blob: fe3ca852a9d78dd70429426dd947d2ee51fa818d [file] [log] [blame]
# Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#################################################################
# Global configuration defaults.
#################################################################
global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
ingress:
virtualhost:
baseurl: &baseurl "simpledemo.onap.org"
preaddr: &preaddr ""
postaddr: &postaddr ""
#################################################################
# Application configuration defaults.
#################################################################
replicaCount: 3
affinity:
podAntiAffinity:
enabled: true
config:
kafkaVersion: 3.8.0
authType: simple
saslMechanism: &saslMech scram-sha-512
kafkaInternalPort: &plainPort 9092
strimziKafkaAdminUser: &adminUser strimzi-kafka-admin
advertisedHost: kafka-api.simpledemo.onap.org
advertizedPortBroker0: &advertizedPortBroker0 9000
advertizedPortBroker1: &advertizedPortBroker1 9001
advertizedPortBroker2: &advertizedPortBroker2 9002
autoCreateTopics: true
persistence:
enabled: &pvenabled true
mountPath: /dockerdata-nfs
kafka:
enabled: *pvenabled
# default values of 2Gi for dev env.
# Production values should be dimensioned according to requirements. ie >= 10Gi
size: 2Gi
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
mountSubPath: strimzi-kafka/kafka
zookeeper:
enabled: *pvenabled
size: 1Gi
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
mountSubPath: strimzi-kafka/zk
#Pods Service Account
serviceAccount:
nameOverride: strimzi-kafka
roles:
- read
ingress:
enabled: false
service:
- baseaddr: "kafka-bootstrap-api"
name: "onap-strimzi-kafka-external-bootstrap"
port: 9094
protocol: tcp
exposedPort: 9010
exposedProtocol: TLS
- baseaddr: "kafka-api"
tcpRoutes:
- name: "onap-strimzi-kafka-0"
port: 9094
exposedPort: *advertizedPortBroker0
exposedProtocol: TLS
- name: "onap-strimzi-kafka-1"
port: 9094
exposedPort: *advertizedPortBroker1
exposedProtocol: TLS
- name: "onap-strimzi-kafka-2"
port: 9094
exposedPort: *advertizedPortBroker2
exposedProtocol: TLS
# Kafka Exporter for metrics
metrics:
enabled: false
kafkaExporter:
enabled: false
metricsConfig:
type: jmxPrometheusExporter
topicRegex: ".*"
groupRegex: ".*"
resources:
requests:
cpu: "2"
memory: "600Mi"
limits:
cpu: "5"
memory: "1.5Gi"
logging: debug
enableSaramaLogging: true
readinessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
livenessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
podMonitor:
# Prometheus pre requisite. Currently an optional addon in the OOM docs
enabled: false
# default port for strimzi metrics
port: "tcp-prometheus"
# podMonitor labels for prometheus to pick up the podMonitor
# dummy value
labels:
release: dummy
relabelings: []
metricRelabelings: []
cruiseControl:
## Cruise Control provides a Kafka metrics reporter implementation
## once installed into the Kafka brokers, filters and records a wide range of metrics provided by the brokers themselves.
## pre requisite is having 2 or more broker nodes
enabled: false
metricsConfig:
type: jmxPrometheusExporter
## Custom resource for Kafka that can rebalance your cluster
# ref. https://strimzi.io/blog/2020/06/15/cruise-control/
kafkaRebalance:
enabled: false
template:
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
cruiseControlContainer:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
- CAP_NET_RAW
resources:
limits:
cpu: '2'
memory: 2Gi
requests:
cpu: 100m
memory: 1Gi
######################
# Component overrides
######################
strimzi-kafka-bridge:
enabled: true
config:
saslMechanism: *saslMech
kafkaInternalPort: *plainPort
strimziKafkaAdminUser: *adminUser
kafka:
template:
pod:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
kafkaContainer:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
#runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
- CAP_NET_RAW
resources:
limits:
cpu: '2'
memory: 2Gi
requests:
cpu: 100m
memory: 1Gi
zookeeper:
template:
pod:
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
zookeeperContainer:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
#runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
- CAP_NET_RAW
resources:
limits:
cpu: '2'
memory: 2Gi
requests:
cpu: 100m
memory: 1Gi
entityOperator:
template:
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
topicOperatorContainer:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
- CAP_NET_RAW
userOperatorContainer:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
- CAP_NET_RAW
topicOperator:
resources:
limits:
cpu: '2'
memory: 2Gi
requests:
cpu: 100m
memory: 1Gi
userOperator:
resources:
limits:
cpu: '2'
memory: 2Gi
requests:
cpu: 100m
memory: 1Gi
kafkaExporter:
template:
pod:
securityContext:
seccompProfile:
type: RuntimeDefault
container:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
- CAP_NET_RAW