id)
nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str)
FS=","
split(nd_str, nd_list)
for (i in nd_list) nodes_down[nd_list[i]]=""
exit (id in nodes_down)
}'
{{- end }}
initialDelaySeconds: {{ .Values.statefulset.readinessProbe.initialDelaySeconds }}
failureThreshold: {{ .Values.statefulset.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.statefulset.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.statefulset.readinessProbe.initialDelaySeconds }}
command:
- rpk
- redpanda
- start
- --smp={{ .Values.resources.cpu.cores }}
- --memory={{ template "redpanda-memory" . }}M
- --reserve-memory={{ template "redpanda-reserve-memory" . }}
- --default-log-level={{ .Values.logging.logLevel }}
- --advertise-kafka-addr=internal://{{ $advertiseAddress }}:{{ .Values.listeners.kafka.port }},
{{- range $name, $listener := .Values.listeners.kafka.external -}}
{{- $enabled := dig "enabled" $values.external.enabled $listener -}}
{{- $listenerNodePortEnabled := and $enabled (eq (dig "type" $values.external.type $listener) "NodePort") -}}
{{- $advertiseKafkaHost := $advertiseAddress -}}
{{- $advertiseKafkaPort := $listener.nodePort -}}
{{- if $listenerNodePortEnabled -}}
{{- $advertiseKafkaHost = printf "$(SERVICE_NAME).%s" $values.external.domain -}}
{{- end -}}
{{ $name }}://{{ $advertiseKafkaHost }}:{{ $advertiseKafkaPort }},
{{- end }}
- --advertise-rpc-addr={{ $advertiseAddress }}:{{ .Values.listeners.rpc.port }}
- --advertise-pandaproxy-addr=internal://{{ $advertiseAddress }}:{{ .Values.listeners.http.port }},
{{- range $name, $listener := .Values.listeners.http.external -}}
{{ $name}}://{{ $advertiseAddress }}:{{ $listener.nodePort }},
{{- end }}
ports:
{{- range $name, $listener := .Values.listeners }}
- name: {{ lower $name }}
containerPort: {{ $listener.port }}
{{- range $externalName, $external := $listener.external }}
{{- if $external.port }}
- name: {{ lower $name | trunc 6 }}-{{ lower $externalName | trunc 8}}
containerPort: {{ $external.port }}
{{- end }}
{{- end }}
{{- end }}
volumeMounts:
- name: datadir
mountPath: /var/lib/redpanda/data
- name: config
mountPath: /etc/redpanda
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
{{- end }}
resources:
{{- if hasKey .Values.resources.memory "min" }}
requests:
cpu: {{ .Values.resources.cpu.cores }}
memory: {{ .Values.resources.memory.container.min }}
{{- end }}
limits:
cpu: {{ .Values.resources.cpu.cores }}
memory: {{ .Values.resources.memory.container.max }}
volumes:
- name: datadir
{{- if .Values.storage.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: datadir
{{- else if .Values.storage.hostPath }}
hostPath:
path: {{ .Values.storage.hostPath | quote }}
{{- else }}
emptyDir: {}
{{- end }}
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}
{{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }}
affinity:
{{- with .Values.statefulset.nodeAffinity }}
nodeAffinity: {{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.statefulset.podAffinity }}
podAffinity: {{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.statefulset.podAntiAffinity }}
podAntiAffinity:
{{- if .Values.statefulset.podAntiAffinity.type }}
{{- if eq .Values.statefulset.podAntiAffinity.type "hard" }}
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
{{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }}
podAffinityTerm:
topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
{{- end }}
{{- else }}
{{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
topologySpreadConstraints:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
{{- with .Values.statefulset.topologySpreadConstraints }}
maxSkew: {{ .maxSkew }}
topologyKey: {{ .topologyKey }}
whenUnsatisfiable: {{ .whenUnsatisfiable }}
{{- end }}
{{- end }}
{{- with .Values.statefulset.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.statefulset.priorityClassName }}
priorityClassName: {{ .Values.statefulset.priorityClassName }}
{{- end }}
{{- with .Values.statefulset.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.storage.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: datadir
labels:
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.storage.persistentVolume.labels }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.storage.persistentVolume.annotations }}
annotations: {{- toYaml . | nindent 10 }}
{{- end }}
spec:
accessModes: ["ReadWriteOnce"]
{{- if .Values.storage.persistentVolume.storageClass }}
{{- if (eq "-" .Values.storage.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote }}
{{- end }}
{{- end }}
resources:
requests:
storage: {{ .Values.storage.persistentVolume.size | quote }}
{{- end }}

55
charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml Normal file
View File

@ -0,0 +1,55 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "redpanda.fullname" . }}-test-api-status"
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- /bin/bash
- -c
- >
rpk cluster info
--brokers {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}
volumeMounts:
- name: {{ template "redpanda.fullname" . }}
mountPath: /tmp/base-config
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- end }}

79
charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml Normal file
View File

@ -0,0 +1,79 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "redpanda.fullname" . }}-test-kafka-internal-tls-status
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- /bin/bash
- -c
- >
rpk cluster info
--brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}
--tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
volumeMounts:
- name: config
mountPath: /etc/redpanda
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}
{{- end }}

94
charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml Normal file
View File

@ -0,0 +1,94 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (include "sasl-enabled" . | fromJson).bool (not (include "tls-enabled" . | fromJson).bool) }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-status"
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- /bin/bash
- -c
- >
rpk acl user delete admin
--api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }};
sleep 3;
rpk acl user create admin -p test
--api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} &&
sleep 3 &&
rpk topic create test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} &&
rpk topic describe test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} &&
rpk topic delete test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} &&
rpk acl user delete admin
--api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}
volumeMounts:
- name: config
mountPath: /etc/redpanda
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}
{{- end }}

