github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 10:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add kafka-operator (#74)

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit is contained in:
Andrei Kvapil
2024-04-13 08:56:07 +02:00
committed by GitHub
parent c24a103fda
commit 83bdc3f537
58 changed files with 38963 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/core/platform/bundles/distro-full.yaml
View File

@@ -70,6 +70,12 @@ releases:
namespace: cozy-postgres-operator
dependsOn: [cilium,cert-manager]
- name: kafka-operator
releaseName: kafka-operator
chart: cozy-kafka-operator
namespace: cozy-kafka-operator
dependsOn: [cilium,kubeovn]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator

6
packages/core/platform/bundles/distro-hosted.yaml
View File

@@ -44,6 +44,12 @@ releases:
namespace: cozy-postgres-operator
dependsOn: [cert-manager]
- name: kafka-operator
releaseName: kafka-operator
chart: cozy-kafka-operator
namespace: cozy-kafka-operator
dependsOn: [cilium,kubeovn]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator

6
packages/core/platform/bundles/paas-full.yaml
View File

@@ -99,6 +99,12 @@ releases:
namespace: cozy-postgres-operator
dependsOn: [cilium,kubeovn,cert-manager]
- name: kafka-operator
releaseName: kafka-operator
chart: cozy-kafka-operator
namespace: cozy-kafka-operator
dependsOn: [cilium,kubeovn]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator

6
packages/core/platform/bundles/paas-hosted.yaml
View File

@@ -44,6 +44,12 @@ releases:
namespace: cozy-postgres-operator
dependsOn: [cert-manager]
- name: kafka-operator
releaseName: kafka-operator
chart: cozy-kafka-operator
namespace: cozy-kafka-operator
dependsOn: [cilium,kubeovn]
- name: rabbitmq-operator
releaseName: rabbitmq-operator
chart: cozy-rabbitmq-operator

2
packages/system/kafka-operator/Chart.yaml Normal file
View File

@@ -0,0 +1,2 @@
name: cozy-kafka-operator
version: 0.3.0

15
packages/system/kafka-operator/Makefile Normal file
View File

@@ -0,0 +1,15 @@
NAME=kafka-operator
NAMESPACE=cozy-kafka-operator
show:
helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
apply:
helm upgrade -i -n $(NAMESPACE) $(NAME) .
diff:
helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
update:
rm -rf charts
helm pull oci://quay.io/strimzi-helm/strimzi-kafka-operator --untar --untardir charts

21
packages/system/kafka-operator/charts/strimzi-kafka-operator/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

27
packages/system/kafka-operator/charts/strimzi-kafka-operator/Chart.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v2
appVersion: 0.40.0
description: 'Strimzi: Apache Kafka running on Kubernetes'
home: https://strimzi.io/
icon: https://raw.githubusercontent.com/strimzi/strimzi-kafka-operator/main/documentation/logo/strimzi_logo.png
keywords:
- kafka
- queue
- stream
- event
- messaging
- datastore
- topic
maintainers:
- name: Frawless
- name: ppatierno
- name: samuel-hawker
- name: scholzj
- name: tombentley
- name: sknot-rh
- name: PaulRMellor
- name: im-konge
- name: see-quick
name: strimzi-kafka-operator
sources:
- https://github.com/strimzi/strimzi-kafka-operator
version: 0.40.0

20
packages/system/kafka-operator/charts/strimzi-kafka-operator/OWNERS Normal file
View File

@@ -0,0 +1,20 @@
approvers:
- ppatierno
- scholzj
- tombentley
- samuel-hawker
- Frawless
- sknot-rh
- PaulRMellor
- im-konge
- see-quick
reviewers:
- ppatierno
- scholzj
- tombentley
- samuel-hawker
- Frawless
- sknot-rh
- PaulRMellor
- im-konge
- see-quick

224
packages/system/kafka-operator/charts/strimzi-kafka-operator/README.md Normal file
View File

