diff --git a/assets/redpanda/redpanda-2.2.0.tgz b/assets/redpanda/redpanda-2.2.0.tgz new file mode 100644 index 000000000..fb06a9e10 Binary files /dev/null and b/assets/redpanda/redpanda-2.2.0.tgz differ diff --git a/charts/redpanda/redpanda/2.2.0/.helmignore b/charts/redpanda/redpanda/2.2.0/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/redpanda/redpanda/2.2.0/Chart.yaml b/charts/redpanda/redpanda/2.2.0/Chart.yaml new file mode 100644 index 000000000..ee1ff1d1b --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.2.4 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda +apiVersion: v2 +appVersion: v22.2.6 +description: Redpanda is the real-time engine for modern apps. +icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg +maintainers: +- name: redpanda-data + url: https://github.com/orgs/redpanda-data/people +name: redpanda +sources: +- https://github.com/redpanda-data/helm-charts +type: application +version: 2.2.0 diff --git a/charts/redpanda/redpanda/2.2.0/LICENSE b/charts/redpanda/redpanda/2.2.0/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/redpanda/redpanda/2.2.0/README.md b/charts/redpanda/redpanda/2.2.0/README.md new file mode 100644 index 000000000..e4fa74153 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/README.md @@ -0,0 +1,40 @@ +# Redpanda Helm Chart + +[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/redpanda-data)](https://artifacthub.io/packages/search?repo=redpanda-data) + +This Helm chart (`redpanda`) deploys a Redpanda cluster. +Once deployed, you continue to use the Helm command and override values to change and/or upgrade your Redpanda deployment. +The defaults are in [values.yaml][values]. + +## Overview + +This is the Helm Chart for [Redpanda](https://redpanda.com). It provides the ability to set up a multi node redpanda cluster with the following optional features: + +- Schema registry (enabled by default) +- REST (aka PandaProxy, enabled by default) +- TLS +- SASL +- External access + +See the [examples folder][examples] with more details on how to use this helm chart. +Each example focuses on specific features like the ones listed above. +We recommend completing the instructions in the [60-Second Guide for Kubernetes][kubernetes-qs-dev] before continuing steps in any of these examples. + +The [values.yaml][values] file is documented throughout. +Please see this file for more details. + +## Installation + +See the [60-Second Guide for Kubernetes][kubernetes-qs-dev] + +## Contributing + +If you have improvements that can be made to this Helm chart, please consider becoming a contributor. +See our [Contributing][contributing] document for more details. + +[values]: https://github.com/redpanda-data/helm-charts/blob/main/redpanda/values.yaml +[examples]: https://github.com/redpanda-data/helm-charts/blob/main/examples/README.md +[contributing]: https://github.com/redpanda-data/helm-charts/blob/main/CONTRIBUTING.md +[kubernetes-qs-dev]: https://docs.redpanda.com/docs/quickstart/kubernetes-qs-dev/ + + diff --git a/charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml new file mode 100644 index 000000000..a45266d25 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/01-one-node-cluster-no-tls-no-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: false +auth: + sasl: + enabled: false diff --git a/charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml new file mode 100644 index 000000000..98620ec14 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/02-one-node-cluster-tls-no-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: true +auth: + sasl: + enabled: false diff --git a/charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml new file mode 100644 index 000000000..e8ebf751a --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/03-one-node-cluster-no-tls-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: false +auth: + sasl: + enabled: true diff --git a/charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml b/charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml new file mode 100644 index 000000000..b33c0037e --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/04-one-node-cluster-tls-sasl.yaml @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +statefulset: + replicas: 1 +tls: + enabled: true +auth: + sasl: + enabled: true diff --git a/charts/redpanda/redpanda/2.2.0/ci/ct.yaml b/charts/redpanda/redpanda/2.2.0/ci/ct.yaml new file mode 100644 index 000000000..a94c77e1f --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/ci/ct.yaml @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +chart-dirs: . +target-branch: main +helm-extra-args: --timeout 600s +remote: origin diff --git a/charts/redpanda/redpanda/2.2.0/templates/NOTES.txt b/charts/redpanda/redpanda/2.2.0/templates/NOTES.txt new file mode 100644 index 000000000..f795e9e7f --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/NOTES.txt @@ -0,0 +1,76 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +Congratulations on installing {{ .Chart.Name }}! + +The pods will rollout in a few seconds. To check the status: + + kubectl -n {{ .Release.Namespace }} rollout status statefulset {{ template "redpanda.fullname" . }} --watch + +Try some sample commands, like creating a topic called test-topic: + +{{- $anyTLS := (include "tls-enabled" . | fromJson).bool -}} +{{- $anySASL := (include "sasl-enabled" . | fromJson).bool }} +{{- $brokers := printf "%s-0.%s:%d" + (include "redpanda.fullname" .) + (include "redpanda.internal.domain" .) + (int .Values.listeners.kafka.port) +-}} +{{- $rpk := + printf "kubectl -n %s exec -ti %s-0 -c redpanda -- rpk --brokers=%s" + .Release.Namespace + (include "redpanda.fullname" .) + $brokers +}} +{{- $rpkAdmin := "" }} +{{- if $anyTLS }} + {{ $rpk = printf "%s --tls-enabled --tls-truststore=/etc/tls/certs/%s/ca.crt" $rpk .Values.listeners.kafka.tls.cert }} + {{ $rpkAdmin = printf "%s --admin-api-tls-enabled --admin-api-tls-truststore=/etc/tls/certs/%s/ca.crt --api-urls=%s-0.%s:%d" + $rpk + .Values.listeners.admin.tls.cert + (include "redpanda.fullname" .) + (include "redpanda.internal.domain" .) + (int .Values.listeners.admin.port) + }} +{{- else }} + {{ $rpkAdmin = $rpk }} +{{- end }} +{{- if $anySASL }} + {{ $rpk = printf "%s --user %s --password $YOUR_PASSWORD --sasl-mechanism SCRAM-SHA-256" $rpk (.Values.auth.sasl.users | first).name }} + {{ $rpkAdmin = printf "%s --user %s --password $YOUR_PASSWORD --sasl-mechanism SCRAM-SHA-256" $rpkAdmin (.Values.auth.sasl.users | first).name }} +{{- end }} + +{{- if and $anySASL }} +Create a user: + + {{ $rpkAdmin }} acl user create myuser -p changeme +{{- end }} + +Get the api status: + + {{ $rpk }} cluster info + +Create a topic + + {{ $rpk }} topic create test-topic + +Describe the topic: + + {{ $rpk }} topic describe test-topic + +Delete the topic: + + {{ $rpk }} topic delete test-topic diff --git a/charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl b/charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl new file mode 100644 index 000000000..afbf71640 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/_helpers.tpl @@ -0,0 +1,407 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{/* +Expand the name of the chart. +*/}} +{{- define "redpanda.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redpanda.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "redpanda.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Get the version of redpanda being used as an image +*/}} +{{- define "redpanda.semver" -}} +{{ include "redpanda.tag" . | trimPrefix "v" }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redpanda.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "redpanda.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Use AppVersion if image.tag is not set +*/}} +{{- define "redpanda.tag" -}} +{{- $tag := default .Chart.AppVersion .Values.image.tag -}} +{{- $matchString := "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" -}} +{{- $match := mustRegexMatch $matchString $tag -}} +{{- if not $match -}} + {{/* + This error message is for end users. This can also occur if + AppVersion doesn't start with a 'v' in Chart.yaml. + */}} + {{ fail "image.tag must start with a 'v' and be valid semver" }} +{{- end -}} +{{- $tag -}} +{{- end -}} + +{{/* +Generate configuration needed for rpk +*/}} + +{{- define "listen.address" -}} +{{- "$(POD_IP)" -}} +{{- end -}} + +{{- define "nodeport.listen.address" -}} +{{- "$(HOST_IP)" -}} +{{- end -}} + +{{- define "redpanda.internal.domain" -}} +{{- $service := include "redpanda.fullname" . -}} +{{- $ns := .Release.Namespace -}} +{{- $domain := .Values.clusterDomain | trimSuffix "." -}} +{{- printf "%s.%s.svc.%s." $service $ns $domain -}} +{{- end -}} + +{{- define "redpanda.kafka.internal.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.internal.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{/* +The external advertised address can change depending on the externalisation method. +If the method is to expose via load balancer this must be provided through the values +load balancers configuration for parent zone. If the load balancer is not enabled +then then services are externalised using NodePorts, in which case the external node +IP is required for the advertised address. +*/}} + +{{- define "redpanda.kafka.external.domain-lb-bkp" -}} +{{- .Values.loadBalancer.parentZone | trimSuffix "." -}} +{{- end -}} + +{{- define "redpanda.kafka.external.domain" -}} +{{- .Values.external.domain | trimSuffix "." | default "$(HOST_IP)" -}} +{{- end -}} + +{{- define "redpanda.kafka.external.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.kafka.external.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{- define "redpanda.rpc.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.internal.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{- define "redpanda.pandaproxy.internal.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.internal.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{- define "redpanda.pandaproxy.external.advertise.address" -}} +{{- $host := "$(SERVICE_NAME)" -}} +{{- $domain := include "redpanda.kafka.external.domain" . -}} +{{- printf "%s.