├── assets ├── grafana.png └── admin_console.png ├── cr.yaml ├── examples ├── kafka │ ├── port-forward-kafka.sh │ ├── run_producer.sh │ ├── run_consumer.sh │ ├── get-cert.sh │ ├── create-tenant.sh │ ├── create-tenant-full.sh │ └── kafka.client.properties.template ├── dev-values.yaml ├── dev-values-transactions.yaml ├── dev-values-sql.yaml ├── dev-values-tls.yaml ├── dev-values-auth.yaml ├── dev-values-rabbitmq-tls.yaml └── dev-values-keycloak-auth.yaml ├── .circleci ├── yamllint-examples.sh ├── install_tools.sh └── config.yml ├── .gitignore ├── helm-chart-sources └── pulsar │ ├── .helmignore │ ├── templates │ ├── utils │ │ ├── priorityclass.yaml │ │ ├── tls-secret.yaml │ │ ├── gcp-secret.yaml │ │ ├── health-configmap.yaml │ │ └── certconverter-configmap.yaml │ ├── tardigrade │ │ ├── config.configmap.yaml │ │ ├── service.yaml │ │ └── deployment.yaml │ ├── keycloak │ │ └── keycloak-configmap.yaml │ ├── beam │ │ └── beamwh-configmap.yaml │ ├── openid │ │ └── kafka-configmap.yaml │ ├── tests │ │ ├── pre-test-sleep.yaml │ │ ├── plain-text-broker.yaml │ │ ├── plain-text-proxy.yaml │ │ ├── tls-broker.yaml │ │ ├── tls-proxy.yaml │ │ ├── offload-test.yaml │ │ ├── beam-test.yaml │ │ └── tls-beam-test.yaml │ ├── admin-console │ │ ├── pulsar-admin-console-secret.yaml │ │ ├── pulsar-admin-console-service.yaml │ │ ├── pulsar-admin-console-ingress.yaml │ │ └── pulsar-admin-console-deployment.yaml │ ├── pulsarSql │ │ ├── _helpers.tpl │ │ ├── service.yaml │ │ └── ingress.yaml │ ├── zoonavigator │ │ ├── zoonavigator-service.yaml │ │ └── zoonavigator-deployment.yaml │ ├── zookeeper │ │ ├── zookeeper-pdb.yaml │ │ ├── zookeeper-configmap.yaml │ │ ├── zookeeper-service.yaml │ │ └── zookeeper-storageclass.yaml │ ├── bookkeeper │ │ ├── bookkeeper-pdb.yaml │ │ ├── bookkeeper-service.yaml │ │ └── bookkeeper-configmap.yaml │ ├── proxy │ │ ├── proxy-pdb.yaml │ │ ├── burnell-rbac.yaml │ │ ├── proxy-service.yaml │ │ └── proxy-ingress.yaml │ ├── broker-deployment │ │ ├── broker-pdb.yaml │ │ ├── broker-service.yaml │ │ └── broker-transactions-metadata.yaml │ ├── function │ │ ├── function-pdb.yaml │ │ ├── function-extra-configmap.yaml │ │ ├── function-rbac.yaml │ │ ├── function-service.yaml │ │ └── function-storageclass.yaml │ ├── broker-sts │ │ ├── broker-sts-pdb.yaml │ │ └── broker-sts-service.yaml │ ├── zookeeper-nonpersist │ │ ├── zookeepernp-pdb.yaml │ │ ├── zookeepernp-configmap.yaml │ │ ├── zookeeper-config-script.yaml │ │ └── zookeepernp-service.yaml │ ├── pulsar-heartbeat │ │ └── pulsar-heartbeat-rbac.yaml │ ├── dns │ │ ├── dns-rbac.yaml │ │ └── dns-deployment.yaml │ ├── bastion │ │ └── bastion-configmap.yaml │ ├── autorecovery │ │ └── autorecovery-configmap.yaml │ ├── monitoring │ │ └── pulsar-podmonitor.yaml │ └── cert-manager │ │ ├── self-signed-issuer.yaml │ │ └── acme-issuer.yaml │ ├── Chart.yaml │ ├── ci-archive │ ├── azure-no-test.yaml │ ├── aws-s3-no-test.yaml │ ├── storj-no-test.yaml │ └── gcp-storage-no-test.yaml │ └── ci │ └── test-notls-values.yaml ├── tests ├── README.md ├── kind-config.yaml ├── ct.yaml └── e2e-kind.sh ├── .yamllint.yaml ├── .github └── workflows │ └── release.yaml └── RELEASE.md /assets/grafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/datastax/pulsar-helm-chart/HEAD/assets/grafana.png -------------------------------------------------------------------------------- /cr.yaml: -------------------------------------------------------------------------------- 1 | index-path: ./ 2 | generate-release-notes: true 3 | pages-branch: master 4 | skip-existing: true 5 | -------------------------------------------------------------------------------- /assets/admin_console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/datastax/pulsar-helm-chart/HEAD/assets/admin_console.png -------------------------------------------------------------------------------- /examples/kafka/port-forward-kafka.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | set -e 3 | PROXYPOD=$(kubectl get pods | grep proxy | awk '{print $1}' | head -n 1) 4 | kubectl port-forward $PROXYPOD 9093:9093 5 | -------------------------------------------------------------------------------- /.circleci/yamllint-examples.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -o errexit 4 | 5 | mkdir -p yamllint/examples/ 6 | rm -f yamllint/examples/*.yaml 7 | 8 | for FILE in examples/*.yaml; do 9 | helm template pulsar-test -f $FILE helm-chart-sources/pulsar > yamllint/$FILE 10 | done 11 | 12 | # Lint all files in output directory 13 | yamllint yamllint/ -------------------------------------------------------------------------------- /examples/kafka/run_producer.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | set -x 3 | TENANT=$1 4 | TOPIC=$2 5 | CONFIGFILE=kafka.client.$TENANT.properties 6 | $KAFKA_HOME/bin/kafka-topics.sh --create --bootstrap-server=localhost:9093 --command-config=$CONFIGFILE --topic=$TOPIC --partitions=4 --replication-factor=1 7 | $KAFKA_HOME/bin/kafka-console-producer.sh --topic=$TOPIC --broker-list=localhost:9093 --producer.config=$CONFIGFILE 8 | -------------------------------------------------------------------------------- /examples/kafka/run_consumer.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | set -x 3 | TENANT=$1 4 | CONFIGFILE=kafka.client.$TENANT.properties 5 | TOPIC=$2 6 | $KAFKA_HOME/bin/kafka-topics.sh --create --bootstrap-server=localhost:9093 --command-config=$CONFIGFILE --topic=$TOPIC --partitions=4 --replication-factor=1 7 | $KAFKA_HOME/bin/kafka-console-consumer.sh --topic=$TOPIC --bootstrap-server=localhost:9093 --consumer.config=$CONFIGFILE 8 | -------------------------------------------------------------------------------- /examples/kafka/get-cert.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | set -e 3 | TLSCERT=tls.crt 4 | CERTPASS=pulsar 5 | PROXYPOD=$(kubectl get pods | grep proxy | awk '{print $1}' | head -n 1) 6 | kubectl exec $PROXYPOD -- bash -c "cp certs/tls.crt /tmp" 7 | kubectl cp $PROXYPOD:/tmp/tls.crt $TLSCERT 8 | kubectl exec $PROXYPOD -- bash -c "rm /tmp/tls.crt" 9 | keytool -import --trustcacerts -file $TLSCERT -keystore cert.jks -storepass $CERTPASS -noprompt 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .cr-* 2 | .deploy 3 | 4 | # Vscode files 5 | .vscode 6 | 7 | # Emacs save files 8 | *~ 9 | \#*\# 10 | .\#* 11 | 12 | # Vi-related files 13 | [._]*.s[a-w][a-z] 14 | [._]s[a-w][a-z] 15 | *.un~ 16 | Session.vim 17 | .netrwhist 18 | 19 | # Chart dependencies 20 | **/charts/*.tgz 21 | Chart.lock 22 | 23 | .history 24 | 25 | # Files generated by JetBrains IDEs, e.g. IntelliJ IDEA 26 | .idea 27 | *.iml 28 | 29 | yamllint/ 30 | 31 | .DS_Store 32 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | *.lock 24 | -------------------------------------------------------------------------------- /.circleci/install_tools.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -o errexit 4 | 5 | readonly HELM_VERSION=3.7.1 6 | 7 | echo "Installing Helm..." 8 | curl -LO "https://get.helm.sh/helm-v$HELM_VERSION-linux-amd64.tar.gz" 9 | sudo mkdir -p "/usr/local/helm-v$HELM_VERSION" 10 | sudo tar -xzf "helm-v$HELM_VERSION-linux-amd64.tar.gz" -C "/usr/local/helm-v$HELM_VERSION" 11 | sudo ln -s "/usr/local/helm-v$HELM_VERSION/linux-amd64/helm" /usr/local/bin/helm 12 | rm -f "helm-v$HELM_VERSION-linux-amd64.tar.gz" 13 | -------------------------------------------------------------------------------- /tests/README.md: -------------------------------------------------------------------------------- 1 | # CI tests 2 | 3 | ### Running locally 4 | 5 | ``` 6 | ./tests/e2e-kind.sh 7 | ``` 8 | 9 | ### Debugging the test run 10 | 11 | Get a shell inside the ct container 12 | ``` 13 | docker exec -it ct bash 14 | ``` 15 | 16 | `kubectl` can be used. 17 | 18 | examples: 19 | ``` 20 | # list all resources in all namespaces 21 | kubectl get all -A 22 | 23 | # watch for k8s events 24 | kubectl get events -wA 25 | 26 | # find out the namespace used 27 | kubectl get namespaces -o=name |grep pulsar 28 | 29 | # get logs for a crashed container 30 | kubectl logs -n pulsar-d2t71e2zm3 -p pod/pulsar-function-0 31 | ``` 32 | -------------------------------------------------------------------------------- /.yamllint.yaml: -------------------------------------------------------------------------------- 1 | # See https://yamllint.readthedocs.io for details. 2 | 3 | rules: 4 | braces: enable 5 | brackets: disable 6 | colons: disable 7 | commas: enable 8 | comments: disable 9 | comments-indentation: disable 10 | document-end: disable 11 | document-start: 12 | level: warning 13 | empty-lines: disable 14 | empty-values: disable 15 | hyphens: enable 16 | indentation: disable 17 | key-duplicates: enable 18 | key-ordering: disable 19 | line-length: disable 20 | new-line-at-end-of-file: enable 21 | new-lines: enable 22 | octal-values: disable 23 | quoted-strings: disable 24 | trailing-spaces: disable 25 | truthy: 26 | level: warning 27 | -------------------------------------------------------------------------------- /tests/kind-config.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | kind: Cluster 19 | apiVersion: kind.x-k8s.io/v1alpha4 20 | nodes: 21 | - role: control-plane 22 | - role: worker 23 | -------------------------------------------------------------------------------- /examples/kafka/create-tenant.sh: -------------------------------------------------------------------------------- 1 | #bin/bash 2 | set -e 3 | BASTIONPOD=$(kubectl get pods | grep bastion | awk '{print $1}' | head -n 1) 4 | TENANT=$1 5 | NAMESPACE=public 6 | ROLE="$TENANT-admin" 7 | TOKENFILE=$TENANT.token 8 | CLIENTFILE=kafka.client.$TENANT.properties 9 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin tenants create $TENANT" 10 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin tenants update -r $ROLE $TENANT" 11 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin namespaces create $TENANT/$NAMESPACE" 12 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar tokens create -pk token-private-key/my-private.key -s $ROLE" > $TOKENFILE 13 | sed s/TENANT/$TENANT/g kafka.client.properties.template | sed s/TOKEN/$(cat $TOKENFILE)/g > $CLIENTFILE 14 | 15 | 16 | echo "Created $CLIENTFILE with a admin token for tenant $TENANT" 17 | -------------------------------------------------------------------------------- /tests/ct.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | remote: origin 19 | check-version-increment: false 20 | target-branch: release 21 | helm-extra-args: "--timeout 600s --debug" 22 | chart-dirs: 23 | - helm-chart-sources 24 | chart-repos: 25 | - kube-prometheus-stack=https://prometheus-community.github.io/helm-charts 26 | - cert-manager=https://charts.jetstack.io 27 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/utils/priorityclass.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.priorityClass.enabled }} 19 | apiVersion: scheduling.k8s.io/v1 20 | kind: PriorityClass 21 | metadata: 22 | name: pulsar-priority 23 | value: {{ .Values.priorityClass.value }} 24 | globalDefault: false 25 | description: "This priority class is used for Pulsar pods." 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Chart 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | release: 10 | # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions 11 | # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token 12 | permissions: 13 | contents: write 14 | runs-on: ubuntu-latest 15 | if: github.repository == 'datastax/pulsar-helm-chart' 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v3 19 | with: 20 | fetch-depth: 0 21 | 22 | - name: Configure Git 23 | run: | 24 | git config user.name "$GITHUB_ACTOR" 25 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 26 | 27 | - name: Install Helm 28 | uses: azure/setup-helm@v3 29 | 30 | - name: Run chart-releaser 31 | uses: helm/chart-releaser-action@v1.5.0 32 | with: 33 | charts_dir: helm-chart-sources 34 | env: 35 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tardigrade/config.configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.tardigrade }} 19 | 20 | apiVersion: v1 21 | kind: ConfigMap 22 | metadata: 23 | name: {{ .Release.Name }}-tardigrade 24 | namespace: {{ .Release.Namespace }} 25 | labels: 26 | app: {{ .Release.Name }}-tardigrade-gateway 27 | data: 28 | config.yaml: | 29 | access: {{ .Values.tardigrade.access }} 30 | minio.access-key: {{ .Values.tardigrade.accessKey }} 31 | minio.secret-key: {{ .Values.tardigrade.secretKey }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/keycloak/keycloak-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.keycloak.enabled }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "realm-config" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | data: 31 | pulsar-realm.json: |- 32 | {{ .Files.Get "keycloak-realms/pulsar-realm.json" | indent 4 }} 33 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/beam/beamwh-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.pulsarBeam }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarBeam.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.pulsarBeam.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/openid/kafka-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if and .Values.openid.enabled .Values.openid.withS4k }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.openid.component }}-s4k" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | data: 31 | kop-handler.properties: | 32 | oauth.validate.method=token 33 | 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/pre-test-sleep.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTest }} 19 | apiVersion: v1 20 | kind: Pod 21 | metadata: 22 | name: "{{ .Release.Name }}-pre-test-sleep" 23 | annotations: 24 | "helm.sh/hook": post-install 25 | spec: 26 | containers: 27 | - name: "{{ template "pulsar.fullname" . }}-pre-test-sleep" 28 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 29 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 30 | command: ["/bin/sleep"] 31 | args: [ "30" ] 32 | # Do not restart containers after they exit 33 | restartPolicy: Never 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/utils/tls-secret.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.secrets }} 19 | apiVersion: v1 20 | kind: Secret 21 | metadata: 22 | name: "{{ .Values.tlsSecretName }}" 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: "pulsar-tls" 29 | cluster: {{ template "pulsar.fullname" . }} 30 | type: kubernetes.io/tls 31 | data: 32 | tls.crt: {{ .Values.secrets.certificate | b64enc }} 33 | tls.key: {{ .Values.secrets.key | b64enc }} 34 | ca.crt: {{ .Values.secrets.caCertificate | b64enc }} 35 | --- 36 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tardigrade/service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.tardigrade }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ .Release.Name }}-tardigrade-gateway-svc 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ .Release.Name }}-tardigrade-gateway 26 | spec: 27 | type: {{ .Values.tardigrade.service.type }} 28 | {{- if .Values.tardigrade.service.loadBalancerIP }} 29 | loadBalancerIP: {{ .Values.tardigrade.service.loadBalancerIP }} 30 | {{- end }} 31 | selector: 32 | app: {{ .Release.Name }}-tardigrade-gateway 33 | ports: 34 | - protocol: TCP 35 | port: {{ .Values.tardigrade.service.port }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/utils/gcp-secret.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if eq .Values.storageOffload.driver "google-cloud-storage" }} 19 | apiVersion: v1 20 | kind: Secret 21 | metadata: 22 | name: "{{.Values.storageOffload.gcsServiceAccountSecret}}" 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: {{ .Values.broker.component }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | type: Opaque 31 | data: 32 | {{ .Values.storageOffload.gcsServiceAccountJsonFile }}: {{ .Values.storageOffload.gcsServiceAccountJsonFileContent }} 33 | --- 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/admin-console/pulsar-admin-console-secret.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.pulsarAdminConsole.createUserSecret.enabled }} 19 | apiVersion: v1 20 | kind: Secret 21 | metadata: 22 | name: "dashboard-user-{{ .Values.pulsarAdminConsole.createUserSecret.user }}" 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: "{{ .Values.pulsarAdminConsole.component }}" 29 | cluster: {{ template "pulsar.fullname" . }} 30 | type: Opaque 31 | data: 32 | password: {{ .Values.pulsarAdminConsole.createUserSecret.password | b64enc }} 33 | --- 34 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/Chart.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | apiVersion: v2 18 | appVersion: "2.8.0" 19 | description: Apache Pulsar Helm chart for Kubernetes 20 | name: pulsar 21 | maintainers: 22 | - name: zzzming 23 | - name: cdbartholomew 24 | - name: lhotari 25 | - name: michaeljmarshall 26 | - name: devinbost 27 | version: 3.2.3 28 | dependencies: 29 | - name: kube-prometheus-stack 30 | version: 44.x.x 31 | repository: https://prometheus-community.github.io/helm-charts 32 | condition: kube-prometheus-stack.enabled 33 | - name: cert-manager 34 | version: v1.8.x 35 | repository: https://charts.jetstack.io 36 | condition: cert-manager.enabled 37 | - name: keycloak 38 | version: 9.x.x 39 | repository: https://charts.bitnami.com/bitnami 40 | condition: keycloak.enabled 41 | -------------------------------------------------------------------------------- /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | jobs: 3 | lint-scripts: 4 | docker: 5 | - image: koalaman/shellcheck-alpine 6 | steps: 7 | - checkout 8 | - run: 9 | command: | 10 | shellcheck -x tests/e2e-kind.sh 11 | shellcheck -x .circleci/install_tools.sh 12 | lint-charts: 13 | docker: 14 | - image: quay.io/helmpack/chart-testing:latest 15 | steps: 16 | - checkout 17 | - run: 18 | # Helm lint doesn't prevent duplicate keys in yaml. However, this can lead to undesired behavior, so we store_test_results: 19 | # for it using yamllint. 20 | command: | 21 | ct lint --all --config tests/ct.yaml 22 | .circleci/yamllint-examples.sh 23 | 24 | install-charts: 25 | parameters: 26 | k8s-version: 27 | type: string 28 | machine: 29 | image: ubuntu-2204:2024.01.1 30 | steps: 31 | - checkout 32 | - run: 33 | command: K8S_VERSION=<< parameters.k8s-version >> tests/e2e-kind.sh 34 | no_output_timeout: 1h 35 | 36 | workflows: 37 | version: 2 38 | untagged-build: 39 | jobs: 40 | - lint-scripts 41 | - lint-charts 42 | - install-charts: 43 | requires: 44 | - lint-scripts 45 | - lint-charts 46 | matrix: 47 | parameters: 48 | k8s-version: ["v1.26.14", "v1.27.11", "v1.28.7"] 49 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/pulsarSql/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "presto.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "presto.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{- define "presto.coordinator" -}} 28 | {{ template "presto.fullname" . }}-sql-coordinator 29 | {{- end -}} 30 | 31 | {{- define "presto.worker" -}} 32 | {{ template "presto.fullname" . }}-sql-worker 33 | {{- end -}} 34 | 35 | {{- define "presto.service" -}} 36 | {{ template "presto.fullname" . }}-sql-svc 37 | {{- end -}} 38 | 39 | {{/* 40 | Create chart name and version as used by the chart label. 