@@ -0,0 +1,224 @@
# Strimzi: Apache Kafka on Kubernetes
Strimzi provides a way to run an [Apache Kafka®](https://kafka.apache.org) cluster on
[Kubernetes](https://kubernetes.io/) or [OpenShift](https://www.openshift.com/) in various deployment configurations.
See our [website](https://strimzi.io) for more details about the project.
**!!! IMPORTANT !!!**
Upgrading to Strimzi 0.32 and newer directly from Strimzi 0.22 and earlier is no longer possible.
Please follow the [documentation](https://strimzi.io/docs/operators/latest/full/deploying.html#assembly-upgrade-str) for more details.
**!!! IMPORTANT !!!**
From Strimzi 0.40 on, we support only Kubernetes 1.23 and newer.
Kubernetes versions 1.21 and 1.22 are no longer supported.
## Introduction
This chart bootstraps the Strimzi Cluster Operator Deployment, Cluster Roles, Cluster Role Bindings, Service Accounts, and
Custom Resource Definitions for running [Apache Kafka](https://kafka.apache.org/) on [Kubernetes](http://kubernetes.io)
cluster using the [Helm](https://helm.sh) package manager.
### Supported Features
* **Manages the Kafka Cluster** - Deploys and manages all of the components of this complex application, including dependencies like Apache ZooKeeper® that are traditionally hard to administer.
* **Includes Kafka Connect** - Allows for configuration of common data sources and sinks to move data into and out of the Kafka cluster.
* **Topic Management** - Creates and manages Kafka Topics within the cluster.
* **User Management** - Creates and manages Kafka Users within the cluster.
* **Connector Management** - Creates and manages Kafka Connect connectors.
* **Includes Kafka Mirror Maker 1 and 2** - Allows for mirroring data between different Apache Kafka® clusters.
* **Includes HTTP Kafka Bridge** - Allows clients to send and receive messages through an Apache Kafka® cluster via the HTTP protocol.
* **Includes Cruise Control** - Automates the process of balancing partitions across an Apache Kafka® cluster.
* **Prometheus monitoring** - Built-in support for monitoring using Prometheus.
* **Grafana Dashboards** - Built-in support for loading Grafana® dashboards via the grafana_sidecar
### Upgrading your Clusters
To upgrade the Strimzi operator, you can use the `helm upgrade` command.
The `helm upgrade` command does not upgrade the [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/).
Install the new CRDs manually after upgrading the Cluster Operator.
You can access the CRDs from our [GitHub release page](https://github.com/strimzi/strimzi-kafka-operator/releases) or find them in the `crd` subdirectory inside the Helm Chart.
The Strimzi Operator understands how to run and upgrade between a set of Kafka versions.
When specifying a new version in your config, check to make sure you aren't using any features that may have been removed.
See [the upgrade guide](https://strimzi.io/docs/operators/latest/deploying.html#assembly-upgrading-kafka-versions-str) for more information.
### Documentation
Documentation to all releases can be found on our [website](https://strimzi.io/documentation).
### Getting help
If you encounter any issues while using Strimzi, you can get help using:
* [Strimzi mailing list on CNCF](https://lists.cncf.io/g/cncf-strimzi-users/topics)
* [Strimzi Slack channel on CNCF workspace](https://cloud-native.slack.com/messages/strimzi)
* [GitHub Discussions](https://github.com/strimzi/strimzi-kafka-operator/discussions)
### License
Strimzi is licensed under the [Apache License, Version 2.0](https://github.com/strimzi/strimzi-kafka-operator/blob/main/LICENSE).
## Prerequisites
- Kubernetes 1.23+
## Installing the Chart
To install the chart with the release name `my-strimzi-cluster-operator`:
```bash
$ helm install my-strimzi-cluster-operator oci://quay.io/strimzi-helm/strimzi-kafka-operator
```
The command deploys the Strimzi Cluster Operator on the Kubernetes cluster with the default configuration.
The [configuration](#configuration) section lists the parameters that can be configured during installation.
## Uninstalling the Chart
To uninstall/delete the `my-strimzi-cluster-operator` deployment:
```bash
$ helm delete my-strimzi-cluster-operator
```
The command removes all the Kubernetes components associated with the operator and deletes the release.
## Configuration
The following table lists the configurable parameters of the Strimzi chart and their default values. Runtime
configuration of Kafka and other components are defined within their respective Custom Resource Definitions. See
the documentation for more details.
| Parameter | Description | Default |
|---------------------------------------------|---------------------------------------------------------------------------------|------------------------------|
| `replicas` | Number of replicas of the cluster operator | 1 |
| `watchNamespaces` | Comma separated list of additional namespaces for the strimzi-operator to watch | [] |
| `watchAnyNamespace` | Watch the whole Kubernetes cluster (all namespaces) | `false` |
| `defaultImageRegistry` | Default image registry for all the images | `quay.io` |
| `defaultImageRepository` | Default image registry for all the images | `strimzi` |
| `defaultImageTag` | Default image tag for all the images except Kafka Bridge | `0.40.0` |
| `image.registry` | Override default Cluster Operator image registry | `nil` |
| `image.repository` | Override default Cluster Operator image repository | `nil` |
| `image.name` | Cluster Operator image name | `cluster-operator` |
| `image.tag` | Override default Cluster Operator image tag | `nil` |
| `image.digest` | Override Cluster Operator image tag with digest | `nil` |
| `image.imagePullPolicy` | Image pull policy for all pods deployed by Cluster Operator | `IfNotPresent` |
| `image.imagePullSecrets` | List of Docker registry pull secrets | `[]` |
| `fullReconciliationIntervalMs` | Full reconciliation interval in milliseconds | 120000 |
| `leaderElection.enable` | Whether to enable leader election | `true` |
| `operationTimeoutMs` | Operation timeout in milliseconds | 300000 |
| `operatorNamespaceLabels` | Labels of the namespace where the operator runs | `nil` |
| `podSecurityContext` | Cluster Operator pod's security context | `nil` |
| `priorityClassName` | Cluster Operator pod's priority class name | `nil` |
| `securityContext` | Cluster Operator container's security context | `nil` |
| `rbac.create` | Whether to create RBAC related resources | `yes` |
| `serviceAccountCreate` | Whether to create a service account | `yes` |
| `serviceAccount` | Cluster Operator's service account | `strimzi-cluster-operator` |
| `podDisruptionBudget.enabled` | Whether to enable the podDisruptionBudget feature | `false` |
| `podDisruptionBudget.minAvailable` | Default value for how many pods must be running in a cluster | `1` |
| `podDisruptionBudget.maxUnavailable` | Default value for how many pods can be down | `nil` |
| `extraEnvs` | Extra environment variables for the Cluster operator container | `[]` |
| `kafka.image.registry` | Override default Kafka image registry | `nil` |
| `kafka.image.repository` | Override default Kafka image repository | `nil` |
| `kafka.image.name` | Kafka image name | `kafka` |
| `kafka.image.tagPrefix` | Override default Kafka image tag prefix | `nil` |
| `kafka.image.tag` | Override default Kafka image tag and ignore suffix | `nil` |
| `kafka.image.digest` | Override Kafka image tag with digest | `nil` |
| `kafkaConnect.image.registry` | Override default Kafka Connect image registry | `nil` |
| `kafkaConnect.image.repository` | Override default Kafka Connect image repository | `nil` |
| `kafkaConnect.image.name` | Kafka Connect image name | `kafka` |
| `kafkaConnect.image.tagPrefix` | Override default Kafka Connect image tag prefix | `nil` |
| `kafkaConnect.image.tag` | Override default Kafka Connect image tag and ignore suffix | `nil` |
| `kafkaConnect.image.digest` | Override Kafka Connect image tag with digest | `nil` |
| `kafkaMirrorMaker.image.registry` | Override default Kafka Mirror Maker image registry | `nil` |
| `kafkaMirrorMaker.image.repository` | Override default Kafka Mirror Maker image repository | `nil` |
| `kafkaMirrorMaker.image.name` | Kafka Mirror Maker image name | `kafka` |
| `kafkaMirrorMaker.image.tagPrefix` | Override default Kafka Mirror Maker image tag prefix | `nil` |
| `kafkaMirrorMaker.image.tag` | Override default Kafka Mirror Maker image tag and ignore suffix | `nil` |
| `kafkaMirrorMaker.image.digest` | Override Kafka Mirror Maker image tag with digest | `nil` |
| `cruiseControl.image.registry` | Override default Cruise Control image registry | `nil` |
| `cruiseControl.image.repository` | Override default Cruise Control image repository | `nil` |
| `cruiseControl.image.name` | Cruise Control image name | `kafka` |
| `cruiseControl.image.tagPrefix` | Override default Cruise Control image tag prefix | `nil` |
| `cruiseControl.image.tag` | Override default Cruise Control image tag and ignore suffix | `nil` |
| `cruiseControl.image.digest` | Override Cruise Control image tag with digest | `nil` |
| `topicOperator.image.registry` | Override default Topic Operator image registry | `nil` |
| `topicOperator.image.repository` | Override default Topic Operator image repository | `nil` |
| `topicOperator.image.name` | Topic Operator image name | `operator` |
| `topicOperator.image.tag` | Override default Topic Operator image tag | `nil` |
| `topicOperator.image.digest` | Override Topic Operator image tag with digest | `nil` |
| `userOperator.image.registry` | Override default User Operator image registry | `nil` |
| `userOperator.image.repository` | Override default User Operator image repository | `nil` |
| `userOperator.image.name` | User Operator image name | `operator` |
| `userOperator.image.tag` | Override default User Operator image tag | `nil` |
| `userOperator.image.digest` | Override User Operator image tag with digest | `nil` |
| `kafkaInit.image.registry` | Override default Init Kafka image registry | `nil` |
| `kafkaInit.image.repository` | Override default Init Kafka image repository | `nil` |
| `kafkaInit.image.name` | Init Kafka image name | `operator` |
| `kafkaInit.image.tag` | Override default Init Kafka image tag | `nil` |
| `kafkaInit.image.digest` | Override Init Kafka image tag with digest | `nil` |
| `tlsSidecarEntityOperator.image.registry` | Override default TLS Sidecar Entity Operator image registry | `nil` |
| `tlsSidecarEntityOperator.image.repository` | Override default TLS Sidecar Entity Operator image repository | `nil` |
| `tlsSidecarEntityOperator.image.name` | TLS Sidecar Entity Operator image name | `kafka` |
| `tlsSidecarEntityOperator.image.tagPrefix` | Override default TLS Sidecar Entity Operator image tag prefix | `nil` |
| `tlsSidecarEntityOperator.image.tag` | Override default TLS Sidecar Entity Operator image tag and ignore suffix | `nil` |
| `tlsSidecarEntityOperator.image.digest` | Override TLS Sidecar Entity Operator image tag with digest | `nil` |
| `kafkaBridge.image.registry` | Override default Kafka Bridge image registry | `quay.io` |
| `kafkaBridge.image.repository` | Override default Kafka Bridge image repository | `strimzi` |
| `kafkaBridge.image.name` | Kafka Bridge image name | `kafka-bridge` |
| `kafkaBridge.image.tag` | Override default Kafka Bridge image tag | `0.28.0` |
| `kafkaBridge.image.digest` | Override Kafka Bridge image tag with digest | `nil` |
| `kafkaExporter.image.registry` | Override default Kafka Exporter image registry | `nil` |
| `kafkaExporter.image.repository` | Override default Kafka Exporter image repository | `nil` |
| `kafkaExporter.image.name` | Kafka Exporter image name | `kafka` |
| `kafkaExporter.image.tagPrefix` | Override default Kafka Exporter image tag prefix | `nil` |
| `kafkaExporter.image.tag` | Override default Kafka Exporter image tag and ignore suffix | `nil` |
| `kafkaExporter.image.digest` | Override Kafka Exporter image tag with digest | `nil` |
| `kafkaMirrorMaker2.image.registry` | Override default Kafka Mirror Maker 2 image registry | `nil` |
| `kafkaMirrorMaker2.image.repository` | Override default Kafka Mirror Maker 2 image repository | `nil` |
| `kafkaMirrorMaker2.image.name` | Kafka Mirror Maker 2 image name | `kafka` |
