├── EnvironmentSetup ├── AWS │ ├── Source │ │ ├── buckets │ │ ├── ingress │ │ │ ├── auth │ │ │ ├── was-ingress-resources-manager-service.yml │ │ │ ├── was-ingress-endpoint-manager-service.yml │ │ │ ├── was-ingress-nodefiles-service.yml │ │ │ ├── was-ingress-awes-info.yaml │ │ │ └── was-ingress-awes-service.yml │ │ ├── efs │ │ │ └── namespace.yaml │ │ ├── namespace │ │ │ ├── kafka-namespace.yml │ │ │ ├── was-namespace.yaml │ │ │ └── monitoring.yaml │ │ ├── strimzi-kafka-deployment │ │ │ ├── 010-ServiceAccount-strimzi-cluster-operator.yaml │ │ │ ├── 020-RoleBinding-strimzi-cluster-operator.yaml │ │ │ ├── 021-ClusterRoleBinding-strimzi-cluster-operator.yaml │ │ │ ├── 051-PriorityLevelConfig-operator.yaml │ │ │ ├── 030-ClusterRole-strimzi-kafka-broker.yaml │ │ │ ├── 033-ClusterRole-strimzi-kafka-client.yaml │ │ │ ├── 030-ClusterRoleBinding-strimzi-cluster-operator-kafka-broker-delegation.yaml │ │ │ ├── 031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml │ │ │ ├── 033-ClusterRoleBinding-strimzi-cluster-operator-kafka-client-delegation.yaml │ │ │ ├── 050-ConfigMap-strimzi-cluster-operator.yaml │ │ │ ├── 052-FlowSchema-operator.yaml │ │ │ ├── 031-ClusterRole-strimzi-entity-operator.yaml │ │ │ ├── 021-ClusterRole-strimzi-cluster-operator-role.yaml │ │ │ ├── 047-Crd-kafkaconnector.yaml │ │ │ ├── 042-Crd-strimzipodset.yaml │ │ │ ├── 060-Deployment-strimzi-cluster-operator.yaml │ │ │ └── 020-ClusterRole-strimzi-cluster-operator-role.yaml │ │ ├── pvc │ │ │ ├── awes-pvcs.yaml │ │ │ ├── endpoint-pvc.yaml │ │ │ └── resources-pvc.yaml │ │ ├── kafkabridge │ │ │ └── kafka-bridge.yaml │ │ ├── services │ │ │ ├── endpoint-manager-service.yaml │ │ │ ├── resource-manager-service.yml │ │ │ └── active-web-elements-server-service.yaml │ │ ├── metrics-server │ │ │ ├── auth-delegator.yaml │ │ │ ├── metrics-apiservice.yaml │ │ │ ├── metrics-server-service.yaml │ │ │ ├── auth-reader.yaml │ │ │ ├── aggregated-metrics-reader.yaml │ │ │ ├── resource-reader.yaml │ │ │ └── metrics-server-deployment.yaml │ │ ├── terraform │ │ │ ├── variables.tf │ │ │ ├── main.tf │ │ │ └── iam-policy.json │ │ ├── hpa │ │ │ ├── endpoint-manager-hpa-autoscaler.yaml │ │ │ ├── resource-manager-hpa-autoscaler.yaml │ │ │ └── active-web-elements-server-hpa-autoscaler.yaml │ │ ├── kafka │ │ │ ├── kafka-topic.yaml │ │ │ └── kafka-persistent.yaml │ │ ├── Dockerfile │ │ ├── deployments │ │ │ ├── resource-manager-deployment.yaml │ │ │ ├── endpoint-manager-deployment.yaml │ │ │ └── active-web-elements-server-deployment.yaml │ │ └── custom-metrics │ │ │ └── values.yaml │ ├── docker-compose.yml │ └── README.md ├── Azure │ ├── Source │ │ ├── ingress │ │ │ ├── auth │ │ │ ├── was-ingress-resources-manager-service.yml │ │ │ ├── was-ingress-endpoint-manager-service.yml │ │ │ ├── was-ingress-nodefiles-service.yml │ │ │ ├── was-ingress-awes-info.yaml │ │ │ └── was-ingress-awes-service.yml │ │ ├── namespace │ │ │ ├── was-namespace.yaml │ │ │ ├── kafka-namespace.yml │ │ │ └── monitoring.yaml │ │ ├── terraform │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── main.tf │ │ ├── strimzi-kafka-deployment │ │ │ ├── 010-ServiceAccount-strimzi-cluster-operator.yaml │ │ │ ├── 020-RoleBinding-strimzi-cluster-operator.yaml │ │ │ ├── 021-ClusterRoleBinding-strimzi-cluster-operator.yaml │ │ │ ├── 051-PriorityLevelConfig-operator.yaml │ │ │ ├── 030-ClusterRole-strimzi-kafka-broker.yaml │ │ │ ├── 033-ClusterRole-strimzi-kafka-client.yaml │ │ │ ├── 030-ClusterRoleBinding-strimzi-cluster-operator-kafka-broker-delegation.yaml │ │ │ ├── 031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml │ │ │ ├── 033-ClusterRoleBinding-strimzi-cluster-operator-kafka-client-delegation.yaml │ │ │ ├── 050-ConfigMap-strimzi-cluster-operator.yaml │ │ │ ├── 052-FlowSchema-operator.yaml │ │ │ ├── 031-ClusterRole-strimzi-entity-operator.yaml │ │ │ ├── 021-ClusterRole-strimzi-cluster-operator-role.yaml │ │ │ ├── 047-Crd-kafkaconnector.yaml │ │ │ ├── 042-Crd-strimzipodset.yaml │ │ │ ├── 060-Deployment-strimzi-cluster-operator.yaml │ │ │ └── 020-ClusterRole-strimzi-cluster-operator-role.yaml │ │ ├── pvc │ │ │ ├── awes-pvcs.yaml │ │ │ ├── endpoint-pvc.yaml │ │ │ └── resources-pvc.yaml │ │ ├── kafkabridge │ │ │ └── kafka-bridge.yaml │ │ ├── services │ │ │ ├── minio-service.yaml │ │ │ ├── endpoint-manager-service.yaml │ │ │ ├── resource-manager-service.yml │ │ │ └── active-web-elements-server-service.yaml │ │ ├── sc │ │ │ ├── kafka-standardssd-xfs.yaml │ │ │ └── azure-file.yaml │ │ ├── metrics-server │ │ │ ├── auth-delegator.yaml │ │ │ ├── metrics-apiservice.yaml │ │ │ ├── metrics-server-service.yaml │ │ │ ├── auth-reader.yaml │ │ │ ├── aggregated-metrics-reader.yaml │ │ │ ├── resource-reader.yaml │ │ │ └── metrics-server-deployment.yaml │ │ ├── containers │ │ ├── hpa │ │ │ ├── endpoint-manager-hpa-autoscaler.yaml │ │ │ ├── resource-manager-hpa-autoscaler.yaml │ │ │ └── active-web-elements-server-hpa-autoscaler.yaml │ │ ├── kafka │ │ │ ├── kafka-topic.yaml │ │ │ └── kafka-persistent.yaml │ │ ├── Dockerfile │ │ ├── deployments │ │ │ ├── resource-manager-deployment.yaml │ │ │ ├── endpoint-manager-deployment.yaml │ │ │ └── active-web-elements-server-deployment.yaml │ │ └── custom-metrics │ │ │ └── values.yaml │ └── docker-compose.yml └── General │ └── ssl │ ├── certificate.yaml │ └── cluster-issuer.yaml ├── Documentation ├── Architecture │ └── images │ │ ├── usecase.png │ │ ├── core_model.png │ │ ├── calling_service.png │ │ ├── system_components.png │ │ ├── CachingWebElements.png │ │ ├── creating_a_service.png │ │ ├── deploying_node_file.png │ │ ├── core_model.drawio │ │ ├── system_components.drawio │ │ ├── deploying_node_file.drawio │ │ ├── creating_a_service.drawio │ │ ├── calling_service.drawio │ │ ├── usecase.drawio │ │ └── CachingWebElements.drawio └── API │ ├── Utilities.md │ └── NodeFilesManager.md ├── LICENSE ├── README.md ├── .github └── workflows │ └── master.yml └── Configuration.md /EnvironmentSetup/AWS/Source/buckets: -------------------------------------------------------------------------------- 1 | resourceinfo-bucket: 2 | nodefiles-bucket: -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/ingress/auth: -------------------------------------------------------------------------------- 1 | applicationserver:$apr1$cZHZL4fI$UBXojMmcUXwDpAU3J5smo1 2 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/ingress/auth: -------------------------------------------------------------------------------- 1 | applicationserver:$apr1$cZHZL4fI$UBXojMmcUXwDpAU3J5smo1 2 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/efs/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: efs-sc -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/namespace/kafka-namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kafka 5 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/namespace/was-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: was 5 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/namespace/was-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: was 5 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/namespace/monitoring.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/namespace/kafka-namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kafka 5 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/namespace/monitoring.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring -------------------------------------------------------------------------------- /Documentation/Architecture/images/usecase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/usecase.png -------------------------------------------------------------------------------- /Documentation/Architecture/images/core_model.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/core_model.png -------------------------------------------------------------------------------- /Documentation/Architecture/images/calling_service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/calling_service.png -------------------------------------------------------------------------------- /Documentation/Architecture/images/system_components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/system_components.png -------------------------------------------------------------------------------- /Documentation/Architecture/images/CachingWebElements.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/CachingWebElements.png -------------------------------------------------------------------------------- /Documentation/Architecture/images/creating_a_service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/creating_a_service.png -------------------------------------------------------------------------------- /Documentation/Architecture/images/deploying_node_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolframResearch/WAS-Kubernetes/master/Documentation/Architecture/images/deploying_node_file.png -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/terraform/outputs.tf: -------------------------------------------------------------------------------- 1 | output "resource_group_name" { 2 | value = "${var.resource_group}" 3 | } 4 | 5 | output "kubernetes_cluster_name" { 6 | value = "${var.cluster_name}-aks" 7 | } -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/010-ServiceAccount-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/010-ServiceAccount-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/pvc/awes-pvcs.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: awes-logs 5 | namespace: was 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 10Gi -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/pvc/awes-pvcs.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: awes-logs 5 | namespace: was 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 10Gi -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/pvc/endpoint-pvc.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: endpoint-logs 5 | namespace: was 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 10Gi -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/pvc/resources-pvc.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: resources-logs 5 | namespace: was 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 10Gi -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/pvc/endpoint-pvc.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: endpoint-logs 5 | namespace: was 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 10Gi -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/pvc/resources-pvc.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: resources-logs 5 | namespace: was 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 10Gi -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/kafkabridge/kafka-bridge.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: KafkaBridge 3 | metadata: 4 | name: kafka 5 | namespace: kafka 6 | spec: 7 | replicas: 1 8 | bootstrapServers: kafka-persistent-kafka-bootstrap:9092 9 | http: 10 | port: 9092 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/kafkabridge/kafka-bridge.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: KafkaBridge 3 | metadata: 4 | name: kafka 5 | namespace: kafka 6 | spec: 7 | replicas: 1 8 | bootstrapServers: kafka-persistent-kafka-bootstrap:9092 9 | http: 10 | port: 9092 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/services/minio-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: minio 5 | namespace: was 6 | spec: 7 | ports: 8 | - name: "9000" 9 | port: 9000 10 | targetPort: 9000 11 | selector: 12 | app: minio 13 | status: 14 | loadBalancer: {} 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/services/endpoint-manager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: endpoint-manager 6 | name: endpoint-manager 7 | namespace: was 8 | spec: 9 | ports: 10 | - name: "8085" 11 | port: 8085 12 | targetPort: 8085 13 | selector: 14 | app: endpoint-manager -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/services/endpoint-manager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: endpoint-manager 6 | name: endpoint-manager 7 | namespace: was 8 | spec: 9 | ports: 10 | - name: "8085" 11 | port: 8085 12 | targetPort: 8085 13 | selector: 14 | app: endpoint-manager -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/services/resource-manager-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: resource-manager 6 | name: resource-manager 7 | namespace: was 8 | spec: 9 | ports: 10 | - name: "9090" 11 | port: 9090 12 | targetPort: 9090 13 | selector: 14 | app: resource-manager 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/services/resource-manager-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: resource-manager 6 | name: resource-manager 7 | namespace: was 8 | spec: 9 | ports: 10 | - name: "9090" 11 | port: 9090 12 | targetPort: 9090 13 | selector: 14 | app: resource-manager 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/General/ssl/certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: was-certificate 5 | namespace: was 6 | spec: 7 | dnsNames: 8 | - # change here 9 | secretName: was-tls-secret 10 | issuerRef: 11 | name: letsencrypt-cluster-issuer 12 | kind: ClusterIssuer -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/sc/kafka-standardssd-xfs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: kafka-standardssd-xfs 5 | provisioner: disk.csi.azure.com 6 | allowVolumeExpansion: true 7 | parameters: 8 | skuname: StandardSSD_LRS 9 | kind: Managed 10 | cachingMode: None 11 | fsType: xfs 12 | reclaimPolicy: Delete 13 | volumeBindingMode: WaitForFirstConsumer 14 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/auth-delegator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: metrics-server:system:auth-delegator 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: system:auth-delegator 10 | subjects: 11 | - kind: ServiceAccount 12 | name: metrics-server 13 | namespace: kube-system 14 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/metrics-apiservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiregistration.k8s.io/v1 3 | kind: APIService 4 | metadata: 5 | name: v1beta1.metrics.k8s.io 6 | spec: 7 | service: 8 | name: metrics-server 9 | namespace: kube-system 10 | group: metrics.k8s.io 11 | version: v1beta1 12 | insecureSkipTLSVerify: true 13 | groupPriorityMinimum: 100 14 | versionPriority: 100 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/auth-delegator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: metrics-server:system:auth-delegator 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: system:auth-delegator 10 | subjects: 11 | - kind: ServiceAccount 12 | name: metrics-server 13 | namespace: kube-system 14 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/metrics-apiservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiregistration.k8s.io/v1 3 | kind: APIService 4 | metadata: 5 | name: v1beta1.metrics.k8s.io 6 | spec: 7 | service: 8 | name: metrics-server 9 | namespace: kube-system 10 | group: metrics.k8s.io 11 | version: v1beta1 12 | insecureSkipTLSVerify: true 13 | groupPriorityMinimum: 100 14 | versionPriority: 100 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/metrics-server-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: metrics-server 6 | namespace: kube-system 7 | labels: 8 | kubernetes.io/name: "Metrics-server" 9 | kubernetes.io/cluster-service: "true" 10 | spec: 11 | selector: 12 | k8s-app: metrics-server 13 | ports: 14 | - port: 443 15 | protocol: TCP 16 | targetPort: main-port 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/metrics-server-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: metrics-server 6 | namespace: kube-system 7 | labels: 8 | kubernetes.io/name: "Metrics-server" 9 | kubernetes.io/cluster-service: "true" 10 | spec: 11 | selector: 12 | k8s-app: metrics-server 13 | ports: 14 | - port: 443 15 | protocol: TCP 16 | targetPort: main-port 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/auth-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: metrics-server-auth-reader 6 | namespace: kube-system 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: extension-apiserver-authentication-reader 11 | subjects: 12 | - kind: ServiceAccount 13 | name: metrics-server 14 | namespace: kube-system 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/auth-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: metrics-server-auth-reader 6 | namespace: kube-system 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: extension-apiserver-authentication-reader 11 | subjects: 12 | - kind: ServiceAccount 13 | name: metrics-server 14 | namespace: kube-system 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/020-RoleBinding-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | subjects: 8 | - kind: ServiceAccount 9 | name: strimzi-cluster-operator 10 | namespace: kafka 11 | roleRef: 12 | kind: ClusterRole 13 | name: strimzi-cluster-operator-namespaced 14 | apiGroup: rbac.authorization.k8s.io 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/020-RoleBinding-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | subjects: 8 | - kind: ServiceAccount 9 | name: strimzi-cluster-operator 10 | namespace: kafka 11 | roleRef: 12 | kind: ClusterRole 13 | name: strimzi-cluster-operator-namespaced 14 | apiGroup: rbac.authorization.k8s.io 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/021-ClusterRoleBinding-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | subjects: 8 | - kind: ServiceAccount 9 | name: strimzi-cluster-operator 10 | namespace: kafka 11 | roleRef: 12 | kind: ClusterRole 13 | name: strimzi-cluster-operator-global 14 | apiGroup: rbac.authorization.k8s.io 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/021-ClusterRoleBinding-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | subjects: 8 | - kind: ServiceAccount 9 | name: strimzi-cluster-operator 10 | namespace: kafka 11 | roleRef: 12 | kind: ClusterRole 13 | name: strimzi-cluster-operator-global 14 | apiGroup: rbac.authorization.k8s.io 15 | -------------------------------------------------------------------------------- /EnvironmentSetup/General/ssl/cluster-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-cluster-issuer 5 | namespace: was 6 | spec: 7 | acme: 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | email: # change here 10 | privateKeySecretRef: 11 | name: letsencrypt-cluster-issuer-key 12 | solvers: 13 | - http01: 14 | ingress: 15 | class: nginx -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/051-PriorityLevelConfig-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flowcontrol.apiserver.k8s.io/v1 2 | kind: PriorityLevelConfiguration 3 | metadata: 4 | name: strimzi-high 5 | spec: 6 | type: Limited 7 | limited: 8 | nominalConcurrencyShares: 200 9 | lendablePercent: 50 10 | borrowingLimitPercent: 50 11 | limitResponse: 12 | type: Queue 13 | queuing: 14 | queues: 128 15 | handSize: 8 16 | queueLengthLimit: 1000 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/051-PriorityLevelConfig-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flowcontrol.apiserver.k8s.io/v1 2 | kind: PriorityLevelConfiguration 3 | metadata: 4 | name: strimzi-high 5 | spec: 6 | type: Limited 7 | limited: 8 | nominalConcurrencyShares: 200 9 | lendablePercent: 50 10 | borrowingLimitPercent: 50 11 | limitResponse: 12 | type: Queue 13 | queuing: 14 | queues: 128 15 | handSize: 8 16 | queueLengthLimit: 1000 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/sc/azure-file.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: was-azurefile 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | provisioner: kubernetes.io/azure-file 8 | mountOptions: 9 | - dir_mode=0777 10 | - file_mode=0777 11 | - uid=0 12 | - gid=0 13 | - mfsymlinks 14 | - cache=strict 15 | - actimeo=30 16 | parameters: 17 | skuName: Standard_LRS 18 | allowVolumeExpansion: true 19 | reclaimPolicy: Delete -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/aggregated-metrics-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:aggregated-metrics-reader 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 9 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 10 | rules: 11 | - apiGroups: ["metrics.k8s.io"] 12 | resources: ["pods", "nodes"] 13 | verbs: ["get", "list", "watch"] 14 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/aggregated-metrics-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:aggregated-metrics-reader 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 9 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 10 | rules: 11 | - apiGroups: ["metrics.k8s.io"] 12 | resources: ["pods", "nodes"] 13 | verbs: ["get", "list", "watch"] 14 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/containers: -------------------------------------------------------------------------------- 1 | RESOURCE_GROUP_NAME: 2 | REGION: 3 | SAN: 4 | SAN_ACCOUNT_KEY: 5 | RESOURCEINFO_BUCKET: 6 | NODEFILEINFO_BUCKET: -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/030-ClusterRole-strimzi-kafka-broker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-kafka-broker 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | # The Kafka Brokers require "get" permissions to view the node they are on 12 | # This information is used to generate a Rack ID that is used for High Availability configurations 13 | - nodes 14 | verbs: 15 | - get 16 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/030-ClusterRole-strimzi-kafka-broker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-kafka-broker 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | # The Kafka Brokers require "get" permissions to view the node they are on 12 | # This information is used to generate a Rack ID that is used for High Availability configurations 13 | - nodes 14 | verbs: 15 | - get 16 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/terraform/variables.tf: -------------------------------------------------------------------------------- 1 | variable "aws_region" { 2 | default = "us-east-1" 3 | } 4 | 5 | variable "cluster_name" { 6 | default = "WAS" 7 | } 8 | 9 | variable "cluster_version" { 10 | default = "1.33" 11 | } 12 | 13 | variable "disk_size" { 14 | default = "30" 15 | } 16 | 17 | variable "instance_type" { 18 | default = "c5.2xlarge" 19 | } 20 | 21 | variable "desired_worker_node" { 22 | default = "2" 23 | } 24 | 25 | variable "min_worker_node" { 26 | default = "2" 27 | } 28 | 29 | variable "max_worker_node" { 30 | default = "10" 31 | } 32 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | aws-setup-manager: 3 | platform: linux/amd64 4 | build: 5 | context: Source 6 | dockerfile: Dockerfile 7 | image: aws-setup-manager:latest 8 | stdin_open: true 9 | tty: true 10 | pid: "host" 11 | container_name: aws-setup-manager 12 | volumes: 13 | - ./Source:/Source 14 | - ./Source/setup:/setup 15 | - ${HOME}/.aws:/root/.aws 16 | - ${HOME}/.kube:/root/.kube 17 | - tmp:/tmp 18 | - terraform-state:/terraform-state 19 | 20 | volumes: 21 | terraform-state: 22 | tmp: -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | azure-setup-manager: 3 | platform: linux/amd64 4 | build: 5 | context: Source 6 | dockerfile: Dockerfile 7 | image: azure-setup-manager:latest 8 | stdin_open: true 9 | tty: true 10 | pid: "host" 11 | container_name: azure-setup-manager 12 | volumes: 13 | - ./Source:/Source 14 | - ./Source/setup:/setup 15 | - ${HOME}/.azure:/root/.azure 16 | - ${HOME}/.kube:/root/.kube 17 | - tmp:/tmp 18 | - terraform-state:/terraform-state 19 | 20 | volumes: 21 | terraform-state: 22 | tmp: -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/033-ClusterRole-strimzi-kafka-client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-kafka-client 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | # The Kafka clients (Connect, Mirror Maker, etc.) require "get" permissions to view the node they are on 12 | # This information is used to generate a Rack ID (client.rack option) that is used for consuming from the closest 13 | # replicas when enabled 14 | - nodes 15 | verbs: 16 | - get 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/033-ClusterRole-strimzi-kafka-client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-kafka-client 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | # The Kafka clients (Connect, Mirror Maker, etc.) require "get" permissions to view the node they are on 12 | # This information is used to generate a Rack ID (client.rack option) that is used for consuming from the closest 13 | # replicas when enabled 14 | - nodes 15 | verbs: 16 | - get 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/hpa/endpoint-manager-hpa-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: endpoint-manager-hpa 5 | namespace: was 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: endpoint-manager-deployment 11 | minReplicas: 2 12 | maxReplicas: 10 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | target: 18 | type: Utilization 19 | averageUtilization: 85 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: Utilization 25 | averageUtilization: 90 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/hpa/endpoint-manager-hpa-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: endpoint-manager-hpa 5 | namespace: was 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: endpoint-manager-deployment 11 | minReplicas: 2 12 | maxReplicas: 10 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | target: 18 | type: Utilization 19 | averageUtilization: 85 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: Utilization 25 | averageUtilization: 90 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/hpa/resource-manager-hpa-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: resource-manager-hpa 5 | namespace: was 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: resource-manager-deployment 11 | minReplicas: 2 12 | maxReplicas: 10 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | target: 18 | type: Utilization 19 | averageUtilization: 85 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: Utilization 25 | averageUtilization: 90 26 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/hpa/resource-manager-hpa-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: resource-manager-hpa 5 | namespace: was 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: resource-manager-deployment 11 | minReplicas: 2 12 | maxReplicas: 10 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | target: 18 | type: Utilization 19 | averageUtilization: 85 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: Utilization 25 | averageUtilization: 90 26 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/resource-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:metrics-server 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | - nodes 12 | - nodes/stats 13 | - namespaces 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: system:metrics-server 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: system:metrics-server 27 | subjects: 28 | - kind: ServiceAccount 29 | name: metrics-server 30 | namespace: kube-system 31 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/resource-reader.