{{/* # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: selector: matchLabels: app: {{ include "common.name" . }} serviceName: {{ .Values.service.name }} replicas: {{ .Values.replicaCount }} podManagementPolicy: Parallel template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} {{- if .Values.prometheus.jmx.enabled }} annotations: prometheus.io/scrape: "true" prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - command: - /app/ready.py args: - --container-name - {{ .Values.zookeeper.name }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: - sh - -exec - | rm -rf '/var/lib/kafka/data/lost+found'; chown -R 1000:0 /var/lib/kafka/data; image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /var/lib/kafka/data name: kafka-data name: {{ include "common.name" . }}-permission-fixer - command: - sh args: - -c - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} - name: ZK_PSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} - name: KAFKA_ADMIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} - name: KAFKA_PSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/kafka/secrets/jaas name: jaas-config - mountPath: /config-input name: jaas image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config containers: {{- if .Values.prometheus.jmx.enabled }} - name: prometheus-jmx-exporter image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - java - -XX:+UnlockExperimentalVMOptions - -XX:+UseCGroupMemoryLimitForHeap - -XX:MaxRAMFraction=1 - -XshowSettings:vm - -jar - jmx_prometheus_httpserver.jar - {{ .Values.prometheus.jmx.port | quote }} - /etc/jmx-kafka/jmx-kafka-prometheus.yml ports: - containerPort: {{ .Values.prometheus.jmx.port }} resources: {{ toYaml .Values.prometheus.jmx.resources | indent 10 }} volumeMounts: - name: jmx-config mountPath: /etc/jmx-kafka {{- end }} - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh - -exc - | export KAFKA_BROKER_ID=${HOSTNAME##*-} && \ {{- if .Values.global.aafEnabled }} export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ {{ else }} export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ {{- end }} exec /etc/confluent/docker/run resources: {{ include "common.resources" . | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.externalPort }} {{- if .Values.prometheus.jmx.enabled }} - containerPort: {{ .Values.jmx.port }} name: jmx {{- end }} {{ if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} env: - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: KAFKA_ZOOKEEPER_CONNECT value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE value: "{{ .Values.kafka.enableSupport }}" - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptions }}" {{- if .Values.global.aafEnabled }} - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptionsAaf }}" - name: aaf_locate_url value: https://aaf-locate.{{ include "common.namespace" . }}:8095 - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP value: "{{ .Values.kafka.protocolMapAaf }}" - name: KAFKA_LISTENERS value: "{{ .Values.kafka.listenersAaf }}" - name: KAFKA_SASL_ENABLED_MECHANISMS value: "{{ .Values.kafka.saslMech }}" - name: KAFKA_INTER_BROKER_LISTENER_NAME value: "{{ .Values.kafka.interBrokerListernerAaf }}" - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL value: "{{ .Values.kafka.saslInterBrokerProtocol }}" - name: KAFKA_AUTHORIZER_CLASS_NAME value: "{{ .Values.kafka.authorizer }}" {{ else }} - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptions }}" - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP value: "{{ .Values.kafka.protocolMap }}" - name: KAFKA_LISTENERS value: "{{ .Values.kafka.listeners }}" - name: KAFKA_INTER_BROKER_LISTENER_NAME value: "{{ .Values.kafka.interBrokerListerner }}" {{- end }} {{- range $key, $value := .Values.configurationOverrides }} - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }} value: {{ $value | quote }} {{- end }} {{- if .Values.jmx.port }} - name: KAFKA_JMX_PORT value: "{{ .Values.jmx.port }}" {{- end }} - name: enableCadi value: "{{ .Values.global.aafEnabled }}" volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /var/run/docker.sock name: docker-socket {{- if .Values.global.aafEnabled }} - mountPath: /etc/kafka/data/cadi.properties subPath: cadi.properties name: cadi {{ end }} - name: jaas-config mountPath: /etc/kafka/secrets/jaas - mountPath: /var/lib/kafka/data name: kafka-data {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 10 }} {{- end }} volumes: - name: localtime hostPath: path: /etc/localtime - name: jaas-config emptyDir: medium: Memory - name: docker-socket hostPath: path: /var/run/docker.sock {{- if .Values.global.aafEnabled }} - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap {{ end }} - name: jaas configMap: name: {{ include "common.fullname" . }}-jaas-configmap {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config configMap: name: {{ include "common.fullname" . }}-prometheus-configmap {{- end }} {{ if not .Values.persistence.enabled }} - name: kafka-data emptyDir: {} {{ else }} volumeClaimTemplates: - metadata: name: kafka-data labels: app: {{ include "common.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ include "common.release" . }}" heritage: "{{ .Release.Service }}" spec: accessModes: - {{ .Values.persistence.accessMode | quote }} storageClassName: {{ include "common.storageClass" . }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{ end }}