| `kafkaMirrorMaker2.image.tagPrefix` | Override default Kafka Mirror Maker 2 image tag prefix | `nil` |
| `kafkaMirrorMaker2.image.tag` | Override default Kafka Mirror Maker 2 image tag and ignore suffix | `nil` |
| `kafkaMirrorMaker2.image.digest` | Override Kafka Mirror Maker 2 image tag with digest | `nil` |
| `kanikoExecutor.image.registry` | Override default Kaniko Executor image registry | `nil` |
| `kanikoExecutor.image.repository` | Override default Kaniko Executor image repository | `nil` |
| `kanikoExecutor.image.name` | Kaniko Executor image name | `kaniko-executor` |
| `kanikoExecutor.image.tag` | Override default Kaniko Executor image tag | `nil` |
| `kanikoExecutor.image.digest` | Override Kaniko Executor image tag with digest | `nil` |
| `resources.limits.memory` | Memory constraint for limits | `256Mi` |
| `resources.limits.cpu` | CPU constraint for limits | `1000m` |
| `resources.requests.memory` | Memory constraint for requests | `256Mi` |
| `livenessProbe.initialDelaySeconds` | Liveness probe initial delay in seconds | 10 |
| `livenessProbe.periodSeconds` | Liveness probe period in seconds | 30 |
| `readinessProbe.initialDelaySeconds` | Readiness probe initial delay in seconds | 10 |
| `readinessProbe.periodSeconds` | Readiness probe period in seconds | 30 |
| `imageTagOverride` | Override all image tag config | `nil` |
| `createGlobalResources` | Allow creation of cluster-scoped resources | `true` |
| `createAggregateRoles` | Create cluster roles that extend aggregated roles to use Strimzi CRDs | `false` |
| `tolerations` | Add tolerations to Operator Pod | `[]` |
| `affinity` | Add affinities to Operator Pod | `{}` |
| `annotations` | Add annotations to Operator Pod | `{}` |
| `labels` | Add labels to Operator Pod | `{}` |
| `nodeSelector` | Add a node selector to Operator Pod | `{}` |
| `featureGates` | Feature Gates configuration | `nil` |
| `tmpDirSizeLimit` | Set the `sizeLimit` for the tmp dir volume used by the operator | `1Mi` |
| `labelsExclusionPattern` | Override the exclude pattern for exclude some labels | `""` |
| `generateNetworkPolicy` | Controls whether Strimzi generates network policy resources | `true` |
| `connectBuildTimeoutMs` | Overrides the default timeout value for building new Kafka Connect | `300000` |
| `mavenBuilder.image.registry` | Override default Maven Builder image registry | `nil` |
| `mavenBuilder.image.repository` | Maven Builder image repository | `nil` |
| `mavenBuilder.image.name` | Override default Maven Builder image name | `maven-builder` |
| `mavenBuilder.image.tag` | Override default Maven Builder image tag | `nil` |
| `mavenBuilder.image.digest` | Override Maven Builder image tag with digest | `nil` |
| `logConfiguration` | Override default `log4j.properties` content | `nil` |
| `dashboards.enable` | Generate configmaps containing the dashboards | `false` |
| `dashboards.label` | How should the dashboards be labeled for the sidecar | `grafana_dashboard` |
| `dashboards.labelValue` | What should the dashboards label value be for the sidecar | `"1"` |
| `dashboards.extraLabels` | Any additional labels you would like on the dashboards | `{}` |
| `dashboards.namespace` | What namespace should the dashboards be loaded into | `Follows toplevel Namespace` |
| `dashboards.annotations` | Any custom annotations (such as folder for the sidecar) | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install my-strimzi-cluster-operator --set replicas=2 oci://quay.io/strimzi-helm/strimzi-kafka-operator
```

6728
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/040-Crd-kafka.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2122
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/041-Crd-kafkaconnect.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

128
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/042-Crd-strimzipodset.yaml Normal file
View File

@@ -0,0 +1,128 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: strimzipodsets.core.strimzi.io
labels:
app: strimzi
strimzi.io/crd-install: "true"
component: stirmzipodsets.core.strimzi.io-crd
spec:
group: core.strimzi.io
names:
kind: StrimziPodSet
listKind: StrimziPodSetList
singular: strimzipodset
plural: strimzipodsets
shortNames:
- sps
categories:
- strimzi
scope: Namespaced
conversion:
strategy: None
versions:
- name: v1beta2
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Pods
description: Number of pods managed by the StrimziPodSet
jsonPath: .status.pods
type: integer
- name: Ready Pods
description: Number of ready pods managed by the StrimziPodSet
jsonPath: .status.readyPods
type: integer
- name: Current Pods
description: Number of up-to-date pods managed by the StrimziPodSet
jsonPath: .status.currentPods
type: integer
- name: Age
description: Age of the StrimziPodSet
jsonPath: .metadata.creationTimestamp
type: date
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
selector:
type: object
properties:
matchExpressions:
type: array
items:
type: object
properties:
key:
type: string
operator:
type: string
values:
type: array
items:
type: string
matchLabels:
additionalProperties:
type: string
type: object
description: "Selector is a label query which matches all the pods managed by this `StrimziPodSet`. Only `matchLabels` is supported. If `matchExpressions` is set, it will be ignored."
pods:
type: array
items:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The Pods managed by this StrimziPodSet.
required:
- selector
- pods
description: The specification of the StrimziPodSet.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
pods:
type: integer
description: Number of pods managed by this `StrimziPodSet` resource.
readyPods:
type: integer
description: Number of pods managed by this `StrimziPodSet` resource that are ready.
currentPods:
type: integer
description: Number of pods managed by this `StrimziPodSet` resource that have the current revision.
description: The status of the StrimziPodSet.

287
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/043-Crd-kafkatopic.yaml Normal file
View File

@@ -0,0 +1,287 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkatopics.kafka.strimzi.io
labels:
app: strimzi
strimzi.io/crd-install: "true"
component: kafkatopics.kafka.strimzi.io-crd
spec:
group: kafka.strimzi.io
names:
kind: KafkaTopic
listKind: KafkaTopicList
singular: kafkatopic
plural: kafkatopics
shortNames:
- kt
categories:
- strimzi
scope: Namespaced
conversion:
strategy: None
versions:
- name: v1beta2
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this topic belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Partitions
description: The desired number of partitions in the topic
jsonPath: .spec.partitions
type: integer
- name: Replication factor
description: The desired number of replicas of each partition
jsonPath: .spec.replicas
type: integer
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
partitions:
type: integer
minimum: 1
description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`."
replicas:
type: integer
minimum: 1
maximum: 32767
description: The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The topic configuration.
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
description: The specification of the topic.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
topicName:
type: string
description: Topic name.
topicId:
type: string
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
description: The status of the topic.
- name: v1beta1
served: true
storage: false
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this topic belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Partitions
description: The desired number of partitions in the topic
jsonPath: .spec.partitions
type: integer
- name: Replication factor
description: The desired number of replicas of each partition
jsonPath: .spec.replicas
type: integer
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
partitions:
type: integer
minimum: 1
description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`."
replicas:
type: integer
minimum: 1
maximum: 32767
description: The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The topic configuration.
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
description: The specification of the topic.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
topicName:
type: string
description: Topic name.
topicId:
type: string
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
description: The status of the topic.
- name: v1alpha1
served: true
storage: false
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this topic belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Partitions
description: The desired number of partitions in the topic
jsonPath: .spec.partitions
type: integer
- name: Replication factor
description: The desired number of replicas of each partition
jsonPath: .spec.replicas
type: integer
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
partitions:
type: integer
minimum: 1
description: "The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the broker configuration for `num.partitions`."
replicas:
type: integer
minimum: 1
maximum: 32767
description: The number of replicas the topic should have. When absent this will default to the broker configuration for `default.replication.factor`.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: The topic configuration.
topicName:
type: string
description: The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.
description: The specification of the topic.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
topicName:
type: string
description: Topic name.
topicId:
type: string
description: "The topic's id. For a KafkaTopic with the ready condition, this will change only if the topic gets deleted and recreated with the same name."
description: The status of the topic.

716
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml Normal file
View File

@@ -0,0 +1,716 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkausers.kafka.strimzi.io
labels:
app: strimzi
strimzi.io/crd-install: "true"
component: kafkausers.kafka.strimzi.io-crd
spec:
group: kafka.strimzi.io
names:
kind: KafkaUser
listKind: KafkaUserList
singular: kafkauser
plural: kafkausers
shortNames:
- ku
categories:
- strimzi
scope: Namespaced
conversion:
strategy: None
versions:
- name: v1beta2
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this user belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Authentication
description: How the user is authenticated
jsonPath: .spec.authentication.type
type: string
- name: Authorization
description: How the user is authorised
jsonPath: .spec.authorization.type
type: string
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
authentication:
type: object
properties:
password:
type: object
properties:
valueFrom:
type: object
properties:
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Selects a key of a Secret in the resource's namespace.
description: Secret from which the password should be read.
required:
- valueFrom
description: "Specify the password for the user. If not set, a new password is generated by the User Operator."
type:
type: string
enum:
- tls
- tls-external
- scram-sha-512
description: Authentication type.
required:
- type
description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=<username>` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `<username>` format suitable for SASL authentication."
authorization:
type: object
properties:
acls:
type: array
items:
type: object
properties:
host:
type: string
description: The host from which the action described in the ACL rule is allowed or denied.
operation:
type: string
enum:
- Read
- Write
- Create
- Delete
- Alter
- Describe
- ClusterAction
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
- All
description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
operations:
type: array
items:
type: string
enum:
- Read
- Write
- Create
- Delete
- Alter
- Describe
- ClusterAction
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
- All
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
required:
- resource
description: List of ACL rules which should be applied to this user.
type:
type: string
enum:
- simple
description: Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules.
required:
- acls
- type
description: Authorization rules for this Kafka user.