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:metrics-server 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | - nodes 12 | - nodes/stats 13 | - namespaces 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: ClusterRoleBinding 21 | metadata: 22 | name: system:metrics-server 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: system:metrics-server 27 | subjects: 28 | - kind: ServiceAccount 29 | name: metrics-server 30 | namespace: kube-system 31 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/ingress/was-ingress-resources-manager-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-resources 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/rewrite-target: /resources/$1 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | - http: 16 | paths: 17 | - path: /?resources(?:$|/(.*)) 18 | pathType: Prefix 19 | backend: 20 | service: 21 | name: resource-manager 22 | port: 23 | number: 9090 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/ingress/was-ingress-endpoint-manager-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-endpoints 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/rewrite-target: /endpoints/$1 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | - http: 16 | paths: 17 | - path: /?endpoints(?:$|/(.*)) 18 | pathType: Prefix 19 | backend: 20 | service: 21 | name: endpoint-manager 22 | port: 23 | number: 8085 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/ingress/was-ingress-resources-manager-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-resources 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/rewrite-target: /resources/$1 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | - http: 16 | paths: 17 | - path: /?resources(?:$|/(.*)) 18 | pathType: ImplementationSpecific 19 | backend: 20 | service: 21 | name: resource-manager 22 | port: 23 | number: 9090 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/ingress/was-ingress-endpoint-manager-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-endpoints 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/rewrite-target: /endpoints/$1 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | - http: 16 | paths: 17 | - path: /?endpoints(?:$|/(.*)) 18 | pathType: ImplementationSpecific 19 | backend: 20 | service: 21 | name: endpoint-manager 22 | port: 23 | number: 8085 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/030-ClusterRoleBinding-strimzi-cluster-operator-kafka-broker-delegation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator-kafka-broker-delegation 5 | labels: 6 | app: strimzi 7 | # The Kafka broker cluster role must be bound to the cluster operator service account so that it can delegate the cluster role to the Kafka brokers. 8 | # This must be done to avoid escalating privileges which would be blocked by Kubernetes. 9 | subjects: 10 | - kind: ServiceAccount 11 | name: strimzi-cluster-operator 12 | namespace: kafka 13 | roleRef: 14 | kind: ClusterRole 15 | name: strimzi-kafka-broker 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator-entity-operator-delegation 5 | labels: 6 | app: strimzi 7 | # The Entity Operator cluster role must be bound to the cluster operator service account so that it can delegate the cluster role to the Entity Operator. 8 | # This must be done to avoid escalating privileges which would be blocked by Kubernetes. 9 | subjects: 10 | - kind: ServiceAccount 11 | name: strimzi-cluster-operator 12 | namespace: kafka 13 | roleRef: 14 | kind: ClusterRole 15 | name: strimzi-entity-operator 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/030-ClusterRoleBinding-strimzi-cluster-operator-kafka-broker-delegation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator-kafka-broker-delegation 5 | labels: 6 | app: strimzi 7 | # The Kafka broker cluster role must be bound to the cluster operator service account so that it can delegate the cluster role to the Kafka brokers. 8 | # This must be done to avoid escalating privileges which would be blocked by Kubernetes. 9 | subjects: 10 | - kind: ServiceAccount 11 | name: strimzi-cluster-operator 12 | namespace: kafka 13 | roleRef: 14 | kind: ClusterRole 15 | name: strimzi-kafka-broker 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/031-RoleBinding-strimzi-cluster-operator-entity-operator-delegation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator-entity-operator-delegation 5 | labels: 6 | app: strimzi 7 | # The Entity Operator cluster role must be bound to the cluster operator service account so that it can delegate the cluster role to the Entity Operator. 8 | # This must be done to avoid escalating privileges which would be blocked by Kubernetes. 9 | subjects: 10 | - kind: ServiceAccount 11 | name: strimzi-cluster-operator 12 | namespace: kafka 13 | roleRef: 14 | kind: ClusterRole 15 | name: strimzi-entity-operator 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/ingress/was-ingress-nodefiles-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-nodefiles 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/proxy-body-size: 1g 12 | nginx.ingress.kubernetes.io/rewrite-target: /nodefiles/$1 13 | spec: 14 | ingressClassName: nginx 15 | rules: 16 | - http: 17 | paths: 18 | - path: /?nodefiles(?:$|/(.*)) 19 | pathType: Prefix 20 | backend: 21 | service: 22 | name: resource-manager 23 | port: 24 | number: 9090 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/ingress/was-ingress-nodefiles-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-nodefiles 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/proxy-body-size: 1g 12 | nginx.ingress.kubernetes.io/rewrite-target: /nodefiles/$1 13 | spec: 14 | ingressClassName: nginx 15 | rules: 16 | - http: 17 | paths: 18 | - path: /?nodefiles(?:$|/(.*)) 19 | pathType: ImplementationSpecific 20 | backend: 21 | service: 22 | name: resource-manager 23 | port: 24 | number: 9090 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/033-ClusterRoleBinding-strimzi-cluster-operator-kafka-client-delegation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator-kafka-client-delegation 5 | labels: 6 | app: strimzi 7 | # The Kafka clients cluster role must be bound to the cluster operator service account so that it can delegate the 8 | # cluster role to the Kafka clients using it for consuming from closest replica. 9 | # This must be done to avoid escalating privileges which would be blocked by Kubernetes. 10 | subjects: 11 | - kind: ServiceAccount 12 | name: strimzi-cluster-operator 13 | namespace: kafka 14 | roleRef: 15 | kind: ClusterRole 16 | name: strimzi-kafka-client 17 | apiGroup: rbac.authorization.k8s.io 18 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/033-ClusterRoleBinding-strimzi-cluster-operator-kafka-client-delegation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: strimzi-cluster-operator-kafka-client-delegation 5 | labels: 6 | app: strimzi 7 | # The Kafka clients cluster role must be bound to the cluster operator service account so that it can delegate the 8 | # cluster role to the Kafka clients using it for consuming from closest replica. 9 | # This must be done to avoid escalating privileges which would be blocked by Kubernetes. 10 | subjects: 11 | - kind: ServiceAccount 12 | name: strimzi-cluster-operator 13 | namespace: kafka 14 | roleRef: 15 | kind: ClusterRole 16 | name: strimzi-kafka-client 17 | apiGroup: rbac.authorization.k8s.io 18 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/terraform/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | default = "WAS" 3 | } 4 | 5 | variable "min_worker_node" { 6 | default = "2" 7 | } 8 | 9 | variable "max_worker_node" { 10 | default = "10" 11 | } 12 | 13 | variable "max_pods" { 14 | default = "100" 15 | } 16 | 17 | variable "cluster_version" { 18 | default = "1.33" 19 | } 20 | 21 | variable "disk_size" { 22 | default = "30" 23 | } 24 | 25 | variable "instance_type" { 26 | default = "Standard_D8s_v3" 27 | } 28 | 29 | variable "appId" { 30 | default = "XXXXXX" 31 | } 32 | 33 | variable "password" { 34 | default = "YYYYYY" 35 | } 36 | 37 | variable "resource_group" { 38 | default = "ZZZZZZ" 39 | } 40 | 41 | variable "region" { 42 | default = "TTTTTT" 43 | } 44 | 45 | variable "subscription_id" { 46 | default = "UUUUUU" 47 | } 48 | 49 | variable "tenant_id" { 50 | default = "VVVVVV" 51 | } -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/ingress/was-ingress-awes-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-awes-info 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "360" 12 | nginx.ingress.kubernetes.io/proxy-send-timeout: "360" 13 | nginx.ingress.kubernetes.io/proxy-read-timeout: "360" 14 | nginx.ingress.kubernetes.io/load-balance: "ewma" 15 | spec: 16 | ingressClassName: nginx 17 | rules: 18 | - http: 19 | paths: 20 | - path: /\.applicationserver/(info|kernel/stats) 21 | pathType: ImplementationSpecific 22 | backend: 23 | service: 24 | name: active-web-elements-server-info 25 | port: 26 | number: 8082 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/ingress/was-ingress-awes-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: was-ingress-awes-info 5 | namespace: was 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/part-of: ingress-nginx 9 | annotations: 10 | nginx.ingress.kubernetes.io/use-regex: "true" 11 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "360" 12 | nginx.ingress.kubernetes.io/proxy-send-timeout: "360" 13 | nginx.ingress.kubernetes.io/proxy-read-timeout: "360" 14 | nginx.ingress.kubernetes.io/load-balance: "ewma" 15 | spec: 16 | ingressClassName: nginx 17 | rules: 18 | - http: 19 | paths: 20 | - path: /\.applicationserver/(info|kernel/stats) 21 | pathType: ImplementationSpecific 22 | backend: 23 | service: 24 | name: active-web-elements-server-info 25 | port: 26 | number: 8082 -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/services/active-web-elements-server-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: active-web-elements-server 7 | name: active-web-elements-server 8 | namespace: was 9 | annotations: 10 | prometheus.io/scrape: 'true' 11 | prometheus.io/path: /metrics 12 | prometheus.io/port: '8181' 13 | spec: 14 | ports: 15 | - name: "8080" 16 | port: 8080 17 | targetPort: 8080 18 | - name: "8181" 19 | port: 8181 20 | targetPort: 8181 21 | selector: 22 | app: active-web-elements-server 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | labels: 28 | app: active-web-elements-server 29 | name: active-web-elements-server-info 30 | namespace: was 31 | spec: 32 | ports: 33 | - name: "8082" 34 | port: 8082 35 | targetPort: 8080 36 | selector: 37 | app: active-web-elements-server 38 | publishNotReadyAddresses: true 39 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/services/active-web-elements-server-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: active-web-elements-server 7 | name: active-web-elements-server 8 | namespace: was 9 | annotations: 10 | prometheus.io/scrape: 'true' 11 | prometheus.io/path: /metrics 12 | prometheus.io/port: '8181' 13 | spec: 14 | ports: 15 | - name: "8080" 16 | port: 8080 17 | targetPort: 8080 18 | - name: "8181" 19 | port: 8181 20 | targetPort: 8181 21 | selector: 22 | app: active-web-elements-server 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | labels: 28 | app: active-web-elements-server 29 | name: active-web-elements-server-info 30 | namespace: was 31 | spec: 32 | ports: 33 | - name: "8082" 34 | port: 8082 35 | targetPort: 8080 36 | selector: 37 | app: active-web-elements-server 38 | publishNotReadyAddresses: true 39 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2021 Wolfram Research Inc. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so, 8 | subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 15 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 16 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 17 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 18 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/050-ConfigMap-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | data: 8 | log4j2.properties: | 9 | name = COConfig 10 | monitorInterval = 30 11 | 12 | appender.console.type = Console 13 | appender.console.name = STDOUT 14 | appender.console.layout.type = PatternLayout 15 | appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n 16 | 17 | rootLogger.level = ${env:STRIMZI_LOG_LEVEL:-INFO} 18 | rootLogger.appenderRefs = stdout 19 | rootLogger.appenderRef.console.ref = STDOUT 20 | 21 | # Kafka AdminClient logging is a bit noisy at INFO level 22 | logger.kafka.name = org.apache.kafka 23 | logger.kafka.level = WARN 24 | 25 | # Zookeeper is very verbose even on INFO level -> We set it to WARN by default 26 | logger.zookeepertrustmanager.name = org.apache.zookeeper 27 | logger.zookeepertrustmanager.level = WARN 28 | 29 | # Keeps separate level for Netty logging -> to not be changed by the root logger 30 | logger.netty.name = io.netty 31 | logger.netty.level = INFO 32 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/050-ConfigMap-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | data: 8 | log4j2.properties: | 9 | name = COConfig 10 | monitorInterval = 30 11 | 12 | appender.console.type = Console 13 | appender.console.name = STDOUT 14 | appender.console.layout.type = PatternLayout 15 | appender.console.layout.pattern = %d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n 16 | 17 | rootLogger.level = ${env:STRIMZI_LOG_LEVEL:-INFO} 18 | rootLogger.appenderRefs = stdout 19 | rootLogger.appenderRef.console.ref = STDOUT 20 | 21 | # Kafka AdminClient logging is a bit noisy at INFO level 22 | logger.kafka.name = org.apache.kafka 23 | logger.kafka.level = WARN 24 | 25 | # Zookeeper is very verbose even on INFO level -> We set it to WARN by default 26 | logger.zookeepertrustmanager.name = org.apache.zookeeper 27 | logger.zookeepertrustmanager.level = WARN 28 | 29 | # Keeps separate level for Netty logging -> to not be changed by the root logger 30 | logger.netty.name = io.netty 31 | logger.netty.level = INFO 32 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/kafka/kafka-topic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: KafkaTopic 3 | metadata: 4 | name: endpoint-info 5 | labels: 6 | strimzi.io/cluster: kafka-persistent 7 | spec: 8 | partitions: 2 9 | replicas: 3 10 | config: 11 | retention.bytes: -1 12 | retention.ms: -1 13 | cleanup.policy: compact 14 | min.cleanable.dirty.ratio: 0.05 15 | topicName: endpoint-info 16 | --- 17 | apiVersion: kafka.strimzi.io/v1beta2 18 | kind: KafkaTopic 19 | metadata: 20 | name: resource-info 21 | labels: 22 | strimzi.io/cluster: kafka-persistent 23 | spec: 24 | partitions: 2 25 | replicas: 3 26 | config: 27 | retention.bytes: -1 28 | retention.ms: -1 29 | cleanup.policy: compact 30 | min.cleanable.dirty.ratio: 0.05 31 | topicName: resource-info 32 | --- 33 | apiVersion: kafka.strimzi.io/v1beta2 34 | kind: KafkaTopic 35 | metadata: 36 | name: nodefile-info 37 | labels: 38 | strimzi.io/cluster: kafka-persistent 39 | spec: 40 | partitions: 2 41 | replicas: 3 42 | config: 43 | retention.bytes: -1 44 | retention.ms: -1 45 | cleanup.policy: compact 46 | min.cleanable.dirty.ratio: 0 47 | segment.ms: 100 48 | topicName: nodefile-info -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/kafka/kafka-topic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: KafkaTopic 3 | metadata: 4 | name: endpoint-info 5 | labels: 6 | strimzi.io/cluster: kafka-persistent 7 | spec: 8 | partitions: 2 9 | replicas: 3 10 | config: 11 | retention.bytes: -1 12 | retention.ms: -1 13 | cleanup.policy: compact 14 | min.cleanable.dirty.ratio: 0.05 15 | topicName: endpoint-info 16 | --- 17 | apiVersion: kafka.strimzi.io/v1beta2 18 | kind: KafkaTopic 19 | metadata: 20 | name: resource-info 21 | labels: 22 | strimzi.io/cluster: kafka-persistent 23 | spec: 24 | partitions: 2 25 | replicas: 3 26 | config: 27 | retention.bytes: -1 28 | retention.ms: -1 29 | cleanup.policy: compact 30 | min.cleanable.dirty.ratio: 0.05 31 | topicName: resource-info 32 | --- 33 | apiVersion: kafka.strimzi.io/v1beta2 34 | kind: KafkaTopic 35 | metadata: 36 | name: nodefile-info 37 | labels: 38 | strimzi.io/cluster: kafka-persistent 39 | spec: 40 | partitions: 2 41 | replicas: 3 42 | config: 43 | retention.bytes: -1 44 | retention.ms: -1 45 | cleanup.policy: compact 46 | min.cleanable.dirty.ratio: 0 47 | segment.ms: 100 48 | topicName: nodefile-info -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/052-FlowSchema-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flowcontrol.apiserver.k8s.io/v1 2 | kind: FlowSchema 3 | metadata: 4 | name: strimzi-operator 5 | spec: 6 | matchingPrecedence: 100 7 | priorityLevelConfiguration: 8 | name: strimzi-high 9 | rules: 10 | - subjects: 11 | - kind: ServiceAccount 12 | serviceAccount: 13 | name: strimzi-cluster-operator 14 | namespace: kafka 15 | resourceRules: 16 | # Strimzi CRs (namespaced) 17 | - apiGroups: ["kafka.strimzi.io"] 18 | resources: ["*"] 19 | verbs: ["*"] 20 | namespaces: ["kafka"] 21 | # Core + common groups Strimzi watches (namespaced) 22 | - apiGroups: ["", "apps", "batch", "coordination.k8s.io", "events.k8s.io", 23 | "networking.k8s.io", "policy", "rbac.authorization.k8s.io", 24 | "monitoring.coreos.com"] 25 | resources: ["*"] 26 | verbs: ["get","list","watch"] 27 | namespaces: ["kafka"] 28 | # Cluster-scoped reads (no namespace allowed here) 29 | - apiGroups: ["*"] 30 | resources: ["*"] 31 | verbs: ["get","list","watch"] 32 | clusterScope: true 33 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/052-FlowSchema-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: flowcontrol.apiserver.k8s.io/v1 2 | kind: FlowSchema 3 | metadata: 4 | name: strimzi-operator 5 | spec: 6 | matchingPrecedence: 100 7 | priorityLevelConfiguration: 8 | name: strimzi-high 9 | rules: 10 | - subjects: 11 | - kind: ServiceAccount 12 | serviceAccount: 13 | name: strimzi-cluster-operator 14 | namespace: kafka 15 | resourceRules: 16 | # Strimzi CRs (namespaced) 17 | - apiGroups: ["kafka.strimzi.io"] 18 | resources: ["*"] 19 | verbs: ["*"] 20 | namespaces: ["kafka"] 21 | # Core + common groups Strimzi watches (namespaced) 22 | - apiGroups: ["", "apps", "batch", "coordination.k8s.io", "events.k8s.io", 23 | "networking.k8s.io", "policy", "rbac.authorization.k8s.io", 24 | "monitoring.coreos.com"] 25 | resources: ["*"] 26 | verbs: ["get","list","watch"] 27 | namespaces: ["kafka"] 28 | # Cluster-scoped reads (no namespace allowed here) 29 | - apiGroups: ["*"] 30 | resources: ["*"] 31 | verbs: ["get","list","watch"] 32 | clusterScope: true 33 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/031-ClusterRole-strimzi-entity-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-entity-operator 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "kafka.strimzi.io" 10 | resources: 11 | # The entity operator runs the KafkaTopic assembly operator, which needs to access and manage KafkaTopic resources 12 | - kafkatopics 13 | - kafkatopics/status 14 | # The entity operator runs the KafkaUser assembly operator, which needs to access and manage KafkaUser resources 15 | - kafkausers 16 | - kafkausers/status 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - patch 23 | - update 24 | - delete 25 | - apiGroups: 26 | - "" 27 | resources: 28 | - events 29 | verbs: 30 | # The entity operator needs to be able to create events 31 | - create 32 | - apiGroups: 33 | - "" 34 | resources: 35 | # The entity operator user-operator needs to access and manage secrets to store generated credentials 36 | - secrets 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | - create 42 | - delete 43 | - patch 44 | - update 45 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/031-ClusterRole-strimzi-entity-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-entity-operator 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "kafka.strimzi.io" 10 | resources: 11 | # The entity operator runs the KafkaTopic assembly operator, which needs to access and manage KafkaTopic resources 12 | - kafkatopics 13 | - kafkatopics/status 14 | # The entity operator runs the KafkaUser assembly operator, which needs to access and manage KafkaUser resources 15 | - kafkausers 16 | - kafkausers/status 