Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-21 05:39:10 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:feature/update-postgres
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
...
compare: Telecominfraproject:feature/update-kafka
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

7 Commits
feature/up ... feature/up

Author SHA1 Message Date
Gleb Boushev
891966d065 adding annotations support to services 2021-01-13 11:00:55 +03:00
Gleb Boushev
3171f9cdd4 gitignore modified 2020-12-15 11:29:54 +03:00
Gleb Boushev
09bf0dc762 fixing templating 2020-12-01 17:07:24 +03:00
Gleb Boushev
4ec24ab397 kafka seems to be working 2020-12-01 15:20:52 +03:00
Gleb Boushev
241487e920 kafka initial commit 2020-12-01 11:46:27 +03:00
Gleb Boushev
12c8715136 fixing missing secrets and gitignore file 2020-12-01 11:37:44 +03:00
Gleb Boushev
9689a60173 cassandra initial commit 2020-11-24 10:20:57 +03:00
53 changed files with 217 additions and 3029 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -11,7 +11,7 @@
*.local_dev
tip-wlan/resources/certs
tip-wlan/resources/scripts
tip-wlan/templates
stern*
*.tgz
helmfile

10
tip-wlan/Chart.yaml
View File

@@ -65,16 +65,16 @@ dependencies:
condition: nginx-ingress-controller.enabled
- name: common
version: 0.1.0
- name: zookeeper
version: 0.1.0
condition: zookeeper.enabled
- name: kafka
version: 0.1.0
version: 12.2.0
repository: https://charts.bitnami.com/bitnami
condition: kafka.enabled
- name: postgresql
version: 10.1.0
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: cassandra
version: 5.5.3
version: 7.0.1
repository: https://charts.bitnami.com/bitnami
condition: cassandra.enabled

21
tip-wlan/charts/cassandra/.helmignore
View File

@@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

21
tip-wlan/charts/cassandra/Chart.yaml
View File

@@ -1,21 +0,0 @@
name: cassandra
apiVersion: v2
version: 5.5.3
appVersion: 3.11.6
description: Apache Cassandra is a free and open-source distributed database management system
designed to handle large amounts of data across many commodity servers, providing high
availability with no single point of failure.
Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous
masterless replication allowing low latency operations for all clients.
keywords:
- cassandra
- database
- nosql
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png
sources:
- https://github.com/bitnami/bitnami-docker-cassandra
home: http://cassandra.apache.org
maintainers:
- name: Bitnami
email: containers@bitnami.com
engine: gotpl

1
tip-wlan/charts/cassandra/resources/config/certs/README.md
View File

@@ -1 +0,0 @@
Contains certs needed for this service to start. Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

238
tip-wlan/charts/cassandra/resources/config/cqlshrc.default
View File

@@ -1,238 +0,0 @@
; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
;
; http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
;
; Sample ~/.cqlshrc file.
[authentication]
;; If Cassandra has auth enabled, fill out these options
username = cassandra
password = cassandra
; keyspace = ks1
[ui]
;; Whether or not to display query results with colors
color = on
;; Used for displaying timestamps (and reading them with COPY)
; datetimeformat = %Y-%m-%d %H:%M:%S%z
;; Display timezone
;timezone = Etc/UTC
;; The number of digits displayed after the decimal point for single and double precision numbers
;; (note that increasing this to large numbers can result in unusual values)
;float_precision = 5
;double_precision = 12
;; Used for automatic completion and suggestions
; completekey = tab
;; The encoding used for characters
; encoding = utf8
; To use another than the system default browser for cqlsh HELP to open
; the CQL doc HTML, use the 'browser' preference.
; If the field value is empty or not specified, cqlsh will use the
; default browser (specifying 'browser = default' does not work).
;
; Supported browsers are those supported by the Python webbrowser module.
; (https://docs.python.org/2/library/webbrowser.html).
;
; Hint: to use Google Chome, use
; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
;
; This setting can be overridden with the --browser command line option.
;
;browser =
[cql]
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
;; The port to connect to (9042 is the native protocol default)
port = 9042
;; Always connect using SSL - false by default
ssl = true
;; A timeout in seconds for opening new connections
; timeout = 10
;; A timeout in seconds for executing queries
; request_timeout = 10
[csv]
;; The size limit for parsed fields
; field_size_limit = 131072
[tracing]
;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0
[ssl]
certfile = /opt/tip-wlan/certs/cacert.pem
;; Optional - true by default.
;validate = true
;; To be provided when require_client_auth=true
userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
;; To be provided when require_client_auth=true
usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM
; [copy]
;; The string placeholder for null values
; nullval = null
;; For COPY TO, controls whether the first line in the CSV output file will
;; contain the column names. For COPY FROM, specifies whether the first
;; line in the CSV file contains column names.
; header = false
;; The character that is used as the decimal point separator
; decimalsep = .
;; The character that is used to separate thousands
;; (defaults to the empty string)
; thousandssep =
;; The string literal format for boolean values
; boolstyle = True,False
;; The number of child worker processes to create for
;; COPY tasks. Defaults to a max of 4 for COPY FROM and 16
;; for COPY TO. However, at most (num_cores - 1) processes
;; will be created.
; numprocesses =
;; The maximum number of failed attempts to fetch a range of data (when using
;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
; maxattempts = 5
;; How often status updates are refreshed, in seconds
; reportfrequency = 0.25
;; An optional file to output rate statistics to
; ratefile =
;; Options specific to COPY TO
; [copy-to]
;; The maximum number token ranges to fetch simultaneously
; maxrequests = 6
;; The number of rows to fetch in a single page
; pagesize = 1000
;; By default the page timeout is 10 seconds per 1000 entries
;; in the page size or 10 seconds if pagesize is smaller
; pagetimeout = 10
;; Token range to export. Defaults to exporting the full ring.
; begintoken =
; endtoken =
; The maximum size of the output file measured in number of lines;
; beyond this maximum the output file will be split into segments.
; -1 means unlimited.
; maxoutputsize = -1
;; The encoding used for characters
; encoding = utf8
;; Options specific to COPY FROM
; [copy-from]
;; The maximum number of rows to process per second
; ingestrate = 100000
;; The maximum number of rows to import (-1 means unlimited)
; maxrows = -1
;; A number of initial rows to skip
; skiprows = 0
;; A comma-separated list of column names to ignore
; skipcols =
;; The maximum global number of parsing errors to ignore, -1 means unlimited
; maxparseerrors = -1
;; The maximum global number of insert errors to ignore, -1 means unlimited
; maxinserterrors = 1000
;; A file to store all rows that could not be imported, by default this is
;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
; errfile =
;; The min and max number of rows inserted in a single batch
; maxbatchsize = 20
; minbatchsize = 2
;; The number of rows that are passed to child worker processes from
;; the main process at a time
; chunksize = 1000
;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this.
;; Optional table-specific options for COPY
; [copy:mykeyspace.mytable]
; chunksize = 1000
;; Optional table-specific options for COPY FROM
; [copy-from:mykeyspace.mytable]
; ingestrate = 20000
;; Optional table-specific options for COPY TO
; [copy-to:mykeyspace.mytable]
; pagetimeout = 30