101
charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml Normal file
View File

@ -0,0 +1,101 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (include "sasl-enabled" . | fromJson).bool (include "tls-enabled" . | fromJson).bool -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-tls-status"
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- /bin/bash
- -c
- >
rpk acl user delete admin
--tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
--admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
--api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }};
sleep 3;
rpk acl user create admin -p test
--tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
--admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
--api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} &&
sleep 3 &&
rpk topic create test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256
--tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} &&
rpk topic describe test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256
--tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} &&
rpk topic delete test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256
--tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} &&
rpk acl user delete admin
--tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt
--admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
--api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }}
--brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}
volumeMounts:
- name: config
mountPath: /etc/redpanda
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}
{{- end }}

79
charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml Normal file
View File

@ -0,0 +1,79 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "redpanda.fullname" . }}-test-pandaproxy-internal-tls-status
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- curl
- -svm3
- --ssl-reqd
- --cacert
- /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt
- https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.http.port }}/brokers
volumeMounts:
- name: config
mountPath: /etc/redpanda
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- if (include "tls-enabled" . | fromJson).bool }}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end -}}
{{- end }}

44
charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml Normal file
View File

@ -0,0 +1,44 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "redpanda.fullname" . }}-test-pandaproxy-status"
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- curl
- -svm3
- http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.http.port }}/brokers
{{- end }}

77
charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml Normal file
View File

@ -0,0 +1,77 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) }}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "redpanda.fullname" . }}-test-schemaregistry-internal-tls-status
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- curl
- -svm3
- --ssl-reqd
- --cacert
- /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt
- https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects
volumeMounts:
- name: config
mountPath: /etc/redpanda
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
mountPath: {{ printf "/etc/tls/certs/%s" $name }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumes:
- name: {{ template "redpanda.fullname" . }}
configMap:
name: {{ template "redpanda.fullname" . }}
- name: config
emptyDir: {}
{{- range $name, $cert := .Values.tls.certs }}
- name: redpanda-{{ $name }}-cert
secret:
defaultMode: 420
items:
- key: tls.key
path: tls.key
- key: tls.crt
path: tls.crt
{{- if $cert.caEnabled }}
- key: ca.crt
path: ca.crt
{{- end }}
secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
{{- end }}
{{- end }}

46
charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml Normal file
View File

@ -0,0 +1,46 @@
{{/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- /* TODO test fails if SASL is enabled */}}
{{- /* TODO test expects the first listener to have TLS enabled */}}
{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "redpanda.fullname" . }}-test-schemaregistry-status"
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "redpanda.chart" . }}
app.kubernetes.io/name: {{ template "redpanda.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/component: {{ template "redpanda.name" . }}
{{- with .Values.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
restartPolicy: Never
containers:
- name: {{ template "redpanda.name" . }}
image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
command:
- curl
- -svm3
- http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects
{{- end }}