41 | */}} 42 | {{- define "presto.chart" -}} 43 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 44 | {{- end -}} 45 | 46 | 47 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zoonavigator/zoonavigator-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.zoonavigator }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zoonavigator.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.zoonavigator.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | {{ toYaml .Values.zoonavigator.service.annotations | indent 4 }} 33 | spec: 34 | ports: 35 | {{ toYaml .Values.zoonavigator.service.ports | indent 2 }} 36 | clusterIP: None 37 | selector: 38 | app: {{ template "pulsar.name" . }} 39 | release: {{ .Release.Name }} 40 | component: {{ .Values.zoonavigator.component }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper/zookeeper-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.zookeeper.pdb.usePolicy }} 19 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 20 | apiVersion: policy/v1 21 | {{- else }} 22 | apiVersion: policy/v1beta1 23 | {{- end }} 24 | kind: PodDisruptionBudget 25 | metadata: 26 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" 27 | namespace: {{ .Release.Namespace }} 28 | labels: 29 | app: {{ template "pulsar.name" . }} 30 | chart: {{ template "pulsar.chart" . }} 31 | release: {{ .Release.Name }} 32 | heritage: {{ .Release.Service }} 33 | component: {{ .Values.zookeeper.component }} 34 | cluster: {{ template "pulsar.fullname" . }} 35 | spec: 36 | selector: 37 | matchLabels: 38 | app: {{ template "pulsar.name" . }} 39 | release: {{ .Release.Name }} 40 | component: {{ .Values.zookeeper.component }} 41 | maxUnavailable: {{ .Values.zookeeper.pdb.maxUnavailable }} 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/bookkeeper/bookkeeper-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.bookkeeper.pdb.usePolicy }} 19 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 20 | apiVersion: policy/v1 21 | {{- else }} 22 | apiVersion: policy/v1beta1 23 | {{- end }} 24 | kind: PodDisruptionBudget 25 | metadata: 26 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" 27 | namespace: {{ .Release.Namespace }} 28 | labels: 29 | app: {{ template "pulsar.name" . }} 30 | chart: {{ template "pulsar.chart" . }} 31 | release: {{ .Release.Name }} 32 | heritage: {{ .Release.Service }} 33 | component: {{ .Values.bookkeeper.component }} 34 | cluster: {{ template "pulsar.fullname" . }} 35 | spec: 36 | selector: 37 | matchLabels: 38 | app: {{ template "pulsar.name" . }} 39 | release: {{ .Release.Name }} 40 | component: {{ .Values.bookkeeper.component }} 41 | maxUnavailable: {{ .Values.bookkeeper.pdb.maxUnavailable }} 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/proxy/proxy-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.proxy }} 19 | {{- if .Values.proxy.pdb.usePolicy }} 20 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: policy/v1 22 | {{- else }} 23 | apiVersion: policy/v1beta1 24 | {{- end }} 25 | kind: PodDisruptionBudget 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.proxy.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | spec: 37 | selector: 38 | matchLabels: 39 | app: {{ template "pulsar.name" . }} 40 | release: {{ .Release.Name }} 41 | component: {{ .Values.proxy.component }} 42 | maxUnavailable: {{ .Values.proxy.pdb.maxUnavailable }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/broker-deployment/broker-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.broker }} 19 | {{- if .Values.broker.pdb.usePolicy }} 20 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: policy/v1 22 | {{- else }} 23 | apiVersion: policy/v1beta1 24 | {{- end }} 25 | kind: PodDisruptionBudget 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.broker.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | spec: 37 | selector: 38 | matchLabels: 39 | app: {{ template "pulsar.name" . }} 40 | release: {{ .Release.Name }} 41 | component: {{ .Values.broker.component }} 42 | maxUnavailable: {{ .Values.broker.pdb.maxUnavailable }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/function/function-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.function }} 19 | {{- if .Values.function.pdb.usePolicy }} 20 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: policy/v1 22 | {{- else }} 23 | apiVersion: policy/v1beta1 24 | {{- end }} 25 | kind: PodDisruptionBudget 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.function.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | spec: 37 | selector: 38 | matchLabels: 39 | app: {{ template "pulsar.name" . }} 40 | release: {{ .Release.Name }} 41 | component: {{ .Values.function.component }} 42 | maxUnavailable: {{ .Values.function.pdb.maxUnavailable }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/broker-sts/broker-sts-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.brokerSts }} 19 | {{- if .Values.brokerSts.pdb.usePolicy }} 20 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: policy/v1 22 | {{- else }} 23 | apiVersion: policy/v1beta1 24 | {{- end }} 25 | kind: PodDisruptionBudget 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.brokerSts.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | spec: 37 | selector: 38 | matchLabels: 39 | app: {{ template "pulsar.name" . }} 40 | release: {{ .Release.Name }} 41 | component: {{ .Values.brokerSts.component }} 42 | maxUnavailable: {{ .Values.brokerSts.pdb.maxUnavailable }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper/zookeeper-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" 22 | namespace: {{ .Release.Namespace }} 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: {{ .Values.zookeeper.component }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | data: 31 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled}} 32 | PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory 33 | serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory 34 | secureClientPort: "2281" 35 | PULSAR_PREFIX_secureClientPort: "2281" 36 | sslQuorum: "true" 37 | PULSAR_PREFIX_sslQuorum: "true" 38 | {{- end }} 39 | {{- range $key, $val := $.Values.zookeeper.configData }} 40 | {{ $key }}: {{ $val | replace "\"" "" | trim | quote }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/pulsarSql/service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.pulsarSQL }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarSQL.component }}" 23 | labels: 24 | app: {{ template "presto.name" . }} 25 | chart: {{ template "presto.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | {{- if .Values.pulsarSQL.service.annotations }} 29 | annotations: 30 | {{ toYaml .Values.pulsarSQL.service.annotations | indent 4 }} 31 | {{- end }} 32 | spec: 33 | type: {{ .Values.pulsarSQL.service.type }} 34 | {{- if .Values.pulsarSQL.service.loadBalancerIP }} 35 | loadBalancerIP: {{ .Values.pulsarSQL.service.loadBalancerIP }} 36 | {{- end }} 37 | ports: 38 | - port: {{ .Values.pulsarSQL.server.config.http.port }} 39 | targetPort: http-coord 40 | protocol: TCP 41 | name: http-coord 42 | selector: 43 | app: {{ template "presto.name" . }} 44 | release: {{ .Release.Name }} 45 | component: coordinator 46 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper-nonpersist/zookeepernp-pdb.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.zookeepernp }} 19 | {{- if .Values.zookeepernp.pdb.usePolicy }} 20 | {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: policy/v1 22 | {{- else }} 23 | apiVersion: policy/v1beta1 24 | {{- end }} 25 | kind: PodDisruptionBudget 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.zookeepernp.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | spec: 37 | selector: 38 | matchLabels: 39 | app: {{ template "pulsar.name" . }} 40 | release: {{ .Release.Name }} 41 | component: {{ .Values.zookeepernp.component }} 42 | maxUnavailable: {{ .Values.zookeepernp.pdb.maxUnavailable }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper-nonpersist/zookeepernp-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.zookeepernp }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.zookeepernp.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | data: 32 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled}} 33 | PULSAR_PREFIX_serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory 34 | serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory 35 | secureClientPort: "2281" 36 | PULSAR_PREFIX_secureClientPort: "2281" 37 | sslQuorum: "true" 38 | PULSAR_PREFIX_sslQuorum: "true" 39 | {{- end }} 40 | {{- range $key, $val := $.Values.zookeepernp.configData }} 41 | {{ $key }}: {{ $val | replace "\"" "" | trim | quote }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/admin-console/pulsar-admin-console-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.pulsarAdminConsole }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.pulsarAdminConsole.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | {{ toYaml .Values.pulsarAdminConsole.service.annotations | indent 4 }} 33 | spec: 34 | type: {{ .Values.pulsarAdminConsole.service.type }} 35 | {{- if .Values.pulsarAdminConsole.service.loadBalancerIP }} 36 | loadBalancerIP: {{ .Values.pulsarAdminConsole.service.loadBalancerIP }} 37 | {{- end }} 38 | ports: 39 | {{ toYaml .Values.pulsarAdminConsole.service.ports | indent 2 }} 40 | selector: 41 | app: {{ template "pulsar.name" . }} 42 | release: {{ .Release.Name }} 43 | component: {{ .Values.pulsarAdminConsole.component }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /examples/kafka/create-tenant-full.sh: -------------------------------------------------------------------------------- 1 | #bin/bash 2 | set -e 3 | BASTIONPOD=$(kubectl get pods | grep bastion | awk '{print $1}' | head -n 1) 4 | TENANT=$1 5 | NAMESPACE=kafka 6 | NAMESPACE2=__kafka 7 | NAMESPACE3=__kafka_unlimited 8 | ROLE="$TENANT-admin" 9 | TOKENFILE=$TENANT.token 10 | CLIENTFILE=kafka.client.$TENANT.properties 11 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin tenants create $TENANT" 12 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin tenants update -r $ROLE $TENANT" 13 | 14 | # DATA 15 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin namespaces create $TENANT/$NAMESPACE" 16 | 17 | # SYSTEM TOPICS WITH RETENTION 18 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin namespaces create $TENANT/$NAMESPACE2" 19 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin topics create-partitioned-topic -p 50 persistent://$TENANT/$NAMESPACE2/__consumer_offsets" 20 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin topics create-partitioned-topic -p 8 persistent://$TENANT/$NAMESPACE2/__transaction_state" 21 | 22 | # SYSTEM TOPICS WITH UNLIMITED RETENTION 23 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin namespaces create $TENANT/$NAMESPACE3" 24 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin namespaces set-retention -s -1 -t -1 $TENANT/$NAMESPACE3" 25 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin topics create persistent://$TENANT/$NAMESPACE3/__kafka_schemaregistry" 26 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar-admin topics create persistent://$TENANT/$NAMESPACE3/__kafka_producerid" 27 | 28 | kubectl exec $BASTIONPOD -- bash -c "bin/pulsar tokens create -pk token-private-key/my-private.key -s $ROLE" > $TOKENFILE 29 | sed s/TENANT/$TENANT/g kafka.client.properties.template | sed s/TOKEN/$(cat $TOKENFILE)/g > $CLIENTFILE 30 | 31 | 32 | echo "Created $CLIENTFILE with a admin token for tenant $TENANT" 33 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/broker-deployment/broker-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.broker }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.broker.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | {{- if .Values.broker.service.annotations }} 33 | {{ toYaml .Values.broker.service.annotations | indent 4 }} 34 | {{- end }} 35 | {{- if .Values.extra.dnsOnBroker }} 36 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.dnsName }} 37 | {{- end }} 38 | spec: 39 | ports: 40 | {{ toYaml .Values.broker.service.ports | indent 2 }} 41 | {{- if .Values.broker.service.headless }} 42 | clusterIP: None 43 | {{- end }} 44 | type: {{ .Values.broker.service.type }} 45 | selector: 46 | app: {{ template "pulsar.name" . }} 47 | release: {{ .Release.Name }} 48 | component: {{ .Values.broker.component }} 49 | {{- end }} 50 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/broker-sts/broker-sts-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.brokerSts }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.brokerSts.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | {{- if .Values.brokerSts.service.annotations }} 33 | {{ toYaml .Values.brokerSts.service.annotations | indent 4 }} 34 | {{- end }} 35 | {{- if .Values.extra.dnsOnBroker }} 36 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.dnsName }} 37 | {{- end }} 38 | spec: 39 | ports: 40 | {{ toYaml .Values.brokerSts.service.ports | indent 2 }} 41 | {{- if .Values.brokerSts.service.headless }} 42 | clusterIP: None 43 | {{- end }} 44 | type: {{ .Values.brokerSts.service.type }} 45 | selector: 46 | app: {{ template "pulsar.name" . }} 47 | release: {{ .Release.Name }} 48 | component: {{ .Values.brokerSts.component }} 49 | {{- end -}} 50 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/function/function-extra-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.function }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}-extra" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.function.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | data: 32 | {{- if .Values.enableTokenAuth }} 33 | authorizationEnabled: "true" 34 | authenticationEnabled: "true" 35 | authenticationProviders: "{{ .Values.function.authenticationProviders }}" 36 | superUserRoles: "{{ .Values.superUserRoles }}" 37 | tokenPublicKey: "file:///pulsar/token-public-key/{{ .Values.tokenPublicKeyFile }}" 38 | brokerClientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" 39 | brokerClientAuthenticationParameters: "file:///pulsar/token-superuser/superuser.jwt" 40 | {{- end }} 41 | {{- range $key, $val := $.Values.function.configData }} 42 | {{ $key }}: {{ $val | replace "\"" "" | trim | quote }} 43 | {{- end }} 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/bookkeeper/bookkeeper-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" 22 | namespace: {{ .Release.Namespace }} 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: {{ .Values.bookkeeper.component }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | annotations: 31 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 32 | {{- if .Values.bookkeeper.service.annotations }} 33 | {{ toYaml .Values.bookkeeper.service.annotations | indent 4 }} 34 | {{- end }} 35 | spec: 36 | ports: 37 | {{- if .Values.function.enableStateStorage }} 38 | {{- if not (or .Values.extra.stateStorage .Values.function.stateStorageUrlOverride) }} 39 | - name: statestorage 40 | port: 4181 41 | {{- end }} 42 | {{- end }} 43 | {{ toYaml .Values.bookkeeper.service.ports | indent 2 }} 44 | clusterIP: None 45 | publishNotReadyAddresses: true 46 | selector: 47 | app: {{ template "pulsar.name" . }} 48 | release: {{ .Release.Name }} 49 | component: {{ .Values.bookkeeper.component }} 50 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/plain-text-broker.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | apiVersion: v1 20 | kind: Pod 21 | metadata: 22 | name: "{{ .Release.Name }}-test-admin-plain-text-broker" 23 | annotations: 24 | "helm.sh/hook": test-success 25 | spec: 26 | containers: 27 | - name: "{{ template "pulsar.fullname" . }}-test-admin-broker-plain-text" 28 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 29 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 30 | command: ["/pulsar/bin/pulsar-admin"] 31 | args: ["--admin-url", "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080", "tenants", "list"] 32 | # Do not restart containers after they exit 33 | restartPolicy: Never 34 | --- 35 | apiVersion: v1 36 | kind: Pod 37 | metadata: 38 | name: "{{ .Release.Name }}-test-client-plain-text-broker" 39 | annotations: 40 | "helm.sh/hook": test-success 41 | spec: 42 | containers: 43 | - name: "{{ template "pulsar.fullname" . }}-test-client-broker-plain-text-broker" 44 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 45 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 46 | command: ["/pulsar/bin/pulsar-client"] 47 | args: ["--url", "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6650", "produce", "-m", "hello", "public/default/test"] 48 | # Do not restart containers after they exit 49 | restartPolicy: Never 50 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/pulsarSql/ingress.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.pulsarSQL }} 19 | {{- if .Values.pulsarSQL.ingress.enabled }} 20 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: extensions/v1beta1 22 | {{- else }} 23 | apiVersion: networking.k8s.io/v1 24 | {{- end }} 25 | kind: Ingress 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarSQL.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.pulsarSQL.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | annotations: 37 | {{ toYaml .Values.pulsarSQL.ingress.annotations | indent 4 }} 38 | spec: 39 | rules: 40 | - host: {{ .Values.pulsarSQL.ingress.host }} 41 | http: 42 | paths: 43 | - path: / 44 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 45 | backend: 46 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarSQL.component }}" 47 | servicePort: 8080 48 | servicePort: "http-coord" 49 | {{- else }} 50 | pathType: ImplementationSpecific 51 | backend: 52 | service: 53 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarSQL.component }}" 54 | port: 55 | name: "http-coord" 56 | {{- end }} 57 | {{- end }} 58 | {{- end }} 59 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/plain-text-proxy.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | {{- if .Values.extra.proxy }} 20 | apiVersion: v1 21 | kind: Pod 22 | metadata: 23 | name: "{{ .Release.Name }}-test-admin-plain-text-proxy" 24 | annotations: 25 | "helm.sh/hook": test-success 26 | spec: 27 | containers: 28 | - name: "{{ template "pulsar.fullname" . }}-test-admin-proxy-plain-text" 29 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 30 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 31 | command: ["/pulsar/bin/pulsar-admin"] 32 | args: ["--admin-url", "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080", "tenants", "list"] 33 | # Do not restart containers after they exit 34 | restartPolicy: Never 35 | --- 36 | apiVersion: v1 37 | kind: Pod 38 | metadata: 39 | name: "{{ .Release.Name }}-test-client-plain-text-proxy" 40 | annotations: 41 | "helm.sh/hook": test-success 42 | spec: 43 | containers: 44 | - name: "{{ template "pulsar.fullname" . }}-test-client-proxy-plain-text" 45 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 46 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 47 | command: ["/pulsar/bin/pulsar-client"] 48 | args: ["--url", "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6650", "produce", "-m", "hello", "public/default/test"] 49 | # Do not restart containers after they exit 50 | restartPolicy: Never 51 | {{- end }} 52 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper-nonpersist/zookeeper-config-script.