238
tip-wlan/charts/cassandra/resources/config/cqlshrc.tip-wlan
View File

@@ -1,238 +0,0 @@
; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
;
; http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
;
; Sample ~/.cqlshrc file.
[authentication]
;; If Cassandra has auth enabled, fill out these options
username = tip_user
password = tip_password
; keyspace = ks1
[ui]
;; Whether or not to display query results with colors
color = on
;; Used for displaying timestamps (and reading them with COPY)
; datetimeformat = %Y-%m-%d %H:%M:%S%z
;; Display timezone
;timezone = Etc/UTC
;; The number of digits displayed after the decimal point for single and double precision numbers
;; (note that increasing this to large numbers can result in unusual values)
;float_precision = 5
;double_precision = 12
;; Used for automatic completion and suggestions
; completekey = tab
;; The encoding used for characters
; encoding = utf8
; To use another than the system default browser for cqlsh HELP to open
; the CQL doc HTML, use the 'browser' preference.
; If the field value is empty or not specified, cqlsh will use the
; default browser (specifying 'browser = default' does not work).
;
; Supported browsers are those supported by the Python webbrowser module.
; (https://docs.python.org/2/library/webbrowser.html).
;
; Hint: to use Google Chome, use
; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
;
; This setting can be overridden with the --browser command line option.
;
;browser =
[cql]
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
;; The port to connect to (9042 is the native protocol default)
port = 9042
;; Always connect using SSL - false by default
ssl = true
;; A timeout in seconds for opening new connections
; timeout = 10
;; A timeout in seconds for executing queries
; request_timeout = 10
[csv]
;; The size limit for parsed fields
; field_size_limit = 131072
[tracing]
;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0
[ssl]
certfile = /opt/tip-wlan/certs/cacert.pem
;; Optional - true by default.
;validate = true
;; To be provided when require_client_auth=true
userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
;; To be provided when require_client_auth=true
usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM
; [copy]
;; The string placeholder for null values
; nullval = null
;; For COPY TO, controls whether the first line in the CSV output file will
;; contain the column names. For COPY FROM, specifies whether the first
;; line in the CSV file contains column names.
; header = false
;; The character that is used as the decimal point separator
; decimalsep = .
;; The character that is used to separate thousands
;; (defaults to the empty string)
; thousandssep =
;; The string literal format for boolean values
; boolstyle = True,False
;; The number of child worker processes to create for
;; COPY tasks. Defaults to a max of 4 for COPY FROM and 16
;; for COPY TO. However, at most (num_cores - 1) processes
;; will be created.
; numprocesses =
;; The maximum number of failed attempts to fetch a range of data (when using
;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
; maxattempts = 5
;; How often status updates are refreshed, in seconds
; reportfrequency = 0.25
;; An optional file to output rate statistics to
; ratefile =
;; Options specific to COPY TO
; [copy-to]
;; The maximum number token ranges to fetch simultaneously
; maxrequests = 6
;; The number of rows to fetch in a single page
; pagesize = 1000
;; By default the page timeout is 10 seconds per 1000 entries
;; in the page size or 10 seconds if pagesize is smaller
; pagetimeout = 10
;; Token range to export. Defaults to exporting the full ring.
; begintoken =
; endtoken =
; The maximum size of the output file measured in number of lines;
; beyond this maximum the output file will be split into segments.
; -1 means unlimited.
; maxoutputsize = -1
;; The encoding used for characters
; encoding = utf8
;; Options specific to COPY FROM
; [copy-from]
;; The maximum number of rows to process per second
; ingestrate = 100000
;; The maximum number of rows to import (-1 means unlimited)
; maxrows = -1
;; A number of initial rows to skip
; skiprows = 0
;; A comma-separated list of column names to ignore
; skipcols =
;; The maximum global number of parsing errors to ignore, -1 means unlimited
; maxparseerrors = -1
;; The maximum global number of insert errors to ignore, -1 means unlimited
; maxinserterrors = 1000
;; A file to store all rows that could not be imported, by default this is
;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
; errfile =
;; The min and max number of rows inserted in a single batch
; maxbatchsize = 20
; minbatchsize = 2
;; The number of rows that are passed to child worker processes from
;; the main process at a time
; chunksize = 1000
;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this.
;; Optional table-specific options for COPY
; [copy:mykeyspace.mytable]
; chunksize = 1000
;; Optional table-specific options for COPY FROM
; [copy-from:mykeyspace.mytable]
; ingestrate = 20000
;; Optional table-specific options for COPY TO
; [copy-to:mykeyspace.mytable]
; pagetimeout = 30

65
tip-wlan/charts/cassandra/templates/NOTES.txt
View File

@@ -1,65 +0,0 @@
** Please be patient while the chart is being deployed **
Cassandra can be accessed through the following URLs from within the cluster:
- CQL: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.port }}
- Thrift: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.thriftPort }}
To get your password run:
export CASSANDRA_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} -o jsonpath="{.data.cassandra-password}" | base64 --decode)
Check the cluster status by running:
kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "common.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status
To connect to your Cassandra cluster using CQL:
1. Run a Cassandra pod that you can use as a client:
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }}-client --rm --tty -i --restart='Never' \
--env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.name" . }}-client=true"{{ end }} \
--image {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} -- bash
2. Connect using the cqlsh client:
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD {{ template "common.fullname" . }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
"{{ template "common.fullname" . }}-client=true"
will be able to connect to Cassandra.
{{- else -}}
To connect to your database from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.fullname" . }})
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.port }}
{{- end }}
{{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}

71
tip-wlan/charts/cassandra/templates/_helpers.tpl
View File

@@ -1,71 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper metrics image name
*/}}
{{- define "cassandra.metrics.image" -}}
{{- $registryName := .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "cassandra.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "cassandra.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "cassandra.tplValue" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

7
tip-wlan/charts/cassandra/templates/configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cassandra-configurations-override
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

29
tip-wlan/charts/cassandra/templates/headless-svc.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
spec:
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: intra
port: 7000
targetPort: intra
- name: tls
port: 7001
targetPort: tls
- name: jmx
port: 7199
targetPort: jmx
- name: cql
port: {{ .Values.service.port }}
targetPort: cql
{{- if .Values.cluster.enableRPC }}
- name: thrift
port: {{ .Values.service.thriftPort }}
targetPort: thrift
{{- end }}
selector: {{- include "common.selectorLabels" . | nindent 4 }}

38
tip-wlan/charts/cassandra/templates/networkpolicy.yaml
View File

@@ -1,38 +0,0 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "networkPolicy.apiVersion" . }}
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
ingress:
# Allow inbound connections
# CQL and Thrift ports
- ports:
- port: {{ .Values.service.port }}
- port: {{ .Values.service.thriftPort }}
from:
{{- if not .Values.networkPolicy.allowExternal }}
- podSelector:
matchLabels:
{{ include "common.fullname" . }}-client: "true"
{{- end }}
- podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
# Internal ports
- ports:
- port: intra
- port: tls
- port: jmx
from:
- podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 8080
{{- end }}
{{- end }}

40
tip-wlan/charts/cassandra/templates/secret.yaml
View File

@@ -1,40 +0,0 @@
{{- if (not .Values.dbUser.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.dbUser.password }}
cassandra-password: {{ .Values.dbUser.password | b64enc | quote }}
{{- else if (not .Values.dbUser.forcePassword) }}
cassandra-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ else }}
cassandra-password: {{ required "A Cassandra Password is required!" .Values.dbUser.password }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: cassandra-ssl-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
truststore-password: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ .Values.creds.sslKeystorePassword | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-client-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}

32
tip-wlan/charts/cassandra/templates/service.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
spec:
type: {{ .Values.service.type }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: cql
port: {{ .Values.service.port }}
targetPort: cql
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }}
nodePort: {{ .Values.service.nodePorts.cql }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.cluster.enableRPC }}
- name: thrift
port: {{ .Values.service.thriftPort }}
targetPort: thrift
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.thrift)) }}
nodePort: {{ .Values.service.nodePorts.thrift }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- end }}
selector: {{- include "common.selectorLabels" . | nindent 4 }}

