blob: 0fba655a69489bd77dc7f422245ae131c64a7d3d [file] [log] [blame]
Jakub Latusek67f4e8d2020-10-21 13:36:29 +02001{{/*
pramodad6382f2018-03-28 22:32:00 +00002# Copyright © 2017 Amdocs, Bell Canada
Durgpal7ad40692018-08-03 07:28:36 +00003# Modifications Copyright © 2018 AT&T
efiacorfe8f8c92022-03-15 15:36:48 +00004# Modifications Copyright © 2021-2022 Nordix Foundation
pramodad6382f2018-03-28 22:32:00 +00005#
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
Jakub Latusek67f4e8d2020-10-21 13:36:29 +020017*/}}
Sylvain Desbureauxbe728882020-03-06 08:58:23 +010018
19apiVersion: apps/v1
sunil unnavab96a3912018-12-06 09:50:39 -050020kind: StatefulSet
Sylvain Desbureauxbe728882020-03-06 08:58:23 +010021metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
pramodad6382f2018-03-28 22:32:00 +000022spec:
Sylvain Desbureauxbe728882020-03-06 08:58:23 +010023 selector: {{- include "common.selectors" . | nindent 4 }}
24 serviceName: {{ include "common.servicename" . }}
pramodad6382f2018-03-28 22:32:00 +000025 replicas: {{ .Values.replicaCount }}
26 template:
Sylvain Desbureauxbe728882020-03-06 08:58:23 +010027 metadata: {{- include "common.templateMetadata" . | nindent 6 }}
pramodad6382f2018-03-28 22:32:00 +000028 spec:
29 initContainers:
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +010030 {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
31 {{- if .Values.global.aafEnabled }}
32 - name: {{ include "common.name" . }}-update-config
33 command:
34 - sh
35 args:
36 - -c
37 - |
38 export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
39 cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
40 volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
41 - mountPath: /config
42 name: jetty
43 - mountPath: /config-input
44 name: etc
45 image: {{ include "repositoryGenerator.image.envsubst" . }}
46 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
47 {{- end }}
pramodad6382f2018-03-28 22:32:00 +000048 containers:
su622ba3865652020-03-25 17:26:51 -040049 {{- if .Values.prometheus.jmx.enabled }}
50 - name: prometheus-jmx-exporter
Sylvain Desbureaux6b096542020-11-21 22:51:24 +010051 image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
su622ba3865652020-03-25 17:26:51 -040052 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
53 command:
54 - java
55 - -XX:+UnlockExperimentalVMOptions
56 - -XX:+UseCGroupMemoryLimitForHeap
57 - -XX:MaxRAMFraction=1
58 - -XshowSettings:vm
59 - -jar
60 - jmx_prometheus_httpserver.jar
61 - {{ .Values.prometheus.jmx.port | quote }}
62 - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
63 ports:
64 - containerPort: {{ .Values.prometheus.jmx.port }}
65 resources:
66 volumeMounts:
67 - name: jmx-config
68 mountPath: /etc/jmx-kafka
69 {{- end }}
efiacorfe8f8c92022-03-15 15:36:48 +000070 - name: srimzi-zk-entrance
Andreas Geisslere7d56872022-06-22 11:23:11 +020071 image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }}
efiacorb66260d2022-09-26 10:28:43 +010072 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
efiacorfe8f8c92022-03-15 15:36:48 +000073 command:
74 - /opt/stunnel/stunnel_run.sh
75 ports:
76 - containerPort: {{ .Values.global.zkTunnelService.internalPort }}
77 name: zoo
78 protocol: TCP
79 env:
80 - name: LOG_LEVEL
81 value: debug
82 - name: STRIMZI_ZOOKEEPER_CONNECT
83 value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
efiacorfe8f8c92022-03-15 15:36:48 +000084 livenessProbe:
85 exec:
86 command:
87 - /opt/stunnel/stunnel_healthcheck.sh
88 - '{{ .Values.global.zkTunnelService.internalPort }}'
89 failureThreshold: 3
90 initialDelaySeconds: 15
91 periodSeconds: 10
92 successThreshold: 1
93 timeoutSeconds: 5
94 readinessProbe:
95 exec:
96 command:
97 - /opt/stunnel/stunnel_healthcheck.sh
98 - '{{ .Values.global.zkTunnelService.internalPort }}'
99 failureThreshold: 3
100 initialDelaySeconds: 15
101 periodSeconds: 10
102 successThreshold: 1
103 timeoutSeconds: 5
104 volumeMounts:
105 - mountPath: /etc/cluster-operator-certs/
106 name: cluster-operator-certs
107 - mountPath: /etc/cluster-ca-certs/
108 name: cluster-ca-certs
pramodad6382f2018-03-28 22:32:00 +0000109 - name: {{ include "common.name" . }}
Sylvain Desbureaux6b096542020-11-21 22:51:24 +0100110 image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
pramodad6382f2018-03-28 22:32:00 +0000111 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +0100112 {{- if .Values.global.aafEnabled }}
113 command:
114 - sh
115 args:
116 - -c
117 - |
118 cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
119 cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
120 /bin/sh /appl/startup.sh
121 {{- end }}
Sylvain Desbureauxbe728882020-03-06 08:58:23 +0100122 ports: {{ include "common.containerPorts" . | nindent 10 }}
pramodad6382f2018-03-28 22:32:00 +0000123 {{- if eq .Values.liveness.enabled true }}
124 livenessProbe:
125 tcpSocket:
Sylvain Desbureauxbe728882020-03-06 08:58:23 +0100126 port: {{ .Values.liveness.port }}
pramodad6382f2018-03-28 22:32:00 +0000127 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
128 periodSeconds: {{ .Values.liveness.periodSeconds }}
su622b8b763cd2019-10-14 15:37:37 -0400129 timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
Sylvain Desbureaux8fade992021-12-06 11:33:11 +0100130 successThreshold: {{ .Values.liveness.successThreshold }}
131 failureThreshold: {{ .Values.liveness.failureThreshold }}
132 {{ end }}
pramodad6382f2018-03-28 22:32:00 +0000133 readinessProbe:
134 tcpSocket:
Sylvain Desbureauxbe728882020-03-06 08:58:23 +0100135 port: {{ .Values.readiness.port }}
pramodad6382f2018-03-28 22:32:00 +0000136 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
137 periodSeconds: {{ .Values.readiness.periodSeconds }}
su622b8b763cd2019-10-14 15:37:37 -0400138 timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
Sylvain Desbureaux8fade992021-12-06 11:33:11 +0100139 successThreshold: {{ .Values.readiness.successThreshold }}
140 failureThreshold: {{ .Values.readiness.failureThreshold }}
141 startupProbe:
142 tcpSocket:
143 port: {{ .Values.startup.port }}
144 initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
145 periodSeconds: {{ .Values.startup.periodSeconds }}
146 timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
147 successThreshold: {{ .Values.startup.successThreshold }}
148 failureThreshold: {{ .Values.startup.failureThreshold }}
sunil unnava49aa92d2018-10-17 16:25:50 -0400149 env:
efiacorfe8f8c92022-03-15 15:36:48 +0000150 - name: JAASLOGIN
151 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
152 - name: SASLMECH
153 value: {{ .Values.global.saslMechanism }}
sunil unnava49aa92d2018-10-17 16:25:50 -0400154 - name: enableCadi
efiacore62958b2019-09-27 16:54:36 +0100155 value: "{{ .Values.global.aafEnabled }}"
efiacorb66260d2022-09-26 10:28:43 +0100156 - name: useZkTopicStore
157 value: "false"
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +0100158 volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
pramodad6382f2018-03-28 22:32:00 +0000159 - mountPath: /etc/localtime
160 name: localtime
161 readOnly: true
162 - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
163 subPath: MsgRtrApi.properties
164 name: appprops
su622bfdce6592019-08-08 00:28:29 -0400165 - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
166 subPath: logback.xml
167 name: logback
Sylvain Desbureauxf596a2d2021-06-30 15:14:32 +0200168 {{- if .Values.global.aafEnabled }}
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +0100169 - mountPath: /appl/dmaapMR1/etc/runner-web.xml
170 subPath: runner-web.xml
171 name: etc
172 - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
173 subPath: sys-props.properties
174 name: sys-props
175 - mountPath: /jetty-config
176 name: jetty
Sylvain Desbureauxf596a2d2021-06-30 15:14:32 +0200177 {{- end }}
Sylvain Desbureauxbe728882020-03-06 08:58:23 +0100178 resources: {{ include "common.resources" . | nindent 12 }}
farida azmy13388ba2021-03-17 11:33:28 +0200179 serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +0100180 volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
pramodad6382f2018-03-28 22:32:00 +0000181 - name: localtime
182 hostPath:
183 path: /etc/localtime
184 - name: appprops
185 configMap:
186 name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +0100187 - name: etc
188 configMap:
189 name: {{ include "common.fullname" . }}-etc
su622bfdce6592019-08-08 00:28:29 -0400190 - name: logback
191 configMap:
192 name: {{ include "common.fullname" . }}-logback-xml-configmap
su622ba3865652020-03-25 17:26:51 -0400193 {{- if .Values.prometheus.jmx.enabled }}
194 - name: jmx-config
195 configMap:
196 name: {{ include "common.fullname" . }}-prometheus-configmap
197 {{- end }}
Sylvain Desbureauxe5b6ffc2021-02-10 12:11:53 +0100198 - name: sys-props
199 configMap:
200 name: {{ include "common.fullname" . }}-sys-props
201 - name: jetty
202 emptyDir: {}
efiacorfe8f8c92022-03-15 15:36:48 +0000203 - name: cluster-operator-certs
204 secret:
205 defaultMode: 288
206 secretName: {{ include "common.release" . }}-strimzi-cluster-operator-certs
207 - name: cluster-ca-certs
208 secret:
209 defaultMode: 288
210 secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert
pramodad6382f2018-03-28 22:32:00 +0000211 imagePullSecrets:
212 - name: "{{ include "common.namespace" . }}-docker-registry-key"
efiacorfe8f8c92022-03-15 15:36:48 +0000213---
214apiVersion: networking.k8s.io/v1
215kind: NetworkPolicy
216metadata:
217 name: {{ include "common.fullname" . }}-zk-network-policy
218 namespace: {{ include "common.namespace" . }}
219spec:
220 podSelector:
221 matchLabels:
222 strimzi.io/name: {{ include "common.release" . }}-strimzi-zookeeper
223 ingress:
224 - from:
225 - podSelector:
226 matchLabels:
227 app.kubernetes.io/name: {{ include "common.name" . }}
228 ports:
229 - port: {{ .Values.global.zkTunnelService.internalPort }}
230 protocol: TCP
231 policyTypes:
Andreas Geisslere7d56872022-06-22 11:23:11 +0200232 - Ingress