%s" $host $domain -}} +{{- end -}} + +{{/* ConfigMap variables */}} +{{- define "admin-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.admin -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "kafka-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.kafka -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "kafka-external-tls-enabled" -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" (include "kafka-internal-tls-enabled" . | fromJson).bool .listener) (not (empty (include "kafka-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "kafka-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.kafka.tls.cert .listener -}} +{{- end -}} + +{{- define "http-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.http -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "http-external-tls-enabled" -}} +{{- $tlsEnabled := dig "tls" "enabled" (include "http-internal-tls-enabled" . | fromJson).bool .listener -}} +{{- toJson (dict "bool" (and $tlsEnabled (not (empty (include "http-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "http-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.http.tls.cert .listener -}} +{{- end -}} + +{{- define "rpc-tls-enabled" -}} +{{- $listener := .Values.listeners.rpc -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "schemaRegistry-internal-tls-enabled" -}} +{{- $listener := .Values.listeners.schemaRegistry -}} +{{- toJson (dict "bool" (and (dig "tls" "enabled" .Values.tls.enabled $listener) (not (empty (dig "tls" "cert" "" $listener))))) -}} +{{- end -}} + +{{- define "schemaRegistry-external-tls-enabled" -}} +{{- $tlsEnabled := dig "tls" "enabled" (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool .listener -}} +{{- toJson (dict "bool" (and $tlsEnabled (not (empty (include "schemaRegistry-external-tls-cert" .))))) -}} +{{- end -}} + +{{- define "schemaRegistry-external-tls-cert" -}} +{{- dig "tls" "cert" .Values.listeners.schemaRegistry.tls.cert .listener -}} +{{- end -}} + +{{- define "tls-enabled" -}} +{{- $tlsenabled := .Values.tls.enabled -}} +{{- if not $tlsenabled -}} + {{- range $listener := .Values.listeners -}} + {{- if and + (dig "tls" "enabled" false $listener) + (not (empty (dig "tls" "cert" "" $listener ))) + -}} + {{- $tlsenabled = true -}} + {{- end -}} + {{- if not $tlsenabled -}} + {{- range $external := $listener.external -}} + {{- if and + (dig "tls" "enabled" false $external) + (not (empty (dig "tls" "cert" "" $external))) + -}} + {{- $tlsenabled = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- toJson (dict "bool" $tlsenabled) -}} +{{- end -}} + +{{- define "sasl-enabled" -}} +{{- toJson (dict "bool" (dig "enabled" false .Values.auth.sasl)) -}} +{{- end -}} + +{{- define "external-nodeport-enabled" -}} +{{- $values := .Values -}} +{{- $enabled := and .Values.external.enabled (eq .Values.external.type "NodePort") -}} +{{- range $listener := .Values.listeners -}} + {{- range $external := $listener.external -}} + {{- if and (dig "enabled" false $external) (eq (dig "type" $values.external.type $external) "NodePort") -}} + {{- $enabled = true -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- toJson (dict "bool" $enabled) -}} +{{- end -}} + +{{/* Resource variables */}} +{{- define "redpanda-memoryToMi" -}} + {{/* + This template converts the incoming memory value to whole number mebibytes. + Input can be: k | K | m | M | g | G | Ki | Mi | Gi + */}} + {{- $mem := . -}} + {{- $result := 0 -}} + {{- if or (hasSuffix "K" $mem) (hasSuffix "k" $mem) -}} + {{- $rawmem := $mem | trimSuffix "K" | trimSuffix "k" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1000)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1000)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if or (hasSuffix "M" $mem) (hasSuffix "m" $mem) -}} + {{- $rawmem := $mem | trimSuffix "M" | trimSuffix "m" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1000 1000)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1000 1000)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if or (hasSuffix "G" $mem) (hasSuffix "g" $mem) -}} + {{- $rawmem := $mem | trimSuffix "G" | trimSuffix "g" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1000 1000 1000)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1000 1000 1000)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if hasSuffix "Ki" $mem }} + {{- $rawmem := $mem | trimSuffix "Ki" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = divf (mulf $rawmem (mul 8 1024)) (mul 8 1024 1024) -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = divf (mul $rawmem (mul 8 1024)) (mul 8 1024 1024) -}} + {{- end -}} + {{- $result = floor $result -}} + {{- else if hasSuffix "Mi" $mem -}} + {{- $result = $mem | trimSuffix "Mi" -}} + {{- if contains "." $result -}} + {{- $result = $result | float64 -}} + {{- else -}} + {{- $result = $result | int64 -}} + {{- end -}} + {{- else if hasSuffix "Gi" $mem -}} + {{- $rawmem := $mem | trimSuffix "Gi" -}} + {{- if contains "." $rawmem -}} + {{- $rawmem = $rawmem | float64 -}} + {{- $result = (mulf $rawmem 1024) | floor -}} + {{- else -}} + {{- $rawmem = $rawmem | int64 -}} + {{- $result = (mul $rawmem 1024) -}} + {{- end -}} + {{- else }} + {{- printf "\n%s is invalid memory amount\nSuffixes can be: k | K | m | M | g | G | Ki | Mi | Gi" $mem | fail -}} + {{- end }} + {{- $result -}} +{{- end -}} + +{{- define "container-memory" -}} + {{- $result := "" -}} + {{- if (hasKey .Values.resources.memory.container "min") -}} + {{- $result = .Values.resources.memory.container.min | include "redpanda-memoryToMi" -}} + {{- else -}} + {{- $result = .Values.resources.memory.container.max | include "redpanda-memoryToMi" -}} + {{- end -}} + {{- if eq $result "" -}} + {{- "unable to get memory value" | fail -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "redpanda-reserve-memory" -}} + {{/* + Determines the value of --reserve-memory flag (in mebibytes with M suffix, per Seastar). + This template looks at all locations where memory could be set. + These locations, in order of priority, are: + - .Values.resources.memory.redpanda.reserveMemory (commented out by default, users could uncomment) + - .Values.resources.memory.container.min (commented out by default, users could uncomment and + change to something lower than .Values.resources.memory.container.max) + - .Values.resources.memory.container.max (set by default) + */}} + {{- $result := 0 -}} + {{- if (hasKey .Values.resources.memory "redpanda") -}} + {{- $result = .Values.resources.memory.redpanda.reserveMemory | include "redpanda-memoryToMi" | int64 -}} + {{- else if (hasKey .Values.resources.memory.container "min") -}} + {{- $result = add (mulf (include "container-memory" .) 0.002) 200 -}} + {{- if gt $result 1000 -}} + {{- $result = 1000 -}} + {{- end -}} + {{- else -}} + {{- $result = add (mulf (include "container-memory" .) 0.002) 200 -}} + {{- if gt $result 1000 -}} + {{- $result = 1000 -}} + {{- end -}} + {{- end -}} + {{- if eq $result 0 -}} + {{- "unable to get memory value" | fail -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "redpanda-memory" -}} + {{/* + Determines the value of --memory flag (in mebibytes with M suffix, per Seastar). + This template looks at all locations where memory could be set. + These locations, in order of priority, are: + - .Values.resources.memory.redpanda.memory (commented out by default, users could uncomment) + - .Values.resources.memory.container.min (commented out by default, users could uncomment and + change to something lower than .Values.resources.memory.container.max) + - .Values.resources.memory.container.max (set by default) + */}} + {{- $result := 0 -}} + {{- if (hasKey .Values.resources.memory "redpanda") -}} + {{- $result = .Values.resources.memory.redpanda.memory | include "redpanda-memoryToMi" | int64 -}} + {{- else -}} + {{- $result = mulf (include "container-memory" .) 0.8 | int64 -}} + {{- end -}} + {{- if eq $result 0 -}} + {{- "unable to get memory value" | fail -}} + {{- end -}} + {{- if lt $result 2000 -}} + {{- printf "\n%d is below the minimum recommended value for Redpanda" $result | fail -}} + {{- end -}} + {{- if gt (add $result (include "redpanda-reserve-memory" .)) (include "container-memory" . | int64) -}} + {{- printf "\nNot enough container memory for Redpanda memory values\nredpanda: %d, reserve: %d, container: %d" $result (include "redpanda-reserve-memory" . | int64) (include "container-memory" . | int64) | fail -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "api-urls" -}} +{{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" .}}:{{ .Values.listeners.admin.port }} +{{- end -}} + +{{- define "rpk-flags" -}} + {{- $command := list -}} + {{- $command = concat $command (list "--api-urls" (include "api-urls" . )) -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} + {{- $command = concat $command (list + "--admin-api-tls-enabled" + "--admin-api-tls-truststore" + (printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.admin.tls.cert)) + -}} + {{- end -}} + {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool -}} + {{- $command = concat $command (list + "--tls-enabled" + "--tls-truststore" + (printf "/etc/tls/certs/%s/ca.crt" .Values.listeners.kafka.tls.cert)) + -}} + {{- end -}} + {{- if (include "sasl-enabled" . | fromJson).bool -}} + {{- $command = concat $command (list + "--user" (first .Values.auth.sasl.users).name + "--password" (first .Values.auth.sasl.users).password + "--sasl-mechanism SCRAM-SHA-256") + -}} + {{- end -}} +{{ $command | join " " }} +{{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml b/charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml new file mode 100644 index 000000000..2372086f1 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/cert-issuers.yaml @@ -0,0 +1,91 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- $release := .Release }} + {{- $values := .Values }} + {{- range $name, $data := $values.tls.certs }} + {{/* If issuerRef is defined, use the specified issuer for the certs + If it's not defined, create and use our own issuer. */}} + {{- $r := $data.issuerRef }} + {{- if not $r }} +--- +# The self-signed issuer is used to create the self-signed CA +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-selfsigned-issuer + namespace: {{ $release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" $ }} + app.kubernetes.io/name: {{ template "redpanda.name" $ }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" $ }} + {{- with $values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selfSigned: {} + {{- end }} +--- +# This is the self-signed CA used to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-issuer + namespace: {{ $release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" $ }} + app.kubernetes.io/name: {{ template "redpanda.name" $ }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" $ }} + {{- with $values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ca: + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate +--- +# This is the root CA certificate +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate + namespace: {{ $release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" $ }} + app.kubernetes.io/name: {{ template "redpanda.name" $ }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" $ }} + {{- with $values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + isCA: true + commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-selfsigned-issuer + kind: Issuer + group: cert-manager.io + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/certs.yaml b/charts/redpanda/redpanda/2.2.0/templates/certs.yaml new file mode 100644 index 000000000..bf5763587 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/certs.yaml @@ -0,0 +1,46 @@ +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- $service := include "redpanda.fullname" . -}} + {{- $ns := .Release.Namespace -}} + {{- $domain := .Values.clusterDomain | trimSuffix "." -}} + {{- $listeners := .Values.listeners -}} + {{- range $name, $data := .Values.tls.certs }} + {{- $d := $data.duration }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + namespace: {{ .Release.Namespace | quote }} +spec: + dnsNames: + - {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }} + - {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }} + - {{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }} + - "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc.%s" $service $ns $domain }}" + - "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s.svc" $service $ns }}" + - "*.{{ template "redpanda.fullname" $ }}-cluster.{{ printf "%s.%s" $service $ns }}" + - {{ printf "%s.%s.svc.%s" $service $ns $domain }} + - {{ printf "%s.%s.svc" $service $ns }} + - {{ printf "%s.%s" $service $ns }} + - {{ printf "*.%s.%s.svc.%s" $service $ns $domain | quote }} + - {{ printf "*.%s.%s.svc" $service $ns | quote }} + - {{ printf "*.%s.%s" $service $ns | quote }} + duration: {{ $d | default "43800h" }} + isCA: false + commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + privateKey: + algorithm: ECDSA + size: 256 + {{- if not (empty $data.issuerRef) }} + issuerRef: + {{- toYaml $data.issuerRef | nindent 4 }} + group: cert-manager.io + {{- else }} + issuerRef: + name: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-issuer + kind: Issuer + group: cert-manager.io + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/configmap.yaml b/charts/redpanda/redpanda/2.2.0/templates/configmap.yaml new file mode 100644 index 000000000..901cc22a8 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/configmap.yaml @@ -0,0 +1,224 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- $values := .Values }} +{{- $users := list -}} +{{- if .Values.auth.sasl.enabled -}} + {{- range $user := .Values.auth.sasl.users -}} + {{- $users = append $users $user.name -}} + {{- end -}} +{{- end -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +data: +{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }} + bootstrap.yaml: | + enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }} + {{- if $users }} + superusers: {{ toJson $users }} + {{- end }} + {{- with (dig "cluster" dict .Values.config) }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (dig "tunable" dict .Values.config) }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + redpanda.yaml: | + config_file: /etc/redpanda/redpanda.yaml +{{- if .Values.logging.usageStats.enabled }} + {{- with (dig "usageStats" "organization" "" .Values.logging) }} + organization: {{ . }} + {{- end }} + {{- with (dig "usageStats" "clusterId" "" .Values.logging) }} + cluster_id: {{ . }} + {{- end }} +{{- end }} + redpanda: +{{- if not (include "redpanda.semver" . | semverCompare ">=22.1.1") }} + enable_sasl: {{ dig "sasl" "enabled" false .Values.auth }} + {{- if $users }} + superusers: {{ toJson $users }} + {{- end }} + {{- with (dig "cluster" dict .Values.config) }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (dig "tunable" dict .Values.config) }} + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} + {{- with dig "node" dict .Values.config }} + {{- . | toYaml | nindent 6 }} + {{- end }} + admin: + name: admin + address: 0.0.0.0 + port: {{ .Values.listeners.admin.port }} +{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} + admin_api_tls: + - name: admin + enabled: true + cert_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + require_client_auth: {{ .Values.listeners.admin.tls.requireClientAuth }} +{{- end }} + kafka_api: + - name: internal + address: 0.0.0.0 + port: {{ .Values.listeners.kafka.port }} +{{- range $name, $listener := .Values.listeners.kafka.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} +{{- end }} + kafka_api_tls: +{{- $service := .Values.listeners.kafka }} +{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + require_client_auth: {{ $service.tls.requireClientAuth }} +{{- end }} +{{- range $name, $listener := $service.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }} + - name: {{ $name }} + enabled: true + cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.crt + key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.key + truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt + require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }} + {{- end }} +{{- end }} + rpc_server: + address: 0.0.0.0 + port: {{ .Values.listeners.rpc.port }} +{{- if (include "rpc-tls-enabled" . | fromJson).bool }} + rpc_server_tls: + enabled: true + require_client_auth: {{ .Values.listeners.rpc.tls.requireClientAuth }} + cert_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/ca.crt +{{- end }} + seed_servers: +{{- range untilStep 0 (.Values.statefulset.replicas|int) 1 }} + - host: + address: "{{ template "redpanda.fullname" $ }}-{{ . }}.{{ template "redpanda.internal.domain" $ }}" + port: {{ $values.listeners.rpc.port }} +{{- end }} +{{- if .Values.listeners.http.enabled }} +{{- if .Values.listeners.schemaRegistry.enabled }} + schema_registry: + schema_registry: + - name: internal + address: 0.0.0.0 + port: {{ .Values.listeners.schemaRegistry.port }} +{{- range $name, $listener := .Values.listeners.schemaRegistry.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} +{{- end }} + schema_registry_api_tls: + {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt + require_client_auth: {{ .Values.listeners.schemaRegistry.tls.requireClientAuth }} + {{- end }} + {{- range $i, $listener := .Values.listeners.schemaRegistry.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }} + - name: {{ $listener.name }} + enabled: true + cert_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.crt + key_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.key + truststore_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/ca.crt + require_client_auth: {{ dig "tls" "requireClientAuth" false $listener}} + {{- end }} + {{- end }} +{{- end }} + pandaproxy: + pandaproxy_api: + - name: internal + address: 0.0.0.0 + port: {{ .Values.listeners.http.port }} + {{- range $name, $listener := .Values.listeners.http.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} + {{- end }} + pandaproxy_api_tls: + {{- if (include "http-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.key + truststore_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/ca.crt + require_client_auth: {{ .Values.listeners.http.tls.requireClientAuth }} + {{- end }} + {{- range $name, $listener := .Values.listeners.http.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "http-external-tls-enabled" $k | fromJson).bool }} + - name: {{ $name }} + enabled: true + cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.crt + key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.key + truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt + require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }} + {{- end }} + {{- end }} +{{- end }} + rpk: + enable_usage_stats: {{ .Values.logging.usageStats.enabled }} + overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }} + enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }} +{{- if hasKey .Values.tuning "tune_aio_events" }} + tune_aio_events: {{ .Values.tuning.tune_aio_events }} +{{- end }} +{{- if hasKey .Values.tuning "tune_clocksource" }} + tune_clocksource: {{ .Values.tuning.tune_clocksource }} +{{- end }} +{{- if hasKey .Values.tuning "tune_ballast_file" }} + tune_ballast_file: {{ .Values.tuning.tune_ballast_file }} +{{- end }} +{{- if hasKey .Values.tuning "ballast_file_path" }} + ballast_file_path: {{ .Values.tuning.ballast_file_path }} +{{- end }} +{{- if hasKey .Values.tuning "ballast_file_size" }} + ballast_file_size: {{ .Values.tuning.ballast_file_size }} +{{- end }} +{{- if hasKey .Values.tuning "well_known_io" }} + well_known_io: {{ .Values.tuning.well_known_io }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml b/charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..e3efea930 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/poddisruptionbudget.yaml @@ -0,0 +1,37 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml new file mode 100644 index 000000000..8f17a7533 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/post-install-upgrade-job.yaml @@ -0,0 +1,102 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "-10" +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} +{{- end }} + spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }}-post-install + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - bash + - -c + args: + - > +{{- if .Values.auth.sasl.enabled }} + {{- range $user := .Values.auth.sasl.users }} + rpk acl user create {{ $user.name }} -p {{ $user.password | quote }} {{ template "rpk-flags" $ }} + ; + {{- end }} +{{- end }} +{{- if and (include "redpanda.semver" . | semverCompare ">=22.2.0") (not (empty .Values.license_key)) }} + rpk cluster license set {{ .Values.license_key | quote }} {{ template "rpk-flags" $ }} + ; +{{- end }} + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} diff --git a/charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml b/charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml new file mode 100644 index 000000000..569eabefc --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/post-upgrade.yaml @@ -0,0 +1,89 @@ +{{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} +{{- end }} + spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }}-post-upgrade + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: ["/bin/sh", "-c"] + args: + - > + rpk cluster config import -f /tmp/base-config/bootstrap.yaml + --api-urls {{ template "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} +{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} + --admin-api-tls-enabled + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt +{{- end }} +{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} + --tls-enabled + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt +{{- end }} +{{- if (include "sasl-enabled" . | fromJson).bool }} + --user {{ (first .Values.auth.sasl.users).name }} + --password {{ (first .Values.auth.sasl.users).password }} + --sasl-mechanism SCRAM-SHA-256 +{{- end }} + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml b/charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml new file mode 100644 index 000000000..6f2d2e05e --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/service.internal.yaml @@ -0,0 +1,41 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +# This service is only used to create the DNS enteries for each pod in +# the stateful set. This service should not be used by any client +# application +apiVersion: v1 +kind: Service +metadata: + name: {{ include "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + publishNotReadyAddresses: true + type: ClusterIP + clusterIP: None + selector: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml b/charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..8969c764a --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/serviceaccount.yaml @@ -0,0 +1,37 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +--- +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "redpanda.