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - patch 23 | - update 24 | - delete 25 | - apiGroups: 26 | - "" 27 | resources: 28 | - events 29 | verbs: 30 | # The entity operator needs to be able to create events 31 | - create 32 | - apiGroups: 33 | - "" 34 | resources: 35 | # The entity operator user-operator needs to access and manage secrets to store generated credentials 36 | - secrets 37 | verbs: 38 | - get 39 | - list 40 | - watch 41 | - create 42 | - delete 43 | - patch 44 | - update 45 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/021-ClusterRole-strimzi-cluster-operator-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-cluster-operator-global 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "rbac.authorization.k8s.io" 10 | resources: 11 | # The cluster operator needs to create and manage cluster role bindings in the case of an install where a user 12 | # has specified they want their cluster role bindings generated 13 | - clusterrolebindings 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - create 19 | - delete 20 | - patch 21 | - update 22 | - apiGroups: 23 | - storage.k8s.io 24 | resources: 25 | # The cluster operator requires "get" permissions to view storage class details 26 | # This is because only a persistent volume of a supported storage class type can be resized 27 | - storageclasses 28 | verbs: 29 | - get 30 | - apiGroups: 31 | - "" 32 | resources: 33 | # The cluster operator requires "list" permissions to view all nodes in a cluster 34 | # The listing is used to determine the node addresses when NodePort access is configured 35 | # These addresses are then exposed in the custom resource states 36 | - nodes 37 | verbs: 38 | - list 39 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/021-ClusterRole-strimzi-cluster-operator-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-cluster-operator-global 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "rbac.authorization.k8s.io" 10 | resources: 11 | # The cluster operator needs to create and manage cluster role bindings in the case of an install where a user 12 | # has specified they want their cluster role bindings generated 13 | - clusterrolebindings 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - create 19 | - delete 20 | - patch 21 | - update 22 | - apiGroups: 23 | - storage.k8s.io 24 | resources: 25 | # The cluster operator requires "get" permissions to view storage class details 26 | # This is because only a persistent volume of a supported storage class type can be resized 27 | - storageclasses 28 | verbs: 29 | - get 30 | - apiGroups: 31 | - "" 32 | resources: 33 | # The cluster operator requires "list" permissions to view all nodes in a cluster 34 | # The listing is used to determine the node addresses when NodePort access is configured 35 | # These addresses are then exposed in the custom resource states 36 | - nodes 37 | verbs: 38 | - list 39 | -------------------------------------------------------------------------------- /Documentation/Architecture/images/core_model.drawio: -------------------------------------------------------------------------------- 1 | 7VldV9owGP41vdk5eGhCC1xaQN2XbmObuw1NKJlpU9NUwV9vkqZAS3eYHoFN8cK2Tz7e5nne500ABw7i+blA6ewzx4Q5oI3nDhw6ALjdtq8uGlmUCGgXSCQottgKGNMHYsGyW04xySodJedM0rQKhjxJSCgrGBKC31e7TTmrRk1RRDaAcYjYJnpNsZwVaA90V/gFodGsjOz6/aIlRmVnu5JshjC/X4PgyIEDwbks7uL5gDDNXsnL9fvFNft0459/+Jrdoh/Bx++XP1vFZGdPGbJcgiCJfPbUo0tKE4TwkJ73x/0vv67yMWyBYuo7xHLLlwN8poIEqV6xXFga/dtcLzOIkYho4sBT1dpO5+q/Ag1ZGm9JnhZtnbU2SeayhRiN7LhQrYKIajMmIRdIUm775AkmgtGErEKru8hezQtOSmCU4JRTxYxtUBRM6p0Vltaxmagjz1ozI1NZNPZ04+brBkY7lUyN7wIqMcEdEZKq7D0t+BoaRgPL3rCIFXDVa8pMLk6pEhkGU55I6z0X2OczFFOmbXtB2B3Rs+pFy5jpTsvYOiCZ17yyJdHcZfarukF4TKRYqHF2lp71i60YANrn+5X9XN9iszXr9S2GrOOj5cyrrFY3NrGfkOReQ5LXaDepBoNMCn6zrBNgP3yBTo2w7l8S5u6KMP8VVIVvJOO5CMn/WRV2HVkuUnKYyKna/A+0ZhoTnsvm4K+vDHfa/1od7r6CsjKWXBCsBl1Nfuvj6rG6NETGSKK3arPOwW3We5njDqZCJbgxyVBtpbrL7kjsehUSIWggsekEtLMjUP+PtSpLUbJmJRTrlE0mmb60T07e1bE1I1SH1jTRpamqQOkDW8NgULdLTDHWwwNBMvqAJmYq7VfzechQ4gWON9Rz5ZJn1jLqkaEJYQEKbyLBVfkbcMaFeQ14Zv52edz1avuS721o3WnQGuxK6jKHqlpXNHQ3RX2j6kF/u3pwr+q5W9UTq48CRxGNGP3tInb3KmLj91BHCzZvln5ts2w4cezXgvCo3rPVW54fD6ZeZ0O9sly+VYm8msEayqP3MhKpx9UPCKZt7XcYOHoE -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/terraform/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "azurerm" { 3 | resource_group_name = "XXXXXX" 4 | storage_account_name = "YYYYYY" 5 | container_name = "tfstate" 6 | key = "terraform.tfstate" 7 | } 8 | required_providers { 9 | azurerm = { 10 | source = "hashicorp/azurerm" 11 | version = ">= 4.38.0, < 5.0.0" 12 | } 13 | } 14 | required_version = ">= 1.13.1, < 1.14" 15 | } 16 | 17 | provider "azurerm" { 18 | features {} 19 | subscription_id = "${var.subscription_id}" 20 | tenant_id = "${var.tenant_id}" 21 | 22 | } 23 | 24 | resource "azurerm_kubernetes_cluster" "default" { 25 | name = "${var.cluster_name}-aks" 26 | location = "${var.region}" 27 | resource_group_name = "${var.resource_group}" 28 | dns_prefix = "${var.cluster_name}-k8s" 29 | kubernetes_version = "${var.cluster_version}" 30 | 31 | default_node_pool { 32 | name = "workernodes" 33 | vm_size = "${var.instance_type}" 34 | os_disk_size_gb = "${var.disk_size}" 35 | auto_scaling_enabled = true 36 | max_pods = "${var.max_pods}" 37 | min_count = "${var.min_worker_node}" 38 | max_count = "${var.max_worker_node}" 39 | } 40 | 41 | service_principal { 42 | client_id = "${var.appId}" 43 | client_secret = "${var.password}" 44 | } 45 | 46 | tags = { 47 | environment = "Wolfram Application Server" 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/metrics-server/metrics-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: metrics-server 6 | namespace: kube-system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: metrics-server 12 | namespace: kube-system 13 | labels: 14 | k8s-app: metrics-server 15 | spec: 16 | selector: 17 | matchLabels: 18 | k8s-app: metrics-server 19 | template: 20 | metadata: 21 | name: metrics-server 22 | labels: 23 | k8s-app: metrics-server 24 | spec: 25 | serviceAccountName: metrics-server 26 | volumes: 27 | # mount in tmp so we can safely use from-scratch images and/or read-only containers 28 | - name: tmp-dir 29 | emptyDir: {} 30 | containers: 31 | - name: metrics-server 32 | image: k8s.gcr.io/metrics-server/metrics-server:v0.4.2 33 | command: 34 | - /metrics-server 35 | - --kubelet-insecure-tls 36 | - --kubelet-preferred-address-types=InternalIP 37 | args: 38 | - --cert-dir=/tmp 39 | - --secure-port=4443 40 | ports: 41 | - name: main-port 42 | containerPort: 4443 43 | protocol: TCP 44 | securityContext: 45 | readOnlyRootFilesystem: true 46 | runAsNonRoot: true 47 | runAsUser: 1000 48 | imagePullPolicy: Always 49 | volumeMounts: 50 | - name: tmp-dir 51 | mountPath: /tmp 52 | nodeSelector: 53 | kubernetes.io/os: linux 54 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/metrics-server/metrics-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: metrics-server 6 | namespace: kube-system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: metrics-server 12 | namespace: kube-system 13 | labels: 14 | k8s-app: metrics-server 15 | spec: 16 | selector: 17 | matchLabels: 18 | k8s-app: metrics-server 19 | template: 20 | metadata: 21 | name: metrics-server 22 | labels: 23 | k8s-app: metrics-server 24 | spec: 25 | serviceAccountName: metrics-server 26 | volumes: 27 | # mount in tmp so we can safely use from-scratch images and/or read-only containers 28 | - name: tmp-dir 29 | emptyDir: {} 30 | containers: 31 | - name: metrics-server 32 | image: k8s.gcr.io/metrics-server/metrics-server:v0.4.2 33 | command: 34 | - /metrics-server 35 | - --kubelet-insecure-tls 36 | - --kubelet-preferred-address-types=InternalIP 37 | args: 38 | - --cert-dir=/tmp 39 | - --secure-port=4443 40 | ports: 41 | - name: main-port 42 | containerPort: 4443 43 | protocol: TCP 44 | securityContext: 45 | readOnlyRootFilesystem: true 46 | runAsNonRoot: true 47 | runAsUser: 1000 48 | imagePullPolicy: Always 49 | volumeMounts: 50 | - name: tmp-dir 51 | mountPath: /tmp 52 | nodeSelector: 53 | kubernetes.io/os: linux 54 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/hpa/active-web-elements-server-hpa-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: active-web-elements-server-hpa 5 | namespace: was 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: active-web-elements-server-deployment 11 | minReplicas: 2 12 | maxReplicas: 10 13 | metrics: 14 | - type: Object 15 | object: 16 | metric: 17 | name: MSP_RecentMaxKernelPercentageUse 18 | describedObject: 19 | kind: Service 20 | name: active-web-elements-server 21 | target: 22 | averageValue: 90 23 | type: AverageValue 24 | - type: Object 25 | object: 26 | metric: 27 | name: MSP_QueueSize 28 | describedObject: 29 | kind: Service 30 | name: active-web-elements-server 31 | target: 32 | averageValue: 2 33 | type: AverageValue 34 | - type: Object 35 | object: 36 | metric: 37 | name: Public_RecentMaxKernelPercentageUse 38 | describedObject: 39 | kind: Service 40 | name: active-web-elements-server 41 | target: 42 | averageValue: 90 43 | type: AverageValue 44 | - type: Object 45 | object: 46 | metric: 47 | name: Public_QueueSize 48 | describedObject: 49 | kind: Service 50 | name: active-web-elements-server 51 | target: 52 | averageValue: 2 53 | type: AverageValue 54 | - type: Resource 55 | resource: 56 | name: cpu 57 | target: 58 | type: Utilization 59 | averageUtilization: 85 60 | - type: Resource 61 | resource: 62 | name: memory 63 | target: 64 | type: Utilization 65 | averageUtilization: 90 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/hpa/active-web-elements-server-hpa-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: active-web-elements-server-hpa 5 | namespace: was 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: active-web-elements-server-deployment 11 | minReplicas: 2 12 | maxReplicas: 10 13 | metrics: 14 | - type: Object 15 | object: 16 | metric: 17 | name: MSP_RecentMaxKernelPercentageUse 18 | describedObject: 19 | kind: Service 20 | name: active-web-elements-server 21 | target: 22 | averageValue: 90 23 | type: AverageValue 24 | - type: Object 25 | object: 26 | metric: 27 | name: MSP_QueueSize 28 | describedObject: 29 | kind: Service 30 | name: active-web-elements-server 31 | target: 32 | averageValue: 2 33 | type: AverageValue 34 | - type: Object 35 | object: 36 | metric: 37 | name: Public_RecentMaxKernelPercentageUse 38 | describedObject: 39 | kind: Service 40 | name: active-web-elements-server 41 | target: 42 | averageValue: 90 43 | type: AverageValue 44 | - type: Object 45 | object: 46 | metric: 47 | name: Public_QueueSize 48 | describedObject: 49 | kind: Service 50 | name: active-web-elements-server 51 | target: 52 | averageValue: 2 53 | type: AverageValue 54 | - type: Resource 55 | resource: 56 | name: cpu 57 | target: 58 | type: Utilization 59 | averageUtilization: 85 60 | - type: Resource 61 | resource: 62 | name: memory 63 | target: 64 | type: Utilization 65 | averageUtilization: 90 -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | ARG KUBECTL_VERSION="v1.34.0" 4 | ARG TERRAFORM_VERSION="1.13.1" 5 | ARG HELM_VERSION="v3.15.2" 6 | ARG TARGETARCH=amd64 7 | 8 | ENV DEBIAN_FRONTEND=noninteractive \ 9 | LANG='en_US.UTF-8' \ 10 | LANGUAGE='en_US:en' \ 11 | LC_ALL='en_US.UTF-8' 12 | 13 | RUN \ 14 | apt-get update && \ 15 | apt-get install -y --no-install-recommends \ 16 | ca-certificates \ 17 | curl \ 18 | unzip \ 19 | git \ 20 | procps \ 21 | vim-tiny \ 22 | locales \ 23 | && \ 24 | update-ca-certificates && \ 25 | \ 26 | locale-gen en_US.utf8 && \ 27 | \ 28 | # Install Azure CLI 29 | curl -sL https://aka.ms/InstallAzureCLIDeb | bash && \ 30 | \ 31 | # Install kubectl 32 | curl -fLO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && \ 33 | install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \ 34 | \ 35 | # Install Helm 36 | curl -fL "https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz" | tar -xz && \ 37 | install -o root -g root -m 0755 linux-${TARGETARCH}/helm /usr/local/bin/helm && \ 38 | \ 39 | # Install Terraform 40 | curl -fL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip" -o "terraform.zip" && \ 41 | unzip -o terraform.zip -d /usr/local/bin && \ 42 | \ 43 | apt-get purge -y --auto-remove unzip && \ 44 | rm -rf \ 45 | /var/lib/apt/lists/* \ 46 | kubectl \ 47 | helm \ 48 | linux-${TARGETARCH}/ \ 49 | terraform.zip && \ 50 | \ 51 | echo "--- Verifying Installations ---" && \ 52 | kubectl version --client && \ 53 | helm version && \ 54 | terraform --version && \ 55 | az --version && \ 56 | echo "--- Verification Complete ---" 57 | 58 | WORKDIR / 59 | ENTRYPOINT ["bash"] -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/kafka/kafka-persistent.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: Kafka 3 | metadata: 4 | name: kafka-persistent 5 | namespace: kafka 6 | spec: 7 | kafka: 8 | version: 3.0.0 9 | replicas: 3 10 | listeners: 11 | - name: plain 12 | port: 9092 13 | type: internal 14 | tls: false 15 | configuration: 16 | useServiceDnsDomain: true 17 | - name: tls 18 | port: 9093 19 | type: internal 20 | tls: true 21 | authentication: 22 | type: tls 23 | resources: 24 | requests: 25 | cpu: 500m 26 | memory: 500Mi 27 | limits: 28 | cpu: 1000m 29 | memory: 2Gi 30 | config: 31 | offsets.topic.replication.factor: 1 32 | transaction.state.log.replication.factor: 1 33 | transaction.state.log.min.isr: 1 34 | log.message.format.version: "3.0" 35 | inter.broker.protocol.version: "3.0" 36 | storage: 37 | type: jbod 38 | volumes: 39 | - id: 0 40 | type: persistent-claim 41 | size: 10Gi 42 | deleteClaim: false 43 | template: 44 | pod: 45 | securityContext: 46 | fsGroup: 1001 47 | fsGroupChangePolicy: OnRootMismatch 48 | zookeeper: 49 | replicas: 3 50 | jvmOptions: 51 | javaSystemProperties: 52 | - name: zookeeper.ssl.hostnameVerification 53 | value: "false" 54 | - name: zookeeper.ssl.quorum.hostnameVerification 55 | value: "false" 56 | resources: 57 | requests: 58 | cpu: 200m 59 | memory: 512Mi 60 | limits: 61 | cpu: 500m 62 | memory: 1Gi 63 | storage: 64 | type: persistent-claim 65 | size: 10Gi 66 | deleteClaim: false 67 | template: 68 | pod: 69 | securityContext: 70 | fsGroup: 1001 71 | fsGroupChangePolicy: OnRootMismatch 72 | entityOperator: 73 | topicOperator: {} 74 | userOperator: {} 75 | -------------------------------------------------------------------------------- /Documentation/Architecture/images/system_components.drawio: -------------------------------------------------------------------------------- 1 | 7VtLc6M4EP41Pm5KIPw6xo4nO5N4yzU+TDI32ShYU4BYIb/y61eAMA9hL7axwa7kkKIbSeBP/XW3WqIFh87mmSFvMaYmtls6MDct+NTS9b7REf8DxTZSdIAeKSxGzEilJYop+cRSCaR2SUzsZxpySm1OvKxyTl0Xz3lGhxij62yzD2pnn+ohCyuK6RzZqvYXMfki0vbaINH/jYm1iJ+sAXnHQXFjqfAXyKTrlAqOWnDIKOXRlbMZYjvALsYl6vdtz93dizHs8jId/vScZzz+/KfzNnz/DVZjAD+9v3Q5PT7fxr8YmwIAKVLGF9SiLrJHiXbA6NI1cTAsEFLS5pVSTyg1ofyDOd/K2URLToVqwR1b3sUbwt+C7g9tKb2n7jxt5MihsI0F13wM5lOILnVxpPlGbHt3n7PtWzxMILwnTwjEZNhQ2qalCWbEwRwzqVSxlXD7dMnm+ACgmjRvjpiF+SHkjahhAHfqEXLunjEV78O2ogHDNuJklbVHJM3a2rXbdZ1QIl5aB5KBRmyQkoCCgdkhojeVvRL7EWCjbaqZFzTw9z8H5p8Dcub4f+07mfbiInqDWEphkqhCEz/C3OPZWSF7KQFtDfXW42BOHU9YlXhBIQ7E/HdsMXmDGRNXFg8tQmpixeM8nBQd/MJCB0Y2dnAIEJhitsIs7iDec5YMkuNaihOiCyfC7zzaxHKFjgdc2m+IQXO8OWg48V09C3RPiuvEnel9qVukXZmeM5S0raWm6YRZqNXpaCmXkzigfU5HOhVwrFM57KzO8C8l3Uts6dW5l/OmXOWdYgK2LYJ6gNV6QTieeigEYi3SiuxEIt+LIv0H2QQGUQVJjCxHdrafIolRwBHjYhTpf1HkVIr0ylIENIoivduiyE6uiyK7vPqLIkdTpF+WIlqjKNK/LYrATt0UgXVSBDx0j1neVbh8u2D6BUoyR6+cOSetyhSTzBcJ8qsy7cz2vSus4vT2zXn+e7HqyosW52XJQA0IJy7nf2KJkg7GyEXW8Qv4CuJHfqmuw7YSQLROQQRpXyyCFETYL6qdQ7WyC/jqA8h5VCtYwZ9ItZFrejKKNIdqsF031bRurcnaTVPt91qbTKfDl/lo/PS6HM5+vKDn0qWyyitlJ2VqWr4EZRzOvJT20oAvWz/v3ZyNHr3mvm44gHUZ6Xm+ClYWDdZ49oKZG+waXz0I6DDHIagu2K+cb6m45iHwF8gLLj1GV0Tw6if+d0kYNr+7wmA/wnLHoGBf6RXNsD2hPuGEBvtLM8o5dUQDU3SeS+Ua+7waaLVu3p3pCrTxOi6NbKyrHFlYa7nwKNclBNUDNa2EqJcOr71GuS69IJG9TYpB2LRyY62bVndIMaMsxbrNophxNxTLF2Rq3/TqVpZ4TTllweG36MAKCUpfV0/AYL9xBa+CbdiTAWYYOcS1GgVx/YUOWGtNsbIwcXTx41JhAt5oJgZr3Z08qrZ8X3bQsLNhsOaMHKOq0oV2t2EZeRxOU9BOljMFXfHzeBZAJE+hzrEbmrxyPNUhphkREvvkE83CoQL7lXVOMW570Go/BWMJDvoRHauKafmVT8m07GInWmFHwXl6Bzgr9lw7zmr6G2/c+jePdlz6inPhgjOo3auCrabC8dbd3YFdZNmXArtws+p2cuLGbf6V/g7n0C7h1Xb/9m/o5WoNmgEeQPoPZp8ZQaB8t6OOm6/Et42HXJF9zydAJ+waHoL4UH5Xw2FNTcu6AK2o9lD0XczxLkCIyXd+EarJx5Jw9B8= -------------------------------------------------------------------------------- /Documentation/Architecture/images/deploying_node_file.drawio: -------------------------------------------------------------------------------- 1 | 5VrbcuI4EP0aHkNZlm3MI5BkZmpntlJFbU32UWABSoTFyoLAfv1K2MIXGXyJyW1JVbBasoS7T59utdyDk/X+G0eb1S8WYNqzrWDfg7c923YdIP8rwSEWQMeKBUtOglgEUsGU/IsToR62JQGOcgMFY1SQTV44Z2GI5yInQ5yzl/ywBaP5VTdoiQ3BdI6oKf1NArGKpb5rpfLvmCxXemVgJT1rpAcngmiFAvaSEcG7HpxwxkR8td5PMFW603qJ77s/03s/Bfsf6PFpdPOHN7lxn/bYerqx3XitHaLb5AH+CgURFAdS+hMdME9+jDjoJ9QPwnEo2i/sGQvf4h2mbFOy4kqsqbwCPTjeYS6I1PaIkmUoZYJtpHRBKJ0wyvhxPFy46k/JWSgy8vgj5ZHg7BnrnpCFcqExRTNMx2j+vORsGwaFXjVVgjYJNTg2tXBZwfJ3430GIomuvmG2xoIf5JCkd5iYP8G/nzRfUjANEtEqgyNbwwgl+F2eJk5NIy8S6zSx1MCw1FQwrtzA9qhcfjzjOXN5/2wVRI8au4mOKhvJAcDa7I960/3yaqm+p5jvyBxfsnon9i2Hzgex+sczu19ido7RmoTLtzP813d36A/7w+zHqcKBZ/XdN0XC0EDCaC7ITvk/Wit7hLNIff3Gs46QcUfxWio66hBol8PK1ycYx68kGO9NYQUtA1Z/ymRQSu4JxV2Z/hcKZaT6n6cU4B2DCzCsfM84jvXRSSZpLnDJ2BtGFK9IsTvuubdKgjmRT4WVYRgXK7ZkIaIPqbTCiuZDgMb2sfP2Aa5pIFBioMHVKP/z69T+aDqFhk43LBJqp4sEasJPMyYEW8sOHAYjtWNVMsrmz0eR/KmPUmDpxt+q0bfcgRLsiXhMZlXXcZ/tJs3bvb5RNQ6ZRsZy6czp8GPrkG0Vb6hNhP4l6+Mgt/c+a/sbqw8cnbZwTNExW8nt9Eusm0z3oNCc8U1YxJGXnyJiWz7HyV1Z8ipMZALS7Q/9TOLn5ucViC+xuDCvHsgWiwgLA58ntbSHrGNA9hQS2kNV7vBl1zhA0QoHGoxhkLG/hqmVg6kPvSzAQR/kIT50rw7MZk7SHsavhizIIc0GTr8puM6A9jgVyIDWr+UMXQHSrFZ9urgEW8Yl51pxySzvvJeHD5oHosvmSskiTxUqNrTgirPWj1FfjdvY66rzrmsTxAlMGoN+AVy16aGwsQBvzAdmjerT88GJcd+LD8xqD8co6DpPLSUAZ9g8yjYL4GcIwW6VO7TnA+DUJAS/JiEkYJIqHOgqzis5wim4tgG4yrz3fH5qLAbdwmKwHiF1xSPawTKg7wLt1YGwIn6V7tcGjt1uw1ayL/Rtvw3y627YKh3Br+kH2mHqO4LXjRcUdn+21zJSwkLIhaA7d+rMC75AKc0Bbl9y17njFFBS+nzT6ArOloE26vxfrqjKohYJF6wj9mkYIIN7op7oxCQl/COdsbO9cLXnN6/92IaJtdVfmzcX2cBy+kPfSj92Q58+nQEW5/14tSBgFoM+HTm41kAXQk6arscHRdrvjg/MksYn4IO+VaAEF16tPNYgO6jOu8/go3uqcLxi4axpvD9zbmtMdO3U2HxRywBitEIbdbld09FcKDidAPlToe2BRUQQlgNm+alrBtLXP3UDRTYAlmeyQcmheHF30t0ZkZmBRVKfuOPdd82qWWGvADvYKZRnFGAArkYf3RfPigdCnkwCvEzGOWiZBBQLw2rekheDXu33spm+RBoPT9/EhXf/AQ== -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/kafka/kafka-persistent.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: Kafka 3 | metadata: 4 | name: kafka-persistent 5 | namespace: kafka 6 | spec: 7 | kafka: 8 | version: 3.0.0 9 | replicas: 3 10 | listeners: 11 | - name: plain 12 | port: 9092 13 | type: internal 14 | tls: false 15 | configuration: 16 | useServiceDnsDomain: true 17 | - name: tls 18 | port: 9093 19 | type: internal 20 | tls: true 21 | authentication: 22 | type: tls 23 | resources: 24 | requests: 25 | cpu: 500m 26 | memory: 500Mi 27 | limits: 28 | cpu: 1000m 29 | memory: 2Gi 30 | config: 31 | offsets.topic.replication.factor: 1 32 | transaction.state.log.replication.factor: 1 33 | transaction.state.log.min.isr: 1 34 | log.message.format.version: "3.0" 35 | inter.broker.protocol.version: "3.0" 36 | storage: 37 | type: jbod 38 | volumes: 39 | - id: 0 40 | type: persistent-claim 41 | class: kafka-standardssd-xfs 42 | size: 10Gi 43 | deleteClaim: false 44 | template: 45 | pod: 46 | securityContext: 47 | fsGroup: 1001 48 | fsGroupChangePolicy: OnRootMismatch 49 | zookeeper: 50 | replicas: 3 51 | jvmOptions: 52 | javaSystemProperties: 53 | - name: zookeeper.ssl.hostnameVerification 54 | value: "false" 55 | - name: zookeeper.ssl.quorum.hostnameVerification 56 | value: "false" 57 | resources: 58 | requests: 59 | cpu: 200m 60 | memory: 512Mi 61 | limits: 62 | cpu: 500m 63 | memory: 1Gi 64 | storage: 65 | type: persistent-claim 66 | class: kafka-standardssd-xfs 67 | size: 10Gi 68 | deleteClaim: false 69 | template: 70 | pod: 71 | securityContext: 72 | fsGroup: 1001 73 | fsGroupChangePolicy: OnRootMismatch 74 | entityOperator: 75 | topicOperator: {} 76 | userOperator: {} 77 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | 3 | ARG KUBECTL_VERSION="v1.34.0" 4 | ARG TERRAFORM_VERSION="1.13.1" 5 | ARG HELM_VERSION="v3.15.2" 6 | ARG TARGETARCH=amd64 7 | 8 | ENV DEBIAN_FRONTEND=noninteractive \ 9 | LANG='en_US.UTF-8' \ 10 | LANGUAGE='en_US:en' \ 11 | LC_ALL='en_US.UTF-8' 12 | 13 | RUN \ 14 | apt-get update && \ 15 | apt-get install -y --no-install-recommends \ 16 | ca-certificates \ 17 | curl \ 18 | unzip \ 19 | git \ 20 | procps \ 21 | vim-tiny \ 22 | locales \ 23 | less \ 24 | && \ 25 | update-ca-certificates && \ 26 | \ 27 | locale-gen en_US.utf8 && \ 28 | \ 29 | # Install AWS CLI 30 | ARCH_SUFFIX="x86_64" && \ 31 | if [ "$TARGETARCH" = "arm64" ]; then ARCH_SUFFIX="aarch64"; fi && \ 32 | curl -fL "https://awscli.amazonaws.com/awscli-exe-linux-${ARCH_SUFFIX}.zip" -o "awscliv2.zip" && \ 33 | unzip awscliv2.zip && \ 34 | ./aws/install && \ 35 | \ 36 | # Install kubectl 37 | curl -fLO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" && \ 38 | install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \ 39 | \ 40 | # Install Helm 41 | curl -fL "https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz" | tar -xz && \ 42 | install -o root -g root -m 0755 linux-${TARGETARCH}/helm /usr/local/bin/helm && \ 43 | \ 44 | # Install Terraform 45 | curl -fL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${TARGETARCH}.zip" -o "terraform.zip" && \ 46 | unzip -o terraform.zip -d /usr/local/bin && \ 47 | \ 48 | apt-get purge -y --auto-remove unzip && \ 49 | rm -rf \ 50 | /var/lib/apt/lists/* \ 51 | /aws/ \ 52 | awscliv2.zip \ 53 | kubectl \ 54 | helm \ 55 | linux-${TARGETARCH}/ \ 56 | terraform.zip && \ 57 | \ 58 | echo "--- Verifying Installations ---" && \ 59 | kubectl version --client && \ 60 | helm version && \ 61 | terraform --version && \ 62 | aws --version && \ 63 | echo "--- Verification Complete ---" 64 | 65 | WORKDIR / 66 | ENTRYPOINT ["bash"] -------------------------------------------------------------------------------- /Documentation/Architecture/images/creating_a_service.drawio: -------------------------------------------------------------------------------- 1 | 7VvbcqM4EP0aP9qFENfH2Elmp3amKrWpnck8KkaxSQCxQk7s+fqVjLjKNzA4JDVOVQKNLEGf06e75XgEZ+H6C0Xx8jvxcDDSNW89gtcjXbcdh/8Whk1qMCxpWFDfS02gMNz7v7E0atK68j2cVAYyQgLmx1XjnEQRnrOKDVFK3qrDnkhQXTVGC6wY7ucoUK0/fY8tU6tjaoX9L+wvltnKQJNXQpQNloZkiTzyVjLBmxGcUUJYehSuZzgQvsv8kr7vds/V23uw/ooenq/Gf1uzsfm8xtrzWDfTtV5RsJIP8G/EfBZgj1u/oQ2m8mbYJnvC7EEojlj7hS1l4Wv8igMS71hxycKAH4ERnL5iynzu7avAX0TcxkjMrU9+EMxIQOh2PHwyxY+wk4iV7OmL2xNGyQvOrkQk4gtNA/SIgymavywoWUVe7aqYSrKNUw1OVS8cdjC/b7wuUUT66gsmIWZ0w4fIq66EX/LfkadvBZlsaVqWeJSPQ5K/i3ziAhp+INFpgpStIHXPKEahHy1GuhXwG5g+0gpg1n8rQdKtz8bJ1mlXfADQ4nVxkR8txN97TF/9OT4Eeifw7mbOQEAfHurODtQJFeJ3Gcw/f6DDwWHuKpjfRF5MfP7gJdBTCL+jiJPhoFZ//rA1jkNoXRRCqCkQ/oMTsqJz3ArCzx+F4B2jEChg3RKKU390UmWpCxwCexvp28cxpyPzWlgw9flTYQEMoWxJFiRCwV1hPYKi+hCgMT56FR9gqgCBXQBpvcnkx3eq3tKpAPYmXIpTY5LwtKPRXL5OV6lHwhgJ+QUceVeipxO2gMxftiZ+uw/cMNYmumFmll/cok00w84M18JVWn62KZ+VsNoaT5Yy5xB88jmPRjNDdIEPimA6DnuVTnUvGbgjgJHlfooDxPzXajO7C2053V1aHeTRateIZdcIkz6kfFdZzrKJsoHk6SnBTOFVfvvtqWYoVMu1oj29eN/KL009lCyxJ9/HL5dwz4kHJqDKOtccMumMZmzSJg7QYTdkgqBCJmjUpkgj4V3JpO6ffLhkAOvJwD0tGbh95QJ1w6H/6DzsZbz2mcwZmm1IQxq8dpoy+HkRvOJkUzqph+4Z0QhOjMYzQ0+HNU7Uy92joZd1SODIRHsSQlfxqW5jfPj4hODUCrin+FS3CWSthvPdgk7CdX/GLBVuvaVMfj+3vnBMHsYPaY2ogYoAWPpFBaBhOhaKZWlGJ/nYBLBKxDrDzijulMVgTYH4Ytz1pZd1kiB1pSPgE7TSBrAnZlWNT+z7jL6kBJzQ92lsE5/d/klJaaYAecy7llmJecN1Gsd8VU/aK4Dk3dEu0GwuFCC7iRIdsnx9dkFRreVzmp2sHXt0QUlzA2gKgNpifjixMEFVKvJd0CNS0dvWNlA/MVacmixRLA5XYXA1Z8IjuTh8Ew67I4nPfFIRid1b3CV4+t/iVHU5y25lZ5uqs/vbjlPTXcL9KdTYQwydq8bZZlwrOa6WX5oDW0hxsQdY2vJLJ4Ttasu9PDgq1O/W01lwYrulikpvp8hKi2cZFy3NoL6vhuiqH2lH14xkom7VaxyD7oU51rxtcDTL7KsaAPUk7trtuGcdm2gA1QDcW+Myji5ZddUun7aFBXjz7FQU1LKaK+jBXnkvTZvUojrosRatkcY2D7aWJ5emujLv8MioblhLMsbi/w/fscsqp3XQmJA9MFAz1SKsLwbWP6xuTbn6RJelnPN1+eMOueGz//NHMv29GSdA3//RbigQ/LS9fY1qO+j4br247k4swy1eTpVD9a6iNRnrEw2AjHvlb77E85dkFf4h47DIaJgdkbE+0QDIqO5oZLmYEPHmCIV/xHFgfDTdjvhYn6hXPvLT4osj6fDi2zfw5n8= -------------------------------------------------------------------------------- /Documentation/Architecture/images/calling_service.drawio: -------------------------------------------------------------------------------- 1 | 5Vvfc9o4EP5reMRjWf75GEjo3SSdyZRp03u6MViAE2FxQhDoX38SlkG2DBjXBGjIQ+WVWKHdbz+tVm4LdqerLzScTb6SCOGWZUarFrxvWRaADuD/CMk6lfiOmQrGNI7koJ2gH/9CUpgNW8QRmucGMkIwi2d54ZAkCRqynCyklLznh40Izs86C8dIE/SHIdalL3HEJoVVCPlfKB5PspmBKXumYTZYCuaTMCLvigg+tGCXEsLS1nTVRVgYL7NL+r3ent5eH6z+Dn++3rUf3W7beV0h87VtOelcyxAv5AK+JyxmGEVc+hSuEZU/hq2zFWYLoShh9Sd29YnnJZNN2BTzFmjBzhJRFnND3+F4nHAZIzMuHcUYdwkmdDMejhzxJ+QkYYo8/XD5nFHyhrKehCR8og4OBwh3wuHbmJJFEhV6hSoJNI4y2NENcNi2/HejlYIOaaYviEwRo2s+RPYG0vMS+p58fN/hKBNNFAhZUApDCd3xVvHOK7whHXOKkzzNSd/QnCzoELUsF/P5OwPuMncsWl/DhGP7oAcb8VU5DK7Eg/DqXOhrLnxHg0dEE8G7nznYri7aMsWKq+6GLF7yWDNf0ECPuAeMptwqc72nj+jys5MpuKR/vafgx8Lzf83+/bZ8/A5erfVLG+j+7TNCRT6hOFDxl/vfQuz1G5O15xub3fEBwJytNobL+lWvx4Kab4aBNW9WRsJet9sXdDvQHNwjFKX2aCRr0ic45OwZiQU7cLHTaTn3QoJozFeFhGMIZRMyJkmIn3fSI17UFwH2OHJ/WFp5/wCoOwiUOAg4Z9sib9+o1tUZFWpGHSMmjHqco4r0MiCMkSnvQEl0J05oQobJ8O0U0vHF91cx+yknEe1/eNs0TNuTz/fCmmb2sFYeFGfel29a0mUyOT4awSykwh5HQYmi3GlTBwBFONzkCLlzbIk35VefBXyVaLSLwPHyKtIFyW+pdFVU5OcVwSKy0hVrijbg2q6nPt5sDW8UzReY/S7QyAzxrk4UzicoyrCTRAqqakHQzEEw8BuE4NkhA/OetjxYydOaoiJpcUWG6VSCX1Oo0asfN0f9dpH63WrUb5+L+fWawaVjkBuXrrfELx7SsIMOzAS7uNs8rdWnYuSVx7Br2bcTw1YhhkEAjaAQelXDWAPgRlew+/gfGtLgD8iRYZEZzWox7Z8rpoGezmVnVrHBVTm1+vzQqp1Y05ywEVUvBI9oOOXdD8k4TrZnar7eVG86bK/4avJR23VPJpItw20fpC7brsNw9XlJArhtGgBkkaiANgNow/TF01jDD06mHE2vFndcb+Cau499IkVmA8loNEfnoTv9HkXD8nwSzkRzMcV3QyYAucX0k8DrM5nHLCY5bJfXeJSoOH+hAHiGk3NHUMKCjs6CTVRy/OfB6KU3/mEvn3rfFmRh9drdEwsFl8xsHLfBxOZ20xoOmXo5jUYERUXNJTGlSCtJYpBoh+yaKic2OP3Yum+n8jz/U+xUtmOYtrKjWA3tVEIv2L8DfuxOVY5p/WCICXlbzC6DaI6PvpwS4QF5f9gJFFo1TNPNAxXAi6VUtmfnN0SrIZA6xSKgWw+VHO2GqR798j8XOLYBLAX8biWQcj+Ha2WYPLLtX06xpunkblp4I9V41lyt7AJQP0TdUo3SqZsIFBBeEgV7Qa+Sc9NM7IJK6DtOvS5nCaiA/tTgOT/w9DMCRWHUFO9ukwMjnx4A6J+MmNOAuieXAE59hj4O1gqXN3tuqH8XwVZgqIfcIM9yLifXuufeoFhDrsbMTeFTzwz+aHxC1zsnQBsHnn0YeJ5t1MSdUywdeyKL/VDo6a/HHYLduarFR96DObxJalaseAN0thedgpNs+iF1kvLKxuYVp5rn10LFxYe17pIuF9PFGyDfNgK1hlrzNkgD4xG9tQsp/HH3Knw6fPcfCuDD/w== -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/ingress/was-ingress-awes-service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: was-ingress-awes 6 | namespace: was 7 | labels: 8 | app.kubernetes.io/name: ingress-nginx 9 | app.kubernetes.io/part-of: ingress-nginx 10 | annotations: 11 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "360" 12 | nginx.ingress.kubernetes.io/proxy-send-timeout: "360" 13 | nginx.ingress.kubernetes.io/proxy-read-timeout: "360" 14 | nginx.ingress.kubernetes.io/load-balance: "ewma" 15 | spec: 16 | ingressClassName: nginx 17 | rules: 18 | - http: 19 | paths: 20 | - path: / 21 | pathType: Prefix 22 | backend: 23 | service: 24 | name: active-web-elements-server 25 | port: 26 | number: 8080 27 | --- 28 | apiVersion: networking.k8s.io/v1 29 | kind: Ingress 30 | metadata: 31 | name: was-ingress-endpoints-restart-rollout 32 | namespace: was 33 | labels: 34 | app.kubernetes.io/name: ingress-nginx 35 | app.kubernetes.io/part-of: ingress-nginx 36 | annotations: 37 | nginx.ingress.kubernetes.io/use-regex: "true" 38 | nginx.ingress.kubernetes.io/rewrite-target: /restart/kubernetes/active-web-elements-server-deployment 39 | nginx.ingress.kubernetes.io/auth-type: basic 40 | nginx.ingress.kubernetes.io/auth-secret: basic-auth 41 | nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' 42 | 43 | spec: 44 | ingressClassName: nginx 45 | rules: 46 | - http: 47 | paths: 48 | - path: /.applicationserver/kernel/restart 49 | pathType: Prefix 50 | backend: 51 | service: 52 | name: endpoint-manager 53 | port: 54 | number: 8085 55 | --- 56 | apiVersion: networking.k8s.io/v1 57 | kind: Ingress 58 | metadata: 59 | name: was-ingress-awes-info 60 | namespace: was 61 | labels: 62 | app.kubernetes.io/name: ingress-nginx 63 | app.kubernetes.io/part-of: ingress-nginx 64 | annotations: 65 | nginx.ingress.kubernetes.io/use-regex: "true" 66 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "360" 67 | nginx.ingress.kubernetes.io/proxy-send-timeout: "360" 68 | nginx.ingress.kubernetes.io/proxy-read-timeout: "360" 69 | nginx.ingress.kubernetes.io/load-balance: "ewma" 70 | spec: 71 | ingressClassName: nginx 72 | rules: 73 | - http: 74 | paths: 75 | - path: /\.applicationserver/(info|kernel/stats) 76 | pathType: ImplementationSpecific 77 | backend: 78 | service: 79 | name: active-web-elements-server-info 80 | port: 81 | number: 8082 82 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/ingress/was-ingress-awes-service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: was-ingress-awes 6 | namespace: was 7 | labels: 8 | app.kubernetes.io/name: ingress-nginx 9 | app.kubernetes.io/part-of: ingress-nginx 10 | annotations: 11 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "360" 12 | nginx.ingress.kubernetes.io/proxy-send-timeout: "360" 13 | nginx.ingress.kubernetes.io/proxy-read-timeout: "360" 14 | nginx.ingress.kubernetes.io/load-balance: "ewma" 15 | spec: 16 | ingressClassName: nginx 17 | rules: 18 | - http: 19 | paths: 20 | - path: / 21 | pathType: Prefix 22 | backend: 23 | service: 24 | name: active-web-elements-server 25 | port: 26 | number: 8080 27 | --- 28 | apiVersion: networking.k8s.io/v1 29 | kind: Ingress 30 | metadata: 31 | name: was-ingress-endpoints-restart-rollout 32 | namespace: was 33 | labels: 34 | app.kubernetes.io/name: ingress-nginx 35 | app.kubernetes.io/part-of: ingress-nginx 36 | annotations: 37 | nginx.ingress.kubernetes.io/use-regex: "true" 38 | nginx.ingress.kubernetes.io/rewrite-target: /restart/kubernetes/active-web-elements-server-deployment 39 | nginx.ingress.kubernetes.io/auth-type: basic 40 | nginx.ingress.kubernetes.io/auth-secret: basic-auth 41 | nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' 42 | 43 | spec: 44 | ingressClassName: nginx 45 | rules: 46 | - http: 47 | paths: 48 | - path: /.applicationserver/kernel/restart 49 | pathType: ImplementationSpecific 50 | backend: 51 | service: 52 | name: endpoint-manager 53 | port: 54 | number: 8085 55 | --- 56 | apiVersion: networking.k8s.io/v1 57 | kind: Ingress 58 | metadata: 59 | name: was-ingress-awes-info 60 | namespace: was 61 | labels: 62 | app.kubernetes.io/name: ingress-nginx 63 | app.kubernetes.io/part-of: ingress-nginx 64 | annotations: 65 | nginx.ingress.kubernetes.io/use-regex: "true" 66 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "360" 67 | nginx.ingress.kubernetes.io/proxy-send-timeout: "360" 68 | nginx.ingress.kubernetes.io/proxy-read-timeout: "360" 69 | nginx.ingress.kubernetes.io/load-balance: "ewma" 70 | spec: 71 | ingressClassName: nginx 72 | rules: 73 | - http: 74 | paths: 75 | - path: /\.applicationserver/(info|kernel/stats) 76 | pathType: ImplementationSpecific 77 | backend: 78 | service: 79 | name: active-web-elements-server-info 80 | port: 81 | number: 8082 82 | -------------------------------------------------------------------------------- /Documentation/Architecture/images/usecase.drawio: -------------------------------------------------------------------------------- 1 | 7V1Rl5o4FP41PrZHSAB9nHFm2tPtnjO7c3q27RsjGWWLxMXo6P76TSQRSIiiInF2Mg+tuQSEfN/9cm9IYg+MZutPWTif/o4jlPTcfrTugbue6wYBoP8ywyY3eH0nN0yyOMpNJcNT/C/ixj63LuMILSoVCcYJiedV4xinKRqTii3MMvxarfaCk+q3zsMJUgxP4zBRrX/FEZnm1oHXL+yfUTyZim92+vzILBSVuWExDSP8WjKB+x4YZRiT/NNsPUIJazvRLvl5D5qjuxvLUEqanPDz+fnb8/3Db2n4/Y/oxVt/+bKCH/hVVmGy5A/8bYEyfsNkI1qB3vucfVzOkpsxwVkP3K5QRmLaTl/DZ5Q84kVMYpzSKs+YEDwrVbhJ4gk7QPCcWqdkltCCQz/iJUniFI12yPWpkd8PPRettQ/q7JqP0g7hGSLZhlYRnOMNzhnnAF5+LfATpmkJOp/bQs6Yye7CRaPSD7xdj2hjV2njO7RCCZ7/zxra9Qw3NFAa+hMi1HCfRnMcp2ShNDe9KBUSWrh9ncYEPc3DMTvySqWs2oQvOCUP4SxO2LN+RskKsSbnB7hqOS4vj3DCkKNfAPrbP2oPOThj2raIwbogGf6F6qq+xElSsr9s/9pBzPGrkA1UxBy3BjJ4KcigBrI/0QIvMwqGRUxSM2gaMuApmKkoRbQT5UWckSme4DRM7gvrbYaXaYQiLkZFna+YqdcWwb8RIRuOVLgkuIpvFC6m2/OdvdDkR0TXzfCmDZ9tvvMv3hZ+sMJHTxTv1uWDd5uKYLIn2w8lbYicuvom5C1IwmyCyL6mBvXcyFASknhVvZE6oLen3mRZuClVKLSQX/mRGQrKAYlySmBxoL7ocAuS5XdQUG73KKezUCVhLhxPKFvFVjcU3XD7pnUDqlr/tnRjHZPv/Dz2uaQatFSIBisIzbgCrfGbak1wFVozOE5r3C60xleIe4cSRJCVG73c+KblJlBAe1zaDkKPGHBMIwZVP3tbHYR5sR80FfvhNYg9OFLsQRdiP1B1IyTjqVUOvXIY1/qhihleMCI9huNfbIDXQlaFzDMOmeht6oIqi1o9atA8aur7gjyqspBpHM18VKV2aO8iqjolXW8xEnPchqEYdNsIxZTYCTrDj8PiLxh6VV4CiW/5ffKLFJQ7N8SD4LgQDw46CPEENmq8YEM8Tc9jXMacJslhGt2wV/60lOIUVZEpdKSQjh8V5dDoyEFtVDWrTR1pKCNePZ4lvLwauITtTLHZTXoQoz8yDfLHVNRFvVDQ/xg4fT8YOM7A92DgV67rDC+jWjsqb6r0196mXH+4v767v/6FVE4dAbsWjxF9c9EfNxpMp4VHlMW0YZgy3tXHCwZ8D16T7yk+coTvVZ34QiHC2c52IKRQnK2LUSOnSZRtna0FZ9O8En9rzjY40GNeibMFx/la0IGrueoYxKmudmRG2bmrlaL70UibIbfohE2T1oFRJwSS7zinOuHwNCdsjclqHmqZ3DGTNbMeumGyNCgDgpZCN9jvmMjqzNsjiXylhLyCV7pNieybjYskJrcVF0G3YyY3maRmRpKP4m1r3mKAyUaHsqSQ4HRJli4EL5VNy8HQgTkVSn23i5C9yZRxG+hc1KvMDlK51f4Bnhqyu1ICDrsO2dt7DWGZfCKTzY4AAYnJcoDSmMmOxGSvYya393rAMvlEJmtmYXbEZNgWk13DTG5v7N0y+UQm52JmjMqeRGU52G5MZSk6hvJa5UtTWZ3JaqncNZU1U2M6orIvUfnUqRS7wWxxITmTvTCVhSdZKhuksmuUyoFEZTkuaExlT6LyoGMqq8Pbu7nqdqMCMZNTGrl1jE8ZBHvWbYotQSxsMmzG1xgA3cpN62oazFzzrlazam5JrJ/twcy8n9WsmuMrHa2naVC7gkXSalgtULO+pkPNuK/BmnVz+YoT62oa0MwvOYGuDjTraTrQzHtak6lI17zc8W3uMtR4RzPNNKUzhxrkaRvK2oWmQw1AGrNwG86k63yPtS7WSUK7098BvzjMd81M6XP5LmcT8ohYY74POuK7V3/D2vvaX/9CfG/ySvya+f42+46mmxZBzTvGM30JOPVSfLwvSdO5L7VaFUizvQ9uo7S//oV8qcmbTOtL5rad0AT25zqTNBfk5LU5UJpR7jR853O0M8mTVw5tWLG//mWcyVMz0Z7rJ4Tnhz328weC1P4/S/aLArcFvUumkvcJI7vAh8XWf25oBac/X2+rFif5E/5/OGNZbKKW4nScLCO0M1ZPECV+4kN+y+KqkibQXJRUXbjqtfw9cTmn5SYlI5b3xZ/FUZTocvOq0iRsr/3bcPxrsrXXZc9SYr578VtO4AvnPi/LlrdXqNnLVyTU5SRb7shaS7K9uiTb8vHd8rFm1KdbPtat2rF8fK98rBvv75aPdQMnlo/vlY91rzJa4iMtFr8glYebxc9wgfv/AA== -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Getting Started 2 | 3 | The [Wolfram Application Server (WAS)](https://www.wolfram.com/application-server/) combines the computational power of the Wolfram Engine with the robust containerization technologies available today. It provides a scalable deployment model for your Wolfram-powered web applications. The documentation provided here along with the appropriate license will get you started in no time. 4 | 5 | In order to deploy and use Wolfram Language content, you will need a license file provided by Wolfram Research. Contact your sales representative at [1-800-WOLFRAM](tel:18009653726) to discuss licensing options. 6 | 7 | The Wolfram Application Server runs within Kubernetes. You need to choose your Kubernetes environment. We support deploying the Wolfram Application Server onto Amazon, Azure and your on-premises cluster. 8 | 9 | ## Amazon 10 | Instantiate a cluster in Amazon EKS, check out the following repository (EnvironmentSetup/AWS) and follow the instructions in [README.md](./EnvironmentSetup/AWS/README.md). 11 | 12 | ## Azure 13 | Instantiate a cluster in Azure, check out the following repository (EnvironmentSetup/Azure) and follow the instructions in [README.md](./EnvironmentSetup/Azure/README.md). 14 | 15 | ## On-premises 16 | Contact Wolfram Technical Support for options and documentation. 17 | 18 | # Activation 19 | Obtain a license file from your sales representative. This file needs to be deployed to the WAS as a node file in the conventional location `.Wolfram/Licensing/mathpass`. From a Wolfram Language client load the Wolfram Application Server package (you need do this only once in a Wolfram Language session to enable WAS service functions) 20 | 21 | Needs["WolframApplicationServer`"] 22 | 23 | then evaluate the following code: 24 | 25 | was = ServiceConnect["WolframApplicationServer", "http://"]; 26 | ServiceExecute[was, "DeployNodeFile", 27 | {"Contents"-> File["path/to/mathpass"], "NodeFile" -> ".Wolfram/Licensing/mathpass"}] 28 | 29 | 30 | Alternatively you may use the [node files REST API](Documentation/API/NodeFilesManager.md) to install the license file. 31 | 32 | Restart the application using the [restart API](Documentation/API/Utilities.md) to enable your Wolfram Engines. 33 | 34 | # Development 35 | In your Wolfram Language environment, evaluate `PacletInstall["WolframApplicationServer"]`. The guide page contains documentation links to Wolfram Application Server functions (WolframApplicationServer/guide/WolframApplicationServer). The service page describes the details of a `ServiceConnection` to a Wolfram Application Server (WolframApplicationServer/ref/service/WolframApplicationServer). 36 | 37 | # Additional Documentation 38 | ## API Specifications 39 | * [Utilities.md](Documentation/API/Utilities.md) 40 | * [ResourceManager.md](Documentation/API/ResourceManager.md) 41 | * [NodeFilesManager.md](Documentation/API/NodeFilesManager.md) 42 | * [EndpointManager.md](Documentation/API/EndpointManager.md) 43 | 44 | ## Other 45 | * [WolframApplicationServerArchitecture.md](Documentation/Architecture/WolframApplicationServerArchitecture.md) 46 | * [Configuration.md](./Configuration.md) 47 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/deployments/resource-manager-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: resource-manager-deployment 5 | namespace: was 6 | labels: 7 | app: resource-manager 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: resource-manager 12 | minReadySeconds: 5 13 | strategy: 14 | type: RollingUpdate 15 | rollingUpdate: 16 | maxSurge: 50% 17 | maxUnavailable: 50% 18 | template: 19 | metadata: 20 | labels: 21 | app: resource-manager 22 | spec: 23 | restartPolicy: Always 24 | containers: 25 | - env: 26 | - name: JAVA_OPTS 27 | value: "-Xms1024m -Xmx2048m" 28 | - name: SPRING_PROFILES_ACTIVE 29 | value: docker 30 | - name: LOG_LOCATION 31 | value: /opt/app/logs 32 | - name: RESOURCE_INFO_TOPIC 33 | value: "resource-info" 34 | - name: NODEFILE_INFO_TOPIC 35 | value: "nodefile-info" 36 | - name: KAFKA.BOOTSTRAP-SERVERS 37 | value: kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local:9092 38 | - name: STORAGE_PROVIDER 39 | value: "azure" 40 | - name: SPRING_CLOUD_AZURE_STORAGE_BLOB_ENABLED 41 | value: "true" 42 | - name: SPRING_CLOUD_AZURE_STORAGE_BLOB_ACCOUNT_NAME 43 | value: "STORAGE_ACCOUNT_NAME" 44 | - name: SPRING_CLOUD_AZURE_STORAGE_BLOB_ACCOUNT_KEY 45 | value: "STORAGE_ACCOUNT_KEY" 46 | - name: SPRING_CLOUD_AZURE_STORAGE_BLOB_ENDPOINT 47 | value: "https://SAN.blob.core.windows.net/" 48 | - name: RESOURCEINFO.BUCKET 49 | value: RESOURCEINFO.BUCKETNAME 50 | - name: NODEFILES.BUCKET 51 | value: NODEFILES.BUCKETNAME 52 | image: wolframapplicationserver/resource-manager:1.2.9 53 | name: resource-manager 54 | ports: 55 | - containerPort: 9090 56 | resources: 57 | limits: 58 | cpu: "1000m" 59 | memory: 4Gi 60 | requests: 61 | cpu: "500m" 62 | memory: 2000Mi 63 | readinessProbe: 64 | tcpSocket: 65 | port: 9090 66 | initialDelaySeconds: 10 67 | periodSeconds: 30 68 | livenessProbe: 69 | tcpSocket: 70 | port: 9090 71 | initialDelaySeconds: 30 72 | periodSeconds: 20 73 | volumeMounts: 74 | - mountPath: "/opt/app/logs" 75 | name: resources-logs-storage 76 | initContainers: 77 | - name: init-kafka 78 | image: bash 79 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local 9092 && exit 0 || sleep 3; done; exit 1"] 80 | - name: init-kafka-resources-topic 81 | image: bash 82 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"resource-info\".* ]]; then break; else sleep 5; fi; done" ] 83 | - name: init-kafka-endpoints-topic 84 | image: bash 85 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"endpoint-info\".* ]]; then break; else sleep 5; fi; done" ] 86 | - name: init-kafka-nodefiles-topic 87 | image: bash 88 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"nodefile-info\".* ]]; then break; else sleep 5; fi; done" ] 89 | volumes: 90 | - name: resources-logs-storage 91 | persistentVolumeClaim: 92 | claimName: resources-logs 93 | -------------------------------------------------------------------------------- /Documentation/Architecture/images/CachingWebElements.drawio: -------------------------------------------------------------------------------- 1 | 7V3tc5s4E/9rMvM8H+IBxOvHOC/X3tPr9Zq5aXtfniFGtmkw8gFO7P71JxkJgyRsIAKT9HIzV1iBhHZ/u1qtVvIFuF5tf0n89fI3FMDowtCC7QW4uTAMx3Xx/wlhlxNMz84JiyQMcpJ+INyHPyAlapS6CQOYVh7MEIqycF0lzlAcw1lWoflJgp6rj81RVG117S+gQLif+ZFI/RIG2TKnupZ2oL+D4WLJWtY1WrLy2cOUkC79AD2XSOD2AlwnCGX51Wp7DSPCO8aX/L27mtK7e3373v/6/eryf/b1pfV9C7Xvl4aVt/XkRxvagT/jLMwiGGDqB38HE/ox2Y71kHUkgXHWvWFbaPgeJk/hDF4YdoTrnT7glu0FufozlXzFMltF+ErH5U8wyUIsgasoXMSYlqE1ps7DKLpGEUr2z4O5Rf4jdBRnJXr+h+lplqBHyEpiFOOGppH/AKOpP3tcJGgTB1wpqYoiEMMPTEXOHGc6/m64LcGG8u8XiFYwS3b4EVpq2BQTTCno7fMBYQ4lLUvgMtlzPgX1oqj5IC98QUXWRnyOIL7PMEWbRCa/3/wYo/6oCJUIS46DkYjQHJ0IXUGEt3GwRiHueBcRvn0ttEYnQk80olkC/VUYL0QZFvb1Z1ZDe2wyBJogw6tZFj5hOWlf4IMoxtsIrjBXUrmAf3YdBWeU76f5u48u+rL69fFOf//R/f1qt/z9UpeoKEqIE/mvgsoE6IxNgKC5o3qNbS8W7s+tgfrYBChOcQQB4anWmlxuVhE2voRthaA+EK5+QmmYhYgI7AFlGVrVSrIk6uPy6I//rjOxKhJwTEECuiVKAPQlAHGu8KYFYIgCABOv8jeYPL59AX846w/vwP+X3z4/rdLb6e17mUJYUzZ508KYREf82RJeWDeCoDAPsiqXfcr+GeYjTCRyWYVBQF6fJjANf/gP+6qICdrPNfads6akLVzXJsOCzo3UkIMMMEQjpesSK2UokInoEdyhBOYYFXvcIbYiNnBsRBKlsIZJiHtFhHmDkmyJFij2o08HamvN0tsKyPCqAiqEURaQRD7A6m2u9fqZCjimGo7ViKm609vkR2DqAmaEqac9Yd7KFMMCjIMrEscltAjNHvck/LFfMeFSmximxSjfiB2aaKbDCDdbapnyu135riSpPbGxt+UeE17mJ6THJ2EHg0rUuVbEuIO6ycICCYz8/Uyy3KJMhrS6T3nsp4CLxsHFNfAwphV/XIX5AELrKJssVi17EM3nKcwE7BSd6Q4nU4CTwfrQHURoDXHRNPDTJQzoe7i4JN1WUIDbMPvKgIWvcxB6mkPvDxgkN7vSDY/AAtV6FdDA6gToWoxy2KuCVurw2Ucxqk1c3QBKIGpYHESBVa0i/9ROoBQaM3nzCcyJpx/0QQONFEIV2BtMa8Y+IPEcbTrK6ypcYylTxYBqPiAlxeIGWTjMIBWpgrGpk/HQK8bDMtzWxqNWerSfJ0ekkyOX23rk0mzNVGIWTJ1z723OLIxgrNLfgJdueRo305VFe2Qa3Fs4XRd9gFfHVnt0ZhGIs581SquGcTTmUAN2d1+quKF1eYZSX6psXetdpwbW1WpvXU0gTvdcTY0f5nKuEa/fJw0us9xcRTr/LS9w6FRZbiB6XrmTEPiZfx49qEEv9lC7oFeuVqbRXq1q9aANbjXL7gu3FjfFBQ4xH6VArd0Nxo4nqdcoTRXMc6L6mOF5zeOmPrqgoZhi8+qYys/RgNUsaNjfgrroi2AnZBO9eEbWU6CHxBztiiUFlt7aktYFe2wT9OagtAhINvBYjsMMjy+2rWb2B0wOsb0GhYAzsezSiGFWHSHHmphALFYfI5LrihhgH7WuVIOirmso0xPvrWiJAxw1WsLFSEyjRy0BpjMxuebM6pr4wIohhglUeO+q1aLO6Gv2S/z6qpbZdvulh1rFaOrXEzfbdJUAGfvwE71q8F13opUD8z0iW/D0920Pi+U3sBLAs1GXJWTIXPfevMw3MB/i44iGJUk8GpSpDTLBxs5UQeHtZvOh3pgqySca2zAm9+4Mdd5dxwFRwTCmbClbHMZ0E3fMKQ1jxnDD2L5te4i1bTmmxTl+mqGELL+eL8gqX2xwgbLFhjy3Wx2KT+Zp6E1XERSHWYWFqqZxVdvkU2uFqmq0QhUyJdt1Xt0QBjxQ9QvchnmAZr3gX7bF4g2shfNMBca5mSra0FfPVFM7N1OlATXFqUH9BaK1Yq7PoscKfTBD7VJ5m5RXnYWPXpo4xK8HusbE4bCkNHrsehNgCBtDSq3bTqm0WRaTsqFOjJHNyAa3PdL3+0PG44Z1SYEjALunH3+wb7cHaslRO8SPaXtdoM52ykRwnqmZfQC7H9h7Tkv/rA3mNc6mswW9EwqGUePvSo/RAau+U7on7VTtd3HPs+86aFX+BWp1rC6XJKk9TWOeYD3qoIHFNqx/NfAVaKDebMKtRAMBOwqkbw2knWqqgey7+tVAWaDX9ldkL2n8kO53xiP0yNPwG5u1hCjqKywOVbkruYphPEdvXntfjboVO+GGULdib2PP6sY61VTd2Hf1q27iEgDNJD7oyTm8yiEyKIHX0z6NYwl9I8m0FDYTmtzMp2OmpcWvcZF6tVK9nCc7gkxLIGYFKlYBGkBoqQHBXUg6Uk0VmHhWNWJgWOowLKTHnMyr0c8KYpvLLCvqbR3H5lHLb1AaFqbSUyJkuau5b4Nr9skMZOknKV1fsP/ekGMpp5tsTl5kt8wHYm+maz+uIJs9OMuxeUVktHj4D+YO/miN/fPf3LciiL2c+6sw2uWPLmH0BIk2lMrz4yNIqW6st+WCvFFSEqNk5UelsmcaOySFxDfYl0Qwwxi+xN88I+epCW+SozAuqYtDyooDMFhZGAd7xJNCjX3LviRL/Did47pYrTRgqj2jJKi2WLz4UCjyJcctg2TSEEZh40cvLMazIEzXkU/5FcZRyFqaR8jPuOYFsVlTGKX5OSC5ADGSchkyuXKGih4P8rwMM3iPu0HIz4nPHcxSaxCaR4ZdwE2YJGnJVk/L8B/j2a+zm7+i+W36Y/V0c/O3Zt5IDrl5NXvPX7KEyQWBzZekIwvDgYCQIRbiDd5Tsb2JZtZHYVXGgy3XlrTdaIzpYPalOK51TkqT12y3fnHwV4GPUuOzd4oM1UyLO/o6L0AycWGKXW/973gSznbp6sIIFQ3rwkixLO7mp1jOsMzQZgx+dg2GPUshimllw+PY0AfDMR7YJ3rZSrtqYH2q3hGgnC2AizBfI0Tejv3Vecy1FI2u2WV7dhOloTUP7nzsZ50sm30AqOvmxCsvC3cMnQhQP1HvGKAuJgoxqJNfTxgNxoHb3uI2wzit+TwYH24jtm5ZE37bRmfPRFLXGLBs1GF5toSzx3SzGq974gCF7gmtbHj3ZEibreHJhCI8y+oaA57F1DiK5xUR3bmmjFLI2Xpf9pnWfBb7POS00TUnDdPRTttnSV0jiH+LeQHKfxlJ2q4YSPQl+7VLB2bfJcS/7xB0Pdrt5kf1GlwkVnLqhi0LxRYHxSuPxbY8BKyJ7aHWRd3O3rIxaaD99bI6EhNVdqSCIGPTU6avQmOuc6KxzhFQkoJT/Hxa/vjhN+jA7T8= -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/deployments/resource-manager-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: resource-manager-deployment 5 | namespace: was 6 | labels: 7 | app: resource-manager 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: resource-manager 12 | minReadySeconds: 5 13 | strategy: 14 | type: RollingUpdate 15 | rollingUpdate: 16 | maxSurge: 50% 17 | maxUnavailable: 50% 18 | template: 19 | metadata: 20 | labels: 21 | app: resource-manager 22 | spec: 23 | restartPolicy: Always 24 | containers: 25 | - env: 26 | - name: JAVA_OPTS 27 | value: "-Xms1024m -Xmx2048m" 28 | - name: SPRING_PROFILES_ACTIVE 29 | value: docker 30 | - name: LOG_LOCATION 31 | value: /opt/app/logs 32 | - name: RESOURCE_INFO_TOPIC 33 | value: "resource-info" 34 | - name: NODEFILE_INFO_TOPIC 35 | value: "nodefile-info" 36 | - name: KAFKA.BOOTSTRAP-SERVERS 37 | value: kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local:9092 38 | - name: STORAGE_PROVIDER 39 | value: "s3" 40 | - name: SPRING_CLOUD_AWS_S3_ENABLED 41 | value: "true" 42 | - name: SPRING_CLOUD_AWS_S3_ENDPOINT 43 | value: 44 | - name: SPRING_CLOUD_AWS_S3_REGION 45 | value: 46 | - name: SPRING_CLOUD_AWS_CREDENTIALS_ACCESS_KEY 47 | value: 48 | - name: SPRING_CLOUD_AWS_CREDENTIALS_SECRET_KEY 49 | value: 50 | - name: RESOURCEINFO.BUCKET 51 | value: 52 | - name: NODEFILES.BUCKET 53 | value: 54 | - name: RESOURCE.BUCKET.REGION 55 | value: 56 | - name: NODEFILES.BUCKET.REGION 57 | value: 58 | image: wolframapplicationserver/resource-manager:1.2.9 59 | name: resource-manager 60 | ports: 61 | - containerPort: 9090 62 | resources: 63 | limits: 64 | cpu: "1000m" 65 | memory: 4Gi 66 | requests: 67 | cpu: "500m" 68 | memory: 2000Mi 69 | readinessProbe: 70 | tcpSocket: 71 | port: 9090 72 | initialDelaySeconds: 5 73 | periodSeconds: 10 74 | livenessProbe: 75 | tcpSocket: 76 | port: 9090 77 | initialDelaySeconds: 15 78 | periodSeconds: 20 79 | volumeMounts: 80 | - mountPath: "/opt/app/logs" 81 | name: resources-logs-storage 82 | initContainers: 83 | - name: init-kafka 84 | image: bash 85 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local 9092 && exit 0 || sleep 3; done; exit 1"] 86 | - name: init-kafka-resources-topic 87 | image: bash 88 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"resource-info\".* ]]; then break; else sleep 5; fi; done" ] 89 | - name: init-kafka-endpoints-topic 90 | image: bash 91 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"endpoint-info\".* ]]; then break; else sleep 5; fi; done" ] 92 | - name: init-kafka-nodefiles-topic 93 | image: bash 94 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"nodefile-info\".* ]]; then break; else sleep 5; fi; done" ] 95 | volumes: 96 | - name: resources-logs-storage 97 | persistentVolumeClaim: 98 | claimName: resources-logs 99 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/custom-metrics/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for k8s-prometheus-adapter.. 2 | affinity: {} 3 | 4 | image: 5 | repository: directxman12/k8s-prometheus-adapter-amd64 6 | tag: v0.8.4 7 | pullPolicy: IfNotPresent 8 | 9 | logLevel: 10 10 | 11 | metricsRelistInterval: 1m 12 | 13 | listenPort: 6443 14 | 15 | nodeSelector: {} 16 | 17 | priorityClassName: "" 18 | 19 | # Url to access prometheus 20 | prometheus: 21 | # Value is templated 22 | url: http://prometheus-ip-service.monitoring.svc 23 | port: 9090 24 | path: "" 25 | 26 | replicas: 1 27 | 28 | rbac: 29 | # Specifies whether RBAC resources should be created 30 | create: true 31 | 32 | psp: 33 | # Specifies whether PSP resources should be created 34 | create: false 35 | 36 | serviceAccount: 37 | # Specifies whether a service account should be created 38 | create: true 39 | # The name of the service account to use. 40 | # If not set and create is true, a name is generated using the fullname template 41 | name: 42 | # Custom DNS configuration to be added to prometheus-adapter pods 43 | dnsConfig: {} 44 | # nameservers: 45 | # - 1.2.3.4 46 | # searches: 47 | # - ns1.svc.cluster-domain.example 48 | # - my.dns.search.suffix 49 | # options: 50 | # - name: ndots 51 | # value: "2" 52 | # - name: edns0 53 | resources: {} 54 | # requests: 55 | # cpu: 100m 56 | # memory: 128Mi 57 | # limits: 58 | # cpu: 100m 59 | # memory: 128Mi 60 | 61 | rules: 62 | default: true 63 | custom: 64 | - seriesQuery: '{kubernetes_name!