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.zookeepernp }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-zookeeper-config" 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: "zookeeper-config" 29 | cluster: {{ template "pulsar.fullname" . }} 30 | data: 31 | generate-zookeeper-config-mixed.sh: | 32 | #! /bin/bash 33 | CONF_FILE=$1 34 | 35 | if [ $? != 0 ]; then 36 | echo "Error: Failed to apply changes to config file" 37 | exit 1 38 | fi 39 | 40 | # Generate list of servers and detect the current server ID, 41 | # based on the hostname 42 | IDX=1 43 | for SERVER in $(echo $ZOOKEEPER_SERVERS | tr "," "\n") 44 | do 45 | echo "server.$IDX=$SERVER:2888:3888" >> $CONF_FILE 46 | 47 | if [[ "$SERVER" == ${HOSTNAME}* ]]; then 48 | MY_ID=$IDX 49 | echo "Current server id $MY_ID" 50 | fi 51 | 52 | ((IDX++)) 53 | done 54 | 55 | # For ZooKeeper container we need to initialize the ZK id 56 | if [ ! -z "$MY_ID" ]; then 57 | # Get ZK data dir 58 | DATA_DIR=`grep '^dataDir=' $CONF_FILE | awk -F= '{print $2}'` 59 | if [ ! -e $DATA_DIR/myid ]; then 60 | echo "Creating $DATA_DIR/myid with id = $MY_ID" 61 | mkdir -p $DATA_DIR 62 | echo $MY_ID > $DATA_DIR/myid 63 | fi 64 | fi 65 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/pulsar-heartbeat/pulsar-heartbeat-rbac.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if and .Values.rbac.create .Values.extra.pulsarHeartbeat }} 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarHeartbeat.component }}" 23 | {{- if not .Values.rbac.clusterRoles }} 24 | namespace: {{ .Release.Namespace }} 25 | {{- end }} 26 | rules: 27 | - apiGroups: [""] 28 | resources: 29 | - pods 30 | verbs: ["list"] 31 | - apiGroups: ["apps"] 32 | resources: 33 | - deployments 34 | - statefulsets 35 | verbs: ["list"] 36 | --- 37 | apiVersion: v1 38 | kind: ServiceAccount 39 | metadata: 40 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarHeartbeat.component }}" 41 | namespace: {{ .Release.Namespace }} 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRoleBinding{{ else }}RoleBinding{{ end }} 45 | metadata: 46 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarHeartbeat.component }}" 47 | {{- if not .Values.rbac.clusterRoles }} 48 | namespace: {{ .Release.Namespace }} 49 | {{- end }} 50 | roleRef: 51 | apiGroup: rbac.authorization.k8s.io 52 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 53 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarHeartbeat.component }}" 54 | subjects: 55 | - kind: ServiceAccount 56 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarHeartbeat.component }}" 57 | namespace: {{ .Release.Namespace }} 58 | {{- end }} 59 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/proxy/burnell-rbac.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if and .Values.rbac.create ( or .Values.autoRecovery.enableProvisionContainer .Values.extra.pulsarHealer .Values.extra.pulsarAdminConsole ) }} 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-burnell" 23 | {{- if not .Values.rbac.clusterRoles }} 24 | namespace: {{ .Release.Namespace }} 25 | {{- end }} 26 | rules: 27 | - apiGroups: [""] 28 | resources: 29 | - secrets 30 | verbs: ["get", "create", "list"] 31 | - apiGroups: [""] 32 | resources: 33 | - namespaces 34 | verbs: ["list"] 35 | - apiGroups: ["apps"] 36 | resources: 37 | - deployments 38 | - statefulsets 39 | verbs: ["list"] 40 | --- 41 | apiVersion: v1 42 | kind: ServiceAccount 43 | metadata: 44 | name: "{{ template "pulsar.fullname" . }}-burnell" 45 | namespace: {{ .Release.Namespace }} 46 | --- 47 | apiVersion: rbac.authorization.k8s.io/v1 48 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRoleBinding{{ else }}RoleBinding{{ end }} 49 | metadata: 50 | name: "{{ template "pulsar.fullname" . }}-burnell" 51 | {{- if not .Values.rbac.clusterRoles }} 52 | namespace: {{ .Release.Namespace }} 53 | {{- end }} 54 | roleRef: 55 | apiGroup: rbac.authorization.k8s.io 56 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 57 | name: "{{ template "pulsar.fullname" . }}-burnell" 58 | subjects: 59 | - kind: ServiceAccount 60 | name: "{{ template "pulsar.fullname" . }}-burnell" 61 | namespace: {{ .Release.Namespace }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/dns/dns-rbac.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if and .Values.rbac.create .Values.extra.usedns }} 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | --- 25 | apiVersion: rbac.authorization.k8s.io/v1 26 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 27 | metadata: 28 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 29 | {{- if not .Values.rbac.clusterRoles }} 30 | namespace: {{ .Release.Namespace }} 31 | {{- end }} 32 | rules: 33 | - apiGroups: [""] 34 | resources: ["services","endpoints","pods"] 35 | verbs: ["get","watch","list"] 36 | - apiGroups: ["extensions"] 37 | resources: ["ingresses"] 38 | verbs: ["get","watch","list"] 39 | - apiGroups: [""] 40 | resources: ["nodes"] 41 | verbs: ["get", "watch", "list"] 42 | --- 43 | apiVersion: rbac.authorization.k8s.io/v1 44 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRoleBinding{{ else }}RoleBinding{{ end }} 45 | metadata: 46 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}-viewer" 47 | {{- if not .Values.rbac.clusterRoles }} 48 | namespace: {{ .Release.Namespace }} 49 | {{- end }} 50 | roleRef: 51 | apiGroup: rbac.authorization.k8s.io 52 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 53 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 54 | subjects: 55 | - kind: ServiceAccount 56 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 57 | namespace: {{ .Release.Namespace }} 58 | {{- end }} 59 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tardigrade/deployment.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.tardigrade }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: {{ .Release.Name }}-tardigrade-gateway 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ .Release.Name }}-tardigrade-gateway 26 | spec: 27 | replicas: 1 28 | selector: 29 | matchLabels: 30 | app: {{ .Release.Name }}-tardigrade-gateway 31 | template: 32 | metadata: 33 | labels: 34 | app: {{ .Release.Name }}-tardigrade-gateway 35 | spec: 36 | volumes: 37 | - name: config-props 38 | configMap: 39 | name: {{ .Release.Name }}-tardigrade 40 | - name: config-emptydir 41 | emptyDir: {} 42 | initContainers: 43 | - name: make-config-rw 44 | image: busybox 45 | command: [ "sh", "-c" ] 46 | args: [ "echo 'Copy config' && cp /configmap/config.yaml /config" ] 47 | volumeMounts: 48 | - name: config-emptydir 49 | mountPath: /config 50 | - name: config-props 51 | mountPath: /configmap 52 | containers: 53 | - name: tardigrade-gateway 54 | image: {{ .Values.image.tardigrade.repository }}:{{ .Values.image.tardigrade.tag }} 55 | args: [ "run", "--config-dir", "/config" ] 56 | volumeMounts: 57 | - name: config-emptydir 58 | mountPath: /config 59 | - name: config-props 60 | mountPath: /configmap 61 | env: 62 | - name: CONF_PATH 63 | value: "/config" 64 | ports: 65 | - containerPort: 7777 66 | protocol: TCP 67 | {{- end }} 68 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/function/function-rbac.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if and .Values.rbac.create .Values.extra.function }} 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 23 | {{- if not .Values.rbac.clusterRoles }} 24 | namespace: {{ .Release.Namespace }} 25 | {{- end }} 26 | rules: 27 | - apiGroups: [""] 28 | resources: 29 | - pods 30 | verbs: ["list"] 31 | - apiGroups: [""] 32 | resources: 33 | - secrets 34 | verbs: ["*"] 35 | - apiGroups: [""] 36 | resources: 37 | - services 38 | verbs: ["get", "create", "delete"] 39 | - apiGroups: ["apps"] 40 | resources: 41 | - statefulsets 42 | verbs: ["get", "create", "delete"] 43 | --- 44 | apiVersion: v1 45 | kind: ServiceAccount 46 | metadata: 47 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 48 | namespace: {{ .Release.Namespace }} 49 | --- 50 | apiVersion: rbac.authorization.k8s.io/v1 51 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRoleBinding{{ else }}RoleBinding{{ end }} 52 | metadata: 53 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 54 | {{- if not .Values.rbac.clusterRoles }} 55 | namespace: {{ .Release.Namespace }} 56 | {{- end }} 57 | roleRef: 58 | apiGroup: rbac.authorization.k8s.io 59 | kind: {{ if .Values.rbac.clusterRoles }}ClusterRole{{ else }}Role{{ end }} 60 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 61 | subjects: 62 | - kind: ServiceAccount 63 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 64 | namespace: {{ .Release.Namespace }} 65 | {{- end }} 66 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/function/function-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.function }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.function.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | spec: 33 | ports: 34 | {{ toYaml .Values.function.service.ports | indent 2 }} 35 | {{- if .Values.function.service.headless }} 36 | clusterIP: None 37 | {{- end }} 38 | type: {{ .Values.function.service.type }} 39 | selector: 40 | app: {{ template "pulsar.name" . }} 41 | release: {{ .Release.Name }} 42 | component: {{ .Values.function.component }} 43 | 44 | --- 45 | apiVersion: v1 46 | kind: Service 47 | metadata: 48 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}-ca" 49 | namespace: {{ .Release.Namespace }} 50 | labels: 51 | app: {{ template "pulsar.name" . }} 52 | chart: {{ template "pulsar.chart" . }} 53 | release: {{ .Release.Name }} 54 | heritage: {{ .Release.Service }} 55 | component: {{ .Values.function.component }} 56 | cluster: {{ template "pulsar.fullname" . }} 57 | annotations: 58 | {{- if .Values.function.service.annotations }} 59 | {{ toYaml .Values.function.service.annotations | indent 4 }} 60 | {{- end }} 61 | spec: 62 | ports: 63 | {{ toYaml .Values.function.service.ports | indent 2 }} 64 | selector: 65 | app: {{ template "pulsar.name" . }} 66 | release: {{ .Release.Name }} 67 | component: {{ .Values.function.component }} 68 | 69 | {{- end }} 70 | 71 | -------------------------------------------------------------------------------- /examples/kafka/kafka.client.properties.template: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # see org.apache.kafka.clients.producer.ProducerConfig for more details 16 | 17 | ############################# Producer Basics ############################# 18 | 19 | # list of brokers used for bootstrapping knowledge about the rest of the cluster 20 | # format: host1:port1,host2:port2 ... 21 | bootstrap.servers=localhost:9093 22 | 23 | # specify the compression codec for all data generated: none, gzip, snappy, lz4 24 | compression.type=none 25 | 26 | # name of the partitioner class for partitioning events; default partition spreads data randomly 27 | #partitioner.class= 28 | 29 | # the maximum amount of time the client will wait for the response of a request 30 | #request.timeout.ms= 31 | 32 | # how long `KafkaProducer.send` and `KafkaProducer.partitionsFor` will block for 33 | #max.block.ms= 34 | 35 | # the producer will wait for up to the given delay to allow other records to be sent so that the sends can be batched together 36 | #linger.ms= 37 | 38 | # the maximum size of a request in bytes 39 | #max.request.size= 40 | 41 | # the default batch size in bytes when batching multiple records sent to a partition 42 | #batch.size= 43 | 44 | # the total bytes of memory the producer can use to buffer records waiting to be sent to the server 45 | #buffer.memory= 46 | 47 | 48 | security.protocol=SASL_SSL 49 | sasl.mechanism=PLAIN 50 | sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule \ 51 | required username="TENANT" password="token:TOKEN"; 52 | 53 | 54 | ssl.truststore.location=cert.jks 55 | ssl.truststore.password=pulsar 56 | # The identification algorithm must be empty 57 | ssl.endpoint.identification.algorithm= 58 | 59 | schema.registry.url=https://localhost:8081 60 | basic.auth.credentials.source=USER_INFO 61 | basic.auth.user.info=TENANT:token:TOKEN 62 | 63 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper/zookeeper-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}" 22 | namespace: {{ .Release.Namespace }} 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: {{ .Values.zookeeper.component }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | annotations: 31 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 32 | {{- if .Values.zookeeper.service.annotations }} 33 | {{ toYaml .Values.zookeeper.service.annotations | indent 4 }} 34 | {{- end }} 35 | spec: 36 | ports: 37 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 38 | - name: client-tls 39 | port: 2281 40 | {{- end }} 41 | {{ toYaml .Values.zookeeper.service.ports | indent 2 }} 42 | clusterIP: None 43 | publishNotReadyAddresses: true 44 | selector: 45 | app: {{ template "pulsar.name" . }} 46 | release: {{ .Release.Name }} 47 | component: {{ .Values.zookeeper.component }} 48 | 49 | --- 50 | apiVersion: v1 51 | kind: Service 52 | metadata: 53 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca" 54 | namespace: {{ .Release.Namespace }} 55 | labels: 56 | app: {{ template "pulsar.name" . }} 57 | chart: {{ template "pulsar.chart" . }} 58 | release: {{ .Release.Name }} 59 | heritage: {{ .Release.Service }} 60 | component: {{ .Values.zookeeper.component }} 61 | cluster: {{ template "pulsar.fullname" . }} 62 | annotations: 63 | {{- if .Values.zookeeper.service.annotations }} 64 | {{ toYaml .Values.zookeeper.service.annotations | indent 4 }} 65 | {{- end }} 66 | spec: 67 | ports: 68 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 69 | - name: client-tls 70 | port: 2281 71 | {{- end }} 72 | {{ toYaml .Values.zookeeper.service.ports | indent 2 }} 73 | selector: 74 | app: {{ template "pulsar.name" . }} 75 | release: {{ .Release.Name }} 76 | component: {{ .Values.zookeeper.component }} 77 | 78 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper-nonpersist/zookeepernp-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.zookeepernp }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.zookeepernp.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 33 | {{- if .Values.zookeepernp.service.annotations }} 34 | {{ toYaml .Values.zookeepernp.service.annotations | indent 4 }} 35 | {{- end }} 36 | spec: 37 | ports: 38 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 39 | - name: client-tls 40 | port: 2281 41 | {{- end }} 42 | {{ toYaml .Values.zookeepernp.service.ports | indent 2 }} 43 | clusterIP: None 44 | publishNotReadyAddresses: true 45 | selector: 46 | app: {{ template "pulsar.name" . }} 47 | release: {{ .Release.Name }} 48 | component: {{ .Values.zookeepernp.component }} 49 | 50 | --- 51 | apiVersion: v1 52 | kind: Service 53 | metadata: 54 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}-ca" 55 | namespace: {{ .Release.Namespace }} 56 | labels: 57 | app: {{ template "pulsar.name" . }} 58 | chart: {{ template "pulsar.chart" . }} 59 | release: {{ .Release.Name }} 60 | heritage: {{ .Release.Service }} 61 | component: {{ .Values.zookeepernp.component }} 62 | cluster: {{ template "pulsar.fullname" . }} 63 | annotations: 64 | {{- if .Values.zookeepernp.service.annotations }} 65 | {{ toYaml .Values.zookeepernp.service.annotations | indent 4 }} 66 | {{- end }} 67 | spec: 68 | ports: 69 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 70 | - name: client-tls 71 | port: 2281 72 | {{- end }} 73 | {{ toYaml .Values.zookeepernp.service.ports | indent 2 }} 74 | selector: 75 | app: {{ template "pulsar.name" . }} 76 | release: {{ .Release.Name }} 77 | component: {{ .Values.zookeepernp.component }} 78 | {{- end }} 79 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/ci-archive/azure-no-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | persistence: false 19 | enableTests: true 20 | extra: 21 | autoRecovery: false 22 | bastion: true 23 | proxy: false 24 | pulsarHeartbeat: false 25 | 26 | image: 27 | broker: 28 | # If using tiered storage, use pulsar-all image for broker 29 | repository: datastax/pulsar-all 30 | 31 | storageOffload: 32 | 33 | bucket: kesque-helm-chart-ci-test 34 | region: us-east-1 35 | maxBlockSizeInBytes: "6400000" 36 | readBufferSizeInBytes: "100000" 37 | ## The following are default values for the cluster. They can be changed 38 | ## on each namespace. 39 | managedLedgerOffloadDeletionLagMs: "1000" 40 | managedLedgerOffloadAutoTriggerSizeThresholdBytes: "1000" 41 | 42 | # For Azure 43 | # ====== 44 | # You must create a storage account 45 | # 46 | driver: azureblob 47 | storageAccount: 48 | storageAccountKey: # pragma: allowlist secret 49 | ## For s3 compatible services, need to specify the endpoint but 50 | ## not needed for AWS 51 | #serviceEndpoint: http://127.0.0.1:7777 52 | 53 | zookeeper: 54 | resources: 55 | requests: 56 | memory: 512Mi 57 | cpu: 0.3 58 | configData: 59 | PULSAR_MEM: "\"-Xms512m -Xmx512m -Dcom.sun.management.jmxremote -Djute.maxbuffer=10485760 -XX:+ParallelRefProcEnabled -XX:+UnlockExperimentalVMOptions -XX:+AggressiveOpts -XX:+DoEscapeAnalysis -XX:+DisableExplicitGC -XX:+PerfDisableSharedMem -Dzookeeper.forceSync=no\"" 60 | 61 | bookkeeper: 62 | replicaCount: 2 63 | resources: 64 | requests: 65 | memory: 512Mi 66 | cpu: 0.3 67 | configData: 68 | BOOKIE_MEM: "-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -XX:+ExitOnOutOfMemoryError" 69 | BOOKIE_GC: "\"-XX:+UseG1GC -XX:MaxGCPauseMillis=10\"" 70 | 71 | broker: 72 | component: broker 73 | replicaCount: 1 74 | resources: 75 | requests: 76 | memory: 1000Mi 77 | cpu: 0.3 78 | configData: 79 | PULSAR_MEM: "\"-Xms512m -Xmx1000m -XX:MaxDirectMemorySize=1000m -XX:+ExitOnOutOfMemoryError\"" 80 | managedLedgerMaxEntriesPerLedger: "5000" 81 | managedLedgerMinLedgerRolloverTimeMinutes: "1" 82 | managedLedgerMaxLedgerRolloverTimeMinutes: "2" 83 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zookeeper/zookeeper-storageclass.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.persistence }} 19 | {{- if not .Values.default_storage.existingStorageClassName }} 20 | {{- if not .Values.zookeeper.volumes.data.existingStorageClassName }} 21 | {{- if or .Values.zookeeper.volumes.data.storageClass .Values.default_storage}} 22 | apiVersion: storage.k8s.io/v1 23 | kind: StorageClass 24 | metadata: 25 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-{{ .Values.zookeeper.volumes.data.name }}" 26 | namespace: {{ .Release.Namespace }} 27 | labels: 28 | app: {{ template "pulsar.name" . }} 29 | chart: {{ template "pulsar.chart" . }} 30 | release: {{ .Release.Name }} 31 | heritage: {{ .Release.Service }} 32 | component: {{ .Values.zookeeper.component }} 33 | cluster: {{ template "pulsar.fullname" . }} 34 | allowVolumeExpansion: true 35 | volumeBindingMode: WaitForFirstConsumer 36 | {{- if .Values.zookeeper.volumes.data.storageClass }} 37 | reclaimPolicy: {{ .Values.zookeeper.volumes.data.storageClass.reclaimPolicy | default .Values.default_storage.reclaimPolicy }} 38 | provisioner: {{ .Values.zookeeper.volumes.data.storageClass.provisioner }} 39 | parameters: 40 | {{- if .Values.zookeeper.volumes.data.storageClass.type }} 41 | type: {{ .Values.zookeeper.volumes.data.storageClass.type }} 42 | {{- end }} 43 | {{- if .Values.zookeeper.volumes.data.storageClass.fsType }} 44 | fsType: {{ .Values.zookeeper.volumes.data.storageClass.fsType }} 45 | {{- end }} 46 | {{- if .Values.zookeeper.volumes.data.storageClass.extraParams }} 47 | {{ toYaml .Values.zookeeper.volumes.data.storageClass.extraParams | indent 2 }} 48 | {{- end }} 49 | {{- else if .Values.default_storage }} 50 | reclaimPolicy: {{ .Values.default_storage.reclaimPolicy }} 51 | provisioner: {{ .Values.default_storage.provisioner }} 52 | parameters: 53 | {{- if .Values.default_storage.type }} 54 | type: {{ .Values.default_storage.type }} 55 | {{- end }} 56 | {{- if .Values.default_storage.fsType }} 57 | fsType: {{ .Values.default_storage.fsType }} 58 | {{- end }} 59 | {{- if .Values.default_storage.extraParams }} 60 | {{ toYaml .Values.default_storage.extraParams | indent 2 }} 61 | {{- end }} 62 | {{- end }} 63 | {{- end }} 64 | {{- end }} 65 | {{- end }} 66 | {{- end }} 67 | 68 | -------------------------------------------------------------------------------- /examples/dev-values.