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml b/charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml new file mode 100644 index 000000000..3729f0c1a --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/services.nodeport.yaml @@ -0,0 +1,82 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- $values := .Values }} +{{- if (include "external-nodeport-enabled" . | fromJson).bool }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "redpanda.fullname" . }}-external + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: NodePort + externalTrafficPolicy: Local + sessionAffinity: None + ports: +{{- range $name, $listener := $values.listeners.admin.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: admin-{{ $name }} + protocol: TCP + port: {{ $values.listeners.admin.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} +{{- range $name, $listener := $values.listeners.kafka.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: kafka-{{ $name }} + protocol: TCP + port: {{ $listener.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} +{{- range $name, $listener := $values.listeners.http.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: http-{{ $name }} + protocol: TCP + port: {{ $listener.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} +{{- range $name, $listener := $values.listeners.schemaRegistry.external }} + {{- $enabled := dig "enabled" $values.external.enabled $listener }} + {{- $type := dig "type" $values.external.type $listener }} + {{- if and $enabled (eq $type "NodePort") }} + - name: schema-{{ $name }} + protocol: TCP + port: {{ $listener.port }} + nodePort: {{ $listener.nodePort }} + {{- end }} +{{- end }} + selector: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml b/charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml new file mode 100644 index 000000000..8297e25d3 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/statefulset.yaml @@ -0,0 +1,364 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $values := .Values }} +{{- $advertiseAddress := include "redpanda.kafka.internal.advertise.address" . -}} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "redpanda.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + serviceName: {{ template "redpanda.fullname" . }} + replicas: {{ .Values.statefulset.replicas | int64 }} + updateStrategy: + {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} + podManagementPolicy: {{ .Values.statefulset.podManagementPolicy }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +{{- with .Values.commonLabels }} + {- toYaml . | nindent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with $.Values.statefulset.annotations }} + {{- toYaml . | nindent 8 }} +{{- end }} + spec: + securityContext: + {{- toYaml .Values.statefulset.podSecurityContext | nindent 8 }} + initContainers: + - name: set-datadir-ownership + image: busybox:latest + command: ["/bin/sh", "-c", "chown 101:101 -R /var/lib/redpanda/data"] + volumeMounts: + - name: datadir + mountPath: /var/lib/redpanda/data + - name: {{ template "redpanda.name" . }}-configurator + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: ["/bin/sh", "-c"] + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - > + CONFIG=/etc/redpanda/redpanda.yaml; + NODE_ID=${SERVICE_NAME##*-}; + cp /tmp/base-config/redpanda.yaml "$CONFIG"; + {{- if (include "redpanda.semver" . | semverCompare ">=22.1.1") }} + cp /tmp/base-config/bootstrap.yaml /etc/redpanda/.bootstrap.yaml; + {{- end }} + rpk --config "$CONFIG" config set redpanda.node_id $NODE_ID; + if [ "$NODE_ID" = "0" ]; then + rpk --config "$CONFIG" config set redpanda.seed_servers '[]' --format yaml; + fi; + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + - name: config + mountPath: /etc/redpanda + resources: + {{- toYaml .Values.statefulset.resources | nindent 12 }} + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + env: + - name: SERVICE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + startupProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "admin-internal-tls-enabled" . |fromJson).bool }} + - > + curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + -svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- else }} + - > + curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- end }} + initialDelaySeconds: {{ .Values.statefulset.startupProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.statefulset.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.statefulset.startupProbe.periodSeconds }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "admin-internal-tls-enabled" . |fromJson).bool }} + - > + curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + -svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + {{- else }} + - > + curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + {{- end }} + initialDelaySeconds: {{ .Values.statefulset.livenessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.statefulset.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.statefulset.livenessProbe.periodSeconds }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "admin-internal-tls-enabled" . |fromJson).bool }} + - > + curl https://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview + -svk --cacert /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- else }} + - > + curl -sv http://localhost:{{ .Values.listeners.admin.port }}/v1/cluster/health_overview | + awk '{ + id = $0; gsub(/.*"controller_id": /, "", id); gsub(/,.*/, "", id) + nd_str = $0; gsub(/.*"nodes_down": \[/, "", nd_str); gsub(/\].*/, "", nd_str) + FS="," + split(nd_str, nd_list) + for (i in nd_list) nodes_down[nd_list[i]]="" + exit (id in nodes_down) + }' + {{- end }} + initialDelaySeconds: {{ .Values.statefulset.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.statefulset.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.statefulset.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.statefulset.readinessProbe.initialDelaySeconds }} + command: + - rpk + - redpanda + - start + - --smp={{ .Values.resources.cpu.cores }} + - --memory={{ template "redpanda-memory" . }}M + - --reserve-memory={{ template "redpanda-reserve-memory" . }} + - --default-log-level={{ .Values.logging.logLevel }} + - --advertise-kafka-addr=internal://{{ $advertiseAddress }}:{{ .Values.listeners.kafka.port }}, +{{- range $name, $listener := .Values.listeners.kafka.external -}} + {{- $enabled := dig "enabled" $values.external.enabled $listener -}} + {{- $listenerNodePortEnabled := and $enabled (eq (dig "type" $values.external.type $listener) "NodePort") -}} + {{- $advertiseKafkaHost := $advertiseAddress -}} + {{- $advertiseKafkaPort := $listener.nodePort -}} + {{- if $listenerNodePortEnabled -}} + {{- $advertiseKafkaHost = printf "$(SERVICE_NAME).%s" $values.external.domain -}} + {{- end -}} + {{ $name }}://{{ $advertiseKafkaHost }}:{{ $advertiseKafkaPort }}, +{{- end }} + - --advertise-rpc-addr={{ $advertiseAddress }}:{{ .Values.listeners.rpc.port }} + - --advertise-pandaproxy-addr=internal://{{ $advertiseAddress }}:{{ .Values.listeners.http.port }}, +{{- range $name, $listener := .Values.listeners.http.external -}} + {{ $name}}://{{ $advertiseAddress }}:{{ $listener.nodePort }}, +{{- end }} + ports: +{{- range $name, $listener := .Values.listeners }} + - name: {{ lower $name }} + containerPort: {{ $listener.port }} + {{- range $externalName, $external := $listener.external }} + {{- if $external.port }} + - name: {{ lower $name | trunc 6 }}-{{ lower $externalName | trunc 8}} + containerPort: {{ $external.port }} + {{- end }} + {{- end }} +{{- end }} + volumeMounts: + - name: datadir + mountPath: /var/lib/redpanda/data + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + resources: +{{- if hasKey .Values.resources.memory "min" }} + requests: + cpu: {{ .Values.resources.cpu.cores }} + memory: {{ .Values.resources.memory.container.min }} +{{- end }} + limits: + cpu: {{ .Values.resources.cpu.cores }} + memory: {{ .Values.resources.memory.container.max }} + volumes: + - name: datadir +{{- if .Values.storage.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: datadir +{{- else if .Values.storage.hostPath }} + hostPath: + path: {{ .Values.storage.hostPath | quote }} +{{- else }} + emptyDir: {} +{{- end }} + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} + affinity: + {{- with .Values.statefulset.nodeAffinity }} + nodeAffinity: {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.statefulset.podAffinity }} + podAffinity: {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.statefulset.podAntiAffinity }} + podAntiAffinity: + {{- if .Values.statefulset.podAntiAffinity.type }} + {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} + podAffinityTerm: + topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- end }} + {{- else }} + {{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }} + {{- end }} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} + topologySpreadConstraints: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- with .Values.statefulset.topologySpreadConstraints }} + maxSkew: {{ .maxSkew }} + topologyKey: {{ .topologyKey }} + whenUnsatisfiable: {{ .whenUnsatisfiable }} + {{- end }} +{{- end }} +{{- with .Values.statefulset.