="",kubernetes_namespace!=""}' 65 | resources: 66 | overrides: 67 | kubernetes_namespace: 68 | resource: namespace 69 | kubernetes_name: 70 | resource: service 71 | name: 72 | matches: "^com_wolfram_activewebelementsserver_metrics_KernelPoolUsage_(.*)" 73 | as: "" 74 | metricsQuery: 'sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)' 75 | 76 | existing: 77 | external: [] 78 | resource: {} 79 | 80 | service: 81 | annotations: {} 82 | port: 443 83 | type: ClusterIP 84 | 85 | tls: 86 | enable: false 87 | ca: |- 88 | # Public CA file that signed the APIService 89 | key: |- 90 | # Private key of the APIService 91 | certificate: |- 92 | # Public key of the APIService 93 | 94 | # Any extra arguments 95 | extraArguments: [] 96 | # - --tls-private-key-file=/etc/tls/tls.key 97 | # - --tls-cert-file=/etc/tls/tls.crt 98 | 99 | # Any extra volumes 100 | extraVolumes: [] 101 | # - name: example-name 102 | # hostPath: 103 | # path: /path/on/host 104 | # type: DirectoryOrCreate 105 | # - name: ssl-certs 106 | # hostPath: 107 | # path: /etc/ssl/certs/ca-bundle.crt 108 | # type: File 109 | 110 | # Any extra volume mounts 111 | extraVolumeMounts: [] 112 | # - name: example-name 113 | # mountPath: /path/in/container 114 | # - name: ssl-certs 115 | # mountPath: /etc/ssl/certs/ca-certificates.crt 116 | # readOnly: true 117 | 118 | tolerations: [] 119 | 120 | # Labels added to the pod 121 | podLabels: {} 122 | 123 | # Annotations added to the pod 124 | podAnnotations: {} 125 | 126 | hostNetwork: 127 | # Specifies if prometheus-adapter should be started in hostNetwork mode. 128 | # 129 | # You would require this enabled if you use alternate overlay networking for pods and 130 | # API server unable to communicate with metrics-server. As an example, this is required 131 | # if you use Weave network on EKS. See also dnsPolicy 132 | enabled: false 133 | 134 | # When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet 135 | # dnsPolicy: ClusterFirstWithHostNet 136 | 137 | podDisruptionBudget: 138 | # Specifies if PodDisruptionBudget should be enabled 139 | # When enabled, minAvailable or maxUnavailable should also be defined. 140 | enabled: false 141 | minAvailable: 142 | maxUnavailable: 1 143 | 144 | certManager: 145 | enabled: false 146 | caCertDuration: 43800h 147 | certDuration: 8760h 148 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/custom-metrics/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for k8s-prometheus-adapter.. 2 | affinity: {} 3 | 4 | image: 5 | repository: directxman12/k8s-prometheus-adapter-amd64 6 | tag: v0.8.4 7 | pullPolicy: IfNotPresent 8 | 9 | logLevel: 10 10 | 11 | metricsRelistInterval: 1m 12 | 13 | listenPort: 6443 14 | 15 | nodeSelector: {} 16 | 17 | priorityClassName: "" 18 | 19 | # Url to access prometheus 20 | prometheus: 21 | # Value is templated 22 | url: http://prometheus-ip-service.monitoring.svc 23 | port: 9090 24 | path: "" 25 | 26 | replicas: 1 27 | 28 | rbac: 29 | # Specifies whether RBAC resources should be created 30 | create: true 31 | 32 | psp: 33 | # Specifies whether PSP resources should be created 34 | create: false 35 | 36 | serviceAccount: 37 | # Specifies whether a service account should be created 38 | create: true 39 | # The name of the service account to use. 40 | # If not set and create is true, a name is generated using the fullname template 41 | name: 42 | # Custom DNS configuration to be added to prometheus-adapter pods 43 | dnsConfig: {} 44 | # nameservers: 45 | # - 1.2.3.4 46 | # searches: 47 | # - ns1.svc.cluster-domain.example 48 | # - my.dns.search.suffix 49 | # options: 50 | # - name: ndots 51 | # value: "2" 52 | # - name: edns0 53 | resources: {} 54 | # requests: 55 | # cpu: 100m 56 | # memory: 128Mi 57 | # limits: 58 | # cpu: 100m 59 | # memory: 128Mi 60 | 61 | rules: 62 | default: true 63 | custom: 64 | - seriesQuery: '{kubernetes_name!="",kubernetes_namespace!=""}' 65 | resources: 66 | overrides: 67 | kubernetes_namespace: 68 | resource: namespace 69 | kubernetes_name: 70 | resource: service 71 | name: 72 | matches: "^com_wolfram_activewebelementsserver_metrics_KernelPoolUsage_(.*)" 73 | as: "" 74 | metricsQuery: 'sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)' 75 | 76 | existing: 77 | external: [] 78 | resource: {} 79 | 80 | service: 81 | annotations: {} 82 | port: 443 83 | type: ClusterIP 84 | 85 | tls: 86 | enable: false 87 | ca: |- 88 | # Public CA file that signed the APIService 89 | key: |- 90 | # Private key of the APIService 91 | certificate: |- 92 | # Public key of the APIService 93 | 94 | # Any extra arguments 95 | extraArguments: [] 96 | # - --tls-private-key-file=/etc/tls/tls.key 97 | # - --tls-cert-file=/etc/tls/tls.crt 98 | 99 | # Any extra volumes 100 | extraVolumes: [] 101 | # - name: example-name 102 | # hostPath: 103 | # path: /path/on/host 104 | # type: DirectoryOrCreate 105 | # - name: ssl-certs 106 | # hostPath: 107 | # path: /etc/ssl/certs/ca-bundle.crt 108 | # type: File 109 | 110 | # Any extra volume mounts 111 | extraVolumeMounts: [] 112 | # - name: example-name 113 | # mountPath: /path/in/container 114 | # - name: ssl-certs 115 | # mountPath: /etc/ssl/certs/ca-certificates.crt 116 | # readOnly: true 117 | 118 | tolerations: [] 119 | 120 | # Labels added to the pod 121 | podLabels: {} 122 | 123 | # Annotations added to the pod 124 | podAnnotations: {} 125 | 126 | hostNetwork: 127 | # Specifies if prometheus-adapter should be started in hostNetwork mode. 128 | # 129 | # You would require this enabled if you use alternate overlay networking for pods and 130 | # API server unable to communicate with metrics-server. As an example, this is required 131 | # if you use Weave network on EKS. See also dnsPolicy 132 | enabled: false 133 | 134 | # When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet 135 | # dnsPolicy: ClusterFirstWithHostNet 136 | 137 | podDisruptionBudget: 138 | # Specifies if PodDisruptionBudget should be enabled 139 | # When enabled, minAvailable or maxUnavailable should also be defined. 140 | enabled: false 141 | minAvailable: 142 | maxUnavailable: 1 143 | 144 | certManager: 145 | enabled: false 146 | caCertDuration: 43800h 147 | certDuration: 8760h 148 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/deployments/endpoint-manager-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: awesrestartpods 6 | subjects: 7 | - kind: ServiceAccount 8 | name: awesrestartpods 9 | namespace: was 10 | roleRef: 11 | kind: Role 12 | name: awesrestartpods 13 | apiGroup: rbac.authorization.k8s.io 14 | --- 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: awesrestartpods 19 | namespace: was 20 | labels: 21 | k8s-app: was-awes 22 | rules: 23 | - apiGroups: ["apps"] 24 | resources: 25 | - deployments 26 | verbs: 27 | - patch 28 | - get 29 | --- 30 | apiVersion: v1 31 | kind: ServiceAccount 32 | metadata: 33 | name: awesrestartpods 34 | namespace: was 35 | labels: 36 | k8s-app: was-awes 37 | --- 38 | apiVersion: apps/v1 39 | kind: Deployment 40 | metadata: 41 | name: endpoint-manager-deployment 42 | namespace: was 43 | labels: 44 | app: endpoint-manager 45 | spec: 46 | selector: 47 | matchLabels: 48 | app: endpoint-manager 49 | minReadySeconds: 5 50 | strategy: 51 | type: RollingUpdate 52 | rollingUpdate: 53 | maxSurge: 50% 54 | maxUnavailable: 50% 55 | template: 56 | metadata: 57 | labels: 58 | app: endpoint-manager 59 | spec: 60 | serviceAccountName: awesrestartpods 61 | restartPolicy: Always 62 | containers: 63 | - env: 64 | - name: SPRING_PROFILES_ACTIVE 65 | value: docker 66 | - name: LOG_LOCATION 67 | value: /opt/app/logs 68 | - name: KAFKA.BOOTSTRAP-SERVERS 69 | value: kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local:9092 70 | - name : ENDPOINT_INFO_TOPIC 71 | value: "endpoint-info" 72 | - name : RESOURCE_INFO_TOPIC 73 | value: "resource-info" 74 | image: wolframapplicationserver/endpoint-manager:1.2.8 75 | name: endpoint-manager 76 | ports: 77 | - containerPort: 8085 78 | resources: 79 | limits: 80 | cpu: "1000m" 81 | memory: 1Gi 82 | requests: 83 | cpu: "500m" 84 | memory: 500Mi 85 | readinessProbe: 86 | tcpSocket: 87 | port: 8085 88 | initialDelaySeconds: 5 89 | periodSeconds: 10 90 | livenessProbe: 91 | tcpSocket: 92 | port: 8085 93 | initialDelaySeconds: 15 94 | periodSeconds: 20 95 | volumeMounts: 96 | - mountPath: "/opt/app/logs" 97 | name: endpoint-logs-storage 98 | initContainers: 99 | - name: init-kafka 100 | image: bash 101 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local 9092 && exit 0 || sleep 3; done; exit 1"] 102 | - name: init-kafka-resources-topic 103 | image: bash 104 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"resource-info\".* ]]; then break; else sleep 5; fi; done" ] 105 | - name: init-kafka-endpoints-topic 106 | image: bash 107 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"endpoint-info\".* ]]; then break; else sleep 5; fi; done" ] 108 | - name: init-kafka-nodefiles-topic 109 | image: bash 110 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"nodefile-info\".* ]]; then break; else sleep 5; fi; done" ] 111 | - name: init-resource-manager 112 | image: bash 113 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 resource-manager 9090 && exit 0 || sleep 3; done; exit 1"] 114 | volumes: 115 | - name: endpoint-logs-storage 116 | persistentVolumeClaim: 117 | claimName: endpoint-logs 118 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/deployments/endpoint-manager-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: awesrestartpods 6 | subjects: 7 | - kind: ServiceAccount 8 | name: awesrestartpods 9 | namespace: was 10 | roleRef: 11 | kind: Role 12 | name: awesrestartpods 13 | apiGroup: rbac.authorization.k8s.io 14 | --- 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: awesrestartpods 19 | namespace: was 20 | labels: 21 | k8s-app: was-awes 22 | rules: 23 | - apiGroups: ["apps"] 24 | resources: 25 | - deployments 26 | verbs: 27 | - patch 28 | - get 29 | --- 30 | apiVersion: v1 31 | kind: ServiceAccount 32 | metadata: 33 | name: awesrestartpods 34 | namespace: was 35 | labels: 36 | k8s-app: was-awes 37 | --- 38 | apiVersion: apps/v1 39 | kind: Deployment 40 | metadata: 41 | name: endpoint-manager-deployment 42 | namespace: was 43 | labels: 44 | app: endpoint-manager 45 | spec: 46 | selector: 47 | matchLabels: 48 | app: endpoint-manager 49 | minReadySeconds: 5 50 | strategy: 51 | type: RollingUpdate 52 | rollingUpdate: 53 | maxSurge: 50% 54 | maxUnavailable: 50% 55 | template: 56 | metadata: 57 | labels: 58 | app: endpoint-manager 59 | spec: 60 | serviceAccountName: awesrestartpods 61 | restartPolicy: Always 62 | containers: 63 | - env: 64 | - name: SPRING_PROFILES_ACTIVE 65 | value: docker 66 | - name: LOG_LOCATION 67 | value: /opt/app/logs 68 | - name: RESOURCE_INFO_TOPIC 69 | value: "resource-info" 70 | - name: ENDPOINT_INFO_TOPIC 71 | value: "endpoint-info" 72 | - name: KAFKA.BOOTSTRAP-SERVERS 73 | value: kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local:9092 74 | image: wolframapplicationserver/endpoint-manager:1.2.8 75 | name: endpoint-manager 76 | ports: 77 | - containerPort: 8085 78 | resources: 79 | limits: 80 | cpu: "1000m" 81 | memory: 1Gi 82 | requests: 83 | cpu: "500m" 84 | memory: 500Mi 85 | readinessProbe: 86 | tcpSocket: 87 | port: 8085 88 | initialDelaySeconds: 5 89 | periodSeconds: 10 90 | livenessProbe: 91 | tcpSocket: 92 | port: 8085 93 | initialDelaySeconds: 15 94 | periodSeconds: 20 95 | volumeMounts: 96 | - mountPath: "/opt/app/logs" 97 | name: endpoint-logs-storage 98 | initContainers: 99 | - name: init-kafka 100 | image: bash 101 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local 9092 && exit 0 || sleep 3; done; exit 1"] 102 | - name: init-kafka-resources-topic 103 | image: bash 104 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"resource-info\".* ]]; then break; else sleep 5; fi; done" ] 105 | - name: init-kafka-endpoints-topic 106 | image: bash 107 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"endpoint-info\".* ]]; then break; else sleep 5; fi; done" ] 108 | - name: init-kafka-nodefiles-topic 109 | image: bash 110 | command: ["bash", "-c", "apk --update add curl; set -x; while true; do response=$(curl -s kafka-bridge-service.kafka.svc.cluster.local:9092/topics); if [[ ${response} =~ .*\"nodefile-info\".* ]]; then break; else sleep 5; fi; done" ] 111 | - name: init-resource-manager 112 | image: bash 113 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 resource-manager 9090 && exit 0 || sleep 3; done; exit 1"] 114 | volumes: 115 | - name: endpoint-logs-storage 116 | persistentVolumeClaim: 117 | claimName: endpoint-logs 118 | -------------------------------------------------------------------------------- /Documentation/API/Utilities.md: -------------------------------------------------------------------------------- 1 | # WAS Utility APIs 2 | 3 | These APIs provide general information about the Wolfram Application Server instance and offer administrative services. 4 | 5 | ## Information [.applicationserver/info] 6 | 7 | ### Retrieve Server Information [GET] 8 | 9 | Use this to retrieve general information about the Wolfram Application Server cluster. 10 | 11 | * Request 12 | 13 | GET /.applicationserver/info 14 | Example: 15 | 16 | GET "http://applicationserver.wolfram.com/.applicationserver/info" 17 | 18 | * Response 200 (application/json) 19 | 20 | * Example: 21 | 22 | { 23 | "resourceManager": "http://resources.applicationserver.wolfram.com", 24 | "endpointManager": "http://endpoints.applicationserver.wolfram.com", 25 | "nodefileManager": "http://nodefiles.applicationserver.wolfram.com", 26 | "canonicalBaseURL": "http://applicationserver.wolfram.com", 27 | "restartURL": "http://applicationserver.wolfram.com/.applicationserver/kernel/restart", 28 | "wasVersion": "3.0", 29 | "wolframEngineVersion": "13." 30 | } 31 | 32 | ## Restart Container [GET] 33 | 34 | ### Restart [.applicationserver/kernel/restart] 35 | 36 | Use this to initiate a rolling restart of the Active Web Element Server instances (other services will not be affected). The API uses basic authentication and requires a username and password (set during cluster initiation). It returns a success message string. 37 | 38 | * Request 39 | 40 | GET /.applicationserver/kernel/restart 41 | Example: 42 | 43 | GET "http://applicationserver.wolfram.com/.applicationserver/kernel/restart" 44 | 45 | * Response 200 OK 46 | 47 | * Example: 48 | 49 | Container restarted successfully! 50 | * 51 | ## Kernel Initialization Status [GET] 52 | 53 | ### Kernel Readiness [.applicationserver/kernel/readiness] 54 | 55 | Use this API to get the kernel initialization status. If all kernels fully initialized the API will return "Kernels fully initialized" message with 200 status code. 56 | 57 | * Request 58 | 59 | GET /.applicationserver/kernel/readiness 60 | Example: 61 | 62 | GET "http://applicationserver.wolfram.com/.applicationserver/kernel/readiness" 63 | 64 | * Response 200 OK 65 | 66 | * Example: 67 | 68 | Kernels fully initialized 69 | 70 | ## Kernel Pool Status [GET] 71 | 72 | ### Information about kernels in the kernel pool [.applicationserver/kernel/stats] 73 | 74 | Use this API to get information about the kernels in a kernel pool. 75 | 76 | * Request 77 | 78 | GET /.applicationserver/kernel/stats 79 | Example: 80 | 81 | GET "http://applicationserver.wolfram.com/.applicationserver/kernel/stats" 82 | 83 | * Response 200 OK 84 | 85 | * Example: 86 | 87 | [ 88 | { 89 | "poolName":"MSP", 90 | "note":null, 91 | "acquiredKernelPercentage":0.0, 92 | "numberWaitingForKernels":0, 93 | "configuredKernelCount":2, 94 | "liveKernelCount":2 95 | }, 96 | { 97 | "poolName":"Public", 98 | "note":null, 99 | "acquiredKernelPercentage":50.0, 100 | "numberWaitingForKernels":0, 101 | "configuredKernelCount":2, 102 | "liveKernelCount":2 103 | } 104 | ] 105 | 106 | * Optional query parameter 107 | * `pool={name,...}`: restrict to a particular kernel pool 108 | * Example: `GET "http://applicationserver.wolfram.com/.applicationserver/kernel/stats?pool=Public"` 109 | * Response 200 OK 110 | 111 | [ 112 | { 113 | "poolName":"Public", 114 | "note":null, 115 | "acquiredKernelPercentage":50.0, 116 | "numberWaitingForKernels":0, 117 | "configuredKernelCount":2, 118 | "liveKernelCount":2 119 | } 120 | ] 121 | 122 | * Optional query parameter 123 | * `require-running-kernels=true` (defaults to `false`): if `true` and the number of 124 | kernels in a pool, including leased kernels, (`liveKernelCount`) is 0 then 125 | the endpoint returns Response 500 Internal Server Error 126 | unless the `configuredKernelCount` for that pool is also 0. 127 | 128 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/deployments/active-web-elements-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: active-web-elements-server-deployment 5 | namespace: was 6 | labels: 7 | app: active-web-elements-server 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: active-web-elements-server 12 | minReadySeconds: 5 13 | strategy: 14 | type: RollingUpdate 15 | rollingUpdate: 16 | maxSurge: 50% 17 | maxUnavailable: 50% 18 | template: 19 | metadata: 20 | labels: 21 | app: active-web-elements-server 22 | spec: 23 | restartPolicy: Always 24 | containers: 25 | - env: 26 | - name: SPRING_PROFILES_ACTIVE 27 | value: docker 28 | - name: LOG_LOCATION 29 | value: /opt/app/logs 30 | - name: APPLICATIONSERVER_CACHEDIRECTORY 31 | value: /tmp/.wolframcache 32 | - name: KAFKA.BOOTSTRAP-SERVERS 33 | value: kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local:9092 34 | - name: API_REQUEST_TOPIC 35 | value: "api-request" 36 | - name: RESOURCE_INFO_TOPIC 37 | value: "resource-info" 38 | - name: NODEFILE_INFO_TOPIC 39 | value: "nodefile-info" 40 | - name: ENDPOINT_INFO_TOPIC 41 | value: "endpoint-info" 42 | - name: API_RESPONSE_TOPIC 43 | value: "api-response" 44 | - name: applicationserver.nodefiles.cachedirectory 45 | value: /opt/.wolframcache/nodefiles/ 46 | - name: applicationserver.kernelinitializationfile.name 47 | value: init.m 48 | - name: poolconfiguration_kernelpool_0__KernelNumber 49 | value: "2" 50 | - name: poolconfiguration_kernelpool_0__KernelPoolName 51 | value: MSP 52 | - name: poolconfiguration_kernelpool_0__JLinkEnabled 53 | value: "true" 54 | - name: poolconfiguration_kernelpool_1__KernelNumber 55 | value: "2" 56 | - name: poolconfiguration_kernelpool_1__KernelPoolName 57 | value: Public 58 | - name: poolconfiguration_kernelpool_1__JLinkEnabled 59 | value: "false" 60 | - name: applicationserver.servername 61 | value: "http://domain.com/" 62 | - name: applicationserver.resourcemanager.url 63 | value: "http://domain.com/resources/" 64 | - name: applicationserver.nodefilesmanager.url 65 | value: "http://domain.com/nodefiles/" 66 | - name: applicationserver.endpointmanager.url 67 | value: "http://domain.com/endpoints/" 68 | - name: applicationserver.restart.url 69 | value: "http://domain.com/.applicationserver/kernel/restart" 70 | image: wolframapplicationserver/active-web-elements-server:3.3.9 71 | name: active-web-elements-server 72 | ports: 73 | - containerPort: 8080 74 | - containerPort: 8181 75 | resources: 76 | limits: 77 | cpu: 3 78 | memory: 6Gi 79 | requests: 80 | cpu: 2 81 | memory: 6Gi 82 | startupProbe: 83 | httpGet: 84 | path: /.applicationserver/kernel/readiness 85 | port: 8080 86 | initialDelaySeconds: 15 87 | periodSeconds: 10 88 | failureThreshold: 100 89 | livenessProbe: 90 | failureThreshold: 3 91 | httpGet: 92 | path: '/.applicationserver/kernel/stats?require-running-kernels=true' 93 | port: 8080 94 | initialDelaySeconds: 20 95 | periodSeconds: 20 96 | successThreshold: 1 97 | timeoutSeconds: 1 98 | volumeMounts: 99 | - mountPath: "/opt/app/logs" 100 | name: awes-logs-storage 101 | initContainers: 102 | - name: init-resource-manager 103 | image: bash 104 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 resource-manager 9090 && exit 0 || sleep 3; done; exit 1"] 105 | - name: init-endpoint-manager 106 | image: bash 107 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 endpoint-manager 8085 && exit 0 || sleep 3; done; exit 1"] 108 | volumes: 109 | - name: awes-logs-storage 110 | persistentVolumeClaim: 111 | claimName: awes-logs 112 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/deployments/active-web-elements-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: active-web-elements-server-deployment 5 | namespace: was 6 | labels: 7 | app: active-web-elements-server 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: active-web-elements-server 12 | minReadySeconds: 5 13 | strategy: 14 | type: RollingUpdate 15 | rollingUpdate: 16 | maxSurge: 50% 17 | maxUnavailable: 50% 18 | template: 19 | metadata: 20 | labels: 21 | app: active-web-elements-server 22 | spec: 23 | restartPolicy: Always 24 | containers: 25 | - env: 26 | - name: SPRING_PROFILES_ACTIVE 27 | value: docker 28 | - name: LOG_LOCATION 29 | value: /opt/app/logs 30 | - name: APPLICATIONSERVER_CACHEDIRECTORY 31 | value: /tmp/.wolframcache 32 | - name: KAFKA.BOOTSTRAP-SERVERS 33 | value: kafka-persistent-kafka-bootstrap.kafka.svc.cluster.local:9092 34 | - name: API_REQUEST_TOPIC 35 | value: "api-request" 36 | - name: RESOURCE_INFO_TOPIC 37 | value: "resource-info" 38 | - name: NODEFILE_INFO_TOPIC 39 | value: "nodefile-info" 40 | - name: ENDPOINT_INFO_TOPIC 41 | value: "endpoint-info" 42 | - name: API_RESPONSE_TOPIC 43 | value: "api-response" 44 | - name: applicationserver.nodefiles.cachedirectory 45 | value: /opt/.wolframcache/nodefiles/ 46 | - name: applicationserver.kernelinitializationfile.name 47 | value: init.m 48 | - name: poolconfiguration_kernelpool_0__KernelNumber 49 | value: "2" 50 | - name: poolconfiguration_kernelpool_0__KernelPoolName 51 | value: MSP 52 | - name: poolconfiguration_kernelpool_0__JLinkEnabled 53 | value: "true" 54 | - name: poolconfiguration_kernelpool_1__KernelNumber 55 | value: "2" 56 | - name: poolconfiguration_kernelpool_1__KernelPoolName 57 | value: Public 58 | - name: poolconfiguration_kernelpool_1__JLinkEnabled 59 | value: "false" 60 | - name: applicationserver.servername 61 | value: "http://domain.com/" 62 | - name: applicationserver.resourcemanager.url 63 | value: "http://domain.com/resources/" 64 | - name: applicationserver.nodefilesmanager.url 65 | value: "http://domain.com/nodefiles/" 66 | - name: applicationserver.endpointmanager.url 67 | value: "http://domain.com/endpoints/" 68 | - name: applicationserver.restart.url 69 | value: "http://domain.com/.applicationserver/kernel/restart" 70 | image: wolframapplicationserver/active-web-elements-server:3.3.9 71 | name: active-web-elements-server 72 | ports: 73 | - containerPort: 8080 74 | - containerPort: 8181 75 | resources: 76 | limits: 77 | cpu: 3 78 | memory: 6Gi 79 | requests: 80 | cpu: 2 81 | memory: 6Gi 82 | startupProbe: 83 | httpGet: 84 | path: /.applicationserver/kernel/readiness 85 | port: 8080 86 | initialDelaySeconds: 15 87 | periodSeconds: 10 88 | failureThreshold: 100 89 | livenessProbe: 