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | enableAntiAffinity: false 19 | enableTls: false 20 | enableTokenAuth: false 21 | restartOnConfigMapChange: 22 | enabled: true 23 | extra: 24 | function: true 25 | burnell: true 26 | burnellLogCollector: true 27 | pulsarHeartbeat: true 28 | pulsarAdminConsole: true 29 | 30 | zookeeper: 31 | replicaCount: 1 32 | resources: 33 | requests: 34 | memory: 300Mi 35 | cpu: 0.3 36 | configData: 37 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 38 | 39 | bookkeeper: 40 | replicaCount: 1 41 | resources: 42 | requests: 43 | memory: 512Mi 44 | cpu: 0.3 45 | configData: 46 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 47 | 48 | broker: 49 | component: broker 50 | replicaCount: 1 51 | ledger: 52 | defaultEnsembleSize: 1 53 | defaultAckQuorum: 1 54 | defaultWriteQuorum: 1 55 | resources: 56 | requests: 57 | memory: 600Mi 58 | cpu: 0.3 59 | configData: 60 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 61 | 62 | autoRecovery: 63 | resources: 64 | requests: 65 | memory: 300Mi 66 | cpu: 0.3 67 | 68 | function: 69 | replicaCount: 1 70 | functionReplicaCount: 1 71 | resources: 72 | requests: 73 | memory: 512Mi 74 | cpu: 0.3 75 | configData: 76 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 77 | 78 | proxy: 79 | replicaCount: 1 80 | resources: 81 | requests: 82 | memory: 512Mi 83 | cpu: 0.3 84 | wsResources: 85 | requests: 86 | memory: 512Mi 87 | cpu: 0.3 88 | configData: 89 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 90 | autoPortAssign: 91 | enablePlainTextWithTLS: true 92 | service: 93 | autoPortAssign: 94 | enabled: true 95 | 96 | grafanaDashboards: 97 | enabled: true 98 | 99 | pulsarAdminConsole: 100 | replicaCount: 1 101 | 102 | kube-prometheus-stack: 103 | enabled: true 104 | prometheusOperator: 105 | enabled: true 106 | grafana: 107 | enabled: true 108 | adminPassword: e9JYtk83*4#PM8 109 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/function/function-storageclass.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.persistence }} 19 | {{- if .Values.extra.function }} 20 | {{- if not .Values.default_storage.existingStorageClassName }} 21 | {{- if not .Values.function.volumes.data.existingStorageClassName }} 22 | {{- if or .Values.function.volumes.data.storageClass .Values.default_storage}} 23 | apiVersion: storage.k8s.io/v1 24 | kind: StorageClass 25 | metadata: 26 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}-{{ .Values.function.volumes.data.name }}" 27 | namespace: {{ .Release.Namespace }} 28 | labels: 29 | app: {{ template "pulsar.name" . }} 30 | chart: {{ template "pulsar.chart" . }} 31 | release: {{ .Release.Name }} 32 | heritage: {{ .Release.Service }} 33 | component: {{ .Values.function.component }} 34 | cluster: {{ template "pulsar.fullname" . }} 35 | allowVolumeExpansion: true 36 | volumeBindingMode: WaitForFirstConsumer 37 | {{- if .Values.function.volumes.data.storageClass }} 38 | reclaimPolicy: {{ .Values.function.volumes.data.storageClass.reclaimPolicy | default .Values.default_storage.reclaimPolicy }} 39 | provisioner: {{ .Values.function.volumes.data.storageClass.provisioner }} 40 | parameters: 41 | {{- if .Values.function.volumes.data.storageClass.type }} 42 | type: {{ .Values.function.volumes.data.storageClass.type }} 43 | {{- end }} 44 | {{- if .Values.function.volumes.data.storageClass.fsType }} 45 | fsType: {{ .Values.function.volumes.data.storageClass.fsType }} 46 | {{- end }} 47 | {{- if .Values.function.volumes.data.storageClass.extraParams }} 48 | {{ toYaml .Values.function.volumes.data.storageClass.extraParams | indent 2 }} 49 | {{- end }} 50 | {{- else if .Values.default_storage }} 51 | reclaimPolicy: {{ .Values.default_storage.reclaimPolicy }} 52 | provisioner: {{ .Values.default_storage.provisioner }} 53 | parameters: 54 | {{- if .Values.default_storage.type }} 55 | type: {{ .Values.default_storage.type }} 56 | {{- end }} 57 | {{- if .Values.default_storage.fsType }} 58 | fsType: {{ .Values.default_storage.fsType }} 59 | {{- end }} 60 | {{- if .Values.default_storage.extraParams }} 61 | {{ toYaml .Values.default_storage.extraParams | indent 2 }} 62 | {{- end }} 63 | {{- end }} 64 | {{- end }} 65 | {{- end }} 66 | {{- end }} 67 | {{- end }} 68 | {{- end }} 69 | 70 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/ci-archive/aws-s3-no-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | persistence: false 19 | enableTests: true 20 | extra: 21 | autoRecovery: false 22 | bastion: true 23 | proxy: false 24 | pulsarHeartbeat: false 25 | 26 | image: 27 | broker: 28 | # If using tiered storage, use pulsar-all image for broker 29 | repository: datastax/pulsar-all 30 | 31 | storageOffload: 32 | 33 | bucket: kesque-helm-chart-ci-test 34 | region: us-east-1 35 | maxBlockSizeInBytes: "6400000" 36 | readBufferSizeInBytes: "100000" 37 | ## The following are default values for the cluster. They can be changed 38 | ## on each namespace. 39 | managedLedgerOffloadDeletionLagMs: "1000" 40 | managedLedgerOffloadAutoTriggerSizeThresholdBytes: "1000" 41 | 42 | # For AWS S3 43 | # ====== 44 | # You must create an IAM account with access to the bucket and 45 | # generate keys for that account. 46 | # 47 | driver: aws-s3 48 | accessKey: 49 | accessSecret: # pragma: allowlist secret 50 | ## For s3 compatible services, need to specify the endpoint but 51 | ## not needed for AWS 52 | #serviceEndpoint: http://127.0.0.1:7777 53 | 54 | zookeeper: 55 | resources: 56 | requests: 57 | memory: 512Mi 58 | cpu: 0.3 59 | configData: 60 | PULSAR_MEM: "\"-Xms512m -Xmx512m -Dcom.sun.management.jmxremote -Djute.maxbuffer=10485760 -XX:+ParallelRefProcEnabled -XX:+UnlockExperimentalVMOptions -XX:+AggressiveOpts -XX:+DoEscapeAnalysis -XX:+DisableExplicitGC -XX:+PerfDisableSharedMem -Dzookeeper.forceSync=no\"" 61 | 62 | bookkeeper: 63 | replicaCount: 2 64 | resources: 65 | requests: 66 | memory: 512Mi 67 | cpu: 0.3 68 | configData: 69 | BOOKIE_MEM: "-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -XX:+ExitOnOutOfMemoryError" 70 | BOOKIE_GC: "\"-XX:+UseG1GC -XX:MaxGCPauseMillis=10\"" 71 | 72 | broker: 73 | component: broker 74 | replicaCount: 1 75 | resources: 76 | requests: 77 | memory: 1000Mi 78 | cpu: 0.3 79 | configData: 80 | PULSAR_MEM: "\"-Xms512m -Xmx1000m -XX:MaxDirectMemorySize=1000m -XX:+ExitOnOutOfMemoryError\"" 81 | managedLedgerMaxEntriesPerLedger: "5000" 82 | managedLedgerMinLedgerRolloverTimeMinutes: "1" 83 | managedLedgerMaxLedgerRolloverTimeMinutes: "2" 84 | -------------------------------------------------------------------------------- /examples/dev-values-transactions.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | enableAntiAffinity: false 19 | enableTls: false 20 | enableTokenAuth: false 21 | restartOnConfigMapChange: 22 | enabled: true 23 | extra: 24 | function: true 25 | burnell: true 26 | burnellLogCollector: true 27 | pulsarHeartbeat: true 28 | pulsarAdminConsole: true 29 | 30 | zookeeper: 31 | replicaCount: 1 32 | resources: 33 | requests: 34 | memory: 300Mi 35 | cpu: 0.3 36 | configData: 37 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 38 | 39 | bookkeeper: 40 | replicaCount: 1 41 | resources: 42 | requests: 43 | memory: 512Mi 44 | cpu: 0.3 45 | configData: 46 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 47 | 48 | broker: 49 | component: broker 50 | replicaCount: 1 51 | ledger: 52 | defaultEnsembleSize: 1 53 | defaultAckQuorum: 1 54 | defaultWriteQuorum: 1 55 | transactionCoordinator: 56 | enabled: true 57 | resources: 58 | requests: 59 | memory: 600Mi 60 | cpu: 0.3 61 | configData: 62 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 63 | 64 | autoRecovery: 65 | resources: 66 | requests: 67 | memory: 300Mi 68 | cpu: 0.3 69 | 70 | function: 71 | replicaCount: 1 72 | functionReplicaCount: 1 73 | resources: 74 | requests: 75 | memory: 512Mi 76 | cpu: 0.3 77 | configData: 78 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 79 | 80 | proxy: 81 | replicaCount: 1 82 | resources: 83 | requests: 84 | memory: 512Mi 85 | cpu: 0.3 86 | wsResources: 87 | requests: 88 | memory: 512Mi 89 | cpu: 0.3 90 | configData: 91 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 92 | autoPortAssign: 93 | enablePlainTextWithTLS: true 94 | service: 95 | autoPortAssign: 96 | enabled: true 97 | 98 | grafanaDashboards: 99 | enabled: true 100 | 101 | pulsarAdminConsole: 102 | replicaCount: 1 103 | 104 | kube-prometheus-stack: 105 | enabled: true 106 | prometheusOperator: 107 | enabled: true 108 | grafana: 109 | enabled: true 110 | adminPassword: e9JYtk83*4#PM8 111 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/tls-broker.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | {{- if .Values.enableTls }} 20 | apiVersion: v1 21 | kind: Pod 22 | metadata: 23 | name: "{{ .Release.Name }}-test-admin-tls-broker" 24 | annotations: 25 | "helm.sh/hook": test-success 26 | spec: 27 | containers: 28 | - name: "{{ template "pulsar.fullname" . }}-test-admin-broker-tls" 29 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 30 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 31 | command: ["/pulsar/bin/pulsar-admin"] 32 | args: ["--admin-url", "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8443", "tenants", "list"] 33 | # Do not restart containers after they exit 34 | restartPolicy: Never 35 | --- 36 | apiVersion: v1 37 | kind: Pod 38 | metadata: 39 | name: "{{ .Release.Name }}-test-client-tls-broker" 40 | annotations: 41 | "helm.sh/hook": test-success 42 | spec: 43 | volumes: 44 | - name: certs 45 | secret: 46 | secretName: "{{ .Values.tlsSecretName }}" 47 | containers: 48 | - name: "{{ template "pulsar.fullname" . }}-test-client-broker-tls" 49 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 50 | env: 51 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled }} 52 | - name: tlsTrustCertsFilePath 53 | value: /pulsar/certs/ca.crt 54 | {{- else }} 55 | - name: tlsTrustCertsFilePath 56 | value: "{{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }}" 57 | {{- end }} 58 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 59 | command: ["sh", "-c"] 60 | args: 61 | - > 62 | {{- if .Values.enableTokenAuth }} 63 | cat /pulsar/token-superuser/superuser.jwt | tr -d '\n' > /pulsar/token-superuser-stripped.jwt && 64 | {{- end }} 65 | bin/apply-config-from-env.py conf/client.conf && 66 | /pulsar/bin/pulsar-client --url pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6651 produce -m hello public/default/test 67 | volumeMounts: 68 | - name: certs 69 | mountPath: /pulsar/certs 70 | # Do not restart containers after they exit 71 | restartPolicy: Never 72 | {{- end }} 73 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/tls-proxy.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | {{- if .Values.extra.proxy }} 20 | {{- if .Values.enableTls }} 21 | apiVersion: v1 22 | kind: Pod 23 | metadata: 24 | name: "{{ .Release.Name }}-test-admin-tls-proxy" 25 | annotations: 26 | "helm.sh/hook": test-success 27 | spec: 28 | containers: 29 | - name: "{{ template "pulsar.fullname" . }}-test-admin-proxy-tls" 30 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 31 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 32 | command: ["/pulsar/bin/pulsar-admin"] 33 | args: ["--admin-url", "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8443", "tenants", "list"] 34 | # Do not restart containers after they exit 35 | restartPolicy: Never 36 | --- 37 | apiVersion: v1 38 | kind: Pod 39 | metadata: 40 | name: "{{ .Release.Name }}-test-client-tls-proxy" 41 | annotations: 42 | "helm.sh/hook": test-success 43 | spec: 44 | volumes: 45 | - name: certs 46 | secret: 47 | secretName: "{{ .Values.tlsSecretName }}" 48 | containers: 49 | - name: "{{ template "pulsar.fullname" . }}-test-client-proxy-tls" 50 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 51 | env: 52 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled }} 53 | - name: tlsTrustCertsFilePath 54 | value: /pulsar/certs/ca.crt 55 | {{- else }} 56 | - name: tlsTrustCertsFilePath 57 | value: "{{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }}" 58 | {{- end }} 59 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 60 | command: ["sh", "-c"] 61 | args: 62 | - > 63 | {{- if .Values.enableTokenAuth }} 64 | cat /pulsar/token-superuser/superuser.jwt | tr -d '\n' > /pulsar/token-superuser-stripped.jwt && 65 | {{- end }} 66 | bin/apply-config-from-env.py conf/client.conf && 67 | /pulsar/bin/pulsar-client --url pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6651 produce -m hello public/default/test 68 | volumeMounts: 69 | - name: certs 70 | mountPath: /pulsar/certs 71 | # Do not restart containers after they exit 72 | restartPolicy: Never 73 | {{- end }} 74 | {{- end }} 75 | {{- end }} -------------------------------------------------------------------------------- /examples/dev-values-sql.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | enableAntiAffinity: false 19 | enableTls: false 20 | enableTokenAuth: false 21 | restartOnConfigMapChange: 22 | enabled: true 23 | extra: 24 | function: true 25 | burnell: true 26 | burnellLogCollector: true 27 | pulsarHeartbeat: true 28 | pulsarAdminConsole: true 29 | pulsarSQL: true 30 | 31 | zookeeper: 32 | replicaCount: 1 33 | resources: 34 | requests: 35 | memory: 300Mi 36 | cpu: 0.3 37 | configData: 38 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 39 | 40 | bookkeeper: 41 | replicaCount: 1 42 | resources: 43 | requests: 44 | memory: 512Mi 45 | cpu: 0.3 46 | configData: 47 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 48 | 49 | broker: 50 | component: broker 51 | replicaCount: 1 52 | ledger: 53 | defaultEnsembleSize: 1 54 | defaultAckQuorum: 1 55 | defaultWriteQuorum: 1 56 | resources: 57 | requests: 58 | memory: 600Mi 59 | cpu: 0.3 60 | configData: 61 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 62 | 63 | autoRecovery: 64 | resources: 65 | requests: 66 | memory: 300Mi 67 | cpu: 0.3 68 | 69 | function: 70 | replicaCount: 1 71 | functionReplicaCount: 1 72 | resources: 73 | requests: 74 | memory: 512Mi 75 | cpu: 0.3 76 | configData: 77 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 78 | 79 | proxy: 80 | replicaCount: 1 81 | resources: 82 | requests: 83 | memory: 512Mi 84 | cpu: 0.3 85 | wsResources: 86 | requests: 87 | memory: 512Mi 88 | cpu: 0.3 89 | configData: 90 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 91 | autoPortAssign: 92 | enablePlainTextWithTLS: true 93 | service: 94 | autoPortAssign: 95 | enabled: true 96 | 97 | pulsarSQL: 98 | server: 99 | workers: 1 100 | resources: 101 | requests: 102 | memory: 512Mi 103 | cpu: 0.3 104 | 105 | grafanaDashboards: 106 | enabled: true 107 | 108 | pulsarAdminConsole: 109 | replicaCount: 1 110 | 111 | kube-prometheus-stack: 112 | enabled: true 113 | prometheusOperator: 114 | enabled: true 115 | grafana: 116 | enabled: true 117 | adminPassword: e9JYtk83*4#PM8 118 | -------------------------------------------------------------------------------- /examples/dev-values-tls.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | enableAntiAffinity: false 19 | enableTls: true 20 | enableTokenAuth: false 21 | restartOnConfigMapChange: 22 | enabled: true 23 | extra: 24 | broker: false 25 | brokerSts: true 26 | function: true 27 | burnell: true 28 | burnellLogCollector: true 29 | pulsarHeartbeat: true 30 | pulsarAdminConsole: true 31 | 32 | cert-manager: 33 | enabled: true 34 | 35 | createCertificates: 36 | selfSigned: 37 | enabled: true 38 | 39 | zookeeper: 40 | replicaCount: 1 41 | resources: 42 | requests: 43 | memory: 300Mi 44 | cpu: 0.3 45 | configData: 46 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 47 | 48 | bookkeeper: 49 | replicaCount: 1 50 | resources: 51 | requests: 52 | memory: 512Mi 53 | cpu: 0.3 54 | configData: 55 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 56 | 57 | brokerSts: 58 | component: broker 59 | replicaCount: 1 60 | ledger: 61 | defaultEnsembleSize: 1 62 | defaultAckQuorum: 1 63 | defaultWriteQuorum: 1 64 | resources: 65 | requests: 66 | memory: 600Mi 67 | cpu: 0.3 68 | configData: 69 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 70 | 71 | autoRecovery: 72 | resources: 73 | requests: 74 | memory: 300Mi 75 | cpu: 0.3 76 | 77 | function: 78 | replicaCount: 1 79 | functionReplicaCount: 1 80 | resources: 81 | requests: 82 | memory: 512Mi 83 | cpu: 0.3 84 | configData: 85 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 86 | 87 | proxy: 88 | replicaCount: 1 89 | resources: 90 | requests: 91 | memory: 512Mi 92 | cpu: 0.3 93 | wsResources: 94 | requests: 95 | memory: 512Mi 96 | cpu: 0.3 97 | configData: 98 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 99 | autoPortAssign: 100 | enablePlainTextWithTLS: true 101 | service: 102 | autoPortAssign: 103 | enabled: true 104 | 105 | grafanaDashboards: 106 | enabled: true 107 | 108 | pulsarAdminConsole: 109 | replicaCount: 1 110 | 111 | kube-prometheus-stack: 112 | enabled: true 113 | prometheusOperator: 114 | enabled: true 115 | grafana: 116 | enabled: true 117 | adminPassword: e9JYtk83*4#PM8 118 | -------------------------------------------------------------------------------- /examples/dev-values-auth.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | enableAntiAffinity: false 19 | enableTls: false 20 | enableTokenAuth: true 21 | restartOnConfigMapChange: 22 | enabled: true 23 | extra: 24 | function: true 25 | burnell: true 26 | burnellLogCollector: true 27 | pulsarHeartbeat: true 28 | pulsarAdminConsole: true 29 | 30 | zookeeper: 31 | replicaCount: 1 32 | resources: 33 | requests: 34 | memory: 300Mi 35 | cpu: 0.3 36 | configData: 37 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 38 | 39 | bookkeeper: 40 | replicaCount: 1 41 | resources: 42 | requests: 43 | memory: 512Mi 44 | cpu: 0.3 45 | configData: 46 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 47 | 48 | broker: 49 | component: broker 50 | replicaCount: 1 51 | ledger: 52 | defaultEnsembleSize: 1 53 | defaultAckQuorum: 1 54 | defaultWriteQuorum: 1 55 | resources: 56 | requests: 57 | memory: 600Mi 58 | cpu: 0.3 59 | configData: 60 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 61 | 62 | autoRecovery: 63 | enableProvisionContainer: true 64 | resources: 65 | requests: 66 | memory: 300Mi 67 | cpu: 0.3 68 | 69 | function: 70 | replicaCount: 1 71 | functionReplicaCount: 1 72 | resources: 73 | requests: 74 | memory: 512Mi 75 | cpu: 0.3 76 | configData: 77 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 78 | 79 | proxy: 80 | replicaCount: 1 81 | resources: 82 | requests: 83 | memory: 512Mi 84 | cpu: 0.3 85 | wsResources: 86 | requests: 87 | memory: 512Mi 88 | cpu: 0.3 89 | configData: 90 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 91 | autoPortAssign: 92 | enablePlainTextWithTLS: true 93 | service: 94 | autoPortAssign: 95 | enabled: true 96 | 97 | grafanaDashboards: 98 | enabled: true 99 | 100 | pulsarAdminConsole: 101 | replicaCount: 1 102 | authMode: k8s 103 | createUserSecret: 104 | enabled: true 105 | user: 'admin' 106 | password: 'e9JYtk83*4#PM8' 107 | 108 | kube-prometheus-stack: 109 | enabled: true 110 | prometheusOperator: 111 | enabled: true 112 | grafana: 113 | enabled: true 114 | adminPassword: e9JYtk83*4#PM8 115 | 116 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/admin-console/pulsar-admin-console-ingress.