Merge "[CONSUL] Add limits to consul chart."

[oom.git] / kubernetes / dmaap / components / message-router / charts / message-router-kafka / templates / statefulset.yaml
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml

index 30e4c77..e08c78a 100644 (file)
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+{{/*
  # Modifications Copyright © 2018 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,8 +12,9 @@
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
+*/}}
  
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    name: {{ include "common.fullname" . }}
@@ -24,6 +25,9 @@ metadata:
      release: {{ include "common.release" . }}
      heritage: {{ .Release.Service }}
  spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.name" . }}
    serviceName: {{ .Values.service.name }}
    replicas: {{ .Values.replicaCount }}
    podManagementPolicy: Parallel
@@ -32,32 +36,24 @@ spec:
        labels:
          app:  {{ include "common.name" . }}
          release: {{ include "common.release" . }}
+      {{- if .Values.prometheus.jmx.enabled }}
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+      {{- end }}
      spec:
-      podAntiAffinity:
-         {{if eq .Values.podAntiAffinityType "hard" -}}
-         requiredDuringSchedulingIgnoredDuringExecution:
-         {{- else -}}
-         preferredDuringSchedulingIgnoredDuringExecution:
-         {{- end}}
-         - weight: 1
-           podAffinityTerm:
-             labelSelector:
-                matchExpressions:
-                  - key: "app"
-                    operator: In
-                    values:
-                    - {{ include "common.name" . }}
-             topologyKey: "kubernetes.io/hostname"
        {{- if .Values.nodeAffinity }}
        nodeAffinity:
-        {{ toYaml .Values.nodeAffinity | indent 10 }}
+      {{ toYaml .Values.nodeAffinity | indent 10 }}
        {{- end }}
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
        initContainers:
        - name: {{ include "common.name" . }}-initcontainer
          image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        - command:
-        - /root/ready.py
+        - /app/ready.py
          args:
          - --container-name
          - {{ .Values.zookeeper.name }}
@@ -67,30 +63,66 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-readiness
        - command:
          -  sh
          - -exec
          - |
-          chown -R 1000:1000 /opt/kafka/data;
-          cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/;
-          chown 1000:1000 /opt/kafka/config/server.properties;
-          cd /opt/kafka/config;
-          ls;
+          rm -rf '/var/lib/kafka/data/lost+found';
+          chown -R 1000:0 /var/lib/kafka/data;
          image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          volumeMounts:
-        - mountPath: /opt/kafka/data
+        - mountPath: /var/lib/kafka/data
            name: kafka-data
-        - mountPath: /opt/kafka/tmpconfig/server.properties
-          subPath: server.properties
-          name: server
-        - mountPath: /opt/kafka/config
-          name: config-data
          name: {{ include "common.name" . }}-permission-fixer
+      - command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input  && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
+        env:
+        - name: ZK_ADMIN
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+        - name: ZK_PSWD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+        - name: KAFKA_ADMIN
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+        - name: KAFKA_PSWD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+        volumeMounts:
+        - mountPath: /etc/kafka/secrets/jaas
+          name: jaas-config
+        - mountPath: /config-input
+          name: jaas
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
        containers:
+      {{- if .Values.prometheus.jmx.enabled }}
+      - name: prometheus-jmx-exporter
+        image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - java
+        - -XX:+UnlockExperimentalVMOptions
+        - -XX:+UseCGroupMemoryLimitForHeap
+        - -XX:MaxRAMFraction=1
+        - -XshowSettings:vm
+        - -jar
+        - jmx_prometheus_httpserver.jar
+        - {{ .Values.prometheus.jmx.port | quote }}
+        - /etc/jmx-kafka/jmx-kafka-prometheus.yml
+        ports:
+        - containerPort: {{ .Values.prometheus.jmx.port }}
+        resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+        volumeMounts:
+        - name: jmx-config
+          mountPath: /etc/jmx-kafka
+      {{- end }}
        - name: {{ include "common.name" .  }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -99,14 +131,21 @@ spec:
          - -exc
          - |
            export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
-          export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \
+          {{- if  .Values.global.aafEnabled }}
            export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
-          exec start-kafka.sh
+          {{ else }}
+          export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+          {{- end }}
+          exec /etc/confluent/docker/run
          resources:
  {{ include "common.resources" . | indent 12 }}
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          - containerPort: {{ .Values.service.externalPort }}
+        {{- if .Values.prometheus.jmx.enabled }}
+        - containerPort: {{ .Values.jmx.port }}
+          name: jmx
+        {{- end }}
         {{ if eq .Values.liveness.enabled true }}
          livenessProbe:
            tcpSocket:
@@ -127,28 +166,63 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: status.hostIP
+        - name: KAFKA_ZOOKEEPER_CONNECT
+          value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+        - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
+          value: "{{ .Values.kafka.enableSupport }}"
+        - name: KAFKA_OPTS
+          value: "{{ .Values.kafka.jaasOptions }}"
+        {{- if  .Values.global.aafEnabled }}
+        - name: KAFKA_OPTS
+          value: "{{ .Values.kafka.jaasOptionsAaf }}"
          - name: aaf_locate_url
            value: https://aaf-locate.{{ include "common.namespace" . }}:8095
-
+        - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+          value: "{{ .Values.kafka.protocolMapAaf }}"
+        - name: KAFKA_LISTENERS
+          value: "{{ .Values.kafka.listenersAaf }}"
+        - name: KAFKA_SASL_ENABLED_MECHANISMS
+          value: "{{ .Values.kafka.saslMech }}"
+        - name: KAFKA_INTER_BROKER_LISTENER_NAME
+          value: "{{ .Values.kafka.interBrokerListernerAaf }}"
+        - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
+          value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
+        - name: KAFKA_AUTHORIZER_CLASS_NAME
+          value: "{{ .Values.kafka.authorizer }}"
+        {{ else }}
+        - name: KAFKA_OPTS
+          value: "{{ .Values.kafka.jaasOptions }}"
+        - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+          value: "{{ .Values.kafka.protocolMap }}"
+        - name: KAFKA_LISTENERS
+          value: "{{ .Values.kafka.listeners }}"
+        - name: KAFKA_INTER_BROKER_LISTENER_NAME
+          value: "{{ .Values.kafka.interBrokerListerner }}"
+        {{- end }}
+        {{- range $key, $value := .Values.configurationOverrides }}
+        - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
+          value: {{ $value | quote }}
+        {{- end }}
+        {{- if .Values.jmx.port }}
+        - name: KAFKA_JMX_PORT
+          value: "{{ .Values.jmx.port }}"
+        {{- end }}
+        - name: enableCadi
+          value: "{{ .Values.global.aafEnabled }}"
          volumeMounts:
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          - mountPath: /var/run/docker.sock
            name: docker-socket
-        - mountPath: /opt/kafka/tmpconfig/server.properties
-          subPath: server.properties
-          name: server
-        - mountPath: /opt/kafka/config/server.properties
-          subPath: server.properties
-          name: config-data
-        - mountPath: /opt/kafka/config/log4j.properties
-          subPath: log4j.properties
-          name: log4j
-        - mountPath: /opt/kafka/config/cadi.properties
+        {{- if .Values.global.aafEnabled }}
+        - mountPath: /etc/kafka/data/cadi.properties
            subPath: cadi.properties
            name: cadi
-        - mountPath: /opt/kafka/data
+        {{ end  }}
+        - name: jaas-config
+          mountPath: /etc/kafka/secrets/jaas
+        - mountPath: /var/lib/kafka/data
            name: kafka-data
        {{- if .Values.tolerations }}
        tolerations:
@@ -158,20 +232,25 @@ spec:
        - name: localtime
          hostPath:
            path: /etc/localtime
-      - name: config-data
-        emptyDir: {}
+      - name: jaas-config
+        emptyDir:
+          medium: Memory
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock
-      - name: server
-        configMap:
-          name: {{ include "common.fullname" . }}-server-prop-configmap
-      - name: log4j
-        configMap:
-          name: {{ include "common.fullname" . }}-log4j-prop-configmap
+      {{- if .Values.global.aafEnabled }}
        - name: cadi
          configMap:
            name: {{ include "common.fullname" . }}-cadi-prop-configmap
+      {{ end }}
+      - name: jaas
+        configMap:
+          name: {{ include "common.fullname" . }}-jaas-configmap
+       {{- if .Values.prometheus.jmx.enabled }}
+      - name: jmx-config
+        configMap:
+          name: {{ include "common.fullname" . }}-prometheus-configmap
+       {{- end }}
  {{ if not .Values.persistence.enabled }}
        - name: kafka-data
          emptyDir: {}
@@ -192,5 +271,3 @@ spec:
            requests:
              storage: {{ .Values.persistence.size | quote }}
  {{ end }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"