Jakub Latusek | 67f4e8d | 2020-10-21 13:36:29 +0200 | [diff] [blame] | 1 | {{/* |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 2 | # Copyright © 2017 Amdocs, Bell Canada |
Durgpal | 7ad4069 | 2018-08-03 07:28:36 +0000 | [diff] [blame] | 3 | # Modifications Copyright © 2018 AT&T |
efiacor | fe8f8c9 | 2022-03-15 15:36:48 +0000 | [diff] [blame] | 4 | # Modifications Copyright © 2021-2022 Nordix Foundation |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 5 | # |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 7 | # you may not use this file except in compliance with the License. |
| 8 | # You may obtain a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
Jakub Latusek | 67f4e8d | 2020-10-21 13:36:29 +0200 | [diff] [blame] | 17 | */}} |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 18 | |
| 19 | apiVersion: apps/v1 |
sunil unnava | b96a391 | 2018-12-06 09:50:39 -0500 | [diff] [blame] | 20 | kind: StatefulSet |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 21 | metadata: {{- include "common.resourceMetadata" . | nindent 2 }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 22 | spec: |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 23 | selector: {{- include "common.selectors" . | nindent 4 }} |
| 24 | serviceName: {{ include "common.servicename" . }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 25 | replicas: {{ .Values.replicaCount }} |
| 26 | template: |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 27 | metadata: {{- include "common.templateMetadata" . | nindent 6 }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 28 | spec: |
| 29 | initContainers: |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 30 | {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} |
| 31 | {{- if .Values.global.aafEnabled }} |
| 32 | - name: {{ include "common.name" . }}-update-config |
| 33 | command: |
| 34 | - sh |
| 35 | args: |
| 36 | - -c |
| 37 | - | |
| 38 | export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0); |
| 39 | cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done |
| 40 | volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} |
| 41 | - mountPath: /config |
| 42 | name: jetty |
| 43 | - mountPath: /config-input |
| 44 | name: etc |
| 45 | image: {{ include "repositoryGenerator.image.envsubst" . }} |
| 46 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| 47 | {{- end }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 48 | containers: |
su622b | a386565 | 2020-03-25 17:26:51 -0400 | [diff] [blame] | 49 | {{- if .Values.prometheus.jmx.enabled }} |
| 50 | - name: prometheus-jmx-exporter |
Sylvain Desbureaux | 6b09654 | 2020-11-21 22:51:24 +0100 | [diff] [blame] | 51 | image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} |
su622b | a386565 | 2020-03-25 17:26:51 -0400 | [diff] [blame] | 52 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
| 53 | command: |
| 54 | - java |
| 55 | - -XX:+UnlockExperimentalVMOptions |
| 56 | - -XX:+UseCGroupMemoryLimitForHeap |
| 57 | - -XX:MaxRAMFraction=1 |
| 58 | - -XshowSettings:vm |
| 59 | - -jar |
| 60 | - jmx_prometheus_httpserver.jar |
| 61 | - {{ .Values.prometheus.jmx.port | quote }} |
| 62 | - /etc/jmx-kafka/jmx-mrservice-prometheus.yml |
| 63 | ports: |
| 64 | - containerPort: {{ .Values.prometheus.jmx.port }} |
| 65 | resources: |
| 66 | volumeMounts: |
| 67 | - name: jmx-config |
| 68 | mountPath: /etc/jmx-kafka |
| 69 | {{- end }} |
efiacor | fe8f8c9 | 2022-03-15 15:36:48 +0000 | [diff] [blame] | 70 | - name: srimzi-zk-entrance |
| 71 | image: 'docker.io/scholzj/zoo-entrance:latest' |
| 72 | command: |
| 73 | - /opt/stunnel/stunnel_run.sh |
| 74 | ports: |
| 75 | - containerPort: {{ .Values.global.zkTunnelService.internalPort }} |
| 76 | name: zoo |
| 77 | protocol: TCP |
| 78 | env: |
| 79 | - name: LOG_LEVEL |
| 80 | value: debug |
| 81 | - name: STRIMZI_ZOOKEEPER_CONNECT |
| 82 | value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}' |
| 83 | imagePullPolicy: Always |
| 84 | livenessProbe: |
| 85 | exec: |
| 86 | command: |
| 87 | - /opt/stunnel/stunnel_healthcheck.sh |
| 88 | - '{{ .Values.global.zkTunnelService.internalPort }}' |
| 89 | failureThreshold: 3 |
| 90 | initialDelaySeconds: 15 |
| 91 | periodSeconds: 10 |
| 92 | successThreshold: 1 |
| 93 | timeoutSeconds: 5 |
| 94 | readinessProbe: |
| 95 | exec: |
| 96 | command: |
| 97 | - /opt/stunnel/stunnel_healthcheck.sh |
| 98 | - '{{ .Values.global.zkTunnelService.internalPort }}' |
| 99 | failureThreshold: 3 |
| 100 | initialDelaySeconds: 15 |
| 101 | periodSeconds: 10 |
| 102 | successThreshold: 1 |
| 103 | timeoutSeconds: 5 |
| 104 | volumeMounts: |
| 105 | - mountPath: /etc/cluster-operator-certs/ |
| 106 | name: cluster-operator-certs |
| 107 | - mountPath: /etc/cluster-ca-certs/ |
| 108 | name: cluster-ca-certs |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 109 | - name: {{ include "common.name" . }} |
Sylvain Desbureaux | 6b09654 | 2020-11-21 22:51:24 +0100 | [diff] [blame] | 110 | image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 111 | imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 112 | {{- if .Values.global.aafEnabled }} |
| 113 | command: |
| 114 | - sh |
| 115 | args: |
| 116 | - -c |
| 117 | - | |
| 118 | cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/ |
| 119 | cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties |
| 120 | /bin/sh /appl/startup.sh |
| 121 | {{- end }} |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 122 | ports: {{ include "common.containerPorts" . | nindent 10 }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 123 | {{- if eq .Values.liveness.enabled true }} |
| 124 | livenessProbe: |
| 125 | tcpSocket: |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 126 | port: {{ .Values.liveness.port }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 127 | initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} |
| 128 | periodSeconds: {{ .Values.liveness.periodSeconds }} |
su622b | 8b763cd | 2019-10-14 15:37:37 -0400 | [diff] [blame] | 129 | timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} |
Sylvain Desbureaux | 8fade99 | 2021-12-06 11:33:11 +0100 | [diff] [blame] | 130 | successThreshold: {{ .Values.liveness.successThreshold }} |
| 131 | failureThreshold: {{ .Values.liveness.failureThreshold }} |
| 132 | {{ end }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 133 | readinessProbe: |
| 134 | tcpSocket: |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 135 | port: {{ .Values.readiness.port }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 136 | initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} |
| 137 | periodSeconds: {{ .Values.readiness.periodSeconds }} |
su622b | 8b763cd | 2019-10-14 15:37:37 -0400 | [diff] [blame] | 138 | timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} |
Sylvain Desbureaux | 8fade99 | 2021-12-06 11:33:11 +0100 | [diff] [blame] | 139 | successThreshold: {{ .Values.readiness.successThreshold }} |
| 140 | failureThreshold: {{ .Values.readiness.failureThreshold }} |
| 141 | startupProbe: |
| 142 | tcpSocket: |
| 143 | port: {{ .Values.startup.port }} |
| 144 | initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} |
| 145 | periodSeconds: {{ .Values.startup.periodSeconds }} |
| 146 | timeoutSeconds: {{ .Values.startup.timeoutSeconds }} |
| 147 | successThreshold: {{ .Values.startup.successThreshold }} |
| 148 | failureThreshold: {{ .Values.startup.failureThreshold }} |
sunil unnava | 49aa92d | 2018-10-17 16:25:50 -0400 | [diff] [blame] | 149 | env: |
efiacor | fe8f8c9 | 2022-03-15 15:36:48 +0000 | [diff] [blame] | 150 | - name: JAASLOGIN |
| 151 | {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }} |
| 152 | - name: SASLMECH |
| 153 | value: {{ .Values.global.saslMechanism }} |
sunil unnava | 49aa92d | 2018-10-17 16:25:50 -0400 | [diff] [blame] | 154 | - name: enableCadi |
efiacor | e62958b | 2019-09-27 16:54:36 +0100 | [diff] [blame] | 155 | value: "{{ .Values.global.aafEnabled }}" |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 156 | volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 157 | - mountPath: /etc/localtime |
| 158 | name: localtime |
| 159 | readOnly: true |
| 160 | - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties |
| 161 | subPath: MsgRtrApi.properties |
| 162 | name: appprops |
su622b | fdce659 | 2019-08-08 00:28:29 -0400 | [diff] [blame] | 163 | - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml |
| 164 | subPath: logback.xml |
| 165 | name: logback |
Sylvain Desbureaux | f596a2d | 2021-06-30 15:14:32 +0200 | [diff] [blame] | 166 | {{- if .Values.global.aafEnabled }} |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 167 | - mountPath: /appl/dmaapMR1/etc/runner-web.xml |
| 168 | subPath: runner-web.xml |
| 169 | name: etc |
| 170 | - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties |
| 171 | subPath: sys-props.properties |
| 172 | name: sys-props |
| 173 | - mountPath: /jetty-config |
| 174 | name: jetty |
Sylvain Desbureaux | f596a2d | 2021-06-30 15:14:32 +0200 | [diff] [blame] | 175 | {{- end }} |
Sylvain Desbureaux | be72888 | 2020-03-06 08:58:23 +0100 | [diff] [blame] | 176 | resources: {{ include "common.resources" . | nindent 12 }} |
farida azmy | 13388ba | 2021-03-17 11:33:28 +0200 | [diff] [blame] | 177 | serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 178 | volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 179 | - name: localtime |
| 180 | hostPath: |
| 181 | path: /etc/localtime |
| 182 | - name: appprops |
| 183 | configMap: |
| 184 | name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 185 | - name: etc |
| 186 | configMap: |
| 187 | name: {{ include "common.fullname" . }}-etc |
su622b | fdce659 | 2019-08-08 00:28:29 -0400 | [diff] [blame] | 188 | - name: logback |
| 189 | configMap: |
| 190 | name: {{ include "common.fullname" . }}-logback-xml-configmap |
su622b | a386565 | 2020-03-25 17:26:51 -0400 | [diff] [blame] | 191 | {{- if .Values.prometheus.jmx.enabled }} |
| 192 | - name: jmx-config |
| 193 | configMap: |
| 194 | name: {{ include "common.fullname" . }}-prometheus-configmap |
| 195 | {{- end }} |
Sylvain Desbureaux | e5b6ffc | 2021-02-10 12:11:53 +0100 | [diff] [blame] | 196 | - name: sys-props |
| 197 | configMap: |
| 198 | name: {{ include "common.fullname" . }}-sys-props |
| 199 | - name: jetty |
| 200 | emptyDir: {} |
efiacor | fe8f8c9 | 2022-03-15 15:36:48 +0000 | [diff] [blame] | 201 | - name: cluster-operator-certs |
| 202 | secret: |
| 203 | defaultMode: 288 |
| 204 | secretName: {{ include "common.release" . }}-strimzi-cluster-operator-certs |
| 205 | - name: cluster-ca-certs |
| 206 | secret: |
| 207 | defaultMode: 288 |
| 208 | secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert |
pramod | ad6382f | 2018-03-28 22:32:00 +0000 | [diff] [blame] | 209 | imagePullSecrets: |
| 210 | - name: "{{ include "common.namespace" . }}-docker-registry-key" |
efiacor | fe8f8c9 | 2022-03-15 15:36:48 +0000 | [diff] [blame] | 211 | --- |
| 212 | apiVersion: networking.k8s.io/v1 |
| 213 | kind: NetworkPolicy |
| 214 | metadata: |
| 215 | name: {{ include "common.fullname" . }}-zk-network-policy |
| 216 | namespace: {{ include "common.namespace" . }} |
| 217 | spec: |
| 218 | podSelector: |
| 219 | matchLabels: |
| 220 | strimzi.io/name: {{ include "common.release" . }}-strimzi-zookeeper |
| 221 | ingress: |
| 222 | - from: |
| 223 | - podSelector: |
| 224 | matchLabels: |
| 225 | app.kubernetes.io/name: {{ include "common.name" . }} |
| 226 | ports: |
| 227 | - port: {{ .Values.global.zkTunnelService.internalPort }} |
| 228 | protocol: TCP |
| 229 | policyTypes: |
| 230 | - Ingress |