quotas:
type: object
properties:
consumerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
controllerMutationRate:
type: number
minimum: 0
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
template:
type: object
properties:
secret:
type: object
properties:
metadata:
type: object
properties:
labels:
additionalProperties:
type: string
type: object
description: Labels added to the Kubernetes resource.
annotations:
additionalProperties:
type: string
type: object
description: Annotations added to the Kubernetes resource.
description: Metadata applied to the resource.
description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated.
description: Template to specify how Kafka User `Secrets` are generated.
description: The specification of the user.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
username:
type: string
description: Username.
secret:
type: string
description: The name of `Secret` where the credentials are stored.
description: The status of the Kafka User.
- name: v1beta1
served: true
storage: false
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this user belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Authentication
description: How the user is authenticated
jsonPath: .spec.authentication.type
type: string
- name: Authorization
description: How the user is authorised
jsonPath: .spec.authorization.type
type: string
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
authentication:
type: object
properties:
password:
type: object
properties:
valueFrom:
type: object
properties:
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Selects a key of a Secret in the resource's namespace.
description: Secret from which the password should be read.
required:
- valueFrom
description: "Specify the password for the user. If not set, a new password is generated by the User Operator."
type:
type: string
enum:
- tls
- tls-external
- scram-sha-512
description: Authentication type.
required:
- type
description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=<username>` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `<username>` format suitable for SASL authentication."
authorization:
type: object
properties:
acls:
type: array
items:
type: object
properties:
host:
type: string
description: The host from which the action described in the ACL rule is allowed or denied.
operation:
type: string
enum:
- Read
- Write
- Create
- Delete
- Alter
- Describe
- ClusterAction
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
- All
description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
operations:
type: array
items:
type: string
enum:
- Read
- Write
- Create
- Delete
- Alter
- Describe
- ClusterAction
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
- All
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
required:
- resource
description: List of ACL rules which should be applied to this user.
type:
type: string
enum:
- simple
description: Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules.
required:
- acls
- type
description: Authorization rules for this Kafka user.
quotas:
type: object
properties:
consumerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
controllerMutationRate:
type: number
minimum: 0
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
template:
type: object
properties:
secret:
type: object
properties:
metadata:
type: object
properties:
labels:
additionalProperties:
type: string
type: object
description: Labels added to the Kubernetes resource.
annotations:
additionalProperties:
type: string
type: object
description: Annotations added to the Kubernetes resource.
description: Metadata applied to the resource.
description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated.
description: Template to specify how Kafka User `Secrets` are generated.
description: The specification of the user.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
username:
type: string
description: Username.
secret:
type: string
description: The name of `Secret` where the credentials are stored.
description: The status of the Kafka User.
- name: v1alpha1
served: true
storage: false
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this user belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Authentication
description: How the user is authenticated
jsonPath: .spec.authentication.type
type: string
- name: Authorization
description: How the user is authorised
jsonPath: .spec.authorization.type
type: string
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
authentication:
type: object
properties:
password:
type: object
properties:
valueFrom:
type: object
properties:
secretKeyRef:
type: object
properties:
key:
type: string
name:
type: string
optional:
type: boolean
description: Selects a key of a Secret in the resource's namespace.
description: Secret from which the password should be read.
required:
- valueFrom
description: "Specify the password for the user. If not set, a new password is generated by the User Operator."
type:
type: string
enum:
- tls
- tls-external
- scram-sha-512
description: Authentication type.
required:
- type
description: "Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. \n\n* `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials.\n* `tls` generates a secret with user certificate for mutual TLS authentication.\n* `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator.\n ACLs and quotas set for this user are configured in the `CN=<username>` format.\n\nAuthentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `<username>` format suitable for SASL authentication."
authorization:
type: object
properties:
acls:
type: array
items:
type: object
properties:
host:
type: string
description: The host from which the action described in the ACL rule is allowed or denied.
operation:
type: string
enum:
- Read
- Write
- Create
- Delete
- Alter
- Describe
- ClusterAction
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
- All
description: "Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
operations:
type: array
items:
type: string
enum:
- Read
- Write
- Create
- Delete
- Alter
- Describe
- ClusterAction
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
- All
description: "List of operations which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All."
resource:
type: object
properties:
name:
type: string
description: Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
patternType:
type: string
enum:
- literal
- prefix
description: "Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`."
type:
type: string
enum:
- topic
- group
- cluster
- transactionalId
description: "Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`."
required:
- type
description: Indicates the resource for which given ACL rule applies.
type:
type: string
enum:
- allow
- deny
description: The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
required:
- resource
description: List of ACL rules which should be applied to this user.
type:
type: string
enum:
- simple
description: Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules.
required:
- acls
- type
description: Authorization rules for this Kafka user.
quotas:
type: object
properties:
consumerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.
controllerMutationRate:
type: number
minimum: 0
description: "A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted."
producerByteRate:
type: integer
minimum: 0
description: A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.
requestPercentage:
type: integer
minimum: 0
description: A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.
description: Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas.
template:
type: object
properties:
secret:
type: object
properties:
metadata:
type: object
properties:
labels:
additionalProperties:
type: string
type: object
description: Labels added to the Kubernetes resource.
annotations:
additionalProperties:
type: string
type: object
description: Annotations added to the Kubernetes resource.
description: Metadata applied to the resource.
description: Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated.
description: Template to specify how Kafka User `Secrets` are generated.
description: The specification of the user.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
username:
type: string
description: Username.
secret:
type: string
description: The name of `Secret` where the credentials are stored.
description: The status of the Kafka User.

1296
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/045-Crd-kafkamirrormaker.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1241
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/046-Crd-kafkabridge.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

148
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/047-Crd-kafkaconnector.yaml Normal file
View File

@@ -0,0 +1,148 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkaconnectors.kafka.strimzi.io
labels:
app: strimzi
strimzi.io/crd-install: "true"
component: kafkaconnectors.kafka.strimzi.io-crd
spec:
group: kafka.strimzi.io
names:
kind: KafkaConnector
listKind: KafkaConnectorList
singular: kafkaconnector
plural: kafkaconnectors
shortNames:
- kctr
categories:
- strimzi
scope: Namespaced
conversion:
strategy: None
versions:
- name: v1beta2
served: true
storage: true
subresources:
status: {}
scale:
specReplicasPath: .spec.tasksMax
statusReplicasPath: .status.tasksMax
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka Connect cluster this connector belongs to
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: Connector class
description: The class used by this connector
jsonPath: .spec.class
type: string
- name: Max Tasks
description: Maximum number of tasks
jsonPath: .spec.tasksMax
type: integer
- name: Ready
description: The state of the custom resource
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
class:
type: string
description: The Class for the Kafka Connector.
tasksMax:
type: integer
minimum: 1
description: The maximum number of tasks for the Kafka Connector.
autoRestart:
type: object
properties:
enabled:
type: boolean
description: Whether automatic restart for failed connectors and tasks should be enabled or disabled.
maxRestarts:
type: integer
description: "The maximum number of connector restarts that the operator will try. If the connector remains in a failed state after reaching this limit, it must be restarted manually by the user. Defaults to an unlimited number of restarts."
description: Automatic restart of connector and tasks configuration.
config:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max."
pause:
type: boolean
description: Whether the connector should be paused. Defaults to false.
state:
type: string
enum:
- paused
- stopped
- running
description: The state the connector should be in. Defaults to running.
description: The specification of the Kafka Connector.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
autoRestart:
type: object
properties:
count:
type: integer
description: The number of times the connector or task is restarted.
connectorName:
type: string
description: The name of the connector being restarted.
lastRestartTimestamp:
type: string
description: The last time the automatic restart was attempted. The required format is 'yyyy-MM-ddTHH:mm:ssZ' in the UTC time zone.
description: The auto restart status.
connectorStatus:
x-kubernetes-preserve-unknown-fields: true
type: object
description: "The connector status, as reported by the Kafka Connect REST API."
tasksMax:
type: integer
description: The maximum number of tasks for the Kafka Connector.
topics:
type: array
items:
type: string
description: The list of topics used by the Kafka Connector.
description: The status of the Kafka Connector.

2185
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/048-Crd-kafkamirrormaker2.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

151
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/049-Crd-kafkarebalance.yaml Normal file
View File

@@ -0,0 +1,151 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: kafkarebalances.kafka.strimzi.io
labels:
app: strimzi
strimzi.io/crd-install: "true"
component: kafkarebalances.kafka.strimzi.io-crd
spec:
group: kafka.strimzi.io
names:
kind: KafkaRebalance
listKind: KafkaRebalanceList
singular: kafkarebalance