306
tip-wlan/charts/cassandra/templates/statefulset.yaml
View File

@@ -1,306 +0,0 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
serviceName: {{ include "common.fullname" . }}-headless
replicas: {{ .Values.cluster.replicaCount }}
updateStrategy:
type: {{ .Values.statefulset.updateStrategy }}
{{- if (eq "Recreate" .Values.statefulset.updateStrategy) }}
rollingUpdate: null
{{- else if .Values.statefulset.rollingUpdatePartition }}
rollingUpdate:
partition: {{ .Values.statefulset.rollingUpdatePartition }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
annotations:
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.affinity }}
affinity: {{- include "cassandra.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "cassandra.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "cassandra.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
initContainers:
- name: volume-permissions
image: {{ include "cassandra.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami/cassandra
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/cassandra
{{- end }}
containers:
- name: cassandra
command:
- bash
- -ec
# Node 0 is the password seeder
- |
if [[ $HOSTNAME =~ (.*)-0$ ]]; then
echo "Setting node as password seeder"
export CASSANDRA_PASSWORD_SEEDER=yes
else
# Only node 0 will execute the startup initdb scripts
export CASSANDRA_IGNORE_INITDB_SCRIPTS=1
fi
{{ .Values.entrypoint }} {{ .Values.cmd }}
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: CASSANDRA_CLUSTER_NAME
value: {{ .Values.cluster.name }}
- name: CASSANDRA_SEEDS
{{- $global := . }}
{{- $replicas := .Values.cluster.seedCount | int }}
{{- $domain := .Values.cluster.domain }}
value: "{{- range $i, $e := until $replicas }}{{ include "common.fullname" $global }}-{{ $i }}.{{ include "common.fullname" $global }}-headless.{{ $global.Values.global.nsPrefix }}.svc.{{ $domain }}{{- if (lt ( add1 $i ) $replicas ) }},{{- end }}{{- end }}"
- name: CASSANDRA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.dbUser.existingSecret }}{{ .Values.dbUser.existingSecret }}{{- else }}{{ include "common.fullname" . }}{{- end }}
key: cassandra-password
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CASSANDRA_USER
value: {{ .Values.dbUser.user | quote }}
- name: CASSANDRA_NUM_TOKENS
value: {{ .Values.cluster.numTokens | quote }}
- name: CASSANDRA_DATACENTER
value: {{ .Values.cluster.datacenter }}
- name: CASSANDRA_ENDPOINT_SNITCH
value: {{ .Values.cluster.endpointSnitch }}
{{- if .Values.tlsEncryptionSecretName }}
- name: CASSANDRA_INTERNODE_ENCRYPTION
value: {{ .Values.cluster.internodeEncryption | quote }}
- name: CASSANDRA_CLIENT_ENCRYPTION
value: {{ .Values.cluster.clientEncryption | quote }}
- name: CASSANDRA_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.tlsEncryptionSecretName }}
key: truststore-password
- name: CASSANDRA_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.tlsEncryptionSecretName }}
key: keystore-password
{{- end }}
- name: CASSANDRA_RACK
value: {{ .Values.cluster.rack }}
{{- if .Values.jvm.maxHeapSize }}
- name: MAX_HEAP_SIZE
value: {{ .Values.jvm.maxHeapSize | quote }}
{{- end }}
{{- if .Values.jvm.newHeapSize }}
- name: HEAP_NEWSIZE
value: {{ .Values.jvm.newHeapSize | quote }}
{{- end }}
{{- if .Values.jvm.extraOpts }}
- name: JVM_EXTRA_OPTS
value: {{ .Values.jvm.extraOpts | quote }}
{{- end }}
- name: CASSANDRA_ENABLE_RPC
value: {{ .Values.cluster.enableRPC | quote }}
{{- if .Values.cluster.enableUDF }}
- name: CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS
value: {{ .Values.cluster.enableUDF | quote }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command: ["/bin/sh", "-c", "nodetool status"]
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command: ["/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+${POD_IP}\""]
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- if not .Values.persistence.enabled }}
lifecycle:
preStop:
exec:
command:
- bash
- -ec
- nodetool decommission
{{- end }}
ports:
- name: intra
containerPort: 7000
- name: tls
containerPort: 7001
- name: jmx
containerPort: 7199
- name: cql
containerPort: 9042
{{- if .Values.cluster.enableRPC }}
- name: thrift
containerPort: 9160
{{- end }}
{{- if .Values.resources }}
resources: {{ toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/cassandra
{{- if .Values.tlsEncryptionSecretName }}
- name: encryption-secrets
mountPath: /bitnami/cassandra/secrets
{{- end }}
{{- if .Values.initDBConfigMap }}
- name: init-db-cm
mountPath: /docker-entrypoint-initdb.d/configmap
{{- end }}
{{- if .Values.initDBSecret }}
- name: init-db-secret
mountPath: /docker-entrypoint-initdb.d/secret
{{- end }}
{{ if .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/cassandra/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: cassandra-client-certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
name: cassandra-client-certificates
subPath: cassandraservercert.pem
- mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
name: cassandra-client-certificates
subPath: cassandraserverkey_dec.pem
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "cassandra.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
ports:
- name: metrics
containerPort: 8080
protocol: TCP
- name: jmx
containerPort: 5555
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
livenessProbe:
tcpSocket:
port: metrics
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 20
timeoutSeconds: 45
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
- name: {{ .Values.image.pullSecrets }}
{{- end }}
volumes:
- name: cassandra-client-certificates
secret:
secretName: {{ include "common.fullname" . }}-client-certs
{{- if .Values.tlsEncryptionSecretName }}
- name: encryption-secrets
secret:
secretName: {{ .Values.tlsEncryptionSecretName }}
items:
- key: keystore
path: keystore
- key: truststore
path: truststore
{{- end }}
{{- if .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ tpl .Values.existingConfiguration $ }}
{{- end }}
{{- if .Values.initDBConfigMap }}
- name: init-db-cm
configMap:
name: {{ tpl .Values.initDBConfigMap $ }}
{{- end }}
{{- if .Values.initDBSecret }}
- name: init-db-secret
configMap:
name: {{ tpl .Values.initDBSecret $ }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
{{- if .Values.persistence.annotations }}
annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

53
tip-wlan/charts/cassandra/templates/tests/test-cassandra-record-insert-del.yaml
View File

@@ -1,53 +0,0 @@
{{- if .Values.testsEnabled -}}
# NOTE: For the test to work, make sure that the cluster-size remains the same
# if you are doing helm-del and then helm-install with existing pvc.
apiVersion: v1
kind: Pod
metadata:
name: {{ include "common.fullname" . }}-test-insertion-deletion
namespace: {{ include "common.namespace" . }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: {{ include "common.name" . }}-test-cassandra-basic
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
command:
- sh
- -c
- |
cqlsh --cqlshrc /bitnami/cassandra/conf/cqlshrc.tip-wlan -e \
"CREATE KEYSPACE MYDB WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; \
use MYDB; \
CREATE TABLE BOOKS (id int PRIMARY KEY, title text, year text); \
INSERT INTO BOOKS (id, title, year) VALUES (1, 'Power Of Now', '1994'); \
SELECT * FROM BOOKS; \
DELETE FROM BOOKS WHERE id=1; \
SELECT * FROM BOOKS; \
DROP TABLE BOOKS; \
DROP KEYSPACE MYDB;"
volumeMounts:
{{ if .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/cassandra/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: cassandra-client-certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
name: cassandra-client-certificates
subPath: cassandraservercert.pem
- mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
name: cassandra-client-certificates
subPath: cassandraserverkey_dec.pem
restartPolicy: Never
volumes:
{{- if .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ tpl .Values.existingConfiguration $ }}
{{- end }}
- name: cassandra-client-certificates
secret:
secretName: {{ include "common.fullname" . }}-client-certs
{{- end }}

331
tip-wlan/charts/cassandra/values.yaml
View File

@@ -1,331 +0,0 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami Cassandra image version
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
##
image:
registry: docker.io
repository: bitnami/cassandra
## Bitnami Cassandra image tag
## ref: https://github.com/bitnami/bitnami-docker-cassandra#supported-tags-and-respective-dockerfile-links
##
tag: 3.11.6-debian-10-r138
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH debugging in minideb-extras-base
##
debug: false
## String to partially override cassandra.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override cassandra.fullname template
##
# fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
enabled: true
image:
registry: docker.io
repository: bitnami/minideb
tag: buster
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Service parameters
##
service:
## Service type
##
type: ClusterIP
## CQL port
##
port: 9042
## Thrift Client API port
##
thriftPort: 9160
## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
cql: ""
thriftPort: ""
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: false
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "-"
## Persistent Volume Claim annotations
##
annotations:
## Persistent Volume Access Mode
##
accessModes:
- ReadWriteOnce
## Persistent Volume size
##
size: 1Gi
## Cassandra pods' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## Minimum memory for development is 4GB and 2 CPU cores
## Minimum memory for production is 8GB and 4 CPU cores
## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 4Gi
requests: {}
# cpu: 2
# memory: 4Gi
## Secret with keystore, keystore password, truststore, truststore password
##
tlsEncryptionSecretName: cassandra-ssl-certs
## ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart
##
existingConfiguration: cassandra-configurations-override
## Cluster parameters
##
cluster:
name: TipWlanCluster
replicaCount: 3
seedCount: 2
numTokens: 256
datacenter: DC1
rack: RAC1
enableRPC: true
endpointSnitch: SimpleSnitch
## Enable the creation of the Pod Disruption Budget
##
pdbEnabled: true
## Minimum number of cluster nodes that will be running. Needs pdbEnabled=true
##
minAvailable: 1
## Maximum number of cluster nodes that may not be running. Needs pdbEnabled=true.
##
# maxUnavailable: 1
## Encryption values. NOTE: They require tlsEncryptionSecretName
##
internodeEncryption: all
clientEncryption: true
domain: cluster.local
## JVM Settings
##
jvm:
## Extra JVM options
##
extraOpts:
## Memory settings: These are calculated automatically
## unless specified otherwise
##
# maxHeapSize: 4G
# newHeapSize: 800M
## Database credentials
##
dbUser:
user: cassandra
forcePassword: false
password: cassandra
# existingSecret:
## ConfigMap with cql scripts. Useful for creating a keyspace
## and pre-populating data
##
# initDBConfigMap:
## Secret with cql script (with sensitive data). Useful for creating a keyspace
## and pre-populating data
##
# initDBSecret:
## Cassandra container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## StatefulSet settings
##
statefulset:
updateStrategy: OnDelete
# rollingUpdatePartition:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Container entrypoint and cmd (useful for using different images)
##
entrypoint: "/entrypoint.sh"
cmd: "/run.sh"
## Network policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## Specifies whether a NetworkPolicy should be created
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port Redis is listening
## on. When true, Redis will accept connections from any source
## (with the correct destination port).
##
# allowExternal: true
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
testsEnabled: true
## Cassandra Prometheus exporter configuration
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
##
metrics:
enabled: false
image:
registry: docker.io
pullPolicy: IfNotPresent
repository: bitnami/cassandra-exporter
tag: 2.3.4-debian-10-r119
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Cassandra Prometheus exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Metrics exporter pod Annotation and Labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
creds:
sslKeystorePassword: DUMMY_PASSWORD
sslTruststorePassword: DUMMY_PASSWORD