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.pulsarAdminConsole }} 19 | {{- if .Values.pulsarAdminConsole.ingress.enabled }} 20 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 21 | apiVersion: extensions/v1beta1 22 | {{- else }} 23 | apiVersion: networking.k8s.io/v1 24 | {{- end }} 25 | kind: Ingress 26 | metadata: 27 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 28 | namespace: {{ .Release.Namespace }} 29 | labels: 30 | app: {{ template "pulsar.name" . }} 31 | chart: {{ template "pulsar.chart" . }} 32 | release: {{ .Release.Name }} 33 | heritage: {{ .Release.Service }} 34 | component: {{ .Values.pulsarAdminConsole.component }} 35 | cluster: {{ template "pulsar.fullname" . }} 36 | annotations: 37 | {{ toYaml .Values.pulsarAdminConsole.ingress.annotations | indent 4 }} 38 | spec: 39 | rules: 40 | - host: {{ .Values.pulsarAdminConsole.ingress.host }} 41 | http: 42 | paths: 43 | - path: / 44 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 45 | backend: 46 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 47 | servicePort: 8080 48 | {{- else }} 49 | pathType: ImplementationSpecific 50 | backend: 51 | service: 52 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 53 | port: 54 | number: 8080 55 | {{- end }} 56 | - path: /ws/ 57 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 58 | backend: 59 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 60 | servicePort: 8080 61 | {{- else }} 62 | pathType: ImplementationSpecific 63 | backend: 64 | service: 65 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 66 | port: 67 | number: 8080 68 | {{- end }} 69 | {{- if and .Values.enableTls .Values.pulsarAdminConsole.ingress.enableTls}} 70 | tls: 71 | - hosts: 72 | - {{ .Values.pulsarAdminConsole.ingress.host }} 73 | secretName: {{ .Values.tlsSecretName }} 74 | {{- end }} 75 | {{- end }} 76 | {{- end }} 77 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/dns/dns-deployment.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.usedns }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 23 | spec: 24 | strategy: 25 | type: Recreate 26 | selector: 27 | matchLabels: 28 | app: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 29 | template: 30 | metadata: 31 | labels: 32 | app: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 33 | spec: 34 | {{- if .Values.priorityClass.enabled }} 35 | priorityClassName: pulsar-priority 36 | {{- end }} 37 | {{- if and (.Values.nodeSelector) (not .Values.dns.nodeSelector) }} 38 | nodeSelector: 39 | {{ toYaml .Values.nodeSelector | indent 8 }} 40 | {{- end }} 41 | {{- if .Values.dns.nodeSelector }} 42 | nodeSelector: 43 | {{ toYaml .Values.dns.nodeSelector | indent 8 }} 44 | {{- end }} 45 | {{- if .Values.dns.nodeAffinity }} 46 | affinity: 47 | nodeAffinity: 48 | {{ toYaml .Values.dns.nodeAffinity | indent 10 }} 49 | {{- end }} 50 | {{- if .Values.dns.tolerations }} 51 | tolerations: 52 | {{ toYaml .Values.dns.tolerations | indent 8 }} 53 | {{- end }} 54 | serviceAccountName: "{{ template "pulsar.fullname" . }}-{{ .Values.dns.component }}" 55 | {{- if .Values.dns.azureVolume }} 56 | volumes: 57 | - name: azure-config 58 | secret: 59 | secretName: azure-config-file 60 | {{- end }} 61 | containers: 62 | - name: external-dns 63 | image: k8s.gcr.io/external-dns/external-dns:v0.12.2 64 | {{- if .Values.dns.azureVolume }} 65 | volumeMounts: 66 | - mountPath: "/etc/kubernetes/" 67 | name: azure-config 68 | readOnly: true 69 | {{- end }} 70 | args: 71 | - --source=service 72 | - --source=ingress 73 | - --provider={{ .Values.dns.provider }} 74 | - --domain-filter={{ .Values.dns.domainFilter }} 75 | - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization 76 | - --registry=txt 77 | - --txt-owner-id=my-identifier 78 | {{- if .Values.dns.txtPrefix }} 79 | - --txt-prefix={{ .Values.dns.txtPrefix }} 80 | {{- end }} 81 | {{- if eq .Values.dns.provider "digitalocean" }} 82 | env: 83 | - name: DO_TOKEN 84 | value: "{{ .Values.dns.digitalOceanApiKey}}" 85 | {{- end }} 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/ci-archive/storj-no-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | persistence: false 19 | enableTests: true 20 | extra: 21 | autoRecovery: false 22 | bastion: true 23 | 24 | image: 25 | broker: 26 | # If using tiered storage, use pulsar-all image for broker 27 | repository: datastax/pulsar-all 28 | 29 | storageOffload: 30 | 31 | bucket: tiered-storage 32 | region: us-east-1 33 | maxBlockSizeInBytes: "64000000" 34 | readBufferSizeInBytes: "1000000" 35 | ## The following are default values for the cluster. They can be changed 36 | ## on each namespace. 37 | managedLedgerOffloadDeletionLagMs: "60000" 38 | managedLedgerOffloadAutoTriggerSizeThresholdBytes: "1000" 39 | 40 | # For AWS S3 41 | # ====== 42 | # You must create an IAM account with access to the bucket and 43 | # generate keys for that account. 44 | # 45 | driver: s3 46 | accessKey: "access key for s3 compatiables" 47 | accessSecret: "access secret for s3 compatiables" # pragma: allowlist secret 48 | ## For s3 compatible services, need to specify the endpoint but 49 | ## not needed for AWS 50 | serviceEndpoint: http://127.0.0.1:7777 51 | 52 | zookeeper: 53 | resources: 54 | requests: 55 | memory: 512Mi 56 | cpu: 0.3 57 | configData: 58 | PULSAR_MEM: "\"-Xms512m -Xmx512m -Dzookeeper.forceSync=no\"" 59 | 60 | bookkeeper: 61 | replicaCount: 2 62 | resources: 63 | requests: 64 | memory: 512Mi 65 | cpu: 0.3 66 | configData: 67 | PULSAR_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -XX:+ExitOnOutOfMemoryError\"" 68 | 69 | broker: 70 | component: broker 71 | replicaCount: 1 72 | resources: 73 | requests: 74 | memory: 1000Mi 75 | cpu: 0.3 76 | configData: 77 | PULSAR_MEM: "\"-Xms512m -Xmx1000m -XX:MaxDirectMemorySize=1000m -XX:+ExitOnOutOfMemoryError\"" 78 | managedLedgerMaxEntriesPerLedger: "5000" 79 | managedLedgerMinLedgerRolloverTimeMinutes: "1" 80 | managedLedgerMaxLedgerRolloverTimeMinutes: "2" 81 | 82 | function: 83 | replicaCount: 1 84 | resources: 85 | requests: 86 | memory: 512Mi 87 | cpu: 0.3 88 | configData: 89 | PULSAR_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -XX:+ExitOnOutOfMemoryError\"" 90 | 91 | proxy: 92 | replicaCount: 1 93 | resources: 94 | requests: 95 | memory: 512Mi 96 | cpu: 0.3 97 | wsResources: 98 | requests: 99 | memory: 512Mi 100 | cpu: 0.3 101 | configData: 102 | PULSAR_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m\"" 103 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/utils/health-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: "{{ template "pulsar.fullname" . }}-health" 22 | labels: 23 | app: {{ template "pulsar.name" . }} 24 | chart: {{ template "pulsar.chart" . }} 25 | release: {{ .Release.Name }} 26 | heritage: {{ .Release.Service }} 27 | component: "health-check" 28 | cluster: {{ template "pulsar.fullname" . }} 29 | data: 30 | proxy_health_check.sh: | 31 | #!/bin/bash 32 | {{- if .Values.enableTokenAuth }} 33 | curl -s --max-time {{ .Values.proxy.probe.timeout }} --fail -H "Authorization: Bearer $(cat /pulsar/token-superuser/superuser.jwt | tr -d '\r')" http://localhost:8080/metrics/ > /dev/null 34 | {{- else }} 35 | curl -s --max-time {{ .Values.proxy.probe.timeout }} --fail http://localhost:8080/metrics/ > /dev/null 36 | {{- end }} 37 | 38 | broker_health_check.sh: | 39 | #!/bin/bash 40 | {{- if .Values.enableTokenAuth }} 41 | curl -s --max-time {{ .Values.broker.probe.timeout }} --fail -H "Authorization: Bearer $(cat /pulsar/token-superuser/superuser.jwt | tr -d '\r')" http://localhost:8080/admin/v2/brokers/health 42 | {{- else }} 43 | curl -s --max-time {{ .Values.broker.probe.timeout }} --fail http://localhost:8080/admin/v2/brokers/health 44 | {{- end }} 45 | 46 | function_worker_health_check.sh: | 47 | #!/bin/bash 48 | {{- if .Values.enableTokenAuth }} 49 | curl -s --max-time {{ .Values.proxy.probe.timeout }} --fail -H "Authorization: Bearer $(cat /pulsar/token-superuser/superuser.jwt | tr -d '\r')" http://localhost:{{ .Values.function.probe.port }}/metrics/ > /dev/null 50 | METRICS_STATUS=$? 51 | curl -s --max-time {{ .Values.proxy.probe.timeout }} --fail -H "Authorization: Bearer $(cat /pulsar/token-superuser/superuser.jwt | tr -d '\r')" http://localhost:{{ .Values.function.probe.port }}/admin/v3/functions/healthz/ > /dev/null 52 | HEALTH_STATUS=$? 53 | {{- else }} 54 | curl -s --max-time {{ .Values.proxy.probe.timeout }} --fail http://localhost:{{ .Values.function.probe.port }}/metrics/ > /dev/null 55 | METRICS_STATUS=$? 56 | curl -s --max-time {{ .Values.proxy.probe.timeout }} --fail http://localhost:{{ .Values.function.probe.port }}/admin/v3/functions/healthz/ > /dev/null 57 | HEALTH_STATUS=$? 58 | {{- end }} 59 | 60 | if [ $METRICS_STATUS -ne 0 ]; then 61 | echo "Metrics check failed." 62 | exit 1 63 | fi 64 | 65 | if [ $HEALTH_STATUS -ne 0 ]; then 66 | echo "Health check failed." 67 | exit 1 68 | fi 69 | 70 | echo "Health check passed." 71 | exit 0 72 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/bastion/bastion-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.bastion }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.bastion.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.bastion.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | data: 32 | {{- if .Values.enableTokenAuth }} 33 | authParams: "file:///pulsar/token-superuser-stripped.jwt" 34 | authPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken" 35 | {{- end }} 36 | # If proxy is deployed, use that for web service URL to 37 | # properly forward command to broker or function worker 38 | {{- if .Values.enableTls }} 39 | tlsEnableHostnameVerification: "{{ .Values.tls.bastion.enableHostnameVerification }}" 40 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled }} 41 | tlsTrustCertsFilePath: "/pulsar/certs/ca.crt" 42 | {{- else }} 43 | tlsTrustCertsFilePath: "{{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }}" 44 | {{- end }} 45 | {{- if .Values.extra.proxy }} 46 | brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6651/" 47 | webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8443/" 48 | {{- else }} 49 | brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6651/" 50 | webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8443/" 51 | {{- end }} 52 | {{- else }} 53 | {{- if .Values.extra.proxy }} 54 | brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6650/" 55 | webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080/" 56 | {{- else }} 57 | brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6650/" 58 | webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080/" 59 | {{- end }} 60 | {{- end }} 61 | {{- range $key, $val := $.Values.bastion.configData }} 62 | {{ $key }}: {{ $val | replace "\"" "" | trim | quote }} 63 | {{- end }} 64 | {{- end }} 65 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/autorecovery/autorecovery-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.autoRecovery }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.autoRecovery.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.autoRecovery.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | data: 32 | # Pulsar's metadata store based rack awareness solution 33 | PULSAR_PREFIX_reppDnsResolverClass: "org.apache.pulsar.zookeeper.ZkBookieRackAffinityMapping" 34 | zkServers: 35 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 36 | {{- if .Values.extra.zookeepernp }} 37 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281,{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281 38 | {{- else }} 39 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281 40 | {{- end }} 41 | {{- else }} 42 | {{- if .Values.extra.zookeepernp }} 43 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181,{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181 44 | {{- else }} 45 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181 46 | {{- end }} 47 | {{- end }} 48 | {{- if and .Values.enableTls .Values.tls.bookkeeper.enabled }} 49 | PULSAR_PREFIX_tlsHostnameVerificationEnabled: "{{ .Values.tls.autoRecovery.enableHostnameVerification }}" 50 | PULSAR_PREFIX_tlsProvider: OpenSSL 51 | PULSAR_PREFIX_tlsProviderFactoryClass: org.apache.bookkeeper.tls.TLSContextFactory 52 | PULSAR_PREFIX_tlsCertificatePath: /pulsar/certs/tls.crt 53 | PULSAR_PREFIX_tlsKeyStoreType: PEM 54 | PULSAR_PREFIX_tlsKeyStore: /pulsar/tls-pk8.key 55 | PULSAR_PREFIX_tlsTrustStoreType: PEM 56 | PULSAR_PREFIX_tlsClientAuthentication: "true" 57 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled }} 58 | PULSAR_PREFIX_tlsTrustStore: /pulsar/certs/ca.crt 59 | {{- else }} 60 | PULSAR_PREFIX_tlsTrustStore: "{{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }}" 61 | {{- end }} 62 | {{- end }} 63 | {{- range $key, $val := $.Values.autoRecovery.configData }} 64 | {{ $key }}: {{ $val | replace "\"" "" | trim | quote }} 65 | {{- end }} 66 | {{- end }} 67 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/monitoring/pulsar-podmonitor.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if or .Values.enablePulsarPodMonitor (index .Values "kube-prometheus-stack" "enabled") }} 19 | apiVersion: monitoring.coreos.com/v1 20 | kind: PodMonitor 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-monitor" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | spec: 31 | selector: 32 | matchLabels: 33 | app: {{ template "pulsar.name" . }} 34 | release: {{ .Release.Name }} 35 | matchExpressions: 36 | - key: component 37 | operator: In 38 | values: 39 | - {{.Values.zookeeper.component}} 40 | {{- if .Values.extra.zookeepernp }} 41 | - {{.Values.zookeepernp.component}} 42 | {{- end }} 43 | - {{.Values.bookkeeper.component}} 44 | {{- if .Values.extra.broker }} 45 | - {{.Values.broker.component}} 46 | {{- end }} 47 | {{- if .Values.extra.brokerSts }} 48 | - {{.Values.brokerSts.component}} 49 | {{- end }} 50 | {{- if .Values.extra.proxy }} 51 | - {{.Values.proxy.component}} 52 | {{- end }} 53 | {{- if .Values.extra.function }} 54 | - {{.Values.function.component}} 55 | {{- end }} 56 | {{- if .Values.extra.autoRecovery }} 57 | - {{.Values.autoRecovery.component}} 58 | {{- end }} 59 | {{- if .Values.extra.pulsarHeartbeat }} 60 | - {{.Values.pulsarHeartbeat.component}} 61 | {{- end }} 62 | podMetricsEndpoints: 63 | - port: "http" 64 | relabelings: 65 | - action: labelmap 66 | regex: __meta_kubernetes_pod_label_(.+) 67 | - sourceLabels: [ __meta_kubernetes_namespace ] 68 | action: replace 69 | targetLabel: kubernetes_namespace 70 | - sourceLabels: [ __meta_kubernetes_pod_label_component ] 71 | action: replace 72 | targetLabel: job 73 | - sourceLabels: [ __meta_kubernetes_pod_name ] 74 | action: replace 75 | targetLabel: kubernetes_pod_name 76 | {{- if .Values.extra.burnell }} 77 | - port: "burnell" 78 | relabelings: 79 | - action: labelmap 80 | regex: __meta_kubernetes_pod_label_(.+) 81 | - sourceLabels: [ __meta_kubernetes_namespace ] 82 | action: replace 83 | targetLabel: kubernetes_namespace 84 | - sourceLabels: [ __meta_kubernetes_pod_label_component ] 85 | action: replace 86 | targetLabel: job 87 | - sourceLabels: [ __meta_kubernetes_pod_name ] 88 | action: replace 89 | targetLabel: kubernetes_pod_name 90 | {{- end }} 91 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/ci/test-notls-values.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | persistence: false 19 | enableTests: true 20 | 21 | enableAntiAffinity: false 22 | enableTls: false 23 | enableTokenAuth: false 24 | restartOnConfigMapChange: 25 | enabled: true 26 | extra: 27 | autoRecovery: false 28 | function: true 29 | burnell: true 30 | pulsarHeartbeat: true 31 | pulsarAdminConsole: true 32 | 33 | # After https://github.com/apache/pulsar/pull/9413 Pulsar seems to load 34 | # all connector classes to memory. This causes OOM at OS level (error code 143) 35 | # Mitigate the issue by using a container image without the connectors. 36 | image: 37 | function: 38 | repository: datastax/lunastreaming 39 | 40 | 41 | autoRecovery: 42 | enableProvisionContainer: true 43 | 44 | zookeeper: 45 | replicaCount: 1 46 | resources: 47 | requests: 48 | memory: 300Mi 49 | cpu: 100m 50 | configData: 51 | PULSAR_MEM: "-Xms64m -Xmx128m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 52 | 53 | bookkeeper: 54 | replicaCount: 1 55 | resources: 56 | requests: 57 | memory: 400Mi 58 | cpu: 100m 59 | configData: 60 | BOOKIE_MEM: "-Xms64m -Xmx256m -XX:MaxDirectMemorySize=256m -XX:+ExitOnOutOfMemoryError" 61 | BOOKIE_GC: "-XX:+UseG1GC -XX:MaxGCPauseMillis=10" 62 | diskUsageThreshold: "0.99" 63 | 64 | broker: 65 | component: broker 66 | replicaCount: 1 67 | ledger: 68 | defaultEnsembleSize: 1 69 | defaultAckQuorum: 1 70 | defaultWriteQuorum: 1 71 | resources: 72 | requests: 73 | memory: 400Mi 74 | cpu: 100m 75 | configData: 76 | PULSAR_MEM: "-Xms64m -Xmx256m -XX:MaxDirectMemorySize=256m -XX:+ExitOnOutOfMemoryError" 77 | 78 | function: 79 | replicaCount: 1 80 | functionReplicaCount: 1 81 | resources: 82 | requests: 83 | memory: 400Mi 84 | cpu: 100m 85 | configData: 86 | PULSAR_MEM: "-Xms64m -Xmx256m -XX:MaxDirectMemorySize=256m -Dio.netty.leakDetectionLevel=disabled -Dio.netty.recycler.linkCapacity=1024 -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+ExitOnOutOfMemoryError -XX:+PerfDisableSharedMem" 87 | 88 | proxy: 89 | replicaCount: 1 90 | resources: 91 | requests: 92 | memory: 400Mi 93 | cpu: 100m 94 | wsResources: 95 | requests: 96 | memory: 400Mi 97 | cpu: 100m 98 | configData: 99 | PULSAR_MEM: "-Xms64m -Xmx64m -XX:MaxDirectMemorySize=64m" 100 | autoPortAssign: 101 | enablePlainTextWithTLS: true 102 | service: 103 | autoPortAssign: 104 | enabled: true 105 | type: ClusterIP 106 | 107 | grafanaDashboards: 108 | enabled: false 109 | 110 | pulsarAdminConsole: 111 | replicaCount: 1 112 | service: 113 | type: ClusterIP 114 | 115 | kube-prometheus-stack: 116 | enabled: false 117 | prometheusOperator: 118 | enabled: false 119 | grafana: 120 | enabled: false 121 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/proxy/proxy-service.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.proxy }} 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.proxy.