plural: kafkarebalances
shortNames:
- kr
categories:
- strimzi
scope: Namespaced
conversion:
strategy: None
versions:
- name: v1beta2
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Cluster
description: The name of the Kafka cluster this resource rebalances
jsonPath: .metadata.labels.strimzi\.io/cluster
type: string
- name: PendingProposal
description: A proposal has been requested from Cruise Control
jsonPath: ".status.conditions[?(@.type==\"PendingProposal\")].status"
type: string
- name: ProposalReady
description: A proposal is ready and waiting for approval
jsonPath: ".status.conditions[?(@.type==\"ProposalReady\")].status"
type: string
- name: Rebalancing
description: Cruise Control is doing the rebalance
jsonPath: ".status.conditions[?(@.type==\"Rebalancing\")].status"
type: string
- name: Ready
description: The rebalance is complete
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
type: string
- name: NotReady
description: There is an error on the custom resource
jsonPath: ".status.conditions[?(@.type==\"NotReady\")].status"
type: string
schema:
openAPIV3Schema:
type: object
properties:
apiVersion:
type: string
description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
kind:
type: string
description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
metadata:
type: object
spec:
type: object
properties:
mode:
type: string
enum:
- full
- add-brokers
- remove-brokers
description: "Mode to run the rebalancing. The supported modes are `full`, `add-brokers`, `remove-brokers`.\nIf not specified, the `full` mode is used by default. \n\n* `full` mode runs the rebalancing across all the brokers in the cluster.\n* `add-brokers` mode can be used after scaling up the cluster to move some replicas to the newly added brokers.\n* `remove-brokers` mode can be used before scaling down the cluster to move replicas out of the brokers to be removed.\n"
brokers:
type: array
items:
type: integer
description: The list of newly added brokers in case of scaling up or the ones to be removed in case of scaling down to use for rebalancing. This list can be used only with rebalancing mode `add-brokers` and `removed-brokers`. It is ignored with `full` mode.
goals:
type: array
items:
type: string
description: "A list of goals, ordered by decreasing priority, to use for generating and executing the rebalance proposal. The supported goals are available at https://github.com/linkedin/cruise-control#goals. If an empty goals list is provided, the goals declared in the default.goals Cruise Control configuration parameter are used."
skipHardGoalCheck:
type: boolean
description: Whether to allow the hard goals specified in the Kafka CR to be skipped in optimization proposal generation. This can be useful when some of those hard goals are preventing a balance solution being found. Default is false.
rebalanceDisk:
type: boolean
description: "Enables intra-broker disk balancing, which balances disk space utilization between disks on the same broker. Only applies to Kafka deployments that use JBOD storage with multiple disks. When enabled, inter-broker balancing is disabled. Default is false."
excludedTopics:
type: string
description: A regular expression where any matching topics will be excluded from the calculation of optimization proposals. This expression will be parsed by the java.util.regex.Pattern class; for more information on the supported format consult the documentation for that class.
concurrentPartitionMovementsPerBroker:
type: integer
minimum: 0
description: The upper bound of ongoing partition replica movements going into/out of each broker. Default is 5.
concurrentIntraBrokerPartitionMovements:
type: integer
minimum: 0
description: The upper bound of ongoing partition replica movements between disks within each broker. Default is 2.
concurrentLeaderMovements:
type: integer
minimum: 0
description: The upper bound of ongoing partition leadership movements. Default is 1000.
replicationThrottle:
type: integer
minimum: 0
description: "The upper bound, in bytes per second, on the bandwidth used to move replicas. There is no limit by default."
replicaMovementStrategies:
type: array
items:
type: string
description: "A list of strategy class names used to determine the execution order for the replica movements in the generated optimization proposal. By default BaseReplicaMovementStrategy is used, which will execute the replica movements in the order that they were generated."
description: The specification of the Kafka rebalance.
status:
type: object
properties:
conditions:
type: array
items:
type: object
properties:
type:
type: string
description: "The unique identifier of a condition, used to distinguish between other conditions in the resource."
status:
type: string
description: "The status of the condition, either True, False or Unknown."
lastTransitionTime:
type: string
description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone."
reason:
type: string
description: The reason for the condition's last transition (a single word in CamelCase).
message:
type: string
description: Human-readable message indicating details about the condition's last transition.
description: List of status conditions.
observedGeneration:
type: integer
description: The generation of the CRD that was last reconciled by the operator.
sessionId:
type: string
description: The session identifier for requests to Cruise Control pertaining to this KafkaRebalance resource. This is used by the Kafka Rebalance operator to track the status of ongoing rebalancing operations.
optimizationResult:
x-kubernetes-preserve-unknown-fields: true
type: object
description: A JSON object describing the optimization result.
description: The status of the Kafka rebalance.

1002
packages/system/kafka-operator/charts/strimzi-kafka-operator/crds/04A-Crd-kafkanodepool.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/.templateignore Normal file
View File

@@ -0,0 +1 @@
*.json

2239
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-cruise-control.json Normal file
View File

File diff suppressed because it is too large Load Diff

3397
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-bridge.json Normal file
View File

File diff suppressed because it is too large Load Diff

1852
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-connect.json Normal file
View File

File diff suppressed because it is too large Load Diff

1649
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-exporter.json Normal file
View File

File diff suppressed because it is too large Load Diff

2541
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-mirror-maker-2.json Normal file
View File

File diff suppressed because it is too large Load Diff

827
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka-oauth.json Normal file
View File

@@ -0,0 +1,827 @@
{
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "7.3.7"
},
{
"type": "panel",
"id": "graph",
"name": "Graph",
"version": "5.0.0"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "5.0.0"
},
{
"type": "panel",
"id": "singlestat",
"name": "Singlestat",
"version": "5.0.0"
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"iteration": 1687301303076,
"links": [],
"panels": [
{
"collapsed": false,
"datasource": null,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 68
},
"id": 118,
"panels": [],
"title": "OAuth",
"type": "row"
},
{
"aliasColors": {},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_PROMETHEUS}",
"description": "",
"fieldConfig": {
"defaults": {
"custom": {},
"unit": "none"
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 69
},
"hiddenSeries": false,
"id": 109,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": false,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "7.3.7",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "irate(strimzi_oauth_http_requests_count{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}[$__rate_interval]) * 30",
"format": "time_series",
"instant": false,
"interval": "60s",
"intervalFactor": 1,
"legendFormat": "[{{context}}] {{host}} (Status: {{status}})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "OAuth HTTP Request Count",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:113",
"decimals": 0,
"format": "none",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:114",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_PROMETHEUS}",
"description": "",
"fieldConfig": {
"defaults": {
"custom": {},
"unit": "none"
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 69
},
"hiddenSeries": false,
"id": 112,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": false,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "7.3.7",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "irate(strimzi_oauth_validation_requests_count{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}[$__rate_interval]) * 30",
"format": "time_series",
"instant": false,
"interval": "60s",
"intervalFactor": 1,
"legendFormat": "[{{context}}] {{host}} ({{outcome}})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "OAuth Validation Request Count",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:113",
"decimals": 0,
"format": "none",
"label": "",
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"$$hashKey": "object:114",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": "auto",
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_PROMETHEUS}",
"description": "",
"fieldConfig": {
"defaults": {
"custom": {},
"unit": "none"
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 77
},
"hiddenSeries": false,
"id": 110,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "7.3.7",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": true,
"targets": [
{
"exemplar": true,
"expr": "strimzi_oauth_http_requests_count{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}",
"format": "time_series",
"instant": false,
"interval": "60s",
"intervalFactor": 1,
"legendFormat": "[{{context}}] {{host}} (Status: {{status}})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "OAuth HTTP Total Request Count",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:113",
"decimals": 0,
"format": "none",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:114",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_PROMETHEUS}",
"description": "",
"fieldConfig": {
"defaults": {
"custom": {},
"unit": "none"
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 77
},
"hiddenSeries": false,
"id": 111,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "7.3.7",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": true,
"targets": [
{
"exemplar": true,
"expr": "strimzi_oauth_validation_requests_count{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}",
"format": "time_series",
"instant": false,
"interval": "60s",
"intervalFactor": 1,
"legendFormat": "[{{context}}] {{host}} ({{outcome}})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "OAuth Validation Total Request Count",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:113",
"decimals": 0,
"format": "none",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:114",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_PROMETHEUS}",
"description": "",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 85
},
"hiddenSeries": false,
"id": 114,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": false,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "7.3.7",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "irate(strimzi_oauth_http_requests_totaltimems{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}[$__rate_interval]) / irate(strimzi_oauth_http_requests_count{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}[$__rate_interval])",
"format": "time_series",
"instant": false,
"interval": "60s",
"intervalFactor": 1,
"legendFormat": "[{{context}}] {{host}} (Status: {{status}})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "OAuth HTTP Request Time (ms / req)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:113",
"decimals": 0,
"format": "ms",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:114",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_PROMETHEUS}",
"description": "",
"fieldConfig": {
"defaults": {
"custom": {}
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 85
},
"hiddenSeries": false,
