mirror of
https://github.com/openvk/openvk
synced 2024-09-21 16:38:26 +03:00
677e147688
* Kubernetes deployment * Update kubernetes deployment * Fix rewrite module load * Fix mysql-primary bootstrap * Fix mysql init-db apply order * Fix init-db.sql permissions * Fix MySQL missing *.sql import * Switch from MySQL to MariaDB * [skip ci] Example deployment update * Set root app in chandler configmap * Update missing php extension in base images * Update missing dependency in apache image * Remove default site configuration * [skip ci] Split Kubernetes deployments by type * Explicitly set persistent volume for openvk storage * [skip ci] Add README for Kubernetes * Replace old docker(-compose) files w/ new ones * Add README for docker usage * [skip ci] Update README.md and README_RU.md * [skip ci] Fix eventdb DB name * [skip ci] Kubernetes configmap: missing namespace * [skip ci] Fix typo * [skip ci] Ignore chandler.yml * [skip ci] Missing /var/log/openvk volume * [skip ci] Workaround for Docker <=20.10.6 * [skip ci] Handle permissions for apache2 * [skip ci] Initial Kafka support * [skip ci] Kafka values for Kubernetes
1723 lines
No EOL
75 KiB
YAML
1723 lines
No EOL
75 KiB
YAML
## @section Global parameters
|
|
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
|
|
|
## @param global.imageRegistry Global Docker image registry
|
|
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
|
## @param global.storageClass Global StorageClass for Persistent Volume(s)
|
|
##
|
|
global:
|
|
imageRegistry: ""
|
|
## E.g.
|
|
## imagePullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
imagePullSecrets: []
|
|
storageClass: ""
|
|
|
|
## @section Common parameters
|
|
|
|
## @param kubeVersion Override Kubernetes version
|
|
##
|
|
kubeVersion: ""
|
|
## @param nameOverride String to partially override common.names.fullname
|
|
##
|
|
nameOverride: ""
|
|
## @param fullnameOverride String to fully override common.names.fullname
|
|
##
|
|
fullnameOverride: ""
|
|
## @param clusterDomain Default Kubernetes cluster domain
|
|
##
|
|
clusterDomain: cluster.local
|
|
## @param commonLabels Labels to add to all deployed objects
|
|
##
|
|
commonLabels: {}
|
|
## @param commonAnnotations Annotations to add to all deployed objects
|
|
##
|
|
commonAnnotations: {}
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
##
|
|
extraDeploy: []
|
|
## Enable diagnostic mode in the statefulset
|
|
##
|
|
diagnosticMode:
|
|
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
|
|
##
|
|
enabled: false
|
|
## @param diagnosticMode.command Command to override all containers in the statefulset
|
|
##
|
|
command:
|
|
- sleep
|
|
## @param diagnosticMode.args Args to override all containers in the statefulset
|
|
##
|
|
args:
|
|
- infinity
|
|
|
|
## @section Kafka parameters
|
|
|
|
## Bitnami Kafka image version
|
|
## ref: https://hub.docker.com/r/bitnami/kafka/tags/
|
|
## @param image.registry Kafka image registry
|
|
## @param image.repository Kafka image repository
|
|
## @param image.tag Kafka image tag (immutable tags are recommended)
|
|
## @param image.digest Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param image.pullPolicy Kafka image pull policy
|
|
## @param image.pullSecrets Specify docker-registry secret names as an array
|
|
## @param image.debug Specify if debug values should be set
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/kafka
|
|
tag: 3.2.3-debian-11-r1
|
|
digest: ""
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Set to true if you would like to see extra information on logs
|
|
##
|
|
debug: false
|
|
## @param config Configuration file for Kafka. Auto-generated based on other parameters when not specified
|
|
## Specify content for server.properties
|
|
## NOTE: This will override any KAFKA_CFG_ environment variables (including those set by the chart)
|
|
## The server.properties is auto-generated based on other parameters when this parameter is not specified
|
|
## e.g:
|
|
## config: |-
|
|
## broker.id=-1
|
|
## listeners=PLAINTEXT://:9092
|
|
## advertised.listeners=PLAINTEXT://KAFKA_IP:9092
|
|
## num.network.threads=3
|
|
## num.io.threads=8
|
|
## socket.send.buffer.bytes=102400
|
|
## socket.receive.buffer.bytes=102400
|
|
## socket.request.max.bytes=104857600
|
|
## log.dirs=/bitnami/kafka/data
|
|
## num.partitions=1
|
|
## num.recovery.threads.per.data.dir=1
|
|
## offsets.topic.replication.factor=1
|
|
## transaction.state.log.replication.factor=1
|
|
## transaction.state.log.min.isr=1
|
|
## log.flush.interval.messages=10000
|
|
## log.flush.interval.ms=1000
|
|
## log.retention.hours=168
|
|
## log.retention.bytes=1073741824
|
|
## log.segment.bytes=1073741824
|
|
## log.retention.check.interval.ms=300000
|
|
## zookeeper.connect=ZOOKEEPER_SERVICE_NAME
|
|
## zookeeper.connection.timeout.ms=6000
|
|
## group.initial.rebalance.delay.ms=0
|
|
##
|
|
config: ""
|
|
## @param existingConfigmap ConfigMap with Kafka Configuration
|
|
## NOTE: This will override `config` AND any KAFKA_CFG_ environment variables
|
|
##
|
|
existingConfigmap: ""
|
|
## @param log4j An optional log4j.properties file to overwrite the default of the Kafka brokers
|
|
## An optional log4j.properties file to overwrite the default of the Kafka brokers
|
|
## ref: https://github.com/apache/kafka/blob/trunk/config/log4j.properties
|
|
##
|
|
log4j: ""
|
|
## @param existingLog4jConfigMap The name of an existing ConfigMap containing a log4j.properties file
|
|
## The name of an existing ConfigMap containing a log4j.properties file
|
|
## NOTE: this will override `log4j`
|
|
##
|
|
existingLog4jConfigMap: ""
|
|
## @param heapOpts Kafka Java Heap size
|
|
##
|
|
heapOpts: -Xmx1024m -Xms1024m
|
|
## @param deleteTopicEnable Switch to enable topic deletion or not
|
|
##
|
|
deleteTopicEnable: false
|
|
## @param autoCreateTopicsEnable Switch to enable auto creation of topics. Enabling auto creation of topics not recommended for production or similar environments
|
|
##
|
|
autoCreateTopicsEnable: true
|
|
## @param logFlushIntervalMessages The number of messages to accept before forcing a flush of data to disk
|
|
##
|
|
logFlushIntervalMessages: _10000
|
|
## @param logFlushIntervalMs The maximum amount of time a message can sit in a log before we force a flush
|
|
##
|
|
logFlushIntervalMs: 1000
|
|
## @param logRetentionBytes A size-based retention policy for logs
|
|
##
|
|
logRetentionBytes: _1073741824
|
|
## @param logRetentionCheckIntervalMs The interval at which log segments are checked to see if they can be deleted
|
|
##
|
|
logRetentionCheckIntervalMs: 300000
|
|
## @param logRetentionHours The minimum age of a log file to be eligible for deletion due to age
|
|
##
|
|
logRetentionHours: 168
|
|
## @param logSegmentBytes The maximum size of a log segment file. When this size is reached a new log segment will be created
|
|
##
|
|
logSegmentBytes: _1073741824
|
|
## @param logsDirs A comma separated list of directories in which kafka's log data is kept
|
|
## ref: https://kafka.apache.org/documentation/#brokerconfigs_log.dirs
|