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | annotations: 32 | {{- if .Values.proxy.service.annotations }} 33 | {{ toYaml .Values.proxy.service.annotations | indent 4 }} 34 | {{- end }} 35 | # For contour ingress to ensure Burnell port is TLS 36 | {{- if .Values.enableTls }} 37 | projectcontour.io/upstream-protocol.tls: "https,8964" 38 | {{- end}} 39 | {{- if .Values.extra.dnsOnProxy }} 40 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.dnsName }} 41 | {{- end }} 42 | spec: 43 | type: {{ .Values.proxy.service.type }} 44 | {{- if .Values.proxy.service.loadBalancerIP }} 45 | loadBalancerIP: {{ .Values.proxy.service.loadBalancerIP }} 46 | {{- end }} 47 | ports: 48 | {{- if .Values.proxy.service.autoPortAssign.enabled }} 49 | {{ include "pulsar.proxyAutoPort" . | indent 2 }} 50 | {{- else }} 51 | {{ toYaml .Values.proxy.service.ports | indent 2 }} 52 | {{- end }} 53 | {{- if and .Values.proxy.extensions.enabled .Values.proxy.extensions.servicePorts }} 54 | {{ toYaml .Values.proxy.extensions.servicePorts | indent 2 }} 55 | {{- end }} 56 | selector: 57 | app: {{ template "pulsar.name" . }} 58 | release: {{ .Release.Name }} 59 | component: {{ .Values.proxy.component }} 60 | --- 61 | {{- if .Values.proxy.extraService.enabled }} 62 | apiVersion: v1 63 | kind: Service 64 | metadata: 65 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-extra" 66 | namespace: {{ .Release.Namespace }} 67 | labels: 68 | app: {{ template "pulsar.name" . }} 69 | chart: {{ template "pulsar.chart" . }} 70 | release: {{ .Release.Name }} 71 | heritage: {{ .Release.Service }} 72 | component: {{ .Values.proxy.component }} 73 | cluster: {{ template "pulsar.fullname" . }} 74 | annotations: 75 | {{- if .Values.proxy.extraService.annotations }} 76 | {{ toYaml .Values.proxy.extraService.annotations | indent 4 }} 77 | {{- end }} 78 | {{- if .Values.extra.dnsOnProxy }} 79 | external-dns.alpha.kubernetes.io/hostname: {{ .Values.dnsName }} 80 | {{- end }} 81 | spec: 82 | type: {{ .Values.proxy.extraService.type }} 83 | {{- if .Values.proxy.extraService.loadBalancerIP }} 84 | loadBalancerIP: {{ .Values.proxy.extraService.loadBalancerIP }} 85 | {{- end }} 86 | ports: 87 | {{- if .Values.proxy.extraService.autoPortAssign.enabled }} 88 | {{ include "pulsar.proxyAutoPort" . | indent 2 }} 89 | {{- else }} 90 | {{ toYaml .Values.proxy.extraService.ports | indent 2 }} 91 | {{- end }} 92 | selector: 93 | app: {{ template "pulsar.name" . }} 94 | release: {{ .Release.Name }} 95 | component: {{ .Values.proxy.component }} 96 | {{- end }} 97 | {{- end }} 98 | -------------------------------------------------------------------------------- /tests/e2e-kind.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 3 | CI="${CI:-false}" 4 | set -o errexit 5 | set -o nounset 6 | set -o pipefail 7 | set -x 8 | 9 | readonly CT_VERSION=latest 10 | readonly KIND_VERSION=v0.22.0 11 | : "${K8S_VERSION:=v1.28.7}" 12 | 13 | readonly CLUSTER_NAME=pulsar-helm-test 14 | 15 | run_ct_container() { 16 | if [ "$(docker inspect -f '{{.State.Running}}' ct 2>/dev/null || true)" != 'true' ]; then 17 | echo 'Running ct container...' 18 | docker run --rm --interactive --detach --network host --name ct \ 19 | --volume "$(pwd):/workdir" \ 20 | --workdir /workdir \ 21 | --user "$(id -u):$(id -g)" \ 22 | --env HOME=/workdir \ 23 | "quay.io/helmpack/chart-testing:$CT_VERSION" \ 24 | cat 25 | echo 26 | fi 27 | } 28 | 29 | cleanup() { 30 | echo 'Removing ct container...' 31 | docker kill ct > /dev/null 2>&1 32 | 33 | echo 'Done!' 34 | } 35 | 36 | # Set the user so that it properly owns the git repo 37 | docker_exec() { 38 | docker exec --user "$(id -u):$(id -g)" --interactive ct "$@" 39 | } 40 | 41 | create_kind_cluster() { 42 | if ! [ -x "$(command -v kind)" ]; then 43 | echo 'Installing kind...' 44 | curl -Lo ./kind https://kind.sigs.k8s.io/dl/$KIND_VERSION/kind-linux-amd64 45 | chmod +x ./kind 46 | sudo mv kind /usr/local/bin/kind 47 | fi 48 | 49 | node_count=$(kind get nodes --name "$CLUSTER_NAME" -q | wc -l) 50 | 51 | export KUBECONFIG=/tmp/kind_kube_config$$ 52 | if [ "$node_count" -eq 0 ]; then 53 | kind create cluster --name "$CLUSTER_NAME" --config tests/kind-config.yaml --image "kindest/node:$K8S_VERSION" --wait 60s 54 | # caching docker images is useful only when there are multiple workers or when running outside of CI 55 | local worker_count 56 | worker_count=$(kind get nodes --name "$CLUSTER_NAME" -q | grep -c worker) 57 | if [[ $CI == "false" || $worker_count -gt 1 ]]; then 58 | pull_and_cache_docker_images 59 | fi 60 | else 61 | kind export kubeconfig --name "$CLUSTER_NAME" 62 | fi 63 | docker_exec mkdir -p /workdir/.kube 64 | 65 | echo "Copying kubeconfig $KUBECONFIG to container..." 66 | docker cp "$KUBECONFIG" ct:/workdir/.kube/config 67 | 68 | docker_exec kubectl cluster-info 69 | echo 70 | 71 | docker_exec kubectl get nodes 72 | echo 73 | 74 | echo 'Cluster ready!' 75 | echo 76 | } 77 | 78 | 79 | install_charts() { 80 | docker_exec ct install --debug --config tests/ct.yaml 81 | echo 82 | } 83 | 84 | pull_and_cache_docker_images() { 85 | if [[ $CI == "true" ]]; then 86 | echo 'Installing yq...' 87 | curl -Lo ./yq https://github.com/mikefarah/yq/releases/download/v4.9.8/yq_linux_amd64 88 | chmod +x ./yq 89 | sudo mv yq /usr/local/bin/ 90 | fi 91 | echo 'Printing yq version' 92 | yq --version 93 | 94 | # kind cluster worker nodes as comma separated list 95 | nodes=$(kind get nodes --name "$CLUSTER_NAME" -q | grep worker | tr '\n' ',' | sed 's/,$//') 96 | 97 | # extract the images from values.yaml 98 | images=$(yq e '.image | .[] |= ([.repository, .tag] | join(":")) | to_entries | .[] | .value' "$SCRIPT_DIR"/../helm-chart-sources/pulsar/values.yaml | sort | uniq) 99 | for image in $images; do 100 | docker pull "$image" 101 | kind load docker-image -v 1 --name "$CLUSTER_NAME" --nodes "$nodes" "$image" 102 | done 103 | } 104 | 105 | main() { 106 | run_ct_container 107 | trap cleanup EXIT 108 | 109 | create_kind_cluster 110 | install_charts 111 | } 112 | 113 | main 114 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/ci-archive/gcp-storage-no-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | persistence: false 19 | enableTests: true 20 | extra: 21 | autoRecovery: false 22 | bastion: true 23 | pulsarHeartbeat: false 24 | 25 | image: 26 | broker: 27 | # If using tiered storage, use pulsar-all image for broker 28 | repository: datastax/pulsar-all 29 | 30 | storageOffload: 31 | 32 | driver: google-cloud-storage 33 | gcsServiceAccountSecret: pulsar-gcp-sa-secret # pragma: allowlist secret 34 | gcsServiceAccountJsonFile: account-223201-f12856532197.json 35 | gcsServiceAccountJsonFileContent: # this should be a base64-encoded string $(cat | base64) 36 | bucket: kesque-tired-storage-test 37 | region: us 38 | # General Storage Offload Setting 39 | # =============================== 40 | # maxBlockSizeInBytes: "64000000" 41 | # readBufferSizeInBytes: "1000000" 42 | maxBlockSizeInBytes: "64000000" 43 | readBufferSizeInBytes: "1000000" 44 | # 45 | # The following are default values for the cluster. They can be changed 46 | # on each namespace. 47 | # managedLedgerOffloadDeletionLagMs: "14400000" 48 | # managedLedgerOffloadAutoTriggerSizeThresholdBytes: "1000000" 49 | managedLedgerOffloadDeletionLagMs: "1000" 50 | managedLedgerOffloadAutoTriggerSizeThresholdBytes: "1000" 51 | 52 | zookeeper: 53 | resources: 54 | requests: 55 | memory: 512Mi 56 | cpu: 0.3 57 | configData: 58 | PULSAR_MEM: "\"-Xms512m -Xmx512m -Dzookeeper.forceSync=no\"" 59 | 60 | bookkeeper: 61 | replicaCount: 2 62 | resources: 63 | requests: 64 | memory: 512Mi 65 | cpu: 0.3 66 | configData: 67 | BOOKIE_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -XX:+ExitOnOutOfMemoryError\"" 68 | BOOKIE_GC: "\"-XX:+UseG1GC -XX:MaxGCPauseMillis=10\"" 69 | 70 | broker: 71 | component: broker 72 | replicaCount: 1 73 | resources: 74 | requests: 75 | memory: 512Mi 76 | cpu: 0.3 77 | configData: 78 | PULSAR_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -XX:+ExitOnOutOfMemoryError\"" 79 | managedLedgerMaxEntriesPerLedger: "5000" 80 | managedLedgerMinLedgerRolloverTimeMinutes: "1" 81 | managedLedgerMaxLedgerRolloverTimeMinutes: "2" 82 | 83 | function: 84 | replicaCount: 1 85 | resources: 86 | requests: 87 | memory: 512Mi 88 | cpu: 0.3 89 | configData: 90 | PULSAR_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -Dio.netty.leakDetectionLevel=disabled -Dio.netty.recycler.linkCapacity=1024 -XX:+ParallelRefProcEnabled -XX:+UnlockExperimentalVMOptions -XX:+AggressiveOpts -XX:+DoEscapeAnalysis -XX:ParallelGCThreads=32 -XX:ConcGCThreads=32 -XX:G1NewSizePercent=50 -XX:+DisableExplicitGC -XX:-ResizePLAB -XX:+ExitOnOutOfMemoryError -XX:+PerfDisableSharedMem\"" 91 | 92 | proxy: 93 | replicaCount: 1 94 | resources: 95 | requests: 96 | memory: 512Mi 97 | cpu: 0.3 98 | wsResources: 99 | requests: 100 | memory: 512Mi 101 | cpu: 0.3 102 | configData: 103 | PULSAR_MEM: "\"-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m\"" 104 | -------------------------------------------------------------------------------- /examples/dev-values-rabbitmq-tls.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | # Please note that this example works only with Luna Streaming 2.8.0.1.1.6+ 19 | enableAntiAffinity: false 20 | enableTls: true 21 | enableTokenAuth: true 22 | restartOnConfigMapChange: 23 | enabled: true 24 | extra: 25 | function: true 26 | burnell: true 27 | burnellLogCollector: true 28 | pulsarHeartbeat: true 29 | pulsarAdminConsole: true 30 | 31 | cert-manager: 32 | enabled: true 33 | 34 | createCertificates: 35 | selfSigned: 36 | enabled: true 37 | 38 | zookeeper: 39 | replicaCount: 1 40 | resources: 41 | requests: 42 | memory: 300Mi 43 | cpu: 0.3 44 | configData: 45 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 46 | 47 | bookkeeper: 48 | replicaCount: 1 49 | resources: 50 | requests: 51 | memory: 512Mi 52 | cpu: 0.3 53 | configData: 54 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 55 | 56 | broker: 57 | component: broker 58 | replicaCount: 1 59 | ledger: 60 | defaultEnsembleSize: 1 61 | defaultAckQuorum: 1 62 | defaultWriteQuorum: 1 63 | resources: 64 | requests: 65 | memory: 600Mi 66 | cpu: 0.3 67 | configData: 68 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 69 | 70 | autoRecovery: 71 | enableProvisionContainer: true 72 | resources: 73 | requests: 74 | memory: 300Mi 75 | cpu: 0.3 76 | 77 | function: 78 | replicaCount: 1 79 | functionReplicaCount: 1 80 | resources: 81 | requests: 82 | memory: 512Mi 83 | cpu: 0.3 84 | configData: 85 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 86 | 87 | proxy: 88 | replicaCount: 1 89 | resources: 90 | requests: 91 | memory: 512Mi 92 | cpu: 0.3 93 | wsResources: 94 | requests: 95 | memory: 512Mi 96 | cpu: 0.3 97 | configData: 98 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 99 | PULSAR_PREFIX_amqpListeners: "amqp://0.0.0.0:5672,amqps://0.0.0.0:5671" 100 | # The rabbitmq extension will use the superuser user for its operations on the broker 101 | PULSAR_PREFIX_amqpBrokerClientAuthenticationParameters: "file:///pulsar/token-superuser/superuser.jwt" 102 | autoPortAssign: 103 | enablePlainTextWithTLS: true 104 | service: 105 | autoPortAssign: 106 | enabled: true 107 | extensions: 108 | enabled: true 109 | extensions: "rabbitmq" 110 | containerPorts: 111 | - name: amqp 112 | containerPort: 5672 113 | - name: amqps 114 | containerPort: 5671 115 | servicePorts: 116 | - name: amqp 117 | port: 5672 118 | protocol: TCP 119 | targetPort: amqp 120 | - name: amqps 121 | port: 5671 122 | protocol: TCP 123 | targetPort: amqps 124 | 125 | grafanaDashboards: 126 | enabled: true 127 | 128 | pulsarAdminConsole: 129 | replicaCount: 1 130 | 131 | kube-prometheus-stack: 132 | enabled: true 133 | prometheusOperator: 134 | enabled: true 135 | grafana: 136 | enabled: true 137 | adminPassword: e9JYtk83*4#PM8 138 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/bookkeeper/bookkeeper-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | apiVersion: v1 19 | kind: ConfigMap 20 | metadata: 21 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" 22 | namespace: {{ .Release.Namespace }} 23 | labels: 24 | app: {{ template "pulsar.name" . }} 25 | chart: {{ template "pulsar.chart" . }} 26 | release: {{ .Release.Name }} 27 | heritage: {{ .Release.Service }} 28 | component: {{ .Values.bookkeeper.component }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | data: 31 | zkServers: 32 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 33 | {{- if .Values.extra.zookeepernp }} 34 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281,{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281 35 | {{- else }} 36 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281 37 | {{- end }} 38 | {{- else }} 39 | {{- if .Values.extra.zookeepernp }} 40 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181,{{ template "pulsar.fullname" . }}-{{ .Values.zookeepernp.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181 41 | {{- else }} 42 | {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181 43 | {{- end }} 44 | {{- end }} 45 | # disable auto recovery on bookies since we will start AutoRecovery in separated pods 46 | autoRecoveryDaemonEnabled: "false" 47 | # In k8s always want to use hostname as bookie ID since IP addresses are ephemeral 48 | useHostNameAsBookieID: "true" 49 | # HTTP server used by health check 50 | httpServerEnabled: "true" 51 | # Pulsar's metadata store based rack awareness solution 52 | PULSAR_PREFIX_reppDnsResolverClass: "org.apache.pulsar.zookeeper.ZkBookieRackAffinityMapping" 53 | {{- if .Values.function.enableStateStorage }} 54 | {{- if not (or .Values.extra.stateStorage .Values.function.stateStorageUrlOverride) }} 55 | # Enable function state storage 56 | PULSAR_PREFIX_extraServerComponents: org.apache.bookkeeper.stream.server.StreamStorageLifecycleComponent 57 | {{- end }} 58 | {{- end }} 59 | {{- if .Values.tls.bookkeeper.enabled}} 60 | PULSAR_PREFIX_tlsProvider: OpenSSL 61 | PULSAR_PREFIX_tlsProviderFactoryClass: org.apache.bookkeeper.tls.TLSContextFactory 62 | PULSAR_PREFIX_tlsCertificatePath: /pulsar/certs/tls.crt 63 | PULSAR_PREFIX_tlsKeyStoreType: PEM 64 | PULSAR_PREFIX_tlsKeyStore: /pulsar/tls-pk8.key 65 | PULSAR_PREFIX_tlsTrustStoreType: PEM 66 | PULSAR_PREFIX_tlsHostnameVerificationEnabled: "true" 67 | PULSAR_PREFIX_bookkeeperTLSClientAuthentication: "true" 68 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled}} 69 | PULSAR_PREFIX_bookkeeperTLSTrustCertsFilePath: /pulsar/certs/ca.crt 70 | {{- else }} 71 | PULSAR_PREFIX_bookkeeperTLSTrustCertsFilePath: "{{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }}" 72 | {{- end }} 73 | {{- end }} 74 | {{- range $key, $val := $.Values.bookkeeper.configData }} 75 | {{ $key }}: {{ $val | replace "\"" "" | trim | quote }} 76 | {{- end }} 77 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/offload-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | {{- if .Values.storageOffload.driver }} 20 | apiVersion: v1 21 | kind: ConfigMap 22 | metadata: 23 | name: "{{ template "pulsar.fullname" . }}-offload-test-file" 24 | data: 25 | test.sh: |- 26 | #!/bin/bash 27 | 28 | exit_if_error() { 29 | local exit_code=$1 30 | shift 31 | [[ $exit_code ]] && # do nothing if no error code passed 32 | ((exit_code != 0)) && { # do nothing if error code is 0 33 | printf 'ERROR: %s\n' "$@" >&2 # we can use better logging here 34 | exit "$exit_code" # we could also check to make sure 35 | # error code is numeric when passed 36 | } 37 | } 38 | 39 | ADM_CMD=/pulsar/bin/pulsar-admin 40 | PERF_CMD=/pulsar/bin/pulsar-perf 41 | CLIENT_CMD=/pulsar/bin/pulsar-client 42 | TOPIC=public/default/test-topic 43 | SUBSCRIPTION=sub 44 | 45 | echo "Create subscription" 46 | $ADM_CMD topics create-subscription -s $SUBSCRIPTION $TOPIC 47 | exit_if_error $? "Create subscription failed" 48 | 49 | echo "Publish enough messages to allow offload" 50 | $PERF_CMD produce -s 10 -r 200 -m 14000 $TOPIC 51 | exit_if_error $? "Publishing messages failed" 52 | 53 | #echo "Manually trigger offload" 54 | #$ADM_CMD topics offload -s 1 $TOPIC 55 | #exit_if_error $? "Manually triggering offload failed" 56 | 57 | echo "Wait for offload to complete and BookKeeper copy to be deleted" 58 | sleep 121 59 | 60 | echo "Make sure some ledgers are offloaded" 61 | $ADM_CMD topics stats-internal $TOPIC | grep '"offloaded" : true' 62 | exit_if_error $? "Checking for offloaded=true failed" 63 | 64 | echo "Consume offload messages" 65 | $CLIENT_CMD consume -n 14000 -s $SUBSCRIPTION $TOPIC > /dev/null 66 | exit_if_error $? "Consuming messages failed" 67 | 68 | echo "Delete topic" 69 | $ADM_CMD topics delete $TOPIC 70 | exit_if_error $? "Deleting the topic failed" 71 | 72 | # If we made it to here, all good 73 | exit 0 74 | 75 | --- 76 | apiVersion: v1 77 | kind: Pod 78 | metadata: 79 | name: "{{ .Release.Name }}-test-offload" 80 | annotations: 81 | "helm.sh/hook": test-success 82 | spec: 83 | containers: 84 | - name: "{{ template "pulsar.fullname" . }}-test-admin-proxy-plain-text" 85 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 86 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 87 | command: ["sh", "-c"] 88 | args: 89 | - > 90 | bin/apply-config-from-env.py conf/client.conf && 91 | /pulsar/tests/test.sh 92 | env: 93 | - name: webServiceUrl 94 | value: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080/ 95 | - name: brokerServiceUrl 96 | value: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6650/ 97 | volumeMounts: 98 | - name: test-scripts 99 | mountPath: /pulsar/tests 100 | 101 | # Do not restart containers after they exit 102 | restartPolicy: Never 103 | volumes: 104 | - name: test-scripts 105 | configMap: 106 | name: "{{ template "pulsar.fullname" . }}-offload-test-file" 107 | defaultMode: 0744 108 | {{- end }} 109 | {{- end }} -------------------------------------------------------------------------------- /examples/dev-values-keycloak-auth.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | enableAntiAffinity: false 19 | # TLS is not included in this example. It is recommended to use TLS to ensure the authenticity and security of tokens. 20 | enableTls: false 21 | enableTokenAuth: true 22 | restartOnConfigMapChange: 23 | enabled: true 24 | extra: 25 | function: true 26 | burnell: true 27 | burnellLogCollector: true 28 | pulsarHeartbeat: true 29 | pulsarAdminConsole: true 30 | 31 | keycloak: 32 | enabled: true 33 | auth: 34 | adminUser: "admin" 35 | adminPassword: "F3LVqnxqMmkCQkvyPdJiwXodqQncK@" 36 | # It is recommended to override this password, as the dependent chart uses a default 37 | # Here is an issue requesting that the default be removed: https://github.com/bitnami/charts/issues/7279. 