"id": 113,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": false,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "7.3.7",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "irate(strimzi_oauth_validation_requests_totaltimems{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}[$__rate_interval]) / irate(strimzi_oauth_validation_requests_count{namespace=\"$kubernetes_namespace\",pod=~\"$strimzi_cluster_name-$kafka_broker\"}[$__rate_interval])\n",
"format": "time_series",
"instant": false,
"interval": "60s",
"intervalFactor": 1,
"legendFormat": "[{{context}}] {{host}} ({{outcome}})",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "OAuth Validation Request Time (ms / req)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:113",
"decimals": 0,
"format": "ms",
"label": "",
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"$$hashKey": "object:114",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": "auto",
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "5s",
"schemaVersion": 26,
"style": "dark",
"tags": [
"Strimzi",
"Kafka"
],
"templating": {
"list": [
{
"current": {},
"error": null,
"hide": 0,
"includeAll": false,
"label": "datasource",
"multi": false,
"name": "DS_PROMETHEUS",
"options": [],
"query": "prometheus",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"allFormat": "glob",
"allValue": null,
"current": {},
"datasource": "${DS_PROMETHEUS}",
"definition": "",
"error": null,
"hide": 0,
"includeAll": false,
"label": "Namespace",
"multi": false,
"name": "kubernetes_namespace",
"options": [],
"query": "query_result(kafka_server_replicamanager_leadercount)",
"refresh": 1,
"regex": "/.*namespace=\"([^\"]*).*/",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allFormat": "glob",
"allValue": null,
"current": {},
"datasource": "${DS_PROMETHEUS}",
"definition": "",
"error": null,
"hide": 0,
"includeAll": false,
"label": "Cluster Name",
"multi": false,
"name": "strimzi_cluster_name",
"options": [],
"query": "query_result(kafka_server_replicamanager_leadercount{namespace=\"$kubernetes_namespace\"})",
"refresh": 1,
"regex": "/.*strimzi_io_cluster=\"([^\"]*).*/",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allFormat": "glob",
"allValue": ".*",
"current": {},
"datasource": "${DS_PROMETHEUS}",
"definition": "",
"error": null,
"hide": 0,
"includeAll": true,
"label": "Broker",
"multi": false,
"name": "kafka_broker",
"options": [],
"query": "query_result(kafka_server_replicamanager_leadercount{namespace=\"$kubernetes_namespace\",strimzi_io_cluster=\"$strimzi_cluster_name\"})",
"refresh": 1,
"regex": "/.*pod_name=\"$strimzi_cluster_name-([^\"]*).*/",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Strimzi Kafka OAuth",
"uid": "aa66282eda2b42a2b9304fb2934f940f",
"version": 2
}

3196
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kafka.json Normal file
View File

File diff suppressed because it is too large Load Diff

2241
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-kraft.json Normal file
View File

File diff suppressed because it is too large Load Diff

1868
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-operators.json Normal file
View File

File diff suppressed because it is too large Load Diff

1522
packages/system/kafka-operator/charts/strimzi-kafka-operator/files/grafana-dashboards/strimzi-zookeeper.json Normal file
View File

File diff suppressed because it is too large Load Diff

13
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/010-ServiceAccount-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccountCreate -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: service-account
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end -}}

166
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/020-ClusterRole-strimzi-cluster-operator-role.yaml Normal file
View File

@@ -0,0 +1,166 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-cluster-operator-namespaced
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
# Resources in this role are used by the operator based on an operand being deployed in some namespace. When needed, you
# can deploy the operator as a cluster-wide operator. But grant the rights listed in this role only on the namespaces
# where the operands will be deployed. That way, you can limit the access the operator has to other namespaces where it
# does not manage any clusters.
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
# The cluster operator needs to access and manage rolebindings to grant Strimzi components cluster permissions
- rolebindings
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
# The cluster operator needs to access and manage roles to grant the entity operator permissions
- roles
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- ""
resources:
# The cluster operator needs to access and delete pods, this is to allow it to monitor pod health and coordinate rolling updates
- pods
# The cluster operator needs to access and manage service accounts to grant Strimzi components cluster permissions
- serviceaccounts
# The cluster operator needs to access and manage config maps for Strimzi components configuration
- configmaps
# The cluster operator needs to access and manage services and endpoints to expose Strimzi components to network traffic
- services
- endpoints
# The cluster operator needs to access and manage secrets to handle credentials
- secrets
# The cluster operator needs to access and manage persistent volume claims to bind them to Strimzi components for persistent data
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- "apps"
resources:
# The cluster operator needs to access and manage deployments to run deployment based Strimzi components
- deployments
# The cluster operator needs to access and manage stateful sets to run stateful sets based Strimzi components
- statefulsets
# The cluster operator needs to access replica-sets to manage Strimzi components and to determine error states
- replicasets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- "apps"
resources:
# The Cluster Operator needs to scale Deployments while migrating Connect and Mirror Maker 2 clusters from Deployments to StrimziPodSets
- deployments/scale
verbs:
- get
- patch
- update
- apiGroups:
- "" # legacy core events api, used by topic operator
- "events.k8s.io" # new events api, used by cluster operator
resources:
# The cluster operator needs to be able to create events and delegate permissions to do so
- events
verbs:
- create
- apiGroups:
# Kafka Connect Build on OpenShift requirement
- build.openshift.io
resources:
- buildconfigs
- buildconfigs/instantiate
- builds
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
# The cluster operator needs to access and manage network policies to lock down communication between Strimzi components
- networkpolicies
# The cluster operator needs to access and manage ingresses which allow external access to the services in a cluster
- ingresses
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- route.openshift.io
resources:
# The cluster operator needs to access and manage routes to expose Strimzi components for external access
- routes
- routes/custom-host
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- image.openshift.io
resources:
# The cluster operator needs to verify the image stream when used for Kafka Connect image build
- imagestreams
verbs:
- get
- apiGroups:
- policy
resources:
# The cluster operator needs to access and manage pod disruption budgets this limits the number of concurrent disruptions
# that a Strimzi component experiences, allowing for higher availability
- poddisruptionbudgets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
{{- end -}}

33
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/020-RoleBinding-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.rbac.create -}}
{{- $root := . -}}
{{- range append .Values.watchNamespaces .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if $root.Values.watchAnyNamespace }}
kind: ClusterRoleBinding
{{- else }}
kind: RoleBinding
{{- end }}
metadata:
{{- if $root.Values.watchAnyNamespace }}
name: strimzi-cluster-operator-namespaced
{{- else }}
name: strimzi-cluster-operator
{{- end }}
namespace: {{ . }}
labels:
app: {{ template "strimzi.name" $root }}
chart: {{ template "strimzi.chart" $root }}
component: role-binding
release: {{ $root.Release.Name }}
heritage: {{ $root.Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ $root.Values.serviceAccount }}
namespace: {{ $root.Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-cluster-operator-namespaced
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}

44
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/021-ClusterRole-strimzi-cluster-operator-role.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-cluster-operator-global
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
# The cluster operator needs to create and manage cluster role bindings in the case of an install where a user
# has specified they want their cluster role bindings generated
- clusterrolebindings
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- storage.k8s.io
resources:
# The cluster operator requires "get" permissions to view storage class details
# This is because only a persistent volume of a supported storage class type can be resized
- storageclasses
verbs:
- get
- apiGroups:
- ""
resources:
# The cluster operator requires "list" permissions to view all nodes in a cluster
# The listing is used to determine the node addresses when NodePort access is configured
# These addresses are then exposed in the custom resource states
- nodes
verbs:
- list
{{- end -}}

20
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/021-ClusterRoleBinding-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: strimzi-cluster-operator
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: role-binding
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-cluster-operator-global
apiGroup: rbac.authorization.k8s.io
{{- end -}}

37
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/022-ClusterRole-strimzi-cluster-operator-role.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-cluster-operator-leader-election
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- coordination.k8s.io
resources:
# The cluster operator needs to access and manage leases for leader election
# The "create" verb cannot be used with "resourceNames"
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
# The cluster operator needs to access and manage leases for leader election
- leases
resourceNames:
# The default RBAC files give the operator only access to the Lease resource names strimzi-cluster-operator
# If you want to use another resource name or resource namespace, you have to configure the RBAC resources accordingly
- strimzi-cluster-operator
verbs:
- get
- list
- watch
- delete
- patch
- update
{{- end -}}

21
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/022-RoleBinding-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: strimzi-cluster-operator-leader-election
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: role-binding
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-cluster-operator-leader-election
apiGroup: rbac.authorization.k8s.io
{{- end }}

82
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/023-ClusterRole-strimzi-cluster-operator-role.yaml Normal file
View File

@@ -0,0 +1,82 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-cluster-operator-watched
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
# Resources in this role are being watched by the operator. When operator is deployed as cluster-wide, these permissions
# need to be granted to the operator on a cluster wide level as well, even if the operands will be deployed only in
# few of the namespaces in given cluster. This is required to set up the Kubernetes watches and informers.
# Note: The rights included in this role might change in the future
- apiGroups:
- ""
resources:
# The cluster operator needs to access and delete pods, this is to allow it to monitor pod health and coordinate rolling updates
- pods
verbs:
- watch
- list
- apiGroups:
- "kafka.strimzi.io"
resources:
# The Cluster Operator operates the Strimzi custom resources
- kafkas
- kafkanodepools
- kafkaconnects
- kafkaconnectors
- kafkamirrormakers
- kafkabridges
- kafkamirrormaker2s
- kafkarebalances