5
tip-wlan/charts/common/templates/_svc.tpl
View File

@@ -16,7 +16,7 @@ else use user-provided URL
{{- $zookeeperService := printf "%s-%s" .Release.Name .Values.zookeeper.url }}
{{- default $zookeeperService }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Resolve the Kafka service-name to apply to a chart.
@@ -67,7 +67,6 @@ else use user-provided URL
{{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
@@ -80,4 +79,4 @@ else use user-provided URL
*/}}
{{- define "filestore.dir.name" -}}
{{- printf "%s" .Values.filestore.internal | trunc 63 -}}
{{- end -}}
{{- end -}}

8
tip-wlan/charts/kafka/Chart.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v2
description: Apache Kafka is publish-subscribe messaging
name: kafka
version: 0.1.0
appVersion: 1.0.0
dependencies:
- name: zookeeper
version: 0.1.0

2
tip-wlan/charts/kafka/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

67
tip-wlan/charts/kafka/templates/NOTES.txt
View File

@@ -1,67 +0,0 @@
### Connecting to Kafka from inside Kubernetes
You can connect to Kafka by running a simple pod in the K8s cluster like this with a configuration like this:
apiVersion: v1
kind: Pod
metadata:
name: testclient
namespace: {{ .Release.Namespace }}
spec:
containers:
- name: kafka
image: {{ .Values.image }}:{{ .Values.imageTag }}
command:
- sh
- -c
- "exec tail -f /dev/null"
Once you have the testclient pod above running, you can list all kafka
topics with:
kubectl -n {{ .Release.Namespace }} exec testclient -- kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --list
To create a new topic:
kubectl -n {{ .Release.Namespace }} exec testclient -- kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --topic test1 --create --partitions 1 --replication-factor 1
To listen for messages on a topic:
kubectl -n {{ .Release.Namespace }} exec -ti testclient -- kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}:9092 --topic test1 --from-beginning
To stop the listener session above press: Ctrl+C
To start an interactive message producer session:
kubectl -n {{ .Release.Namespace }} exec -ti testclient -- kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9092 --topic test1
To create a message in the above session, simply type the message and press "enter"
To end the producer session try: Ctrl+C
If you specify "zookeeper.connect" in configurationOverrides, please replace "{{ .Release.Name }}-zookeeper:2181" with the value of "zookeeper.connect", or you will get error.
{{ if .Values.external.enabled }}
### Connecting to Kafka from outside Kubernetes
You have enabled the external access feature of this chart.
**WARNING:** By default this feature allows Kafka clients outside Kubernetes to
connect to Kafka via NodePort(s) in `PLAINTEXT`.
Please see this chart's README.md for more details and guidance.
If you wish to connect to Kafka from outside please configure your external Kafka
clients to point at the following brokers. Please allow a few minutes for all
associated resources to become healthy.
{{ $fullName := include "common.fullname" . }}
{{- $replicas := .Values.replicas | int }}
{{- $servicePort := .Values.external.servicePort | int}}
{{- $root := . }}
{{- range $i, $e := until $replicas }}
{{- $externalListenerPort := add $root.Values.external.firstListenerPort $i }}
{{- if $root.Values.external.distinct }}
{{ printf "%s-%d.%s:%d" $root.Release.Name $i $root.Values.external.domain $servicePort | indent 2 }}
{{- else }}
{{ printf "%s.%s:%d" $root.Release.Name $root.Values.external.domain $externalListenerPort | indent 2 }}
{{- end }}
{{- end }}
{{- end }}

89
tip-wlan/charts/kafka/templates/_helpers.tpl
View File

@@ -1,89 +0,0 @@
{{/*
Form the Zookeeper URL. If zookeeper is installed as part of this chart, use k8s service discovery,
else use user-provided URL
*/}}
{{- define "zookeeper.url" }}
{{- $port := .Values.zookeeper.port | toString }}
{{- if .Values.zookeeper.enabled -}}
{{- printf "%s:%s" (include "kafka.zookeeper.fullname" .) $port }}
{{- else -}}
{{- $zookeeperConnect := printf "%s-%s:%s" .Release.Name .Values.zookeeper.url $port }}
{{- $zookeeperConnectOverride := index .Values "configurationOverrides" "zookeeper.connect" }}
{{- default $zookeeperConnect $zookeeperConnectOverride }}
{{- end -}}
{{- end -}}
{{/*
Derive offsets.topic.replication.factor in following priority order: configurationOverrides, replicas
*/}}
{{- define "kafka.replication.factor" }}
{{- $replicationFactorOverride := index .Values "configurationOverrides" "offsets.topic.replication.factor" }}
{{- default .Values.replicas $replicationFactorOverride }}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kafka.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create unified labels for kafka components
*/}}
{{- define "kafka.common.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "kafka.common.metaLabels" -}}
helm.sh/chart: {{ include "kafka.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "kafka.broker.matchLabels" -}}
app.kubernetes.io/component: kafka-broker
{{ include "kafka.common.matchLabels" . }}
{{- end -}}
{{- define "kafka.broker.labels" -}}
{{ include "kafka.common.metaLabels" . }}
{{ include "kafka.broker.matchLabels" . }}
{{- end -}}
{{- define "kafka.config.matchLabels" -}}
app.kubernetes.io/component: kafka-config
{{ include "kafka.common.matchLabels" . }}
{{- end -}}
{{- define "kafka.config.labels" -}}
{{ include "kafka.common.metaLabels" . }}
{{ include "kafka.config.matchLabels" . }}
{{- end -}}
{{- define "kafka.monitor.matchLabels" -}}
app.kubernetes.io/component: kafka-monitor
{{ include "kafka.common.matchLabels" . }}
{{- end -}}
{{- define "kafka.monitor.labels" -}}
{{ include "kafka.common.metaLabels" . }}
{{ include "kafka.monitor.matchLabels" . }}
{{- end -}}
{{- define "serviceMonitor.namespace" -}}
{{- if .Values.prometheus.operator.serviceMonitor.releaseNamespace -}}
{{ .Release.Namespace }}
{{- else -}}
{{ .Values.prometheus.operator.serviceMonitor.namespace }}
{{- end -}}
{{- end -}}
{{- define "prometheusRule.namespace" -}}
{{- if .Values.prometheus.operator.prometheusRule.releaseNamespace -}}
{{ .Release.Namespace }}
{{- else -}}
{{ .Values.prometheus.operator.prometheusRule.namespace }}
{{- end -}}
{{- end -}}

59
tip-wlan/charts/kafka/templates/configmap-config.yaml
View File

@@ -1,59 +0,0 @@
{{- if .Values.topics -}}
{{- $zk := include "zookeeper.url" . -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "kafka.config.labels" . | nindent 4 }}
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
data:
runtimeConfig.sh: |
#!/bin/bash
set -e
cd /usr/bin
until kafka-configs --zookeeper {{ $zk }} --entity-type topics --describe || (( count++ >= 6 ))
do
echo "Waiting for Zookeeper..."
sleep 20
done
until nc -z {{ template "common.fullname" . }} 9092 || (( retries++ >= 6 ))
do
echo "Waiting for Kafka..."
sleep 20
done
echo "Applying runtime configuration using {{ .Values.image }}:{{ .Values.imageTag }}"
{{- range $n, $topic := .Values.topics }}
{{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }}
cat << EOF > {{ $topic.name }}-increase-replication-factor.json
{"version":1, "partitions":[
{{- $partitions := (int $topic.partitions) }}
{{- $replicas := (int $topic.replicationFactor) }}
{{- range $i := until $partitions }}
{"topic":"{{ $topic.name }}","partition":{{ $i }},"replicas":[{{- range $j := until $replicas }}{{ $j }}{{- if ne $j (sub $replicas 1) }},{{- end }}{{- end }}]}{{- if ne $i (sub $partitions 1) }},{{- end }}
{{- end }}
]}
EOF
kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --execute
kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --verify
{{- else if and $topic.partitions $topic.replicationFactor }}
kafka-topics --zookeeper {{ $zk }} --create --if-not-exists --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} --replication-factor {{ $topic.replicationFactor }}
{{- else if $topic.partitions }}
kafka-topics --zookeeper {{ $zk }} --alter --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} || true
{{- end }}
{{- if $topic.defaultConfig }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --delete-config {{ nospace $topic.defaultConfig }} || true
{{- end }}
{{- if $topic.config }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --add-config {{ nospace $topic.config }}
{{- end }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --describe
{{- if $topic.acls }}
{{- range $a, $acl := $topic.acls }}
{{ if and $acl.user $acl.operations }}
kafka-acls --authorizer-properties zookeeper.connect={{ $zk }} --force --add --allow-principal User:{{ $acl.user }}{{- range $operation := $acl.operations }} --operation {{ $operation }} {{- end }} --topic {{ $topic.name }} {{ $topic.extraParams }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

17
tip-wlan/charts/kafka/templates/configmap.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-clientconfig
namespace: {{ include "common.namespace" . }}
data:
admin-client.properties: |
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
ssl.keystore.type=PKCS12
ssl.truststore.location=/etc/kafka/secrets/truststore.jks
ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
ssl.truststore.type=JKS
bootstrap.servers=tip-wlan-kafka-headless:9093