38 | postgresql: 39 | postgresqlPassword: "xinf-2-doHTG._sMJi3*kZgQAabuet" 40 | 41 | zookeeper: 42 | replicaCount: 1 43 | resources: 44 | requests: 45 | memory: 300Mi 46 | cpu: 0.3 47 | configData: 48 | PULSAR_MEM: "-Xms300m -Xmx300m -Djute.maxbuffer=10485760 -XX:+ExitOnOutOfMemoryError" 49 | 50 | bookkeeper: 51 | replicaCount: 1 52 | resources: 53 | requests: 54 | memory: 512Mi 55 | cpu: 0.3 56 | configData: 57 | BOOKIE_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 58 | 59 | broker: 60 | component: broker 61 | replicaCount: 1 62 | ledger: 63 | defaultEnsembleSize: 1 64 | defaultAckQuorum: 1 65 | defaultWriteQuorum: 1 66 | resources: 67 | requests: 68 | memory: 600Mi 69 | cpu: 0.3 70 | authenticationProviders: "com.datastax.oss.pulsar.auth.AuthenticationProviderOpenID" 71 | configData: 72 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 73 | 74 | autoRecovery: 75 | enableProvisionContainer: true 76 | resources: 77 | requests: 78 | memory: 300Mi 79 | cpu: 0.3 80 | 81 | function: 82 | replicaCount: 1 83 | functionReplicaCount: 1 84 | resources: 85 | requests: 86 | memory: 512Mi 87 | cpu: 0.3 88 | authenticationProviders: "com.datastax.oss.pulsar.auth.AuthenticationProviderOpenID,org.apache.pulsar.broker.authentication.AuthenticationProviderTls" 89 | configData: 90 | PULSAR_MEM: "-Xms312m -Xmx312m -XX:MaxDirectMemorySize=200m -XX:+ExitOnOutOfMemoryError" 91 | 92 | proxy: 93 | replicaCount: 1 94 | resources: 95 | requests: 96 | memory: 512Mi 97 | cpu: 0.3 98 | wsResources: 99 | requests: 100 | memory: 512Mi 101 | cpu: 0.3 102 | authenticationProviders: "com.datastax.oss.pulsar.auth.AuthenticationProviderOpenID" 103 | wsAuthenticationProviders: "com.datastax.oss.pulsar.auth.AuthenticationProviderOpenID,org.apache.pulsar.broker.authentication.AuthenticationProviderTls" 104 | configData: 105 | PULSAR_MEM: "-Xms400m -Xmx400m -XX:MaxDirectMemorySize=112m" 106 | autoPortAssign: 107 | enablePlainTextWithTLS: true 108 | service: 109 | autoPortAssign: 110 | enabled: true 111 | 112 | grafanaDashboards: 113 | enabled: true 114 | 115 | pulsarAdminConsole: 116 | replicaCount: 1 117 | authMode: openidconnect 118 | # The client id used when authenticating with keycloak 119 | oauthClientId: "pulsar-admin-console" 120 | 121 | kube-prometheus-stack: 122 | enabled: true 123 | prometheusOperator: 124 | enabled: true 125 | grafana: 126 | enabled: true 127 | adminPassword: e9JYtk83*4#PM8 128 | 129 | -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- 1 | Helm Chart Release 2 | ==================================================== 3 | 4 | # Chart Releaser 5 | 6 | The [chart-releaser](https://github.com/helm/chart-releaser) is being used to enable the pulsar-helm-chart [repo](https://github.com/datastax/pulsar-helm-chart) to self-host Helm Chart releases via the use of GitHub pages. 7 | 8 | # GitHub Actions 9 | 10 | GitHub Actions are used to release a new version of the DataStax Pulsar Helm Charts. The [release action](.github/workflows/release.yaml) creates a release package of the new Helm Chart version and updates the [index.yaml](https://datastax.github.io/pulsar-helm-chart/index.yaml) which in this case is hosted in a GitHub page. The GitHub Action is triggered, when a new commit is pushed to the `master` branch, and a release is performed any time the chart releaser detects a version change. 11 | 12 | Note: we switched from CircleCI to GitHub Actions because actions have a token integration which allows us to easily supply a token scoped to the project. 13 | 14 | # How to Release a new Version 15 | 16 | Before releasing the new version, verify that the most recent Circle CI tests have passed on the master branch. Then, update the version in the *Chart.yaml* for each chart that has changed. Push the changes to the master branch. 17 | ``` 18 | git add . 19 | git commit -m "Release version x.y.z" 20 | git push origin master 21 | ``` 22 | 23 | The release is then automatically triggered. It uses the [chart-releaser-action](https://github.com/helm/chart-releaser-action) which in turn uses the [chart-releaser](https://github.com/helm/chart-releaser) tool. 24 | 25 | We configure the action in the [release.yaml](.github/workflows/release.yaml), and we configure the chart release in the [cr.yaml](cr.yaml). 26 | 27 | The chart-releaser tool will handle the packaging of the new version, will push it to the GitHub repo as a new [release](https://github.com/datastax/pulsar-helm-chart/releases). The release notes should be auto generated. Read through them to verify their correctness. 28 | 29 | Later it will update the index.yaml file for the Helm repo and commit it to **master** since this is where the GitHub pages are hosted. If this step fails, it is necessary to manually update the file, which can be done using the `cr` tool. Here is a sample script for working around the error: 30 | 31 | ```shell 32 | mkdir .cr-release-packages/ 33 | mv ~/Downloads/pulsar-3.1.0.tgz .cr-release-packages/ 34 | cr index -o datastax -r pulsar-helm-chart 35 | ``` 36 | 37 | Then commit the updated index.yaml file. 38 | 39 | If you see an error like this from the release script: 40 | 41 | ``` 42 | Error: error creating GitHub release: POST https://api.github.com/repos/datastax/pulsar-helm-chart/releases: 422 Validation Failed [{Resource:Release Field:tag_name Code:already_exists Message:}] 43 | ``` 44 | 45 | It is likely because one of the Helm charts has changed but the version number was not increased. All the changed charts will be listed in the logs of the release script. Bump the missing versions and commit to the release branch. 46 | 47 | You should verify that the new chart version are present in the index.yaml: 48 | 49 | https://datastax.github.io/pulsar-helm-chart/index.yaml 50 | 51 | Also confirm that **master** has been updated with the new versions in the Chart.yaml files. 52 | 53 | # How to Install a New Release 54 | 55 | The *index.yaml* is hosted in a GitHub page and can be accessed via https://datastax.github.io/pulsar-helm-chart/. In order to make use of a DataStax Pulsar Helm Chart specific version the DataStax Helm repo should be added first by running: 56 | 57 | ```bash 58 | helm repo add datastax-pulsar https://datastax.github.io/pulsar-helm-chart 59 | ``` 60 | 61 | And then a version of the preferred chart can be installed by running: 62 | 63 | ```bash 64 | helm install --namespace pulsar datastax-pulsar/pulsar --version 65 | ``` 66 | Or for Helm3: 67 | 68 | ``` 69 | helm3 install --namespace pulsar --version datastax-pulsar/pulsar 70 | ``` 71 | 72 | For example: 73 | 74 | 75 | ```bash 76 | helm install --namespace pulsar --repo https://datastax.github.io/pulsar-helm-chart pulsar --version v1.0.3 77 | ``` 78 | 79 | If no Helm Chart version is specified the latest version will be installed. 80 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/beam-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | {{- if .Values.extra.pulsarBeam }} 20 | {{- if not .Values.enableTls }} 21 | apiVersion: v1 22 | kind: ConfigMap 23 | metadata: 24 | name: "{{ template "pulsar.fullname" . }}-beam-test-file" 25 | data: 26 | test.sh: |- 27 | #!/bin/bash 28 | 29 | exit_if_error() { 30 | local exit_code=$1 31 | shift 32 | [[ $exit_code ]] && # do nothing if no error code passed 33 | ((exit_code != 0)) && { # do nothing if error code is 0 34 | printf 'ERROR: %s\n' "$@" >&2 # we can use better logging here 35 | exit "$exit_code" # we could also check to make sure 36 | # error code is numeric when passed 37 | } 38 | } 39 | 40 | ADM_CMD=/pulsar/bin/pulsar-admin 41 | PERF_CMD=/pulsar/bin/pulsar-perf 42 | CLIENT_CMD=/pulsar/bin/pulsar-client 43 | TOPIC=public/default/beamtest 44 | SUBSCRIPTION=sub 45 | 46 | echo "Create subscription" 47 | $ADM_CMD topics create-subscription -s $SUBSCRIPTION $TOPIC 48 | exit_if_error $? "Create subscription failed" 49 | 50 | echo "Send 3 messages using curl" 51 | curl -q -X POST -H "TopicFn: $TOPIC" -d "message 1" http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8085/v1/firehose 52 | curl -q -X POST -H "TopicFn: $TOPIC" -d "message 2" http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8085/v1/firehose 53 | curl -q -X POST -H "TopicFn: $TOPIC" -d "message 3" http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8085/v1/firehose 54 | exit_if_error $? "Sending e messages using curl failed" 55 | 56 | echo "Consume the messages" 57 | $CLIENT_CMD consume -n 3 -s $SUBSCRIPTION $TOPIC > /dev/null 58 | exit_if_error $? "Consuming messages failed" 59 | 60 | echo "Delete topic. Need to force delete because Beam maintains a producer." 61 | $ADM_CMD topics delete $TOPIC --force 62 | exit_if_error $? "Deleting the topic failed" 63 | 64 | # If we made it to here, all good 65 | exit 0 66 | 67 | --- 68 | apiVersion: v1 69 | kind: Pod 70 | metadata: 71 | name: "{{ .Release.Name }}-test-beam" 72 | annotations: 73 | "helm.sh/hook": test-success 74 | spec: 75 | containers: 76 | - name: "{{ template "pulsar.fullname" . }}-test-beam-plain-text" 77 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 78 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 79 | command: ["sh", "-c"] 80 | args: 81 | - > 82 | bin/apply-config-from-env.py conf/client.conf && 83 | /pulsar/tests/test.sh 84 | env: 85 | - name: webServiceUrl 86 | value: http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080/ 87 | - name: brokerServiceUrl 88 | value: pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6650/ 89 | volumeMounts: 90 | - name: test-scripts 91 | mountPath: /pulsar/tests 92 | 93 | # Do not restart containers after they exit 94 | restartPolicy: Never 95 | volumes: 96 | - name: test-scripts 97 | configMap: 98 | name: "{{ template "pulsar.fullname" . }}-beam-test-file" 99 | defaultMode: 0744 100 | {{- end }} 101 | {{- end }} 102 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/zoonavigator/zoonavigator-deployment.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.zoonavigator }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.zoonavigator.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.zoonavigator.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | spec: 32 | replicas: {{ .Values.zoonavigator.replicaCount }} 33 | selector: 34 | matchLabels: 35 | app: {{ template "pulsar.name" . }} 36 | release: {{ .Release.Name }} 37 | component: {{ .Values.zoonavigator.component }} 38 | template: 39 | metadata: 40 | labels: 41 | app: {{ template "pulsar.name" . }} 42 | release: {{ .Release.Name }} 43 | component: {{ .Values.zoonavigator.component }} 44 | cluster: {{ template "pulsar.fullname" . }} 45 | annotations: 46 | {{ toYaml .Values.zoonavigator.annotations | indent 8 }} 47 | spec: 48 | {{- if .Values.priorityClass.enabled }} 49 | priorityClassName: pulsar-priority 50 | {{- end }} 51 | {{- if .Values.zoonavigator.nodeAffinity }} 52 | affinity: 53 | nodeAffinity: 54 | {{ toYaml .Values.zoonavigator.nodeAffinity | indent 10 }} 55 | {{- end }} 56 | {{- if and (.Values.nodeSelector) (not .Values.zoonavigator.nodeSelector) }} 57 | nodeSelector: 58 | {{ toYaml .Values.nodeSelector | indent 8 }} 59 | {{- end }} 60 | {{- if .Values.zoonavigator.nodeSelector }} 61 | nodeSelector: 62 | {{ toYaml .Values.zoonavigator.nodeSelector | indent 8 }} 63 | {{- end }} 64 | {{- if .Values.zoonavigator.tolerations }} 65 | tolerations: 66 | {{ toYaml .Values.zoonavigator.tolerations | indent 8 }} 67 | {{- end }} 68 | terminationGracePeriodSeconds: {{ .Values.zoonavigator.gracePeriod }} 69 | containers: 70 | - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zoonavigator.component }}-web" 71 | image: "{{ .Values.zoonavigator.image.repository.web }}:{{ .Values.zoonavigator.image.tag }}" 72 | imagePullPolicy: {{ .Values.zoonavigator.image.pullPolicy }} 73 | {{- if .Values.zoonavigator.resources }} 74 | resources: 75 | {{ toYaml .Values.zoonavigator.resources | indent 10 }} 76 | {{- end }} 77 | ports: 78 | - name: http 79 | containerPort: 8001 80 | env: 81 | - name: API_HOST 82 | value: "localhost" 83 | - name: API_PORT 84 | value: "9001" 85 | - name: WEB_HTTP_PORT 86 | value: "8001" 87 | {{- if .Values.zoonavigator.autoConnect }} 88 | # Will set Zoonavigator to autoconnect to Zookeepers 89 | - name: AUTO_CONNECT_CONNECTION_STRING 90 | {{- if and .Values.enableTls .Values.tls.zookeeper.enabled }} 91 | value: {{ include "pulsar.zkConnectStringTls" . }} 92 | {{- else }} 93 | value: {{ include "pulsar.zkConnectString" . }} 94 | {{- end }} 95 | {{- end }} 96 | - name: "{{ template "pulsar.fullname" . }}-{{ .Values.zoonavigator.component }}-api" 97 | image: "{{ .Values.zoonavigator.image.repository.api }}:{{ .Values.zoonavigator.image.tag }}" 98 | imagePullPolicy: {{ .Values.zoonavigator.image.pullPolicy }} 99 | {{- if .Values.zoonavigator.resources }} 100 | resources: 101 | {{ toYaml .Values.zoonavigator.resources | indent 10 }} 102 | {{- end }} 103 | ports: 104 | - name: api 105 | containerPort: 9001 106 | env: 107 | - name: API_HTTP_PORT 108 | value: "9001" 109 | {{- end }} 110 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/admin-console/pulsar-admin-console-deployment.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.extra.pulsarAdminConsole }} 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }}" 23 | namespace: {{ .Release.Namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | component: {{ .Values.pulsarAdminConsole.component }} 30 | cluster: {{ template "pulsar.fullname" . }} 31 | spec: 32 | replicas: {{ .Values.pulsarAdminConsole.replicaCount | default 1 }} 33 | selector: 34 | matchLabels: 35 | app: {{ template "pulsar.name" . }} 36 | release: {{ .Release.Name }} 37 | component: {{ .Values.pulsarAdminConsole.component }} 38 | template: 39 | metadata: 40 | labels: 41 | app: {{ template "pulsar.name" . }} 42 | release: {{ .Release.Name }} 43 | component: {{ .Values.pulsarAdminConsole.component }} 44 | cluster: {{ template "pulsar.fullname" . }} 45 | annotations: 46 | checksum/dashboard: {{ include (print $.Template.BasePath "/admin-console/pulsar-admin-console-configmap.yaml") . | sha256sum }} 47 | {{- if .Values.pulsarAdminConsole.annotations }} 48 | {{ toYaml .Values.pulsarAdminConsole.annotations | indent 8 }} 49 | {{- end }} 50 | spec: 51 | {{- with .Values.imagePullSecrets }} 52 | imagePullSecrets: 53 | {{- toYaml . | nindent 8 }} 54 | {{- end }} 55 | serviceAccountName: "{{ template "pulsar.fullname" . }}-burnell" 56 | {{- if .Values.pulsarAdminConsole.tolerations }} 57 | tolerations: 58 | {{ toYaml .Values.pulsarAdminConsole.tolerations | indent 8 }} 59 | {{- end }} 60 | terminationGracePeriodSeconds: {{ .Values.pulsarAdminConsole.gracePeriod }} 61 | containers: 62 | - name: "{{ template "pulsar.fullname" . }}-pulsar-admin-console" 63 | image: "{{ .Values.image.pulsarAdminConsole.repository }}:{{ .Values.image.pulsarAdminConsole.tag }}" 64 | imagePullPolicy: {{ .Values.image.pulsarAdminConsole.pullPolicy }} 65 | {{- if .Values.pulsarAdminConsole.resources }} 66 | resources: 67 | {{ toYaml .Values.pulsarAdminConsole.resources | indent 10 }} 68 | {{- end }} 69 | ports: 70 | - name: http 71 | containerPort: 8080 72 | - name: https 73 | containerPort: 8443 74 | volumeMounts: 75 | - name: dashboardconfig 76 | mountPath: /home/appuser/config/local.json 77 | subPath: local.json 78 | {{- if .Values.enableTls }} 79 | - name: certs 80 | readOnly: true 81 | mountPath: /pulsar/certs 82 | {{- end }} 83 | {{- if .Values.enableTokenAuth }} 84 | - mountPath: "/pulsar/token-superuser" 85 | name: token-superuser 86 | readOnly: true 87 | {{- end }} 88 | {{- if .Values.enableTls }} 89 | env: 90 | - name: NODE_EXTRA_CA_CERTS 91 | value: /pulsar/certs/ca.crt 92 | {{- end }} 93 | volumes: 94 | - name: dashboardconfig 95 | configMap: 96 | name: {{ template "pulsar.fullname" . }}-{{ .Values.pulsarAdminConsole.component }} 97 | items: 98 | - key: local.json 99 | path: local.json 100 | {{- if .Values.enableTls }} 101 | - name: certs 102 | secret: 103 | secretName: {{ .Values.tls.pulsarAdminConsole.tlsSecretName | default .Values.tlsSecretName | quote }} 104 | {{- end }} 105 | {{- if .Values.enableTokenAuth }} 106 | - name: token-superuser 107 | secret: 108 | secretName: token-superuser 109 | {{- end }} 110 | {{- end }} 111 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/utils/certconverter-configmap.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTls }} 19 | apiVersion: v1 20 | kind: ConfigMap 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-certconverter-configmap" 23 | namespace: {{ .Values.namespace }} 24 | labels: 25 | app: {{ template "pulsar.name" . }} 26 | chart: {{ template "pulsar.chart" . }} 27 | release: {{ .Release.Name }} 28 | heritage: {{ .Release.Service }} 29 | cluster: {{ template "pulsar.fullname" . }} 30 | component: certconverter 31 | data: 32 | certconverter.sh: | 33 | #!/bin/bash 34 | name=pulsar 35 | crtFile=/pulsar/certs/tls.crt 36 | keyFile=/pulsar/certs/tls.key 37 | 38 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled }} 39 | caFile=/pulsar/certs/ca.crt 40 | {{- else }} 41 | caFile={{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }} 42 | {{- end }} 43 | p12File=/pulsar/tls.p12 44 | keyStoreFile=/pulsar/tls.keystore.jks 45 | trustStoreFile=/pulsar/tls.truststore.jks 46 | 47 | head /dev/urandom | base64 | head -c 24 > /pulsar/keystoreSecret.txt 48 | export tlsTrustStorePassword=$(cat /pulsar/keystoreSecret.txt) 49 | export PF_tlsTrustStorePassword=$(cat /pulsar/keystoreSecret.txt) 50 | export tlsKeyStorePassword=$(cat /pulsar/keystoreSecret.txt) 51 | export PF_tlsKeyStorePassword=$(cat /pulsar/keystoreSecret.txt) 52 | export PULSAR_PREFIX_brokerClientTlsTrustStorePassword=$(cat /pulsar/keystoreSecret.txt) 53 | 54 | openssl pkcs12 \ 55 | -export \ 56 | -in ${crtFile} \ 57 | -inkey ${keyFile} \ 58 | -out ${p12File} \ 59 | -name ${name} \ 60 | -passout "file:/pulsar/keystoreSecret.txt" 61 | 62 | keytool -importkeystore \ 63 | -srckeystore ${p12File} \ 64 | -srcstoretype PKCS12 -srcstorepass:file "/pulsar/keystoreSecret.txt" \ 65 | -alias ${name} \ 66 | -destkeystore ${keyStoreFile} \ 67 | -deststorepass:file "/pulsar/keystoreSecret.txt" 68 | 69 | keytool -import \ 70 | -file ${caFile} \ 71 | -storetype JKS \ 72 | -alias ${name} \ 73 | -keystore ${trustStoreFile} \ 74 | -storepass:file "/pulsar/keystoreSecret.txt" \ 75 | -trustcacerts -noprompt 76 | 77 | {{- if .Values.tls.zookeeper.enabled }} 78 | {{- if .Values.tls.zookeeper.configureKeystoreWithPasswordFile }} 79 | passwordArg="passwordPath=/pulsar/keystoreSecret.txt" 80 | {{- else }} 81 | passwordArg="password=$(cat /pulsar/keystoreSecret.txt)" 82 | {{- end }} 83 | 84 | echo $'\n' >> conf/pulsar_env.sh 85 | echo "PULSAR_EXTRA_OPTS=\"${PULSAR_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.${passwordArg} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.${passwordArg} -Dzookeeper.sslQuorum=true -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory -Dzookeeper.ssl.quorum.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.quorum.keyStore.${passwordArg} -Dzookeeper.ssl.quorum.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.quorum.trustStore.${passwordArg} -Dzookeeper.ssl.hostnameVerification={{ .Values.tls.zookeeper.enableHostnameVerification }} -Dzookeeper.ssl.quorum.hostnameVerification={{ .Values.tls.zookeeper.enableHostnameVerification }}\"" >> conf/pulsar_env.sh 86 | 87 | echo $'\n' >> conf/bkenv.sh 88 | echo "BOOKIE_EXTRA_OPTS=\"${BOOKIE_EXTRA_OPTS} -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=${keyStoreFile} -Dzookeeper.ssl.keyStore.${passwordArg} -Dzookeeper.ssl.trustStore.location=${trustStoreFile} -Dzookeeper.ssl.trustStore.${passwordArg} -Dzookeeper.ssl.hostnameVerification={{ .Values.tls.zookeeper.enableHostnameVerification }}\"" >> conf/bkenv.sh 89 | {{- end }} 90 | 91 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/tests/tls-beam-test.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.enableTests }} 19 | {{- if .Values.extra.pulsarBeam }} 20 | {{- if .Values.enableTls }} 21 | apiVersion: v1 22 | kind: ConfigMap 23 | metadata: 24 | name: "{{ template "pulsar.fullname" . }}-beam-test-file" 25 | data: 26 | test.sh: |- 27 | #!