verbs:
- get
- list
- watch
- create
- patch
- update
- apiGroups:
- "kafka.strimzi.io"
resources:
# The Cluster Operator needs to manage the status of the Strimzi custom resources
- kafkas/status
- kafkanodepools/status
- kafkaconnects/status
- kafkaconnectors/status
- kafkamirrormakers/status
- kafkabridges/status
- kafkamirrormaker2s/status
- kafkarebalances/status
verbs:
- get
- patch
- update
- apiGroups:
- "core.strimzi.io"
resources:
# The cluster operator uses StrimziPodSets to manage the Kafka and ZooKeeper pods
- strimzipodsets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- "core.strimzi.io"
resources:
# The Cluster Operator needs to manage the status of the StrimziPodSet custom resource
- strimzipodsets/status
verbs:
- get
- patch
- update
{{- end -}}

33
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/023-RoleBinding-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.rbac.create }}
{{- $root := . -}}
{{- range append .Values.watchNamespaces .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if $root.Values.watchAnyNamespace }}
kind: ClusterRoleBinding
{{- else }}
kind: RoleBinding
{{- end }}
metadata:
{{- if $root.Values.watchAnyNamespace }}
name: strimzi-cluster-operator-watched
{{- else }}
name: strimzi-cluster-operator-watched
{{- end }}
namespace: {{ . }}
labels:
app: {{ template "strimzi.name" $root }}
chart: {{ template "strimzi.chart" $root }}
component: role-binding
release: {{ $root.Release.Name }}
heritage: {{ $root.Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ $root.Values.serviceAccount }}
namespace: {{ $root.Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-cluster-operator-watched
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}

21
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/030-ClusterRole-strimzi-kafka-broker.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-kafka-broker
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: broker-role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
# The Kafka Brokers require "get" permissions to view the node they are on
# This information is used to generate a Rack ID that is used for High Availability configurations
- nodes
verbs:
- get
{{- end -}}

23
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/030-ClusterRoleBinding-strimzi-cluster-operator-kafka-broker-delegation.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: strimzi-cluster-operator-kafka-broker-delegation
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: broker-role-binding
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
# The Kafka broker cluster role must be bound to the cluster operator service account so that it can delegate the cluster role to the Kafka brokers.
# This must be done to avoid escalating privileges which would be blocked by Kubernetes.
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-kafka-broker
apiGroup: rbac.authorization.k8s.io
{{- end -}}

69
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/031-ClusterRole-strimzi-entity-operator.yaml Normal file
View File

@@ -0,0 +1,69 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-entity-operator
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: entity-operator-role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- "kafka.strimzi.io"
resources:
# The Entity Operator contains the Topic Operator which needs to access and manage KafkaTopic resources
- kafkatopics
verbs:
- get
- list
- watch
- create
- patch
- update
- delete
- apiGroups:
- "kafka.strimzi.io"
resources:
# The Entity Operator contains the User Operator which needs to access and manage KafkaUser resources
- kafkausers
verbs:
- get
- list
- watch
- create
- patch
- update
- apiGroups:
- "kafka.strimzi.io"
resources:
# The Entity Operator contains the Topic Operator which needs to access and manage KafkaTopic resources
- kafkatopics/status
# The Entity Operator contains the User Operator which needs to access and manage KafkaUser resources
- kafkausers/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
# The entity operator needs to be able to create events
- create
- apiGroups:
- ""
resources:
# The entity operator user-operator needs to access and manage secrets to store generated credentials
- secrets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
{{- end -}}

31
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.rbac.create }}
{{- $root := . -}}
{{- range append .Values.watchNamespaces .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if $root.Values.watchAnyNamespace }}
kind: ClusterRoleBinding
{{- else }}
kind: RoleBinding
{{- end }}
metadata:
name: strimzi-cluster-operator-entity-operator-delegation
namespace: {{ . }}
labels:
app: {{ template "strimzi.name" $root }}
chart: {{ template "strimzi.chart" $root }}
component: entity-operator-role-binding
release: {{ $root.Release.Name }}
heritage: {{ $root.Release.Service }}
# The Entity Operator cluster role must be bound to the cluster operator service account so that it can delegate the cluster role to the Entity Operator.
# This must be done to avoid escalating privileges which would be blocked by Kubernetes.
subjects:
- kind: ServiceAccount
name: {{ $root.Values.serviceAccount }}
namespace: {{ $root.Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-entity-operator
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}

22
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/033-ClusterRole-strimzi-kafka-client.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-kafka-client
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: client-role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
# The Kafka clients (Connect, Mirror Maker, etc.) require "get" permissions to view the node they are on
# This information is used to generate a Rack ID (client.rack option) that is used for consuming from the closest
# replicas when enabled
- nodes
verbs:
- get
{{- end -}}

24
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/033-ClusterRoleBinding-strimzi-cluster-operator-kafka-client-delegation.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if and .Values.rbac.create .Values.createGlobalResources -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: strimzi-cluster-operator-kafka-client-delegation
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: client-role-binding
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
# The Kafka clients cluster role must be bound to the cluster operator service account so that it can delegate the
# cluster role to the Kafka clients using it for consuming from closest replica.
# This must be done to avoid escalating privileges which would be blocked by Kubernetes.
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: strimzi-kafka-client
apiGroup: rbac.authorization.k8s.io
{{- end -}}

40
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/050-ConfigMap-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,40 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ .Values.logConfigMap }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: logging-config-map
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
log4j2.properties: |
{{- if .Values.logConfiguration }}
{{- tpl .Values.logConfiguration . | nindent 4 }}
{{- else }}
name = COConfig
monitorInterval = 30
appender.console.type = Console
appender.console.name = STDOUT
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
rootLogger.level = {{ default .Values.logLevel .Values.logLevelOverride }}
rootLogger.appenderRefs = stdout
rootLogger.appenderRef.console.ref = STDOUT
# Kafka AdminClient logging is a bit noisy at INFO level
logger.kafka.name = org.apache.kafka
logger.kafka.level = WARN
# Zookeeper is very verbose even on INFO level -> We set it to WARN by default
logger.zookeepertrustmanager.name = org.apache.zookeeper
logger.zookeepertrustmanager.level = WARN
# Keeps separate level for Netty logging -> to not be changed by the root logger
logger.netty.name = io.netty
logger.netty.level = INFO
{{- end }}

16
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/051-PodDisruptionBudget-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.podDisruptionBudget.enabled -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: strimzi-cluster-operator-pdb
spec:
selector:
matchLabels:
name: strimzi-cluster-operator
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
{{- end }}

187
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/060-Deployment-strimzi-cluster-operator.yaml Normal file
View File

@@ -0,0 +1,187 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: strimzi-cluster-operator
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: deployment
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
name: strimzi-cluster-operator
strimzi.io/kind: cluster-operator
template:
metadata:
labels:
name: strimzi-cluster-operator
strimzi.io/kind: cluster-operator
{{- with .Values.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
{{- /* imagePullSecrets is allowed to be for backwards compatibility */ -}}
{{- if kindIs "string" .Values.image.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.image.imagePullSecrets }}
{{- else if kindIs "slice" .Values.image.imagePullSecrets }}
imagePullSecrets:
{{- with .Values.image.imagePullSecrets }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext: {{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: strimzi-tmp
emptyDir:
medium: Memory
sizeLimit: {{ .Values.tmpDirSizeLimit }}
- name: {{ .Values.logVolume }}
configMap:
name: {{ .Values.logConfigMap }}
containers:
- name: strimzi-cluster-operator
image: {{ template "strimzi.image" (set . "key" "") }}
ports:
- containerPort: 8080
name: http
{{- if .Values.image.imagePullPolicy }}
imagePullPolicy: {{ .Values.image.imagePullPolicy | quote }}
{{- end }}
args:
- /opt/strimzi/bin/cluster_operator_run.sh
volumeMounts:
- name: strimzi-tmp
mountPath: /tmp
- name: {{ .Values.logVolume }}
mountPath: /opt/strimzi/custom-config/
env:
- name: STRIMZI_NAMESPACE
{{- if .Values.watchAnyNamespace }}
value: "*"
{{- else }}
{{- if .Values.watchNamespaces -}}
{{- $ns := .Values.watchNamespaces -}}
{{- $ns := append $ns .Release.Namespace }}
value: "{{ join "," $ns }}"
{{- else }}
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end }}
{{- end }}
- name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS
value: {{ .Values.fullReconciliationIntervalMs | quote }}
- name: STRIMZI_OPERATION_TIMEOUT_MS
value: {{ .Values.operationTimeoutMs | quote }}
{{- template "strimzi.kafka.image.map" . }}
- name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE
value: {{ template "strimzi.image" (set . "key" "topicOperator") }}
- name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE
value: {{ template "strimzi.image" (set . "key" "userOperator") }}
- name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE
value: {{ template "strimzi.image" (set . "key" "kafkaInit") }}
- name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE
value: {{ template "strimzi.image" (set . "key" "kafkaBridge") }}
- name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE
value: {{ template "strimzi.image" (set . "key" "kanikoExecutor") }}
- name: STRIMZI_DEFAULT_MAVEN_BUILDER
value: {{ template "strimzi.image" (set . "key" "mavenBuilder") }}
- name: STRIMZI_OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- /* imagePullSecrets is allowed to be for backwards compatibility */ -}}
{{- if kindIs "string" .Values.image.imagePullSecrets }}
- name: STRIMZI_IMAGE_PULL_SECRETS
value: {{ .Values.image.imagePullSecrets }}
{{- else if kindIs "slice" .Values.image.imagePullSecrets }}
- name: STRIMZI_IMAGE_PULL_SECRETS
value: {{ template "strimzi.listPluck" (dict "list" .Values.image.imagePullSecrets "key" "name") }}
{{- end }}
{{- if .Values.image.operatorNamespaceLabels }}
- name: STRIMZI_OPERATOR_NAMESPACE_LABELS
value: {{ .Values.image.operatorNamespaceLabels }}
{{- end }}
{{- if .Values.image.imagePullPolicy }}
- name: STRIMZI_IMAGE_PULL_POLICY
value: {{ .Values.image.imagePullPolicy }}
{{- end }}
{{ if ne .Values.kubernetesServiceDnsDomain "cluster.local" }}- name: KUBERNETES_SERVICE_DNS_DOMAIN
value: {{ .Values.kubernetesServiceDnsDomain | quote }}{{ end }}
- name: STRIMZI_FEATURE_GATES
value: {{ .Values.featureGates | quote }}
{{- if .Values.labelsExclusionPattern }}
- name: STRIMZI_LABELS_EXCLUSION_PATTERN
value: {{ .Values.labelsExclusionPattern | quote }}
{{- end }}
{{- if ne .Values.generateNetworkPolicy true}}
- name: STRIMZI_NETWORK_POLICY_GENERATION
value: {{ .Values.generateNetworkPolicy | quote }}
{{- end }}
{{- if ne (int .Values.connectBuildTimeoutMs) 300000 }}
- name: STRIMZI_CONNECT_BUILD_TIMEOUT_MS
value: {{ .Values.connectBuildTimeoutMs | quote }}
{{- end }}
{{- if .Values.extraEnvs }}
{{ toYaml .Values.extraEnvs | indent 12 }}
{{- end }}
- name: STRIMZI_LEADER_ELECTION_ENABLED
{{- if .Values.leaderElection.enable }}
value: "true"
{{- else }}
value: "false"
{{- end }}
- name: STRIMZI_LEADER_ELECTION_LEASE_NAME
value: "strimzi-cluster-operator"
- name: STRIMZI_LEADER_ELECTION_LEASE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: STRIMZI_LEADER_ELECTION_IDENTITY
valueFrom:
fieldRef:
fieldPath: metadata.name
livenessProbe:
httpGet:
path: /healthy
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
readinessProbe:
httpGet:
path: /ready
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
{{- with .Values.securityContext }}
securityContext: {{ toYaml .| nindent 12 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

53
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/070-ClusterRole-strimzi-admin.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if and .Values.rbac.create .Values.createAggregateRoles -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-admin
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: entity-operator-role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
# Add these permissions to the "admin" and "edit" default roles.
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- "kafka.strimzi.io"
resources:
- kafkas
- kafkaconnects
- kafkaconnects/scale
- kafkamirrormakers
- kafkamirrormakers/scale
- kafkausers
- kafkatopics
- kafkabridges
- kafkabridges/scale
- kafkaconnectors
- kafkaconnectors/scale
- kafkamirrormaker2s
- kafkamirrormaker2s/scale
- kafkarebalances
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- "core.strimzi.io"
resources:
- strimzipodsets
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
{{- end -}}

39
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/080-ClusterRole-strimzi-view.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if and .Values.rbac.create .Values.createAggregateRoles -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: strimzi-view
labels:
app: {{ template "strimzi.name" . }}
chart: {{ template "strimzi.chart" . }}
component: entity-operator-role
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
# Add these permissions to the "view" default role.
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- "kafka.strimzi.io"
resources:
- kafkas
- kafkaconnects
- kafkamirrormakers
- kafkausers
- kafkatopics
- kafkabridges
- kafkaconnectors
- kafkamirrormaker2s
- kafkarebalances
verbs:
- get
- list
- watch
- apiGroups:
- "core.strimzi.io"
resources:
- strimzipodsets
verbs:
- get
- list
- watch
{{- end -}}

26
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/090-ConfigMap-strimzi-grafana-dashboards.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.dashboards.enabled }}
{{- $files := .Files.Glob "files/grafana-dashboards/*.json" }}
{{- range $path, $fileContents := $files }}
{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $dashboardName | trunc 63 | trimSuffix "-" }}
namespace: {{ $.Values.dashboards.namespace | default $.Release.Namespace }}
labels:
component: grafana-dashboards
{{- if $.Values.dashboards.label }}
{{ $.Values.dashboards.label }}: {{ ternary $.Values.dashboards.labelValue "1" (not (empty $.Values.dashboards.labelValue)) | quote }}
{{- end }}
{{- with $.Values.dashboards.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $.Values.dashboards.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }}
{{- end }}
{{- end }}

5
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,5 @@
Thank you for installing {{ .Chart.Name }}-{{ .Chart.Version }}
To create a Kafka cluster refer to the following documentation.
https://strimzi.io/docs/operators/latest/deploying.html#deploying-cluster-operator-helm-chart-str

63
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "strimzi.name" -}}
{{- default "strimzi" .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "strimzi.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "strimzi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Creates the image name from the registry, repository, image, tag, and digest
- Priority is given to digests over tags
- Registry, repository, and image will be joined with '/' if values are not blank
- tagSuffix is added to tagPrefix or default tag. To ignore the suffix, use tag.
- tagSuffix can be ignored by using tag instead of tagPrefix
To use, add the following key/value pairs to the scope:
- "key" [optional]: the key to lookup under .Values for the image map
- "tagSuffix" [optional]: the suffix to add to tagPrefix or the default tag
- Example: `template "strimzi.image" (merge . (dict "key" "tlsSidecarEntityOperator" "tagSuffix" "-kafka-3.1.0"))`
*/}}
{{- define "strimzi.image" -}}
{{- $vals := ternary .Values.image (index .Values .key).image (empty .key) -}}
{{- $ref := join "/" (compact (list (default .Values.defaultImageRegistry $vals.registry) (default .Values.defaultImageRepository $vals.repository) (default .Values.defaultImageName $vals.name))) -}}
{{- $tag := join "" (compact (list (coalesce $vals.tag $vals.tagPrefix .Values.defaultImageTag) (ternary .tagSuffix "" (empty $vals.tag)))) -}}
{{- join "" (compact (list $ref (ternary ":" "@" (empty $vals.digest)) (default $tag $vals.digest))) -}}
{{- $_ := unset . "key" -}}
{{- $_ := unset . "tagSuffix" -}}
{{- end -}}
{{/*
Create a list of comma-separated values corresponding to a given key in a map array.
*/}}
{{- define "strimzi.listPluck" -}}
{{- $pluckedList := list -}}
{{- range .list -}}
{{- $pluckedList = append $pluckedList (get . $.key) -}}
{{- end -}}
{{- join "," $pluckedList -}}
{{- end -}}

34
packages/system/kafka-operator/charts/strimzi-kafka-operator/templates/_kafka_image_map.tpl Normal file
View File

@@ -0,0 +1,34 @@
{{/* vim: set filetype=mustache: */}}
{{/* This file is generated in helm-charts/Makefile */}}
{{/* DO NOT EDIT BY HAND */}}
{{/* Generate the kafka image map */}}
{{- define "strimzi.kafka.image.map" }}
- name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE
value: {{ template "strimzi.image" (merge . (dict "key" "tlsSidecarEntityOperator" "tagSuffix" "-kafka-3.7.0")) }}
- name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE
value: {{ template "strimzi.image" (merge . (dict "key" "kafkaExporter" "tagSuffix" "-kafka-3.7.0")) }}
- name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE
value: {{ template "strimzi.image" (merge . (dict "key" "cruiseControl" "tagSuffix" "-kafka-3.7.0")) }}
- name: STRIMZI_KAFKA_IMAGES
value: |
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.0")) }}
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.6.1")) }}
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafka" "tagSuffix" "-kafka-3.7.0")) }}
- name: STRIMZI_KAFKA_CONNECT_IMAGES
value: |
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.0")) }}
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.6.1")) }}
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaConnect" "tagSuffix" "-kafka-3.7.0")) }}
- name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES
value: |
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.0")) }}
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.6.1")) }}
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker" "tagSuffix" "-kafka-3.7.0")) }}
- name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES
value: |
3.6.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.0")) }}
3.6.1={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.6.1")) }}
3.7.0={{ template "strimzi.image" (merge . (dict "key" "kafkaMirrorMaker2" "tagSuffix" "-kafka-3.7.0")) }}
{{- end -}}

189
packages/system/kafka-operator/charts/strimzi-kafka-operator/values.yaml Normal file
View File

@@ -0,0 +1,189 @@
# Default values for strimzi-kafka-operator.
# Default replicas for the cluster operator
replicas: 1
# If you set `watchNamespaces` to the same value as ``.Release.Namespace` (e.g. `helm ... --namespace $NAMESPACE`),
# the chart will fail because duplicate RoleBindings will be attempted to be created in the same namespace
watchNamespaces: []
watchAnyNamespace: false
defaultImageRegistry: quay.io
defaultImageRepository: strimzi
defaultImageTag: 0.40.0
image:
registry: ""
repository: ""
name: operator
tag: ""
# imagePullSecrets:
# - name: secretname
logVolume: co-config-volume
logConfigMap: strimzi-cluster-operator
logConfiguration: ""
logLevel: ${env:STRIMZI_LOG_LEVEL:-INFO}
fullReconciliationIntervalMs: 120000
operationTimeoutMs: 300000
kubernetesServiceDnsDomain: cluster.local
featureGates: ""
tmpDirSizeLimit: 1Mi
# Example on how to configure extraEnvs
# extraEnvs:
# - name: JAVA_OPTS
# value: "-Xms256m -Xmx256m"
extraEnvs: []
tolerations: []
affinity: {}
annotations: {}
labels: {}
nodeSelector: {}
priorityClassName: ""
podSecurityContext: {}
securityContext: {}
rbac:
create: yes
serviceAccountCreate: yes
serviceAccount: strimzi-cluster-operator
leaderElection:
enable: true
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget:
enabled: false
# The PDB definition only has two attributes to control the availability requirements: minAvailable or maxUnavailable (mutually exclusive).
# Field maxUnavailable tells how many pods can be down and minAvailable tells how many pods must be running in a cluster.
# The pdb template will check values according to below order
#
# {{- if .Values.podDisruptionBudget.minAvailable }}
# minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
# {{- end }}
# {{- if .Values.podDisruptionBudget.maxUnavailable }}
# maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
# {{- end }}
#
# If both values are set, the template will use the first one and ignore the second one. currently by default minAvailable is set to 1
minAvailable: 1
maxUnavailable:
# If you are using the grafana dashboard sidecar,
# you can import some default dashboards here
dashboards:
enabled: false
namespace: ~
label: grafana_dashboard # this is the default value from the grafana chart
labelValue: "1" # this is the default value from the grafana chart
annotations: {}
extraLabels: {}
# Docker images that operator uses to provision various components of Strimzi. To use your own registry prefix the
# repository name with your registry URL.
# Ex) repository: registry.xyzcorp.com/strimzi/kafka
kafka:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
kafkaConnect:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
topicOperator:
image:
registry: ""
repository: ""
name: operator
tag: ""
userOperator:
image:
registry:
repository:
name: operator
tag: ""
kafkaInit:
image:
registry: ""
repository: ""
name: operator
tag: ""
tlsSidecarEntityOperator:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
kafkaMirrorMaker:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
kafkaBridge:
image:
registry: ""
repository:
name: kafka-bridge
tag: 0.28.0
kafkaExporter:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
kafkaMirrorMaker2:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
cruiseControl:
image:
registry: ""
repository: ""
name: kafka
tagPrefix: ""
kanikoExecutor:
image:
registry: ""
repository: ""
name: kaniko-executor
tag: ""
mavenBuilder:
image:
registry: ""
repository: ""
name: maven-builder
tag: ""
resources:
limits:
memory: 384Mi
cpu: 1000m
requests:
memory: 384Mi
cpu: 200m
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 30
createGlobalResources: true
# Create clusterroles that extend existing clusterroles to interact with strimzi crds
# Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
createAggregateRoles: false
# Override the exclude pattern for exclude some labels
labelsExclusionPattern: ""
# Controls whether Strimzi generates network policy resources (By default true)
generateNetworkPolicy: true
# Override the value for Connect build timeout
connectBuildTimeoutMs: 300000

2
packages/system/kafka-operator/values.yaml Normal file
View File

@@ -0,0 +1,2 @@
strimzi-kafka-operator:
watchAnyNamespace: true