810
charts/redpanda/redpanda/2.2.0/values.schema.json Normal file
View File

@ -0,0 +1,810 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"required": [
"image"
],
"properties": {
"image": {
"description": "Values used to define the container image to be used for Redpanda",
"type": "object",
"required": [
"repository",
"pullPolicy"
],
"properties": {
"repository": {
"description": "container image repository",
"default": "vectorized/redpanda",
"type": "string",
"pattern": "^[a-z0-9-_/.]+$"
},
"tag": {
"description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.",
"default": "Chart.appVersion",
"type": "string",
"pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$"
},
"pullPolicy": {
"description": "The Kubernetes Pod image pull policy.",
"type": "string",
"pattern": "^(Always|Never|IfNotPresent)$"
}
}
},
"license_key": {
"type": "string",
"pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$"
},
"auth": {
"type": "object",
"required": [
"sasl"
],
"properties": {
"sasl": {
"type": "object",
"required": [
"enabled",
"users"
],
"if": {
"properties": {
"enabled": {
"enum": [
true
]
}
}
},
"then": {
"properties": {
"enabled": {
"type": "boolean"
},
"users": {
"type": "array",
"minItems": 1,
"items": {
"properties": {
"name": {
"type": "string"
},
"password": {
"type": "string"
}
},
"oneOf": [
{
"required": [
"name",
"password"
]
},
{
"required": [
"name",
"secretName"
]
}
]
}
}
}
},
"else": {
"properties": {
"enabled": {
"type": "boolean"
}
}
}
}
}
},
"tls": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean"
},
"certs": {
"type": "object",
"minProperties": 1,
"patternProperties": {
"^[A-Za-z_][A-Za-z0-9_]*$": {
"type": "object",
"required": [
"caEnabled"
],
"properties": {
"issuerRef": {
"type": "string"
},
"caEnabled": {
"type": "boolean"
},
"duration": {
"type": "string",
"pattern": ".*[smh]$"
}
}
}
}
}
}
},
"external": {
"type": "object",
"required": [
"enabled",
"type",
"domain"
],
"properties": {
"enabled": {
"type": "boolean"
},
"type": {
"type": "string",
"pattern": "^NodePort$"
},
"domain": {
"type": "string",
"format": "idn-hostname"
}
}
},
"logging": {
"type": "object",
"required": [
"logLevel",
"usageStats"
],
"parameters": {
"logLevel": {
"type": "string",
"pattern": "^(error|warn|info|debug|trace)$"
},
"usageStats": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean"
}
}
}
}
},
"resources": {
"type": "object",
"required": [
"cpu",
"memory"
],
"properties": {
"cpu": {
"type": "object",
"required": [
"cores"
],
"properties": {
"cores": {
"type": "integer"
},
"overprovisioned": {
"type": "boolean"
}
}
},
"memory": {
"type": "object",
"required": [
"container"
],
"properties": {
"enable_memory_locking": {
"type": "boolean"
},
"container": {
"type": "object",
"required": [
"max"
],
"properties": {
"min": {
"type": "string",
"pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$"
},
"max": {
"type": "string",
"pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$"
}
}
}
}
}
}
},
"storage": {
"type": "object",
"required": [
"hostPath",
"persistentVolume"
],
"properties": {
"hostPath": {
"type": "string"
},
"persistentVolume": {
"type": "object",
"required": [
"enabled",
"size",
"storageClass",
"labels",
"annotations"
],
"properties": {
"enabled": {
"type": "boolean"
},
"size": {
"type": "string",
"pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$"
},
"storageClass": {
"type": "string"
},
"labels": {
"type": "object"
},
"annotations": {
"type": "object"
}
}
}
}
},
"statefulset": {
"type": "object",
"required": [
"replicas",
"updateStrategy",
"podManagementPolicy",
"budget",
"annotations",
"startupProbe",
"livenessProbe",
"readinessProbe",
"podAffinity",
"podAntiAffinity",
"nodeSelector",
"priorityClassName",
"tolerations",
"topologySpreadConstraints",
"podSecurityContext"
],
"properties": {
"replicas": {
"type": "integer"
},
"updateStrategy": {
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string",
"pattern": "^(RollingUpdate|OnDelete)$"
}
}
},
"podManagementPolicy": {
"type": "string",
"pattern": "^(OrderedReady|Parallel)$"
},
"budget": {
"type": "object",
"required": [
"maxUnavailable"
],
"properties": {
"maxUnavailable": {
"type": "integer"
}
}
},
"annotations": {
"type": "object"
},
"startupProbe": {
"type": "object",
"required": [
"initialDelaySeconds",
"failureThreshold",
"periodSeconds"
],
"properties": {
"initialDelaySeconds": {
"type": "integer"
},
"failureThreshold": {
"type": "integer"
},
"periodSeconds": {
"type": "integer"
}
}
},
"livenessProbe": {
"type": "object",
"required": [
"initialDelaySeconds",
"failureThreshold",
"periodSeconds"
],
"properties": {
"initialDelaySeconds": {
"type": "integer"
},
"failureThreshold": {
"type": "integer"
},
"periodSeconds": {
"type": "integer"
}
}
},
"readinessProbe": {
"type": "object",
"required": [
"initialDelaySeconds",
"failureThreshold",
"periodSeconds"
],
"properties": {
"initialDelaySeconds": {
"type": "integer"
},
"failureThreshold": {
"type": "integer"
},
"periodSeconds": {
"type": "integer"
}
}
},
"podAffinity": {
"type": "object"
},
"podAntiAffinity": {
"type": "object",
"required": [
"topologyKey",
"type",
"weight"
],
"properties": {
"topologyKey": {
"type": "string"
},
"type": {
"type": "string",
"pattern": "^(hard|soft)$"
},
"weight": {
"type": "integer"
}
}
},
"nodeSelector": {
"type": "object"
},
"priorityClassName": {
"type": "string"
},
"tolerations": {
"type": "array"
},
"topologySpreadConstraints": {
"type": "object",
"required": [
"maxSkew",
"topologyKey",
"whenUnsatisfiable"
],
"properties": {
"maxSkew": {
"type": "integer"
},
"topologyKey": {
"type": "string"
},
"whenUnsatisfiable": {
"type": "string",
"pattern": "^(ScheduleAnyway|DoNotSchedule)$"
}
}
},
"podSecurityContext": {
"type": "object",
"required": [
"fsGroup"
],
"properties": {
"fsGroup": {
"type": "integer"
},
"runAsNonRoot": {
"type": "boolean"
},
"runAsUser": {
"type": "integer"
}
}
}
}
},
"serviceAccount": {
"type": "object",
"required": [
"create",
"annotations",
"name"
],
"properties": {
"create": {
"type": "boolean"
},
"annotations": {
"type": "object"
},
"name": {
"type": "string"
}
}
},
"tuning": {
"type": "object",
"properties": {
"tune_aio_events": {
"type": "boolean"
},
"tune_clocksource": {
"type": "boolean"
},
"tune_ballast_file": {
"type": "boolean"
},
"ballast_file_path": {
"type": "string"
},
"ballast_file_size": {
"type": "string"
},
"well_known_io": {
"type": "string"
}
}
},
"listeners": {
"type": "object",
"required": [
"admin",
"kafka",
"http",
"rpc",
"schemaRegistry"
],
"properties": {
"admin": {
"type": "object",
"required": [
"port",
"external",
"tls"
],
"properties": {
"port": {
"type": "integer"
},
"external": {
"type": "object",
"minProperties": 1,
"patternProperties": {
"^[A-Za-z_][A-Za-z0-9_]*$": {
"type": "object",
"required": [
"nodePort"
],
"properties": {
"enabled": {
"type": "boolean"
},
"type": {
"type": "string",
"pattern": "^NodePort$"
},
"nodePort": {
"type": "integer"
}
}
}
}
},
"tls": {
"type": "object",
"required": [
"cert",
"requireClientAuth"
],
"properties": {
"enabled": {
"type": "boolean"
},
"cert": {
"type": "string"
},
"requireClientAuth": {
"type": "boolean"
}
}
}
}
},
"kafka": {
"type": "object",
"required": [
"port",
"external",
"tls"
],
"properties": {
"port": {
"type": "integer"
},
"external": {
"type": "object",
"minProperties": 1,
"patternProperties": {
"^[A-Za-z_][A-Za-z0-9_]*$": {
"type": "object",
"required": [
"port",
"nodePort"
],
"properties": {
"enabled": {
"type": "boolean"
},
"port": {
"type": "integer"
},
"type": {
"type": "string",
"pattern": "^NodePort$"
},
"nodePort": {
"type": "integer"
}
}
}
}
},
"tls": {
"type": "object",
"required": [
"cert",
"requireClientAuth"
],
"properties": {
"enabled": {
"type": "boolean"
},
"cert": {
"type": "string"
},
"requireClientAuth": {
"type": "boolean"
}
}
}
}
},
"http": {
"type": "object",
"required": [
"enabled",
"port",
"kafkaEndpoint",
"external",
"tls"
],
"properties": {
"enabled": {
"type": "boolean"
},
"port": {
"type": "integer"
},
"kafkaEndpoint": {
"type": "string",
"pattern": "^[A-Za-z_][A-Za-z0-9_]*$"
},
"external": {
"type": "object",
"minProperties": 1,
"patternProperties": {
"^[A-Za-z_][A-Za-z0-9_]*$": {
"type": "object",
"required": [
"port",
"nodePort"
],
"properties": {
"enabled": {
"type": "boolean"
},
"port": {
"type": "integer"
},
"type": {
"type": "string",
"pattern": "^NodePort$"
},
"nodePort": {
"type": "integer"
}
}
}
}
},
"tls": {
"type": "object",
"required": [
"cert",
"requireClientAuth"
],
"properties": {
"enabled": {
"type": "boolean"
},
"cert": {
"type": "string"
},
"requireClientAuth": {
"type": "boolean"
}
}
}
}
},
"rpc": {
"type": "object",
"required": [
"port",
"tls"
],
"properties": {
"port": {
"type": "integer"
},
"tls": {
"type": "object",
"required": [
"cert",
"requireClientAuth"
],
"properties": {
"enabled": {
"type": "boolean"
},
"cert": {
"type": "string"
},
"requireClientAuth": {
"type": "boolean"
}
}
}
}
},
"schemaRegistry": {
"type": "object",
"required": [
"enabled",
"port",
"kafkaEndpoint",
"external",
"tls"
],
"properties": {
"enabled": {
"type": "boolean"
},
"port": {
"type": "integer"
},
"kafkaEndpoint": {
"type": "string",
"pattern": "^[A-Za-z_][A-Za-z0-9_]*$"
},
"external": {
"type": "object",
"minProperties": 1,
"patternProperties": {
"^[A-Za-z_][A-Za-z0-9_]*$": {
"type": "object",
"required": [
"port",
"nodePort"
],
"properties": {
"enabled": {
"type": "boolean"
},
"port": {
"type": "integer"
},
"type": {
"type": "string",
"pattern": "^NodePort$"
},
"nodePort": {
"type": "integer"
}
}
}
}
},
"tls": {
"type": "object",
"required": [
"cert",
"requireClientAuth"
],
"properties": {
"enabled": {
"type": "boolean"
},
"cert": {
"type": "string"
},
"requireClientAuth": {
"type": "boolean"
}
}
}
}
}
}
},
"config": {
"type": "object",
"required": [
"cluster",
"tunable",
"node"
],
"properties": {
"cluster": {
"type": "object"
},
"tunable": {
"type": "object"
},
"node": {
"type": "object"
}
}
}
}
}

580
charts/redpanda/redpanda/2.2.0/values.yaml Normal file
View File

@ -0,0 +1,580 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contains values for variables referenced from yaml files in the templates directory.
#
# For further information on Helm templating see the documentation at:
# https://helm.sh/docs/chart_template_guide/values_files/
# Common parameters
#
# Override redpanda.name template
nameOverride: ""
# Override redpanda.fullname template
fullnameOverride: ""
# Default kuberentes cluster domain
clusterDomain: cluster.local
# Additional labels added to all Kubernetes objects
commonLabels: {}
# Redpanda parameters
#
image:
repository: vectorized/redpanda
# Redpanda version defaults to Chart.appVersion
tag: ""
# The imagePullPolicy will default to Always when the tag is 'latest'
pullPolicy: IfNotPresent
# Your license key (optional)
license_key: ""
#
# Authentication
auth:
#
# SASL configuration
sasl:
enabled: false
# user list
# TODO create user at startup
users:
- name: admin
# Password for the user. This will be used to generate a secret
# password: password
# If password isn't given, then the secretName must point to an already existing secret
# secretName: adminPassword
#
# TLS configuration
tls:
# Enable global TLS, which turns on TLS by default for all listeners
# Each listener must include a certificate name in its TLS section
# Any certificates in auth.tls.certs will still be loaded if enabled is false
# This is because listeners may enable TLS individually (see listeners.<listener name>.tls.enabled)
enabled: false
# list all certificates below, then reference a certificate's name in each listener (see listeners.<listener name>.tls.cert)
certs:
# This is the certificate name that is used to associate the certificate with a listener
# See listeners.<listener group>.tls.cert for more information
default:
# Define an issuerRef to use your own custom pre-installed Issuer
# issuerRef:
# name: redpanda-default-root-issuer
# kind: Issuer # Can be Issuer or ClusterIssuer
# The caEnabled flag determines whether the ca.crt file is included in the TLS mount path on each Redpanda pod
caEnabled: true
# duration: 43800h
#
# External access configuration
external:
# Default external access value for all listeners except RPC
# External config doesn't apply to RPC listeners as they are never externally accessible
# These values can be overridden by each listener if needed
enabled: true
# Default external access type (options are NodePort and LoadBalancer)
# TODO include IP range for load balancer that support it: https://github.com/redpanda-data/helm-charts/issues/106
type: NodePort
domain: local
# annotations:
# For example:
# cloud.google.com/load-balancer-type: "Internal"
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
# Logging
logging:
# Log level
# Valid values (from least to most logging) are warn, info, debug, trace
logLevel: info
#
# Send usage stats back to Redpanda
# See https://docs.redpanda.com/docs/cluster-administration/monitoring/#stats-reporting
usageStats:
# rpk.enable_usage_stats
enabled: true
# Your organization name (optional)
# organization: your-org
# Your cluster ID (optional)
# clusterId: your-helm-cluster
#
resources:
# Both Redpanda and Kubernetes have multiple ways to allocate resources.
# There are also several associated parameters that impact how these resources are used by
# Kubernetes, the Redpanda app, and the subsystem Redpanda is built on (Seastar).
# This section attempts to simplify allocating resources by providing a single location
# where resources are defined.
# Helm sets these resource values within the following templates:
# - statefulset.yaml
# - configmap.yaml
#
# The default values below are what should work for a development environment.
# Production-level values and other considerations are provided in comments
# if those values are different from the default.
#
cpu:
# Redpanda makes use of a thread per core model described here:
# https://redpanda.com/blog/tpc-buffers
# For this reason, Redpanda should only be given full cores (cores parameter below).
#
# NOTE: You can increase cores, but decreasing cores is not currently supported:
# https://github.com/redpanda-data/redpanda/issues/350
#
# Equivalent to: --smp, resources.requests.cpu, and resources.limits.cpu
# For production: 4 or greater
cores: 1
#
# Overprovisioned means Redpanda won't assume it has all of the provisioned CPU.
# This should be true unless the container has CPU affinity (eg. min and max above are equal).
# Equivalent to: --idle-poll-time-us 0 --thread-affinity 0 --poll-aio 0
# overprovisioned: false
#
memory:
# Enables memory locking.
# For production: true
# enable_memory_locking: false
#
# It is recommended to have at least 2Gi of memory per core for the Redpanda binary.
# This memory is taken from the total memory given to each container.
# We allocate 80% of the container's memory to Redpanda, leaving the rest for
# the Seastar subsystem (reserveMemory) and other container processes.
# So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi.
#
# These values affect --memory and --reserve-memory flags passed to Redpanda and the memory
# requests/limits in the StatefulSet.
# Valid suffixes: k M G Ki Mi Gi
# Only support a single decimal (eg. 2.5Gi rather than 2.55Gi)
#
container:
# Minimum memory count for each Redpanda broker
# If omitted, the min value will equal the max value (requested resources defaults to limits)
# Equivalent to: resources.requests.memory
# For production: 10Gi or greater
# min: 2.5Gi
#
# Minimum memory count for each Redpanda broker
# Equivalent to: resources.limits.memory
# For production: 10Gi or greater
max: 2.5Gi
#
# redpanda:
# This optional redpanda section allows specifying the memory size for both the Redpanda
# process and the underlying reserved memory (used by Seastar).
# This section is omitted by default, and memory sizes are calculated automatically
# based on container memory.
# Uncommenting this section and setting memory and reserveMemory values will disable
# automatic calculation.
#
# If you are setting the following values manually, keep in mind the following guidelines (getting
# this wrong will potentially lead to performance issues, instability, loss of data, etc.):
# The amount of memory to allocate to a container is determined by the sum of three values:
# 1. Redpanda (at least 2Gi per core, ~80% of the container's total memory)
# 2. Seastar subsystem (200Mi * 0.2% of the container's total memory, 200Mi < x < 1Gi)
# 3. other container processes (whatever small amount remains)
#
# Memory for the Redpanda process.
# This must be lower the container's memory (resources.memory.container.min if provided, otherwise
# resources.memory.container.max).
# Equivalent to: --memory
# For production: 8Gi or greater
# memory: 2Gi
#
# Memory reserved for the Seastar subsystem.
# Any value above 1Gi will provide diminishing performance benefits.
# Equivalent to: --reserve-memory
# For production: 1Gi
# reserveMemory: 200Mi
#
# Persistence
storage:
# Absolute path on host to store Redpanda's data.
# If not specified, then `emptyDir` will be used instead.
# If specified, but `persistentVolume.enabled` is `true`, then has no effect.
hostPath: ""
# If `enabled` is `true` then a PersistentVolumeClaim will be created and
# used to store Redpanda's data, otherwise `hostPath` is used.
persistentVolume:
enabled: true
size: 3Gi
# If defined, then `storageClassName: <storageClass>`.
# If set to "-", then `storageClassName: ""`, which disables dynamic
# provisioning.
# If undefined or empty (default), then no `storageClassName` spec is set,
# so the default provisioner will be chosen (gp2 on AWS, standard on
# GKE, AWS & OpenStack).
storageClass: ""
# Additional labels to apply to the created PersistentVolumeClaims.
labels: {}
# Additional annotations to apply to the created PersistentVolumeClaims.
annotations: {}
statefulset:
# Number of Redpanda brokers (recommend setting this to the number of nodes in the cluster)
replicas: 3
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
budget:
maxUnavailable: 1
# Additional annotations to apply to the Pods of this StatefulSet.
annotations: {}
# Adjust the period for your probes to meet your needs (see https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes)
startupProbe:
initialDelaySeconds: 1
failureThreshold: 120
periodSeconds: 10
livenessProbe:
initialDelaySeconds: 10
failureThreshold: 3
periodSeconds: 10
readinessProbe:
initialDelaySeconds: 1
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
#
# A note regarding statefulset resources:
# Resources are set through the top-level resources section above.
# It is recommended to set resources values in that section rather than here, as this will guarantee
# memory is allocated across containers, Redpanda, and the Seastar subsystem correctly.
# This automatic memory allocation is in place because Repanda and the Seastar subsystem require flags
# at startup that set the amount of memory available to each process.
# Kubernetes (mainly statefulset), Redpanda, and Seastar memory values are tightly coupled.
# Adding a resource section here will be ignored.
#
# Inter-Pod Affinity rules for scheduling Pods of this StatefulSet.
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity
podAffinity: {}
# Anti-affinity rules for scheduling Pods of this StatefulSet.
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity
# You may either toggle options below for default anti-affinity rules,
# or specify the whole set of anti-affinity rules instead of them.
podAntiAffinity:
# The topologyKey to be used.
# Can be used to spread across different nodes, AZs, regions etc.
topologyKey: kubernetes.io/hostname
# Type of anti-affinity rules: either `soft`, `hard` or empty value (which
# disables anti-affinity rules).
type: soft
# Weight for `soft` anti-affinity rules.
# Does not apply for other anti-affinity types.
weight: 100
# Node selection constraints for scheduling Pods of this StatefulSet.
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {}
# PriorityClassName given to Pods of this StatefulSet
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
# Taints to be tolerated by Pods of this StatefulSet.
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints:
maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
# When using persistent storage the volume will be mounted as root. In order for redpanda to use the volume
# we must set the fsGroup to the uid of redpanda, which is 101
podSecurityContext:
fsGroup: 101
# runAsNonRoot: true
# runAsUser: 1000
# Service account management
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
tuning: {}
# This section contains Redpanda tuning parameters.
# Each parameter below is set to their default values.
# Remove the curly brackets above if you uncomment any parameters below.
#
# Increases the number of allowed asynchronous IO events.
# tune_aio_events: false
#
# Syncs NTP
# tune_clocksource: false
#
# Creates a "ballast" file so that, if a Redpanda node runs out of space,
# you can delete the ballast file to allow the node to resume operations and then
# delete a topic or records to reduce the space used by Redpanda.
# tune_ballast_file: false
#
# The path where the ballast file will be created.
# ballast_file_path: "/var/lib/redpanda/data/ballast"
#
# The ballast file size.
# ballast_file_size: "1GiB"
#
# (Optional) The vendor, VM type and storage device type that redpanda will run on, in
# the format <vendor>:<vm>:<storage>. This hints to rpk which configuration values it
# should use for the redpanda IO scheduler.
# Some valid values are "gcp:c2-standard-16:nvme", "aws:i3.xlarge:default"
# well_known_io: ""
#
# The following tuning parameters must be false in container environments and will be ignored:
# tune_network
# tune_disk_scheduler
# tune_disk_nomerges
# tune_disk_irq
# tune_fstrim
# tune_cpu
# tune_swappiness
# tune_transparent_hugepages
# tune_coredump
### Overrides
#
# This sections can be used to override global settings configured above for individual
# listeners.
#
listeners:
# Admin API listener
# The kafka listener group cannot be disabled
admin:
# The port for the admin server
port: 9644
# Optional external section
external:
default:
# `enabled`` is used to override the setting of the `external` top-level key
# for this external listener. The default is `true`.
# enabled: true
# External port
# `nodePort` defines the TCP port to listen on for NodePort types.
nodePort: 31644
# Optional TLS section (required if global TLS is enabled)
tls:
# Optional flag to override the global TLS enabled flag
# enabled: true
# Name of certificate used for TLS (must match a cert registered at auth.tls.certs)
cert: default
# If true, the truststore file for this listener will be included in the ConfigMap
requireClientAuth: false
# Kafka API listeners
# The kafka listener group cannot be disabled
kafka:
port: 9093
# Listeners internal to kubernetes service network
tls:
# enabled: true
cert: default
requireClientAuth: false
# External listeners
external:
# to disable external kafka listeners when the global `external` is enabled,
# replace this with an empty list, ie: `external: []`
default:
port: 9094
# Type can be `NodePort or `LoadBalancer`. If unset, it will default to the type
# in the `external` section.`
type: NodePort
# External port
# This listener port will be used on each kubernetes node
nodePort: 31092
# HTTP API listeners (aka PandaProxy)
# PandaProxy is a kafka client that connects to an endpoint from listeners.kafka.endpoints
http:
enabled: true
port: 8082
kafkaEndpoint: default
tls:
# enabled: true
cert: default
requireClientAuth: false
# External listeners
external:
default:
# Ports must be unique per listener
port: 8083
# Type of external access (options are ClusterIP, NodePort, and LoadBalancer)
type: NodePort
# External port
# This listener port will be used for the external port if NodePort is selected
nodePort: 30082
# RPC listener
# The RPC listener cannot be disabled
rpc:
port: 33145
tls:
# enabled: true
cert: default
requireClientAuth: false
# Schema registry listeners
schemaRegistry:
enabled: true
port: 8081
# Schema Registry is a kafka client that connects to an endpoint from listeners.kafka.endpoints
kafkaEndpoint: default
tls:
# enabled: true
cert: default
requireClientAuth: false
external:
default:
# Ports must be unique per listener
port: 8080
# Optional external section
# enabled: true
# Type of external access (options are NodePort and LoadBalancer)
# type: NodePort
# External port
# This listener port will be used for the external port if this is not included
nodePort: 30081
# Expert Config
# This section contains various settings supported by Redpanda that may not work
# correctly in a kubernetes cluster. Changing these settings comes with some risk.
#
# Here be dragons!
#
# This section allows modifying various Redpanda settings not covered in other sections above.
# These values do not pertain to the kubernetes objects created with helm.
# Instead these parameters get passed directly to the Redpanda binary at startup.
# See https://docs.redpanda.com/docs/cluster-administration/configuration/
config:
cluster: {}
# auto_create_topics_enabled: true # Allow topic auto creation
# transaction_coordinator_replication: 1 # Replication factor for a transaction coordinator topic
# id_allocator_replication: 1 # Replication factor for an ID allocator topic
# disable_metrics: false # Disable registering metrics
# enable_coproc: false # Enable coprocessing mode
# enable_idempotence: false # Enable idempotent producer
# enable_pid_file: true # Enable pid file; You probably don't want to change this
# enable_transactions: false # Enable transactions
# group_max_session_timeout_ms: 300s # The maximum allowed session timeout for registered consumers; Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures; Default quota tracking window size in milliseconds
# group_min_session_timeout_ms: Optional # The minimum allowed session timeout for registered consumers; Shorter timeouts result in quicker failure detection at the cost of more frequent consumer heartbeating
# kafka_group_recovery_timeout_ms: 30000ms # Kafka group recovery timeout expressed in milliseconds
# kafka_qdc_enable: false # Enable kafka queue depth control
# kafka_qdc_max_latency_ms: 80ms # Max latency threshold for kafka queue depth control depth tracking
# log_cleanup_policy: deletion # Default topic cleanup policy
# log_compaction_interval_ms: 5min # How often do we trigger background compaction
# log_compression_type: producer # Default topic compression type
# log_message_timestamp_type: create_time # Default topic messages timestamp type
# retention_bytes: None # max bytes per partition on disk before triggering a compaction
# rm_sync_timeout_ms: 2000ms
# rm_violation_recovery_policy: crash # Describes how to recover from an invariant violation happened on the partition level
# target_quota_byte_rate: 2GB # Target quota byte rate in bytes per second
# tm_sync_timeout_ms: 2000ms # Time to wait state catch up before rejecting a request
# tm_violation_recovery_policy: crash # Describes how to recover from an invariant violation happened on the transaction coordinator level
# transactional_id_expiration_ms: 10080min # Producer ids are expired once this time has elapsed after the last write with the given producer ID
tunable: {}
# alter_topic_cfg_timeout_ms: 5s # Time to wait for entries replication in controller log when executing alter configuration request
# compacted_log_segment_size: 256MiB # How large in bytes should each compacted log segment be (default 256MiB)
# controller_backend_housekeeping_interval_ms: 1s # Interval between iterations of controller backend housekeeping loop
# coproc_max_batch_size: 32kb # Maximum amount of bytes to read from one topic read
# coproc_max_inflight_bytes: 10MB # Maximum amountt of inflight bytes when sending data to wasm engine
# coproc_max_ingest_bytes: 640kb # Maximum amount of data to hold from input logs in memory
# coproc_offset_flush_interval_ms: 300000ms # Interval for which all coprocessor offsets are flushed to disk
# create_topic_timeout_ms: 2000ms # Timeout (ms) to wait for new topic creation
# default_num_windows: 10 # Default number of quota tracking windows
# default_window_sec: 1000ms # Default quota tracking window size in milliseconds
# delete_retention_ms: 10080min # delete segments older than this (default 1 week)
# disable_batch_cache: false # Disable batch cache in log manager
# fetch_reads_debounce_timeout: 1ms # Time to wait for next read in fetch request when requested min bytes wasn't reached
# fetch_session_eviction_timeout_ms: 60s # Minimum time before which unused session will get evicted from sessions; Maximum time after which inactive session will be deleted is two time given configuration valuecache
# group_initial_rebalance_delay: 300ms # Extra delay (ms) added to rebalance phase to wait for new members
# group_new_member_join_timeout: 30000ms # Timeout for new member joins
# group_topic_partitions: 1 # Number of partitions in the internal group membership topic
# id_allocator_batch_size: 1000 # ID allocator allocates messages in batches (each batch is a one log record) and then serves requests from memory without touching the log until the batch is exhausted
# id_allocator_log_capacity: 100 # Capacity of the id_allocator log in number of messages; Once it reached id_allocator_stm should compact the log
# join_retry_timeout_ms: 5s # Time between cluster join retries in milliseconds
# kafka_qdc_idle_depth: 10 # Queue depth when idleness is detected in kafka queue depth control
# kafka_qdc_latency_alpha: 0.002 # Smoothing parameter for kafka queue depth control latency tracking
# kafka_qdc_max_depth: 100 # Maximum queue depth used in kafka queue depth control
# kafka_qdc_min_depth: 1 # Minimum queue depth used in kafka queue depth control
# kafka_qdc_window_count: 12 # Number of windows used in kafka queue depth control latency tracking
# kafka_qdc_window_size_ms: 1500ms # Window size for kafka queue depth control latency tracking
# kvstore_flush_interval: 10ms # Key-value store flush interval (ms)
# kvstore_max_segment_size: 16MB # Key-value maximum segment size (bytes)
# log_segment_size: 1GB # How large in bytes should each log segment be (default 1G)
# max_compacted_log_segment_size: 5GB # Max compacted segment size after consolidation
# max_kafka_throttle_delay_ms: 60000ms # Fail-safe maximum throttle delay on kafka requests
# metadata_dissemination_interval_ms: 3000ms # Interaval for metadata dissemination batching
# metadata_dissemination_retries: 10 # Number of attempts of looking up a topic's meta data like shard before failing a request
# metadata_dissemination_retry_delay_ms: 500ms # Delay before retry a topic lookup in a shard or other meta tables
# quota_manager_gc_sec: 30000ms # Quota manager GC frequency in milliseconds
# raft_learner_recovery_rate: 104857600 # Raft learner recovery rate in bytes per second
# raft_heartbeat_disconnect_failures: 3 #After how many failed heartbeats to forcibly close an unresponsive TCP connection. Set to 0 to disable force disconnection.