30
tip-wlan/charts/kafka/templates/job-config.yaml
View File

@@ -1,30 +0,0 @@
{{- if .Values.topics -}}
{{- $scriptHash := include (print $.Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 8 -}}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "common.fullname" . }}-config-{{ $scriptHash }}"
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.config.labels" . | nindent 4 }}
spec:
backoffLimit: {{ .Values.configJob.backoffLimit }}
template:
metadata:
labels:
{{- include "kafka.config.matchLabels" . | nindent 8 }}
spec:
restartPolicy: OnFailure
volumes:
- name: config-volume
configMap:
name: {{ include "common.fullname" . }}-config
defaultMode: 0744
containers:
- name: {{ include "common.fullname" . }}-config
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
command: ["/usr/local/script/runtimeConfig.sh"]
volumeMounts:
- name: config-volume
mountPath: "/usr/local/script"
{{- end -}}

18
tip-wlan/charts/kafka/templates/secret.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
type: Opaque
data:
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}

14
tip-wlan/charts/kafka/templates/service-brokers.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}
spec:
ports:
- name: broker
port: {{ .Values.headless.sslPort }}
targetPort: kafka
selector:
{{- include "kafka.broker.matchLabels" . | nindent 4 }}

27
tip-wlan/charts/kafka/templates/service-headless.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if .Values.headless.annotations }}
{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
ports:
# - name: broker
# port: {{ .Values.headless.port }}
# {{- if .Values.headless.targetPort }}
# targetPort: {{ .Values.headless.targetPort }}
# {{- end }}
- name: broker
port: {{ .Values.headless.sslPort }}
{{- if .Values.headless.targetSslPort }}
targetPort: {{ .Values.headless.targetSslPort }}
{{- end }}
clusterIP: None
selector:
{{- include "kafka.broker.matchLabels" . | nindent 4 }}

249
tip-wlan/charts/kafka/templates/statefulset.yaml
View File

@@ -1,249 +0,0 @@
{{- $advertisedListenersOverride := first (pluck "advertised.listeners" .Values.configurationOverrides) }}
{{- $zk := include "zookeeper.service" . -}}
{{- $ns := include "common.namespace" . -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ $ns }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "kafka.broker.matchLabels" . | nindent 6 }}
serviceName: {{ include "common.fullname" . }}-headless
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
replicas: {{ default 3 .Values.replicas }}
template:
metadata:
annotations:
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "kafka.broker.labels" . | nindent 8 }}
{{- if .Values.podLabels }}
## Custom pod labels
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.serviceAccountName }}
serviceAccountName: {{ .Values.serviceAccountName }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
command: ['sh', '-c', "until nslookup {{ $zk }}.{{ $ns }}.svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
containers:
- name: {{ include "common.name" . }}-broker
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
livenessProbe:
exec:
command:
- sh
- -ec
- /usr/bin/jps | /bin/grep -q SupportedKafka
{{- if not .Values.livenessProbe }}
initialDelaySeconds: 30
timeoutSeconds: 5
{{- else }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30}}
{{- if .Values.livenessProbe.periodSeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
{{- end }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5}}
{{- if .Values.livenessProbe.successThreshold }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.livenessProbe.failureThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- end }}
readinessProbe:
tcpSocket:
port: kafka
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
ports:
- containerPort: {{ .Values.headless.sslPort }}
name: kafka
{{- if .Values.external.enabled }}
{{- $replicas := .Values.replicas | int }}
{{- $root := . }}
{{- range $i, $e := until $replicas }}
- containerPort: {{ add $root.Values.external.firstListenerPort $i }}
name: external-{{ $i }}
{{- end }}
{{- end }}
{{- if .Values.additionalPorts }}
{{ toYaml .Values.additionalPorts | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KAFKA_HEAP_OPTS
value: {{ .Values.kafkaHeapOptions }}
- name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
value: {{ include "kafka.replication.factor" . | quote }}
{{- if not (hasKey .Values.configurationOverrides "zookeeper.connect") }}
- name: KAFKA_ZOOKEEPER_CONNECT
value: {{ include "zookeeper.url" . | quote }}
{{- end }}
{{- if not (hasKey .Values.configurationOverrides "log.dirs") }}
- name: KAFKA_LOG_DIRS
value: {{ printf "%s/%s" .Values.persistence.mountPath .Values.logSubPath | quote }}
{{- end }}
{{- range $key, $value := .Values.configurationOverrides }}
- name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
{{- range $secret := .Values.secrets }}
{{- if not $secret.mountPath }}
{{- range $key := $secret.keys }}
- name: {{ (print ($secret.name | replace "-" "_") "_" $key) | upper }}
valueFrom:
secretKeyRef:
name: {{ $secret.name }}
key: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.envOverrides }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
# This is required because the Downward API does not yet support identification of
# pod numbering in statefulsets. Thus, we are required to specify a command which
# allows us to extract the pod ID for usage as the Kafka Broker ID.
# See: https://github.com/kubernetes/kubernetes/issues/31218
command:
- sh
- -exc
- |
unset KAFKA_PORT && \
export KAFKA_BROKER_ID=${POD_NAME##*-} && \
{{- if eq .Values.external.type "LoadBalancer" }}
export LOAD_BALANCER_IP=$(echo '{{ .Values.external.loadBalancerIP }}' | tr -d '[]' | cut -d ' ' -f "$(($KAFKA_BROKER_ID + 1))") && \
{{- end }}
{{- if eq .Values.external.type "NodePort" }}
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
{{- else }}
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
{{- end }}
exec /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
- mountPath: /etc/kafka/secrets/key_creds
name: kafka-certificates
subPath: key_creds
- mountPath: /etc/kafka/secrets/keystore_creds
name: kafka-certificates
subPath: keystore_creds
- mountPath: /etc/kafka/secrets/truststore_creds
name: kafka-certificates
subPath: truststore_creds
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- name: datadir
mountPath: {{ .Values.persistence.mountPath | quote }}
{{- range $secret := .Values.secrets }}
{{- if $secret.mountPath }}
{{- if $secret.keys }}
{{- range $key := $secret.keys }}
- name: {{ include "common.fullname" $ }}-{{ $secret.name }}
mountPath: {{ $secret.mountPath }}/{{ $key }}
subPath: {{ $key }}
readOnly: true
{{- end }}
{{- else }}
- name: {{ include "common.fullname" $ }}-{{ $secret.name }}
mountPath: {{ $secret.mountPath }}
readOnly: true
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
{{- if not .Values.persistence.enabled }}
- name: datadir
emptyDir: {}
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }}
{{- range .Values.secrets }}
{{- if .mountPath }}
- name: {{ include "common.fullname" $ }}-{{ .name }}
secret:
secretName: {{ .name }}
{{- end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: datadir
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

60
tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml
View File

@@ -1,60 +0,0 @@
{{- if .Values.testsEnabled -}}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "common.fullname" . }}-test-topic-create-produce-consume
namespace: {{ include "common.namespace" . }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: {{ include "common.name" . }}-test-consume
image: {{ .Values.image }}:{{ .Values.imageTag }}
command:
- sh
- -c
- |
# List topics:
echo "##### Listing existing topics #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Create the topic
echo "##### Create topic helm-test-topic-create-consume-produce #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists
echo "##### Produce the test message #####"
# Create a message
MESSAGE="`date -u`"
# Produce a test message to the topic
echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9093 --producer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce
echo "##### Consume the test message from the topic #####"
# Consume a test message from the topic
kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9093 --consumer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
echo "##### Listing current topics including our new topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Delete the messages from topic
echo "##### Delete messages from our topic #####"
kafka-configs --zookeeper {{ include "zookeeper.url" . }} --alter --entity-type topics --entity-name helm-test-topic-create-consume-produce --add-config retention.ms=1000
# Mark topic for deletion
echo "##### Mark our topic for Deletion #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --delete --topic helm-test-topic-create-consume-produce
# List topics:
echo "##### Listing topics after deleting our newly created topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
volumeMounts:
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
restartPolicy: Never
volumes:
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
{{- end }}