90 | failureThreshold: 3 91 | httpGet: 92 | path: '/.applicationserver/kernel/stats?require-running-kernels=true' 93 | port: 8080 94 | initialDelaySeconds: 20 95 | periodSeconds: 20 96 | successThreshold: 1 97 | timeoutSeconds: 1 98 | volumeMounts: 99 | - mountPath: "/opt/app/logs" 100 | name: awes-logs-storage 101 | initContainers: 102 | - name: init-resource-manager 103 | image: bash 104 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 resource-manager 9090 && exit 0 || sleep 3; done; exit 1"] 105 | - name: init-endpoint-manager 106 | image: bash 107 | command: ["bash", "-c", "for i in $(seq 1 3000); do nc -zvw1 endpoint-manager 8085 && exit 0 || sleep 3; done; exit 1"] 108 | volumes: 109 | - name: awes-logs-storage 110 | persistentVolumeClaim: 111 | claimName: awes-logs 112 | -------------------------------------------------------------------------------- /.github/workflows/master.yml: -------------------------------------------------------------------------------- 1 | name: File Validator 2 | on: 3 | pull_request: 4 | branches: 5 | - master 6 | env: 7 | AWS_DIRS: | 8 | EnvironmentSetup/AWS/Source/deployments/ 9 | EnvironmentSetup/AWS/Source/hpa/ 10 | EnvironmentSetup/AWS/Source/ingress/ 11 | EnvironmentSetup/AWS/Source/namespace/ 12 | EnvironmentSetup/AWS/Source/pvc/ 13 | EnvironmentSetup/AWS/Source/services/ 14 | EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/ 15 | AZURE_DIRS: | 16 | EnvironmentSetup/Azure/Source/deployments/ 17 | EnvironmentSetup/Azure/Source/hpa/ 18 | EnvironmentSetup/Azure/Source/ingress/ 19 | EnvironmentSetup/Azure/Source/namespace/ 20 | EnvironmentSetup/Azure/Source/pvc/ 21 | EnvironmentSetup/Azure/Source/services/ 22 | EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/ 23 | jobs: 24 | terraform-validation: 25 | runs-on: ubuntu-latest 26 | name: Validate Terraform 27 | steps: 28 | - name: Checkout 29 | uses: actions/checkout@v3 30 | 31 | - name: terraform-aws-validate 32 | uses: dflook/terraform-validate@v1 33 | id: terraform-aws-validate 34 | with: 35 | path: EnvironmentSetup/AWS/Source/terraform 36 | - name: terraform-azure-validate 37 | uses: dflook/terraform-validate@v1 38 | id: terraform-azure-validate 39 | with: 40 | path: EnvironmentSetup/Azure/Source/terraform 41 | - name: Validate failed 42 | if: ${{ failure() && steps.validate.outputs.failure-reason == 'validate-failed' }} 43 | run: echo "terraform validate failed" 44 | kubernetes-validation: 45 | runs-on: ubuntu-latest 46 | name: Validate Kubernetes Manifests 47 | steps: 48 | - name: Checkout 49 | uses: actions/checkout@v3 50 | - name: Install kubeconform 51 | run: | 52 | curl -L -o kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v0.6.3/kubeconform-linux-amd64.tar.gz 53 | tar -xvf kubeconform.tar.gz 54 | chmod +x kubeconform 55 | mv kubeconform /usr/local/bin/ 56 | - name: String manipulation 57 | id: replace-to-spaces 58 | run: | 59 | ENDLINE_REMOVED_AWS_DIRS="${AWS_DIRS//[$'\n']/$' '}" 60 | ENDLINE_REMOVED_AZURE_DIRS="${AZURE_DIRS//[$'\n']/$' '}" 61 | echo "endline-removed-aws-dirs=$ENDLINE_REMOVED_AWS_DIRS" >> $GITHUB_OUTPUT 62 | echo "endline-removed-azure-dirs=$ENDLINE_REMOVED_AZURE_DIRS" >> $GITHUB_OUTPUT 63 | - name: Validate AWS Kubernetes manifests 64 | run: | 65 | kubeconform -summary -strict -ignore-missing-schemas ${{ steps.replace-to-spaces.outputs.endline-removed-aws-dirs }} 66 | - name: Validate Azure Kubernetes manifests 67 | run: | 68 | kubeconform -summary -strict -ignore-missing-schemas ${{ steps.replace-to-spaces.outputs.endline-removed-azure-dirs }} 69 | image-validation: 70 | runs-on: ubuntu-latest 71 | name: Validate Images 72 | steps: 73 | - name: Checkout code 74 | uses: actions/checkout@v3 75 | - name: Install yq 76 | run: | 77 | curl -LO "https://github.com/mikefarah/yq/releases/download/v4.12.0/yq_linux_amd64" 78 | chmod +x yq_linux_amd64 79 | sudo mv yq_linux_amd64 /usr/local/bin/yq 80 | shell: bash 81 | - name: Validate Images 82 | run: | 83 | if [ -n "$(find "EnvironmentSetup/" -type f -name '*.yaml' -o -name '*.yml')" ]; then 84 | for file in $(find "EnvironmentSetup/" -type f -name '*.yaml' -o -name '*.yml'); do 85 | images=$(yq eval '.spec.template.spec.containers[].image' "$file") 86 | for image in $images; do 87 | if [[ $image == "---" || $image == "null" ]]; then 88 | continue 89 | fi 90 | exists=$(docker manifest inspect $image > /dev/null ; echo $?) 91 | if [ "$exists" -ne 0 ]; then 92 | echo "Image $image does not exist on Docker Hub." 93 | exit 1 94 | else 95 | echo "$file::$image OK" 96 | fi 97 | done 98 | done 99 | fi 100 | working-directory: ${{ github.workspace }} -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/047-Crd-kafkaconnector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: kafkaconnectors.kafka.strimzi.io 5 | labels: 6 | app: strimzi 7 | strimzi.io/crd-install: "true" 8 | spec: 9 | group: kafka.strimzi.io 10 | names: 11 | kind: KafkaConnector 12 | listKind: KafkaConnectorList 13 | singular: kafkaconnector 14 | plural: kafkaconnectors 15 | shortNames: 16 | - kctr 17 | categories: 18 | - strimzi 19 | scope: Namespaced 20 | conversion: 21 | strategy: None 22 | versions: 23 | - name: v1beta2 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | scale: 29 | specReplicasPath: .spec.tasksMax 30 | statusReplicasPath: .status.tasksMax 31 | additionalPrinterColumns: 32 | - name: Cluster 33 | description: The name of the Kafka Connect cluster this connector belongs to 34 | jsonPath: .metadata.labels.strimzi\.io/cluster 35 | type: string 36 | - name: Connector class 37 | description: The class used by this connector 38 | jsonPath: .spec.class 39 | type: string 40 | - name: Max Tasks 41 | description: Maximum number of tasks 42 | jsonPath: .spec.tasksMax 43 | type: integer 44 | - name: Ready 45 | description: The state of the custom resource 46 | jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" 47 | type: string 48 | schema: 49 | openAPIV3Schema: 50 | type: object 51 | properties: 52 | spec: 53 | type: object 54 | properties: 55 | class: 56 | type: string 57 | description: The Class for the Kafka Connector. 58 | tasksMax: 59 | type: integer 60 | minimum: 1 61 | description: The maximum number of tasks for the Kafka Connector. 62 | config: 63 | x-kubernetes-preserve-unknown-fields: true 64 | type: object 65 | description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max." 66 | pause: 67 | type: boolean 68 | description: Whether the connector should be paused. Defaults to false. 69 | description: The specification of the Kafka Connector. 70 | status: 71 | type: object 72 | properties: 73 | conditions: 74 | type: array 75 | items: 76 | type: object 77 | properties: 78 | type: 79 | type: string 80 | description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." 81 | status: 82 | type: string 83 | description: "The status of the condition, either True, False or Unknown." 84 | lastTransitionTime: 85 | type: string 86 | description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." 87 | reason: 88 | type: string 89 | description: The reason for the condition's last transition (a single word in CamelCase). 90 | message: 91 | type: string 92 | description: Human-readable message indicating details about the condition's last transition. 93 | description: List of status conditions. 94 | observedGeneration: 95 | type: integer 96 | description: The generation of the CRD that was last reconciled by the operator. 97 | connectorStatus: 98 | x-kubernetes-preserve-unknown-fields: true 99 | type: object 100 | description: "The connector status, as reported by the Kafka Connect REST API." 101 | tasksMax: 102 | type: integer 103 | description: The maximum number of tasks for the Kafka Connector. 104 | topics: 105 | type: array 106 | items: 107 | type: string 108 | description: The list of topics used by the Kafka Connector. 109 | description: The status of the Kafka Connector. 110 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/047-Crd-kafkaconnector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: kafkaconnectors.kafka.strimzi.io 5 | labels: 6 | app: strimzi 7 | strimzi.io/crd-install: "true" 8 | spec: 9 | group: kafka.strimzi.io 10 | names: 11 | kind: KafkaConnector 12 | listKind: KafkaConnectorList 13 | singular: kafkaconnector 14 | plural: kafkaconnectors 15 | shortNames: 16 | - kctr 17 | categories: 18 | - strimzi 19 | scope: Namespaced 20 | conversion: 21 | strategy: None 22 | versions: 23 | - name: v1beta2 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | scale: 29 | specReplicasPath: .spec.tasksMax 30 | statusReplicasPath: .status.tasksMax 31 | additionalPrinterColumns: 32 | - name: Cluster 33 | description: The name of the Kafka Connect cluster this connector belongs to 34 | jsonPath: .metadata.labels.strimzi\.io/cluster 35 | type: string 36 | - name: Connector class 37 | description: The class used by this connector 38 | jsonPath: .spec.class 39 | type: string 40 | - name: Max Tasks 41 | description: Maximum number of tasks 42 | jsonPath: .spec.tasksMax 43 | type: integer 44 | - name: Ready 45 | description: The state of the custom resource 46 | jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" 47 | type: string 48 | schema: 49 | openAPIV3Schema: 50 | type: object 51 | properties: 52 | spec: 53 | type: object 54 | properties: 55 | class: 56 | type: string 57 | description: The Class for the Kafka Connector. 58 | tasksMax: 59 | type: integer 60 | minimum: 1 61 | description: The maximum number of tasks for the Kafka Connector. 62 | config: 63 | x-kubernetes-preserve-unknown-fields: true 64 | type: object 65 | description: "The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max." 66 | pause: 67 | type: boolean 68 | description: Whether the connector should be paused. Defaults to false. 69 | description: The specification of the Kafka Connector. 70 | status: 71 | type: object 72 | properties: 73 | conditions: 74 | type: array 75 | items: 76 | type: object 77 | properties: 78 | type: 79 | type: string 80 | description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." 81 | status: 82 | type: string 83 | description: "The status of the condition, either True, False or Unknown." 84 | lastTransitionTime: 85 | type: string 86 | description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." 87 | reason: 88 | type: string 89 | description: The reason for the condition's last transition (a single word in CamelCase). 90 | message: 91 | type: string 92 | description: Human-readable message indicating details about the condition's last transition. 93 | description: List of status conditions. 94 | observedGeneration: 95 | type: integer 96 | description: The generation of the CRD that was last reconciled by the operator. 97 | connectorStatus: 98 | x-kubernetes-preserve-unknown-fields: true 99 | type: object 100 | description: "The connector status, as reported by the Kafka Connect REST API." 101 | tasksMax: 102 | type: integer 103 | description: The maximum number of tasks for the Kafka Connector. 104 | topics: 105 | type: array 106 | items: 107 | type: string 108 | description: The list of topics used by the Kafka Connector. 109 | description: The status of the Kafka Connector. 110 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/042-Crd-strimzipodset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: strimzipodsets.core.strimzi.io 5 | labels: 6 | app: strimzi 7 | strimzi.io/crd-install: "true" 8 | spec: 9 | group: core.strimzi.io 10 | names: 11 | kind: StrimziPodSet 12 | listKind: StrimziPodSetList 13 | singular: strimzipodset 14 | plural: strimzipodsets 15 | shortNames: 16 | - sps 17 | categories: 18 | - strimzi 19 | scope: Namespaced 20 | conversion: 21 | strategy: None 22 | versions: 23 | - name: v1beta2 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | additionalPrinterColumns: 29 | - name: Pods 30 | description: Number of pods managed by the StrimziPodSet 31 | jsonPath: .status.pods 32 | type: integer 33 | - name: Ready Pods 34 | description: Number of ready pods managed by the StrimziPodSet 35 | jsonPath: .status.readyPods 36 | type: integer 37 | - name: Current Pods 38 | description: Number of up-to-date pods managed by the StrimziPodSet 39 | jsonPath: .status.currentPods 40 | type: integer 41 | - name: Age 42 | description: Age of the StrimziPodSet 43 | jsonPath: .metadata.creationTimestamp 44 | type: date 45 | schema: 46 | openAPIV3Schema: 47 | type: object 48 | properties: 49 | spec: 50 | type: object 51 | properties: 52 | selector: 53 | type: object 54 | properties: 55 | matchExpressions: 56 | type: array 57 | items: 58 | type: object 59 | properties: 60 | key: 61 | type: string 62 | operator: 63 | type: string 64 | values: 65 | type: array 66 | items: 67 | type: string 68 | matchLabels: 69 | x-kubernetes-preserve-unknown-fields: true 70 | type: object 71 | description: "Selector is a label query which matches all the pods managed by this `StrimziPodSet`. Only `matchLabels` is supported. If `matchExpressions` is set, it will be ignored." 72 | pods: 73 | type: array 74 | items: 75 | x-kubernetes-preserve-unknown-fields: true 76 | type: object 77 | description: The Pods managed by this StrimziPodSet. 78 | required: 79 | - selector 80 | - pods 81 | description: The specification of the StrimziPodSet. 82 | status: 83 | type: object 84 | properties: 85 | conditions: 86 | type: array 87 | items: 88 | type: object 89 | properties: 90 | type: 91 | type: string 92 | description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." 93 | status: 94 | type: string 95 | description: "The status of the condition, either True, False or Unknown." 96 | lastTransitionTime: 97 | type: string 98 | description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." 99 | reason: 100 | type: string 101 | description: The reason for the condition's last transition (a single word in CamelCase). 102 | message: 103 | type: string 104 | description: Human-readable message indicating details about the condition's last transition. 105 | description: List of status conditions. 106 | observedGeneration: 107 | type: integer 108 | description: The generation of the CRD that was last reconciled by the operator. 109 | pods: 110 | type: integer 111 | description: Number of pods managed by the StrimziPodSet controller. 112 | readyPods: 113 | type: integer 114 | description: Number of pods managed by the StrimziPodSet controller that are ready. 115 | currentPods: 116 | type: integer 117 | description: Number of pods managed by the StrimziPodSet controller that have the current revision. 118 | description: The status of the StrimziPodSet. 119 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/042-Crd-strimzipodset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: strimzipodsets.core.strimzi.io 5 | labels: 6 | app: strimzi 7 | strimzi.io/crd-install: "true" 8 | spec: 9 | group: core.strimzi.io 10 | names: 11 | kind: StrimziPodSet 12 | listKind: StrimziPodSetList 13 | singular: strimzipodset 14 | plural: strimzipodsets 15 | shortNames: 16 | - sps 17 | categories: 18 | - strimzi 19 | scope: Namespaced 20 | conversion: 21 | strategy: None 22 | versions: 23 | - name: v1beta2 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | additionalPrinterColumns: 29 | - name: Pods 30 | description: Number of pods managed by the StrimziPodSet 31 | jsonPath: .status.pods 32 | type: integer 33 | - name: Ready Pods 34 | description: Number of ready pods managed by the StrimziPodSet 35 | jsonPath: .status.readyPods 36 | type: integer 37 | - name: Current Pods 38 | description: Number of up-to-date pods managed by the StrimziPodSet 39 | jsonPath: .status.currentPods 40 | type: integer 41 | - name: Age 42 | description: Age of the StrimziPodSet 43 | jsonPath: .metadata.creationTimestamp 44 | type: date 45 | schema: 46 | openAPIV3Schema: 47 | type: object 48 | properties: 49 | spec: 50 | type: object 51 | properties: 52 | selector: 53 | type: object 54 | properties: 55 | matchExpressions: 56 | type: array 57 | items: 58 | type: object 59 | properties: 60 | key: 61 | type: string 62 | operator: 63 | type: string 64 | values: 65 | type: array 66 | items: 67 | type: string 68 | matchLabels: 69 | x-kubernetes-preserve-unknown-fields: true 70 | type: object 71 | description: "Selector is a label query which matches all the pods managed by this `StrimziPodSet`. Only `matchLabels` is supported. If `matchExpressions` is set, it will be ignored." 72 | pods: 73 | type: array 74 | items: 75 | x-kubernetes-preserve-unknown-fields: true 76 | type: object 77 | description: The Pods managed by this StrimziPodSet. 78 | required: 79 | - selector 80 | - pods 81 | description: The specification of the StrimziPodSet. 82 | status: 83 | type: object 84 | properties: 85 | conditions: 86 | type: array 87 | items: 88 | type: object 89 | properties: 90 | type: 91 | type: string 92 | description: "The unique identifier of a condition, used to distinguish between other conditions in the resource." 93 | status: 94 | type: string 95 | description: "The status of the condition, either True, False or Unknown." 96 | lastTransitionTime: 97 | type: string 98 | description: "Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone." 99 | reason: 100 | type: string 101 | description: The reason for the condition's last transition (a single word in CamelCase). 102 | message: 103 | type: string 104 | description: Human-readable message indicating details about the condition's last transition. 105 | description: List of status conditions. 106 | observedGeneration: 107 | type: integer 108 | description: The generation of the CRD that was last reconciled by the operator. 109 | pods: 110 | type: integer 111 | description: Number of pods managed by the StrimziPodSet controller. 112 | readyPods: 113 | type: integer 114 | description: Number of pods managed by the StrimziPodSet controller that are ready. 115 | currentPods: 116 | type: integer 117 | description: Number of pods managed by the StrimziPodSet controller that have the current revision. 118 | description: The status of the StrimziPodSet. 119 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/terraform/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "s3" { 3 | bucket = "terraform-tfstate-${var.cluster_name}" 4 | key = "global/s3/terraform.tfstate" 5 | region = "${var.aws_region}" 6 | dynamodb_table = "${var.dynamodb_table}" 7 | encrypt = true 8 | } 9 | required_version = ">= 1.13.1, < 1.14" 10 | required_providers { 11 | aws = { 12 | source = "hashicorp/aws" 13 | version = "~> 6.10" 14 | } 15 | } 16 | } 17 | 18 | provider "aws" { 19 | region = var.aws_region 20 | } 21 | 22 | provider "kubernetes" { 23 | host = module.eks.cluster_endpoint 24 | cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) 25 | 26 | exec { 27 | api_version = "client.authentication.k8s.io/v1beta1" 28 | command = "aws" 29 | args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] 30 | } 31 | } 32 | 33 | data "aws_availability_zones" "available" {} 34 | 35 | module "vpc" { 36 | source = "terraform-aws-modules/vpc/aws" 37 | version = "~> 6.0" 38 | 39 | name = "${var.cluster_name}-vpc" 40 | cidr = "10.168.0.0/16" 41 | 42 | azs = data.aws_availability_zones.available.names 43 | private_subnets = ["10.168.128.0/18", "10.168.192.0/18"] 44 | public_subnets = ["10.168.0.0/18", "10.168.64.0/18"] 45 | 46 | enable_nat_gateway = true 47 | single_nat_gateway = true 48 | enable_dns_support = true 49 | enable_dns_hostnames = true 50 | 51 | public_subnet_tags = { 52 | "kubernetes.io/cluster/${var.cluster_name}" = "shared" 53 | "kubernetes.io/role/elb" = "1" 54 | } 55 | private_subnet_tags = { 56 | "kubernetes.io/cluster/${var.cluster_name}" = "shared" 57 | "kubernetes.io/role/internal-elb" = "1" 58 | } 59 | 60 | tags = { 61 | Terraform = "true" 62 | Environment = var.cluster_name 63 | } 64 | } 65 | 66 | module "eks" { 67 | source = "terraform-aws-modules/eks/aws" 68 | version = "~> 21.1" 69 | 70 | name = var.cluster_name 71 | kubernetes_version = var.cluster_version 72 | 73 | vpc_id = module.vpc.vpc_id 74 | subnet_ids = module.vpc.private_subnets 75 | 76 | endpoint_public_access = true 77 | endpoint_private_access = true 78 | endpoint_public_access_cidrs = ["0.0.0.0/0"] 79 | 80 | authentication_mode = "API" 81 | enable_cluster_creator_admin_permissions = true 82 | enable_irsa = true 83 | 84 | addons = { 85 | vpc-cni = { before_compute = true, most_recent = true } 86 | coredns = { most_recent = true } 87 | kube-proxy = { most_recent = true } 88 | } 89 | 90 | eks_managed_node_groups = { 91 | eks = { 92 | name = "${var.cluster_name}-worker-nodes" 93 | desired_size = var.desired_worker_node 94 | min_size = var.min_worker_node 95 | max_size = var.max_worker_node 96 | disk_size = var.disk_size 97 | instance_types = [var.instance_type] 98 | ami_type = "AL2023_x86_64_STANDARD" 99 | 100 | iam_role_additional_policies = { 101 | workers = aws_iam_policy.worker_policy.arn 102 | } 103 | } 104 | } 105 | 106 | tags = { 107 | Environment = "Wolfram Application Server" 108 | } 109 | } 110 | 111 | data "aws_iam_policy_document" "efs_csi_assume" { 112 | statement { 113 | actions = ["sts:AssumeRoleWithWebIdentity"] 114 | effect = "Allow" 115 | principals { 116 | type = "Federated" 117 | identifiers = [module.eks.oidc_provider_arn] 118 | } 119 | condition { 120 | test = "StringEquals" 121 | variable = "${module.eks.oidc_provider}:sub" 122 | values = ["system:serviceaccount:kube-system:efs-csi-controller-sa"] 123 | } 124 | condition { 125 | test = "StringEquals" 126 | variable = "${module.eks.oidc_provider}:aud" 127 | values = ["sts.amazonaws.com"] 128 | } 129 | } 130 | } 131 | 132 | resource "aws_iam_role" "efs_csi_controller" { 133 | name = "${var.cluster_name}-efs-csi-controller" 134 | assume_role_policy = data.aws_iam_policy_document.efs_csi_assume.json 135 | 136 | # ensure the module creates the IAM OIDC provider first 137 | depends_on = [module.eks] 138 | } 139 | 140 | resource "aws_iam_role_policy_attachment" "efs_csi_managed" { 141 | role = aws_iam_role.efs_csi_controller.name 142 | policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy" 143 | 144 | depends_on = [aws_iam_role.efs_csi_controller] 145 | } 146 | 147 | output "efs_csi_role_arn" { 148 | value = aws_iam_role.efs_csi_controller.arn 149 | } 150 | 151 | resource "aws_iam_policy" "worker_policy" { 152 | name = "node-workers-policy-${var.cluster_name}" 153 | description = "Node Workers IAM policies" 154 | policy = file("${path.module}/iam-policy.json") 155 | } -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/060-Deployment-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | name: strimzi-cluster-operator 12 | strimzi.io/kind: cluster-operator 13 | template: 14 | metadata: 15 | labels: 16 | name: strimzi-cluster-operator 17 | strimzi.io/kind: cluster-operator 18 | spec: 19 | serviceAccountName: strimzi-cluster-operator 20 | volumes: 21 | - name: strimzi-tmp 22 | emptyDir: 23 | medium: Memory 24 | sizeLimit: 1Mi 25 | - name: co-config-volume 26 | configMap: 27 | name: strimzi-cluster-operator 28 | containers: 29 | - name: strimzi-cluster-operator 30 | image: quay.io/strimzi/operator:0.29.0 31 | ports: 32 | - containerPort: 8080 33 | name: http 34 | args: 35 | - /opt/strimzi/bin/cluster_operator_run.sh 36 | volumeMounts: 37 | - name: strimzi-tmp 38 | mountPath: /tmp 39 | - name: co-config-volume 40 | mountPath: /opt/strimzi/custom-config/ 41 | env: 42 | - name: STRIMZI_NAMESPACE 43 | valueFrom: 44 | fieldRef: 45 | fieldPath: metadata.namespace 46 | - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS 47 | value: "120000" 48 | - name: STRIMZI_OPERATION_TIMEOUT_MS 49 | value: "300000" 50 | - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE 51 | value: quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 52 | - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE 53 | value: quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 54 | - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE 55 | value: quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 56 | - name: STRIMZI_KAFKA_IMAGES 57 | value: | 58 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 59 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 60 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 61 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 62 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 63 | - name: STRIMZI_KAFKA_CONNECT_IMAGES 64 | value: | 65 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 66 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 67 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 68 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 69 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 70 | - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES 71 | value: | 72 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 73 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 74 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 75 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 76 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 77 | - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES 78 | value: | 79 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 80 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 81 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 82 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 83 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 84 | - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE 85 | value: quay.io/strimzi/operator:0.29.0 86 | - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE 87 | value: quay.io/strimzi/operator:0.29.0 88 | - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE 89 | value: quay.io/strimzi/operator:0.29.0 90 | - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE 91 | value: quay.io/strimzi/kafka-bridge:0.21.5 92 | - name: STRIMZI_DEFAULT_JMXTRANS_IMAGE 93 | value: quay.io/strimzi/jmxtrans:0.29.0 94 | - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE 95 | value: quay.io/strimzi/kaniko-executor:0.29.0 96 | - name: STRIMZI_DEFAULT_MAVEN_BUILDER 97 | value: quay.io/strimzi/maven-builder:0.29.0 98 | - name: STRIMZI_OPERATOR_NAMESPACE 99 | valueFrom: 100 | fieldRef: 101 | fieldPath: metadata.namespace 102 | - name: STRIMZI_FEATURE_GATES 103 | value: "" 104 | - name: STRIMZI_KUBERNETES_VERSION 105 | value: "major=1,minor=33" 106 | livenessProbe: 107 | httpGet: 108 | path: /healthy 109 | port: http 110 | initialDelaySeconds: 10 111 | periodSeconds: 30 112 | readinessProbe: 113 | httpGet: 114 | path: /ready 115 | port: http 116 | initialDelaySeconds: 10 117 | periodSeconds: 30 118 | resources: 119 | limits: 120 | cpu: 1000m 121 | memory: 2Gi 122 | requests: 123 | cpu: 200m 124 | memory: 384Mi 125 | strategy: 126 | type: Recreate 127 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/060-Deployment-strimzi-cluster-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: strimzi-cluster-operator 5 | labels: 6 | app: strimzi 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | name: strimzi-cluster-operator 12 | strimzi.io/kind: cluster-operator 13 | template: 14 | metadata: 15 | labels: 16 | name: strimzi-cluster-operator 17 | strimzi.io/kind: cluster-operator 18 | spec: 19 | serviceAccountName: strimzi-cluster-operator 20 | volumes: 21 | - name: strimzi-tmp 22 | emptyDir: 23 | medium: Memory 24 | sizeLimit: 1Mi 25 | - name: co-config-volume 26 | configMap: 27 | name: strimzi-cluster-operator 28 | containers: 29 | - name: strimzi-cluster-operator 30 | image: quay.io/strimzi/operator:0.29.0 31 | ports: 32 | - containerPort: 8080 33 | name: http 34 | args: 35 | - /opt/strimzi/bin/cluster_operator_run.sh 36 | volumeMounts: 37 | - name: strimzi-tmp 38 | mountPath: /tmp 39 | - name: co-config-volume 40 | mountPath: /opt/strimzi/custom-config/ 41 | env: 42 | - name: STRIMZI_NAMESPACE 43 | valueFrom: 44 | fieldRef: 45 | fieldPath: metadata.namespace 46 | - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS 47 | value: "120000" 48 | - name: STRIMZI_OPERATION_TIMEOUT_MS 49 | value: "300000" 50 | - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE 51 | value: quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 52 | - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE 53 | value: quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 54 | - name: STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE 55 | value: quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 56 | - name: STRIMZI_KAFKA_IMAGES 57 | value: | 58 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 59 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 60 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 61 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 62 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 63 | - name: STRIMZI_KAFKA_CONNECT_IMAGES 64 | value: | 65 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 66 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 67 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 68 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 69 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 70 | - name: STRIMZI_KAFKA_MIRROR_MAKER_IMAGES 71 | value: | 72 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 73 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 74 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 75 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 76 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 77 | - name: STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES 78 | value: | 79 | 3.0.0=quay.io/strimzi/kafka:0.29.0-kafka-3.0.0 80 | 3.0.1=quay.io/strimzi/kafka:0.29.0-kafka-3.0.1 81 | 3.1.0=quay.io/strimzi/kafka:0.29.0-kafka-3.1.0 82 | 3.1.1=quay.io/strimzi/kafka:0.29.0-kafka-3.1.1 83 | 3.2.0=quay.io/strimzi/kafka:0.29.0-kafka-3.2.0 84 | - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE 85 | value: quay.io/strimzi/operator:0.29.0 86 | - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE 87 | value: quay.io/strimzi/operator:0.29.0 88 | - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE 89 | value: quay.io/strimzi/operator:0.29.0 90 | - name: STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE 91 | value: quay.io/strimzi/kafka-bridge:0.21.5 92 | - name: STRIMZI_DEFAULT_JMXTRANS_IMAGE 93 | value: quay.io/strimzi/jmxtrans:0.29.0 94 | - name: STRIMZI_DEFAULT_KANIKO_EXECUTOR_IMAGE 95 | value: quay.io/strimzi/kaniko-executor:0.29.0 96 | - name: STRIMZI_DEFAULT_MAVEN_BUILDER 97 | value: quay.io/strimzi/maven-builder:0.29.0 98 | - name: STRIMZI_OPERATOR_NAMESPACE 99 | valueFrom: 100 | fieldRef: 101 | fieldPath: metadata.namespace 102 | - name: STRIMZI_FEATURE_GATES 103 | value: "" 104 | - name: STRIMZI_KUBERNETES_VERSION 105 | value: "major=1,minor=33" 106 | livenessProbe: 107 | httpGet: 108 | path: /healthy 109 | port: http 110 | initialDelaySeconds: 10 111 | periodSeconds: 30 112 | readinessProbe: 113 | httpGet: 114 | path: /ready 115 | port: http 116 | initialDelaySeconds: 10 117 | periodSeconds: 30 118 | resources: 119 | limits: 120 | cpu: 1000m 121 | memory: 2Gi 122 | requests: 123 | cpu: 200m 124 | memory: 384Mi 125 | strategy: 126 | type: Recreate 127 | -------------------------------------------------------------------------------- /Documentation/API/NodeFilesManager.md: -------------------------------------------------------------------------------- 1 | # Node Files Manager API 2 | 3 | This API covers the node file lifecycle required for deploying content that resides on the node local file system. Using this API we can install, modify, and remove files which may be directly accessed by the Wolfram Engine. 4 | 5 | ## Node Files [/nodefiles] 6 | 7 | ### GET 8 | 9 | Use this to retrieve a listing of all the resident node files. The API returns list of node file paths along with the nodeFileName and location in JSON format. Node file paths are relative to the configured node files root directory in Active web element server. 10 | 11 | * Request 12 | 13 | GET /nodefiles 14 | Example: 15 | 16 | GET "http://applicationserver.wolfram.com/nodefiles" 17 | 18 | * Response 200 (application/json): 19 | 20 | Example: 21 | 22 | { 23 | "WebPackages/init.m":{ 24 | "size":"1048576", 25 | "hashMD5":"e65a396cca1a0e502d676c20f5f29b21", 26 | "uploaded":"2019-04-30 12:40:05.0" 27 | }, 28 | ".Wolfram/Kernel/init.m":{ 29 | "size":"20971520", 30 | "hashMD5":"9bb5c73e11f0731e2de05874b26532d8", 31 | "uploaded":"2019-01-15 09:30:15.0" 32 | }, 33 | "WebPackages/Kernel/kernel.m":{ 34 | "size":"104857600", 35 | "hashMD5":"0cb53ff034bedf7b87bd07c08e8151c7", 36 | "uploaded":"2019-10-01 02:45:13.0" 37 | } 38 | } 39 | 40 | ### POST 41 | 42 | Use this to create a new node file to the local node files directory. The Content-Type of this request is `multipart/form-data`. The `nodeFile` parameter with the file name should be provided along with the directory path in the `path` parameter (use the value of '/' for files to be placed in the root directory). Once the node file is successfully uploaded the API returns location of the newly created node file. The path parameter combined with node file name uniquely identifies a node file location. 43 | 44 | * Request 45 | 46 | POST /nodefiles 47 | Example: 48 | 49 | POST "http://applicationserver.wolfram.com/nodefiles" 50 | * Parameters 51 | 52 | * nodeFile(required, file): This is the file name for the uploaded file. 53 | 54 | Example: 55 | 56 | name="nodeFile"; filename="init.m" 57 | 58 | * path(required, string): This is the directory in which the uploaded file should be placed. 59 | Example: 60 | 61 | name="path"; value=".Wolfram/Kernel" 62 | 63 | * Response 201 Created (application/json) 64 | 65 | Example: 66 | 67 | { 68 | "location": "WebPackages/Kernel/init.m" 69 | } 70 | * If the file already exists: Response 400 Bad Request (application/json) 71 | 72 | [{ 73 | "timestamp": "2019-08-28T17:11:30.427+0000", 74 | "status": 400, 75 | "error": "Bad Request", 76 | "message": "NodeFile already exist at path : .Wolfram/Kernel/init.m", 77 | "path": "/nodefiles/" 78 | }] 79 | 80 | ## Node Files [/nodefiles/{location}] 81 | 82 | ### GET 83 | Use this to get the contents of a node file. The API takes the location of the node file as a path variable and returns the contents of the node file. 84 | 85 | * Parameter 86 | * location(String) : This location specifies the full path to the node file. 87 | * Request 88 | 89 | GET /nodefiles/{location} 90 | 91 | Example: 92 | 93 | GET "http://applicationserver.wolfram.com/nodefiles/.Wolfram/Kernel/init.m" 94 | 95 | The response Content-Type corresponds to the file MIME type, and the response body is the raw file content. 96 | 97 | * Response 200 98 | 99 | * If the location does not exist: Response 404 Not Found (application/json) 100 | 101 | [{ 102 | "timestamp": "2019-08-28T17:11:30.427+0000", 103 | "status": 404, 104 | "error": "Not Found", 105 | "message": "Unknown node file", 106 | "path": "WebPackages/Kernel/init.m" 107 | }] 108 | 109 | ### PUT 110 | Use this to update an existing node file. The API takes the node file location as a path variable and a local file with the source contents to be uploaded specified with the `nodeFile` parameter. The Content-Type of this request is `multipart/form-data`. The API returns nothing. 111 | 112 | * Parameter 113 | * location (String) : This location specifies the full path to the node file. 114 | * nodeFile (required, file): This is the location of a local file to upload as the replacement contents of the existing node file. 115 | 116 | Example: 117 | 118 | name="nodeFile"; filename="init.m" 119 | * Request 120 | 121 | PUT /nodefiles/{location} 122 | 123 | Example: 124 | 125 | PUT "http://applicationserver.wolfram.com/nodefiles/.Wolfram/Kernel/init.m" 126 | 127 | 128 | * Response 202 Accepted 129 | 130 | * If the `location` not exist, Response 404 Not Found (application/json) 131 | 132 | [{ 133 | "timestamp": "2019-08-28T17:11:30.427+0000", 134 | "status": 404, 135 | "error": "Not Found", 136 | "message": "Unknown node file", 137 | "path": "WebPackages/Kernel/init.m" 138 | }] 139 | 140 | 141 | ### DELETE 142 | 143 | Use this to delete an existing node file. This API takes the node file location as a path variable and returns nothing. 144 | 145 | * Parameter 146 | * location (String) : This location specifies the full path to the node file. 147 | * Request 148 | 149 | DELETE /nodefiles/{location} 150 | Example: 151 | 152 | DELETE "http://applicationserver.wolfram.com/nodefiles/.Wolfram/Kernel/init.m" 153 | * Response 202 Accepted 154 | 155 | ## NodeFile Health Check [/nodefiles/.applicationserver/info] 156 | 157 | ### GET 158 | 159 | Use this to retrieve information about the node files manager. The API may be used to confirm that the endpoint manager is running. 160 | 161 | * Request 162 | 163 | GET /nodefiles/.applicationserver/info 164 | Example: 165 | 166 | GET "http://applicationserver.wolfram.com/nodefiles/.applicationserver/info" 167 | * Response 200 (application/json): 168 | 169 | Example: 170 | 171 | { 172 | "name": "nodefile-manager", 173 | "version": "1.0.0" 174 | } 175 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/terraform/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "acm:DescribeCertificate", 8 | "acm:ListCertificates", 9 | "acm:GetCertificate" 10 | ], 11 | "Resource": "*" 12 | }, 13 | { 14 | "Effect": "Allow", 15 | "Action": [ 16 | "ec2:AuthorizeSecurityGroupIngress", 17 | "ec2:AuthorizeSecurityGroupEgress", 18 | "ec2:CreateSecurityGroup", 19 | "ec2:CreateTags", 20 | "ec2:DeleteTags", 21 | "ec2:DeleteSecurityGroup", 22 | "ec2:DescribeAccountAttributes", 23 | "ec2:DescribeAddresses", 24 | "ec2:DescribeAvailabilityZones", 25 | "ec2:DescribeInstances", 26 | "ec2:DescribeInstanceStatus", 27 | "ec2:DescribeInternetGateways", 28 | "ec2:DescribeIpamPools", 29 | "ec2:GetSecurityGroupsForVpc", 30 | "ec2:DescribeNetworkInterfaces", 31 | "ec2:DescribeSecurityGroups", 32 | "ec2:DescribeSubnets", 33 | "ec2:DescribeTags", 34 | "ec2:DescribeVpcs", 35 | "ec2:ModifyInstanceAttribute", 36 | "ec2:ModifyNetworkInterfaceAttribute", 37 | "ec2:RevokeSecurityGroupIngress" 38 | ], 39 | "Resource": "*" 40 | }, 41 | { 42 | "Effect": "Allow", 43 | "Action": [ 44 | "elasticloadbalancing:AddListenerCertificates", 45 | "elasticloadbalancing:AddTags", 46 | "elasticloadbalancing:CreateListener", 47 | "elasticloadbalancing:CreateLoadBalancer", 48 | "elasticloadbalancing:CreateRule", 49 | "elasticloadbalancing:CreateTargetGroup", 50 | "elasticloadbalancing:DeleteListener", 51 | "elasticloadbalancing:DeleteLoadBalancer", 52 | "elasticloadbalancing:DeleteRule", 53 | "elasticloadbalancing:DeleteTargetGroup", 54 | "elasticloadbalancing:DeregisterTargets", 55 | "elasticloadbalancing:DescribeListenerCertificates", 56 | "elasticloadbalancing:DescribeListeners", 57 | "elasticloadbalancing:DescribeLoadBalancers", 58 | "elasticloadbalancing:DescribeLoadBalancerAttributes", 59 | "elasticloadbalancing:DescribeRules", 60 | "elasticloadbalancing:DescribeSSLPolicies", 61 | "elasticloadbalancing:DescribeTags", 62 | "elasticloadbalancing:DescribeTargetGroups", 63 | "elasticloadbalancing:DescribeTargetGroupAttributes", 64 | "elasticloadbalancing:DescribeTargetHealth", 65 | "elasticloadbalancing:ModifyListener", 66 | "elasticloadbalancing:ModifyLoadBalancerAttributes", 67 | "elasticloadbalancing:ModifyRule", 68 | "elasticloadbalancing:ModifyTargetGroup", 69 | "elasticloadbalancing:ModifyTargetGroupAttributes", 70 | "elasticloadbalancing:RegisterTargets", 71 | "elasticloadbalancing:RemoveListenerCertificates", 72 | "elasticloadbalancing:RemoveTags", 73 | "elasticloadbalancing:SetIpAddressType", 74 | "elasticloadbalancing:SetRulePriorities", 75 | "elasticloadbalancing:SetSecurityGroups", 76 | "elasticloadbalancing:SetSubnets", 77 | "elasticloadbalancing:SetWebAcl" 78 | ], 79 | "Resource": "*" 80 | }, 81 | { 82 | "Effect": "Allow", 83 | "Action": [ 84 | "iam:CreateServiceLinkedRole", 85 | "iam:GetServerCertificate", 86 | "iam:ListServerCertificates" 87 | ], 88 | "Resource": "*" 89 | }, 90 | { 91 | "Effect": "Allow", 92 | "Action": [ 93 | "cognito-idp:DescribeUserPoolClient" 94 | ], 95 | "Resource": "*" 96 | }, 97 | { 98 | "Effect": "Allow", 99 | "Action": [ 100 | "waf-regional:GetWebACLForResource", 101 | "waf-regional:GetWebACL", 102 | "waf-regional:AssociateWebACL", 103 | "waf-regional:DisassociateWebACL" 104 | ], 105 | "Resource": "*" 106 | }, 107 | { 108 | "Effect": "Allow", 109 | "Action": [ 110 | "tag:GetResources", 111 | "tag:TagResources" 112 | ], 113 | "Resource": "*" 114 | }, 115 | { 116 | "Effect": "Allow", 117 | "Action": [ 118 | "waf:GetWebACL" 119 | ], 120 | "Resource": "*" 121 | }, 122 | { 123 | "Effect": "Allow", 124 | "Action": [ 125 | "wafv2:GetWebACL", 126 | "wafv2:GetWebACLForResource", 127 | "wafv2:AssociateWebACL", 128 | "wafv2:DisassociateWebACL" 129 | ], 130 | "Resource": "*" 131 | }, 132 | { 133 | "Effect": "Allow", 134 | "Action": [ 135 | "shield:DescribeProtection", 136 | "shield:GetSubscriptionState", 137 | "shield:DeleteProtection", 138 | "shield:CreateProtection", 139 | "shield:DescribeSubscription", 140 | "shield:ListProtections" 141 | ], 142 | "Resource": "*" 143 | }, 144 | { 145 | "Sid": "S3FullAccess", 146 | "Effect": "Allow", 147 | "Action": [ "s3:*" ], 148 | "Resource": [ 149 | "arn:aws:s3:::*", 150 | "arn:aws:s3:::*/*" 151 | ] 152 | }, 153 | { 154 | "Sid": "EFSAll", 155 | "Effect": "Allow", 156 | "Action": [ "elasticfilesystem:*" ], 157 | "Resource": "*" 158 | }, 159 | { 160 | "Effect": "Allow", 161 | "Action": [ 162 | "autoscaling:DescribeAutoScalingGroups", 163 | "autoscaling:DescribeAutoScalingInstances", 164 | "autoscaling:DescribeLaunchConfigurations", 165 | "autoscaling:DescribeTags", 166 | "autoscaling:SetDesiredCapacity", 167 | "autoscaling:TerminateInstanceInAutoScalingGroup", 168 | "ec2:DescribeLaunchTemplateVersions" 169 | ], 170 | "Resource": "*" 171 | }, 172 | { 173 | "Effect": "Allow", 174 | "Action": [ "dynamodb:*" ], 175 | "Resource": "*" 176 | } 177 | ] 178 | } 179 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/README.md: -------------------------------------------------------------------------------- 1 | # Amazon EKS WAS Setup 2 | 3 | ## Introduction 4 | 5 | This document describes the setup of Amazon Kubernetes (EKS) and Wolfram Application Server (WAS). 6 | 7 | 8 | ## Prerequisite Tools 9 | 10 | The following CLI tools are required to be installed on your local machine to complete the setup and installation: 11 | 12 | * **AWS CLIv2** - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions 13 | 14 | * **Kubectl >= 1.34.0** - https://kubernetes.io/docs/tasks/tools/install-kubectl/ 15 | 16 | * **Docker v28.4.0 or newer** - https://docs.docker.com/get-docker/ 17 | 18 | * **Docker Compose v2.39.4 or newer** - https://docs.docker.com/compose/install/ 19 | 20 | 21 | ### Default Configuration 22 | The automated configuration tool will use the following default values when building EKS and configuring WAS. 23 | 24 | * Cluster Name: WAS 25 | * Region: us-east-1 26 | * AMI Instance Type: c5.2xlarge 27 | * Disk Size: 30GB 28 | * Node Group scaling configuration: [Minimum size: 2, Maximum size: 10, Desired size: 2] 29 | * Kubernetes Version: 1.33 30 | 31 | To change any of the above defaults open `Source/terraform/variables.tf`, modify accordingly and save file. 32 | 33 | 34 | ## First Time Setup 35 | 36 | **Prerequisite:** Obtain an AWS IAM User with administrator priviledges, access key and secret key. 37 | 38 | To configure the AWS CLI run the following command: 39 | 40 | aws configure 41 | 42 | This will interactively prompt for your AWS IAM user access key, secret key and preferred region. 43 | 44 | **Note:** Your region needs to match the above default configuration else the setup will fail. 45 | 46 | ## Setup 47 | 48 | **Step 1.** Checkout the repository: 49 | 50 | git clone https://github.com/WolframResearch/WAS-Kubernetes.git 51 | 52 | **Step 2.** Change directory to AWS: 53 | 54 | cd WAS-Kubernetes/EnvironmentSetup/AWS/ 55 | 56 | **Step 3.** Create two S3 buckets to use for WAS, these are needed for resource-manager, resourceinfo-bucket and nodefileinfo-bucket: 57 | 58 | If the buckets will be in 'us-east-1' 59 | 60 | aws s3api create-bucket --bucket 61 | aws s3api create-bucket --bucket 62 | 63 | If will be in any other regions(us-east-2, us-west-1 etc.) 64 | 65 | aws s3api create-bucket --bucket --region --create-bucket-configuration LocationConstraint= 66 | aws s3api create-bucket --bucket --region --create-bucket-configuration LocationConstraint= 67 | 68 | **Step 4.** Update buckets file with these buckets 69 | 70 | resourceinfo-bucket: 71 | nodefiles-bucket: 72 | 73 | 74 | **Step 5.** Run the following command to set up EKS and deploy WAS: 75 | 76 | mkdir -p ~/.kube && docker compose build --progress=plain && docker compose up -d && clear && docker exec -it aws-setup-manager bash setup --create && sudo chown -R $USER ~/.kube 77 | 78 | **Note:** This can take approximately 45 minutes to complete. 79 | 80 | 81 | **Step 6.** Run the following command to retrieve your base URL and application URLs: 82 | 83 | docker compose build --progress=plain && docker compose up -d && clear && docker exec -it aws-setup-manager bash setup --endpoint-info 84 | 85 | 86 | The output of this command will follow this pattern: 87 | 88 | Base URL - Active Web Elements Server: http:/// 89 | 90 | Resource Manager: http:///resources/ 91 | 92 | Endpoints Manager: http:///endpoints/ 93 | 94 | Nodefiles: http:///nodefiles/ 95 | 96 | Endpoints Info: http:///.applicationserver/info 97 | 98 | Restart AWES: http:///.applicationserver/kernel/restart 99 | 100 | 101 | 102 | **Step 7.** After completion, run this command to shutdown the aws-setup-manager: 103 | 104 | docker compose down 105 | 106 | 107 | **Step 8.** Get a license file from your Wolfram Research sales representative. 108 | 109 | 110 | **Step 9.** This file needs to be deployed to WAS as a node file in the conventional location `.Wolfram/Licensing/mathpass`. From a Wolfram Language client, this may be achieved using the following code: 111 | 112 | was = ServiceConnect["WolframApplicationServer", "http://"]; 113 | ServiceExecute[was, "DeployNodeFile", 114 | {"Contents"-> File["/path/to/mathpass"], "NodeFile" -> ".Wolfram/Licensing/mathpass"}] 115 | 116 | 117 | Alternatively you may use the [node files REST API](../../Documentation/API/NodeFilesManager.md) to install the license file. 118 | 119 | **Note:** In order to use the Wolfram Language functions, the WolframApplicationServer paclet must be installed and loaded. Run the following code: 120 | 121 | PacletInstall["WolframApplicationServer"]; 122 | Needs["WolframApplicationServer`"] 123 | 124 | **Step 10.** Restart the application using the [restart API](../../Documentation/API/Utilities.md) to enable your Wolfram Engines. 125 | 126 | URL: `http:///.applicationserver/kernel/restart` 127 | 128 | The default credentials for this API are: 129 | 130 | Username: applicationserver 131 | 132 | Password: P7g[/Y8v?KR}#YvN 133 | 134 | 135 | **Note:** Active Web Elements Server will restart and activate using the mathpass. Upon successful activation, the application shall start. 