|
logsDirs: /bitnami/kafka/data
|
|
## @param maxMessageBytes The largest record batch size allowed by Kafka
|
|
##
|
|
maxMessageBytes: _1000012
|
|
## @param defaultReplicationFactor Default replication factors for automatically created topics
|
|
##
|
|
defaultReplicationFactor: 1
|
|
## @param offsetsTopicReplicationFactor The replication factor for the offsets topic
|
|
##
|
|
offsetsTopicReplicationFactor: 1
|
|
## @param transactionStateLogReplicationFactor The replication factor for the transaction topic
|
|
##
|
|
transactionStateLogReplicationFactor: 1
|
|
## @param transactionStateLogMinIsr Overridden min.insync.replicas config for the transaction topic
|
|
##
|
|
transactionStateLogMinIsr: 1
|
|
## @param numIoThreads The number of threads doing disk I/O
|
|
##
|
|
numIoThreads: 8
|
|
## @param numNetworkThreads The number of threads handling network requests
|
|
##
|
|
numNetworkThreads: 3
|
|
## @param numPartitions The default number of log partitions per topic
|
|
##
|
|
numPartitions: 1
|
|
## @param numRecoveryThreadsPerDataDir The number of threads per data directory to be used for log recovery at startup and flushing at shutdown
|
|
##
|
|
numRecoveryThreadsPerDataDir: 1
|
|
## @param socketReceiveBufferBytes The receive buffer (SO_RCVBUF) used by the socket server
|
|
##
|
|
socketReceiveBufferBytes: 102400
|
|
## @param socketRequestMaxBytes The maximum size of a request that the socket server will accept (protection against OOM)
|
|
##
|
|
socketRequestMaxBytes: _104857600
|
|
## @param socketSendBufferBytes The send buffer (SO_SNDBUF) used by the socket server
|
|
##
|
|
socketSendBufferBytes: 102400
|
|
## @param zookeeperConnectionTimeoutMs Timeout in ms for connecting to ZooKeeper
|
|
##
|
|
zookeeperConnectionTimeoutMs: 6000
|
|
## @param zookeeperChrootPath Path which puts data under some path in the global ZooKeeper namespace
|
|
## ref: https://kafka.apache.org/documentation/#brokerconfigs_zookeeper.connect
|
|
##
|
|
zookeeperChrootPath: ""
|
|
## @param authorizerClassName The Authorizer is configured by setting authorizer.class.name=kafka.security.authorizer.AclAuthorizer in server.properties
|
|
##
|
|
authorizerClassName: ""
|
|
## @param allowEveryoneIfNoAclFound By default, if a resource has no associated ACLs, then no one is allowed to access that resource except super users
|
|
##
|
|
allowEveryoneIfNoAclFound: true
|
|
## @param superUsers You can add super users in server.properties
|
|
##
|
|
superUsers: User:admin
|
|
## Authentication parameters
|
|
## https://github.com/bitnami/containers/tree/main/bitnami/kafka#security
|
|
##
|
|
auth:
|
|
## Authentication protocol for client and inter-broker communications
|
|
## This table shows the security provided on each protocol:
|
|
## | Method | Authentication | Encryption via TLS |
|
|
## | plaintext | None | No |
|
|
## | tls | None | Yes |
|
|
## | mtls | Yes (two-way authentication) | Yes |
|
|
## | sasl | Yes (via SASL) | No |
|
|
## | sasl_tls | Yes (via SASL) | Yes |
|
|
## @param auth.clientProtocol Authentication protocol for communications with clients. Allowed protocols: `plaintext`, `tls`, `mtls`, `sasl` and `sasl_tls`
|
|
## @param auth.externalClientProtocol Authentication protocol for communications with external clients. Defaults to value of `auth.clientProtocol`. Allowed protocols: `plaintext`, `tls`, `mtls`, `sasl` and `sasl_tls`
|
|
## @param auth.interBrokerProtocol Authentication protocol for inter-broker communications. Allowed protocols: `plaintext`, `tls`, `mtls`, `sasl` and `sasl_tls`
|
|
##
|
|
clientProtocol: plaintext
|
|
# Note: empty by default for backwards compatibility reasons, find more information at
|
|
# https://github.com/bitnami/charts/pull/8902/
|
|
externalClientProtocol: ""
|
|
interBrokerProtocol: plaintext
|
|
## SASL configuration
|
|
##
|
|
sasl:
|
|
## @param auth.sasl.mechanisms SASL mechanisms when either `auth.interBrokerProtocol`, `auth.clientProtocol` or `auth.externalClientProtocol` are `sasl`. Allowed types: `plain`, `scram-sha-256`, `scram-sha-512`
|
|
##
|
|
mechanisms: plain,scram-sha-256,scram-sha-512
|
|
## @param auth.sasl.interBrokerMechanism SASL mechanism for inter broker communication.
|
|
##
|
|
interBrokerMechanism: plain
|
|
## JAAS configuration for SASL authentication.
|
|
##
|
|
jaas:
|
|
## @param auth.sasl.jaas.clientUsers Kafka client user list
|
|
##
|
|
## clientUsers:
|
|
## - user1
|
|
## - user2
|
|
##
|
|
clientUsers:
|
|
- user
|
|
## @param auth.sasl.jaas.clientPasswords Kafka client passwords. This is mandatory if more than one user is specified in clientUsers
|
|
##
|
|
## clientPasswords:
|
|
## - password1
|
|
## - password2"
|
|
##
|
|
clientPasswords: []
|
|
## @param auth.sasl.jaas.interBrokerUser Kafka inter broker communication user for SASL authentication
|
|
##
|
|
interBrokerUser: admin
|
|
## @param auth.sasl.jaas.interBrokerPassword Kafka inter broker communication password for SASL authentication
|
|
##
|
|
interBrokerPassword: ""
|
|
## @param auth.sasl.jaas.zookeeperUser Kafka ZooKeeper user for SASL authentication
|
|
##
|
|
zookeeperUser: ""
|
|
## @param auth.sasl.jaas.zookeeperPassword Kafka ZooKeeper password for SASL authentication
|
|
##
|
|
zookeeperPassword: ""
|
|
## @param auth.sasl.jaas.existingSecret Name of the existing secret containing credentials for clientUsers, interBrokerUser and zookeeperUser
|
|
## Create this secret running the command below where SECRET_NAME is the name of the secret you want to create:
|
|
## kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1,CLIENT_PASSWORD2 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=zookeeper-password=ZOOKEEPER_PASSWORD
|
|
##
|
|
existingSecret: ""
|
|
## TLS configuration
|
|
##
|
|
tls:
|
|
## @param auth.tls.type Format to use for TLS certificates. Allowed types: `jks` and `pem`
|
|
##
|
|
type: jks
|
|
## @param auth.tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
|
|
## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
|
|
##
|
|
pemChainIncluded: false
|
|
## @param auth.tls.existingSecrets Array existing secrets containing the TLS certificates for the Kafka brokers
|
|
## When using 'jks' format for certificates, each secret should contain a truststore and a keystore.
|
|
## Create these secrets following the steps below:
|
|
## 1) Generate your truststore and keystore files. Helpful script: https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh
|
|
## 2) Rename your truststore to `kafka.truststore.jks`.
|
|
## 3) Rename your keystores to `kafka-X.keystore.jks` where X is the ID of each Kafka broker.
|
|
## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create):
|
|
## kubectl create secret generic SECRET_NAME_0 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-0.keystore.jks
|
|
## kubectl create secret generic SECRET_NAME_1 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-1.keystore.jks
|
|
## ...
|
|
##
|
|
## When using 'pem' format for certificates, each secret should contain a public CA certificate, a public certificate and one private key.
|
|
## Create these secrets following the steps below:
|
|
## 1) Create a certificate key and signing request per Kafka broker, and sign the signing request with your CA
|
|
## 2) Rename your CA file to `kafka.ca.crt`.
|
|
## 3) Rename your certificates to `kafka-X.tls.crt` where X is the ID of each Kafka broker.
|
|
## 3) Rename your keys to `kafka-X.tls.key` where X is the ID of each Kafka broker.
|
|
## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create):
|
|
## kubectl create secret generic SECRET_NAME_0 --from-file=ca.crt=./kafka.ca.crt --from-file=tls.crt=./kafka-0.tls.crt --from-file=tls.key=./kafka-0.tls.key
|
|
## kubectl create secret generic SECRET_NAME_1 --from-file=ca.crt=./kafka.ca.crt --from-file=tls.crt=./kafka-1.tls.crt --from-file=tls.key=./kafka-1.tls.key
|
|
## ...
|
|
##
|
|
existingSecrets: []
|
|
## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates for Kafka brokers. Currently only supported if `auth.tls.type` is `pem`
|
|
## Note: ignored when using 'jks' format or `auth.tls.existingSecrets` is not empty
|
|
##
|
|
autoGenerated: false
|
|
## @param auth.tls.password Password to access the JKS files or PEM key when they are password-protected.
|
|
## Note: ignored when using 'existingSecret'.
|
|
##
|
|
password: ""
|
|
## @param auth.tls.existingSecret Name of the secret containing the password to access the JKS files or PEM key when they are password-protected. (`key`: `password`)
|
|
##
|
|
existingSecret: ""
|
|
## @param auth.tls.jksTruststoreSecret Name of the existing secret containing your truststore if truststore not existing or different from the ones in the `auth.tls.existingSecrets`
|
|
## Note: ignored when using 'pem' format for certificates.
|
|
##
|
|
jksTruststoreSecret: ""
|
|
## @param auth.tls.jksKeystoreSAN The secret key from the `auth.tls.existingSecrets` containing the keystore with a SAN certificate
|
|
## The SAN certificate in it should be issued with Subject Alternative Names for all headless services:
|
|
## - kafka-0.kafka-headless.kafka.svc.cluster.local
|
|
## - kafka-1.kafka-headless.kafka.svc.cluster.local
|
|
## - kafka-2.kafka-headless.kafka.svc.cluster.local
|
|
## Note: ignored when using 'pem' format for certificates.
|
|
##
|
|
jksKeystoreSAN: ""
|
|
## @param auth.tls.jksTruststore The secret key from the `auth.tls.existingSecrets` or `auth.tls.jksTruststoreSecret` containing the truststore
|
|
## Note: ignored when using 'pem' format for certificates.
|
|
##
|
|
jksTruststore: ""
|
|
## @param auth.tls.endpointIdentificationAlgorithm The endpoint identification algorithm to validate server hostname using server certificate
|
|
## Disable server host name verification by setting it to an empty string.
|
|
## ref: https://docs.confluent.io/current/kafka/authentication_ssl.html#optional-settings
|
|
##
|
|
endpointIdentificationAlgorithm: https
|
|
## Zookeeper client configuration for kafka brokers
|
|
##
|
|
zookeeper:
|
|
## TLS configuration
|
|
##
|
|
tls:
|
|
## @param auth.zookeeper.tls.enabled Enable TLS for Zookeeper client connections.
|
|
##
|
|
enabled: false
|
|
## @param auth.zookeeper.tls.type Format to use for TLS certificates. Allowed types: `jks` and `pem`.
|
|
##
|
|
type: jks
|
|
## @param auth.zookeeper.tls.verifyHostname Hostname validation.
|
|
##
|
|
verifyHostname: true
|
|
## @param auth.zookeeper.tls.existingSecret Name of the existing secret containing the TLS certificates for ZooKeeper client communications.
|
|
##
|
|
existingSecret: ""
|
|
## @param auth.zookeeper.tls.existingSecretKeystoreKey The secret key from the auth.zookeeper.tls.existingSecret containing the Keystore.
|
|
##
|
|
existingSecretKeystoreKey: zookeeper.keystore.jks
|
|
## @param auth.zookeeper.tls.existingSecretTruststoreKey The secret key from the auth.zookeeper.tls.existingSecret containing the Truststore.
|
|
##
|
|
existingSecretTruststoreKey: zookeeper.truststore.jks
|
|
## @param auth.zookeeper.tls.passwordsSecret Existing secret containing Keystore and Truststore passwords.
|
|
##
|
|
passwordsSecret: ""
|
|
## @param auth.zookeeper.tls.passwordsSecretKeystoreKey The secret key from the auth.zookeeper.tls.passwordsSecret containing the password for the Keystore.
|
|
##
|
|
passwordsSecretKeystoreKey: keystore-password
|
|
## @param auth.zookeeper.tls.passwordsSecretTruststoreKey The secret key from the auth.zookeeper.tls.passwordsSecret containing the password for the Truststore.
|
|
##
|
|
passwordsSecretTruststoreKey: truststore-password
|
|
## @param listeners The address(es) the socket server listens on. Auto-calculated it's set to an empty array
|
|
## When it's set to an empty array, the listeners will be configured
|
|
## based on the authentication protocols (auth.clientProtocol, auth.externalClientProtocol and auth.interBrokerProtocol parameters)
|
|
##
|
|
listeners: []
|
|
## @param advertisedListeners The address(es) (hostname:port) the broker will advertise to producers and consumers. Auto-calculated it's set to an empty array
|
|
## When it's set to an empty array, the advertised listeners will be configured
|
|
## based on the authentication protocols (auth.clientProtocol, auth.externalClientProtocol and auth.interBrokerProtocol parameters)
|
|
##
|
|
advertisedListeners: []
|
|
## @param listenerSecurityProtocolMap The protocol->listener mapping. Auto-calculated it's set to nil
|
|
## When it's nil, the listeners will be configured based on the authentication protocols (auth.clientProtocol, auth.externalClientProtocol and auth.interBrokerProtocol parameters)
|
|
##
|
|
listenerSecurityProtocolMap: ""
|
|
## @param allowPlaintextListener Allow to use the PLAINTEXT listener
|
|
##
|
|
allowPlaintextListener: true
|
|
## @param interBrokerListenerName The listener that the brokers should communicate on
|
|
##
|
|
interBrokerListenerName: INTERNAL
|
|
## @param command Override Kafka container command
|
|
##
|
|
command:
|
|
- /scripts/setup.sh
|
|
## @param args Override Kafka container arguments
|
|
##
|
|
args: []
|
|
## @param extraEnvVars Extra environment variables to add to Kafka pods
|
|
## ref: https://github.com/bitnami/containers/tree/main/bitnami/kafka#configuration
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: KAFKA_CFG_BACKGROUND_THREADS
|
|
## value: "10"
|
|
##
|
|
extraEnvVars: []
|
|
## @param extraEnvVarsCM ConfigMap with extra environment variables
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param extraEnvVarsSecret Secret with extra environment variables
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
|
|
## @section Statefulset parameters
|
|
|
|
## @param replicaCount Number of Kafka nodes
|
|
##
|
|
replicaCount: 1
|
|
## @param minBrokerId Minimal broker.id value, nodes increment their `broker.id` respectively
|
|
## Brokers increment their ID starting at this minimal value.
|
|
## E.g., with `minBrokerId=100` and 3 nodes, IDs will be 100, 101, 102 for brokers 0, 1, and 2, respectively.
|
|
##
|
|
minBrokerId: 0
|
|
## @param containerPorts.client Kafka client container port
|
|
## @param containerPorts.internal Kafka inter-broker container port
|
|
## @param containerPorts.external Kafka external container port
|
|
##
|
|
containerPorts:
|
|
client: 9092
|
|
internal: 9093
|
|
external: 9094
|
|
## Configure extra options for Kafka containers' liveness, readiness and startup probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
|
|
## @param livenessProbe.enabled Enable livenessProbe on Kafka containers
|
|
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
## @param readinessProbe.enabled Enable readinessProbe on Kafka containers
|
|
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
failureThreshold: 6
|
|
timeoutSeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
## @param startupProbe.enabled Enable startupProbe on Kafka containers
|
|
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param lifecycleHooks lifecycleHooks for the Kafka container to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## Kafka resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param resources.limits The resources limits for the container
|
|
## @param resources.requests The requested resources for the container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Kafka pods' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
## @param podSecurityContext.enabled Enable security context for the pods
|
|
## @param podSecurityContext.fsGroup Set Kafka pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## Kafka containers' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param containerSecurityContext.enabled Enable Kafka containers' Security Context
|
|
## @param containerSecurityContext.runAsUser Set Kafka containers' Security Context runAsUser
|
|
## @param containerSecurityContext.runAsNonRoot Set Kafka containers' Security Context runAsNonRoot
|
|
## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege
|
|
## e.g:
|
|
## containerSecurityContext:
|
|
## enabled: true
|
|
## capabilities:
|
|
## drop: ["NET_RAW"]
|
|
## readOnlyRootFilesystem: true
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
## @param hostAliases Kafka pods host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param hostNetwork Specify if host network should be enabled for Kafka pods
|
|
##
|
|
hostNetwork: false
|
|
## @param hostIPC Specify if host IPC should be enabled for Kafka pods
|
|
##
|
|
hostIPC: false
|
|
## @param podLabels Extra labels for Kafka pods
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param podAnnotations Extra annotations for Kafka pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Node affinity preset
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param affinity Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param nodeSelector Node labels for pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param tolerations Tolerations for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## @param terminationGracePeriodSeconds Seconds the pod needs to gracefully terminate
|
|
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
|
|
##
|
|
terminationGracePeriodSeconds: ""
|
|
## @param podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
|
|
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
|
|
##
|
|
podManagementPolicy: Parallel
|
|
## @param priorityClassName Name of the existing priority class to be used by kafka pods
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param schedulerName Name of the k8s scheduler (other than default)
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param updateStrategy.type Kafka statefulset strategy type
|
|
## @param updateStrategy.rollingUpdate Kafka statefulset rolling update configuration parameters
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate: {}
|
|
## @param extraVolumes Optionally specify extra list of additional volumes for the Kafka pod(s)
|
|
## e.g:
|
|
## extraVolumes:
|
|
## - name: kafka-jaas
|
|
## secret:
|
|
## secretName: kafka-jaas
|
|
##
|
|
extraVolumes: []
|
|
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka container(s)
|
|
## extraVolumeMounts:
|
|
## - name: kafka-jaas
|
|
## mountPath: /bitnami/kafka/config/kafka_jaas.conf
|
|
## subPath: kafka_jaas.conf
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param sidecars Add additional sidecar containers to the Kafka pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param initContainers Add additional Add init containers to the Kafka pod(s)
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
initContainers: []
|
|
## Kafka Pod Disruption Budget
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
## @param pdb.create Deploy a pdb object for the Kafka pod
|
|
## @param pdb.minAvailable Maximum number/percentage of unavailable Kafka replicas
|
|
## @param pdb.maxUnavailable Maximum number/percentage of unavailable Kafka replicas
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: ""
|
|
maxUnavailable: 1
|
|
|
|
## @section Traffic Exposure parameters
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param service.type Kubernetes Service type
|
|
##
|
|
type: ClusterIP
|
|
## @param service.ports.client Kafka svc port for client connections
|
|
## @param service.ports.internal Kafka svc port for inter-broker connections
|
|
## @param service.ports.external Kafka svc port for external connections
|
|
##
|
|
ports:
|
|
client: 9092
|
|
internal: 9093
|
|
external: 9094
|
|
## @param service.nodePorts.client Node port for the Kafka client connections
|
|
## @param service.nodePorts.external Node port for the Kafka external connections
|
|
## NOTE: choose port between <30000-32767>
|
|
##
|
|
nodePorts:
|
|
client: ""
|
|
external: ""
|
|
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
|
## Values: ClientIP or None
|
|
## ref: https://kubernetes.io/docs/user-guide/services/
|
|
##
|
|
sessionAffinity: None
|
|
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
|
|
## sessionAffinityConfig:
|
|
## clientIP:
|
|
## timeoutSeconds: 300
|
|
##
|
|
sessionAffinityConfig: {}
|
|
## @param service.clusterIP Kafka service Cluster IP
|
|
## e.g.:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param service.loadBalancerIP Kafka service Load Balancer IP
|
|
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param service.loadBalancerSourceRanges Kafka service Load Balancer sources
|
|
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param service.externalTrafficPolicy Kafka service external traffic policy
|
|
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param service.annotations Additional custom annotations for Kafka service
|
|
##
|
|
annotations: {}
|
|
## Headless service properties
|
|
##
|
|
headless:
|
|
## @param service.headless.annotations Annotations for the headless service.
|
|
##
|
|
annotations: {}
|
|
## @param service.headless.labels Labels for the headless service.
|
|
##
|
|
labels: {}
|
|
## @param service.extraPorts Extra ports to expose in the Kafka service (normally used with the `sidecar` value)
|
|
##
|
|
extraPorts: []
|
|
## External Access to Kafka brokers configuration
|
|
##
|
|
externalAccess:
|
|
## @param externalAccess.enabled Enable Kubernetes external cluster access to Kafka brokers
|
|
##
|
|
enabled: false
|
|
## External IPs auto-discovery configuration
|
|
## An init container is used to auto-detect LB IPs or node ports by querying the K8s API
|
|
## Note: RBAC might be required
|
|
##
|
|
autoDiscovery:
|
|
## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs/ports by querying the K8s API
|
|
##
|
|
enabled: false
|
|
## Bitnami Kubectl image
|
|
## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
|
|
## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry
|
|
## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository
|
|
## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended)
|
|
## @param externalAccess.autoDiscovery.image.digest Petete image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy
|
|
## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/kubectl
|
|
tag: 1.25.1-debian-11-r1
|
|
digest: ""
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Init Container resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param externalAccess.autoDiscovery.resources.limits The resources limits for the auto-discovery init container
|
|
## @param externalAccess.autoDiscovery.resources.requests The requested resources for the auto-discovery init container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Parameters to configure K8s service(s) used to externally access Kafka brokers
|
|
## Note: A new service per broker will be created
|
|
##
|
|
service:
|
|
## @param externalAccess.service.type Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP
|
|
##
|
|
type: LoadBalancer
|
|
## @param externalAccess.service.ports.external Kafka port used for external access when service type is LoadBalancer
|
|
##
|
|
ports:
|
|
external: 9094
|
|
## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount
|
|
## e.g:
|
|
## loadBalancerIPs:
|
|
## - X.X.X.X
|
|
## - Y.Y.Y.Y
|
|
##
|
|
loadBalancerIPs: []
|
|
## @param externalAccess.service.loadBalancerNames Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount
|
|
## e.g:
|
|
## loadBalancerNames:
|
|
## - broker1.external.example.com
|
|
## - broker2.external.example.com
|
|
##
|
|
loadBalancerNames: []
|
|
## @param externalAccess.service.loadBalancerAnnotations Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount
|
|
## e.g:
|
|
## loadBalancerAnnotations:
|
|
## - external-dns.alpha.kubernetes.io/hostname: broker1.external.example.com.
|
|
## - external-dns.alpha.kubernetes.io/hostname: broker2.external.example.com.
|
|
##
|
|
loadBalancerAnnotations: []
|
|
## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
|
|
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param externalAccess.service.nodePorts Array of node ports used for each Kafka broker. Length must be the same as replicaCount
|
|
## e.g:
|
|
## nodePorts:
|
|
## - 30001
|
|
## - 30002
|
|
##
|
|
nodePorts: []
|
|
## @param externalAccess.service.useHostIPs Use service host IPs to configure Kafka external listener when service type is NodePort
|
|
##
|
|
useHostIPs: false
|
|
## @param externalAccess.service.usePodIPs using the MY_POD_IP address for external access.
|
|
##
|
|
usePodIPs: false
|
|
## @param externalAccess.service.domain Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP
|
|
## NodePort: If not specified, the container will try to get the kubernetes node external IP
|
|
## ClusterIP: Must be specified, ingress IP or domain where tcp for external ports is configured
|
|
##
|
|
domain: ""
|
|
## @param externalAccess.service.labels Service labels for external access
|
|
##
|
|
labels: {}
|
|
## @param externalAccess.service.annotations Service annotations for external access
|
|
##
|
|
annotations: {}
|
|
## @param externalAccess.service.extraPorts Extra ports to expose in the Kafka external service
|
|
##
|
|
extraPorts: []
|
|
## Network policies
|
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
##
|
|
networkPolicy:
|
|
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
|
##
|
|
enabled: false
|
|
## @param networkPolicy.allowExternal Don't require client label for connections
|
|
## When set to false, only pods with the correct client label will have network access to the port Kafka is
|
|
## listening on. When true, zookeeper accept connections from any source (with the correct destination port).
|
|
##
|
|
allowExternal: true
|
|
## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
|
|
## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
|
|
## and that match other criteria, the ones that have the good label, can reach the kafka.
|
|
## But sometimes, we want the kafka to be accessible to clients from other namespaces, in this case, we can use this
|
|
## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
|
|
##
|
|
## e.g:
|
|
## explicitNamespacesSelector:
|
|
## matchLabels:
|
|
## role: frontend
|
|
## matchExpressions:
|
|
## - {key: role, operator: In, values: [frontend]}
|
|
##
|
|
explicitNamespacesSelector: {}
|
|
## @param networkPolicy.externalAccess.from customize the from section for External Access on tcp-external port
|
|
## e.g:
|
|
## - ipBlock:
|
|
## cidr: 172.9.0.0/16
|
|
## except:
|
|
## - 172.9.1.0/24
|
|
##
|
|
externalAccess:
|
|
from: []
|
|
## @param networkPolicy.egressRules.customRules [object] Custom network policy rule
|
|
##
|
|
egressRules:
|
|
## Additional custom egress rules
|
|
## e.g:
|
|
## customRules:
|
|
## - to:
|
|
## - namespaceSelector:
|
|
## matchLabels:
|
|
## label: example
|
|
customRules: []
|
|
|
|
## @section Persistence parameters
|
|
|
|
## Enable persistence using Persistent Volume Claims
|
|
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
persistence:
|
|
## @param persistence.enabled Enable Kafka data persistence using PVC, note that ZooKeeper persistence is unaffected
|
|
##
|
|
enabled: true
|
|
## @param persistence.existingClaim A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
existingClaim: ""
|
|
## @param persistence.storageClass PVC Storage Class for Kafka data volume
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
storageClass: ""
|
|
## @param persistence.accessModes Persistent Volume Access Modes
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param persistence.size PVC Storage Request for Kafka data volume
|
|
##
|
|
size: 8Gi
|
|
## @param persistence.annotations Annotations for the PVC
|
|
##
|
|
annotations: {}
|
|
## @param persistence.labels Labels for the PVC
|
|
##
|
|
labels: {}
|
|
## @param persistence.selector Selector to match an existing Persistent Volume for Kafka data PVC. If set, the PVC can't have a PV dynamically provisioned for it
|
|
## selector:
|
|
## matchLabels:
|
|
## app: my-app
|
|
##
|
|
selector: {}
|
|
## @param persistence.mountPath Mount path of the Kafka data volume
|
|
##
|
|
mountPath: /bitnami/kafka
|
|
## Log Persistence parameters
|
|
##
|
|
logPersistence:
|
|
## @param logPersistence.enabled Enable Kafka logs persistence using PVC, note that ZooKeeper persistence is unaffected
|
|
##
|
|
enabled: false
|
|
## @param logPersistence.existingClaim A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
existingClaim: ""
|
|
## @param logPersistence.storageClass PVC Storage Class for Kafka logs volume
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
storageClass: ""
|
|
## @param logPersistence.accessModes Persistent Volume Access Modes
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param logPersistence.size PVC Storage Request for Kafka logs volume
|
|
##
|
|
size: 8Gi
|
|
## @param logPersistence.annotations Annotations for the PVC
|
|
##
|
|
annotations: {}
|
|
## @param logPersistence.selector Selector to match an existing Persistent Volume for Kafka log data PVC. If set, the PVC can't have a PV dynamically provisioned for it
|
|
## selector:
|
|
## matchLabels:
|
|
## app: my-app
|
|
##
|
|
selector: {}
|
|
## @param logPersistence.mountPath Mount path of the Kafka logs volume
|
|
##
|
|
mountPath: /opt/bitnami/kafka/logs
|
|
|
|
## @section Volume Permissions parameters
|
|
##
|
|
|
|
## Init containers parameters:
|
|
## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
|
|
##
|
|
volumePermissions:
|
|
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
|
|
##
|
|
enabled: false
|
|
## @param volumePermissions.image.registry Init container volume-permissions image registry
|
|
## @param volumePermissions.image.repository Init container volume-permissions image repository
|
|
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
|
|
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
|
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/bitnami-shell
|
|
tag: 11-debian-11-r37
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## Example:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Init container resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
|
|
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Init container' Security Context
|
|
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
|
|
## and not the below volumePermissions.containerSecurityContext.runAsUser
|
|
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
|
|
##
|
|
containerSecurityContext:
|
|
runAsUser: 0
|
|
|
|
## @section Other Parameters
|
|
|
|
## ServiceAccount for Kafka
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
##
|
|
serviceAccount:
|
|
## @param serviceAccount.create Enable creation of ServiceAccount for Kafka pods
|
|
##
|
|
create: true
|
|
## @param serviceAccount.name The name of the service account to use. If not set and `create` is `true`, a name is generated
|
|
## If not set and create is true, a name is generated using the kafka.serviceAccountName template
|
|
##
|
|
name: ""
|
|
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
|
|
## Can be set to false if pods using this serviceAccount do not need to use K8s API
|
|
##
|
|
automountServiceAccountToken: true
|
|
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
|
|
##
|
|
annotations: {}
|
|
## Role Based Access Control
|
|
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
|
|
##
|
|
rbac:
|
|
## @param rbac.create Whether to create & use RBAC resources or not
|
|
## binding Kafka ServiceAccount to a role
|
|
## that allows Kafka pods querying the K8s API
|
|
##
|
|
create: false
|
|
|
|
## @section Metrics parameters
|
|
|
|
## Prometheus Exporters / Metrics
|
|
##
|
|
metrics:
|
|
## Prometheus Kafka exporter: exposes complimentary metrics to JMX exporter
|
|
##
|
|
kafka:
|
|
## @param metrics.kafka.enabled Whether or not to create a standalone Kafka exporter to expose Kafka metrics
|
|
##
|
|
enabled: false
|
|
## Bitnami Kafka exporter image
|
|
## ref: https://hub.docker.com/r/bitnami/kafka-exporter/tags/
|
|
## @param metrics.kafka.image.registry Kafka exporter image registry
|
|
## @param metrics.kafka.image.repository Kafka exporter image repository
|
|
## @param metrics.kafka.image.tag Kafka exporter image tag (immutable tags are recommended)
|
|
## @param metrics.kafka.image.digest Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param metrics.kafka.image.pullPolicy Kafka exporter image pull policy
|
|
## @param metrics.kafka.image.pullSecrets Specify docker-registry secret names as an array
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/kafka-exporter
|
|
tag: 1.6.0-debian-11-r10
|
|
digest: ""
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
|
|
## @param metrics.kafka.certificatesSecret Name of the existing secret containing the optional certificate and key files
|
|
## for Kafka exporter client authentication
|
|
##
|
|
certificatesSecret: ""
|
|
## @param metrics.kafka.tlsCert The secret key from the certificatesSecret if 'client-cert' key different from the default (cert-file)
|
|
##
|
|
tlsCert: cert-file
|
|
## @param metrics.kafka.tlsKey The secret key from the certificatesSecret if 'client-key' key different from the default (key-file)
|
|
##
|
|
tlsKey: key-file
|
|
## @param metrics.kafka.tlsCaSecret Name of the existing secret containing the optional ca certificate for Kafka exporter client authentication
|
|
##
|
|
tlsCaSecret: ""
|
|
## @param metrics.kafka.tlsCaCert The secret key from the certificatesSecret or tlsCaSecret if 'ca-cert' key different from the default (ca-file)
|
|
##
|
|
tlsCaCert: ca-file
|
|
## @param metrics.kafka.extraFlags Extra flags to be passed to Kafka exporter
|
|
## e.g:
|
|
## extraFlags:
|
|
## tls.insecure-skip-tls-verify: ""
|
|
## web.telemetry-path: "/metrics"
|
|
##
|
|
extraFlags: {}
|
|
## @param metrics.kafka.command Override Kafka exporter container command
|
|
##
|
|
command: []
|
|
## @param metrics.kafka.args Override Kafka exporter container arguments
|
|
##
|
|
args: []
|
|
## @param metrics.kafka.containerPorts.metrics Kafka exporter metrics container port
|
|
##
|
|
containerPorts:
|
|
metrics: 9308
|
|
## Kafka exporter resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param metrics.kafka.resources.limits The resources limits for the container
|
|
## @param metrics.kafka.resources.requests The requested resources for the container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Kafka exporter pods' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
## @param metrics.kafka.podSecurityContext.enabled Enable security context for the pods
|
|
## @param metrics.kafka.podSecurityContext.fsGroup Set Kafka exporter pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## Kafka exporter containers' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param metrics.kafka.containerSecurityContext.enabled Enable Kafka exporter containers' Security Context
|
|
## @param metrics.kafka.containerSecurityContext.runAsUser Set Kafka exporter containers' Security Context runAsUser
|
|
## @param metrics.kafka.containerSecurityContext.runAsNonRoot Set Kafka exporter containers' Security Context runAsNonRoot
|
|
## e.g:
|
|
## containerSecurityContext:
|
|
## enabled: true
|
|
## capabilities:
|
|
## drop: ["NET_RAW"]
|
|
## readOnlyRootFilesystem: true
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
## @param metrics.kafka.hostAliases Kafka exporter pods host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param metrics.kafka.podLabels Extra labels for Kafka exporter pods
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param metrics.kafka.podAnnotations Extra annotations for Kafka exporter pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param metrics.kafka.podAffinityPreset Pod affinity preset. Ignored if `metrics.kafka.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param metrics.kafka.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `metrics.kafka.affinity` is set. Allowed values: `soft` or `hard`
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Node metrics.kafka.affinity preset
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param metrics.kafka.nodeAffinityPreset.type Node affinity preset type. Ignored if `metrics.kafka.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param metrics.kafka.nodeAffinityPreset.key Node label key to match Ignored if `metrics.kafka.affinity` is set.
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param metrics.kafka.nodeAffinityPreset.values Node label values to match. Ignored if `metrics.kafka.affinity` is set.
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param metrics.kafka.affinity Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: metrics.kafka.podAffinityPreset, metrics.kafka.podAntiAffinityPreset, and metrics.kafka.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param metrics.kafka.nodeSelector Node labels for pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param metrics.kafka.tolerations Tolerations for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param metrics.kafka.schedulerName Name of the k8s scheduler (other than default) for Kafka exporter
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param metrics.kafka.priorityClassName Kafka exporter pods' priorityClassName
|
|
##
|
|
priorityClassName: ""
|
|
## @param metrics.kafka.topologySpreadConstraints Topology Spread Constraints for pod assignment
|
|
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
## The value is evaluated as a template
|
|
##
|
|
topologySpreadConstraints: []
|
|
## @param metrics.kafka.extraVolumes Optionally specify extra list of additional volumes for the Kafka exporter pod(s)
|
|
## e.g:
|
|
## extraVolumes:
|
|
## - name: kafka-jaas
|
|
## secret:
|
|
## secretName: kafka-jaas
|
|
##
|
|
extraVolumes: []
|
|
## @param metrics.kafka.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka exporter container(s)
|
|
## extraVolumeMounts:
|
|
## - name: kafka-jaas
|
|
## mountPath: /bitnami/kafka/config/kafka_jaas.conf
|
|
## subPath: kafka_jaas.conf
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param metrics.kafka.sidecars Add additional sidecar containers to the Kafka exporter pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param metrics.kafka.initContainers Add init containers to the Kafka exporter pods
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
initContainers: []
|
|
## Kafka exporter service configuration
|
|
##
|
|
service:
|
|
## @param metrics.kafka.service.ports.metrics Kafka exporter metrics service port
|
|
##
|
|
ports:
|
|
metrics: 9308
|
|
## @param metrics.kafka.service.clusterIP Static clusterIP or None for headless services
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
|
##
|
|
clusterIP: ""
|
|
## @param metrics.kafka.service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
|
## Values: ClientIP or None
|
|
## ref: https://kubernetes.io/docs/user-guide/services/
|
|
##
|
|
sessionAffinity: None
|
|
## @param metrics.kafka.service.annotations [object] Annotations for the Kafka exporter service
|
|
##
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "{{ .Values.metrics.kafka.service.ports.metrics }}"
|
|
prometheus.io/path: "/metrics"
|
|
## Kafka exporter pods ServiceAccount
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
##
|
|
serviceAccount:
|
|
## @param metrics.kafka.serviceAccount.create Enable creation of ServiceAccount for Kafka exporter pods
|
|
##
|
|
create: true
|
|
## @param metrics.kafka.serviceAccount.name The name of the service account to use. If not set and `create` is `true`, a name is generated
|
|
## If not set and create is true, a name is generated using the kafka.metrics.kafka.serviceAccountName template
|
|
##
|
|
name: ""
|
|
## @param metrics.kafka.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
|
|
## Can be set to false if pods using this serviceAccount do not need to use K8s API
|
|
##
|
|
automountServiceAccountToken: true
|
|
## Prometheus JMX exporter: exposes the majority of Kafkas metrics
|
|
##
|
|
jmx:
|
|
## @param metrics.jmx.enabled Whether or not to expose JMX metrics to Prometheus
|
|
##
|
|
enabled: false
|
|
## Bitnami JMX exporter image
|
|
## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/
|
|
## @param metrics.jmx.image.registry JMX exporter image registry
|
|
## @param metrics.jmx.image.repository JMX exporter image repository
|
|
## @param metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
|
|
## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy
|
|
## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/jmx-exporter
|
|
tag: 0.17.1-debian-11-r3
|
|
digest: ""
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Prometheus JMX exporter containers' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context
|
|
## @param metrics.jmx.containerSecurityContext.runAsUser Set Prometheus JMX exporter containers' Security Context runAsUser
|
|
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot
|
|
## e.g:
|
|
## containerSecurityContext:
|
|
## enabled: true
|
|
## capabilities:
|
|
## drop: ["NET_RAW"]
|
|
## readOnlyRootFilesystem: true
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
## @param metrics.jmx.containerPorts.metrics Prometheus JMX exporter metrics container port
|
|
##
|
|
containerPorts:
|
|
metrics: 5556
|
|
## Prometheus JMX exporter resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param metrics.jmx.resources.limits The resources limits for the JMX exporter container
|
|
## @param metrics.jmx.resources.requests The requested resources for the JMX exporter container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Prometheus JMX exporter service configuration
|
|
##
|
|
service:
|
|
## @param metrics.jmx.service.ports.metrics Prometheus JMX exporter metrics service port
|
|
##
|
|
ports:
|
|
metrics: 5556
|
|
## @param metrics.jmx.service.clusterIP Static clusterIP or None for headless services
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
|
|
##
|
|
clusterIP: ""
|
|
## @param metrics.jmx.service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
|
## Values: ClientIP or None
|
|
## ref: https://kubernetes.io/docs/user-guide/services/
|
|
##
|
|
sessionAffinity: None
|
|
## @param metrics.jmx.service.annotations [object] Annotations for the Prometheus JMX exporter service
|
|
##
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "{{ .Values.metrics.jmx.service.ports.metrics }}"
|
|
prometheus.io/path: "/"
|
|
## @param metrics.jmx.whitelistObjectNames Allows setting which JMX objects you want to expose to via JMX stats to JMX exporter
|
|
## Only whitelisted values will be exposed via JMX exporter. They must also be exposed via Rules. To expose all metrics
|
|
## (warning its crazy excessive and they aren't formatted in a prometheus style) (1) `whitelistObjectNames: []`
|
|
## (2) commented out above `overrideConfig`.
|
|
##
|
|
whitelistObjectNames:
|
|
- kafka.controller:*
|
|
- kafka.server:*
|
|
- java.lang:*
|
|
- kafka.network:*
|
|
- kafka.log:*
|
|
## @param metrics.jmx.config [string] Configuration file for JMX exporter
|
|
## Specify content for jmx-kafka-prometheus.yml. Evaluated as a template
|
|
##
|
|
## Credits to the incubator/kafka chart for the JMX configuration.
|
|
## https://github.com/helm/charts/tree/master/incubator/kafka
|
|
##
|
|
config: |-
|
|
jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:5555/jmxrmi
|
|
lowercaseOutputName: true
|
|
lowercaseOutputLabelNames: true
|
|
ssl: false
|
|
{{- if .Values.metrics.jmx.whitelistObjectNames }}
|
|
whitelistObjectNames: ["{{ join "\",\"" .Values.metrics.jmx.whitelistObjectNames }}"]
|
|
{{- end }}
|
|
## @param metrics.jmx.existingConfigmap Name of existing ConfigMap with JMX exporter configuration
|
|
## NOTE: This will override metrics.jmx.config
|
|
##
|
|
existingConfigmap: ""
|
|
## @param metrics.jmx.extraRules Add extra rules to JMX exporter configuration
|
|
## e.g:
|
|
## extraRules: |-
|
|
## - pattern: kafka.server<type=socket-server-metrics, listener=(.+), networkProcessor=(.+)><>(connection-count)
|
|
## name: kafka_server_socket_server_metrics_$3
|
|
## labels:
|
|
## listener: $1
|
|
extraRules: ""
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.kafka.enabled` or `metrics.jmx.enabled` to be `true`)
|
|
##
|
|
enabled: false
|
|
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
##
|
|
namespace: ""
|
|
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
interval: ""
|
|
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
scrapeTimeout: ""
|
|
## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
|
|
##
|
|
labels: {}
|
|
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
|
|
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
|
|
##
|
|
selector: {}
|
|
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
|
|
##
|
|
relabelings: []
|
|
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
|
|
##
|
|
metricRelabelings: []
|
|
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
|
|
##
|
|
honorLabels: false
|
|
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
|
|
##
|
|
jobLabel: ""
|
|
|
|
prometheusRule:
|
|
## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (requires `metrics.kafka.enabled` or `metrics.jmx.enabled` to be `true`)
|
|
##
|
|
enabled: false
|
|
## @param metrics.prometheusRule.namespace Namespace in which Prometheus is running
|
|
##
|
|
namespace: ""
|
|
## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus
|
|
##
|
|
labels: {}
|
|
## @param metrics.prometheusRule.groups Prometheus Rule Groups for Kafka
|
|
##
|
|
groups: []
|
|
|
|
## @section Kafka provisioning parameters
|
|
|
|
## Kafka provisioning
|
|
##
|
|
provisioning:
|
|
## @param provisioning.enabled Enable kafka provisioning Job
|
|
##
|
|
enabled: false
|
|
## @param provisioning.numPartitions Default number of partitions for topics when unspecified
|
|
##
|
|
numPartitions: 1
|
|
## @param provisioning.replicationFactor Default replication factor for topics when unspecified
|
|
##
|
|
replicationFactor: 1
|
|
## @param provisioning.topics Kafka topics to provision
|
|
## - name: topic-name
|
|
## partitions: 1
|
|
## replicationFactor: 1
|
|
## ## https://kafka.apache.org/documentation/#topicconfigs
|
|
## config:
|
|
## max.message.bytes: 64000
|
|
## flush.messages: 1
|
|
##
|
|
topics: []
|
|
## @param provisioning.tolerations Tolerations for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param provisioning.extraProvisioningCommands Extra commands to run to provision cluster resources
|
|
## - echo "Allow user to consume from any topic"
|
|
## - >-
|
|
## /opt/bitnami/kafka/bin/kafka-acls.sh
|
|
## --bootstrap-server $KAFKA_SERVICE
|
|
## --command-config $CLIENT_CONF
|
|
## --add
|
|
## --allow-principal User:user
|
|
## --consumer --topic '*'
|
|
## - "/opt/bitnami/kafka/bin/kafka-acls.sh
|
|
## --bootstrap-server $KAFKA_SERVICE
|
|
## --command-config $CLIENT_CONF
|
|
## --list"
|
|
##
|
|
extraProvisioningCommands: []
|
|
## @param provisioning.parallel Number of provisioning commands to run at the same time
|
|
##
|
|
parallel: 1
|
|
## @param provisioning.preScript Extra bash script to run before topic provisioning. $CLIENT_CONF is path to properties file with most needed configurations
|
|
##
|
|
preScript: ""
|
|
## @param provisioning.postScript Extra bash script to run after topic provisioning. $CLIENT_CONF is path to properties file with most needed configurations
|
|
##
|
|
postScript: ""
|
|
## Auth Configuration for kafka provisioning Job
|
|
##
|
|
auth:
|
|
## TLS configuration for kafka provisioning Job
|
|
##
|
|
tls:
|
|
## @param provisioning.auth.tls.type Format to use for TLS certificates. Allowed types: `jks` and `pem`.
|
|
## Note: ignored if auth.tls.clientProtocol different from one of these values: "tls" "mtls" "sasl_tls".
|
|
##
|
|
type: jks
|
|
## @param provisioning.auth.tls.certificatesSecret Existing secret containing the TLS certificates for the Kafka provisioning Job.
|
|
## When using 'jks' format for certificates, the secret should contain a truststore and a keystore.
|
|
## When using 'pem' format for certificates, the secret should contain a public CA certificate, a public certificate and one private key.
|
|
##
|
|
certificatesSecret: ""
|
|
## @param provisioning.auth.tls.cert The secret key from the certificatesSecret if 'cert' key different from the default (tls.crt)
|
|
##
|
|
cert: tls.crt
|
|
## @param provisioning.auth.tls.key The secret key from the certificatesSecret if 'key' key different from the default (tls.key)
|
|
##
|
|
key: tls.key
|
|
## @param provisioning.auth.tls.caCert The secret key from the certificatesSecret if 'caCert' key different from the default (ca.crt)
|
|
##
|
|
caCert: ca.crt
|
|
## @param provisioning.auth.tls.keystore The secret key from the certificatesSecret if 'keystore' key different from the default (keystore.jks)
|
|
##
|
|
keystore: keystore.jks
|
|
## @param provisioning.auth.tls.truststore The secret key from the certificatesSecret if 'truststore' key different from the default (truststore.jks)
|
|
##
|
|
truststore: truststore.jks
|
|
## @param provisioning.auth.tls.passwordsSecret Name of the secret containing passwords to access the JKS files or PEM key when they are password-protected.
|
|
## It should contain two keys called "keystore-password" and "truststore-password", or "key-password" if using a password-protected PEM key.
|
|
##
|
|
passwordsSecret: ""
|
|
## @param provisioning.auth.tls.keyPasswordSecretKey The secret key from the passwordsSecret if 'keyPasswordSecretKey' key different from the default (key-password)
|
|
## Note: must not be used if `passwordsSecret` is not defined.
|
|
##
|
|
keyPasswordSecretKey: key-password
|
|
## @param provisioning.auth.tls.keystorePasswordSecretKey The secret key from the passwordsSecret if 'keystorePasswordSecretKey' key different from the default (keystore-password)
|
|
## Note: must not be used if `passwordsSecret` is not defined.
|
|
##
|
|
keystorePasswordSecretKey: keystore-password
|
|
## @param provisioning.auth.tls.truststorePasswordSecretKey The secret key from the passwordsSecret if 'truststorePasswordSecretKey' key different from the default (truststore-password)
|
|
## Note: must not be used if `passwordsSecret` is not defined.
|
|
##
|
|
truststorePasswordSecretKey: truststore-password
|
|
## @param provisioning.auth.tls.keyPassword Password to access the password-protected PEM key if necessary. Ignored if 'passwordsSecret' is provided.
|
|
##
|
|
keyPassword: ""
|
|
## @param provisioning.auth.tls.keystorePassword Password to access the JKS keystore. Ignored if 'passwordsSecret' is provided.
|
|
##
|
|
keystorePassword: ""
|
|
## @param provisioning.auth.tls.truststorePassword Password to access the JKS truststore. Ignored if 'passwordsSecret' is provided.
|
|
##
|
|
truststorePassword: ""
|
|
## @param provisioning.command Override provisioning container command
|
|
##
|
|
command: []
|
|
## @param provisioning.args Override provisioning container arguments
|
|
##
|
|
args: []
|
|
## @param provisioning.extraEnvVars Extra environment variables to add to the provisioning pod
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: KAFKA_CFG_BACKGROUND_THREADS
|
|
## value: "10"
|
|
##
|
|
extraEnvVars: []
|
|
## @param provisioning.extraEnvVarsCM ConfigMap with extra environment variables
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param provisioning.extraEnvVarsSecret Secret with extra environment variables
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param provisioning.podAnnotations Extra annotations for Kafka provisioning pods
|
|
##
|
|
podAnnotations: {}
|
|
## @param provisioning.podLabels Extra labels for Kafka provisioning pods
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## Kafka provisioning resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param provisioning.resources.limits The resources limits for the Kafka provisioning container
|
|
## @param provisioning.resources.requests The requested resources for the Kafka provisioning container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Kafka provisioning pods' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
## @param provisioning.podSecurityContext.enabled Enable security context for the pods
|
|
## @param provisioning.podSecurityContext.fsGroup Set Kafka provisioning pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## Kafka provisioning containers' Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param provisioning.containerSecurityContext.enabled Enable Kafka provisioning containers' Security Context
|
|
## @param provisioning.containerSecurityContext.runAsUser Set Kafka provisioning containers' Security Context runAsUser
|
|
## @param provisioning.containerSecurityContext.runAsNonRoot Set Kafka provisioning containers' Security Context runAsNonRoot
|
|
## e.g:
|
|
## containerSecurityContext:
|
|
## enabled: true
|
|
## capabilities:
|
|
## drop: ["NET_RAW"]
|
|
## readOnlyRootFilesystem: true
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
## @param provisioning.schedulerName Name of the k8s scheduler (other than default) for kafka provisioning
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for the Kafka provisioning pod(s)
|
|
## e.g:
|
|
## extraVolumes:
|
|
## - name: kafka-jaas
|
|
## secret:
|
|
## secretName: kafka-jaas
|
|
##
|
|
extraVolumes: []
|
|
## @param provisioning.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Kafka provisioning container(s)
|
|
## extraVolumeMounts:
|
|
## - name: kafka-jaas
|
|
## mountPath: /bitnami/kafka/config/kafka_jaas.conf
|
|
## subPath: kafka_jaas.conf
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param provisioning.sidecars Add additional sidecar containers to the Kafka provisioning pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param provisioning.initContainers Add additional Add init containers to the Kafka provisioning pod(s)
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
initContainers: []
|
|
## @param provisioning.waitForKafka If true use an init container to wait until kafka is ready before starting provisioning
|
|
##
|
|
waitForKafka: true
|
|
|
|
## @section ZooKeeper chart parameters
|
|
|
|
## ZooKeeper chart configuration
|
|
## https://github.com/bitnami/charts/blob/master/bitnami/zookeeper/values.yaml
|
|
##
|
|
zookeeper:
|
|
## @param zookeeper.enabled Switch to enable or disable the ZooKeeper helm chart
|
|
##
|
|
enabled: true
|
|
## @param zookeeper.replicaCount Number of ZooKeeper nodes
|
|
##
|
|
replicaCount: 1
|
|
## ZooKeeper authenticaiton
|
|
##
|
|
auth:
|
|
client:
|
|
## @param zookeeper.auth.client.enabled Enable ZooKeeper auth
|
|
##
|
|
enabled: false
|
|
## @param zookeeper.auth.client.clientUser User that will use ZooKeeper clients to auth
|
|
##
|
|
clientUser: ""
|
|
## @param zookeeper.auth.client.clientPassword Password that will use ZooKeeper clients to auth
|
|
##
|
|
clientPassword: ""
|
|
## @param zookeeper.auth.client.serverUsers Comma, semicolon or whitespace separated list of user to be created. Specify them as a string, for example: "user1,user2,admin"
|
|
##
|
|
serverUsers: ""
|
|
## @param zookeeper.auth.client.serverPasswords Comma, semicolon or whitespace separated list of passwords to assign to users when created. Specify them as a string, for example: "pass4user1, pass4user2, pass4admin"
|
|
##
|
|
serverPasswords: ""
|
|
## ZooKeeper Persistence parameters
|
|
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
## @param zookeeper.persistence.enabled Enable persistence on ZooKeeper using PVC(s)
|
|
## @param zookeeper.persistence.storageClass Persistent Volume storage class
|
|
## @param zookeeper.persistence.accessModes Persistent Volume access modes
|
|
## @param zookeeper.persistence.size Persistent Volume size
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
storageClass: ""
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 8Gi
|
|
|
|
## External Zookeeper Configuration
|
|
## All of these values are only used if `zookeeper.enabled=false`
|
|
##
|
|
externalZookeeper:
|
|
## @param externalZookeeper.servers List of external zookeeper servers to use. Typically used in combination with 'zookeeperChrootPath'.
|
|
##
|
|
servers: [] |