360
tip-wlan/charts/kafka/values.yaml
View File

@@ -1,360 +0,0 @@
# ------------------------------------------------------------------------------
# Kafka:
# ------------------------------------------------------------------------------
## The StatefulSet installs 1 pod by default
replicas: 1
## The kafka image repository
image: "confluentinc/cp-kafka"
# image: "wurstmeister/kafka"
## The kafka image tag
imageTag: "5.0.1" # Confluent image for Kafka 2.0.0
# imageTag: "latest"
## Specify a imagePullPolicy
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
imagePullPolicy: "IfNotPresent"
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# cpu: 200m
# memory: 1536Mi
# requests:
# cpu: 100m
# memory: 1024Mi
kafkaHeapOptions: "-Xmx1G -Xms1G"
## Optional Container Security context
securityContext: {}
## The StatefulSet Update Strategy which Kafka will use when changes are applied.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategy:
type: "OnDelete"
## Start and stop pods in Parallel or OrderedReady (one-by-one.) Note - Can not change after first release.
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
podManagementPolicy: OrderedReady
## Useful if using any custom authorizer
## Pass in some secrets to use (if required)
# secrets:
# - name: myKafkaSecret
# keys:
# - username
# - password
# # mountPath: /opt/kafka/secret
# - name: myZkSecret
# keys:
# - user
# - pass
# mountPath: /opt/zookeeper/secret
## The subpath within the Kafka container's PV where logs will be stored.
## This is combined with `persistence.mountPath`, to create, by default: /opt/kafka/data/logs
logSubPath: "logs"
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Use an alternate serviceAccount
## Useful when using images in custom repositories
# serviceAccountName:
## Set a pod priorityClassName
# priorityClassName: high-priority
## Pod scheduling preferences (by default keep pods within a release on separate nodes).
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## By default we don't set affinity
affinity: {}
## Alternatively, this typical example defines:
## antiAffinity (to keep Kafka pods on separate pods)
## and affinity (to encourage Kafka pods to be collocated with Zookeeper pods)
# affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - kafka
# topologyKey: "kubernetes.io/hostname"
# podAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 50
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - zookeeper
# topologyKey: "kubernetes.io/hostname"
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {}
## Readiness probe config.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
## Period to wait for broker graceful shutdown (sigterm) before pod is killed (sigkill)
## ref: https://kubernetes-v1-4.github.io/docs/user-guide/production-pods/#lifecycle-hooks-and-termination-notice
## ref: https://kafka.apache.org/10/documentation.html#brokerconfigs controlled.shutdown.*
terminationGracePeriodSeconds: 60
# Tolerations for nodes that have taints on them.
# Useful if you want to dedicate nodes to just run kafka
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
## Headless service.
##
headless:
# annotations:
# targetPort:
port: 9092
sslPort: 9093
## External access.
##
external:
enabled: false
# type can be either NodePort or LoadBalancer
type: NodePort
# annotations:
# service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
dns:
useInternal: false
useExternal: true
# If using external service type LoadBalancer and external dns, set distinct to true below.
# This creates an A record for each statefulset pod/broker. You should then map the
# A record of the broker to the EXTERNAL IP given by the LoadBalancer in your DNS server.
distinct: false
servicePort: 19092
firstListenerPort: 31090
domain: cluster.local
loadBalancerIP: []
loadBalancerSourceRanges: []
init:
image: "lwolf/kubectl_deployer"
imageTag: "0.4"
imagePullPolicy: "IfNotPresent"
# Annotation to be added to Kafka pods
podAnnotations: {}
# Labels to be added to Kafka pods
podLabels: {}
# service: broker
# team: developers
podDisruptionBudget: {}
# maxUnavailable: 1 # Limits how many Kafka pods may be unavailable due to voluntary disruptions.
## Configuration Overrides. Specify any Kafka settings you would like set on the StatefulSet
## here in map format, as defined in the official docs.
## ref: https://kafka.apache.org/documentation/#brokerconfigs
##
configurationOverrides:
"confluent.support.metrics.enable": false # Disables confluent metric submission
# "auto.leader.rebalance.enable": true
# "auto.create.topics.enable": true
# "controlled.shutdown.enable": true
# "controlled.shutdown.max.retries": 100
# "ssl.secret.dir": "/opt/tip-wlan/certs"
# "ssl.keystore.filename": "kafka-server.pkcs12"
# "ssl.key.credentials": "mypassword"
# "ssl.truststore.filename": "kafka_server_keystore.jks"
# "ssl.truststore.credentials": "mypassword"
advertised.listeners: SSL://tip-wlan-kafka-headless:9093
ssl.client.auth: required
ssl.endpoint.identification.algorithm: ""
security.inter.broker.protocol: SSL
ssl.key.credentials: "key_creds"
ssl.keystore.filename: "kafka-server.pkcs12"
ssl.keystore.credentials: "keystore_creds"
ssl.keystore.type: "PKCS12"
ssl.truststore.filename: "truststore.jks"
ssl.truststore.credentials: "truststore_creds"
ssl.truststore.type: "JKS"
## Options required for external access via NodePort
## ref:
## - http://kafka.apache.org/documentation/#security_configbroker
## - https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic
##
## Setting "advertised.listeners" here appends to "PLAINTEXT://${POD_IP}:9092,", ensure you update the domain
## If external service type is Nodeport:
# "advertised.listeners": |-
# EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID}))
## If external service type is LoadBalancer and distinct is true:
# "advertised.listeners": |-
# EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092
## If external service type is LoadBalancer and distinct is false:
# "advertised.listeners": |-
# EXTERNAL://${LOAD_BALANCER_IP}:31090
## Uncomment to define the EXTERNAL Listener protocol
# "listener.security.protocol.map": |-
# PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT
## set extra ENVs
# key: "value"
envOverrides: {}
## A collection of additional ports to expose on brokers (formatted as normal containerPort yaml)
# Useful when the image exposes metrics (like prometheus, etc.) through a javaagent instead of a sidecar
additionalPorts: {}
## Persistence configuration. Specify if and how to persist data to a persistent volume.
##
persistence:
enabled: false
## The size of the PersistentVolume to allocate to each Kafka Pod in the StatefulSet. For
## production servers this number should likely be much larger.
##
size: 1Gi
accessMode: ReadWriteOnce
## The location within the Kafka container where the PV will mount its storage and Kafka will
## store its logs.
##
mountPath: "/opt/kafka/data"
## Kafka data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "-"
## Kafka Config job configuration
##
configJob:
## Specify the number of retries before considering kafka-config job as failed.
## https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#pod-backoff-failure-policy
backoffLimit: 6
## Topic creation and configuration.
## The job will be run on a deployment only when the config has been changed.
## - If 'partitions' and 'replicationFactor' are specified we create the topic (with --if-not-exists.)
## - If 'partitions', 'replicationFactor' and 'reassignPartitions' are specified we reassign the partitions to
## increase the replication factor of an existing topic.
## - If 'partitions' is specified we 'alter' the number of partitions. This will
## silently and safely fail if the new setting isnt strictly larger than the old (i.e. a NOOP.) Do be aware of the
## implications for keyed topics (ref: https://docs.confluent.io/current/kafka/post-deployment.html#admin-operations)
## - If 'defaultConfig' is specified it's deleted from the topic configuration. If it isn't present,
## it will silently and safely fail.
## - If 'config' is specified it's added to the topic configuration.
##
## Note: To increase the 'replicationFactor' of a topic, 'reassignPartitions' must be set to true (see above).
##
topics:
# - name: myExistingTopicConfig
# config: "cleanup.policy=compact,delete.retention.ms=604800000"
# - name: myExistingTopicReassignPartitions
# partitions: 8
# replicationFactor: 5
# reassignPartitions: true
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
# - name: myNewTopicWithConfig
# partitions: 8
# replicationFactor: 3
# defaultConfig: "segment.bytes,segment.ms"
# config: "cleanup.policy=compact,delete.retention.ms=604800000"
# - name: myAclTopicPartitions
# partitions: 8
# acls:
# - user: read
# operations: [ Read ]
# - user: read_and_write
# operations:
# - Read
# - Write
# - user: all
# operations: [ All ]
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
testsEnabled: true
# ------------------------------------------------------------------------------
# Zookeeper:
# ------------------------------------------------------------------------------
zookeeper:
## If true, install the Zookeeper chart alongside Kafka
## ref: https://github.com/kubernetes/charts/tree/master/incubator/zookeeper
enabled: false
## Configure Zookeeper resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources: ~
## Environmental variables to set in Zookeeper
env:
## The JVM heap size to allocate to Zookeeper
ZK_HEAP_SIZE: "1G"
persistence:
enabled: false
## The amount of PV storage allocated to each Zookeeper pod in the statefulset
# size: "2Gi"
## Specify a Zookeeper imagePullPolicy
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
image:
PullPolicy: "IfNotPresent"
## If the Zookeeper Chart is disabled a URL and port are required to connect
url: "zookeeper-headless"
port: 2181
## Pod scheduling preferences (by default keep pods within a release on separate nodes).
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## By default we don't set affinity:
affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - topologyKey: "kubernetes.io/hostname"
# labelSelector:
# matchLabels:
# release: zookeeper
creds:
sslTruststorePassword: DUMMY_PASSWORD
sslKeystorePassword: DUMMY_PASSWORD
sslKeyPassword: DUMMY_PASSWORD

4
tip-wlan/charts/opensync-gw-cloud/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/opensync-gw-static/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-cloud-static-portal/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/service.yaml
View File

@@ -6,6 +6,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-portal-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-prov-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-spc-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

4
tip-wlan/charts/wlan-ssc-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

6
tip-wlan/charts/zookeeper/Chart.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v2
name: zookeeper
version: 0.1.0
appVersion: 1.0.0
description: Centralized service for maintaining configuration information, naming,
providing distributed synchronization, and providing group services.