136 | 137 | Your setup is now complete. 138 | 139 | 140 | ## Remove the cluster 141 | 142 | The following completely deletes everything including the kubernetes cluster, Wolfram Application Server and all resources: 143 | 144 | **Step 1.** Update the `terraform/variables.tf` file with your WAS cluster info(aws_region, cluster name etc.) 145 | 146 | **Step 2.** Change your directory to the directory containing `docker-compose.yml` directory and run the following command to destroy your EKS cluster and WAS: 147 | 148 | docker compose build --progress=plain && docker compose up -d && clear && docker exec -it aws-setup-manager bash setup --delete 149 | 150 | **Warning:** All data will be destroyed. 151 | 152 | **Step 2.** After completion, shutdown the aws-setup-manager by running the following command: 153 | 154 | docker compose down -v 155 | 156 | --- 157 | 158 | ## Troubleshooting 159 | 160 | **1.** Backend configuration is changed error. 161 | ``` 162 | Building EKS - (can take upto 30 minutes) [ERROR] Failed with error: 1 163 | [ ✘ ] 164 | 165 | [ERROR] Something went wrong. Exiting. 166 | [ERROR] The last few log entries were: 167 | ╷ 168 | │ Error: Backend configuration changed 169 | │ 170 | │ A change in the backend configuration has been detected, which may require 171 | │ migrating existing state. 172 | │ 173 | │ If you wish to attempt automatic migration of the state, use “terraform 174 | │ init -migrate-state”. 175 | │ If you wish to store the current configuration with no changes to the 176 | │ state, use “terraform init -reconfigure”. 177 | ``` 178 | 179 | You need to check these bullet-points. 180 | 181 | * Check S3/DynamoDb for previous WAS setup states. If any of them exists, remove it manually on AWS Console. 182 | 183 | 184 | 185 | * Remove docker container cache. 186 | 187 | * Stop the running `aws-setup-manager` container with `docker kill ` 188 | * `docker container prune -f` 189 | * `docker volume prune -a -f` or `docker volume prune -f` , depends on the docker version. 190 | -------------------------------------------------------------------------------- /Configuration.md: -------------------------------------------------------------------------------- 1 | # Configuration 2 | 3 | After setting up the Wolfram Application Server, there are various modifications that may be applied to customize your deployment. This file documents the commonly used configurations for mofifying the applicaiton server. 4 | 5 | ## Passwords 6 | 7 | ### Restart API 8 | _It is highly recommended to change the password for the restart API._ 9 | 10 | The restart api used to force the restart of the Wolfram Engine pools is protected with basic HTTP authentication requiring a user name and password. Wolfram Application Server deploys a default password for the user **applicationserver** specified in the file `Source/ingress/auth` on the deployment machine. The format of the password file is generated by the Apache [htpasswd](http://httpd.apache.org/docs/current/programs/htpasswd.html) applicaiton. To generate a new encrypted password navigate to the ingress directory and run the following command: 11 | 12 | `htpasswd -c ./auth applicationserver` 13 | 14 | You will be prompted for a new password. The `htpasswd` command may additionally be used further customize the password file with new users and passwords as desired. 15 | 16 | To deploy the modified `auth` password file to the cluster run the following command: 17 | 18 | `kubectl create secret generic basic-auth --from-file=auth -n was --ignore-not-found=true` 19 | 20 | to apply the changes. 21 | 22 | 23 | ## Kernel Initialization 24 | 25 | Developers may wish to run Wolfram Language code when Wolfram Engine kenels are initialized prior to handling user requests. By convention this code should be deployed as a node file named `init.wl` to one of the following paths 26 | 27 | * `.Wolfram/Kernel/init.wl` 28 | * `.Wolfram/[pool name]/Kernel/init.wl` 29 | 30 | Configuration files deployed to the first location will be run for all kernels in all pools. Configurations deployed to the second will be run only for the pool specified by `[pool name]` to permit customizing initialization code for each pool. 31 | 32 | ## Pod Scaling 33 | ### List of Pods 34 | * Active Web Elements Server 35 | * Endpoint Manager 36 | * Resource Manager 37 | * Node Files Manager 38 | * Minio 39 | * Kafka 40 | 41 | ### Default Algorithm 42 | The auto-scaling of kubernetes upscales and downscale automatically based upon load. Additional pods are started when the pod average cpu usage exceeds 85% or memory usage exceeds 90%. Every 5 minutes the cluster may shut down pods if average load falls below these scaling limits. Up scaling is generally immediate while downscaling is more infrequent to limit the variability in cluster size. 43 | 44 | ### Active Web Elements Server Algorithm 45 | In addition to the default above, the scaling of Active Web Elements Server is based on the pools managed by this service. Pod average statistics of the recent peak percentage of kernels in use as well as the queue length of users waiting to access a kernel are collected for each kernel pool managed by the Active Web Elements Server. If for any pool the average kernel usage exceeds 90% or the average queue length exceeds 2 requests, additional services are launched (as long as the service instance maximum has not been reached). If all the pools average less than 80% kernel usage and queue lengths less than one then pods will be shut down. 46 | 47 | **Note:** "Average" here means average across active pods of that particular type. 48 | 49 | ### Options 50 | By default, there are 2 replicas and they scale up to a maximum of 10. 51 | 52 | **How does one change these?** 53 | 54 | For each service you can find the appropriate configruation file in `Source/hpa/[service name]-hpa-autoscaler.yaml`. You may alter these configuration values, ensuring a minimum of 2 replicas for each pod. 55 | 56 | From the configuration file directory run the following command: 57 | 58 | `kubectl apply -f .` 59 | 60 | [Restart](./Documentation/API/Utilities.md) to apply any configuration changes. 61 | 62 | ## Environment Variables 63 | A number of cluster environment variables are exposed to configure various aspects of the cluster and its services. The source files containing may be found in `source/deployments` on the deployment machine. To modify any environment settings modify the value in te appropriate file. Prior to installing the cluster, these modifications will be used during the installation process. To change a value after the cluster is running, navigate to the directory of the updated source file and run the following command: 64 | 65 | `kubectl apply -f .` 66 | 67 | ### Service Address Environment Variables 68 | 69 | These variables may be changed to configure the public URL's to various services offered by the Wolfram Application Server. 70 | 71 | `applicationserver.servername: "http://domain.com/"` - Base URL 72 | 73 | `applicationserver.resourcemanager.url: "http://domain.com/resources/"` - Resource manager URL 74 | 75 | `applicationserver.nodefilesmanager.url: "http://domain.com/nodefiles/"` - Node files manager URL 76 | 77 | `applicationserver.endpointmanager.url: "http://domain.com/endpoints/"` - Endpoint manager URL 78 | 79 | `applicationserver.restart.url: "http://domain.com/.applicationserver/kernel/restart"` - Restart API URL 80 | 81 | ### Kafka Environment Variables 82 | These variables may be changed to configure the Kafka streaming service. 83 | 84 | `KAFKA.BOOTSTRAP-SERVERS: kafka-persistent-kafka-bootstrap:9092` - Service and communication port of kafka client 85 | 86 | 87 | ### Active Web Elements Server Environment Variables 88 | These variables may be changed to modify the internal behavior of the Active Web Elements Server. 89 | 90 | `APPLICATIONSERVER_CACHEDIRECTORY: /tmp/.wolframcache` - Root directory for locally cached resources 91 | 92 | `applicationserver.nodefiles.cachedirectory: /opt/.wolframcache/nodefiles/` - Root directory for all deployed node files 93 | 94 | 95 | ### Kernel Pool Environment Variables 96 | These variables are used to configure pools of Wolfram Engines in the Active Web Elements Server. These kernel pool configurations are stored in a zero offset array where values for each pool follow the naming convention `poolconfiguration_kernelpool___` with `` being the indext of pool being configured. A minimum of one pool must be configured and it is recommended that at least one pool be named **Public** as this is the pool which will be selected by default when deployed resources do not explicitly declare a pool to use. 97 | 98 | The following variables configure a default **Public** pool suitable for serving active web element resources: 99 | 100 | `poolconfiguration_kernelpool_0__KernelNumber: "2"` - Number of Wolfram Engines in the pool 101 | 102 | `poolconfiguration_kernelpool_0__KernelPoolName: Public` - Name of this pool 103 | 104 | `poolconfiguration_kernelpool_0__JLinkEnabled: "false"` - Required for serving active web element resources 105 | 106 | This second set of variables configure a pool named **MSP** to serve MSP pages. These resources cannot be served by the previous pool (note that the `JLinkEnabled` value must be set to `"true"` for MSP content). 107 | `poolconfiguration_kernelpool_1__KernelNumber: "2"` - Number of Wolfram Engines in the pool 108 | 109 | `poolconfiguration_kernelpool_1__KernelPoolName: MSP` - Name of this pool 110 | 111 | 112 | `poolconfiguration_kernelpool_1__JLinkEnabled: "true"` - Required for serving MSP resources 113 | 114 | Additional pools may be configured if desired using sequentially increasing index values. 115 | 116 | -------------------------------------------------------------------------------- /EnvironmentSetup/AWS/Source/strimzi-kafka-deployment/020-ClusterRole-strimzi-cluster-operator-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-cluster-operator-namespaced 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "rbac.authorization.k8s.io" 10 | resources: 11 | # The cluster operator needs to access and manage rolebindings to grant Strimzi components cluster permissions 12 | - rolebindings 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - delete 19 | - patch 20 | - update 21 | - apiGroups: 22 | - "rbac.authorization.k8s.io" 23 | resources: 24 | # The cluster operator needs to access and manage roles to grant the entity operator permissions 25 | - roles 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - delete 32 | - patch 33 | - update 34 | - apiGroups: 35 | - "" 36 | resources: 37 | # The cluster operator needs to access and delete pods, this is to allow it to monitor pod health and coordinate rolling updates 38 | - pods 39 | # The cluster operator needs to access and manage service accounts to grant Strimzi components cluster permissions 40 | - serviceaccounts 41 | # The cluster operator needs to access and manage config maps for Strimzi components configuration 42 | - configmaps 43 | # The cluster operator needs to access and manage services and endpoints to expose Strimzi components to network traffic 44 | - services 45 | - endpoints 46 | # The cluster operator needs to access and manage secrets to handle credentials 47 | - secrets 48 | # The cluster operator needs to access and manage persistent volume claims to bind them to Strimzi components for persistent data 49 | - persistentvolumeclaims 50 | verbs: 51 | - get 52 | - list 53 | - watch 54 | - create 55 | - delete 56 | - patch 57 | - update 58 | - apiGroups: 59 | - "kafka.strimzi.io" 60 | resources: 61 | # The cluster operator runs the KafkaAssemblyOperator, which needs to access and manage Kafka resources 62 | - kafkas 63 | - kafkas/status 64 | # The cluster operator runs the KafkaConnectAssemblyOperator, which needs to access and manage KafkaConnect resources 65 | - kafkaconnects 66 | - kafkaconnects/status 67 | # The cluster operator runs the KafkaConnectorAssemblyOperator, which needs to access and manage KafkaConnector resources 68 | - kafkaconnectors 69 | - kafkaconnectors/status 70 | # The cluster operator runs the KafkaMirrorMakerAssemblyOperator, which needs to access and manage KafkaMirrorMaker resources 71 | - kafkamirrormakers 72 | - kafkamirrormakers/status 73 | # The cluster operator runs the KafkaBridgeAssemblyOperator, which needs to access and manage BridgeMaker resources 74 | - kafkabridges 75 | - kafkabridges/status 76 | # The cluster operator runs the KafkaMirrorMaker2AssemblyOperator, which needs to access and manage KafkaMirrorMaker2 resources 77 | - kafkamirrormaker2s 78 | - kafkamirrormaker2s/status 79 | # The cluster operator runs the KafkaRebalanceAssemblyOperator, which needs to access and manage KafkaRebalance resources 80 | - kafkarebalances 81 | - kafkarebalances/status 82 | verbs: 83 | - get 84 | - list 85 | - watch 86 | - create 87 | - delete 88 | - patch 89 | - update 90 | - apiGroups: 91 | - "core.strimzi.io" 92 | resources: 93 | # The cluster operator uses StrimziPodSets to manage the Kafka and ZooKeeper pods 94 | - strimzipodsets 95 | - strimzipodsets/status 96 | verbs: 97 | - get 98 | - list 99 | - watch 100 | - create 101 | - delete 102 | - patch 103 | - update 104 | - apiGroups: 105 | # The cluster operator needs the extensions api as the operator supports Kubernetes version 1.11+ 106 | # apps/v1 was introduced in Kubernetes 1.14 107 | - "extensions" 108 | resources: 109 | # The cluster operator needs to access and manage deployments to run deployment based Strimzi components 110 | - deployments 111 | - deployments/scale 112 | # The cluster operator needs to access replica sets to manage Strimzi components and to determine error states 113 | - replicasets 114 | # The cluster operator needs to access and manage replication controllers to manage replicasets 115 | - replicationcontrollers 116 | # The cluster operator needs to access and manage network policies to lock down communication between Strimzi components 117 | - networkpolicies 118 | # The cluster operator needs to access and manage ingresses which allow external access to the services in a cluster 119 | - ingresses 120 | verbs: 121 | - get 122 | - list 123 | - watch 124 | - create 125 | - delete 126 | - patch 127 | - update 128 | - apiGroups: 129 | - "apps" 130 | resources: 131 | # The cluster operator needs to access and manage deployments to run deployment based Strimzi components 132 | - deployments 133 | - deployments/scale 134 | - deployments/status 135 | # The cluster operator needs to access and manage stateful sets to run stateful sets based Strimzi components 136 | - statefulsets 137 | # The cluster operator needs to access replica-sets to manage Strimzi components and to determine error states 138 | - replicasets 139 | verbs: 140 | - get 141 | - list 142 | - watch 143 | - create 144 | - delete 145 | - patch 146 | - update 147 | - apiGroups: 148 | - "" 149 | resources: 150 | # The cluster operator needs to be able to create events and delegate permissions to do so 151 | - events 152 | verbs: 153 | - create 154 | - apiGroups: 155 | # Kafka Connect Build on OpenShift requirement 156 | - build.openshift.io 157 | resources: 158 | - buildconfigs 159 | - buildconfigs/instantiate 160 | - builds 161 | verbs: 162 | - get 163 | - list 164 | - watch 165 | - create 166 | - delete 167 | - patch 168 | - update 169 | - apiGroups: 170 | - networking.k8s.io 171 | resources: 172 | # The cluster operator needs to access and manage network policies to lock down communication between Strimzi components 173 | - networkpolicies 174 | # The cluster operator needs to access and manage ingresses which allow external access to the services in a cluster 175 | - ingresses 176 | verbs: 177 | - get 178 | - list 179 | - watch 180 | - create 181 | - delete 182 | - patch 183 | - update 184 | - apiGroups: 185 | - route.openshift.io 186 | resources: 187 | # The cluster operator needs to access and manage routes to expose Strimzi components for external access 188 | - routes 189 | - routes/custom-host 190 | verbs: 191 | - get 192 | - list 193 | - watch 194 | - create 195 | - delete 196 | - patch 197 | - update 198 | - apiGroups: 199 | - policy 200 | resources: 201 | # The cluster operator needs to access and manage pod disruption budgets this limits the number of concurrent disruptions 202 | # that a Strimzi component experiences, allowing for higher availability 203 | - poddisruptionbudgets 204 | verbs: 205 | - get 206 | - list 207 | - watch 208 | - create 209 | - delete 210 | - patch 211 | - update 212 | -------------------------------------------------------------------------------- /EnvironmentSetup/Azure/Source/strimzi-kafka-deployment/020-ClusterRole-strimzi-cluster-operator-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: strimzi-cluster-operator-namespaced 5 | labels: 6 | app: strimzi 7 | rules: 8 | - apiGroups: 9 | - "rbac.authorization.k8s.io" 10 | resources: 11 | # The cluster operator needs to access and manage rolebindings to grant Strimzi components cluster permissions 12 | - rolebindings 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - delete 19 | - patch 20 | - update 21 | - apiGroups: 22 | - "rbac.authorization.k8s.io" 23 | resources: 24 | # The cluster operator needs to access and manage roles to grant the entity operator permissions 25 | - roles 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - delete 32 | - patch 33 | - update 34 | - apiGroups: 35 | - "" 36 | resources: 37 | # The cluster operator needs to access and delete pods, this is to allow it to monitor pod health and coordinate rolling updates 38 | - pods 39 | # The cluster operator needs to access and manage service accounts to grant Strimzi components cluster permissions 40 | - serviceaccounts 41 | # The cluster operator needs to access and manage config maps for Strimzi components configuration 42 | - configmaps 43 | # The cluster operator needs to access and manage services and endpoints to expose Strimzi components to network traffic 44 | - services 45 | - endpoints 46 | # The cluster operator needs to access and manage secrets to handle credentials 47 | - secrets 48 | # The cluster operator needs to access and manage persistent volume claims to bind them to Strimzi components for persistent data 49 | - persistentvolumeclaims 50 | verbs: 51 | - get 52 | - list 53 | - watch 54 | - create 55 | - delete 56 | - patch 57 | - update 58 | - apiGroups: 59 | - "kafka.strimzi.io" 60 | resources: 61 | # The cluster operator runs the KafkaAssemblyOperator, which needs to access and manage Kafka resources 62 | - kafkas 63 | - kafkas/status 64 | # The cluster operator runs the KafkaConnectAssemblyOperator, which needs to access and manage KafkaConnect resources 65 | - kafkaconnects 66 | - kafkaconnects/status 67 | # The cluster operator runs the KafkaConnectorAssemblyOperator, which needs to access and manage KafkaConnector resources 68 | - kafkaconnectors 69 | - kafkaconnectors/status 70 | # The cluster operator runs the KafkaMirrorMakerAssemblyOperator, which needs to access and manage KafkaMirrorMaker resources 71 | - kafkamirrormakers 72 | - kafkamirrormakers/status 73 | # The cluster operator runs the KafkaBridgeAssemblyOperator, which needs to access and manage BridgeMaker resources 74 | - kafkabridges 75 | - kafkabridges/status 76 | # The cluster operator runs the KafkaMirrorMaker2AssemblyOperator, which needs to access and manage KafkaMirrorMaker2 resources 77 | - kafkamirrormaker2s 78 | - kafkamirrormaker2s/status 79 | # The cluster operator runs the KafkaRebalanceAssemblyOperator, which needs to access and manage KafkaRebalance resources 80 | - kafkarebalances 81 | - kafkarebalances/status 82 | verbs: 83 | - get 84 | - list 85 | - watch 86 | - create 87 | - delete 88 | - patch 89 | - update 90 | - apiGroups: 91 | - "core.strimzi.io" 92 | resources: 93 | # The cluster operator uses StrimziPodSets to manage the Kafka and ZooKeeper pods 94 | - strimzipodsets 95 | - strimzipodsets/status 96 | verbs: 97 | - get 98 | - list 99 | - watch 100 | - create 101 | - delete 102 | - patch 103 | - update 104 | - apiGroups: 105 | # The cluster operator needs the extensions api as the operator supports Kubernetes version 1.11+ 106 | # apps/v1 was introduced in Kubernetes 1.14 107 | - "extensions" 108 | resources: 109 | # The cluster operator needs to access and manage deployments to run deployment based Strimzi components 110 | - deployments 111 | - deployments/scale 112 | # The cluster operator needs to access replica sets to manage Strimzi components and to determine error states 113 | - replicasets 114 | # The cluster operator needs to access and manage replication controllers to manage replicasets 115 | - replicationcontrollers 116 | # The cluster operator needs to access and manage network policies to lock down communication between Strimzi components 117 | - networkpolicies 118 | # The cluster operator needs to access and manage ingresses which allow external access to the services in a cluster 119 | - ingresses 120 | verbs: 121 | - get 122 | - list 123 | - watch 124 | - create 125 | - delete 126 | - patch 127 | - update 128 | - apiGroups: 129 | - "apps" 130 | resources: 131 | # The cluster operator needs to access and manage deployments to run deployment based Strimzi components 132 | - deployments 133 | - deployments/scale 134 | - deployments/status 135 | # The cluster operator needs to access and manage stateful sets to run stateful sets based Strimzi components 136 | - statefulsets 137 | # The cluster operator needs to access replica-sets to manage Strimzi components and to determine error states 138 | - replicasets 139 | verbs: 140 | - get 141 | - list 142 | - watch 143 | - create 144 | - delete 145 | - patch 146 | - update 147 | - apiGroups: 148 | - "" 149 | resources: 150 | # The cluster operator needs to be able to create events and delegate permissions to do so 151 | - events 152 | verbs: 153 | - create 154 | - apiGroups: 155 | # Kafka Connect Build on OpenShift requirement 156 | - build.openshift.io 157 | resources: 158 | - buildconfigs 159 | - buildconfigs/instantiate 160 | - builds 161 | verbs: 162 | - get 163 | - list 164 | - watch 165 | - create 166 | - delete 167 | - patch 168 | - update 169 | - apiGroups: 170 | - networking.k8s.io 171 | resources: 172 | # The cluster operator needs to access and manage network policies to lock down communication between Strimzi components 173 | - networkpolicies 174 | # The cluster operator needs to access and manage ingresses which allow external access to the services in a cluster 175 | - ingresses 176 | verbs: 177 | - get 178 | - list 179 | - watch 180 | - create 181 | - delete 182 | - patch 183 | - update 184 | - apiGroups: 185 | - route.openshift.io 186 | resources: 187 | # The cluster operator needs to access and manage routes to expose Strimzi components for external access 188 | - routes 189 | - routes/custom-host 190 | verbs: 191 | - get 192 | - list 193 | - watch 194 | - create 195 | - delete 196 | - patch 197 | - update 198 | - apiGroups: 199 | - policy 200 | resources: 201 | # The cluster operator needs to access and manage pod disruption budgets this limits the number of concurrent disruptions 202 | # that a Strimzi component experiences, allowing for higher availability 203 | - poddisruptionbudgets 204 | verbs: 205 | - get 206 | - list 207 | - watch 208 | - create 209 | - delete 210 | - patch 211 | - update 212 | --------------------------------------------------------------------------------