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} +{{- end }} +{{- if .Values.statefulset.priorityClassName }} + priorityClassName: {{ .Values.statefulset.priorityClassName }} +{{- end }} +{{- with .Values.statefulset.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} +{{- end }} +{{- if .Values.storage.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: datadir + labels: + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.storage.persistentVolume.labels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.storage.persistentVolume.annotations }} + annotations: {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: ["ReadWriteOnce"] + {{- if .Values.storage.persistentVolume.storageClass }} + {{- if (eq "-" .Values.storage.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.storage.persistentVolume.storageClass | quote }} + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.persistentVolume.size | quote }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml new file mode 100644 index 000000000..02e40fb4f --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-api-status.yaml @@ -0,0 +1,55 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-api-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk cluster info + --brokers {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml new file mode 100644 index 000000000..cbef84ff3 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-internal-tls-status.yaml @@ -0,0 +1,79 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-kafka-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk cluster info + --brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml new file mode 100644 index 000000000..dcce83c39 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-status.yaml @@ -0,0 +1,94 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "sasl-enabled" . | fromJson).bool (not (include "tls-enabled" . | fromJson).bool) }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk acl user delete admin + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}; + sleep 3; + rpk acl user create admin -p test + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} && + sleep 3 && + rpk topic create test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic describe test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic delete test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk acl user delete admin + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + volumeMounts: + - name: config + mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} +{{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml new file mode 100644 index 000000000..3e787fa20 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-kafka-sasl-tls-status.yaml @@ -0,0 +1,101 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "sasl-enabled" . | fromJson).bool (include "tls-enabled" . | fromJson).bool -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-kafka-sasl-tls-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - > + rpk acl user delete admin + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }}; + sleep 3; + rpk acl user create admin -p test + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} && + sleep 3 && + rpk topic create test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic describe test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk topic delete test-topic --user admin --password test --sasl-mechanism SCRAM-SHA-256 + --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} && + rpk acl user delete admin + --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --admin-api-tls-truststore /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + --api-urls {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.admin.port }} + --brokers {{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml new file mode 100644 index 000000000..b4c6ca9d9 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-internal-tls-status.yaml @@ -0,0 +1,79 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-pandaproxy-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - --ssl-reqd + - --cacert + - /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.http.port }}/brokers + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end -}} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml new file mode 100644 index 000000000..b1221e6a0 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-pandaproxy-status.yaml @@ -0,0 +1,44 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) -}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-pandaproxy-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.http.port }}/brokers +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml new file mode 100644 index 000000000..8d6205845 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-internal-tls-status.yaml @@ -0,0 +1,77 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "redpanda.fullname" . }}-test-schemaregistry-internal-tls-status + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - --ssl-reqd + - --cacert + - /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt + - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects + volumeMounts: + - name: config + mountPath: /etc/redpanda + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} + {{- range $name, $cert := .Values.tls.certs }} + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 420 + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{- if $cert.caEnabled }} + - key: ca.crt + path: ca.crt + {{- end }} + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml new file mode 100644 index 000000000..b6272afd2 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/templates/tests/test-schemaregistry-status.yaml @@ -0,0 +1,46 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} +{{- /* TODO test fails if SASL is enabled */}} +{{- /* TODO test expects the first listener to have TLS enabled */}} +{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redpanda.fullname" . }}-test-schemaregistry-status" + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + restartPolicy: Never + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + command: + - curl + - -svm3 + - http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects +{{- end }} diff --git a/charts/redpanda/redpanda/2.2.0/values.schema.json b/charts/redpanda/redpanda/2.2.0/values.schema.json new file mode 100644 index 000000000..610476dd6 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/values.schema.json @@ -0,0 +1,810 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "required": [ + "image" + ], + "properties": { + "image": { + "description": "Values used to define the container image to be used for Redpanda", + "type": "object", + "required": [ + "repository", + "pullPolicy" + ], + "properties": { + "repository": { + "description": "container image repository", + "default": "vectorized/redpanda", + "type": "string", + "pattern": "^[a-z0-9-_/.]+$" + }, + "tag": { + "description": "The container image tag. Use the Redpanda release version. Must be a valid semver prefixed with a 'v'.", + "default": "Chart.appVersion", + "type": "string", + "pattern": "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$|^$" + }, + "pullPolicy": { + "description": "The Kubernetes Pod image pull policy.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + } + } + }, + "license_key": { + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "auth": { + "type": "object", + "required": [ + "sasl" + ], + "properties": { + "sasl": { + "type": "object", + "required": [ + "enabled", + "users" + ], + "if": { + "properties": { + "enabled": { + "enum": [ + true + ] + } + } + }, + "then": { + "properties": { + "enabled": { + "type": "boolean" + }, + "users": { + "type": "array", + "minItems": 1, + "items": { + "properties": { + "name": { + "type": "string" + }, + "password": { + "type": "string" + } + }, + "oneOf": [ + { + "required": [ + "name", + "password" + ] + }, + { + "required": [ + "name", + "secretName" + ] + } + ] + } + } + } + }, + "else": { + "properties": { + "enabled": { + "type": "boolean" + } + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "certs": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "caEnabled" + ], + "properties": { + "issuerRef": { + "type": "string" + }, + "caEnabled": { + "type": "boolean" + }, + "duration": { + "type": "string", + "pattern": ".*[smh]$" + } + } + } + } + } + } + }, + "external": { + "type": "object", + "required": [ + "enabled", + "type", + "domain" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "domain": { + "type": "string", + "format": "idn-hostname" + } + } + }, + "logging": { + "type": "object", + "required": [ + "logLevel", + "usageStats" + ], + "parameters": { + "logLevel": { + "type": "string", + "pattern": "^(error|warn|info|debug|trace)$" + }, + "usageStats": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + } + } + } + } + }, + "resources": { + "type": "object", + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "type": "object", + "required": [ + "cores" + ], + "properties": { + "cores": { + "type": "integer" + }, + "overprovisioned": { + "type": "boolean" + } + } + }, + "memory": { + "type": "object", + "required": [ + "container" + ], + "properties": { + "enable_memory_locking": { + "type": "boolean" + }, + "container": { + "type": "object", + "required": [ + "max" + ], + "properties": { + "min": { + "type": "string", + "pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$" + }, + "max": { + "type": "string", + "pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$" + } + } + } + } + } + } + }, + "storage": { + "type": "object", + "required": [ + "hostPath", + "persistentVolume" + ], + "properties": { + "hostPath": { + "type": "string" + }, + "persistentVolume": { + "type": "object", + "required": [ + "enabled", + "size", + "storageClass", + "labels", + "annotations" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "size": { + "type": "string", + "pattern": "^[0-9]+(\\.[0-9]){0,1}(k|M|G|Ki|Mi|Gi)$" + }, + "storageClass": { + "type": "string" + }, + "labels": { + "type": "object" + }, + "annotations": { + "type": "object" + } + } + } + } + }, + "statefulset": { + "type": "object", + "required": [ + "replicas", + "updateStrategy", + "podManagementPolicy", + "budget", + "annotations", + "startupProbe", + "livenessProbe", + "readinessProbe", + "podAffinity", + "podAntiAffinity", + "nodeSelector", + "priorityClassName", + "tolerations", + "topologySpreadConstraints", + "podSecurityContext" + ], + "properties": { + "replicas": { + "type": "integer" + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "pattern": "^(RollingUpdate|OnDelete)$" + } + } + }, + "podManagementPolicy": { + "type": "string", + "pattern": "^(OrderedReady|Parallel)$" + }, + "budget": { + "type": "object", + "required": [ + "maxUnavailable" + ], + "properties": { + "maxUnavailable": { + "type": "integer" + } + } + }, + "annotations": { + "type": "object" + }, + "startupProbe": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "livenessProbe": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object", + "required": [ + "initialDelaySeconds", + "failureThreshold", + "periodSeconds" + ], + "properties": { + "initialDelaySeconds": { + "type": "integer" + }, + "failureThreshold": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object", + "required": [ + "topologyKey", + "type", + "weight" + ], + "properties": { + "topologyKey": { + "type": "string" + }, + "type": { + "type": "string", + "pattern": "^(hard|soft)$" + }, + "weight": { + "type": "integer" + } + } + }, + "nodeSelector": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "properties": { + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string", + "pattern": "^(ScheduleAnyway|DoNotSchedule)$" + } + } + }, + "podSecurityContext": { + "type": "object", + "required": [ + "fsGroup" + ], + "properties": { + "fsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "required": [ + "create", + "annotations", + "name" + ], + "properties": { + "create": { + "type": "boolean" + }, + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + } + } + }, + "tuning": { + "type": "object", + "properties": { + "tune_aio_events": { + "type": "boolean" + }, + "tune_clocksource": { + "type": "boolean" + }, + "tune_ballast_file": { + "type": "boolean" + }, + "ballast_file_path": { + "type": "string" + }, + "ballast_file_size": { + "type": "string" + }, + "well_known_io": { + "type": "string" + } + } + }, + "listeners": { + "type": "object", + "required": [ + "admin", + "kafka", + "http", + "rpc", + "schemaRegistry" + ], + "properties": { + "admin": { + "type": "object", + "required": [ + "port", + "external", + "tls" + ], + "properties": { + "port": { + "type": "integer" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "kafka": { + "type": "object", + "required": [ + "port", + "external", + "tls" + ], + "properties": { + "port": { + "type": "integer" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "port", + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "http": { + "type": "object", + "required": [ + "enabled", + "port", + "kafkaEndpoint", + "external", + "tls" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "kafkaEndpoint": { + "type": "string", + "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "port", + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "rpc": { + "type": "object", + "required": [ + "port", + "tls" + ], + "properties": { + "port": { + "type": "integer" + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + }, + "schemaRegistry": { + "type": "object", + "required": [ + "enabled", + "port", + "kafkaEndpoint", + "external", + "tls" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "kafkaEndpoint": { + "type": "string", + "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + }, + "external": { + "type": "object", + "minProperties": 1, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "object", + "required": [ + "port", + "nodePort" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string", + "pattern": "^NodePort$" + }, + "nodePort": { + "type": "integer" + } + } + } + } + }, + "tls": { + "type": "object", + "required": [ + "cert", + "requireClientAuth" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "cert": { + "type": "string" + }, + "requireClientAuth": { + "type": "boolean" + } + } + } + } + } + } + }, + "config": { + "type": "object", + "required": [ + "cluster", + "tunable", + "node" + ], + "properties": { + "cluster": { + "type": "object" + }, + "tunable": { + "type": "object" + }, + "node": { + "type": "object" + } + } + } + } +} diff --git a/charts/redpanda/redpanda/2.2.0/values.yaml b/charts/redpanda/redpanda/2.2.0/values.yaml new file mode 100644 index 000000000..1ebe71991 --- /dev/null +++ b/charts/redpanda/redpanda/2.2.0/values.yaml @@ -0,0 +1,580 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file contains values for variables referenced from yaml files in the templates directory. +# +# For further information on Helm templating see the documentation at: +# https://helm.sh/docs/chart_template_guide/values_files/ + +# Common parameters +# +# Override redpanda.name template +nameOverride: "" +# Override redpanda.fullname template +fullnameOverride: "" +# Default kuberentes cluster domain +clusterDomain: cluster.local +# Additional labels added to all Kubernetes objects +commonLabels: {} + +# Redpanda parameters +# +image: + repository: vectorized/redpanda + # Redpanda version defaults to Chart.appVersion + tag: "" + # The imagePullPolicy will default to Always when the tag is 'latest' + pullPolicy: IfNotPresent +# Your license key (optional) +license_key: "" + +# +# Authentication +auth: + # + # SASL configuration + sasl: + enabled: false + # user list + # TODO create user at startup + users: + - name: admin + # Password for the user. This will be used to generate a secret + # password: password + # If password isn't given, then the secretName must point to an already existing secret + # secretName: adminPassword + +# +# TLS configuration +tls: + # Enable global TLS, which turns on TLS by default for all listeners + # Each listener must include a certificate name in its TLS section + # Any certificates in auth.tls.certs will still be loaded if enabled is false + # This is because listeners may enable TLS individually (see listeners..tls.enabled) + enabled: false + # list all certificates below, then reference a certificate's name in each listener (see listeners..tls.cert) + certs: + # This is the certificate name that is used to associate the certificate with a listener + # See listeners..tls.cert for more information + default: + # Define an issuerRef to use your own custom pre-installed Issuer + # issuerRef: + # name: redpanda-default-root-issuer + # kind: Issuer # Can be Issuer or ClusterIssuer + # The caEnabled flag determines whether the ca.crt file is included in the TLS mount path on each Redpanda pod + caEnabled: true + # duration: 43800h + +# +# External access configuration +external: + # Default external access value for all listeners except RPC + # External config doesn't apply to RPC listeners as they are never externally accessible + # These values can be overridden by each listener if needed + enabled: true + # Default external access type (options are NodePort and LoadBalancer) + # TODO include IP range for load balancer that support it: https://github.com/redpanda-data/helm-charts/issues/106 + type: NodePort + domain: local + # annotations: + # For example: + # cloud.google.com/load-balancer-type: "Internal" + # service.beta.kubernetes.io/aws-load-balancer-type: nlb + +# Logging +logging: + # Log level + # Valid values (from least to most logging) are warn, info, debug, trace + logLevel: info + # + # Send usage stats back to Redpanda + # See https://docs.redpanda.com/docs/cluster-administration/monitoring/#stats-reporting + usageStats: + # rpk.enable_usage_stats + enabled: true + # Your organization name (optional) + # organization: your-org + # Your cluster ID (optional) + # clusterId: your-helm-cluster +# +resources: + # Both Redpanda and Kubernetes have multiple ways to allocate resources. + # There are also several associated parameters that impact how these resources are used by + # Kubernetes, the Redpanda app, and the subsystem Redpanda is built on (Seastar). + # This section attempts to simplify allocating resources by providing a single location + # where resources are defined. + # Helm sets these resource values within the following templates: + # - statefulset.yaml + # - configmap.yaml + # + # The default values below are what should work for a development environment. + # Production-level values and other considerations are provided in comments + # if those values are different from the default. + # + cpu: + # Redpanda makes use of a thread per core model described here: + # https://redpanda.com/blog/tpc-buffers + # For this reason, Redpanda should only be given full cores (cores parameter below). + # + # NOTE: You can increase cores, but decreasing cores is not currently supported: + # https://github.com/redpanda-data/redpanda/issues/350 + # + # Equivalent to: --smp, resources.requests.cpu, and resources.limits.cpu + # For production: 4 or greater + cores: 1 + # + # Overprovisioned means Redpanda won't assume it has all of the provisioned CPU. + # This should be true unless the container has CPU affinity (eg. min and max above are equal). + # Equivalent to: --idle-poll-time-us 0 --thread-affinity 0 --poll-aio 0 + # overprovisioned: false + # + memory: + # Enables memory locking. + # For production: true + # enable_memory_locking: false + # + # It is recommended to have at least 2Gi of memory per core for the Redpanda binary. + # This memory is taken from the total memory given to each container. + # We allocate 80% of the container's memory to Redpanda, leaving the rest for + # the Seastar subsystem (reserveMemory) and other container processes. + # So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. + # + # These values affect --memory and --reserve-memory flags passed to Redpanda and the memory + # requests/limits in the StatefulSet. + # Valid suffixes: k M G Ki Mi Gi + # Only support a single decimal (eg. 2.5Gi rather than 2.55Gi) + # + container: + # Minimum memory count for each Redpanda broker + # If omitted, the min value will equal the max value (requested resources defaults to limits) + # Equivalent to: resources.requests.memory + # For production: 10Gi or greater + # min: 2.5Gi + # + # Minimum memory count for each Redpanda broker + # Equivalent to: resources.limits.memory + # For production: 10Gi or greater + max: 2.5Gi + # + # redpanda: + # This optional redpanda section allows specifying the memory size for both the Redpanda + # process and the underlying reserved memory (used by Seastar). + # This section is omitted by default, and memory sizes are calculated automatically + # based on container memory. + # Uncommenting this section and setting memory and reserveMemory values will disable + # automatic calculation. + # + # If you are setting the following values manually, keep in mind the following guidelines (getting + # this wrong will potentially lead to performance issues, instability, loss of data, etc.): + # The amount of memory to allocate to a container is determined by the sum of three values: + # 1. Redpanda (at least 2Gi per core, ~80% of the container's total memory) + # 2. Seastar subsystem (200Mi * 0.2% of the container's total memory, 200Mi < x < 1Gi) + # 3. other container processes (whatever small amount remains) + # + # Memory for the Redpanda process. + # This must be lower the container's memory (resources.memory.container.min if provided, otherwise + # resources.memory.container.max). + # Equivalent to: --memory + # For production: 8Gi or greater + # memory: 2Gi + # + # Memory reserved for the Seastar subsystem. + # Any value above 1Gi will provide diminishing performance benefits. + # Equivalent to: --reserve-memory + # For production: 1Gi + # reserveMemory: 200Mi +# +# Persistence +storage: + # Absolute path on host to store Redpanda's data. + # If not specified, then `emptyDir` will be used instead. + # If specified, but `persistentVolume.enabled` is `true`, then has no effect. + hostPath: "" + # If `enabled` is `true` then a PersistentVolumeClaim will be created and + # used to store Redpanda's data, otherwise `hostPath` is used. + persistentVolume: + enabled: true + size: 3Gi + # If defined, then `storageClassName: `. + # If set to "-", then `storageClassName: ""`, which disables dynamic + # provisioning. + # If undefined or empty (default), then no `storageClassName` spec is set, + # so the default provisioner will be chosen (gp2 on AWS, standard on + # GKE, AWS & OpenStack). + storageClass: "" + # Additional labels to apply to the created PersistentVolumeClaims. + labels: {} + # Additional annotations to apply to the created PersistentVolumeClaims. + annotations: {} + +statefulset: + # Number of Redpanda brokers (recommend setting this to the number of nodes in the cluster) + replicas: 3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + budget: + maxUnavailable: 1 + # Additional annotations to apply to the Pods of this StatefulSet. + annotations: {} + # Adjust the period for your probes to meet your needs (see https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) + startupProbe: + initialDelaySeconds: 1 + failureThreshold: 120 + periodSeconds: 10 + livenessProbe: + initialDelaySeconds: 10 + failureThreshold: 3 + periodSeconds: 10 + readinessProbe: + initialDelaySeconds: 1 + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + # + # A note regarding statefulset resources: + # Resources are set through the top-level resources section above. + # It is recommended to set resources values in that section rather than here, as this will guarantee + # memory is allocated across containers, Redpanda, and the Seastar subsystem correctly. + # This automatic memory allocation is in place because Repanda and the Seastar subsystem require flags + # at startup that set the amount of memory available to each process. + # Kubernetes (mainly statefulset), Redpanda, and Seastar memory values are tightly coupled. + # Adding a resource section here will be ignored. + # + # Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity + podAffinity: {} + # Anti-affinity rules for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity + # You may either toggle options below for default anti-affinity rules, + # or specify the whole set of anti-affinity rules instead of them. + podAntiAffinity: + # The topologyKey to be used. + # Can be used to spread across different nodes, AZs, regions etc. + topologyKey: kubernetes.io/hostname + # Type of anti-affinity rules: either `soft`, `hard` or empty value (which + # disables anti-affinity rules). + type: soft + # Weight for `soft` anti-affinity rules. + # Does not apply for other anti-affinity types. + weight: 100 + # Node selection constraints for scheduling Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + # PriorityClassName given to Pods of this StatefulSet + # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + priorityClassName: "" + # Taints to be tolerated by Pods of this StatefulSet. + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + # https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + topologySpreadConstraints: + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + # When using persistent storage the volume will be mounted as root. In order for redpanda to use the volume + # we must set the fsGroup to the uid of redpanda, which is 101 + podSecurityContext: + fsGroup: 101 + # runAsNonRoot: true + # runAsUser: 1000 + +# Service account management +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +tuning: {} + # This section contains Redpanda tuning parameters. + # Each parameter below is set to their default values. + # Remove the curly brackets above if you uncomment any parameters below. + # + # Increases the number of allowed asynchronous IO events. + # tune_aio_events: false + # + # Syncs NTP + # tune_clocksource: false + # + # Creates a "ballast" file so that, if a Redpanda node runs out of space, + # you can delete the ballast file to allow the node to resume operations and then + # delete a topic or records to reduce the space used by Redpanda. + # tune_ballast_file: false + # + # The path where the ballast file will be created. + # ballast_file_path: "/var/lib/redpanda/data/ballast" + # + # The ballast file size. + # ballast_file_size: "1GiB" + # + # (Optional) The vendor, VM type and storage device type that redpanda will run on, in + # the format ::. This hints to rpk which configuration values it + # should use for the redpanda IO scheduler. + # Some valid values are "gcp:c2-standard-16:nvme", "aws:i3.xlarge:default" + # well_known_io: "" + # + # The following tuning parameters must be false in container environments and will be ignored: + # tune_network + # tune_disk_scheduler + # tune_disk_nomerges + # tune_disk_irq + # tune_fstrim + # tune_cpu + # tune_swappiness + # tune_transparent_hugepages + # tune_coredump + +### Overrides +# +# This sections can be used to override global settings configured above for individual +# listeners. +# +listeners: + # Admin API listener + # The kafka listener group cannot be disabled + admin: + # The port for the admin server + port: 9644 + # Optional external section + external: + default: + # `enabled`` is used to override the setting of the `external` top-level key + # for this external listener. The default is `true`. + # enabled: true + + # External port + # `nodePort` defines the TCP port to listen on for NodePort types. + nodePort: 31644 + # Optional TLS section (required if global TLS is enabled) + tls: + # Optional flag to override the global TLS enabled flag + # enabled: true + # Name of certificate used for TLS (must match a cert registered at auth.tls.certs) + cert: default + # If true, the truststore file for this listener will be included in the ConfigMap + requireClientAuth: false + # Kafka API listeners + # The kafka listener group cannot be disabled + kafka: + port: 9093 + # Listeners internal to kubernetes service network + tls: + # enabled: true + cert: default + requireClientAuth: false + # External listeners + external: + # to disable external kafka listeners when the global `external` is enabled, + # replace this with an empty list, ie: `external: []` + default: + port: 9094 + # Type can be `NodePort or `LoadBalancer`. If unset, it will default to the type + # in the `external` section.` + type: NodePort + # External port + # This listener port will be used on each kubernetes node + nodePort: 31092 + # HTTP API listeners (aka PandaProxy) + # PandaProxy is a kafka client that connects to an endpoint from listeners.kafka.endpoints + http: + enabled: true + port: 8082 + kafkaEndpoint: default + tls: + # enabled: true + cert: default + requireClientAuth: false + # External listeners + external: + default: + # Ports must be unique per listener + port: 8083 + # Type of external access (options are ClusterIP, NodePort, and LoadBalancer) + type: NodePort + # External port + # This listener port will be used for the external port if NodePort is selected + nodePort: 30082 + # RPC listener + # The RPC listener cannot be disabled + rpc: + port: 33145 + tls: + # enabled: true + cert: default + requireClientAuth: false + # Schema registry listeners + schemaRegistry: + enabled: true + port: 8081 + # Schema Registry is a kafka client that connects to an endpoint from listeners.kafka.endpoints + kafkaEndpoint: default + tls: + # enabled: true + cert: default + requireClientAuth: false + external: + default: + # Ports must be unique per listener + port: 8080 + # Optional external section + # enabled: true + # Type of external access (options are NodePort and LoadBalancer) + # type: NodePort + # External port + # This listener port will be used for the external port if this is not included + nodePort: 30081 + +# Expert Config + +# This section contains various settings supported by Redpanda that may not work +# correctly in a kubernetes cluster. Changing these settings comes with some risk. +# +# Here be dragons! +# +# This section allows modifying various Redpanda settings not covered in other sections above. +# These values do not pertain to the kubernetes objects created with helm. +# Instead these parameters get passed directly to the Redpanda binary at startup. +# See https://docs.redpanda.com/docs/cluster-administration/configuration/ +config: + cluster: {} + # auto_create_topics_enabled: true # Allow topic auto creation + # transaction_coordinator_replication: 1 # Replication factor for a transaction coordinator topic + # id_allocator_replication: 1 # Replication factor for an ID allocator topic + # disable_metrics: false # Disable registering metrics + # enable_coproc: false # Enable coprocessing mode + # enable_idempotence: false # Enable idempotent producer + # enable_pid_file: true # Enable pid file; You probably don't want to change this + # enable_transactions: false # Enable transactions + # group_max_session_timeout_ms: 300s # The maximum allowed session timeout for registered consumers; Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures; Default quota tracking window size in milliseconds + # group_min_session_timeout_ms: Optional # The minimum allowed session timeout for registered consumers; Shorter timeouts result in quicker failure detection at the cost of more frequent consumer heartbeating + # kafka_group_recovery_timeout_ms: 30000ms # Kafka group recovery timeout expressed in milliseconds + # kafka_qdc_enable: false # Enable kafka queue depth control + # kafka_qdc_max_latency_ms: 80ms # Max latency threshold for kafka queue depth control depth tracking + # log_cleanup_policy: deletion # Default topic cleanup policy + # log_compaction_interval_ms: 5min # How often do we trigger background compaction + # log_compression_type: producer # Default topic compression type + # log_message_timestamp_type: create_time # Default topic messages timestamp type + # retention_bytes: None # max bytes per partition on disk before triggering a compaction + # rm_sync_timeout_ms: 2000ms + # rm_violation_recovery_policy: crash # Describes how to recover from an invariant violation happened on the partition level + # target_quota_byte_rate: 2GB # Target quota byte rate in bytes per second + # tm_sync_timeout_ms: 2000ms # Time to wait state catch up before rejecting a request + # tm_violation_recovery_policy: crash # Describes how to recover from an invariant violation happened on the transaction coordinator level + # transactional_id_expiration_ms: 10080min # Producer ids are expired once this time has elapsed after the last write with the given producer ID + tunable: {} + # alter_topic_cfg_timeout_ms: 5s # Time to wait for entries replication in controller log when executing alter configuration request + # compacted_log_segment_size: 256MiB # How large in bytes should each compacted log segment be (default 256MiB) + # controller_backend_housekeeping_interval_ms: 1s # Interval between iterations of controller backend housekeeping loop + # coproc_max_batch_size: 32kb # Maximum amount of bytes to read from one topic read + # coproc_max_inflight_bytes: 10MB # Maximum amountt of inflight bytes when sending data to wasm engine + # coproc_max_ingest_bytes: 640kb # Maximum amount of data to hold from input logs in memory + # coproc_offset_flush_interval_ms: 300000ms # Interval for which all coprocessor offsets are flushed to disk + # create_topic_timeout_ms: 2000ms # Timeout (ms) to wait for new topic creation + # default_num_windows: 10 # Default number of quota tracking windows + # default_window_sec: 1000ms # Default quota tracking window size in milliseconds + # delete_retention_ms: 10080min # delete segments older than this (default 1 week) + # disable_batch_cache: false # Disable batch cache in log manager + # fetch_reads_debounce_timeout: 1ms # Time to wait for next read in fetch request when requested min bytes wasn't reached + # fetch_session_eviction_timeout_ms: 60s # Minimum time before which unused session will get evicted from sessions; Maximum time after which inactive session will be deleted is two time given configuration valuecache + # group_initial_rebalance_delay: 300ms # Extra delay (ms) added to rebalance phase to wait for new members + # group_new_member_join_timeout: 30000ms # Timeout for new member joins + # group_topic_partitions: 1 # Number of partitions in the internal group membership topic + # id_allocator_batch_size: 1000 # ID allocator allocates messages in batches (each batch is a one log record) and then serves requests from memory without touching the log until the batch is exhausted + # id_allocator_log_capacity: 100 # Capacity of the id_allocator log in number of messages; Once it reached id_allocator_stm should compact the log + # join_retry_timeout_ms: 5s # Time between cluster join retries in milliseconds + # kafka_qdc_idle_depth: 10 # Queue depth when idleness is detected in kafka queue depth control + # kafka_qdc_latency_alpha: 0.002 # Smoothing parameter for kafka queue depth control latency tracking + # kafka_qdc_max_depth: 100 # Maximum queue depth used in kafka queue depth control + # kafka_qdc_min_depth: 1 # Minimum queue depth used in kafka queue depth control + # kafka_qdc_window_count: 12 # Number of windows used in kafka queue depth control latency tracking + # kafka_qdc_window_size_ms: 1500ms # Window size for kafka queue depth control latency tracking + # kvstore_flush_interval: 10ms # Key-value store flush interval (ms) + # kvstore_max_segment_size: 16MB # Key-value maximum segment size (bytes) + # log_segment_size: 1GB # How large in bytes should each log segment be (default 1G) + # max_compacted_log_segment_size: 5GB # Max compacted segment size after consolidation + # max_kafka_throttle_delay_ms: 60000ms # Fail-safe maximum throttle delay on kafka requests + # metadata_dissemination_interval_ms: 3000ms # Interaval for metadata dissemination batching + # metadata_dissemination_retries: 10 # Number of attempts of looking up a topic's meta data like shard before failing a request + # metadata_dissemination_retry_delay_ms: 500ms # Delay before retry a topic lookup in a shard or other meta tables + # quota_manager_gc_sec: 30000ms # Quota manager GC frequency in milliseconds + # raft_learner_recovery_rate: 104857600 # Raft learner recovery rate in bytes per second + # raft_heartbeat_disconnect_failures: 3 #After how many failed heartbeats to forcibly close an unresponsive TCP connection. Set to 0 to disable force disconnection. + # raft_heartbeat_interval_ms: 150 #The interval in ms between raft leader heartbeats. + # raft_heartbeat_timeout_ms: 3000 #Raft heartbeat RPC timeout. + # raft_io_timeout_ms: 10000 #Raft I/O timeout. + # raft_max_concurrent_append_requests_per_follower: 16 #Maximum number of concurrent append entries requests sent by leader to one follower. + # raft_max_recovery_memory: 33554432 #Maximum memory that can be used for reads in the raft recovery process. + # raft_recovery_default_read_size: 524288 #Default size of read issued during raft follower recovery. + # raft_replicate_batch_window_size: 1048576 #Maximum size of requests cached for replication. + # raft_smp_max_non_local_requests: #Maximum number of x-core requests pending in Raft seastar::smp group. (for more details look at seastar::smp_service_group documentation). + # raft_timeout_now_timeout_ms: 1000 #Timeout for a timeout now request. + # raft_transfer_leader_recovery_timeout_ms: 1000 #Timeout waiting for follower recovery when transferring leadership. + # raft_election_timeout_ms: 1500ms # Election timeout expressed in milliseconds TBD - election_time_out + # readers_cache_eviction_timeout_ms: 30s # Duration after which inactive readers will be evicted from cache + # reclaim_growth_window: 3000ms # Length of time in which reclaim sizes grow + # reclaim_max_size: 4MB # Maximum batch cache reclaim size + # reclaim_min_size: 128KB # Minimum batch cache reclaim size + # reclaim_stable_window: 10000ms # Length of time above which growth is reset + # recovery_append_timeout_ms: 5s # Timeout for append entries requests issued while updating stale follower + # release_cache_on_segment_roll: false # Free cache when segments roll + # replicate_append_timeout_ms: 3s # Timeout for append entries requests issued while replicating entries + # segment_appender_flush_timeout_ms: 1ms # Maximum delay until buffered data is written + # wait_for_leader_timeout_ms: 5000ms # Timeout (ms) to wait for leadership in metadata cache + node: {} + # node_id: # Unique ID identifying a node in the cluster + # data_directory: # Place where redpanda will keep the data + # admin_api_doc_dir: /usr/share/redpanda/admin-api-doc # Admin API doc directory + # api_doc_dir: /usr/share/redpanda/proxy-api-doc # API doc directory + # coproc_supervisor_server: 127.0.0.1:43189 # IpAddress and port for supervisor service + # dashboard_dir: None # serve http dashboard on / url + # rack: None # Rack identifier + # developer_mode: optional # Skips most of the checks performed at startup + + # Invalid properties + # Any of these properties will be ignored. These otherwise valid properties are not allowed + # to be used in this section since they impact deploying Redpanda in Kubernetes. + # Make use of the above sections to modify these values instead (see comments below). + # admin: 127.0.0.1:9644 # Address and port of admin server + # admin_api_tls: validate_many # TLS configuration for admin HTTP server + # advertised_kafka_api: None # Address of Kafka API published to the clients + # advertised_pandaproxy_api: None # Rest API address and port to publish to client + # advertised_rpc_api: None # Address of RPC endpoint published to other cluster members + # cloud_storage_access_key: None # AWS access key + # cloud_storage_api_endpoint: None # Optional API endpoint + # cloud_storage_api_endpoint_port: 443 # TLS port override + # cloud_storage_bucket: None # AWS bucket that should be used to store data + # cloud_storage_disable_tls: false # Disable TLS for all S3 connections + # cloud_storage_enabled: false # Enable archival storage + # cloud_storage_max_connections: 20 # Max number of simultaneous uploads to S3 + # cloud_storage_reconciliation_ms: 10s # Interval at which the archival service runs reconciliation (ms) + # cloud_storage_region: None # AWS region that houses the bucket used for storage + # cloud_storage_secret_key: None # AWS secret key + # cloud_storage_trust_file: None # Path to certificate that should be used to validate server certificate during TLS handshake + # default_topic_partitions: 1 # Default number of partitions per topic + # default_topic_replications: 3 # Default replication factor for new topics + # enable_admin_api Enable the admin API true + # enable_sasl Enable SASL authentication for Kafka connections false + # kafka_api Address and port of an interface to listen for Kafka API requests 127.0.0.1:9092 + # kafka_api_tls TLS configuration for Kafka API endpoint None + # pandaproxy_api Rest API listen address and port 0.0.0.0:8082 + # pandaproxy_api_tls TLS configuration for Pandaproxy api validate_many + # rpc_server IP address and port for RPC server 127.0.0.1:33145 + # rpc_server_tls TLS configuration for RPC server validate + # seed_servers List of the seed servers used to join current cluster; If the seed_server list is empty the node will be a cluster root and it will form a new cluster None + # superusers List of superuser usernames None diff --git a/index.yaml b/index.yaml index ab382dcef..6bd599d3d 100644 --- a/index.yaml +++ b/index.yaml @@ -5154,6 +5154,36 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.2.4 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.2.6 + created: "2022-10-18T02:35:45.447471-04:00" + description: Redpanda is the real-time engine for modern apps. + digest: 7eb6443806022f19295315669b105cf3077c107ff2afb49523b5c181ef02d915 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.2.0.tgz + version: 2.2.0 - annotations: artifacthub.io/images: | - name: redpanda