20
tip-wlan/charts/zookeeper/templates/_helpers.tpl
View File

@@ -1,20 +0,0 @@
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "zookeeper.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The name of the zookeeper headless service.
*/}}
{{- define "zookeeper.headless" -}}
{{- printf "%s-headless" (include "common.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The name of the zookeeper chroots job.
*/}}
{{- define "zookeeper.chroots" -}}
{{- printf "%s-chroots" (include "common.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}

111
tip-wlan/charts/zookeeper/templates/config-script.yaml
View File

@@ -1,111 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "zookeeper.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
component: server
data:
ok: |
#!/bin/sh
zkServer.sh status
ready: |
#!/bin/sh
echo ruok | nc 127.0.0.1 ${1:-2181}
run: |
#!/bin/bash
set -a
ROOT=$(echo /apache-zookeeper-*)
ZK_USER=${ZK_USER:-"zookeeper"}
ZK_LOG_LEVEL=${ZK_LOG_LEVEL:-"INFO"}
ZK_DATA_DIR=${ZK_DATA_DIR:-"/data"}
ZK_DATA_LOG_DIR=${ZK_DATA_LOG_DIR:-"/data/log"}
ZK_CONF_DIR=${ZK_CONF_DIR:-"/conf"}
ZK_CLIENT_PORT=${ZK_CLIENT_PORT:-2181}
ZK_SERVER_PORT=${ZK_SERVER_PORT:-2888}
ZK_ELECTION_PORT=${ZK_ELECTION_PORT:-3888}
ZK_TICK_TIME=${ZK_TICK_TIME:-2000}
ZK_INIT_LIMIT=${ZK_INIT_LIMIT:-10}
ZK_SYNC_LIMIT=${ZK_SYNC_LIMIT:-5}
ZK_HEAP_SIZE=${ZK_HEAP_SIZE:-2G}
ZK_MAX_CLIENT_CNXNS=${ZK_MAX_CLIENT_CNXNS:-60}
ZK_MIN_SESSION_TIMEOUT=${ZK_MIN_SESSION_TIMEOUT:- $((ZK_TICK_TIME*2))}
ZK_MAX_SESSION_TIMEOUT=${ZK_MAX_SESSION_TIMEOUT:- $((ZK_TICK_TIME*20))}
ZK_SNAP_RETAIN_COUNT=${ZK_SNAP_RETAIN_COUNT:-3}
ZK_PURGE_INTERVAL=${ZK_PURGE_INTERVAL:-0}
ID_FILE="$ZK_DATA_DIR/myid"
ZK_CONFIG_FILE="$ZK_CONF_DIR/zoo.cfg"
LOG4J_PROPERTIES="$ZK_CONF_DIR/log4j.properties"
HOST=$(hostname)
DOMAIN=`hostname -d`
JVMFLAGS="-Xmx$ZK_HEAP_SIZE -Xms$ZK_HEAP_SIZE"
APPJAR=$(echo $ROOT/*jar)
CLASSPATH="${ROOT}/lib/*:${APPJAR}:${ZK_CONF_DIR}:"
if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then
NAME=${BASH_REMATCH[1]}
ORD=${BASH_REMATCH[2]}
MY_ID=$((ORD+1))
else
echo "Failed to extract ordinal from hostname $HOST"
exit 1
fi
mkdir -p $ZK_DATA_DIR
mkdir -p $ZK_DATA_LOG_DIR
echo $MY_ID >> $ID_FILE
echo "clientPort=$ZK_CLIENT_PORT" >> $ZK_CONFIG_FILE
echo "dataDir=$ZK_DATA_DIR" >> $ZK_CONFIG_FILE
echo "dataLogDir=$ZK_DATA_LOG_DIR" >> $ZK_CONFIG_FILE
echo "tickTime=$ZK_TICK_TIME" >> $ZK_CONFIG_FILE
echo "initLimit=$ZK_INIT_LIMIT" >> $ZK_CONFIG_FILE
echo "syncLimit=$ZK_SYNC_LIMIT" >> $ZK_CONFIG_FILE
echo "maxClientCnxns=$ZK_MAX_CLIENT_CNXNS" >> $ZK_CONFIG_FILE
echo "minSessionTimeout=$ZK_MIN_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE
echo "maxSessionTimeout=$ZK_MAX_SESSION_TIMEOUT" >> $ZK_CONFIG_FILE
echo "autopurge.snapRetainCount=$ZK_SNAP_RETAIN_COUNT" >> $ZK_CONFIG_FILE
echo "autopurge.purgeInterval=$ZK_PURGE_INTERVAL" >> $ZK_CONFIG_FILE
echo "4lw.commands.whitelist=*" >> $ZK_CONFIG_FILE
for (( i=1; i<=$ZK_REPLICAS; i++ ))
do
echo "server.$i=$NAME-$((i-1)).$DOMAIN:$ZK_SERVER_PORT:$ZK_ELECTION_PORT" >> $ZK_CONFIG_FILE
done
rm -f $LOG4J_PROPERTIES
echo "zookeeper.root.logger=$ZK_LOG_LEVEL, CONSOLE" >> $LOG4J_PROPERTIES
echo "zookeeper.console.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES
echo "zookeeper.log.threshold=$ZK_LOG_LEVEL" >> $LOG4J_PROPERTIES
echo "zookeeper.log.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES
echo "zookeeper.log.file=zookeeper.log" >> $LOG4J_PROPERTIES
echo "zookeeper.log.maxfilesize=256MB" >> $LOG4J_PROPERTIES
echo "zookeeper.log.maxbackupindex=10" >> $LOG4J_PROPERTIES
echo "zookeeper.tracelog.dir=$ZK_DATA_LOG_DIR" >> $LOG4J_PROPERTIES
echo "zookeeper.tracelog.file=zookeeper_trace.log" >> $LOG4J_PROPERTIES
echo "log4j.rootLogger=\${zookeeper.root.logger}" >> $LOG4J_PROPERTIES
echo "log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender" >> $LOG4J_PROPERTIES
echo "log4j.appender.CONSOLE.Threshold=\${zookeeper.console.threshold}" >> $LOG4J_PROPERTIES
echo "log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout" >> $LOG4J_PROPERTIES
echo "log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n" >> $LOG4J_PROPERTIES
if [ -n "$JMXDISABLE" ]
then
MAIN=org.apache.zookeeper.server.quorum.QuorumPeerMain
else
MAIN="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$JMXPORT -Dcom.sun.management.jmxremote.authenticate=$JMXAUTH -Dcom.sun.management.jmxremote.ssl=$JMXSSL -Dzookeeper.jmx.log4j.disable=$JMXLOG4J org.apache.zookeeper.server.quorum.QuorumPeerMain"
fi
set -x
exec java -cp "$CLASSPATH" $JVMFLAGS $MAIN $ZK_CONFIG_FILE

26
tip-wlan/charts/zookeeper/templates/service-headless.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "zookeeper.headless" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "zookeeper.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.headless.annotations }}
annotations:
{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
clusterIP: None
ports:
{{- range $key, $port := .Values.ports }}
- name: {{ $key }}
port: {{ $port.containerPort }}
targetPort: {{ $key }}
protocol: {{ $port.protocol }}
{{- end }}
selector:
app: {{ template "common.name" . }}
release: {{ .Release.Name }}

26
tip-wlan/charts/zookeeper/templates/service.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "zookeeper.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.service.annotations }}
annotations:
{{- with .Values.service.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
{{- range $key, $value := .Values.service.ports }}
- name: {{ $key }}
{{ toYaml $value | indent 6 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}

160
tip-wlan/charts/zookeeper/templates/statefulset.yaml
View File

@@ -1,160 +0,0 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
component: server
spec:
serviceName: {{ template "zookeeper.headless" . }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
component: server
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
component: server
{{- if .Values.podLabels }}
## Custom pod labels
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
## Custom pod annotations
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
containers:
- name: zookeeper
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.command }}
command: {{ range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
ports:
{{- range $key, $port := .Values.ports }}
- name: {{ $key }}
{{ toYaml $port | indent 14 }}
{{- end }}
livenessProbe:
exec:
command:
- sh
- /config-scripts/ok
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 2
successThreshold: 1
readinessProbe:
exec:
command:
- sh
- /config-scripts/ready
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 2
successThreshold: 1
env:
- name: ZK_REPLICAS
value: {{ .Values.replicaCount | quote }}
{{- range $key, $value := .Values.env }}
- name: {{ $key | upper | replace "." "_" }}
value: {{ $value | quote }}
{{- end }}
{{- range $secret := .Values.secrets }}
{{- range $key := $secret.keys }}
- name: {{ (print $secret.name "_" $key) | upper }}
valueFrom:
secretKeyRef:
name: {{ $secret.name }}
key: {{ $key }}
{{- end }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 12 }}
volumeMounts:
- name: data
mountPath: /data
{{- range $secret := .Values.secrets }}
{{- if $secret.mountPath }}
{{- range $key := $secret.keys }}
- name: {{ $.Release.Name }}-{{ $secret.name }}
mountPath: {{ $secret.mountPath }}/{{ $key }}
subPath: {{ $key }}
readOnly: true
{{- end }}
{{- end }}
{{- end }}
- name: config
mountPath: /config-scripts
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0555
{{- range .Values.secrets }}
- name: {{ $.Release.Name }}-{{ .name }}
secret:
secretName: {{ .name }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