/bin/bash 28 | 29 | exit_if_error() { 30 | local exit_code=$1 31 | shift 32 | [[ $exit_code ]] && # do nothing if no error code passed 33 | ((exit_code != 0)) && { # do nothing if error code is 0 34 | printf 'ERROR: %s\n' "$@" >&2 # we can use better logging here 35 | exit "$exit_code" # we could also check to make sure 36 | # error code is numeric when passed 37 | } 38 | } 39 | 40 | ADM_CMD=/pulsar/bin/pulsar-admin 41 | PERF_CMD=/pulsar/bin/pulsar-perf 42 | CLIENT_CMD=/pulsar/bin/pulsar-client 43 | TOPIC=public/default/beamtest 44 | SUBSCRIPTION=sub 45 | 46 | echo "Create subscription" 47 | $ADM_CMD topics create-subscription -s $SUBSCRIPTION $TOPIC 48 | exit_if_error $? "Create subscription failed" 49 | 50 | echo "Send 3 messages using curl" 51 | curl -k -s -X POST -H "TopicFn: $TOPIC" -d "message 1" https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8085/v1/firehose 52 | curl -k -s -X POST -H "TopicFn: $TOPIC" -d "message 2" https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8085/v1/firehose 53 | curl -k -s -X POST -H "TopicFn: $TOPIC" -d "message 3" https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8085/v1/firehose 54 | exit_if_error $? "Sending e messages using curl failed" 55 | 56 | echo "Consume the messages" 57 | $CLIENT_CMD consume -n 3 -s $SUBSCRIPTION $TOPIC > /dev/null 58 | exit_if_error $? "Consuming messages failed" 59 | 60 | echo "Delete topic. Need to force delete because Beam maintains a producer." 61 | $ADM_CMD topics delete $TOPIC --force 62 | exit_if_error $? "Deleting the topic failed" 63 | 64 | # If we made it to here, all good 65 | exit 0 66 | 67 | --- 68 | apiVersion: v1 69 | kind: Pod 70 | metadata: 71 | name: "{{ .Release.Name }}-test-beam-tls" 72 | annotations: 73 | "helm.sh/hook": test-success 74 | spec: 75 | containers: 76 | - name: "{{ template "pulsar.fullname" . }}-test-beam-tls" 77 | image: "{{ .Values.image.bastion.repository }}:{{ .Values.image.bastion.tag }}" 78 | imagePullPolicy: {{ .Values.image.bastion.pullPolicy }} 79 | command: ["sh", "-c"] 80 | args: 81 | - > 82 | bin/apply-config-from-env.py conf/client.conf && 83 | /pulsar/tests/test.sh 84 | env: 85 | - name: webServiceUrl 86 | value: https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8443/ 87 | - name: brokerServiceUrl 88 | value: pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:6651/ 89 | {{- if or .Values.secrets .Values.createCertificates.selfSigned.enabled .Values.createCertificates.selfSignedPerComponent.enabled }} 90 | - name: tlsTrustCertsFilePath 91 | value: /pulsar/certs/ca.crt 92 | {{- else }} 93 | - name: tlsTrustCertsFilePath 94 | value: "{{ .Values.tlsCaPath }}/{{ .Values.tlsCaCert }}" 95 | {{- end }} 96 | volumeMounts: 97 | - name: test-scripts 98 | mountPath: /pulsar/tests 99 | - name: certs 100 | mountPath: /pulsar/certs 101 | # Do not restart containers after they exit 102 | restartPolicy: Never 103 | volumes: 104 | - name: test-scripts 105 | configMap: 106 | name: "{{ template "pulsar.fullname" . }}-beam-test-file" 107 | defaultMode: 0744 108 | - name: certs 109 | secret: 110 | secretName: "{{ .Values.tlsSecretName }}" 111 | {{- end }} 112 | {{- end }} 113 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/cert-manager/self-signed-issuer.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.createCertificates.selfSigned.enabled }} 19 | # Self signed issuer 20 | apiVersion: cert-manager.io/v1 21 | kind: Issuer 22 | metadata: 23 | name: "{{ template "pulsar.fullname" . }}-self-signed-issuer" 24 | namespace: "{{ .Release.Namespace }}" 25 | spec: 26 | selfSigned: {} 27 | --- 28 | # CA certificate from self-signed issuer 29 | apiVersion: cert-manager.io/v1 30 | kind: Certificate 31 | metadata: 32 | name: "{{ template "pulsar.fullname" . }}-ca-certificate" 33 | namespace: "{{ .Release.Namespace }}" 34 | spec: 35 | secretName: "{{ template "pulsar.fullname" . }}-ss-ca" 36 | commonName: "{{ template "pulsar.serviceDnsSuffix" . }}" 37 | usages: 38 | - server auth 39 | - client auth 40 | isCA: true 41 | issuerRef: 42 | name: "{{ template "pulsar.fullname" . }}-self-signed-issuer" 43 | --- 44 | # Issuer using the self-signed CA certificate 45 | apiVersion: cert-manager.io/v1 46 | kind: Issuer 47 | metadata: 48 | name: "{{ template "pulsar.fullname" . }}-ca-issuer" 49 | spec: 50 | ca: 51 | secretName: {{ template "pulsar.fullname" . }}-ss-ca 52 | --- 53 | # Self-signed certificate 54 | apiVersion: cert-manager.io/v1 55 | kind: Certificate 56 | metadata: 57 | name: "{{ template "pulsar.fullname" . }}-server-tls" 58 | namespace: {{ .Release.Namespace }} 59 | spec: 60 | secretName: {{ .Values.tlsSecretName }} 61 | # The wildcard names are needed to connect directly to the broker pods and will only work when the broker is deployed 62 | # as a StatefulSet. 63 | dnsNames: 64 | - "*.{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}.{{ template "pulsar.serviceDnsSuffix" . }}" 65 | - "*.{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}.{{ .Release.Namespace }}" 66 | - "*.{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}" 67 | - "{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}.{{ template "pulsar.serviceDnsSuffix" . }}" 68 | - "{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}.{{ .Release.Namespace }}" 69 | - "{{ template "pulsar.fullname" . }}-{{ .Values.brokerSts.component }}" 70 | - "{{ template "pulsar.fullname" . }}-proxy.{{ template "pulsar.serviceDnsSuffix" . }}" 71 | - "{{ template "pulsar.fullname" . }}-proxy.{{ .Release.Namespace }}" 72 | - "{{ template "pulsar.fullname" . }}-proxy" 73 | - "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}" 74 | - "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}-ca.{{ .Release.Namespace }}" 75 | - "{{ template "pulsar.fullname" . }}-{{ .Values.function.component }}-ca" 76 | {{- if .Values.createCertificates.selfSigned.includeDns }} 77 | - "{{ .Values.dnsName}}" 78 | {{- end }} 79 | issuerRef: 80 | name: "{{ template "pulsar.fullname" . }}-ca-issuer" 81 | {{- if .Values.keycloak.enabled }} 82 | keystores: 83 | jks: 84 | create: true 85 | # This password is created by the keycloak helm chart 86 | ## TODO It'd probably be better to use a different password here. 87 | passwordSecretRef: 88 | name: "{{ template "pulsar.keycloak.fullname" . }}" 89 | key: tls-keystore-password 90 | --- 91 | # Self-signed certificate 92 | apiVersion: cert-manager.io/v1 93 | kind: Certificate 94 | metadata: 95 | name: "{{ template "pulsar.fullname" . }}-keycloak-tls" 96 | namespace: {{ .Release.Namespace }} 97 | spec: 98 | secretName: "keycloak-{{ .Values.tlsSecretName }}" 99 | dnsNames: 100 | - "{{ template "pulsar.keycloak.fullname" . }}.{{ template "pulsar.serviceDnsSuffix" . }}" 101 | - "{{ template "pulsar.keycloak.fullname" . }}.{{ .Release.Namespace }}" 102 | - "{{ template "pulsar.keycloak.fullname" . }}" 103 | {{- if .Values.createCertificates.selfSigned.includeDns }} 104 | - "keycloak.{{ .Values.dnsName}}" 105 | {{- end }} 106 | keystores: 107 | jks: 108 | create: true 109 | # This password is created by the keycloak helm chart 110 | passwordSecretRef: 111 | name: "{{ template "pulsar.keycloak.fullname" . }}" 112 | key: tls-keystore-password 113 | issuerRef: 114 | name: "{{ template "pulsar.fullname" . }}-ca-issuer" 115 | {{- end }} 116 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/proxy/proxy-ingress.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.proxy.ingress.enabled }} 19 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 20 | apiVersion: extensions/v1beta1 21 | {{- else }} 22 | apiVersion: networking.k8s.io/v1 23 | {{- end }} 24 | kind: Ingress 25 | metadata: 26 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 27 | namespace: {{ .Release.Namespace }} 28 | labels: 29 | app: {{ template "pulsar.name" . }} 30 | chart: {{ template "pulsar.chart" . }} 31 | release: {{ .Release.Name }} 32 | heritage: {{ .Release.Service }} 33 | component: {{ .Values.proxy.component }} 34 | cluster: {{ template "pulsar.fullname" . }} 35 | annotations: 36 | {{- if .Values.enableTls }} 37 | ingress.kubernetes.io/protocol: https 38 | {{- end }} 39 | traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip 40 | {{- if .Values.proxy.ingress.annotations }} 41 | {{ toYaml .Values.proxy.ingress.annotations | indent 4 }} 42 | {{- end }} 43 | spec: 44 | rules: 45 | - host: {{ .Values.proxy.ingress.host }} 46 | http: 47 | paths: 48 | - path: / 49 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 50 | backend: 51 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 52 | {{- if .Values.enableTls }} 53 | servicePort: 8443 54 | {{- else }} 55 | servicePort: 8080 56 | {{- end }} 57 | {{- else }} 58 | pathType: ImplementationSpecific 59 | backend: 60 | service: 61 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 62 | port: 63 | {{- if .Values.enableTls }} 64 | number: 8443 65 | {{- else }} 66 | number: 8080 67 | {{- end }} 68 | {{- end }} 69 | {{- if .Values.proxy.ingress.enableWebSocket }} 70 | - path: /ws 71 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 72 | backend: 73 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 74 | {{- if .Values.enableTls }} 75 | servicePort: {{ .Values.proxy.ingress.wssPortOnProxy }} 76 | {{- else }} 77 | servicePort: 8000 78 | {{- end }} 79 | {{- else }} 80 | pathType: ImplementationSpecific 81 | backend: 82 | service: 83 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 84 | port: 85 | {{- if .Values.enableTls }} 86 | number: {{ .Values.proxy.ingress.wssPortOnProxy }} 87 | {{- else }} 88 | number: 8000 89 | {{- end }} 90 | {{- end }} 91 | {{- end }} 92 | {{- if .Values.proxy.ingress.enableBurnell }} 93 | - path: /br 94 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 95 | backend: 96 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 97 | servicePort: 8964 98 | {{- else }} 99 | pathType: ImplementationSpecific 100 | backend: 101 | service: 102 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" 103 | port: 104 | number: 8964 105 | {{- end }} 106 | {{- end }} 107 | {{- if .Values.broker.ingress.enabled }} 108 | - path: /broker 109 | {{- if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version }} 110 | backend: 111 | serviceName: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" 112 | {{- if .Values.enableTls }} 113 | servicePort: 8443 114 | {{- else }} 115 | servicePort: 8080 116 | {{- end }} 117 | {{- else }} 118 | pathType: ImplementationSpecific 119 | backend: 120 | service: 121 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" 122 | port: 123 | {{- if .Values.enableTls }} 124 | number: 8443 125 | {{- else }} 126 | number: 8080 127 | {{- end }} 128 | {{- end }} 129 | {{- end }} 130 | {{- end }} 131 | -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/cert-manager/acme-issuer.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | 18 | {{- if .Values.createCertificates.acme.enabled }} 19 | apiVersion: cert-manager.io/v1 20 | kind: Certificate 21 | metadata: 22 | name: "{{ template "pulsar.fullname" . }}-server-tls" 23 | namespace: {{ .Release.Namespace }} 24 | spec: 25 | secretName: {{ .Values.tlsSecretName }} 26 | issuerRef: 27 | name: "{{ template "pulsar.fullname" . }}-acme-issuer" 28 | kind: Issuer 29 | commonName: "{{ .Values.dnsName}}" 30 | dnsNames: 31 | - "{{ .Values.dnsName}}" 32 | --- 33 | {{- if .Values.createCertificates.acme.httpSolver.enabled }} 34 | apiVersion: cert-manager.io/v1 35 | kind: Issuer 36 | metadata: 37 | name: "{{ template "pulsar.fullname" . }}-acme-issuer" 38 | spec: 39 | acme: 40 | email: {{ .Values.createCertificates.acme.email }} 41 | server: {{ .Values.createCertificates.acme.server }} 42 | privateKeySecretRef: 43 | name: "{{ template "pulsar.fullname" . }}-acme-key" 44 | solvers: 45 | - http01: 46 | ingress: 47 | class: {{ .Values.createCertificates.acme.httpSolver.ingressClass }} 48 | --- 49 | {{- end }} 50 | {{- if .Values.createCertificates.acme.azureDns.enabled }} 51 | apiVersion: cert-manager.io/v1 52 | kind: Issuer 53 | metadata: 54 | name: "{{ template "pulsar.fullname" . }}-acme-issuer" 55 | spec: 56 | acme: 57 | email: {{ .Values.createCertificates.acme.email }} 58 | server: {{ .Values.createCertificates.acme.server }} 59 | privateKeySecretRef: 60 | name: "{{ template "pulsar.fullname" . }}-acme-key" 61 | solvers: 62 | - dns01: 63 | azureDNS: 64 | clientID: {{ .Values.createCertificates.acme.azureDns.clientId }} 65 | clientSecretSecretRef: 66 | name: {{ .Values.createCertificates.acme.azureDns.clientSecretName }} 67 | key: {{ .Values.createCertificates.acme.azureDns.clientSecretKey }} 68 | subscriptionID: {{ .Values.createCertificates.acme.azureDns.subscriptionId }} 69 | tenantID: {{ .Values.createCertificates.acme.azureDns.tenantId }} 70 | resourceGroupName: {{ .Values.createCertificates.acme.azureDns.resourceGroupName }} 71 | hostedZoneName: {{ .Values.createCertificates.acme.azureDns.dnsZone }} 72 | environment: AzurePublicCloud 73 | --- 74 | {{- end }} 75 | {{- if .Values.createCertificates.acme.awsDns.enabled }} 76 | apiVersion: cert-manager.io/v1 77 | kind: Issuer 78 | metadata: 79 | name: "{{ template "pulsar.fullname" . }}-acme-issuer" 80 | spec: 81 | acme: 82 | email: {{ .Values.createCertificates.acme.email }} 83 | server: {{ .Values.createCertificates.acme.server }} 84 | privateKeySecretRef: 85 | name: "{{ template "pulsar.fullname" . }}-acme-key" 86 | solvers: 87 | - dns01: 88 | route53: 89 | region: {{ .Values.createCertificates.acme.awsDns.region }} 90 | accessKeyID: {{ .Values.createCertificates.acme.awsDns.accessKey }} 91 | secretAccessKeySecretRef: 92 | name: {{ .Values.createCertificates.acme.awsDns.accessSecretName }} 93 | key: {{ .Values.createCertificates.acme.awsDns.accessSecretKey }} 94 | --- 95 | {{- end }} 96 | {{- if .Values.createCertificates.acme.gcpDns.enabled }} 97 | apiVersion: cert-manager.io/v1 98 | kind: Issuer 99 | metadata: 100 | name: "{{ template "pulsar.fullname" . }}-acme-issuer" 101 | spec: 102 | acme: 103 | email: {{ .Values.createCertificates.acme.email }} 104 | server: {{ .Values.createCertificates.acme.server }} 105 | privateKeySecretRef: 106 | name: "{{ template "pulsar.fullname" . }}-acme-key" 107 | solvers: 108 | - dns01: 109 | cloudDNS: 110 | project: {{ .Values.createCertificates.acme.gcpDns.projectId }} 111 | serviceAccountSecretRef: 112 | name: {{ .Values.createCertificates.acme.gcpDns.secretName }} 113 | key: {{ .Values.createCertificates.acme.gcpDns.secretKey }} 114 | --- 115 | {{- end }} 116 | {{- if .Values.createCertificates.acme.digitalOceanDns.enabled }} 117 | apiVersion: cert-manager.io/v1 118 | kind: Issuer 119 | metadata: 120 | name: "{{ template "pulsar.fullname" . }}-acme-issuer" 121 | spec: 122 | acme: 123 | email: {{ .Values.createCertificates.acme.email }} 124 | server: {{ .Values.createCertificates.acme.server }} 125 | privateKeySecretRef: 126 | name: "{{ template "pulsar.fullname" . }}-acme-key" 127 | solvers: 128 | - dns01: 129 | digitalocean: 130 | tokenSecretRef: 131 | name: {{ .Values.createCertificates.acme.digitalOceanDns.secretName }} 132 | key: {{ .Values.createCertificates.acme.digitalOceanDns.secretKey }} 133 | --- 134 | {{- end }} 135 | {{- end }} -------------------------------------------------------------------------------- /helm-chart-sources/pulsar/templates/broker-deployment/broker-transactions-metadata.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 DataStax, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # 17 | {{- if .Values.extra.broker }} 18 | {{- if and .Values.broker.transactionCoordinator.enabled 19 | (or .Release.IsInstall .Values.initialize .Values.broker.transactionCoordinator.initialize) }} 20 | apiVersion: batch/v1 21 | kind: Job 22 | metadata: 23 | name: "{{ template "pulsar.fullname" . }}-{{ .Values.brokerTransactionsMetadata.component }}" 24 | namespace: {{ .Release.Namespace }} 25 | labels: 26 | app: {{ template "pulsar.name" . }} 27 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 28 | release: {{ .Release.Name }} 29 | heritage: {{ .Release.Service }} 30 | component: {{ .Values.brokerTransactionsMetadata.component }} 31 | cluster: {{ template "pulsar.fullname" . }} 32 | spec: 33 | template: 34 | spec: 35 | dnsConfig: 36 | {{ toYaml .Values.dnsConfig | indent 8 }} 37 | {{- if .Values.broker.nodeAffinity }} 38 | affinity: 39 | nodeAffinity: 40 | {{ toYaml .Values.broker.nodeAffinity | indent 10 }} 41 | {{- end }} 42 | {{- if and (.Values.nodeSelector) (not .Values.broker.nodeSelector) }} 43 | nodeSelector: 44 | {{ toYaml .Values.nodeSelector | indent 8 }} 45 | {{- end }} 46 | {{- if .Values.broker.nodeSelector }} 47 | nodeSelector: 48 | {{ toYaml .Values.broker.nodeSelector | indent 8 }} 49 | {{- end }} 50 | {{- if .Values.broker.tolerations }} 51 | tolerations: 52 | {{ toYaml .Values.broker.tolerations | indent 8 }} 53 | {{- end }} 54 | {{- if .Values.enableTls }} 55 | volumes: 56 | - name: certs 57 | secret: 58 | secretName: {{ .Values.tls.broker.tlsSecretName | default .Values.tlsSecretName | quote }} 59 | - name: certconverter 60 | configMap: 61 | name: "{{ template "pulsar.fullname" . }}-certconverter-configmap" 62 | defaultMode: 0755 63 | {{- end }} 64 | initContainers: 65 | - name: wait-broker-ready 66 | image: "{{ .Values.image.broker.repository }}:{{ .Values.image.broker.tag }}" 67 | imagePullPolicy: {{ .Values.image.broker.pullPolicy }} 68 | {{- if .Values.enableTls }} 69 | volumeMounts: 70 | - name: certs 71 | readOnly: true 72 | mountPath: /pulsar/certs 73 | - name: certconverter 74 | mountPath: /pulsar/tools 75 | {{- end }} 76 | command: ["sh", "-c"] 77 | args: 78 | - >- 79 | {{- if .Values.enableTls }} 80 | until curl --connect-timeout 5 --cacert /pulsar/certs/ca.crt https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8443; do 81 | {{- else }} 82 | until curl --connect-timeout 5 http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}.{{ template "pulsar.serviceDnsSuffix" . }}:8080; do 83 | {{- end }} 84 | sleep 3; 85 | done; 86 | containers: 87 | - name: "{{ template "pulsar.fullname" . }}-{{ .Values.brokerTransactionsMetadata.component }}" 88 | image: "{{ .Values.image.broker.repository }}:{{ .Values.image.broker.tag }}" 89 | imagePullPolicy: {{ .Values.image.broker.pullPolicy }} 90 | {{- if .Values.enableTls }} 91 | volumeMounts: 92 | - name: certs 93 | readOnly: true 94 | mountPath: /pulsar/certs 95 | - name: certconverter 96 | mountPath: /pulsar/tools 97 | {{- end }} 98 | {{- if .Values.brokerTransactionsMetadata.resources }} 99 | resources: 100 | {{ toYaml .Values.brokerTransactionsMetadata.resources | indent 10 }} 101 | {{- end }} 102 | command: ["sh", "-c"] 103 | args: 104 | - | 105 | {{- if .Values.enableTls }} 106 | /pulsar/tools/certconverter.sh && 107 | {{- end }} 108 | bin/pulsar initialize-transaction-coordinator-metadata \ 109 | --cluster {{ template "pulsar.fullname" . }} \ 110 | {{- if .Values.tls.zookeeper.enabled }} 111 | --configuration-store {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2281 \ 112 | {{- else }} 113 | --configuration-store {{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}-ca.{{ template "pulsar.serviceDnsSuffix" . }}:2181 \ 114 | {{- end }} 115 | --initial-num-transaction-coordinators {{ .Values.broker.transactionCoordinator.initialCount }} \ 116 | ; 117 | restartPolicy: OnFailure 118 | {{- end }} 119 | {{- end }} 120 | --------------------------------------------------------------------------------