# raft_heartbeat_interval_ms: 150 #The interval in ms between raft leader heartbeats.
# raft_heartbeat_timeout_ms: 3000 #Raft heartbeat RPC timeout.
# raft_io_timeout_ms: 10000 #Raft I/O timeout.
# raft_max_concurrent_append_requests_per_follower: 16 #Maximum number of concurrent append entries requests sent by leader to one follower.
# raft_max_recovery_memory: 33554432 #Maximum memory that can be used for reads in the raft recovery process.
# raft_recovery_default_read_size: 524288 #Default size of read issued during raft follower recovery.
# raft_replicate_batch_window_size: 1048576 #Maximum size of requests cached for replication.
# raft_smp_max_non_local_requests: #Maximum number of x-core requests pending in Raft seastar::smp group. (for more details look at seastar::smp_service_group documentation).
# raft_timeout_now_timeout_ms: 1000 #Timeout for a timeout now request.
# raft_transfer_leader_recovery_timeout_ms: 1000 #Timeout waiting for follower recovery when transferring leadership.
# raft_election_timeout_ms: 1500ms # Election timeout expressed in milliseconds TBD - election_time_out
# readers_cache_eviction_timeout_ms: 30s # Duration after which inactive readers will be evicted from cache
# reclaim_growth_window: 3000ms # Length of time in which reclaim sizes grow
# reclaim_max_size: 4MB # Maximum batch cache reclaim size
# reclaim_min_size: 128KB # Minimum batch cache reclaim size
# reclaim_stable_window: 10000ms # Length of time above which growth is reset
# recovery_append_timeout_ms: 5s # Timeout for append entries requests issued while updating stale follower
# release_cache_on_segment_roll: false # Free cache when segments roll
# replicate_append_timeout_ms: 3s # Timeout for append entries requests issued while replicating entries
# segment_appender_flush_timeout_ms: 1ms # Maximum delay until buffered data is written
# wait_for_leader_timeout_ms: 5000ms # Timeout (ms) to wait for leadership in metadata cache
node: {}
# node_id: # Unique ID identifying a node in the cluster
# data_directory: # Place where redpanda will keep the data
# admin_api_doc_dir: /usr/share/redpanda/admin-api-doc # Admin API doc directory
# api_doc_dir: /usr/share/redpanda/proxy-api-doc # API doc directory
# coproc_supervisor_server: 127.0.0.1:43189 # IpAddress and port for supervisor service
# dashboard_dir: None # serve http dashboard on / url
# rack: None # Rack identifier
# developer_mode: optional # Skips most of the checks performed at startup
# Invalid properties
# Any of these properties will be ignored. These otherwise valid properties are not allowed
# to be used in this section since they impact deploying Redpanda in Kubernetes.
# Make use of the above sections to modify these values instead (see comments below).
# admin: 127.0.0.1:9644 # Address and port of admin server
# admin_api_tls: validate_many # TLS configuration for admin HTTP server
# advertised_kafka_api: None # Address of Kafka API published to the clients
# advertised_pandaproxy_api: None # Rest API address and port to publish to client
# advertised_rpc_api: None # Address of RPC endpoint published to other cluster members
# cloud_storage_access_key: None # AWS access key
# cloud_storage_api_endpoint: None # Optional API endpoint
# cloud_storage_api_endpoint_port: 443 # TLS port override
# cloud_storage_bucket: None # AWS bucket that should be used to store data
# cloud_storage_disable_tls: false # Disable TLS for all S3 connections
# cloud_storage_enabled: false # Enable archival storage
# cloud_storage_max_connections: 20 # Max number of simultaneous uploads to S3
# cloud_storage_reconciliation_ms: 10s # Interval at which the archival service runs reconciliation (ms)
# cloud_storage_region: None # AWS region that houses the bucket used for storage
# cloud_storage_secret_key: None # AWS secret key
# cloud_storage_trust_file: None # Path to certificate that should be used to validate server certificate during TLS handshake
# default_topic_partitions: 1 # Default number of partitions per topic
# default_topic_replications: 3 # Default replication factor for new topics
# enable_admin_api Enable the admin API true
# enable_sasl Enable SASL authentication for Kafka connections false
# kafka_api Address and port of an interface to listen for Kafka API requests 127.0.0.1:9092
# kafka_api_tls TLS configuration for Kafka API endpoint None
# pandaproxy_api Rest API listen address and port 0.0.0.0:8082
# pandaproxy_api_tls TLS configuration for Pandaproxy api validate_many
# rpc_server IP address and port for RPC server 127.0.0.1:33145
# rpc_server_tls TLS configuration for RPC server validate
# seed_servers List of the seed servers used to join current cluster; If the seed_server list is empty the node will be a cluster root and it will form a new cluster None
# superusers List of superuser usernames None

30
index.yaml
View File

@ -5154,6 +5154,36 @@ entries:
- assets/portworx/portworx-essentials-2.9.100.tgz
version: 2.9.100
redpanda:
- annotations:
artifacthub.io/images: |
- name: redpanda
image: vectorized/redpanda:v22.2.4
- name: busybox
image: busybox:latest
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
url: https://docs.redpanda.com
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Redpanda
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/release-name: redpanda
apiVersion: v2
appVersion: v22.2.6
created: "2022-10-18T02:35:45.447471-04:00"
description: Redpanda is the real-time engine for modern apps.
digest: 7eb6443806022f19295315669b105cf3077c107ff2afb49523b5c181ef02d915
icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
maintainers:
- name: redpanda-data
url: https://github.com/orgs/redpanda-data/people
name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
urls:
- assets/redpanda/redpanda-2.2.0.tgz
version: 2.2.0
- annotations:
artifacthub.io/images: |
- name: redpanda