171
tip-wlan/charts/zookeeper/values.yaml
View File

@@ -1,171 +0,0 @@
## As weighted quorums are not supported, it is imperative that an odd number of replicas
## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7.
##
## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set
replicaCount: 1 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7)
podDisruptionBudget:
maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions.
terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully.
updateStrategy:
type: RollingUpdate
## refs:
## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1
image:
repository: zookeeper # Container image repository for zookeeper container.
tag: 3.5.5 # Container image tag for zookeeper container.
pullPolicy: IfNotPresent # Image pull criteria for zookeeper container.
service:
type: ClusterIP # Exposes zookeeper on a cluster-internal IP.
annotations: {} # Arbitrary non-identifying metadata for zookeeper service.
## AWS example for use with LoadBalancer service type.
# external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local
# service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
ports:
client:
port: 2181 # Service port number for client port.
targetPort: client # Service target port for client port.
protocol: TCP # Service port protocol for client port.
## Headless service.
##
headless:
annotations: {}
ports:
client:
containerPort: 2181 # Port number for zookeeper container client port.
protocol: TCP # Protocol for zookeeper container client port.
election:
containerPort: 3888 # Port number for zookeeper container election port.
protocol: TCP # Protocol for zookeeper container election port.
server:
containerPort: 2888 # Port number for zookeeper container server port.
protocol: TCP # Protocol for zookeeper container server port.
resources: {} # Optionally specify how much CPU and memory (RAM) each zookeeper container needs.
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
priorityClassName: ""
nodeSelector: {} # Node label-values required to run zookeeper pods.
tolerations: [] # Node taint overrides for zookeeper pods.
affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - topologyKey: "kubernetes.io/hostname"
# labelSelector:
# matchLabels:
# release: zookeeper
podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods.
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9141"
podLabels: {} # Key/value pairs that are attached to zookeeper pods.
# team: "developers"
# service: "zookeeper"
securityContext:
fsGroup: 1000
runAsUser: 1000
## Useful, if you want to use an alternate image.
command:
- /bin/bash
- -xec
- /config-scripts/run
## Useful if using any custom authorizer.
## Pass any secrets to the kafka pods. Each secret will be passed as an
## environment variable by default. The secret can also be mounted to a
## specific path (in addition to environment variable) if required. Environment
## variable names are generated as: `<secretName>_<secretKey>` (All upper case)
# secrets:
# - name: myKafkaSecret
# keys:
# - username
# - password
# # mountPath: /opt/kafka/secret
# - name: myZkSecret
# keys:
# - user
# - pass
# mountPath: /opt/zookeeper/secret
persistence:
enabled: false
## If defined, PVC must be created manually before volume will be bound
## existingClaim: opensync-wifi-controller-zookeeper-data
## volumeReclaimPolicy: Retain
## If you want to bind to an existing PV, uncomment below with the pv name
## and comment storageClass and belowannotation
## volumeName: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
## zookeeper data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "-"
accessMode: ReadWriteOnce
size: 1Gi
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
env:
## Options related to JMX exporter.
## ref: https://github.com/apache/zookeeper/blob/master/bin/zkServer.sh#L36
JMXAUTH: "false"
JMXDISABLE: "false"
JMXPORT: 1099
JMXSSL: "false"
## The port on which the server will accept client requests.
ZOO_PORT: 2181
## The number of Ticks that an ensemble member is allowed to perform leader
## election.
ZOO_INIT_LIMIT: 5
ZOO_TICK_TIME: 2000
## The maximum number of concurrent client connections that
## a server in the ensemble will accept.
ZOO_MAX_CLIENT_CNXNS: 60
## The number of Tick by which a follower may lag behind the ensembles leader.
ZK_SYNC_LIMIT: 10
## The number of wall clock ms that corresponds to a Tick for the ensembles
## internal time.
ZK_TICK_TIME: 2000
ZOO_AUTOPURGE_PURGEINTERVAL: 0
ZOO_AUTOPURGE_SNAPRETAINCOUNT: 3
ZOO_STANDALONE_ENABLED: false

30
tip-wlan/resources/environments/dev-local-rework.yaml
View File

@@ -154,19 +154,35 @@ kafka:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
storageClass: "hostpath"
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: true
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip

30
tip-wlan/templates/cassandra-dependencies.yaml Normal file
View File

@@ -0,0 +1,30 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Namespace }}-common-cassandra-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
truststore-password: {{ "mypassword" | b64enc }}
keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ "mypassword" | b64enc }}
cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Namespace }}-common-cassandra-client-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
cassandra_server_keystore.jks: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}

97
tip-wlan/templates/kafka-dependencies.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Namespace }}-common-kafka-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
kafka-0.keystore.jks: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
kafka.truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Namespace }}-common-kafka-client-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
{{ if .Values.topics }}
{{- $zk := printf "%s-wlan-zookeeper-headless" .Release.Namespace -}}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Namespace }}-wlan-kafka-config-{{ .Release.Revision }}
namespace: {{ .Release.Namespace }}
spec:
backoffLimit: 10
template:
spec:
restartPolicy: OnFailure
initContainers:
- name: depends-on
image: confluentinc/cp-kafka:5.0.1
command:
- bash
- -c
- |
until kafka-configs --zookeeper {{ $zk }} --entity-type topics --describe || (( count++ >= 6 ))
do
echo "Waiting for Zookeeper..."
sleep 20
done
until nc -z {{ $.Release.Namespace }}-wlan-kafka 9092 || (( retries++ >= 6 ))
do
echo "Waiting for Kafka..."
sleep 20
done
containers:
- name: kafka-config
image: confluentinc/cp-kafka:5.0.1
command:
- bash
- -c
- |
set -e
{{- range $n, $topic := .Values.topics }}
{{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }}
cat << EOF > {{ $topic.name }}-increase-replication-factor.json
{"version":1, "partitions":[
{{- $partitions := (int $topic.partitions) }}
{{- $replicas := (int $topic.replicationFactor) }}
{{- range $i := until $partitions }}
{"topic":"{{ $topic.name }}","partition":{{ $i }},"replicas":[{{- range $j := until $replicas }}{{ $j }}{{- if ne $j (sub $replicas 1) }},{{- end }}{{- end }}]}{{- if ne $i (sub $partitions 1) }},{{- end }}
{{- end }}
]}
EOF
kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --execute
kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --verify
{{- else if and $topic.partitions $topic.replicationFactor }}
kafka-topics --zookeeper {{ $zk }} --create --if-not-exists --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} --replication-factor {{ $topic.replicationFactor }}
{{- else if $topic.partitions }}
kafka-topics --zookeeper {{ $zk }} --alter --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} || true
{{- end }}
{{- if $topic.defaultConfig }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --delete-config {{ nospace $topic.defaultConfig }} || true
{{- end }}
{{- if $topic.config }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --add-config {{ nospace $topic.config }}
{{- end }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --describe
{{- if $topic.acls }}
{{- range $a, $acl := $topic.acls }}
{{ if and $acl.user $acl.operations }}
kafka-acls --authorizer-properties zookeeper.connect={{ $zk }} --force --add --allow-principal User:{{ $acl.user }}{{- range $operation := $acl.operations }} --operation {{ $operation }} {{- end }} --topic {{ $topic.name }} {{ $topic.extraParams }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

17
tip-wlan/values.yaml
View File

@@ -47,6 +47,21 @@ dockerRegistrySecret: dummySecret
# Annotations to add to the namespace
annotations: {}
## Topic creation and configuration.
## The job will be run on a deployment only when the config has been changed.
## - If 'partitions' and 'replicationFactor' are specified we create the topic (with --if-not-exists.)
## - If 'partitions', 'replicationFactor' and 'reassignPartitions' are specified we reassign the partitions to
## increase the replication factor of an existing topic.
## - If 'partitions' is specified we 'alter' the number of partitions. This will
## silently and safely fail if the new setting isnt strictly larger than the old (i.e. a NOOP.) Do be aware of the
## implications for keyed topics (ref: https://docs.confluent.io/current/kafka/post-deployment.html#admin-operations)
## - If 'defaultConfig' is specified it's deleted from the topic configuration. If it isn't present,
## it will silently and safely fail.
## - If 'config' is specified it's added to the topic configuration.
##
## Note: To increase the 'replicationFactor' of a topic, 'reassignPartitions' must be set to true (see above).
##
# Enabling components under Tip-wlan
opensync-gw-static:
enabled: false
@@ -72,8 +87,6 @@ wlan-integrated-cloud-component-service:
enabled: false
nginx-ingress-controller:
enabled: false
zookeeper:
enabled: false
kafka:
enabled: false
cassandra: