From b2ac4e8a19be1a7a7144f0e0d5b2753bdae48523 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Thu, 22 May 2025 13:35:39 +0200 Subject: [PATCH] [STRIMZI] Upgrade to "Kraft" based Kafka - Update to new "KRaft" based Kafka deployment and replace Zookeeper - Preparation for new Strimzi version 0.46.0 Issue-ID: OOM-3344 Change-Id: I13c8a23f61ba05eaf1fc7323670db6d659f5e6cb Signed-off-by: Andreas Geissler --- kubernetes/onap/Chart.yaml | 2 +- kubernetes/strimzi/Chart.yaml | 3 +- .../templates/{pv-zk.yaml => pv-controller.yaml} | 3 +- kubernetes/strimzi/templates/pv-kafka.yaml | 3 +- kubernetes/strimzi/templates/strimzi-kafka.yaml | 188 +++++++++++---------- kubernetes/strimzi/values.yaml | 21 ++- 6 files changed, 123 insertions(+), 97 deletions(-) rename kubernetes/strimzi/templates/{pv-zk.yaml => pv-controller.yaml} (77%) diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 93dbfa4ec5..ab4daa9a46 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -92,7 +92,7 @@ dependencies: repository: '@local' condition: so.enabled - name: strimzi - version: ~13.x-0 + version: ~16.x-0 repository: '@local' condition: strimzi.enabled - name: uui diff --git a/kubernetes/strimzi/Chart.yaml b/kubernetes/strimzi/Chart.yaml index 180b42bff9..f0fb478254 100644 --- a/kubernetes/strimzi/Chart.yaml +++ b/kubernetes/strimzi/Chart.yaml @@ -1,4 +1,5 @@ # Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +16,7 @@ apiVersion: v2 description: ONAP Strimzi Kafka name: strimzi -version: 13.0.2 +version: 16.0.0 dependencies: - name: common diff --git a/kubernetes/strimzi/templates/pv-zk.yaml b/kubernetes/strimzi/templates/pv-controller.yaml similarity index 77% rename from kubernetes/strimzi/templates/pv-zk.yaml rename to kubernetes/strimzi/templates/pv-controller.yaml index 2c5a8e3678..9a1c849670 100644 --- a/kubernetes/strimzi/templates/pv-zk.yaml +++ b/kubernetes/strimzi/templates/pv-controller.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "controller" "persistenceInfos" .Values.persistence.controller) }} diff --git a/kubernetes/strimzi/templates/pv-kafka.yaml b/kubernetes/strimzi/templates/pv-kafka.yaml index efd4902562..5f22f79fb2 100644 --- a/kubernetes/strimzi/templates/pv-kafka.yaml +++ b/kubernetes/strimzi/templates/pv-kafka.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.broker) }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index 5f5fcd553a..630d6c8109 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,19 +15,112 @@ # limitations under the License. */}} apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaNodePool +metadata: + name: {{ include "common.fullname" . }}-controller + labels: + strimzi.io/cluster: {{ include "common.fullname" . }} +spec: + replicas: {{ .Values.replicaCount }} + roles: + - controller + resources: + limits: + cpu: {{ .Values.controller.resources.limits.cpu }} + memory: {{ .Values.controller.resources.limits.memory }} + requests: + cpu: {{ .Values.controller.resources.requests.cpu }} + memory: {{ .Values.controller.resources.requests.memory }} + template: + pod: + {{- include "common.imagePullSecrets" . | nindent 6 }} + securityContext: + {{- toYaml .Values.controller.template.pod.securityContext | nindent 8 }} + {{- if .Values.affinity.podAntiAffinity.enabled }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: strimzi.io/name + operator: In + values: + - {{ include "common.fullname" . }}-controller + topologyKey: "kubernetes.io/hostname" + {{- end }} + kafkaContainer: + securityContext: + {{- toYaml .Values.controller.template.kafkaContainer.securityContext | nindent 10 }} + storage: + type: jbod + volumes: + - id: 0 + type: persistent-claim + size: {{ .Values.persistence.controller.size }} + kraftMetadata: shared + deleteClaim: true + class: {{ include "common.storageClass" (dict "dot" . "suffix" "controller" "persistenceInfos" .Values.persistence.controller) }} +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaNodePool +metadata: + name: {{ include "common.fullname" . }}-broker + labels: + strimzi.io/cluster: {{ include "common.fullname" . }} +spec: + replicas: {{ .Values.replicaCount }} + roles: + - broker + resources: + limits: + cpu: {{ .Values.broker.resources.limits.cpu }} + memory: {{ .Values.broker.resources.limits.memory }} + requests: + cpu: {{ .Values.broker.resources.requests.cpu }} + memory: {{ .Values.broker.resources.requests.memory }} + template: + pod: + {{- include "common.imagePullSecrets" . | nindent 6 }} + securityContext: + {{- toYaml .Values.broker.template.pod.securityContext | nindent 8 }} + {{- if .Values.affinity.podAntiAffinity.enabled }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: strimzi.io/name + operator: In + values: + - {{ include "common.fullname" . }}-broker + topologyKey: "kubernetes.io/hostname" + {{- end }} + kafkaContainer: + securityContext: + {{- toYaml .Values.broker.template.kafkaContainer.securityContext | nindent 8 }} + storage: + type: jbod + volumes: + - id: 0 + type: persistent-claim + size: {{ .Values.persistence.broker.size }} + kraftMetadata: shared + deleteClaim: true + class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.broker) }} +--- +apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: + name: {{ include "common.fullname" . }} + annotations: + strimzi.io/node-pools: enabled + strimzi.io/kraft: enabled spec: kafka: version: {{ .Values.config.kafkaVersion }} - replicas: {{ .Values.replicaCount }} - resources: - limits: - cpu: {{ .Values.kafka.resources.limits.cpu }} - memory: {{ .Values.kafka.resources.limits.memory }} - requests: - cpu: {{ .Values.kafka.resources.requests.cpu }} - memory: {{ .Values.kafka.resources.requests.memory }} + {{- if .Values.config.kafkaMetadataVersion }} + metadataVersion: {{ .Values.config.kafkaMetadataVersion }} + {{- end }} listeners: - name: plain port: {{ .Values.config.kafkaInternalPort }} @@ -74,26 +168,6 @@ spec: type: {{ .Values.config.authType }} superUsers: - {{ .Values.config.strimziKafkaAdminUser }} - template: - pod: - {{- include "common.imagePullSecrets" . | nindent 8 }} - securityContext: - {{- toYaml .Values.kafka.template.pod.securityContext | nindent 10 }} - {{- if .Values.affinity.podAntiAffinity.enabled }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: strimzi.io/name - operator: In - values: - - {{ include "common.fullname" . }}-kafka - topologyKey: "kubernetes.io/hostname" - {{- end }} - kafkaContainer: - securityContext: - {{- toYaml .Values.kafka.template.kafkaContainer.securityContext | nindent 10 }} config: default.replication.factor: {{ .Values.replicaCount }} min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }} @@ -104,14 +178,6 @@ spec: log.message.format.version: {{ .Values.config.kafkaVersion }} inter.broker.protocol.version: {{ .Values.config.kafkaVersion }} auto.create.topics.enable: {{ .Values.config.autoCreateTopics }} - storage: - type: jbod - volumes: - - id: 0 - type: persistent-claim - size: {{ .Values.persistence.kafka.size }} - deleteClaim: true - class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }} {{- if .Values.metrics.kafkaExporter.enabled }} metricsConfig: type: {{ .Values.metrics.kafkaExporter.metricsConfig.type }} @@ -120,54 +186,6 @@ spec: name: {{ include "common.fullname" . }} key: kafka-metrics-config.yml {{- end }} - zookeeper: - template: - pod: - {{- include "common.imagePullSecrets" . | nindent 8 }} - securityContext: - {{- toYaml .Values.zookeeper.template.pod.securityContext | nindent 10 }} - {{- if .Values.affinity.podAntiAffinity.enabled }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: strimzi.io/name - operator: In - values: - - {{ include "common.fullname" . }}-zookeeper - topologyKey: "kubernetes.io/hostname" - {{- end }} - zookeeperContainer: - securityContext: - {{- toYaml .Values.zookeeper.template.zookeeperContainer.securityContext | nindent 10 }} - replicas: {{ .Values.replicaCount }} - config: - ssl.hostnameVerification: false - ssl.quorum.hostnameVerification: false - {{- if (include "common.onServiceMesh" .) }} - sslQuorum: false - {{- end }} - storage: - type: persistent-claim - size: {{ .Values.persistence.zookeeper.size }} - deleteClaim: true - class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }} - {{- if .Values.metrics.kafkaExporter.enabled }} - metricsConfig: - type: {{ .Values.metrics.kafkaExporter.metricsConfig.type }} - valueFrom: - configMapKeyRef: - name: {{ include "common.fullname" . }} - key: zookeeper-metrics-config.yml - resources: - limits: - cpu: {{ .Values.zookeeper.resources.limits.cpu }} - memory: {{ .Values.zookeeper.resources.limits.memory }} - requests: - cpu: {{ .Values.zookeeper.resources.requests.cpu }} - memory: {{ .Values.zookeeper.resources.requests.memory }} - {{- end }} entityOperator: template: pod: diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index fe3ca852a9..5f31fc12cc 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,7 +34,11 @@ affinity: podAntiAffinity: enabled: true config: - kafkaVersion: 3.8.0 + # strimzi-operator 0.45.0 supports <=3.9.0 + kafkaVersion: 3.9.0 + # strimzi-operator 0.46.0 supports <=4.0.0 + #kafkaVersion: 4.0.0 + #kafkaMetadataVersion: 4.0-IV3 authType: simple saslMechanism: &saslMech scram-sha-512 kafkaInternalPort: &plainPort 9092 @@ -47,7 +52,7 @@ config: persistence: enabled: &pvenabled true mountPath: /dockerdata-nfs - kafka: + broker: enabled: *pvenabled # default values of 2Gi for dev env. # Production values should be dimensioned according to requirements. ie >= 10Gi @@ -55,14 +60,14 @@ persistence: volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs - mountSubPath: strimzi-kafka/kafka - zookeeper: + mountSubPath: strimzi-kafka/broker + controller: enabled: *pvenabled size: 1Gi volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs - mountSubPath: strimzi-kafka/zk + mountSubPath: strimzi-kafka/controller #Pods Service Account serviceAccount: @@ -175,7 +180,7 @@ strimzi-kafka-bridge: kafkaInternalPort: *plainPort strimziKafkaAdminUser: *adminUser -kafka: +broker: template: pod: securityContext: @@ -203,7 +208,7 @@ kafka: cpu: 100m memory: 1Gi -zookeeper: +controller: template: pod: securityContext: @@ -212,7 +217,7 @@ zookeeper: fsGroup: 1001 seccompProfile: type: RuntimeDefault - zookeeperContainer: + kafkaContainer: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true -- 2.16.6